2009-06 application and network monitoring
TRANSCRIPT
-
8/10/2019 2009-06 Application and Network Monitoring
1/31
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.
Application and Network MonitoringLorna Robertshaw, Director of Applications Engineering
OPNET Technologies
-
8/10/2019 2009-06 Application and Network Monitoring
2/31
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.
Corporate Overview Founded in 1986 Publicly traded (NASDAQ: OPNT) HQ in Bethesda, MD Approximately 600 employees Worldwide presence through direct offices and channel partners
Best-in-Class Solutions and Services Application Performance Management Network Engineering, Operations, and Planning Network R&D
Strong Financial Track Record Long history of profitability Trailing 12-month revenue of over $120M Approximately 25% of revenue re-invested in R&D
Broad Customer Base Corporate Enterprises Government Agencies/DoD Service Providers Network Equipment Manufacturers
About OPNET Technologies, Inc.
-
8/10/2019 2009-06 Application and Network Monitoring
3/31
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.
Analytics for Networked Applications
End-User Experience Monitoring & Real-Time Network Analytics
Real-Time Application Monitoring and Analytics
Systems Capacity Planning for Enterprises
OPNET Solutions PortfolioApplication PerformanceManagement (APM)
Network Engineering,Operations, and Planning
Network R&D
Network Planning and Engineering for Enterprises
Network Planning and Engineering for Service Providers
Transport Network Planning and Engineering
Network Audit, Security, and Policy Compliance
Automated Up-to-Date Network Diagramming
Modeling and Simulation for Defense Communications
Wireless Network Modeling and Simulation
Accelerating Network R&D
-
8/10/2019 2009-06 Application and Network Monitoring
4/31
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.
Agenda
Monitoring Application Behavior
Case Study: Impact of rogue application and users Case Study: Impact of worms and viruses Case Study: Impact of bottlenecks Monitoring, Triage, and Forensics Monitoring network and application behavior with OPNET ACE Live Deep-dive packet analysis and forensics with ACE Analyst Using application characterizations in OPNET Modeler
Auditing Network Configuration Case Study: Impact of misconfigurations on WAN infrastructure Case Study: Default passwords on Internet-facing routers
Auditing device configurations with Sentinel Providing network diagramming through NetMapper
Questions
-
8/10/2019 2009-06 Application and Network Monitoring
5/31
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.
Monitoring Application Behavior
-
8/10/2019 2009-06 Application and Network Monitoring
6/31
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.
Case Study: Impact of Rogue Applications
Company that does scientific research for defense agencies Large monthly costs for WAN connection between two main sites Link is often near saturation, so cost is justified Investigation finds one user responsible for 1/3 of total inbound traffic throughout
workday syncing home computer to work computer Possible security threat Huge monthly expense to company
-
8/10/2019 2009-06 Application and Network Monitoring
7/31
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.
Case Study: Impact of Worms and Viruses
The perfect storm: Large software company. Battlesbetween IT staff and developers over managementof development servers.
Blaster Worm (August 2003) Worm caused infected computers to become
unstable
Infected computers also caused major networkoutages that impacted non-infected computers!
Network was unusable but no one knew why Application monitoring showed ~150 infected
machines sending ARP requests for every IP they
could think of It took 5 hours to find and unplug infected computers Major business impact tech support was down,
customer support site was down, lostproductivity
-
8/10/2019 2009-06 Application and Network Monitoring
8/31
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.
Case Study: Impact of Network Bottlenecks
Medical Service Provider One data center with large research facilities (high bandwidth),
hospitals (lower bandwidth), and small strategic sites (T1,sufficient for 3-4 users)
Citrix, Terminal services, WAN Optimizers deployed throughoutto overcome network latency issues
Tricky environment to troubleshoot and gain visibility! Users in low bandwidth locations experience high network
congestion and retransmissions Monitoring showed that congestion correlated with times users
were printing
Single print server in the Data Center was a huge bottleneckand was impacting high priority traffic to the strategic sites
-
8/10/2019 2009-06 Application and Network Monitoring
9/31
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.9
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.
Three Dimensions of Application PerformanceManagement
Monitoring: high-level view
Broad visibility (network, server) Real-time dashboards Alerts when user experience degrades SLA violations Trending and historical data
Forensics: root cause Follow user transaction across network and
through servers Identify specific cause (network event, line ofcode, etc.)
Triage: initial troubleshooting Localize problem (who, what, when, how bad) Due to network or server? Which team to call next? Snapshot and archive forensic data
-
8/10/2019 2009-06 Application and Network Monitoring
10/31
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.10
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.10
ACE Live
ACE Live
Data Center
Real-time agentless performance monitoring Broad coverage with a small footprint (all users and all
applications) Localize performance problems and differentiate between
network and server delay Snapshot detailed data for forensic analysis
-
8/10/2019 2009-06 Application and Network Monitoring
11/31
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.
End User Experience Monitoring
24x7 application monitoring appliance End-user response time for all transactions and users
Auto-discovers applications out-of-the-box Oracle, Peoplesoft, SAP, Microsoft, IM, P2P, others
Intuitive, easy-to-use, low TCO One-click guided work flows Web-based dashboards; customizable reports Installed and configured within 1 hour
Unified views across the enterprise Automatic analysis
Components of delay, top-talkers Dynamic thresholds learns abnormal behavior Historical trending (up to one year)
Real-time VoIP performance management NetFlow collection
NetFlow and user response time in a unified view in asingle appliance
Exclusive: Integrated monitoring andtroubleshooting
Integrates with ACE Analyst for root cause analysis
Execut ive dashboard of real- t ime performance
SLA monitor highl ights poor performance
Quick, easy network t roubleshoot in g
-
8/10/2019 2009-06 Application and Network Monitoring
12/31
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.
ACE Live Insights Easy guided workflows for troubleshooting and analysis
Point-and-click wizards automate best practices Accomplish complex tasks at a mouse-click Customizable
-
8/10/2019 2009-06 Application and Network Monitoring
13/31
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.
Bandwidth Hogs
-
8/10/2019 2009-06 Application and Network Monitoring
14/31
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.
Alerts: Potential DoS Attacks
-
8/10/2019 2009-06 Application and Network Monitoring
15/31
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.
Worm Hunt: Detect External Attacks
-
8/10/2019 2009-06 Application and Network Monitoring
16/31
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.
End-User Response Times: Server Delay
-
8/10/2019 2009-06 Application and Network Monitoring
17/31
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.
End-User Response Times: Network Delays
-
8/10/2019 2009-06 Application and Network Monitoring
18/31
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.
Analytics for Networked Applications
Automatic root-cause analysis Visualize application behavior across the network Diagnose root causes of response-time delay Validate proposed solutions Certify new applications prior to rollout
Restores network-tier visibility in WAN-optimized environments
Support for leading vendors (e.g. Riverbed, Cisco,Juniper)
Response time prediction using a behavioralapplication model
New application deployment Data center migrations Server consolidation and virtualization WAN optimization deployment Application deployment to new locations
Over 700 protocol and application decodes Citrix, Oracle, SQL Server, Web Services, others
Pred ic t response t imes
Summar ize compon ents o f respons e-t ime de lay
-
8/10/2019 2009-06 Application and Network Monitoring
19/31
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.
ACE Analyst for Deep Dive Forensics
Visually see the connections Gantt chart of each conversation Drill into packet decodes Shorten time/skillset needed to analyze packet captures
-
8/10/2019 2009-06 Application and Network Monitoring
20/31
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.
Application Characterization forsimulation in OPNET Modeler Real traffic patterns add accuracy to simulated models Simulate DoS attacks etc.
-
8/10/2019 2009-06 Application and Network Monitoring
21/31
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.
Application Monitoring: Summary
Quality monitoring tools will help you: Weed out rogue applications Detect and study security threats Only pay for bandwidth you need Avoid congestion caused by inefficient architecture Understand import of issues on end-user experience
TRIAGE problems and allow deeper dive into FORENSICS tools
Keys to deploying application monitoring solutions: Diverse user community with different access levels, cross-disciplinary communication User training Hook into existing tools wherever possible, look for integrated tool suites rather than
point solutions
-
8/10/2019 2009-06 Application and Network Monitoring
22/31
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.
Network Configuration Monitoring
f f
-
8/10/2019 2009-06 Application and Network Monitoring
23/31
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.
Case Study: Impact of misconfigurationson WAN infrastructure Global ISP Core routers have HUGE routing tables Peering points to customer networks use route filters to avoid bombarding CE
routers with Internet routing tables Operator fat fingers route filter name Cisco IOS responds by sharing no routes
Months pass
IOS upgrade occurs IOS throws out the command altogether ALL routes sent to CE router Outage in middle of business day
-
8/10/2019 2009-06 Application and Network Monitoring
24/31
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.
Case Study: Default Passwords
Large insurance company with stringent regulatory requirements(SOX, HIPAA)
Some routers and switches in production network still have stagingconfigurations
Default username/pw combinations (cisco/test etc) found on Internetfacing devices
Production community strings found on devices
Major changes required to entire network in case the devices hadbeen compromised
Could have been worse!
-
8/10/2019 2009-06 Application and Network Monitoring
25/31
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.
Network Audit, Security, and Policy-Compliance
Reduce network outages Detect configuration problems before they
disrupt network operations Automatically audit production network
configuration with ~750 rules
Ensure network security 200+ security rules
Demonstrate regulatory compliance Generate self-documenting, customizable
reports Leverage rule templates for rapid
customization
l h
-
8/10/2019 2009-06 Application and Network Monitoring
26/31
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.
Sentinel Architecture
Near Real-TimeComprehensiveNetwork Model
Scheduled Audit Engine
Production Network
Configurat ion& Topo logy
Third Party Data Sources
d d d d l
-
8/10/2019 2009-06 Application and Network Monitoring
27/31
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.
Security Standards and Guidelines
Standard/Guide Description Applicable Organizations
PCI Data SecurityStandard
Describes the Payment Card Industry (PCI) Data Security Standard (DSS) requirements.
PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, ortransmitted.
* Banks* Credit Card Merchants
NIST Special Publication800-53(a lso bas is for FISMAcompliance)
Provides technical guidance to enhance the confidentiality, integrity, and availability of FederalInformation Systems.
This document is provided by NIST as part of its statutory responsibilities under the Federal InformationSecurity Management Act (FISMA) of 2002, P.L. 107-347.
* DoD* Defense Contractors* Federal Agencies
DISA NetworkInfrastructure STIG
Provides security configuration guidance to enhance the confidentiality, integrity, and availability ofsensitive DoD Automated Information Systems (AISs).
This Security Technical Implementation Guide (STIG) is provided under the authority of DoD Directive8500.1.
* DoD* Federal Agencies* Defense Contractors
NSA Router SecurityConfiguration Guide
Provides technical recommendations intended to help network administrators improve the security oftheir routed networks.
The initial goal for this guide is to improve the security of the routers used on US Governmentoperational networks.
* Federal Agencies* DoD* Enterprises* Service Providers
NSA Cisco IOS SwitchSecurity ConfigurationGuide
Provides technical recommendations intended to help network administrators improve the security oftheir switched networks.
The initial goal for this guide is to improve the security of the switches used on DoD operationalnetworks.
* DoD* Enterprises* Service Providers
Cisco SAFE Blueprint forEnterprise Networks
Provides Ciscos best practices to network administrators on designing and implementing securenetworks.
* Enterprises
ISO-17799 Provides guidelines and general principles for initiating, implementing, maintaining, and improvinginformation security in an organization.
This is an International Standard developed by the International Organization for Standardization (ISO)and the International Electro technical Commission (IEC).
* Enterprises
E l S i l R
-
8/10/2019 2009-06 Application and Network Monitoring
28/31
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.
Example Sentinel Reports
E l S i l R
-
8/10/2019 2009-06 Application and Network Monitoring
29/31
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.
Example Sentinel Reports
A d N k Di i
-
8/10/2019 2009-06 Application and Network Monitoring
30/31
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All trademarks are the property of their respective owners and are used herein for identification purposes only.
Automated Network Diagramming
Automatically generate up-to-datenetwork diagrams
Published in Microsoft Visio format Comprehensive and detailed unified
network views
Physical layouts Detailed configuration information Logical views including Layer 2/3,
VPN, OSPF, BGP, and VLANs Custom annotations
Benefits Meet regulatory compliance
requirements: PCI, SOX, etc. Accelerate network troubleshooting Perform effective asset & change
management
-
8/10/2019 2009-06 Application and Network Monitoring
31/31
f d l f l h d h l ll h d d d d k f h l
Questions?