By David Wiseman (Administrator)published 14 May 2008, modified 02 Mar 2009
My Rating:
Not Rated

Auditing access to your servers with ObserveIT


Many companies invest a fortune to protect their networks, servers, applications and information. Such protection is usually targeted at controlling who can access the network and servers, what they can do with information and services once they gain access to these servers, and in preventing malicious users from causing damage. Other efforts concentrate on prevention of hardware failures and maintaining high availability for mission critical applications and services.

However, all these technologies lack one basic feature: They don’t always protect us from one of the most common causes of failure - human error. The question “who changed what and when?” is often asked when an application or server starts misbehaving, and, unfortunately it usually goes unanswered. To get satisfactory answers one needs to go through a painstaking troubleshooting process, and even then, an answer for a simple question such as “who did it” remains unanswered. It would be really good if you could see who logged onto the server, which applications were accessed and what settings were changed. This is where ObserveIT ( software comes to view.

ObserveIT - Video Playback 

ObserveIT acts like a video surveillance system for your servers, recording what people are doing when they are accessing your servers. However, unlike a video camera that captures “dummy” videos that you must slowly review minute by minute in order to see if anything was done on the server, ObserveIT actually “knows” what’s seen on the screen, and indexes that information as metadata that is attached to each frame in the video. This way, by using a simple to use web interface with powerful searching capabilities, you can easily perform textual searches even within videos, similar to browsing through chapters of a DVD movie. The web interface gives you both a server and a user diary. You can track recent activity on a particular server or you might want to see which servers have been accessed by a particular user and what applications were used. If you want to investigate further, you can click a link to display a video of the user’s session. The web interface is also a single point of administration for the agent software. While evaluating the software I was amazed to see that by using a single keyboard click you could get crucial information about where a specific application was accessed, who last touched it, and what that person did before and after they made that change. No existing software can give you that sort of control!

ObserveIT - User Diary View 

The use of this software will almost certainly reduce the downtime associated with human errors. The knowledge that your every action is being recorded is going to make people very careful about making configuration changes to servers. Also, when a configuration change causes a problem, it will be identified and corrected faster with ObserveIT. Imagine finding out that one of your administrators made a configuration mistake on one of your servers. Instead of having to wait till the same problem arises on other servers, or having to manually logging on and checking hundreds of servers just to see if the same error has been made on them, with ObserveIT you can press a keyboard button and immediately see where else the same screen was accessed by that administrator.

As well as improved accountability, the software also helps reduce downtime by use of sticky notes – a handy system that can warn people about actions that are likely to have an impact on your server or application.

  ObserveIT Sticky Note warning about editing the registry

ObserveIT does not record at the protocol level, that is why it captures any user session, including local logon, RDP, Terminal Services, Citrix, VNC and so on.

You might be wondering what the resource impact of such a system will have on your monitored servers. The agent software is surprisingly lightweight and you can configure what the agent records to minimize the impact on your servers. Although it records everything by default, by using a policy configuration you can choose to record only specific applications or user, or exclude activity from certain applications or user. The software doesn’t record anything unless a user is actively using the system – idle time is not recorded. The company has obviously put a lot of thought into the resource use and the scalability of their system.

To get a better idea of how the software works, you might want to take a look at this video link. Like any good software company, ObserveIT allows you to try before you buy – download it and see how good it is yourself! Installation is done with just a few mouse clicks, and has no performance impact on existing servers or on your network.