NETIKS NMS Solution

A centralized, high-availability, 3-layer secure Network Management System (NMS) for OFC network, ring topology mapping, and active device monitoring.

01

Executive Summary

Netwall Expert Pvt. Ltd. is pleased to present the commercial and technical proposal for NETIKS NMS, our industry-grade centralized remote monitoring, diagnostics, and subscriber management platform customized for the network monitoring .

Modern corporate and telecom infrastructures depend on high-availability networks. A minor failure in physical infrastructure, such as an Optical Fiber Cable (OFC) cut, or a device shutdown on a converter, switch, or server can immediately halt operations.

NETIKS NMS leverages a secure outbound-tunnel architecture (built on WireGuard and robust SNMP polling) to monitor networking gear safely behind firewalls and CGNAT, eliminating open port vulnerabilities. The platform will deliver interactive physical and logical ring topology mapping, immediate node failure notifications, port-level performance analytics, and a multi-tiered security system.

"By utilizing the mature, production-validated NETIKS core platform, we are able to fast-track deployment & incorporating their custom OFC ring topology requirements within an optimized, budget-friendly timeframe."

02

Client Requirements & NETIKS Solutions

The following matrix details how each specific network monitoring requirement outlined by the V&A Ventures IT Department is answered and implemented by the NETIKS NMS platform.

OFC & Multi-Device Monitoring Satisfied
V&A Requirement

"Monitoring of OFC network along with networking devices such as switches, servers, converters, etc."

NETIKS Implementation

Support for multi-vendor switches (managed L2/L3), physical Linux/Windows servers (via daemon/SNMP), media converters, and Optical Line Terminals (OLTs). Visual status alerts (UP/DOWN) mapped directly on the dashboard layout.

Port-Level Detail Tracking Satisfied
V&A Requirement

"Monitoring of devices with details including IP address, connectivity status, and data rate of each connected network port."

NETIKS Implementation

Maintains active registry of IP addresses, hardware status, and interface metrics. Periodically monitors Rx/Tx bandwidth speeds per-port using high-performance socket operations and SNMP polling, visualized with WebSocket charts.

Desktop Alarm Notifications Satisfied
V&A Requirement

"Desktop/PC based alarm notifications for network and device failures."

NETIKS Implementation

Features a native desktop notification client (tray application for Windows/macOS) that establishes a WebSocket heartbeat. Triggers instant, persistent desktop OS alerts and audio alarms for critical core failures and fiber link breaks.

3-Layer Security & Secure Communication Satisfied
V&A Requirement

"Secure communication with key infrastructure support, authentication, and access control. Platform-independent with a 3-layer security structure."

NETIKS Implementation

Employs standard AES database encryption, TLS web layer, and JWT token rotation. Provides a strict three-layer security structure: 1) WireGuard VPN encryption, 2) Client IP whitelist firewalls, 3) Granular role-based user permissions (RBAC).

Protocol Support (TCP/IP, SNMP, UDP) Satisfied
V&A Requirement

"Support for TCP/IP, SNMP, and UDP protocols."

NETIKS Implementation

Communicates over standard IPv4/IPv6 networks. Uses SNMP (v1, v2c, and v3) for pulling detailed active port data rates, and UDP-based heartbeats / WireGuard endpoints for robust, packet-efficient health signals.

Fiber Ring Topology & Link Down Logs Satisfied
V&A Requirement

"Fiber optic monitoring with ring topology support, alarm generation, and maintenance of up/down time logs."

NETIKS Implementation

Visualizes physical and logical ring pathways via interactive topology. Instantly highlights fiber cuts between adjacent switches, fires alert alarms, and records precise downtime duration logs .

03

The Three-Layer Security Structure

Exposing network equipment APIs directly to the internet is high risk. NETIKS NMS implements a strict three-layer defense to guarantee infrastructure isolation.

01

WireGuard Tunnel Layer

No inbound API ports (8728, 22, 161) are exposed publicly on switches or routers. Instead, each device establishes an outbound private tunnel using WireGuard. Polling occurs strictly through the secure 10.200.0.0/24 subnet.

02

Access Control Firewall

Device configurations are hardened with local ACL rules to reject any monitoring requests that do not originate from the server's private gateway IP (10.200.0.1). Any unauthorized packets are instantly dropped.

03

Application RBAC & JWT

The web portal strictly enforces Role-Based Access Control. Session tokens are signed using high-security JSON Web Tokens (JWT) with automatic refresh rotation, keeping administrative features isolated from read-only operators.

04

OFC Ring Topology Monitoring

To satisfy V&A Ventures' request for ring topology support, NETIKS uses a dynamic link detection engine. We discover redundant connections and verify the ring state (Active vs. Broken) in real-time.

S1
S2
S3
S4
S5
LINK CUT DETECTED

Simulation Controls

Simulate fiber loop integrity to see how the NMS detects structural cuts and triggers alarms.

Live Alarm Log
[17:42:01] System Poller initialized. Ring status: Normal.OK
[17:42:15] All 5 switches connected over WireGuard.OK

Topology Logic: By checking OSPF adjacencies or LLDP packet exchanges on ports, the NMS establishes a map of connections. If a fiber cable breaks between Switch 2 and Switch 3, the traffic reroutes via the alternate side of the ring. NETIKS registers the port transition, calculates the exact location of the cut, launches a desktop alert window, and logs the up/down timeline for compliance records.

05

Technical Specifications

NETIKS NMS uses a modern, lightweight, non-blocking stack that runs containerized inside Linux/Windows or any comparable server OS.

Category Performance Benefit
Caching & Queues Manages scheduled backups, packet timeouts, and alert queues cleanly.
Frontend Console Accessible on all web browsers (Chrome, Edge, Safari) and mobile platforms without native app dependencies.
Real-Time Link Streams real-time port speeds, traffic graphs, and ring break alarms instantly to client browsers.
Agent Tunneling Allows private management channel, bypassing public IP, CGNAT, and port-forwarding configs.
06

Deployment Process & SLA Support

Netwall Expert follows a structured installation method to ensure the NMS goes live with zero downtime on your active lines.

Phase 1: Hardware Requirements (Managing up to 500 Nodes)

Assessing and provisioning the required server/VM hardware specification suitable for managing up to 500 network nodes.

Phase 2: Software Implementation & License Setup (Total time up to 30 Days)

Deploying the central NMS system with a Public IP (required) and installing perpetual licensing for active monitoring.

Phase 3: Staff Training & Sign-Off (Post 30 Days, for 1 week)

Conducting operational training sessions for administrator and operator staff, followed by official sign-off post-implementation.

Service Level Agreement (SLA) & Maintenance

Every deployment is backed by our direct technical support team. Support requests can be submitted via email, phone, or our centralized support portal.

Priority Level Response SLA Resolution SLA Description
P1: Critical < 30 Minutes < 4 Hours Entire NMS server offline, or major ring-break failing to notify operators.
P2: High < 2 Hours < 12 Hours Individual switch reporting offline, or desktop notification app disconnecting.
P3: Medium/Low < 8 Hours < 48 Hours General UI inquiries, cosmetic graph updates, or adding secondary user logins.