|At a Glance|
|Product||Cisco OnPlus [Website]|
|Summary||Cloud based network management and monitoring appliance and service|
|Pros||• Automatic network topology mapping
• Cloud-based network monitoring
• Device inventory reports
• Easy remote access with no port mapping required
• Very affordable (< $5/mo.)
|Cons||• Auto topology result will need manual tweaking
• Some reports need work
• Remote access not supported on all devices
Today I’m reviewing Cisco’s OnPlus network monitoring and management service. OnPlus is a combination of a cloud-based service providing network visibility, tools and data and a small network appliance that monitors its attached network and feeds the data to the cloud, unimpeded by router firewalls. OnPlus has been available to the Cisco partner community since July 2011 and was formally announced in December of 2011.
The target market for OnPlus is Cisco partners, to help them build and develop a managed service business. Cisco requires OnPlus users to already be Cisco registered partners or willing to become one. But don ‘t let that scare you—I was able to create a Cisco account and apply to be a Cisco partner over the web, all for free and with no wait for approval.
The physical OnPlus device, referred to as the ON100 Network Agent, measures approximately 5.6” wide x 6.6” deep x 1.5” high. The case is lightweight plastic and passively cooled.
Cisco ON100 Network Agent
On the front are the indicator lights, shown below.
ON100 front panel
The back of the device contains the power port, power switch, dual Gigabit Ethernet ports, an SD card slot and a USB port, shown below. The ON100 can be powered via 802.3af Power over Ethernet (PoE) or via the external power adapter that comes with the device.
ON100 rear panel
The ON100 is powered by a 1.6 GHz Marvell 6282 SoC joined with 512 MB of RAM and 512 MB of flash. A shot of the main board is shown below. Presently, the ON100 has no bulk storage capability, as all data is stored in the cloud. However, there is an SD card slot and USB port (photo lower left) for future enhancements. The SD card is intended for application storage and the USB port is intended for additional storage.
Getting set up with OnPlus is very easy and summarized in the graphic below taken from the OnPlus Service data sheet page. Out of the box, the ON100 is preconfigured to talk to the Cisco OnPlus portal. Before you plug it in, the instructions direct you to create an account on the OnPlus website.
OnPlus setup summary
Creating an account on the portal is a matter of completing a few pages of information. A requirement to creating an on-plus account is having a cisco.com account. This is also free; it is just a matter of registering on Cisco’s website.
With your account created, connect the OnPlus device to your LAN. Once connected, the device will get an IP address on your LAN via DHCP then contact and connect to the portal. Since the ON100 lives on your LAN, it can initiate outbound connections to connect to its mothership. No port forwarding or UPnP support is required in your router for the ON100 to connect.
Of course, if you run a tight network with a firewall configured to pass traffic only for devices and services that you allow, you’ll have to authorize the ON100 to phone home. The diagram below taken from this Cisco whitepaper describing OnPlus’ security architecture, illustrates OnPlus’ communication flow.
OnPlus communications flow
Configuring the ON100 and OnPlus service was relatively straightforward, once I got my head around it. The ON100 isn’t a router, switch, or server. It’s a cloud-connected network appliance that is controlled by configurations you apply in the cloud. Thus, a lot (most?) of the intelligence in this system is in the cloud.
There are two places for applying configurations; the ON100 itself and the portal. The ON100 is configurable via browsing to its local IP address. It has a simple menu for status, maintenance, and configuration. These menus provide options to view status, reboot or reset, and modify basic network settings. In my tests, I didn’t apply a single config to the ON100 device; I entered all configurations in the OnPlus portal. Below is a screen shot of the ON100 status screen.
ON100 local status
As you can see in the screenshot below, I have my ON100 device up and communicating to the OnPlus portal. I created my OnPlus account under the name SmallNetBuilder, then created a customer called ReidNet associated to my OnPlus device.
ON100 cloud portal
The menus across the top are Overview, Notifications, Reports, Agents and Cisco. The Overview menu presents the screen shown above. The Notifications menu allows you to define the message types to deliver to a specific email address. The Reports menu allows for creating and viewing various reports. The Agent menu provides tools for creating additional users of the portal. Finally, the Cisco menu provides useful details about Cisco network devices being monitored by OnPlus such as warranty, end of life, and the availability of firmware updates.
For example, one of the devices I have on my test network is a Cisco SG200 switch. The OnPlus Warranty Information menu automatically determined the device model and serial number and displayed its warranty start and end dates, shown below.
Sample device warranty information
Three additional options in the portal are for Account, Support, and Documentation. The Account menu allows you to adjust your OnPlus Account details, the Support menu opens a web-based forum for posting questions and reviewing comments from other OnPlus users, and the Documentation menu brings up a web page with the OnPlus manual covering portal configuration options. I found the OnPlus manual quite useful. You can download a PDF of the User guide here.
Additional menus become available once you click on a customer. ReidNet is the customer I created for this review. As mentioned, the OnPlus product is targeted at Cisco partners who will hopefully purchase multiple OnPlus services for deployment at each of their customer sites. Clicking on an individual customer brings up the topology diagram of that customer’s network.
When troubleshooting a network, I find a topology diagram to be a valuable starting point. For me, having a picture of the network makes alarms and/or fault indicators far easier to understand and determine a course of action. Creating a topology map and keeping it current, however, is time consuming. Thus, I found one of the most useful aspects of OnPlus is its topology mapping capability.
The ON100 automatically goes out and searches for all connected devices on the network, regardless of manufacturer. Numerous discovery protocols are used, including Bonjour, Universal Plug and Play (UPnP), Cisco Discovery Protocol (CDP), Address Resolution Protocol (ARP), Dynamic Host Configuration Protocol (DHCP), Internet Control Message Protocol (ICMP), NetBIOS, Server Message Block/Common Internet File System (SMB/CIFS), Service Location Protocol (SLP), and Windows Management Interface (WMI).
OnPlus has “enhanced support” for certain Cisco devices as listed in this compatibility list. Enhanced support means things like an icon that matches the device on the topology diagram plus additional monitoring and management options. In my test, the only Cisco device I used from the compatibility list was a Cisco RV042 router. I also used a Cisco SG500 switch listed as “coming soon” on the compatibility list, plus a Cisco SG200 switch and a Cisco WAP321 wireless access point.
Cisco states it can take 10-20 minutes for the ON100 to complete full network discovery. I didn’t put a stopwatch on it, but I’d guess it took less than 10 minutes for the device to map the test network used for this review. The OnPlus device is continuously polling your network, so it will add devices to the topology map as they are discovered.
Shown below is a topology image of my test network, as initially discovered by OnPlus. As you can see, OnPlus has detected 26 devices and displayed them in a tree diagram. The top of that tree is a Cisco RV042 router.
Autogenerated network topology map
The different rows in the diagram imply different portions of the network topology. I found the automatic OnPlus diagram didn’t initially produce a completely accurate topology. The RV042 is on top as it should be, but connectivity between the switches and wireless network weren’t accurately depicted.
The diagram should show the RV042 on the top row and a Cisco SG200 in the second row. The third row should show multiple devices connected to the SG200, including a Cisco SG500 switch and a NETGEAR GS108T switch. The fourth row should show end devices connected to the SG500 and GS108T, including a Cisco WAP321 connected to the SG500. Finally, the fifth row should show wireless devices connected to the WAP321.
Modifying the topology map to accurately depict your network is point and click, but took me a minute to get used to. First, you click on the device you want to move. Then, you click on the device you want it to connect to and click the topology option. This moves the device to its parent in the topology. My test network topology after I reorganized it in the OnPlus portal is shown below.
Manually tweaked network topology map
In the above topology, all of my devices are on the same VLAN. However, OnPlus can detect devices in multiple VLANs if the ON100 is connected to a standard 802.1q trunk port. No configuration on the device or portal is required for this to work. When the ON100 detects it is connected to an 802.1q trunk, it will create a sub-interface for each VLAN, acquire an IP address on the corresponding subnet, and perform network discovery over each VLAN.
I successfully tested multi-VLAN capability by configuring the port on the SG500 connected to the ON100 as an 802.1q trunk with membership in multiple VLANs. I then added another router with its DHCP server enabled to a different VLAN on the SG500 to see if OnPlus would get a second IP from another subnet. I had to reboot the ON100 to kick start it into finding the other VLAN. But after the reboot, the ON100 had an IP address from both the original and new subnet and successfully discovered devices in both VLANs.
OnPlus provides a lot of options for device management. OnPlus will discover virtually any device on a network with a MAC and/or IP address. If OnPlus doesn’t discover a device, it can be manually added.
The discovery capability of OnPlus appears to leverage device MAC addresses. The first 6 digits of a device’s MAC identify the manufacturer, and OnPlus uses this information to make a “best guess” on what type of device it is.
I found it necessary to manually update many of my devices in the topology map. I changed the device icon and device name on the topology of many devices to more accurately depict the device. For example, I changed the icons on the PCs in my topology to reflect which ones were laptops and which were desktops. OnPlus has 50 different device icons, as well as five different categories for classifying devices on a network.
Once a device is discovered, it remains on the topology map even if it is offline. OnPlus puts a “?” on devices that are currently not available. Further, it appears that OnPlus tracks devices by MAC, because it automatically updates a device’s IP if it changes due to DHCP, instead of adding a new device.
Clicking on a device’s icon on the topology map brings up a considerable number of options. Below is a shot of the SG500 expanded from the OnPlus topology map.
Device settings page
As you can see, OnPlus accurately detected the device type and icon, as you would expect since it is a Cisco device. Interestingly, OnPlus also detected a NETGEAR ReadyNAS and applied a NETGEAR icon, but did not do the same with a NETGEAR GS108T switch.
Notice the menu bar across the top in the device page shown above. These are the device management options. Some devices will have more menu options than others, depending on the detected device capability.
In these menus, a network administrator can enter the device log on credentials, remotely connect to the device, view a summary of detected information about the device, configure multiple different monitors on the device, view events/alarms from the device, perform backups, upload firmware, and add notes about the device.
OnPlus’ remote connectivity is very handy. Since OnPlus is cloud based, the portal is available anywhere you have Internet access.
It’s convenient to be able to look at a network topology diagram and connect to a device from that diagram. Remote connection options include web page access (port 80 or 443), Remote Desktop Protocol (RDP), Virtual Network Computing (VNC), and Generic Connection capability for SSH or Telnet connectivity.
Cisco’s OnPlus manual advises “Support for remote connections to third-party devices and Cisco devices that are fully supported by OnPlus is limited.” The manual goes on to list multiple other caveats, such that only one remote connection can be up at a time and the connection will terminate if idle for more than 10 minutes. The take away here is OnPlus is not designed to replace other remote access technologies such as a VPN tunnel. But it can be a useful tool for remotely managing a network.
I successfully tested OnPlus’ remote access to several Cisco devices and was able to RDP to a Windows laptop on my test network via OnPlus. However, connectivity wasn’t straightforward with some other devices, and I couldn’t connect to some devices on my test network.
For example, NETGEAR’s ReadyNAS configuration GUI is accessible via https://ip/admin. I didn’t see an option in OnPlus to configure the /admin portion of the path, but was able to manually adjust the path once the connection screen was presented. You can see the connection options screen OnPlus provided for the ReadyNAS below. On the other hand, I couldn’t connect at all to a NETGEAR GS108T switch via OnPlus.
Connect options screen
Various different monitors can be configured on each device. The ON100 device runs multiple monitors by default, including monitors for WAN Network Performance, Duplicate IPs, DHCP servers, DNS Servers, as well as CPU Load and Memory Usage on the ON100. A complete list of device monitors and alerts is shown in the table below pulled from the OnPlus data sheet. Some of the alerts, like jitter loss, packet loss and latency depend on a device’s ability to generate them.
Supported device monitors and alerts
Since OnPlus is a cloud based service, an email can be sent from the OnPlus portal in the event a customer’s Internet connection fails, such as the email shown below.
Monitors can also be set up to check DHCP, DNS, Performance and Up/Down status via ICMP, Email Servers (IMAP, POP3, SMTP), IP changes, Web Servers (HTTP, HTTPS), SSL Certificates, TCP or UDP ports, as well as Intelligent Platform Management Interface (IPMI) and Windows Management Instrumentation (WMI).
A simple monitor available via OnPlus is an ICMP monitor which pings a device and send an alert if the ping fails.
I set up a monitor to ping one of my VoIP devices, which produced a Critical Alert, shown below, when the device stopped responding to pings.
Critical alert for ICMP monitor failure
Reports and Applications
OnPlus has numerous reports available that can be generated ad hoc or automatically generated daily, weekly, or monthly. Reports include a Customer List, Customer Inventory, Event History, Executive Summary, and a Notification History. Reports are available for download from the portal, or can be configured for automatic email delivery.
For example, I ran the Customer Inventory report which has options to report on Device Categories, Device Summaries, Device Details and Market Share. This report produced a summary listing all devices on my test topology by IP address, Name, MAC address, and firmware revision if detected.
Cisco also makes available several different applications to complement the OnPlus service. Most of them are listed as free. I wouldn’t be surprised if they eventually convert to fee based as the OnPlus product grows. Table 1 is a listing of the available applications for OnPlus.
|Ntop Packet Monitoring||Free||Starts the ntop application to analyze traffic on the MON port of the ON100 Network Agent|
|OnPlus Wireless Management||Free||Free for a limited time. Enables enhanced wireless management.|
|Autotask Ticketing||Free||Enables the Cisco OnPlus Portal to create tickets in your Autotask account.|
|ConnectWise Ticketing||Free||Enables the Cisco OnPlus Portal to create tickets in your ConnectWise account.|
|Kaseya Service Desk||Free||Enables the Cisco OnPlus Portal to create tickets in your Kaseya account.|
|AIRMAGNET Planner for Cisco Small Business||Fee based||Takes the guesswork out of designing wireless networks by allowing you to accurately plan, place, and configure access points for successful deployments. Available to Cisco Partners at an attractive price.|
Table 1: OnPlus apps
I played around with the Ntop application, which leverages the MON port on the ON100. Recall from earlier in this review that the ON100 has two Ethernet ports. Only the LAN port needs to be connected for most of the OnPlus functionality. However, if the MON port is connected to a switch port configured for port mirroring, the Ntop application will provide summaries of the traffic flows going through the mirrored port.
I set up the SG500 switch to mirror all traffic coming from the WAP321 access point and direct the mirrored traffic to a port connected to the ON100 MON port. With the Ntop application installed, which is just a couple clicks in the portal, there is a separate Ntop portal for viewing reports on traffic flows including data on host activity and protocol summaries, as well as numerous other reports.
Shown below is partial output from the Network Traffic report by Host for all traffic sent and received.. The Ntop application appears to be a work in progress, because it produces a lot of unnecessary information. So I exported the data to a spreadsheet and deleted the less-interesting data to produce the table below showing information about traffic flows going to and from the WAP321.
Massaged Ntop output
At the time this snapshot was taken, the device with IP 192.168.199.107 must have been surfing the web, generating 108.4 MB of HTTP traffic.
Pricing and Conclusion
OnPlus and Jump Node have a lot in common. Automatic device discovery, web/cloud based management and remote access to devices are offered by both products. Both products are also targeted at managed service providers instead of end-users.
I’m sure Jump Node’s product has evolved significantly since 2007. so it wouldn’t be fair to compare the 2007 Jump Node product to today’s OnPlus product. On the other hand, a look at Jump Node’s current pricing options is relevant. Jump Node has multiple pricing models from a limited free product to more expensive monthly service charges ranging from $49 per month to $199 per month based on the number of devices being monitored.
As mentioned in the introduction, OnPlus is targeted primarily at Cisco partners. But since anyone can easily partner up, OnPlus can be used by anyone with a small-to-mid-sized network to manage and monitor. Cisco has also made it easy to purchase OnPlus by bundling each ON100 appliance with a three-year OnPlus Service subscription, limited lifetime hardware warranty and no other service contract needed. With lowest street pricing around $172 (from Amazon), that works out to less than $5 per month. After the initial three years is up, renewal costs $50/year for each ON100.
What makes this even a sweeter deal is that Cisco doesn’t impose a per-device charge. In fact, Cisco says there is "no known limit to the number of devices that OnPlus can manage on a network". And a single ON100 can be moved from site-to-site to troubleshoot or temporarily monitor a troublesome network. Just create another customer entry and OnPlus will remember each one unless you delete it. If you then want to be able to simultaneously monitor multiple sites, just add more ON100’s.
In all, I found the OnPlus service quite useful. If I’m in business to manage customer networks, having a topology map, reporting capabilities, and various other network tools available via the web would be highly valuable. With the ON100 appliance deployed at a customer site, I’m sure I’d be better equipped to remotely manage my customers’ networks. And as less than five bucks a month, it would pay for itself quickly. Cisco even provides an ROI tool to help its partners calculate how to make money with the product.
In my experience working at an Internet Telephony Service Provider, I frequently encounter customers who could really use the tools provided by OnPlus. We have quite a few customers who have limited understanding of their network, and thus it is difficult for us to integrate our products into their existing network. It would be great if they all had OnPlus!