Application and Network Monitoring: Lorna Robertshaw, Director of Applications Engineering OPNET Technologies

OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved.
d. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.
All trademarks are the property of their respective owners and are used herein for identification purposes only.
Application and Network Monitoring
Lorna Robertshaw, Director of Applications Engineering
OPNET Technologies
OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.
Corporate Overview
Founded in 1986
Publicly traded (NASDAQ: OPNT)
HQ in Bethesda, MD
Approximately 600 employees
Worldwide presence through direct offices and channel partners
Best-in-Class Solutions and Services
Application Performance Management
Network Engineering, Operations, and Planning
Network R&D
Strong Financial Track Record
Long history of profitability
Trailing 12-month revenue of over $120M
Approximately 25% of revenue re-invested in R&D
Broad Customer Base
Corporate Enterprises
Government Agencies/DoD
Service Providers
Network Equipment Manufacturers
About OPNET Technologies, Inc.

Analytics for Networked Applications
End-User Experience Monitoring & Real-Time Network Analytics
Real-Time Application Monitoring and Analytics
Systems Capacity Planning for Enterprises
OPNET Solutions Portfolio
Application Performance
Management (APM)
Network Engineering,
Operations, and Planning

Network R&D
Network Planning and Engineering for Enterprises
Network Planning and Engineering for Service Providers
Transport Network Planning and Engineering
Network Audit, Security, and Policy Compliance
Automated Up-to-Date Network Diagramming
Modeling and Simulation for Defense Communications
Wireless Network Modeling and Simulation
Accelerating Network R&D
Agenda
Monitoring Application Behavior
Case Study: Impact of rogue application and users
Case Study: Impact of worms and viruses
Case Study: Impact of bottlenecks
Monitoring, Triage, and Forensics
Monitoring network and application behavior with OPNET ACE Live
Deep-dive packet analysis and forensics with ACE Analyst
Using application characterizations in OPNET Modeler

Auditing Network Configuration
Case Study: Impact of misconfigurations on WAN infrastructure
Case Study: Default passwords on Internet-facing routers
Auditing device configurations with Sentinel
Providing network diagramming through NetMapper

Questions
Monitoring Application Behavior
Case Study: Impact of Rogue Applications
Company that does scientific research for defense agencies
Large monthly costs for WAN connection between two main sites
Link is often near saturation, so cost is justified
Investigation finds one user responsible for 1/3 of total inbound traffic throughout
workday syncing home computer to work computer
Possible security threat
Huge monthly expense to company
Case Study: Impact of Worms and Viruses
The perfect storm: Large software company. Battles
between IT staff and developers over management
of development servers.

Blaster Worm (August 2003)
Worm caused infected computers to become
unstable
Infected computers also caused major network
outages that impacted non-infected computers!

Network was unusable but no one knew why
Application monitoring showed ~150 infected
machines sending ARP requests for every IP they
could think of
It took 5 hours to find and unplug infected computers
Major business impact tech support was down,
customer support site was down, lost
productivity
Case Study: Impact of Network Bottlenecks
Medical Service Provider
One data center with large research facilities (high bandwidth),
hospitals (lower bandwidth), and small strategic sites (T1,
sufficient for 3-4 users)
Citrix, Terminal services, WAN Optimizers deployed throughout
to overcome network latency issues
Tricky environment to troubleshoot and gain visibility!
Users in low bandwidth locations experience high network
congestion and retransmissions
Monitoring showed that congestion correlated with times users
were printing
Single print server in the Data Center was a huge bottleneck
and was impacting high priority traffic to the strategic sites

9
Three Dimensions of Application Performance
Management
Monitoring: high-level view
Broad visibility (network, server)
Real-time dashboards
Alerts when user experience degrades
SLA violations
Trending and historical data
Forensics: root cause
Follow user transaction across network and
through servers
Identify specific cause (network event, line of
code, etc.)
Triage: initial troubleshooting
Localize problem (who, what, when, how bad)
Due to network or server?
Which team to call next?
Snapshot and archive forensic data
10
All trademarks are the property of their respective owners and are used herein for identification purposes only. 10
ACE Live
ACE Live
Data Center
Real-time agentless performance monitoring
Broad coverage with a small footprint (all users and all
applications)
Localize performance problems and differentiate between
network and server delay
Snapshot detailed data for forensic analysis

End User Experience Monitoring
24x7 application monitoring appliance
End-user response time for all transactions and users
Auto-discovers applications out-of-the-box
Oracle, Peoplesoft, SAP, Microsoft, IM, P2P, others
Intuitive, easy-to-use, low TCO
One-click guided work flows
Web-based dashboards; customizable reports
Installed and configured within 1 hour
Unified views across the enterprise
Automatic analysis
Components of delay, top-talkers
Dynamic thresholds learns abnormal behavior
Historical trending (up to one year)
Real-time VoIP performance management
NetFlow collection
NetFlow and user response time in a unified view in a
single appliance
Exclusive: Integrated monitoring and
troubleshooting
Integrates with ACE Analyst for root cause analysis
Executive dashboard of real-time performance
SLA monitor highlights poor performance
Quick, easy network troubleshooting
ACE Live Insights
Easy guided workflows for troubleshooting and analysis
Point-and-click wizards automate best practices
Accomplish complex tasks at a mouse-click
Customizable

Bandwidth Hogs

Alerts: Potential DoS Attacks

Worm Hunt: Detect External Attacks

End-User Response Times: Server Delay

End-User Response Times: Network Delays

Analytics for Networked Applications
Automatic root-cause analysis
Visualize application behavior across the network
Diagnose root causes of response-time delay
Validate proposed solutions
Certify new applications prior to rollout

Restores network-tier visibility in WAN-
optimized environments
Support for leading vendors (e.g. Riverbed, Cisco,
Juniper)

Response time prediction using a behavioral
application model
New application deployment
Data center migrations
Server consolidation and virtualization
WAN optimization deployment
Application deployment to new locations

Over 700 protocol and application decodes
Citrix, Oracle, SQL Server, Web Services, others

Predict response times
Summarize components of response-time delay
ACE Analyst for Deep Dive Forensics
Visually see the connections
Gantt chart of each conversation
Drill into packet decodes
Shorten time/skillset needed to analyze packet captures
Application Characterization for
simulation in OPNET Modeler
Real traffic patterns add accuracy to simulated models
Simulate DoS attacks etc.
Application Monitoring: Summary
Quality monitoring tools will help you:
Weed out rogue applications
Detect and study security threats
Only pay for bandwidth you need
Avoid congestion caused by inefficient architecture
Understand import of issues on end-user experience
TRIAGE problems and allow deeper dive into FORENSICS tools

Keys to deploying application monitoring solutions:
Diverse user community with different access levels, cross-disciplinary communication
User training
Hook into existing tools wherever possible, look for integrated tool suites rather than
point solutions

Network Configuration Monitoring
Case Study: Impact of misconfigurations
on WAN infrastructure

Global ISP
Core routers have HUGE routing tables
Peering points to customer networks use route filters to avoid bombarding CE
routers with Internet routing tables
Operator fat fingers route filter name
Cisco IOS responds by sharing no routes

Months pass

IOS upgrade occurs
IOS throws out the command altogether
ALL routes sent to CE router
Outage in middle of business day
Case Study: Default Passwords
Large insurance company with stringent regulatory requirements
(SOX, HIPAA)
Some routers and switches in production network still have staging
configurations
Default username/pw combinations (cisco/test etc) found on Internet
facing devices
Production community strings found on devices

Major changes required to entire network in case the devices had
been compromised
Could have been worse!
Network Audit, Security, and Policy-Compliance
Reduce network outages
Detect configuration problems before they
disrupt network operations
Automatically audit production network
configuration with ~750 rules

Ensure network security
200+ security rules

Demonstrate regulatory compliance
Generate self-documenting, customizable
reports
Leverage rule templates for rapid
customization

Sentinel Architecture
Near Real-Time
Comprehensive
Network Model
Scheduled
Audit Engine

Production Network
Configuration
& Topology
Third Party Data Sources
Security Standards and Guidelines
Standard/Guide Description Applicable Organizations
PCI Data Security
Standard
Describes the Payment Card Industry (PCI) Data Security Standard (DSS) requirements.

PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or
transmitted.
* Banks
* Credit Card Merchants
NIST Special Publication
800-53
(also basis for FISMA
compliance)
Provides technical guidance to enhance the confidentiality, integrity, and availability of Federal
Information Systems.
This document is provided by NIST as part of its statutory responsibilities under the Federal Information
Security Management Act (FISMA) of 2002, P.L. 107-347.
* DoD
* Defense Contractors
* Federal Agencies
DISA Network
Infrastructure STIG
Provides security configuration guidance to enhance the confidentiality, integrity, and availability of
sensitive DoD Automated Information Systems (AISs).

This Security Technical Implementation Guide (STIG) is provided under the authority of DoD Directive
8500.1.
* DoD
* Federal Agencies
* Defense Contractors
NSA Router Security
Configuration Guide
Provides technical recommendations intended to help network administrators improve the security of
their routed networks.

The initial goal for this guide is to improve the security of the routers used on US Government
operational networks.
* Federal Agencies
* DoD
* Enterprises
* Service Providers
NSA Cisco IOS Switch
Security Configuration
Guide
Provides technical recommendations intended to help network administrators improve the security of
their switched networks.

The initial goal for this guide is to improve the security of the switches used on DoD operational
networks.
* DoD
* Enterprises
* Service Providers
Cisco SAFE Blueprint for
Enterprise Networks
Provides Ciscos best practices to network administrators on designing and implementing secure
networks.
* Enterprises
ISO-17799 Provides guidelines and general principles for initiating, implementing, maintaining, and improving
information security in an organization.

This is an International Standard developed by the International Organization for Standardization (ISO)
and the International Electro technical Commission (IEC).
* Enterprises

Example Sentinel Reports

Example Sentinel Reports

Automated Network Diagramming
Automatically generate up-to-date
network diagrams
Published in Microsoft Visio format
Comprehensive and detailed unified
network views
Physical layouts
Detailed configuration information
Logical views including Layer 2/3,
VPN, OSPF, BGP, and VLANs
Custom annotations
Benefits
Meet regulatory compliance
requirements: PCI, SOX, etc.
Accelerate network troubleshooting
Perform effective asset & change
management

Questions?

Application and Network Monitoring: Lorna Robertshaw, Director of Applications Engineering OPNET Technologies

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Application and Network Monitoring: Lorna Robertshaw, Director of Applications Engineering OPNET Technologies

Uploaded by

Copyright:

Available Formats

OPNET Confidential Not for release to third parties. 2009 OPNET Technologies, Inc. All rights reserved.

You might also like