2009-06 application and network monitoring

8/10/2019 2009-06 Application and Network Monitoring

1/31

OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.

Application and Network MonitoringLorna Robertshaw, Director of Applications Engineering

OPNET Technologies


2/31


Corporate Overview Founded in 1986 Publicly traded (NASDAQ: OPNT) HQ in Bethesda, MD Approximately 600 employees Worldwide presence through direct offices and channel partners

Best-in-Class Solutions and Services Application Performance Management Network Engineering, Operations, and Planning Network R&D

Strong Financial Track Record Long history of profitability Trailing 12-month revenue of over $120M Approximately 25% of revenue re-invested in R&D

Broad Customer Base Corporate Enterprises Government Agencies/DoD Service Providers Network Equipment Manufacturers

About OPNET Technologies, Inc.


3/31


Analytics for Networked Applications

End-User Experience Monitoring & Real-Time Network Analytics

Real-Time Application Monitoring and Analytics

Systems Capacity Planning for Enterprises

OPNET Solutions PortfolioApplication PerformanceManagement (APM)

Network Engineering,Operations, and Planning

Network R&D

Network Planning and Engineering for Enterprises

Network Planning and Engineering for Service Providers

Transport Network Planning and Engineering

Network Audit, Security, and Policy Compliance

Automated Up-to-Date Network Diagramming

Modeling and Simulation for Defense Communications

Wireless Network Modeling and Simulation

Accelerating Network R&D


4/31


Agenda

Monitoring Application Behavior

Case Study: Impact of rogue application and users Case Study: Impact of worms and viruses Case Study: Impact of bottlenecks Monitoring, Triage, and Forensics Monitoring network and application behavior with OPNET ACE Live Deep-dive packet analysis and forensics with ACE Analyst Using application characterizations in OPNET Modeler

Auditing Network Configuration Case Study: Impact of misconfigurations on WAN infrastructure Case Study: Default passwords on Internet-facing routers

Auditing device configurations with Sentinel Providing network diagramming through NetMapper

Questions


5/31


Monitoring Application Behavior


6/31


Case Study: Impact of Rogue Applications

Company that does scientific research for defense agencies Large monthly costs for WAN connection between two main sites Link is often near saturation, so cost is justified Investigation finds one user responsible for 1/3 of total inbound traffic throughout

workday syncing home computer to work computer Possible security threat Huge monthly expense to company


7/31


Case Study: Impact of Worms and Viruses

The perfect storm: Large software company. Battlesbetween IT staff and developers over managementof development servers.

Blaster Worm (August 2003) Worm caused infected computers to become

unstable

Infected computers also caused major networkoutages that impacted non-infected computers!

Network was unusable but no one knew why Application monitoring showed ~150 infected

machines sending ARP requests for every IP they

could think of It took 5 hours to find and unplug infected computers Major business impact tech support was down,

customer support site was down, lostproductivity


8/31


Case Study: Impact of Network Bottlenecks

Medical Service Provider One data center with large research facilities (high bandwidth),

hospitals (lower bandwidth), and small strategic sites (T1,sufficient for 3-4 users)

Citrix, Terminal services, WAN Optimizers deployed throughoutto overcome network latency issues

Tricky environment to troubleshoot and gain visibility! Users in low bandwidth locations experience high network

congestion and retransmissions Monitoring showed that congestion correlated with times users

were printing

Single print server in the Data Center was a huge bottleneckand was impacting high priority traffic to the strategic sites


9/31

OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.9


Three Dimensions of Application PerformanceManagement

Monitoring: high-level view

Broad visibility (network, server) Real-time dashboards Alerts when user experience degrades SLA violations Trending and historical data

Forensics: root cause Follow user transaction across network and

through servers Identify specific cause (network event, line ofcode, etc.)

Triage: initial troubleshooting Localize problem (who, what, when, how bad) Due to network or server? Which team to call next? Snapshot and archive forensic data


10/31



ACE Live

ACE Live

Data Center

Real-time agentless performance monitoring Broad coverage with a small footprint (all users and all

applications) Localize performance problems and differentiate between

network and server delay Snapshot detailed data for forensic analysis


11/31


End User Experience Monitoring

24x7 application monitoring appliance End-user response time for all transactions and users

Auto-discovers applications out-of-the-box Oracle, Peoplesoft, SAP, Microsoft, IM, P2P, others

Intuitive, easy-to-use, low TCO One-click guided work flows Web-based dashboards; customizable reports Installed and configured within 1 hour

Unified views across the enterprise Automatic analysis

Components of delay, top-talkers Dynamic thresholds learns abnormal behavior Historical trending (up to one year)

Real-time VoIP performance management NetFlow collection

NetFlow and user response time in a unified view in asingle appliance

Exclusive: Integrated monitoring andtroubleshooting

Integrates with ACE Analyst for root cause analysis

Execut ive dashboard of real- t ime performance

SLA monitor highl ights poor performance

Quick, easy network t roubleshoot in g


12/31


ACE Live Insights Easy guided workflows for troubleshooting and analysis

Point-and-click wizards automate best practices Accomplish complex tasks at a mouse-click Customizable


13/31


Bandwidth Hogs


14/31


Alerts: Potential DoS Attacks


15/31


Worm Hunt: Detect External Attacks


16/31


End-User Response Times: Server Delay


17/31


End-User Response Times: Network Delays


18/31


Analytics for Networked Applications

Automatic root-cause analysis Visualize application behavior across the network Diagnose root causes of response-time delay Validate proposed solutions Certify new applications prior to rollout

Restores network-tier visibility in WAN-optimized environments

Support for leading vendors (e.g. Riverbed, Cisco,Juniper)

Response time prediction using a behavioralapplication model

New application deployment Data center migrations Server consolidation and virtualization WAN optimization deployment Application deployment to new locations

Over 700 protocol and application decodes Citrix, Oracle, SQL Server, Web Services, others

Pred ic t response t imes

Summar ize compon ents o f respons e-t ime de lay


19/31


ACE Analyst for Deep Dive Forensics

Visually see the connections Gantt chart of each conversation Drill into packet decodes Shorten time/skillset needed to analyze packet captures


20/31


Application Characterization forsimulation in OPNET Modeler Real traffic patterns add accuracy to simulated models Simulate DoS attacks etc.


21/31


Application Monitoring: Summary

Quality monitoring tools will help you: Weed out rogue applications Detect and study security threats Only pay for bandwidth you need Avoid congestion caused by inefficient architecture Understand import of issues on end-user experience

TRIAGE problems and allow deeper dive into FORENSICS tools

Keys to deploying application monitoring solutions: Diverse user community with different access levels, cross-disciplinary communication User training Hook into existing tools wherever possible, look for integrated tool suites rather than

point solutions


22/31


Network Configuration Monitoring

f f


23/31


Case Study: Impact of misconfigurationson WAN infrastructure Global ISP Core routers have HUGE routing tables Peering points to customer networks use route filters to avoid bombarding CE

routers with Internet routing tables Operator fat fingers route filter name Cisco IOS responds by sharing no routes

Months pass

IOS upgrade occurs IOS throws out the command altogether ALL routes sent to CE router Outage in middle of business day


24/31


Case Study: Default Passwords

Large insurance company with stringent regulatory requirements(SOX, HIPAA)

Some routers and switches in production network still have stagingconfigurations

Default username/pw combinations (cisco/test etc) found on Internetfacing devices

Production community strings found on devices

Major changes required to entire network in case the devices hadbeen compromised

Could have been worse!


25/31


Network Audit, Security, and Policy-Compliance

Reduce network outages Detect configuration problems before they

disrupt network operations Automatically audit production network

configuration with ~750 rules

Ensure network security 200+ security rules

Demonstrate regulatory compliance Generate self-documenting, customizable

reports Leverage rule templates for rapid

customization

l h


26/31


Sentinel Architecture

Near Real-TimeComprehensiveNetwork Model

Scheduled Audit Engine

Production Network

Configurat ion& Topo logy

Third Party Data Sources

d d d d l


27/31


Security Standards and Guidelines

Standard/Guide Description Applicable Organizations

PCI Data SecurityStandard

Describes the Payment Card Industry (PCI) Data Security Standard (DSS) requirements.

PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, ortransmitted.

* Banks* Credit Card Merchants

NIST Special Publication800-53(a lso bas is for FISMAcompliance)

Provides technical guidance to enhance the confidentiality, integrity, and availability of FederalInformation Systems.

This document is provided by NIST as part of its statutory responsibilities under the Federal InformationSecurity Management Act (FISMA) of 2002, P.L. 107-347.

* DoD* Defense Contractors* Federal Agencies

DISA NetworkInfrastructure STIG

Provides security configuration guidance to enhance the confidentiality, integrity, and availability ofsensitive DoD Automated Information Systems (AISs).

This Security Technical Implementation Guide (STIG) is provided under the authority of DoD Directive8500.1.

* DoD* Federal Agencies* Defense Contractors

NSA Router SecurityConfiguration Guide

Provides technical recommendations intended to help network administrators improve the security oftheir routed networks.

The initial goal for this guide is to improve the security of the routers used on US Governmentoperational networks.

* Federal Agencies* DoD* Enterprises* Service Providers

NSA Cisco IOS SwitchSecurity ConfigurationGuide

Provides technical recommendations intended to help network administrators improve the security oftheir switched networks.

The initial goal for this guide is to improve the security of the switches used on DoD operationalnetworks.

* DoD* Enterprises* Service Providers

Cisco SAFE Blueprint forEnterprise Networks

Provides Ciscos best practices to network administrators on designing and implementing securenetworks.

* Enterprises

ISO-17799 Provides guidelines and general principles for initiating, implementing, maintaining, and improvinginformation security in an organization.

This is an International Standard developed by the International Organization for Standardization (ISO)and the International Electro technical Commission (IEC).

* Enterprises

E l S i l R


28/31


Example Sentinel Reports

E l S i l R


29/31


Example Sentinel Reports

A d N k Di i


30/31


Automated Network Diagramming

Automatically generate up-to-datenetwork diagrams

Published in Microsoft Visio format Comprehensive and detailed unified

network views

Physical layouts Detailed configuration information Logical views including Layer 2/3,

VPN, OSPF, BGP, and VLANs Custom annotations

Benefits Meet regulatory compliance

requirements: PCI, SOX, etc. Accelerate network troubleshooting Perform effective asset & change

management


31/31

f d l f l h d h l ll h d d d d k f h l

Questions?

2009-06 application and network monitoring

Documents