AdRem NetCrunch is a Windows Server–based network monitoring tool that boasts high performance and impressive scalability even in a single-server deployment. In sum, NetCrunch monitors servers, devices, and applications through a proverbial “single pane of glass.”

Automated network/system monitoring can be problematic for small-to-medium businesses (SMBs) for any combination of the following reasons:

  • The need to balance features vs. license costs
  • The need to monitor several platforms (Windows, OS X, Linux, Cisco IOS, etc.)
  • The need to run the monitoring server inside a virtual machine (VM)
  • The need to avoid agent installation

As you might suspect, AdRem Software’s NetCrunch fulfills all of the previously listed requirements and more. AdRem (pronounced ADD-rim) Software released NetCrunch 9 network monitoring solution on November 3, 2015.

Over the next 1,000 words or so, I’ll briefly describe how this product works and how it might benefit you.

The elevator pitch ^

NetCrunch says that a single NetCrunch server can monitor thousands of nodes. By “nodes,” we mean disparate devices such as:

  • Windows servers and clients (via native protocols)
  • OS X servers and clients (via SSH)
  • Linux servers and clients (via SSH)
  • VMware ESX/I (via SOAP Web services)
  • SNMP-compatible network devices (up to and including SNMP v3)

Data storage is handled via its own SQL/NoSQL databases. NetCrunch surfaces its data in many ways, the most impressive being gorgeous dashboards such as those you see in the following screenshot that summarizes network traffic patterns:

NetCrunch’s monitoring dashboards are perfect for network operations center (NOC) control rooms.

It’s worth mentioning that NetCrunch’s data views represent live, real-time information. In other words, you never see “snapshot” data that may be seconds or minutes old.

Speaking of NetCrunch reports, version 9 includes a fork of the Grafana open-source project. The business benefits are that GrafCrunch can pull in data from multiple data sources and create richer live performance dashboards than you can get with the native reporting interfaces. Look at this stunning example from AdRem’s image repository:

GrafCrunch, included in NetCrunch v9, greatly enhances your ability

GrafCrunch, included in NetCrunch v9, greatly enhances your ability to visualize your monitoring data.

You monitor your NetCrunch server either locally or remotely; remote access options include the “thick” admin console client or HTTP(S) Web access. The Web access has separate style sheets for desktop or mobile views.

The remote access piece is especially important for SMB clients who rely upon managed service providers (MSPs). All you have to do is give the MSP a copy of the remote management console and they can monitor your environment with the same interface you use on premises.

Installation and initial configuration ^

Make sure you download the free 30-day evaluation so you can take time to “kick the tires” and see with your own eyes how NetCrunch 9 works.

At base, NetCrunch says you need a 64-bit Windows Server box (Windows Server 2008 through Windows Server 2012 R2) with 4 GB RAM and 4 CPU cores to monitor up to 1,000 nodes. Read AdRem’s System Requirements page for additional details if you need to scale up your monitoring requirements further.

Installing the server, which also includes its own Web and database servers, took less than five minutes on one of my Windows Server 2012 R2 virtual machines. Oh yeah—you can install any NetCrunch component on physical or virtual hardware.

At first launch, the administration console asks if you want to run a network scan to detect nodes or use a simulated dataset. I’d suggest you start with the latter so you can get comfortable with more features right away.

NetCrunch includes a sample dataset to ease your learning curve

NetCrunch includes a sample dataset to ease your learning curve.

The simulated environment is awesome because you can click through the admin console to your heart’s content without the hazard of messing up production settings. As you can see in the following screenshot, you can always leave the simulation to return to your own network environment.

The sample data set is an easy way to learn NetCrunch. Click the link to exit

The sample data set is an easy way to learn NetCrunch. Click the link to exit the simulation.

You add new nodes to the NetCrunch “atlas” by running the network discovery wizard or by importing a comma-delimited-value (CSV) file containing the relevant hostnames and/or IP addresses.

NetCrunch searches Active Directory using Windows Management Instrumentation (WMI) and various other protocols (mainly Simple Network Management Protocol, or SNMP) to detect non-Windows nodes.

By default, the NetCrunch scanner looks for the following services:

  • DNS
  • FTP
  • LDAP
  • POP3
  • SMTP
  • WINS

However, you can search for a number of additional services, including RADIUS, Oracle, and Lotus Domino.

Depending on the services that NetCrunch detects, the product then prompts you to associate monitoring packs with each service. The monitoring packs allow NetCrunch to gather ongoing data related to each service, alert you if a service misbehaves, and even proactively take action on your behalf (such as restarting a stopped service automatically).

Of course, you’ll need to supply administrative credentials to support NetCrunch monitoring and alerting.

The NetCrunch monitoring workflow ^

NetCrunch monitors the following three data types:

  • Events: Windows Event Log, syslog, SNMP traps
  • Performance Counters: Numerical data
  • Status: Service status, system uptime, etc.

As you can see in the following screenshot, there’s a lot to look at in the NetCrunch administration console. I’ve annotated the picture and will describe each part next.

The NetCrunch administration console provides a huge amount of data for your analytical pleasure

The NetCrunch administration console provides a huge amount of data for your analytical pleasure.

A: The Network Atlas tab reveals summary dashboards, node details, and software inventories.

B: The Event Log tab shows all event log entries from managed nodes and allows you to reassign or resolve them.

C: The External Events tab shows you syslog and SNMP trap data from nodes that are not monitored in the NetCrunch atlas (this feature set requires the NetCrunch Premium XE license).

D: These controls provide a quick way to view high-priority alert and status messages.

E: You can customize the Views pane to see the data elements that are most important to you.

Let me show you how easy it is to check and configure node status. First, I’ll browse to Network Atlas > Nodes in the admin console and double-click my server. I see the following interface, which again I’ll annotate and explain.

The NetCrunch Node Details window

The NetCrunch Node Details window

A: Quick access to the Event Log screen

B: At-a-glance dashboard

C: Detailed system performance statistics

D: Network protocol performance statistics

E: Network bandwidth statistics

F: Full control over Windows services (status, start, stop, restart, etc.)

G: Which admin console views include this node in their output

H: Node-specific alert messages

To monitor a specific service on the server, navigate back to the node’s Summary page and double-click the appropriate monitoring pack. On my dc1 domain controller, I opened the Active Directory monitoring pack as shown in the next screenshot.

Here we configure the monitored services on a node

Here we configure the monitored services on a node.

By double-clicking the Active Directory pack in the Node Monitoring window, I can (a) view current alert thresholds; (b) modify their threshold values and auto-remediation actions; and (c) create new alert/remediation rules.

NetCrunch is built to take care of most alerting and remediation without administrator

NetCrunch is built to take care of most alerting and remediation without administrator intervention.

Licensing model ^

I admire NetCrunch in their commitment to simplicity and transparency. A good example of both is their product licensing model, which is based on simple node count. They don’t care how many elements, counters, or sensors you’ve deployed in your monitoring infrastructure—you pay for the number of monitored nodes and that’s it.

This means you don’t get hit with hidden costs such as having to pay extra to unlock particular features. Here are AdRem’s NetCrunch license package options:

  • NetCrunch 50: Up to 50 nodes: $1,755
  • NetCrunch 125: Up to 125 nodes: $2,855
  • NetCrunch 300: Up to 300 nodes: $4,395
  • NetCrunch 600: Up to 600 nodes: $6,700
  • NetCrunch 1000: Up to 1,000 nodes: $8,245
  • NetCrunch 2000: Up to 2,000 nodes: $13,190
  • NetCrunch Unlimited: No limit on node numbers (licensed per NetCrunch server): $17,590
  • NetCrunch Corporate: Unlimited number of NetCrunch servers: on request

Finally, you receive a one-year maintenance agreement with your license; this includes unlimited technical support and upgrade protection.

  1. Milan Banjac 6 years ago

    Good looking tool, I was just wondering which checks are included in Active Directory Pack, in the picture it is only monitoring the status of several AD-related services. What is the quality of AD monitoring compared to SCOM AD Management Pack?

  2. Author
    Timothy Warner 6 years ago

    Hi Milan. In my experience, the AD checks/alerts are pretty similar. I like NetCrunch better than SCOM because NetCrunch integrates deeply into AD without all the extra plumbing that SCOM requires. Thanks for reading, Tim W.

  3. Milan Banjac 6 years ago

    Hi Thimothy, thanks for the reply. It would be really interesting to actually see the list of checks that NetCrunch is performing while monitoring AD, since in my experience SCOM has a really comprehensive set of tests within AD Management Pack for Windows 2008 (the latest one MS published). In fact, I managed to export all of the checks that are inside SCOM MP using a tool called MPViewer, and for example there are 372 rules that are being used for checking the health on a DC. Since we are currently researching for a Monitoring tool upgrade it would be really good if NetCrunch could provide at least similar depth of health checks, since I suppose that it is cheaper than SCOM. Is there such information within product documentation of NetCrunch regarding the specific checks that are being used for monitoring AD?
    I am not sure that I understand your point regarding the “extra plumbing SCOM requires”, I used it in previous company and didn’t have any issues of that kind. It is just a server with a database that communicates with an agent on the monitored machine.

  4. Author
    Timothy Warner 6 years ago

    Milan, I want you to know that I haven’t forgotten about you. We reached to AdRem directly so we can get you as detailed an answer as possible. Hang tight! Thanks, Tim W.

  5. Milan Banjac 6 years ago

    Thanks, looking forward to it!

  6. Michael Rojek 6 years ago

    Hi Milan,
    We have a preconfigured monitoring pack, but of course you can add checks to the one that is already there (or build a custom one). On top of that, you can also run automatic corrective actions like run scripts/apps, restart services, reboot machines; anything an admin account could do.

  7. Milan Banjac 6 years ago

    Hi Michael,
    Thank you for your comment. I just wanted to know what is included in the monitoring pack out of the box, but it is good to hear that additional checks can be added manually.


  8. Michael Rojek 6 years ago

    Hi Milan,
    No worries. The preconfigured AD pack includes alerts for file replaction errors, directory service errors, and services not running: (windows time, file replication service, intersite messaging, distributed file system, kerberos key distribution center, net logon and security accounts manager).

  9. Michael 6 years ago

    Unfortunately, no IPv6 support

  10. Matteo Ventura 6 years ago

    Hi, Thank you for this post!

    I tried this but I was wondering if there is a pack available for ISCSI Target service on Windows Server 2012 R2 ?

    Kind regards,


  11. adrian 5 years ago

    Hello Michael and Matteo,

    the next version NCv10 will have complete IPv6 Dual stack support according the requirements of RFC 6434 and RIPE554 using Windows OS-Stack.

    Matteo, what exactly you need to monitor for ISCSI service ? We are open for suggestions, just drop a mail to the AdRem support Team,

    King regards,


Leave a reply

Your email address will not be published.


© 4sysops 2006 - 2022


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account