Device Monitoring - icom Connectivity Suite

The monitoring function serves for monitoring and ensuring the availability of all participants in the VPN network (network monitoring). Various options for checking the connection are available. The checks and hosts can be added and managed on the Monitoring tab. Hosts are all network devices that can be addressed via an IP address in the VPN network. These are VPN participants (routers, PCs, tablets, etc.) itself and the devices in the network (control network, OT) behind the routers (controls, panel PCs, HMIs, data loggers, measurement devices, Condition Monitoring or Edge Computing devices, etc.).

If a connection check fails, a failure report will be sent to a configured e-mail address. As soon as this check is successful again, another e-mail will be sent that informs about the re-establishment of the connection.

Checks are not affected by possible communication rules.

Five checks can be added per valid VPN licence and these checks can be distributed across all devices and are not restricted to the device assigned to the respective licence. The number of hosts is not restricted.

The checks of the types PING, HTTP and HTTPS cause data traffic on the VPN connection. The checks of the type VPN do not cause additional data traffic since the continuous tunnel monitoring is evaluated on the VPN server.

Also refer to the network monitoring FAQ for this.

Note regarding the user interface!
The monitoring functions can currently only be configured on the classic user interface. See this note.

Adding a Check

When adding a device, a check will be added if the checkbox Default monitoring is checked. In this case, this device will automatically be added as a host together with a ping check with an interval of 60 minutes. Further checks can be added in the classic user interface on the Monitoring → Checks tab by clicking on the Add new check button.

The Name is a name that describes the check such clearly that it can be distinguished from other checks. The proposed name is composed of the type of the check and the specified host.

The Description field can be used for a detailed description of the check. The content of this field will also be transmitted in the failure report. It can thus be used to transmit further information in the failure report.

The Host for which the check is to be performed can be selected from the respective drop-down list. All already added hosts are listed here. If the check is to be performed for a host that has not yet been added, this can be added using the Add new host button.

The Type of the check can be selected from the respective drop-down list. The following types are available for this:

HTTP: An HTTP request to the web server of the specified host will be performed. If the web server responds with OK, the check is considered as successful.
HTTPS: An HTTPS request to the web server of the specified host will be performed. If the web server responds with OK, the check is considered as successful.
PING: A ping request to the specified host will be performed. The check is considered as successful if the host responds to 3 of 5 ping requests within 5 seconds positively.
VPN: The OpenVPN client status in the VPN server is used here. If it is still registered, the check is considered as successful.

The Check interval specifies the interval in which the checks are performed.

The Retry interval specifies the interval in which the checks are performed, if a check has failed. This interval is usually shorter than the check interval.

The Max. check attempts specify the number of checks before the regular check interval is used again.

The Alarm e-mail is the address to which the failure reports will be sent. Several recipient addresses can be entered separated by commas or blanks. If no address is entered, no failure report will be sent.

The Http(s) port specifies the port that is used for receiving the HTTP(S) requests to the web server of the host (only for type HTTP(S)).

The Http(s) user name is used for HTTP(S) requests to the web server if this requires an authentication (only for type HTTP(S)).

The Http(s) password is used for HTTP(S) requests to the web server if this requires an authentication (only for type HTTP(S)).

Managing the Checks

The Monitoring → Checks tab shows a list of the added checks. The checks can be managed here. Moreover, the status of the checks is indicated here. The checks are listed in host groups. The checks under the respective hosts can be expanded or collapsed using the + or – button in front of the host. If the checkbox Collapse groups without disturbances is checked, only the groups that have disturbances are expanded.

The Groups tab shows a list of the added groups. The groups can be managed here. Moreover, the communication within a group and between different groups is determined here.

The Copy button can be used to add another check in which the parameters in the window are already preset with those of the copied check. Adjusting these parameters allows a quick adding of similar checks.

The Delete button can be used to delete this check.

The Manage button can be used to edit the settings of this check.

The name of this check is indicated in the Name column.

The last state of this check is indicated in the State column. The following states are possible:

OK: The last check was successful.
warning: The last check was successful, but the request has only be responded with delays (packet turnaround time ≥ 2500 ms) or not completely.
unstable: Frequent state changes have been detected with activated stability recognition (refer to Configuring the check options)
pending: No check has been performed so far.
error: The last check was not successful.

The Since column indicates since when this check is in this state.

The configured type of this check is indicated in the Type column.

The configured interval of this check is indicated in the Interval column.

The e-mail address to which the failure reports of this check are sent is indicated in the E-mail column.

Adding a Host

A host must be added to add a check. This can be made when adding a check or separately by clicking on the Add new host button on the Monitoring → Hosts tab. When adding a host, a ping check with an interval of 60 minutes will automatically be added for this host. If a host is added that is not VPN client, the associated VPN client will also be added as host if it has not already been added.

The Name is a name that describes the host such clearly that it can be distinguished from other hosts.

The Accessible IP address is the IP address under which the device, which is to be added as host, is accessible in the VPN network. The accessible IP address of a device can also be taken from the respective column on the Devices tab. If no accessible IP address has been specified for a device, the fix VPN IP address can also be used. This is indicated if you select on the Devices tab the i More information button of the respective device.

Managing the Hosts

The Monitoring → Hosts tab shows a list of the added hosts. The hosts can be managed here. Moreover, the status of the hosts is indicated here. The hosts are listed in device groups. The hosts under the respective devices can be expanded or collapsed using the + or – button in front of the device. The group starts with the VPN host followed by further hosts in the local network of the VPN client. The network structure will be visualised by the indentation. If the checkbox Collapse groups without disturbances is checked, only the groups that have disturbances are expanded.

The Copy button can be used to add another host in which the parameters in the window are already preset with those of the copied host. Adjusting these parameters allows a quick adding of similar hosts.

The Delete button can be used to delete this host.

The Manage button can be used to edit the settings of this host.

The name of this host is indicated in the Name column.

The Accessible IP column indicates the IP address under which this host can be accessed.

The last state of this host is indicated in the State column. The following states are possible:

up: The last check of this host was successful.
warning: The last check of this host was successful, but the request has only be responded with delays (packet turnaround time ≥ 2500 ms) or not completely.
unstable: Frequent state changes have been detected with activated stability recognition (refer to Configuring the check options)
unknown: The host is unknown. unreachable: The host could not be reached.
down: The last check of this host was not successful.

The Since column indicates since when this host is in this state.

Configuring the check options

The Monitoring → Options tab provides a series of settings for view and notification regarding the checks.

If the option Collapse groups without disturbances is activated, only the groups with disturbances are displayed on the Checks and Hosts tabs. The groups can always be expanded manually using the + symbol in front of the device name.

The setting Suppress messages at instance restart specifies how long monitoring will be suspended upon a restart. This can be used to avoid sending the e-mails upon loss and restoration of the connection following a restart.

If the option Detect and report unstable VPN connections is activated, the stability of the connection will be determined in addition to the connection status check. A connection is classified as unstable if more than 4 state changes have occurred in the last 21 checks. The connection is classified as stable again if not more than one state change has occurred during the last 21 tests. A state change is when the device connection changes from connected to disconnected or the connection quality becomes too poor (packet turnaround time ≥ 2500 ms) and vice versa.

If the option Send mail at stability issues is activated, notifications will also be sent if the connection is detected as unstable.