NetScout® Online Help for nGeniusONE v5.4.1 733-0744 Rev. A August 2015
NetScout® Systems, Inc. Westford, MA 01886 Telephone: 978.614.4000 Fax: 978.614.4004 Web: http://www.netscout.com
1
nGeniusONE 5.4.1 Online Help Topics
Use of this product is subject to the NetScout Systems, Inc. (“NetScout”) End User License Agreement that accompanies the product at the time of shipment or, if applicable, the legal agreement executed by and between NetScout and the authorized end user of this product ("Agreement") Government Use and Notice of Restricted Rights: In U.S. government ("Government") contracts or subcontracts, Customer will provide that the Products and Documentation, including any technical data (collectively "Materials"), sold or delivered pursuant to this Agreement for Government use are commercial as defined in Federal Acquisition Regulation ("FAR") 2.101 and any supplement and further is provided with RESTRICTED RIGHTS. All Materials were fully developed at private expense. Use, duplication, release, modification, transfer, or disclosure ("Use") of the Materials is restricted by the terms of this Agreement and further restricted in accordance with FAR 52.227-14 for civilian Government agency purposes and 252.227-7015 of the Defense Federal Acquisition Regulations Supplement ("DFARS") for military Government agency purposes, or the similar acquisition regulations of other applicable Government organizations, as applicable and amended. The Use of Materials is restricted by the terms of this Agreement, and, in accordance with DFARS Section 227.7202 and FAR Section 12.212, is further restricted in accordance with the terms of NetScout's commercial End User License Agreement. All other Use is prohibited, except as described herein. This Product may contain third-party technology. NetScout may license such third-party technology and documentation ("Third-Party Materials") for use with the Product only. In the event the Product contains Third-Party Materials, or in the event you have the option to use the Product in conjunction with Third-Party Materials (as identified by NetScout in the applicable Documentation), then such third-party materials are provided or accessible subject to the applicable third-party terms and conditions contained in the “Read Me” or “About” file located on the Application CD for this Product. To the extent the Product includes Third-Party Materials licensed to NetScout by third parties, those third parties are third-party beneficiaries of, and may enforce, the applicable provisions of such third-party terms and conditions. Open-Source Software Acknowledgement: This product may incorporate open-source components that are governed by the GNU General Public License ("GPL"). In accordance with the terms of the GNU GPL, NetScout will make available a complete, machine-readable copy of the source code components of this product covered by the GNU GPL, if any, upon receipt of a written request. Please identify the product and send a request to: NetScout Systems, Inc. GNU GPL Source Code Request 310 Littleton Road Westford, MA 01886 Attn: Legal Department Trademark and copyright notices: © 2015 NetScout Systems, Inc. All rights reserved. NetScout, nGenius, nGeniusONE, InfiniStream, Psytechnics, Simena, and Sniffer are registered trademarks; and ASI, Fox Replay, Guardians of the Connected World, Hyperlock, the NetScout logo, the Psytechnics logo, and Teststream are trademarks; and MasterCare and ServiceONE are a service mark
2
nGenius Online Help of NetScout Systems, Inc. and/or its affiliates in the United States and/or other countries (“NetScout”). All other brands and product names and registered and unregistered trademarks are the sole property of their respective owners. Dell, the DELL logo, and PowerEdge are trademarks of Dell Inc. Microsoft, Windows, Windows Server, and MS-DOS are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. Red Hat and Enterprise Linux are registered trademarks of Red Hat, Inc. in the United States and other countries. VMware and vSphere are registered trademarks or trademarks (the “Marks”) of VMware, Inc. in the United States and/or other jurisdictions. Citrix and XenServer are trademarks of Citrix Systems, Inc. and/or more of its subsidiaries, and may be registered in the United States Patent and Trademark Office and in other countries. Sun and Solaris are trademarks of Sun Microsystems, Inc. or its subsidiaries in the United States and other countries. NetScout Systems, Inc. disclaims any proprietary interest in trademarks and trade names other than its own. NetScout reserves the right, at its sole discretion, to make changes at any time in its technical information, specifications, service, and support programs.
NetScout Systems Online Help for nGeniusONE 5.4.1 733-0744 Rev. A Copyright 2015 NetScout Systems, Inc. All rights reserved.
3
nGeniusONE 5.4.1 Online Help Topics
About This Guide NetScout software includes a comprehensive collection of online help topics, which you can launch from within the applications. This guide combines the help topics into a single PDF document that can be searched and printed easily. The content includes topics for nGeniusONE applications, instrumentation, and commandline utilities. Information for the following is included: •
Monitoring Performance and Health
•
Troubleshooting
•
Configuring and Managing
•
Using Command Line Utilities
•
Configuring Instrumentation
•
Accessing Information Resources
Note: Internal cross-references between topics within each of the above modules are configured as hyperlinks. In some cases, the hyperlinks in this print version of the help may not function. If needed, enter keywords in the PDF Find box to search the entire document for the required text.
4
GETTING STARTED Using the nGeniusONE Console Overview of the nGeniusONE Console The nGeniusONE Console provides a centralized launch point for NetScout Systems software modules. Numerous navigation features and resources, described below, are available to help you access the software.
Main Window The main window of the nGeniusONE Console is displayed when you click the Console icon . The window is divided into two panels. When first logging in, the initial view displays the customizable upper panel where you can pin icons for frequently used nGeniusONE modules. The lower panel, which you can open and close, contains icons and launch points for all licensed nGeniusONE modules accessible to you based on your user role privileges.
Launch Panels You can launch modules from both the upper and lower panels of the Console. When a module is running inside the main browser window, its icon is displayed and the module can be closed in the upper panel. Additionally, the module with current focus is highlighted. In the example below, the Alert Browser and Service Dashboard are running and the Service
5
nGeniusONE 5.4.1 Online Help Topics Dashboard has focus. If you launch modules outside of the nGeniusONE window, their icons will not be displayed or highlighted in the pane (see below for additional information about external launch).
Modules in the upper panel are "pinned," either by default or by your action in the lower panel. Clicking the pin next to these modules removes them from the upper panel. If the number of module icons exceeds the available space, they are displayed on another page. You can click the paging controls to navigate between multiple pages. Each module is launched in a separate tab in the main window. If the number of module tabs exceeds the space available in the window, a container icon is displayed in the tab bar. Clicking this icon opens a separate pane where you can view icons for all running modules.
The lower panel contains the complete collection of licensed nGeniusONE modules that are available to you based on your user privileges. Modules are grouped into categories for Monitor, Troubleshoot, Configure, and View. Some features are further grouped into components, such as Service Monitors and Health. Expand these components to access their individual entries. You can launch modules directly from the lower panel, and also pin or unpin the modules you want added or removed in the upper panel.
6
GETTING STARTED
Header Controls
The top of the nGeniusONE Console provides controls for global functions. Moving from left to right, the following controls are available: The launch button next to the nGeniusONE logo acts as a toggle between the Console launch panels and other open module windows. Module tabs
Search & Discover
If modules have been opened, their tabs are displayed and you can select or close them. This icon opens a text box where you can search for a server IP address, retrieve interfaces and applications associated with the server, and launch Service Monitors with the corresponding context. Refer to Search & Discover Tool in nGeniusONE for additional details.
7
nGeniusONE 5.4.1 Online Help Topics
Settings menu
This icon opens a dialog box where you can access the following tasks and features: •
External launch — By default nGeniusONE modules open as separate tabs in the main browser window. When the External launch option is selected, modules open in separate browser windows. After enabling external launch, when you select a task, the module opens as a child window with browser controls removed.
•
Note: External launch is not supported with IE9. When you log out from nGeniusONE, all externally launched modules are simultaneously closed.
•
Search modules
•
Preferences — Provides options for setting display preferences, such as time zones and naming conventions.
•
Launch UMC — Opens the nGenius Unified Management Console for access to legacy applications and components.
•
Help — Opens the online help for all nGeniusONE applications and components.
•
About — Displays the version and build number for the connected nGeniusONE Server.
•
Logout — Enables you to exit or log in as an alternate user. Logging out of the nGeniusONE Console closes all module windows that have been opened separately.
Enter text to display all modules with names that match the search text. Close all modules that have been opened.
Close running modules
nGeniusONE Preference Settings Preference settings are available from the Settings menu in the nGeniusONE Console.
12
GETTING STARTED
These settings enable each individual user to specify certain preferences to apply during their use of supported application modules. For example, a user can set a time zone preference and see that time zone in generated reports. Note: The nGeniusONE preferences are not applied to scheduled reports sent as PDF/RTF/CSV email attachments. This type of report uses default system preferences. Individuals must have the Preferences Configuration user privilege to modify these preferences. By default, this privilege is assigned to all predefined user roles. After making a preference change, you might need to wait up to 1 minute, then refresh or relaunch a module to see the updated setting. If you want to reset modified values to factory settings, click the Restore Defaults button. This action resets all values except for the time zone. To undo a time zone selection, select a different time zone. In a distributed environment, specify preferences on the Global Manager server. Your selections are automatically applied to all Local Servers in the cluster. Updating the Global Manager and Local Servers can take up to one minute. The Preferences dialog box enables settings for two parameters: View Settings and Time Zones •
View settings — Each user can set global preferences to be used as defaults for various view options. Select preference options and click OK. Setting Interface/Device Description
Option Description • • •
Name (default if a hostname is available) (IP) Address (default if no hostname is available) Alias (a configured alternate name)
13
nGeniusONE 5.4.1 Online Help Topics
Host Description
• • •
•
Name with domain (default if a hostname is available) (IP) Address (default if no hostname is available) Name (hostname) only
Application Description
• • •
Short name (default) Long name Port (to display the application short name plus the port used)
Cell Site Description (for Service Provider business type)
• •
Name (default) ID
Time zones — Each user can set a preferred time zone to be displayed in all nGeniusONE views. Select one time zone and click OK. When selecting a time zone for a client system, it is generally recommended that you select a specific time zone instead of the "Client Timezone" setting.
Overviews of nGeniusONE Modules Monitoring Modules The modules listed below are available in the MONITOR group in the lower panel of the nGeniusONE Console. Follow the links to access additional information for each module. •
Service Dashboard: Use the nGeniusONE Service Dashboards to monitor current health and conditions of services, service domains, and network domains, and optionally drill into Troubleshooting tools.
•
Alert Browser: View service or device alerts to identify the alert source, originating server, time/date, and other details needed to triage performance anomalies.
•
Health: Use these tools to obtain an at-a-glance view of health within the last 24 hour period for data sources and servers associated with this nGeniusONE server, including status and assorted details.
Related Topics The following topics may also be useful with monitoring efforts:
14
•
Using Search & Discover
•
Monitoring with Dashboard Spaces
•
Overview of Service and Traffic Monitors
GETTING STARTED •
Using the nGenius Unified Communications Server Features
Troubleshooting Modules The modules listed below are available in the TROUBLESHOOT group in the lower panel of the nGeniusONE Console. Follow the links to access additional information for each module. •
Discover My Network: Access an overall view of activity on the network, useful for monitoring load and failures using metrics and charts illustrating for transactions, throughput, TCP windows, and volume/packet counts.
•
Service Enablers / Service Monitors / Network Management Monitors: Use a specific monitor with pre-defined collections of protocols and specialized metrics suited to analyzing the relevant function. Use tools within the monitors to perform further triage, when applicable, including analysis of TCP layer details or drill down to Session Analysis for evaluating correlated session activity. If needed, you can further dive into packets for granular analysis.
•
Traffic Monitors: Use these monitors to view link health, based on specific indicators and identify anomalous conditions affecting network performance such unexpected/unidentified application traffic, behavior of specific applications / application groups, or application behavior in certain network locations. Further analyze conversation activity between source and destination pairs.
•
Packet Analysis: Use these tools (Data Mining and Trace Archive) to perform deepdive, protocol-level analysis and forensic evidence collection using real-time data captures and historical data mining, or by saving trace files for future decode analysis.
•
UC Server (Call Search/Media Monitor): For environments with Unified Communication (UC) tools deployed, use the features of the UC Server solution to troubleshoot issues with audio and video streams and associated signaling for Voice or Video traffic over IP.
Related Topics The following topics may also be useful with troubleshooting efforts: •
Using Search & Discover
Configuration Modules The modules listed below are available in the CONFIGURE group in the lower panel of the nGeniusONE Console. Follow the links to access additional information for each module. •
Devices: Add or modify InfiniStream appliances and other data sources or instrumentation, and manage monitored element groups.
•
Services: Manage definitions for application or network-based services for use in Service Monitors, Reporting, and the Service Dashboard.
•
Global Settings: Configure and view monitoring settings for your deployment including defining communities, configuring applications and messages, and assorted thresholds.
15
nGeniusONE 5.4.1 Online Help Topics •
Reports: Create and manage reports for troubleshooting and sharing information with others on a regular basis.
•
Servers: Perform essential server maintenance and configuration, including adding servers managed by this server and managing users.
Related Topics The following topics may also be useful with configuration efforts: •
User Management
•
Dashboard Spaces Configuration
•
Monitor Requirements
View Modules The module listed below is available in the VIEW group in the lower panel of the nGeniusONE Console. Follow the link to access additional information. •
My Reports
Related Topics Additional details about nGeniusONE reporting features are available in: •
Using the Report Configuration Tool
•
Overview of nGeniusONE Reports
Search & Discover Module Search & Discover is a tool available in the header of all nGeniusONE modules that supports global queries to discover all possible associations for searched context. Follow the links to access additional information about this tool. •
Search & Discover Tool in nGeniusONE - Overview
•
Using Search & Discover
Related Topics The following topics may also be useful when using Search & Discover:
16
•
Overview of Monitors
•
Host Analysis Monitor
GETTING STARTED
Accessing Features and Tools Browsing to an nGenius Server The easiest way to access nGenius features and tools from client machines is by using a web browser to navigate to the server on which the nGenius software is installed. Browsing to Multiple nGenius Servers You can browse to more than one nGenius Server with supported web browser and operating system combinations unless you are using Firefox as your web browser. Browsing to more than one nGenius Server is not supported using Firefox regardless of the operating system you are using. Also, browsing to more than one nGenius Server is only supported when you launch a separate browser instance, and therefore have a separate browser process running for each nGenius Server to which you are browsing. For example, using Internet Explorer on a Windows system, when logged in to an nGenius Console, you can browse to another nGenius Server if you begin by launching a second Internet Explorer instance, either from the Start menu or by clicking the Internet Explorer icon. When you are logged in to an nGenius Server, there is no support for browsing to another nGenius Server by selecting File > New Window from the browser menu, and entering the URL of another nGenius Server. With this method you are browsing to another location with only one browser process running, which is not supported. In Windows, you can determine how many browser processes are running by opening the Task Manager and selecting the Processes tab. The browser process, for example ieexplore.exe, is listed for each browser instance you are running. For nGenius features to function properly, if you are browsing to two nGenius Servers, you must have two browser processes running. Additional information for nGeniusONE users is available in the topic on Browser Considerations. To access an nGenius Server using the nGenius Performance Manager Client, refer to Launching the nGenius Performance Manager Client Application.
Browser Considerations Certain nGenius modules are HTML-driven. To ensure optimal results, keep in mind the following considerations: Clearing the cache Clear your browser cache: •
After the nGenius Server has been upgraded
•
After changing configurations such as user roles/privileges, or business types
Note: In some cases after clearing the cache, icons are not fully displayed in the nGeniusONE Console. To correct this problem, resize the window or log out and log in. Zooming in or out When using a browser's zooming function (Ctrl + or Ctrl -) to enlarge or minimize screens, zooming excessively from the default size can impair the screen layout. For example, table
17
nGeniusONE 5.4.1 Online Help Topics columns, rows, or scroll bars can be cut off, and toolbar or other icons may not be visible. If these problems occur, reset the browser to default resolution. Viewing the online help Occasional problems might occur when using the Firefox or Internet Explorer (IE) browsers to view the nGeniusONE online help. Mozilla Firefox When viewing online help in older versions of Firefox, you may notice that the help pages do not finish loading and that the browser Back, Forward, and Stop buttons do not function correctly. To correct this problem, configure Firefox to open pages in a new window and, after opening the online help, press your keyboard's Esc button to stop the page loading process. For example, to view the online help from the Home page: 1. Click the Help link on the left side of the Home page. 2. Click the Contents link to open the help navigation panes. 3. Press the Esc button to stop page loading. After performing these steps, the navigation buttons function properly. If you continue to experience problems navigating in Firefox, you may use the Internet Explorer browser. Microsoft Internet Explorer When using Internet Explorer (IE), you may receive Javascript and active-content error messages when you attempt to launch the online help. To address these messages, you can do either of the following: •
Temporarily enable Javascript and active content by clicking the IE information bar each time you open the online help, or
•
Permanently set permissions and prevent future security warnings by using the following procedure: 1. In Internet Explorer, click Tools > Internet Options. 2. Click Advanced. 3. Under Security, select Allow active content to run in files on My Computer. 4. Under Browsing, select Disable Script Debugging (Internet Explorer) and Disable Script Debugging (Other). 5. Click OK.
18
GETTING STARTED
Administrator Quick Start Configuration Essentials Administrators can set up the nGeniusONE software by performing the following tasks: Note: This sequence assumes that you have already installed and configured supported data sources (nGenius InfiniStream appliances, nGenius Collectors, switches, routers, and MIB II devices). Refer to the device documentation for additional information. 1. Add and configure devices. 2. Specify addresses or address ranges for focused monitoring (My Network and Communities). 3. Manage users (Users, Roles, Groups and Authentication). 4. Enable applications for monitoring. 5. Create interface groups. 6. Create services for monitoring and reporting. 7. Configure data for specialized and customized monitors. 8. (Optional) Create reports for troubleshooting and sharing information with others on a regular basis. 9. Manage the nGenius Server environment.
Administering the nGeniusONE Server Configure and manage features of your nGeniusONE deployment using the following modules: •
Configure monitoring settings (Global Settings): Configure and view monitoring settings for your deployment including defining communities, configuring applications and messages, and assorted thresholds.
•
Add and manage servers (Server Management): Perform essential server maintenance and configuration, including adding servers (NewsStand, Standby, Associated, Local) managed by this server.
•
Add and manage users (Server Management): Add and modify users, user groups, and user roles and activity.
•
View and configure server settings (Server Management): Perform software updates, join the nGenius Deployment Database, add and modify authentication servers, add and modify exclusions.
•
View deployment details (Server Management): View session statistics, activity logs, and user deployment information.
•
Manage data sources (Device Management): Add or modify InfiniStream appliances and other data sources or instrumentation, and manage monitored element groups.
•
Configure or modify services (Service Configuration): Manage definitions for application or network-based services for use in Service Monitors, Reporting, and the Service Dashboard.
19
nGeniusONE 5.4.1 Online Help Topics •
Create, view, and manage Spaces (Spaces Configuration): Modify Dashboard Spaces to customize the data displayed in the views.
•
Verify requirements for Monitors (Service/Traffic Monitors): In addition to the above configuration of servers, applications, and devices on the nGeniusONE Server, ensure the monitoring data sources are configured appropriately for detecting the required traffic type.
•
Create and view reports (Report Configuration): Manage reports for troubleshooting and sharing information with others on a regular basis.
Enabling a Login Security Message This topic describes how to enable a dialog box to display when users first log in to nGeniusONE version 5.1.1 or later. After enabling this dialog box, users must agree to specified consent terms before they can access the nGeniusONE software. You can use the default dialog box message provided or enter your own text. The dialog content can also be localized. To enable or customize the consent dialog box, modify files as follows: 1. Open
/rtm/html/umcclient.properties with any text editor. If you plan to add translations for Japanese, Korean, and Chinese, the text editor must support both the double-byte characters of these languages and the UTF-8 encoding of the properties file itself. 2. The security message is off by default. Enable the consent dialog box by locating the showConfirm= key in umcclient.properties and specifying its value as true. When enabled, the dialog box with default text strings and graphic resembles the screen below. Users can move and resize the box in their browser windows.
3. Customize the title of the dialog box by entering your preferred text for the confirmTitle= key in umcclient.properties. To enable Japanese, Korean, or Chinese versions of the title, modify confirmTitle_ja_JP, confirmTitle_ko_KR, or confirmTitle_zh_CN. 4. Customize the dialog box message by entering your preferred text for the confirmMessage= key in umcclient.properties.
20
GETTING STARTED To enable Japanese, Korean, or Chinese versions of the message, modify confirmMessage_ja_JP, confirmMessage_ko_KR, or confirmMessage_zh_CN. 5. Customize the dialog box button by entering your preferred text for the confirmButton= key in umcclient.properties. To enable Japanese, Korean, or Chinese versions of the button text, modify confirmButton_ja_JP, confirmButton_ko_KR, or confirmButton_zh_CN. 6. Customize the dialog box width by adding the following key and your preferred width (in pixels) in umcclient.properties: confirmDefaultWidth= nnn (The default width is 350 pixels. Users with long security messages may use this key to modify the dialog box dimensions.) 7. Save and close umcclient.properties. 8. (Optional) Replace the background image for the dialog box title with your own graphic as follows: a. Format your graphic as a .PNG file and name it: CompanyLogo.png. b. Size the graphic to be 640x71 pixels for best results. If necessary, you can adjust the graphic size; for example, to accommodate a lengthy login statement. The graphic is anchored at the top left corner of the dialog box. c. Place the file in the following folder (overwriting the default version): /tomcat/content/webapps/common/assets d. Clear your browser cache and refresh the browser. After updates are complete, the nGeniusONE Server does not need to be restarted. However, a browser refresh may be necessary to see the consent dialog box with the specified strings. In a distributed server environment in which all users log in through the Global Manager server, only the Global Manager needs to have the customized umcclient.properties and CompanyLogo.png. If users log in through a local server, that server also needs the customized files.
21
nGeniusONE 5.4.1 Online Help Topics
End-User Quick Start Using nGeniusONE to Monitor Performance and Health Monitor performance and health using the following nGeniusONE modules and features: •
Monitoring Services and Network Domains (Dashboards): Monitor current health and conditions of services, service domains, and network domains, and optionally drill into Troubleshooting tools.
•
Working with Alerts: Use the Alert Browser to view service or device alerts, identify the alert source, and assess other details to triage performance anomalies. Use the Health modules to view server and device hardware alerts.
•
Monitoring Server and Device Health: Use these modules for at-a-glance views of server or data source health within the last 24 hour period.
Related Topics: The following topics may also be useful with monitoring efforts. •
Using Search & Discover
•
Monitoring with Dashboard Spaces
•
Troubleshooting with Monitors: Service, Network Management and Traffic
Using nGeniusONE to Troubleshoot Issues Isolate the root causes of problems and target solutions using the following nGeniusONE modules: •
Discover My Network: Access an overall view of activity on the network, useful for monitoring load and failures using metrics and charts illustrating for transactions, throughput, TCP windows, and volume/packet counts.
•
Isolating Details using Monitors: Use business-specific and protocol-specific monitors, including Traffic Monitors, specialized Service Monitors, Network Management Monitors, and Enablers, to analyze application, server, and network performance affecting the user experience.
•
Performing Forensics using Packet Analysis: Use these modules to perform deepdive, protocol-level analysis and forensic evidence collection using real-time data captures and historical data mining, or by saving trace files for future decode analysis.
•
Isolating Unified Communication Issues (Call Search/Media Monitor): For environments with Unified Communication tools deployed, use the features of the UC Server solution to troubleshoot issues with audio and video streams and associated signaling for Voice or Video traffic over IP.
Related Topics: The following topics may also be useful with troubleshooting efforts. •
22
Using Search & Discover
GETTING STARTED
23
MONITORING PERFORMANCE AND HEALTH Using nGeniusONE to Monitor Performance and Health Monitor performance and health using the following nGeniusONE modules and features: •
Monitoring Services and Network Domains (Dashboards): Monitor current health and conditions of services, service domains, and network domains, and optionally drill into Troubleshooting tools.
•
Working with Alerts: Use the Alert Browser to view service or device alerts, identify the alert source, and assess other details to triage performance anomalies. Use the Health modules to view server and device hardware alerts.
•
Monitoring Server and Device Health: Use these modules for at-a-glance views of server or data source health within the last 24 hour period.
Related Topics: The following topics may also be useful with monitoring efforts. •
Using Search & Discover
•
Monitoring with Dashboard Spaces
•
Troubleshooting with Monitors: Service, Network Management and Traffic
25
nGeniusONE 5.4.1 Online Help Topics
Using nGeniusONE to Monitor Performance and Health Monitor performance and health using the following nGeniusONE modules and features: •
Monitoring Services and Network Domains (Dashboards): Monitor current health and conditions of services, service domains, and network domains, and optionally drill into Troubleshooting tools.
•
Working with Alerts: Use the Alert Browser to view service or device alerts, identify the alert source, and assess other details to triage performance anomalies. Use the Health modules to view server and device hardware alerts.
•
Monitoring Server and Device Health: Use these modules for at-a-glance views of server or data source health within the last 24 hour period.
Related Topics: The following topics may also be useful with monitoring efforts.
26
•
Using Search & Discover
•
Monitoring with Dashboard Spaces
•
Troubleshooting with Monitors: Service, Network Management and Traffic
MONITORING PERFORMANCE AND HEALTH
USING SERVICE DASHBOARDS Overview of Service Dashboards The nGeniusONE Service Dashboards provide consolidated visual overviews of the health of services, service domains, and network domains in your network. The dashboard is divided into tabs for the different dashboard types available. Each dashboard's continuously updated views enable instant recognition of changes in service conditions. In an nGeniusONE deployment, a service consists of applications, application groups, or messages combined with InfiniStream Appliance interfaces that are monitoring the network segment where the specified traffic is present. A network domain service consists of ASI physical interfaces and location keys. A service domain is a grouping of services, network domains, and other service domains. Once defined, services and domains can be organized into one or more hierarchies. Before using dashboards, an Administrator must configure services, domains, and hierarchies in the Service Configuration Editor. After services are configured, each tabbed Service Dashboard displays service health based on specified metrics associated with any of the components of a service. Operators can quickly assess and triage problems with business services using the following key dashboard features: •
Service Hierarchy o Displays a hierarchical view of domains and services configured in your environment o
o
Indicates the number of critical alerts on the domains and services Provides a launch point for viewing service dashboards
o Enables navigation with context to other modules for additional details and views — Service Monitors — Service Dependency — Alert List •
Service Dashboards o Graphically depict the current state of application services in your network o Represent service health with a set of default or user-specified metrics, for example transactions and failure % o Enable drilldown to associated monitors and alert lists for additional troubleshooting
•
Network Domain Dashboard o Graphically depicts the current state of network domains based on specified throughput metrics in your network o Represents network health with a set of default or user-specified metrics, for example utilization o Enables drilldown to the Application (Traffic) Monitor for additional troubleshooting
27
nGeniusONE 5.4.1 Online Help Topics While viewing current service conditions in any of the dashboards, you can toggle to the Spaces mode
to see more granular, over-time data for the services in the dashboard.
To launch the Dashboard module, click the associated icon on the nGeniusONE Console . By default, the initial view is the Application Service/Enterprise domain dashboard displaying all services configured in your environment.
Verifying Dashboard and Service Dependency Prerequisites Before using the nGeniusONE dashboards and Service Dependency features, verify the following requirements are complete: 1. Ensure ASI data is enabled for all relevant interfaces. To do so, open the Remote Console in Device Management of Global Settings (by clicking the Remote Login button), enter command-line mode, and follow the instructions in Command-Line Object: asi_mode. 2. Ensure that set asi server_table is on (default setting). This setting enables server mapping in Service Dependency. 3. Use the Service Configuration Editor to configure services, domains, and hierarchies for display in the dashboards. 4. Set up the Enterprise tab in Global Settings, including My Network, Server Communities, Client Communities, and VIP List. This is necessary to make the display in Service Dependency as meaningful as possible. For example, the client communities shown in Service Dependency are the ones configured in Global Settings. If they are not set up, Service Dependency will show all of the client nodes individually, with separate icons for each. 5. If Sites have been configured in Global Settings, they will be used to group servers in Service Dependency. For more information on site monitoring, refer to Site Monitoring Overview in nGeniusONE. 6. Ensure that Response Time is enabled for all services/applications you wish to analyze by checking the associated Response Time boxes in the Applications tab of Global Settings. This will provide for latency metrics in Service Dependency. 7. Configure KPI error codes for the desired applications, if they are not already set up. You can do this by right-clicking each application in the Applications tab of Global Settings, clicking KPI Alarms, going to the KPI Error Codes tab, and following the KPI Error Codes instructions. If you do not set the Critical error codes, the "Critical Errors" counts in Service Dependency will always be zero.
Understanding nGeniusONE Dashboards The nGeniusONE Dashboards provide visualization of service health using a collection of informational tiles on tabbed screens. The separate tabs reflect data content for the different dashboard types available. These dashboards give you early recognition of areas with reduced performance, providing clear data representation so you can begin the triage process.
28
MONITORING PERFORMANCE AND HEALTH The rest of this topic describes general features you'll see in all of the tabbed dashboards. For additional details about the separate dashboards, refer to the following topics: • Using the Application Service Dashboard •
Using the Network Domain Dashboard
•
Using the All-Services Dashboard
•
Using the Unified Communications Dashboard
Dashboards The dashboard is laid out as a grid of tiles containing primary and secondary metrics (default or user-specified) for each node. The tiles are a fixed size and if you resize your browser window or change screen resolution, the number of tiles visible at any one time will change accordingly. If necessary, you can scroll to see nodes that are out of view. Note: When viewing the dashboard on an iPad, zooming in and out occasionally logs you out.
Tiles are displayed only for the services that have data for the specified time period; data is available when the nGeniusONE Server completes its logging cycles. In most cases, this retrieval and presentation occurs every 5 minutes or less, providing almost real-time views of current conditions. However, if logging cycles are longer because of larger loads, the dashboard will be updated less frequently. Each tile contains the following information: Example: Service Tile
• •
•
Domain Tile
•
•
Name of Service or Domain Critical (red) and Warning (yellow) alert counts (if applicable) Primary metric and severity indicator — Depicts the health of the service based on a default or user-specified primary metric. This value is used to color the equivalent section of the severity indicator. Secondary metrics — Provide values for default or userspecified secondary metrics. Note: If preferred, you can
29
nGeniusONE 5.4.1 Online Help Topics
modify the metrics displayed in the dashboard. Additionally, clicking anywhere inside a service tile opens a menu with links to context-responsive service monitors and alert lists.
Clicking inside a domain tile opens a menu with links to domain expand and alert lists. You can perform actions on the dashboard using the following controls: Open the service hierarchy tree to select domains and services for display on the dashboard. Time setting
Change the time duration of the data displayed in the dashboard. • Last 5 Mins — Displays the most recent five-minute data sample • Last Hour (default) — Displays an aggregate of the last 12 five-minute samples • Last 6 Hours — Displays an aggregate of the last 6 one-hour rollups; updated on the hour (after rollup is available) • Last 12 Hours — Displays an aggregate of the last 12 one-hour rollups • Last 24 Hours — Displays an aggregate of the last 24 one-hour rollups • Last 7 Days — Displays an aggregate of the last 168 one-hour rollups • Last 31 Days — Displays an aggregate of the last 31 daily rollups * If you have a large number of services and the dashboard is not displaying data after auto-refresh, you can change the timing for data retrieval by setting a property to delay the refresh. Modify the following property in /rtm/html/client.properties: sdm.toolbar.refreshdelay=150000 The default setting of 150000 ms specifies an auto-refresh rate of 2.5 minutes after the clock-aligned 5-minute point. To increase the delay, specify a value up to 270,000 ms (4.5 minutes). Refer to Modifying the client.properties File for additional instructions.
30
MONITORING PERFORMANCE AND HEALTH
Order By
Metrics
Change the sorting preference for nodes in the dashboard (your selection is ordered from left to right and top to bottom). Modify the primary and secondary metrics displayed on the dashboard. Pause and resume the regular refresh of the dashboard. By default, data is refreshed every 5 minutes in the dashboard. Manually refresh the dashboard and service hierarchy tree to retrieve the latest data and service definitions. The refresh button forces an update of the dashboard, which might be necessary to reflect recent additions and modifications to configured services. These are not automatically retrieved, but you can manually refresh by selecting the button.
Filter
Service Domain
Tiles Spaces
Enter text to filter nodes displayed on the dashboard. Note: The filter is reset when you toggle between modes and when you switch to another dashboard. Switch between Service and Domain modes. • Domain Mode displays the immediate, first level of children for the selected parent domain • Service Mode displays all the services in the domain to the lowest level without showing subdomains Switch between Tiles and Spaces display. • Tiles displays the current dashboard as a grid providing metrics for the services and domains in a selected domain (default) • Spaces displays the dashboard as a workspace containing charts for a selected domain
Service Hierarchy The service hierarchy tree is a navigation tool in the nGeniusONE Dashboards. By default, the hierarchy tree is hidden and available on demand when you click the corresponding button at the top left of the dashboard. When opened, the tree shows the hierarchy of services and domains that have been configured and assigned to you for viewing. When open, the tree is the area of focus, the dashboard is in the background, and clicking anywhere outside the hierarchy dismisses the panel. Alternatively, you can pin the tree panel so that it remains open. Refer to Using the Service Hierarchy Tree for additional details.
31
nGeniusONE 5.4.1 Online Help Topics
Spaces When using any dashboard, you can view Spaces for selected domains. A Space is a collection of charts containing data for the service members of the domain, providing greater visibility into problematic conditions. You can modify and configure Spaces only in the All Services Dashboard. Refer to Using Dashboard Spaces for additional details.
Using the Application Service Dashboard The nGeniusONE Application Service Dashboard provides visualization on a single screen of the health of services and domains based on percentage of failures and other metrics. The default initial view is a dashboard for the Enterprise domain, which contains all application services and subdomains configured for your environment in Service Configuration. The following example shows an Enterprise dashboard in Service Mode, indicated by in the upper right. Details are provided below the graphic.
The number of services with data and the total number of services in the selected domain are shown at the top-left next to the domain name; for example, Enterprise 4/4. By default, nodes are sorted in the grid by severity of the specified primary metric (by default, % Failures). The grid can also be sorted by other metrics, alert severities, or by service or domain name. Each tile contains the following information: •
Name of Service or Domain — Overly long names (not recommended) are shown with ellipses, if required.
•
Critical (red) and Warning (yellow) alert counts (if applicable).
•
Severity circle — Depicts the health of the service based on the primary metric (by default, percentage of failed transactions). In the example above, the values inside the circles represent failed transactions as a percentage of total transactions. These values are used to color the equivalent section of the circles to depict severity. The primary metric is also displayed in the legend above the tiles.
•
Secondary metrics — Displays additional metrics, default or user-specified. In the above example, Transactions and New Sessions identify the values of each metric during the selected time period.
Note: If preferred, you can modify the metrics displayed in the dashboard. When a service in the dashboard needs further troubleshooting, you can click the service tile to drill down to the specialized monitor associated with the service (as specified in Service
32
MONITORING PERFORMANCE AND HEALTH Configuration). If no monitor is associated with it, the drilldown will go to the generalpurpose Universal Monitor. Domains do not support direct drilldown to service monitors. However, by clicking a domain tile and selecting Expand, you can follow the service degradations down to a level where you can open the correct service monitor. You can also investigate alerts by drilling down from a service or domain tile to an alert list.
Using the Unified Communications Dashboard The nGeniusONE Unified Communications (UC) Dashboard provides visualization of the health of UC services and domains that monitor media and signaling protocols, such as RTP and SIP. This dashboard is available only on servers that have the UC Server license installed. The default initial view is a dashboard for the Enterprise domain, which contains all UC subdomains and services configured for your environment in Service Configuration. The dashboard displays supported UC metrics and alerts for services containing supported media and signaling applications. In cases where a UC-based service is configured to include other non-UC applications, the same service will also be displayed on the Application Service Dashboard, along with different metrics and alerts associated with those other applications. Another consideration for this type of mixed service is that when the service is displayed on the All Services Dashboard, the UC and non-UC service members are separated into two tiles: one with UC data and one with other application data. In the All Services Dashboard, these tiles are always counted as two in the service totals and are displayed when they contain data (as is the case for all dashboards). A representative UC dashboard in Service Mode, indicated by in the upper right, is shown in the following example. Details are provided below the graphic.
The number of services with data and the total number of services in the domain are shown at the top-left next to the domain name; for example Enterprise (4/13). By default, nodes are sorted in the grid by severity of the specified primary metric (by default, % Degraded MOS In). The grid can also be sorted by other metrics, alert severities, or by service or domain name. Each tile contains the following information: •
Name of Service or Domain — Overly long names (not recommended) are shown with ellipses, if required.
•
Critical (red) and Warning (yellow) alert counts (if applicable).
33
nGeniusONE 5.4.1 Online Help Topics •
Severity circle — Depicts the health of the service based on the primary metric (by default, % Degraded MOS In). In the example above, the values inside the circles represent the default metric. These values are used to color the equivalent section of the circles to depict severity. Values below 1% are shown as <1%. The primary metric is also displayed in the legend above the tiles.
•
Secondary metrics — Displays additional metrics, default or user-specified.
Note: If preferred, you can modify the metrics displayed in the dashboard. When a service in the UC dashboard needs further troubleshooting, you can click the service tile to drill down to either the Call Server Monitor or the Media Monitor. Domains do not support direct drilldown to service monitors. However, by clicking a domain tile and selecting Expand, you can follow the service degradations down to a level where you can open the correct service monitor. You can also investigate alerts by drilling down from a service or domain tile to an alert list.
Using the Network Domain Dashboard The nGeniusONE Network Domain Dashboard depicts network domain health based on total utilization and other metrics. This dashboard is especially useful to network managers, operators, and others in network performance management. The default initial view is a dashboard for the Enterprise domain, which contains all network domains configured for your environment in Service Configuration. The following example shows an Enterprise Network Domain dashboard in Service Mode, indicated by in the upper right. Details are provided below the graphic.
The number of network domains with data and the total number of network domains in the selected service domain are shown at the top-left next to the service domain name (for example, Enterprise). By default, nodes are sorted in the grid by severity of the specified primary metric (by default, % Utilization). The grid can also be sorted by other metrics, alert severities, or by service or domain name. Each tile contains the following information:
34
•
Name of Network Domain or Domain — Overly long names (not recommended) are shown with ellipses, if required.
•
Critical (red) and Warning (yellow) alert counts (if applicable).
•
Severity bar — Depicts the health of the network domain based on the primary metric (by default, utilization). In the example above, the values represent In (blue), Out (yellow), or Total (yellow) utilization during the selected time period. This value
MONITORING PERFORMANCE AND HEALTH is used to color the equivalent section of the bar to depict severity. Any utilization value below 1% is shown as <1%. The primary metric is also displayed in the legend above the tiles. •
Secondary metrics — Displays the default or user-specified additional metrics. These can be any one of the following sets: o
In Utilization, Out Utilization and Total Utilization
o
In Packets, Out Packets and Total Packets
o
Packet Rate
o
Highest Utilization
o
In Volume, Out Volume and Total Volume
o
In Bit Rate, Out Bit Rate and Total Bit Rate
o
Utilization
Depending on the type of interfaces included in the network domain, data is displayed as follows: o Network domains with full-duplex interfaces only: Both In (blue arrow) and Out (yellow arrow) are displayed o Network domains with half-duplex interfaces only: Only Out (yellow arrow) is displayed o Network domains with a mix of full and half-duplex interfaces: Both In and Out are displayed. (The Total also accounts for all data from the halfduplex interfaces.) Note: If preferred, you can modify the metrics displayed in the dashboard. •
Physical interface/Location key count — In the example above, the Westford network domain has 14 physical interfaces and 2 location keys. If a network domain includes a location key with client or server orientation, such as SITE and QoS, it is counted as two interfaces (for both directions) in the dashboard. Keep in mind that this type of location key is considered a single interface in Service Configuration.
When a network domain needs further troubleshooting, you can click the tile to drill down to the Application (Traffic) Monitor. Service domains do not support direct drilldown to service monitors. However, by clicking a service domain tile and selecting Expand, you can follow the service degradations down to a level where you can open the Application (Traffic) Monitor. You can also investigate alerts by drilling down from a service or domain tile to an alert list.
Using the All Services Dashboard When using the specialized dashboards for Application Services, Network Domains, or Unified Communications services, you see only those domains and services that match the dashboard type. Tiles for the services or domains are ordered according to a selected metric, alert type, or name. In contrast, the All Services Dashboard portrays all of the domains and services in a selected container node, regardless of type. The Service Hierarchy tree reflects the order
35
nGeniusONE 5.4.1 Online Help Topics you've defined for all domains and services in Service Configuration, and the tiles are arranged on the dashboard according to their positions in the tree. For example, when you view the Enterprise node in the All Services dashboard, you see domains for all application services and network domains displayed together in their hierarchical order. You also have the option of displaying tiles alphabetically by name. The following example shows an All Services dashboard in Domain Mode , with domains for unified communications services, application services, and network domains. Details are provided below the graphic.
The number of domains with data and the total number of domains are shown at the topleft next to the parent domain name; for example Enterprise (4/14). By default, nodes are sorted in the grid according to their order in the hierarchy tree. The grid can also be sorted by service or domain name. The information displayed for the domains and services in the All Services Dashboard is the same as their respective specialized dashboards, including name, alert counts, metric values, and severity. You can modify the metrics displayed for each service type in the dashboard. In the All Services Dashboard: •
Services support drilldowns to a specialized or general-purpose monitor and to a list of alerts for the service.
•
Domains support both the Analysis feature, where you can see a breakdown of underlying domains and services, and also domain-specific alert lists.
Modifying Dashboard Metrics By default, each nGeniusONE Dashboard displays a predefined set of metrics. However, you can select different primary and secondary metrics for display in the dashboards, as described below. 1. Select Metrics
on the active dashboard.
2. Select primary and secondary metrics as applicable: Note: The Metrics menu in the All Services dashboard contains settings for all dashboard types.
36
MONITORING PERFORMANCE AND HEALTH
Primary metric
Select one metric to be used as the primary indicator of health for services on the selected dashboard. The values for this metric determine the severity displayed. Choose one of following metrics for application service dashboards: •
% Failures (default)
•
% Retransmissions
•
% Slow Response Time
•
% Timeouts
Choose one of following metrics for network domain dashboards: •
% Highest Utilization
•
% Utilization (average) & % Highest Utilization
•
% Utilization (default)
•
Volume (Octets)
Choose one of following metrics for UC dashboards: • % Failed Calls •
% Degraded MOS In (default) /Out
•
% Poor Absolute MOS In/Out
37
nGeniusONE 5.4.1 Online Help Topics
Secondary metrics
Select metrics to be used as secondary indicators of health for services on the selected dashboard. Application service dashboards — Choose two of following supplementary metrics: •
Average Response Time
•
Client Connect Time
•
New Sessions (default)
•
Peak Sessions
• •
Server Connect Time Total Transactions (default)
Network domain dashboards — Choose one of following supplementary metrics: •
Bit rate
•
Highest Utilization
•
Packet rate (default)
•
Packets
•
Utilization
•
Volume (Octets)
Note: With any secondary metric for a network domain, the dashboard displays both In (blue) and Out (yellow) when the network domain consists of full-duplex or mixed full- and half-duplex interfaces. The dashboard displays only Out (yellow) for a network domain consisting of all half-duplex interfaces. UC service dashboards — Select two of following metrics to be used as secondary indicators of UC health: • % Answer Seizure Ratio (ASR)
38
•
% CCR/SCR
•
% Failed Calls (default)
•
% SEER
•
Call Disconnect Delay
•
Dropped Calls
•
Post Dial Delay (PDD)
•
(Number of) Registrations
•
% DTMF Streams In/Out
•
% Degraded MOS In/Out
•
% Gap Streams In/Out
•
% Long Streams In/Out
•
% Out-of-sequence In/Out
•
% Poor Absolute MOS In/Out
•
% QoS Mismatch In/Out
•
% Short Streams In/Out
•
Single Direction Streams In/Out
•
Average Active Streams In/Out
MONITORING PERFORMANCE AND HEALTH
•
Completed Streams In (default) /Out
39
nGeniusONE 5.4.1 Online Help Topics
Using the Service Hierarchy Tree The service hierarchy tree provides access to nGeniusONE Dashboards and other tools as shown in the following example: The tree shows the hierarchy of domains services
and
that have been configured and assigned to you for viewing. You can expand each domain to see its service members.
If alerts have been generated for services in the tree, the number of alert occurrences (during the time period specified in the dashboard) is indicated by red (critical) and yellow (warning) icons next to the service. Alert counts are rolled up to the domain node. When you select a domain or subdomain, the Hierarchy tree closes and the dashboard is updated to display the members of the domain. Selecting a service does not update the dashboard. You can choose to "pin" the tree so that it stays open concurrent with the dashboard. Note: When viewing the dashboard on an iPad, select a domain to close the Hierarchy tree. The tree cannot be closed by selecting the open/close button or tapping outside the tree. The tree also enables navigation with context to other modules for additional details and views. Selecting (left-clicking) a service in the tree provides the following options from the context menu: •
Service Monitor — Provides an at-a-glance view of application-server performance metrics based on the service context.
•
Service Dependency — Shows how client communities interact with servers in a selected service and how these servers interact with other dependent servers.
•
Alert List — Shows the alerts triggered on the service, including details describing the nature and severity of the events. (Also available as a right-click drilldown from service domains.)
These tools are launched in separate tabs within the nGeniusONE Console. You can perform additional actions in the hierarchy using the following controls: Feature
Description
+ — Expand/Collapse
Expands or collapses a selected service domain.
40
MONITORING PERFORMANCE AND HEALTH
Filter
Opens a text box where you can enter search terms. The hierarchy displays all services and service domains matching your filter parameters.
Expand/Collapse all
Expands or collapses all service domain folders.
Pin
Docks (or undocks) the hierarchy panel so that it remains open concurrent with the dashboard. Tiles are rearranged on the dashboard to share space with the open hierarchy panel.
Expanding Domains in the Dashboard If a domain in the dashboard needs investigation, the Domain Expand feature gives you a breakdown of underlying domains and services, enabling you to track the service degradations to the source of the problem. This workflow improves your service triage by allowing you to locate a particular service that is experiencing an issue and quickly linking to service monitors for further troubleshooting. When the dashboard is in Expand mode, each successive domain is displayed as a sequence of bread crumbs. In the example below, the expansion starts with a domain that is exhibiting a high percentage of failures on the Application Service Dashboard.
When you click the tile and select Expand, the bread crumbs panel opens with the domain's immediate children displayed in the dashboard below. Expansion mode suspends updates to the dashboard so that no new data is entered while you are troubleshooting an issue in the current data set. The time field is labeled "Paused." As you continue selecting Expand in child domains, the nodes are added to the panel and the dashboard is updated, as shown below.
41
nGeniusONE 5.4.1 Online Help Topics
Once you have located the service trouble spot, you can then drill down to the associated monitor or to alert details. To put the dashboard into expansion mode: 1. Switch to domain mode by clicking
at the top-right of the dashboard.
2. Click a domain tile, indicated by , and select Expand. (Service tiles, indicated by , do not support the Expand feature.) The bread crumbs panel opens and the domain's immediate children are displayed below the panel. The dashboard data refresh is paused and the play/pause button is disabled. 3. Continue clicking Expand in child domain tiles and extending the bread crumbs panel, as appropriate. 4. Navigate through the bread crumb panel to display the immediate children of a selected node. If the panel exceeds the width of the browser window, click the arrow control to scroll right and left. When you click on a preceding domain in the bread crumb panel, that domain becomes the current bread crumb with immediate children displayed. This enables you to back up to any prior domain so that you can explore the service hierarchy along a different path. While viewing the bread crumb panel, you can change dashboard metrics to view different data in the bread crumbs and in displayed children. Other dashboard settings, such as duration and sort order, apply to displayed children but do not affect the bread crumbs. To stop expansion mode, you can do either of the following:
42
•
Click the End Expansion button at the far right of the bread crumb panel
•
Select a new domain in the Hierarchy tree.
.
MONITORING PERFORMANCE AND HEALTH
Using Dashboard Spaces When viewing any of the dashboards, you can toggle to "Spaces mode" to see over-time views of data for the services in the dashboard. This topic provides an overview of the features available when viewing Spaces in dashboards. (To configure and modify Spaces, refer to Configuring Dashboard Spaces.) Clicking the Spaces button mode.
puts the dashboard and service hierarchy tree into Spaces
Note: This toggle is disabled if Spaces data isn't available for the currently selected domain. Domains with Spaces data are marked with > in the Spaces Hierarchy tree. The views and data contained in a Space are defined by an Administrator or other authorized user. User access to the views in Spaces is limited to individuals who have access to the underlying services. The Spaces window provides several controls along the top, as shown in the following graphics:
A second set of controls provides the following capabilities for Spaces:
When using these controls: •
Filter for matches by chart title or view name in the current dashboard
•
The filter is reset when you toggle between modes and when you switch to another dashboard
•
The toggle for live and configuration modes is available only in the All-Services dashboard
43
nGeniusONE 5.4.1 Online Help Topics While in Spaces mode, you can use the Spaces Hierarchy tree to select and view Spaces for different service domains. When viewing Spaces, any user can modify settings using the following controls and menus: •
Duration — Specifies the period of time to be shown in all views in the displayed Space. Duration selections range from last hour (default) to last 31 days.
•
Resolution — Specifies the data polling interval. By default, all views are at a 5minute resolution. Alternatively, you can choose hourly resolution to display hourly roll-up data. The selection for Last 7 days shows data at 1 hour resolution only; Last 31 days shows data at daily resolution only. For Spaces with 5-minute resolution, each chart in the Space is updated every 5 minutes with the most recent data. For hourly resolution, each chart is updated every hour. When a chart is updated with the latest 5-minute or 1-hour polling value, the oldest sample value is removed, providing a sliding window of data points. If data isn't available for a polling cycle, the chart time is incremented to keep it updated and in sync with other charts in the Space, but the data point is blank for that cycle.
•
Export — Enables exporting the current Space as a PDF, RTF, or CSV file. Note: When using an iPad or other supported mobile device, consider the following: o
o
Be sure to disable popup blockers before exporting. RTF and CSV formats are not supported on mobile devices.
o Mobile devices do not have a default download location; therefore, the exported PDF file will be displayed in a separate browser tab.
•
Options — Enables hover-text, metric legends, chart types, and monitor drilldowns to be displayed or concealed in the charts. By default, when you want to remove one or more metrics from a chart, you click the metric names in the legend. You can change this default setting by selecting the option to "display data only for the selected metric." After doing so, when you click a metric name in the legend, all other metrics are removed. This setting is especially useful if you have many metrics in a chart and you want to focus on a single one.
•
Layout — Changes how views are displayed in the Space: o Columns: Arranged in the specified number of columns with scrollbars, if necessary o Fit to window: Arranged in the specified number of columns with no scrollbars
The next graphic shows an example of charts displayed in a Space:
44
MONITORING PERFORMANCE AND HEALTH
Charts in a Space support the following features: •
Change chart type — Click the button to change the chart display from the default stacked bar to another representation.
•
Drilldown — Click the button with the chart service.
to drill down with context to the monitor associated
Note: If the chart is based on a single service member from a network domain (physical interface or location key), drilldown is not supported. •
Details — Hover over a data point to see more details.
•
Zoom — Click and drag along the horizontal axis to zoom into a shorter time frame. Zooming can be helpful when viewing smaller data values.
•
Metric — Click the metric in the legend to hide or display it in the chart. If necessary, click the down and up arrows in the legend to see metric names that have wrapped to other lines.
•
Drag and drop — Click inside a chart, hold the mouse, and move the view to another location in the Space. The re-ordering is maintained after making other changes to the Space display.
Refer to these help topics for additional information: •
Overview of Dashboard Spaces
•
Configuring Dashboard Spaces
45
nGeniusONE 5.4.1 Online Help Topics
Overview of Dashboard Spaces While nGeniusONE Dashboards provide quick visualization of current service conditions, Dashboard Spaces help you troubleshoot problems by providing a more granular, over-time view of data in those services. A Dashboard Space is a grid of up-to-30 automatically updating charts, the context for which comes from services in a selected domain. The number, content, and layout of the views are determined by default settings or can be modified by an Administrator (or any user with the Spaces Configuration user privilege). You can access and view Dashboard Spaces from any dashboard by toggling to Spaces mode . This toggle is disabled if Spaces data isn't available for the current dashboard. Spaces configuration is available only from the All Services Dashboard. After selecting a domain, the initial Spaces view displays charts for the immediate child services in the selected domain. If the selected domain doesn't have child services, the Space contains no data. For troubleshooting purposes, it's best to start with a sub-domain in your service hierarchy so that you can see a focused set of data. If you were to select the top-level Enterprise domain, for example, you will see data only for the child services added directly to Enterprise, and not complete data for the sub-domains and their associated services below Enterprise. By default, each view in a Space displays data for a complete service and contains aggregated data for all members of the service. Authorized users can modify these and other settings in Spaces Configuration. For further troubleshooting, each chart supports drilldown with context to a Service Monitor that is associated with the underlying service. This monitor association is made when the service is configured.
Overview of Dashboard Space Configuration Dashboard Spaces provide over-time charts of data for services in the nGeniusONE Dashboards. Any domain selected for viewing in a dashboard has a default associated Space based on predefined settings, but users with Spaces Configuration privileges can modify these Dashboard Spaces to customize the data displayed in the views. For example, you can modify the views to change metrics or to show data for specified service members rather than the entire service. By default, the SYSADMIN and NTWKADMIN roles have the Spaces Configuration privilege. These users can modify and create Spaces based on any service, regardless of the user assignments for the service itself. However, access to Spaces is limited to users who have been assigned the underlying service domain. In addition, authorized users can configure default and private Spaces, defined as follows: •
46
Default Space — Each domain has one default Space, with preliminary views and metrics based on the domain's services. Any authorized user can modify a domain's default Space and all users who have access to the source service domain can view the default Space. Keep in mind that the single default Space may be modified by multiple authorized users, in which case the changes made by the last user take effect.
MONITORING PERFORMANCE AND HEALTH •
Private Space — Each domain can also have one or more private Spaces. These are separate domain-specific Spaces that may be configured by separate authorized users for their own viewing. It's possible, therefore, for a service domain to have one default Space available to all users and multiple private Spaces available to individual authorized users.
Important: In distributed environments, Dashboard Spaces are configured only on the Global Manager. The data for these Spaces comes from all of the Local Servers in the cluster. Local Servers have their own default and private Spaces, which can be viewed but not modified. After a default or private Space is modified and saved, the service-based views are fixed. The addition or deletion of services in the underlying domain are not reflected in the Space unless an authorized user makes corresponding changes in the Space configuration. Keep in mind that the service domains in the All Services Dashboard might contain a blend of various types of services that are normally displayed in different specialized dashboards. When viewing this type of blended service domain in the specialized dashboards, you see the domain displayed with only those services that correspond to the particular dashboard. Similarly, the Space you created in the All Services Dashboard will be reduced to those views that pertain to the particular services and dashboard. For example, if you create a Space for a Service Domain that contains application services and network domains, you'll see the Service Domain and its Space with only application service data in the Application Service Dashboard. In the Network Domain Dashboard, you'll see the Service Domain and the Space with only network domain data. When using the All Services Dashboard, all service types and Space views for the domain are available.
Configuring Dashboard Spaces Dashboard Spaces provide over-time charts of data for services in the nGeniusONE Dashboards. Any domain selected for viewing in a dashboard has a default associated Space based on predefined settings, but users with Spaces Configuration privileges can modify these Dashboard Spaces to customize the data displayed in the views. Configure a Space as follows: 1. Navigate to the All Services Dashboard. This is the only dashboard that supports Spaces Configuration.
2. Toggle the dashboard to Spaces mode
.
3. Select a domain in the Service Hierarchy tree, click the arrow to open the drilldown menu, then select Default or Private Space. Out-of-the-box, before configurations have been made, these two Space types are identical. When the Default or Private Space opens, it contains separate charts for all services in the selected domain. Each chart shows aggregated data for all of the given service's service members and for the same primary metric that is displayed in
47
nGeniusONE 5.4.1 Online Help Topics the service tile on the current dashboard. For example, if the primary metric for an application service is failures, the chart initially shows failures in the Spaces view. You can add and remove views, change the metrics and data sources, and modify other settings in Spaces.
4. Toggle to Configuration mode
.
While in Configuration mode, updates to views are paused so that you can modify settings. Any configurations you make and save will apply to the current selected Space. 5. Modify settings for the overall Space and for each view, as required. Your changes take effect when you click outside of the dialog boxes. If you want to create your own customized views, click Add Space view in the Space toolbar and select view settings as required. When complete, click Add to add the view and configure additional views, or click Add and Close to add the view and return to the Spaces dashboard. You can click Undo 6. Click Save
to reset to the previously saved settings.
to save the default or private Space with the updated views.
After modifying and saving a default Space, this now becomes the new default Space available to all users. After configuring a private Space, it is available only to you. Refer to these help topics for additional information: •
Overview of Dashboard Space Configuration
•
Overview of Dashboard Spaces
•
Using Dashboard Spaces
User Roles and Privileges in Spaces Configuration nGeniusONE provides one privilege associated with Spaces configuration. This privilege is assigned, by default, to certain user roles as described in the table below.
48
MONITORING PERFORMANCE AND HEALTH
Privilege name
User roles (assigned by default)
Spaces Network Configuration Administrator (NTWKADMIN); System Administrator (SYSADMIN)
Description
Provides the ability to configure default and private Spaces, including creation, deletion, and modification.
Users with this privilege create Spaces with views based on services defined in nGeniusONE Service Configuration. These users can create Spaces based on any service, even if the service is not explicitly assigned to them. However, end-users of the configured Spaces can access views only if the underlying service has been assigned to them.
Service Dependency Overview Service Dependency allows you to see the interdependencies between the servers that deliver a service and how those servers are performing. This is useful for understanding the service structure, usage and choke points. It also helps identify servers that are causing problems or that were not expected in the service delivery chain. Service Dependency provides a map of servers associated with a service, along with the client communities served by those servers and the dependent servers providing an enabling function to them (such as DNS or RADIUS). It includes traffic and performance metrics, allowing users to determine if client communities are being affected by a poorly performing server. For example, Service Dependency may help uncover that a problem with an email server is preventing a certain client community from using email. It can also be useful in determining if a server outside of the service definition is affecting performance. For example, a server within a defined LDAP service may appear to be slow, but Service Dependency may uncover that a DNS server it is querying is actually causing the bottleneck. Service Dependency can also identify unexpected members in the service delivery chain, so that deployment architectures can be updated for optimization purposes. In order to use Service Dependency, you must ensure that it has been properly set up and configured. For information on using Service Dependency, refer to Analyzing Servers and Server Dependencies Associated with Services.
Analyzing Servers and Dependencies Associated with Services Service Dependency allows you to see the interdependencies between the servers that deliver a service and how those servers are performing. This is useful for understanding the service structure, usage and choke points. It also helps identify servers that are causing problems or that were not expected in the service delivery chain. Service Dependency provides a map of servers associated with a service, along with the client communities served by those servers and the dependent servers providing an
49
nGeniusONE 5.4.1 Online Help Topics enabling function to them (such as DNS or RADIUS). It includes traffic and performance metrics, allowing users to determine if client communities are being affected by a poorly performing server. For example, Service Dependency may help uncover that a problem with an email server is preventing a certain client community from using email. It can also be useful in determining if a server outside of the service definition is affecting performance. For example, a server within a defined LDAP service may appear to be slow, but Service Dependency may uncover that a DNS server it is querying is actually causing the bottleneck. Service Dependency can also identify unexpected members in the service delivery chain, so that deployment architectures can be updated for optimization purposes. Note: Before you can use Service Dependency, you must ensure that it has been properly set up and configured.
Accessing Service Dependency Service Dependency is accessed from the service hierarchy tree in Service Dashboard. To launch Service Dependency, click on the desired service (the service for which you want to see associated servers) and choose Service Dependency. This will open a new tab in Service Dependency containing a hierarchical map of client communities (as configured in the Enterprise tab in Global Settings), configured and discovered servers associated with the selected service, and dependent servers. Client communities (denoted by monitor icons) appear in the top layer of the map. Configured and discovered servers specific to the service (denoted by blue server icons) appear in the middle layer, with associated interdependencies displayed. Dependent servers (denoted by green server icons) appear in the bottom layer. Virtual servers are indicated with a virtual server icon. The connections between nodes are represented by lines. The thickness of those lines indicate the relative transaction load on that link. A range of performance metrics is displayed for each node. You can choose to display metrics for errors, activity, or latency using the toolbar buttons. (Refer to "Changing the Metrics Displayed" below.) Also, a Service Dependency icon will appear on the nGeniusONE Console dock, so that you can easily return to Service Dependency from another screen.
Using Service Dependency Moving around the Screen and Altering the View The following are tips for moving around the screen in Service Dependency and altering the view: •
Moving/zooming: o
You can move the map by clicking anywhere in the map and dragging.
o You can zoom in and out using the magnifying lens buttons in the toolbar. o You can zoom in on the selected node using the Focus and Zoom button. o You can zoom to a desired area by holding the [Ctrl] key while using the left mouse button to drag a rectangle around the area you wish to enlarge.
50
MONITORING PERFORMANCE AND HEALTH o You can quickly zoom out and re-center the map using the Re-Center button. o You can home in on a particular area using the Toggle Overview button. (A representation of the map appears in a small box, and you can move and resize the blue rectangle to indicate which section of the map to display.) •
You can find nodes that match a specified criteria using the Find button. Matching nodes will be displayed with a red border. (Note that nodes in groups will be found if the group has been expanded.)
•
Showing/hiding nodes: o You can display or hide labels by toggling the Show/Hide Link Labels button. o You can hide an individual server by selecting the server then rightclicking on it and selecting Hide. You can unhide the server using the Show Client/Server button. o
You can hide multiple nodes using the Filter button.
o You can show or hide dependent servers using the Show/Hide Dependent Servers button. (Nodes with dependent servers are indicated by a "D" in a blue box.)
•
In cases in which multiple links connect nodes (for example, when one is connected to multiple interfaces on another), you can use the Aggregate/Unaggregate Links button to specify whether to display a link for each connection or aggregate them into a single link to minimize the lines shown on the map.
•
You can change the metrics displayed on the nodes. Refer to "Changing the Metrics Displayed" below.
Changing the Time Frame To change the time frame of the data associated with the nodes, use the drop-down menu at the top of the tab to select the duration and the arrows to the right of the menu to go forward or backward by that duration. For example, if you select Last Six Hours, Service Dependency will display data from the last six hours. If you then click the back arrow, it will display data for the previous six hours. Alternatively, you can specify a specific time period by choosing User Defined from the menu. (Note that this works differently than time range selection in Service Monitors.) Changing the Metrics Displayed Service Dependency provides three categories of metrics for servers: failures, server load, and latency. You can change the category being displayed using the buttons at the top of the window. Notes: •
If you select failures as the metric, Service Dependency will display critical errors, failed transactions, and retransmissions for each server. (This data is obtained from the KEI table.) Note that critical errors are defined in global settings. If you have not set critical errors for the application, Service Dependency will display 0s for critical errors.
•
If you select server load, Service Dependency will display total requests, transaction rate (transactions per second), and new sessions for each node. (This data is obtained from the KSI table.)
51
nGeniusONE 5.4.1 Online Help Topics •
If you select latency, Service Dependency will display average response time, slow responses, and timeouts. Note that response time must be enabled for the service for Service Dependency to display this data. (This data is obtained from the KSI, KPI, and KEI tables.)
•
You can view all metrics for a conversation by mousing over the associated line.
Working with Groups Service Dependency groups servers based on sites configured in Global Settings. (Refer to Configuring Service Dependency for more information.) A plus sign (+) on a node indicates a group node. To view the individual nodes within that group, click the plus sign. To collapse the group, use the minus sign (-). Note that metrics for a collapsed group reflect the aggregate data of the nodes within the group. Also note that you cannot drill down from a line attached to a group node, because the line does not represent a conversation between two elements. However, you can drill down from lines to individual nodes within a group, when the group is expanded. You can also create your own custom groups using the User Defined Group button. Note that servers that already belong to a group cannot be added to user-defined groups (and will therefore not appear in the list of servers that can be added to a user-defined group). NOTE: If a group contains a self-looped client-server pair, the group node will link back to itself. Drilling Down for More Information If you want more information on a particular conversation, you can drill down to the bestsuited service monitor by right-clicking the line between two conversing nodes and clicking Service Monitor. Note that, if only one service is associated with a conversation (LDAP, for example), and a service monitor exists and is enabled for that service (such as LDAP Monitor), that service monitor will be launched on drilldown; otherwise the Universal Service Monitor will be launched. The service monitor will display data related to the nodes and service for the time period specified in Service Dependency (or the last hour of the time period in the case of Universal Service Monitor, which only supports an hour of data). From there you can drill down even further to Session Analysis or Packet Analysis, if desired. Note: •
Another way to drill down is to select a link, click the Options button, and then click Service Monitor from the drop-down menu.
•
The following applications are not supported for drilldown: HTTP, HTTPS, ICMP, SNMP, NB_SSN_T.
Printing/Exporting the Map You can print the map using the Print icon. To export to PDF, choose Adobe PDF as the printer.
Sample Use Cases To provide an idea as to how one might use Service Dependency, here are some sample use cases: •
52
A user knows the application protocols and instrumentation interfaces that will see the traffic for a service. However, the specific servers that deliver the service and their interdependencies are not known. This may be because the service is multi-
MONITORING PERFORMANCE AND HEALTH tiered, and the interactions are complex; or, it may be because the servers are virtualized, and their exact location and addressing details are not known. Service Dependency will visualize the servers and their relationships to enable the service delivery architecture to be explored. •
A user may see high failures associated with a service in the Service Dashboard. To narrow down the problem to specific server elements, Service Dependency can be used to show the failed transactions and error counts broken down by server in the context of their relationships to each other. Drilldowns to the service monitors provide a tight context for further examination of failure details. As Service Dependency will also show any servers outside the service definitions that are enablers, errors further up the delivery chain that are causing issues with the application servers can also be identified.
•
The breakdown of client communities interacting with the servers in an application is unknown. Server Dependency shows client communities divided by their connection to the servers, with traffic load by link and server. If there are multiple servers in a particular application layer, the relative loading between them can be seen. Sites can be used to group client communities and servers to align with physical locations such as offices and data centres. Meaningful and actionable service loading information can be used to optimize end-user experience.
Additional Topics Service Hierarchy Tree When opened, the service hierarchy tree is available on the left-hand side of the dashboard. You can use the tree to select domains and services for display on the dashboard. If alerts have been generated for the services or domains in the tree, the critical and warning alert counts are indicated by red and yellow icons. The tree also enables navigation with context to other modules for additional details and views. Selecting a service in the tree provides the following options from the context menu: • Service Monitor •
Service Dependency (Note: In some cases, drilldown to Service Dependency is enabled but the application is not supported for mapping.)
•
Alert List (also available as a right-click drilldown from service domains)
These tools are launched in separate tabs within the nGeniusONE Console. Refer to the following topics for additional information: •
Using the Service Dashboard
•
Using the Service Hierarchy Tree
53
nGeniusONE 5.4.1 Online Help Topics
Spaces Configuration The upper-right of the Spaces Configuration screen provides controls for specifying and saving layout options that apply to the entire Space. Refer to the table below. While viewing Spaces, users can temporarily modify the layout, but cannot save it. Drag and Drop: In addition to the operations described in the table, you can also click inside a view, hold the mouse, and drag and drop the view to another location in the Space.
Space settings and controls Layout
Select a layout to specify how the Space is displayed: • Columns: # — Views in the Space are arranged in a specified number of columns in a single window with scrollbars, if necessary. • Fit to Window — Views in the Space are arranged in a specified number of columns in a single window with no scrollbars. Note: A maximum of 10 columns is permitted; however, depending on display size, a smaller number might produce better results. Open a dialog box where you can add one or more views to the current Space. Undo recent modifications to the Space. Save updates for the Space. Toggle between Tile and Space modes. Toggle between live and configuration modes for Spaces.
When adding or modifying views in the Configuration screen, use the following parameters: Space view settings Title
54
By default, the title for each view in a Space is based on the view's primary metric. To customize the title, select the checkbox, then modify the text.
MONITORING PERFORMANCE AND HEALTH
Primary Metric
Each Space view displays a single metric, the same as the primary metric from the service tile in the dashboard, by default. Change the metric for the view by selecting one metric from the dropdown menu; for example, Successful/Failed Transactions or Response Time Distribution. Note: • Space views offer the same metrics as dashboards but also provide additional selections for chart-compatible metrics, such as Error Code Distribution. • When viewing Response Time Distribution charts for services, the charts show response time data with labels such as Degraded and Slow. However, for individual service members the data is displayed with numerical response time values, such as <=1000 ms.
Expand view to its service members
Clone view
Click to see a list of service members. Use the text boxes to enter values for filtering the list. By default, a Space view contains aggregated data for all members of a service. You can create separate new views in the Space for each service member by selecting members and clicking Apply. Create a duplicate copy of the view in the current Space and modify contents as needed.
Remove the view from the current Space. Remove view
Service:
Select a different service from the selected domain as a data source for the view.
Service member:
Select a single service member from the service as data source for the view. Use the text boxes to enter values for filtering the list. Note: If you are configuring a view for a network domain containing multiple monitored elements (physical interfaces or location keys) and selecting a service member as a data source for the view: • Drilldown from the service member chart to its associated monitor is not supported. • Highest Utilization is not a supported metric for the service member.
55
nGeniusONE 5.4.1 Online Help Topics
WORKING WITH ALERTS Overview of Alerts in nGeniusONE Alerts are an important tool for monitoring performance and health using the nGeniusONE solution. This topic provides an overview of the alerts you can set in nGeniusONE to receive prompt notifications about changing or deteriorating conditions in: •
Application services and network domains
•
The health of devices, data sources, and servers in your nGeniusONE environment
Alerts for the above features are displayed in the nGeniusONE Alert Browser and the Server and Instrumentation Health modules. Further below, you'll find brief information about other alarms that can be configured for nGeniusONE devices, interfaces, and applications. These alarms are displayed in the Performance Manager Alarm Viewer or UMC-based Service Delivery Manager; not in the nGeniusONE Alert Browser.
Service Alerts When configuring nGeniusONE application services and network domains in the Service Configuration module, you can optionally enable alerts for the monitored elements and applications in those services. By default, alerts are not generated. When enabled, service alert counts are displayed in the Service Dashboard and the alerts are displayed in the Alert Browser, providing early awareness of possible problems with applications, links, servers, voice services, or the network. Service-based alerts are managed through the use of alert profiles, either the default alert profile associated with the service or a user-defined profile. An alert profile contains one or more triggers consisting of metrics and settings for generating alerts. Each metric has default settings, which can be modified. The default profile can also be modified, but not deleted. You configure alert profiles using tools in Service Configuration and apply them as needed to your services. An alert is generated when a trigger in the profile is exceeded on any member in the associated service or, alternatively, on aggregated service members. Refer to Enabling Alerts for Services for further details. Additionally, for network domains you can enable Real-Time alerts that provide immediate notification about anomalous conditions for specific supported metrics. Real-time alerts for message packet loss is also supported for application services. To enable these alerts, separate configuration steps are required as described in Configuring Real-Time Alerts for Services.
Instrumentation Health Alarms The Instrumentation Health module provides you with a way to view the status of all InfiniStream appliances and Flow Collectors in your network at a glance. You can view details about hardware, interface, and usage, as well as real-time status polled from the InfiniStream for any Warning or Critical alarm reported. Refer to Instrumentation Health for additional information.
56
MONITORING PERFORMANCE AND HEALTH
Server Health Alarms The Server Health dashboard provides an at-a-glance view of the current state of the nGeniusONE environment. You can survey the current status of all servers for system operations such as free disk space, allocated memory and usage, and processes based on the last 24 hours of operations. In addition to environmental information, health is depicted as OK or generating Warning or Critical Alerts when conditions have worsened. A drilldown to the nGeniusONE Alert Browser is provided for more specific information about all Warning and Critical alerts. Refer to Server Health for additional information.
57
nGeniusONE 5.4.1 Online Help Topics
Configuring Alerts for Services Enabling Alerts for Services When working with nGeniusONE application services and network domains, you can enable alerts for the monitored elements and applications in those services. Service alerts, which are displayed in the Service Dashboard and Alert Browser, are generated by the nGeniusONE Server and provide early awareness of possible problems with applications, links, servers, voice services, or the network. Additionally, for network domains you can enable Real-Time alerts that provide immediate notification about anomalous conditions for specific supported metrics. To enable these alerts, separate configuration steps are required as described in Configuring Real-Time Alerts for Services. To enable alerts for a service: 1. Create the service. 2. Select Alerts on the service settings panel.
3. Accept the default alert profile, select a previously defined alert profile, or create a new alert profile. When you enable alerts, a default alert profile is associated with the application service or network domain. The default profile for application services produces alerts when baselines are exceeded for average response time, failure rate, and transaction rate. The default profile for network domains produces alerts when baselines are exceeded for bit rate. Other metrics are available. You can view and modify the default and other profiles by selecting the profile and opening the settings panel. Refer to Configuring Alert Profiles for Services for additional information. 4. (Optional) Select Actions. This option allows you to specify actions to occur when an alert is triggered, such as executing a script, forwarding an SNMP trap, or sending an email. Refer to Configuring Actions for Service Alerts for additional information. 5. Click OK to apply the alert settings to the service. 6. Add the service or network domain to a service domain in the Service Hierarchy to enable display of alerts in the Alert Browser. If you want to prevent the generation of service alerts during specific periods of time, you can configure service alarm exclusions.
58
MONITORING PERFORMANCE AND HEALTH
Understanding Service Alert Profiles When configuring services, you can enable alerts for the monitored elements and applications in those services. Service alert counts, displayed in the Service Dashboard and Alert Lists, provide early awareness of possible problems with applications, servers, voice services, or the network. Service-based alerts are managed through the use of alert profiles, either the default alert profile associated with the service or a user-defined profile. An alert profile contains one or more triggers, consisting of metrics and settings, for generating alerts. Each metric has default settings, which can be modified. The default profile can also be modified, but not deleted. You configure alert profiles using tools in Service Configuration and apply them as needed to your services. You can create multiple alert profiles and associate different profiles with different services. Each service can be associated with only one alert profile at a time, but the profile can contain multiple triggers for the same or different metrics. For example, if you want to receive alerts when a metric is both increasing and decreasing, you can create two triggers in the same profile. An alert is generated when a trigger in the profile is exceeded on any member in the associated service or, alternatively, on aggregated service members. If you want to prevent generation of alerts during specific periods of time, you can configure service alarm exclusions in Server Management. The following types of alerts can be included, singly or in combination, in alert profiles: •
Baseline alerts o
Signal a metric exceeding statistically-derived baselines.
o Baselines are computed by analyzing each service member and continuously adjusting to current behavior. You can exclude specific periods of time from baseline calculations by configuring baseline exclusions. o Baselines can be based on cyclical data (for example, transaction rates) or noncyclical data (for example, server/client retransmissions). o Alerts are automatically generated when supported metrics rise above the baseline for the period. Refer to Alert Profile Settings for a list of supported metrics in the current release. •
Threshold-based alerts o Signal increasing or decreasing metrics by comparing minimum transaction counts to user-defined thresholds. o
Thresholds can be set for Warning and Critical.
o Alerts are automatically generated when supported metrics rise above or below the threshold for the period. Refer to Alert Profile Settings for a list of supported metrics in the current release. •
Availability alerts o
Signal the non-availability of a server.
o
Thresholds can be set for Warning and Critical.
o Alerts are triggered when a server in an application service member fails to respond to all SYN requests over a specified threshold during a 5minute period. You should configure availability alerts only for services in which the specified servers remain the same and are not changing or going offline on a regular basis.
59
nGeniusONE 5.4.1 Online Help Topics •
Real-Time alerts o Provide almost immediate notification when supported alert conditions are met.
The following considerations apply to service-based alerts: •
Alerts are not generated by default; you must enable them and select or define an alert profile when configuring a service.
•
In a Distributed Server environment, you define alert profiles and apply them to services on the Global Manager.
•
When network domains are analyzed for alerts, by default, they are expanded into separate physical interfaces and location keys (virtual interfaces). As needed, analysis is performed on the primary location key and the server/client orientation selection for the service is applied.
•
If you prefer, you have the option to receive alerts based on aggregated data from all members in a complete service.
•
With a new database, the statistical calculations require data for at least: o o
3 days of data for noncyclical baseline alerts 1 week of data for cyclical baseline alerts
Configuring Alert Profiles for Services and Network Domains When you enable alerts for an application or network domain service, the alerts are managed through the use of alert profiles, either the default profile associated with the service or a user-defined profile. An alert profile consists of one or more metrics with triggers for generating alerts. Using the default profile, an alert is generated when a trigger in the profile is exceeded on any member in the associated service. If preferred, you can configure an alert profile that generates alerts for aggregated service data. This option is described below. To view or modify the triggers in the default or any other profile, click the Modify button to open the settings dialog box. You can create your own profiles with customized triggers as follows: 1. After enabling alerts for a selected application service or network domain, click Create alert profile
(next to the Profile dropdown menu).
The Alert Profile panel opens. Use the settings in this panel to create or modify the triggers in alert profiles. The alert profiles you configure will always be associated with the type of service selected: application service or network domain. 2. (Optional) Select the checkbox to enable Real-Time alerts. These alerts are supported only for services and network domains with qualified elements. Refer to Configuring Real-Time Alerts for Services for additional information. 3. (Optional) Select the checkbox to enable aggregated service alerts. (Not supported when Real-Time alerts are enabled.) This feature allows you to receive alerts on aggregated data for an entire application or network domain service rather than a service's individual members. When
60
MONITORING PERFORMANCE AND HEALTH enabled, aggregation is included in the alert profile and is applied to every service or network domain with this alert profile assigned. Alerts are generated, as warranted, by comparing the aggregated service data to the configured baselines or thresholds. The generated alerts are labelled with "Aggregated Service" when displayed in the Alert Browser. Considerations: Alarming on aggregated services is restricted to the following supported metrics: For network domains: Bit Rate For application services: Application Service Bit Rate (the sum of traffic to and from the servers for the applications in this service), Failure Rate, Transaction Rate, Timeout Percentage If you enable aggregation in an alert profile with previously created triggers, you receive a warning that the triggers will be converted to apply to an entire service. Triggers that aren't supported for aggregated services will be removed. If preferred, you can keep the existing profile by cancelling this conversion and create a new profile for aggregated services. 4. Click Add trigger
.
5. Configure triggers for the alert profile as required. Click Apply to add as many as 10 triggers. 6. (Optional) Select Action if you want to specify additional operations, such as executing a script, forwarding SNMP traps, and/or sending an email, in response to alerts generated for the selected alert profile. 7. Click OK on the main panel to save the alert profile and triggers. The profile is added to the dropdown menu and can be used for other application services or network domains, depending on the type of service currently selected. For example, if the profile is defined for a network domain, the profile is available only for other network domain type services. If the profile is defined for an application service, it is available only for other application services.
Configuring Actions for Service Alerts By default, when service alerts are generated, they are logged and displayed in the nGeniusONE Alert Browser. Optionally, you can specify additional actions to occur in response to alerts generated for the triggers in a selected alert profile. Alert actions consist of operations such as executing a script, forwarding SNMP traps to specific IP addresses, and/or sending an email. You define actions when applying an alert profile to a service. Alert actions are not specific to the type of service selected; they can apply to both service applications and network domains. 1. Create a service. 2. Enable alerts for the service. 3. Select Actions.
61
nGeniusONE 5.4.1 Online Help Topics 4. Select an already configured action or create a new action by clicking Create alert action
.
The Alert Actions dialog box opens. 5. Enter a name for the alert action. 6. Add one or more of the following types of operations to be executed as part of an alert action: •
Scripts — Select a default or custom script. One script can be included in the action definition.
•
Send Email — Enter email addresses for individuals/groups who should receive alert notifications. The email notification includes a URL that recipients can follow to view alert details. To send alert notifications by email, you must configure email settings in Server Management.
•
Forward alerts as SNMP Traps — Enter IP addresses for devices to receive alert notifications as SNMP traps. The forwarded alert includes a URL that recipients can follow to view alert details. To forward alerts to a third-party system, you must add the following two properties to the serverprivate.properties file: AlarmForwarder.destinationPort= AlarmForwarder.communityString=
7. Click OK to save the action. 8. Apply the action to the service by clicking OK in the Service Definition panel.
Configuring Real-Time Alerts for Services When configuring alert profiles for services, you can enable Real-Time alerts for services that include supported interfaces and applications. These alerts are displayed in the nGeniusONE Alert Browser, providing almost immediate notification when alert conditions are met. Real-Time alerts are supported for: •
Network domains with physical interfaces that have been configured for the DLC alert type and utilization or burst utilization metrics.
•
Application services that include Market Data Feeds configured for Message Loss alerts.
At a high level, these alerts require the following configurations in the specified modules: •
Configure utilization or burst utilization alerts for interfaces in Performance Manager Device Configuration.
•
Configure Message Loss (KPI Packet Loss) alerts for Market Data Feeds in nGeniusONE Global Settings.
•
Enable the alerts for services in nGeniusONE Service Configuration.
The configurations may be performed in any order. Detailed procedures are provided below.
62
MONITORING PERFORMANCE AND HEALTH
Device Configurations for Real-Time alerts To collect DLC utilization or burst utilization metrics from the InfiniStream data source, you configure alert settings in a template that is applied to selected interfaces. Note: •
To receive alerts for burst utilization, ensure that the InfiniStream appliance is set for power_alarm_util on.
•
If the InfiniStream appliance is set for power_alarm_util on, utilization alerts are displayed in the Alert Browser with % utilization as the triggering value. If this setting if off, the alerts are displayed with number of bytes as the triggering value. Refer to Toggle power_alarm_util for additional information.
1. Launch Device Management from the Performance Manager Home page. 2. Select a device in the list. 3. Select Device > Templates. 4. In the Template Manager, click the Probe Interface tab. 5. Select the template to which you want to add an alert or create a new template. 6. With the template selected, in the Alarms section do one of the following: •
Click New Alarm.
•
Select an existing alarm to modify.
7. Enter the required information for the alert. 8. Click OK. 9. Apply the template to the interfaces with the traffic for which you want Real-Time alerts. 10. Configure network domains with these interfaces as described below.
Global Settings Configurations for Real-Time alerts Real-Time alerts are supported for message loss on market data feeds (MDFs). To generate these alerts, you configure KPI alarms on the MDFs in nGeniusONE Global Settings. The following procedure assumes that you have already enabled the Financial business type and configured MDFs in your environment. Refer to Configuring Business Types and Monitoring Market Data Feeds in nGeniusONE - Overview for additional information. 1. Launch nGeniusONE Global Settings. 2. Click the Applications tab. 3. Select Market Data Feed in the View drop-down menu. 4. Select a feed for which you want to receive Real-Time alerts. 5. Right-click and select KPI Alarm. (This option is enabled only for configured MDFs.) 6. On the KPI Variables tab, enter a value in the Packet Loss field. This number is the threshold for lost messages during the data sample period. 7. Select a severity level, Warning or Critical, for this MDF alert. The severity is applied to the alert in the Alert Browser and Service Dashboards.
63
nGeniusONE 5.4.1 Online Help Topics 8. Click OK to save the KPI variables. 9. Click Apply on the Applications tab. 10. Configure services with these MDFs as described below.
Service Configurations for Real-Time alerts Real-Time alerts are not generated by default, but you can enable them when configuring alert profiles in Service Configuration. 1. Create a service that supports Real-Time alerts, which can be any of the following: •
A network domain that includes at least one interface configured as described above.
•
An application service that includes MDFs with KPI alert settings as described above.
2. Enable alerts, and click Create alert profile menu).
(next to the Profile dropdown
3. In the Alert Profile panel, provide a name for the profile. 4. Select the checkbox to enable Real-Time alerts. 5. (Optional) If required and supported for the service type, configure additional triggers to be included in the alert profile. 6. Click OK to save the alert profile. 7. Click OK in the service settings panel to associate the alert profile with the service. You can apply this same profile to other services with the required elements. If you want to prevent generation of alerts during specific periods of time, you can configure service alarm exclusions in Server Management. When the Real-Time alerts occur, you can view them in the nGeniusONE Alert Browser.
Template Settings for Real-Time Alerts The alarm template settings described below pertain specifically to Real-Time alerts displayed in the nGeniusONE Alert Browser. You can disregard other fields in the template that are not required for these alerts. Field Alarm Type and Metric
Description 1. Click the Alarm Type field and select DLC. 2. Click the Metric field and select one of the following metrics from the down-down menu: • •
64
Utilization (%) Burst Utilization (%)
MONITORING PERFORMANCE AND HEALTH
Interval
Enter a value and appropriate units where configurable. The interval determines how often the device samples data. Double-click to modify. • DLC — Default = 120 seconds for Utilization (%); 10 milliseconds for Burst Utilization (%).
Thresholds
Double-click to modify the rising or falling (or both) threshold level. Enter thresholds using the following units: •
Utilization and Burst Utilization Thresholds — % (Burst Utilization supports Rising threshold only)
Note: Utilization and Burst-Ending alerts do not display evidence in the Alert Browser. Send Alarms
Select the rising or falling (or both) checkboxes for supported alarm types to generate an alarm when the threshold level is exceeded.
Severity
Double-click to select a severity level (1-5) for the alarm where 1-2 are Critical and 3-5 are Warning severities.
The other fields in the template are not required for Real-Time alerts. You can set values for Callback Script, Forward, and Email separately as alert actions for a service.
Exporting/Importing Service Alert Profiles and Actions If you want to transfer alert profiles and actions associated with service definitions between nGeniusONE servers, you can export and save them, then import the profiles and actions to a different system. Important: You must import alert profiles and actions before importing services that are associated with the profiles and actions. Refer to Exporting/Importing Service Definitions for additional information. The tool allows you to import alert profiles and actions that were previously exported using either the Service Configuration tool or the Command Line Administrator utility.
Exporting Service Alert Profiles 1. Launch Service Configuration
from the nGeniusONE Console.
2. Enable the Alerts configuration area by first selecting a service in the Services pane. 3. Click Export
next to the Profile menu.
Note: This action exports all alert profiles regardless of the type of service selected in step 2. All alert profiles are exported as an .xml file. Depending on your browser settings, the XML takes one or more of the following forms: •
Saved automatically to a default folder on your system (usually Downloads)
65
nGeniusONE 5.4.1 Online Help Topics •
Displayed in a new window
•
Available for you to run or save manually
Importing Service Alert Profiles 1. Launch Service Configuration
from the nGeniusONE Console.
2. Enable the Alerts configuration area by first selecting a service in the Services pane. 3. Click Import before services.
next to the Profile menu. Profiles and actions must be imported
4. Select an exported .xml file and click Open. The imported profiles are added to the Profile drop-down menu. If the current system already had alert profiles configured, the imported profiles are appended and triggers are added, as necessary.
Exporting Service Alert Actions 1. Launch Service Configuration
from the nGeniusONE Console.
2. Enable the Alerts configuration area by first selecting a service in the Services pane. 3. Click Export
next to the Actions menu.
All alert actions are exported as a .csv file, which is saved automatically to a default folder on your system (usually Downloads).
Importing Service Alert Actions 1. Launch Service Configuration
from the nGeniusONE Console.
2. Enable the Alerts configuration area by first selecting a service in the Services pane. 3. Click Import
next to the Actions menu.
4. Select an exported .csv file and click Open. The imported actions are added to the Actions drop-down menu. If the current system already had alert actions defined, the imported actions are appended to the current set.
Forwarding Service-Based Alerts You can forward SNMP traps or send email notifications for service-based alerts to other systems or users. Each forwarded alert or email includes a URL that recipients can follow to view alert details. When entered into a web browser, this URL launches the nGeniusONE Alert Browser with details for the particular alert. In a distributed environment, all alert URLs (including those for alerts triggered on the Local Servers) point to the Global Manager. 66
MONITORING PERFORMANCE AND HEALTH To view alert details through the URL, users must have: •
Login access to the nGeniusONE server where the alert was triggered (or the Global Manager)
•
Assignment of the service or domain that is the source of the alert
To forward alerts or send email to other systems or users, you apply the required action to a service as part of an alert profile.
Configuring Service Alarm Exclusions Service Alarm exclusions allow you to specify periods of time during which ASI servicebased alerts are not generated. Note: You must set your system to adjust automatically for daylight savings changes in order for exclusions to work properly. To configure exclusion periods: 1. Launch Server Management. 2. In the Server Configuration tab, expand the Exclusions pane. 3. Select Service Alarm and click Add an exclusion
.
4. Select the tab that best describes the mode for the exclusion you want to configure (Once, Repeated,Weekends, or Non-Business). 5. Depending on the mode you selected, configure the following (options vary according to mode): •
Duration — Select the date or range of dates you want to exclude. You can exclude a single date in Once mode, or a range of dates in Repeated, Weekends, or Non-Business Hours mode.
•
Time of Day — In Once or Repeated mode, select the time of day during which you want to exclude alerts. You can exclude all day (24 hours) or during specific hours. Deselect All Day to configure hours. Time of Day is not available for Weekends mode.
In Non-Business Hours mode, define your Business Hours. The hours outside your selected range are the non-business hours that are excluded. •
Days of Week — Configure for Repeated or Non-Business Hours modes. o
In Repeated mode, select the days to exclude.
o In Non-Business Hours mode, define the days of the week to include for your selected range of business hours. 6. Click Commit to save your changes. After you configure exclusions, you can view your settings in the Exclusions window.
67
nGeniusONE 5.4.1 Online Help Topics
Configuring a Baseline Exclusion Baseline exclusions allow you to exclude specific periods of time from automated ASI baseline alerts and from baseline calculations used in UMC-based reports, including average, maximum, and a user-defined percentage. Note: •
Set your system to adjust automatically for daylight savings changes in order for exclusions to work properly.
•
Non-Business Hours exclusions are not supported for baselines.
To configure a baseline exclusion: 1. Launch Server Management. 2. In the Server Configuration tab, expand the Exclusions pane. 3. Select Baseline and click Add an exclusion: 4. Select the tab that best describes the mode for the exclusion you want to configure (Once, Repeated,or Weekends). 5. Depending on the mode you selected, configure the following (options vary according to mode): Duration — Select the date or range of dates you want to exclude. You can exclude a single date in Once mode, or a range of dates in Repeated, Weekends, or NonBusiness Hours mode. Time of Day — In Once or Repeated mode, select the time of day during which you want to exclude data analysis. You can exclude data analysis all day (24 hours) or during specific hours. Deselect All Day to configure hours. Time of Day is not available for Weekends mode. Days of Week — Configure for Repeated or Weekends modes. 6. Click Commit to save your changes. The Add Exclusion message box confirms your configuration. After you configure exclusions, you can view your exclusions settings in the Exclusions window.
Additional Topics Alert Profile Settings In the Alert Profile panel you can select alert options and view, configure, and modify triggers associated with an alert profile. Each profile can have a maximum of 10 triggers. The triggers available are determined by the service type associated with the service. Options: •
68
Enable Real-Time alerts — Supported only for services and network domains with qualified elements. Refer to Configuring Real-Time Alerts for Services for additional information.
MONITORING PERFORMANCE AND HEALTH •
Enable alerts on aggregated services — Generates alerts on aggregated data for an entire service rather than a service's individual members. Refer to Configuring Alert Profiles for Services and Network Domains for additional information.
Tools: — Add a trigger. — Modify trigger parameters. — Delete the trigger. Trigger settings: Trigger Setting
Description
Type
Select the type of analysis and alert:
Metric
•
Baseline — Signals a metric exceeding statistically-derived baselines. Baselines can be calculated for data that is considered cyclical (for example, transact noncyclical (for example, server/client retransmissions).
•
Threshold — Signals increasing or decreasing metrics in comparison to user-defined t
•
Availability — Signals an unavailable server that fails to acknowledge all SYN request threshold during a 5-minute period.
Select the metric to be analyzed for anomalies. Available metrics depend on the type of aler •
Baseline metrics for application services include — Average Active Streams, Average Rate2, Failure Rate, KPI Error Code, Retransmission3 Percentage, Timeout Percentage Baseline metrics for aggregated services include — Application Service Bit Rate2, Fail Percentage, Transaction Rate
Baseline metrics for network domains (aggregated and non-aggregated) include — B •
Threshold-based metrics for application services include — Average Active Streams, Time1, Bit Rate2, Failure Rate, KPI Error Code, Percentage of Streams containing DTM Percentage (Ingress/Egress), Problematic MOS Percentage (Ingress/Egress), Problem Percentage (Ingress/Egress), Problematic Packet Loss Percentage (Ingress/Egress), R Percentage, Timeout Percentage, Transaction Rate
Threshold metrics for aggregated services include — Application Service Bit Rate2, Fa Percentage, Transaction Rate Threshold metrics for network domains (aggregated and non-aggregated) include — •
Availability4 metrics include — Server Availability (number of unacknowledged SYN r
1. If a response-time alert is generated for an application (parent) with messages (child
69
nGeniusONE 5.4.1 Online Help Topics
includes response time for all of the messages.
2. The Bit Rate trigger produces alerts for total bit-rate on half-duplex interfaces, and a ingress/egress bit-rate on full-duplex interfaces and aggregated network domains. T Bit Rate trigger produces alerts for total bit-rate. If a service member contains an AP treated as full-duplex and would produce ingress/egress bit-rate alerts.
3. Alerts are triggered by retransmissions, but are classified as server or client retransm applications. Retransmission alerts do not apply to Message IDs included in service m
4. Only one Availability trigger is allowed in each profile. Availability alerts are not trigg service that have Location Keys. Availability metrics are not supported for aggregate Attributes
Enter values for thresholds as applicable for the alert type and metric: •
Increasing or Decreasing — The direction of baseline or threshold-based metrics.
•
Warning alert status — The percentage, rate, or number that indicates a warning ale
•
Critical alert status — The percentage, rate, or number that indicates a critical alert.
•
Delta suppression (applies to baseline alerts only) — A percentage difference betwee sample period and the calculated baseline of the data. If the difference is less than th percentage, no alert is issued. Example:Assume the current calculated baseline f
total transactions, representing typical traffic. If you simply set a Threshold W 5%, an alert would be triggered if timeouts in the data sample increase highe transactions. But if, in addition, you wanted the alert to be triggered 30% ab you would configure a baseline alert with delta suppression. With the two set and delta suppression 30%), a Warning alert is triggered if timeouts in the da higher than 5% and are also 30% above the baseline (4%). In this example, triggered if timeouts increase above 5.2% of total transactions. In all cases, t for timeouts (described below) must also be satisfied.
•
Minimum values (applies to baseline and threshold alerts) — The minimum transactio streams below which an alert will not be generated.
Note: Fields are disabled for certain types of alerts: •
For non-cyclical Baseline and Threshold alerts based on average response tim Critical severity levels are determined by the response time thresholds in nGe Settings for applications in the service. Response times greater than the "Fast generate alerts labelled Warning. Response times greater than the "Degraded generate alerts labelled Critical. Refer to Modifying Response Time Boundaries information.
•
For KPI error code alerts, the Warning and Critical severity levels and the min thresholds are determined by KPI error codes defined for applications in nGen Settings.
Refer to the following topics for additional information:
70
•
Enabling Alerts for Services
•
Configuring Alert Profiles for Services
•
Understanding Service Alert Profiles
MONITORING PERFORMANCE AND HEALTH
Alert Action Settings In the Alert Action panel you can view, configure, and modify operations associated with an alert profile. Feature
Description
Name
Text box where you enter or modify the action name.
Add one or more operations to be executed as part of the alert action: Execute Script Send Email to individuals/groups who should receive alert notifications
Select a default or custom script. One script can be included in the action definition. Add a new email address Modify a selected email address Delete a selected email address
Forward SNMP Traps to devices that should receive alert notifications (for example, third-party management systems)
Add a new IP address Modify a selected IP address Delete a selected IP address Note: To forward alerts to a third-party system, you must add the following two properties to the serverprivate.properties file: AlarmForwarder.destinationPort= AlarmForwarder.communityString=
Refer to the following topics for additional information: •
Enabling Alerts for Services
•
Configuring Alert Profiles for Services
•
Configuring Actions for Service Alerts
Definitions Definition: Alert Action Scripts When adding an action to an alert profile, you can select a script file to run when the alert occurs. Several default scripts are available as well as any custom script files created and saved to the /rtm/scripts directory. • diskemergentscript — Executed when a disk server emergency alarm is generated. • diskwarningscript — Executed when a disk server warning alarm is generated. • memoryemergentscript — Executed when a server memory emergency alarm is generated.
71
nGeniusONE 5.4.1 Online Help Topics • • •
72
memorywarningscript — Executed when a server memory emergency alarm is generated. nsscript — Callback script that can be modified to include any scripting or CLI commands. wdscript — Executed when an abnormal server Java or database engine process is discovered.
MONITORING PERFORMANCE AND HEALTH
Configuring Alarm Templates for Devices Applying Alarm Templates in nGeniusONE — Overview Alarm templates provide flexibility for defining and applying monitoring, logging, and alarm settings for a device and for each interface on the device. Support for configuring device and interface templates are available in the Performance Manager Template Manager. Using these settings, you can configure the following types of templates: •
Device — Allow you to configure alarms for devices based on CPU utilization and memory utilization.
•
Interface— Allow you to define different logging and alarm settings for InfiniStream device interfaces. Also, support is provided for creating a real-time alarm regarding utilization or microburst in nGeniusONE. All other alarms apply to Performance Manager (UMC) only.
Working with Templates When you add a device in nGeniusONE, the Server automatically learns its interfaces and assigns the Default device and interface templates to them. The default InfiniStream interface template enables monitoring and logging for four data sets: protocol statistics, hosts, conversations, and response time. Default templates include no alarm settings. If you want to receive template-based alarms for utilization and other metrics, you can modify the default template or define your own templates. Keep in mind that you define alarm templates only in the Performance Manager Template Manager. After creating templates, they're available in nGeniusONE Device Configuration and you can apply them to the appropriate device or interface. Note also that most alarms generated by template-based settings can be viewed only in the Performance Manager Alarm Viewer or UMC-based Service Delivery Manager. These device and interface alarms are not displayed in the nGeniusONE Alert Browser. The exception to this rule are real-time alerts for nGeniusONE network domains. If enabled properly, as described in Configuring Real-Time Alerts for Services, these template-based alerts are displayed in the nGeniusONE Alert Browser. Additionally, you can enable separate alerts for nGeniusONE application services and network domains. Service-based alerts are enabled in conjunction with service configuration and do not require templates.
Applying an Alarm Template to a Device in nGeniusONE When you add a device in nGeniusONE, the Server automatically assigns the default device template to it. The default template includes no alarm settings. If you want to receive device alarms for CPU utilization or memory utilization, you can modify the default template or define your own templates using the Performance Manager Template Manager. Device alarms generated by template-based settings are displayed in the Performance Manager Alarm Viewer. nGeniusONE also displays these alerts.
73
nGeniusONE 5.4.1 Online Help Topics In a distributed server environment, you can apply an alarm template to a device from either the Global Manager or Local Server systems. To apply a template to a device: 1. Click
Device Configuration on the nGeniusONE Console.
2. Select the Devices tab. 3. Double-click an appliance, switch, or other device to which you want to apply an alarm template. 4. Click the Device Template drop-down menu and select the template you want to use. Note: This menu lets you select and apply an existing template. You cannot create a new template in nGeniusONE. To do so, you must use the functionality in the Performance Manager Template Manager. 5. Click OK to save your changes and exit.
Applying an Alarm Template to an Interface in nGeniusONE When you add a device in nGeniusONE, the Server automatically learns its interfaces and assigns the default interface template to them. By default, interface templates enable monitoring and logging for four data sets: protocol statistics, hosts, conversations, and response time. If you want to create a real-time alarm on utilization or microburst in nGeniusONE, you can modify the default interface template or create a new one. In a distributed server environment, you can apply an alarm template to an interface from either the Global Manager or Local Server systems. To apply an alarm template to an interface: 1. Click
Device Configuration on the nGeniusONE Console.
2. Select the Devices tab. 3. Double-click the InfiniStream with interfaces to which you want to assign an alarm template. 4. Do the following: •
If the selected device is an InfiniStream appliance, go to the interfaces (lower) panel.
Important: The interface panels allow you to select and apply the default or another alarm template. You cannot modify an existing alarm template or create a new one in nGeniusONE. 5. Select one or more interfaces in the lower panel. 6. Click
74
Modify.
MONITORING PERFORMANCE AND HEALTH 7. From the Alarm Template drop-down menu, select an alarm template to apply to the interfaces and click OK. (If you have not created interface templates in Performance Manager, Default is the only selection available.) The assigned template is displayed for the selected interfaces in the Alarm Template column of the interfaces panel. 8. Click OK again to save your configuration changes and exit.
Overriding Alarm Destinations in nGeniusONE You can configure a Local Server to override the alarm destinations defined in the Global Settings module and send alarms to another server. For example, you might want to configure a local Network Node Manager server to receive alarms from a specific Local Server. (All other Local Servers in the server cluster would continue to forward alarms to the defined destinations.) Note: For service-based alerts, alert actions define the alarm destinations. To override the alarm destinations defined in Global Settings, define the new destination in the serverprivate.properties file on the affected Local Server: 1. On the Local nGeniusONE Server, navigate to the /rtm/bin directory and locate the serverprivate.properties file. 2. Back up the file before proceeding. 3. Open the file using a text editor. 4. Add the following property to the file: alarmforward.trapDestination= •
Enter the address in octet format (for example: 10.20.30.40)
•
Multiple addresses are not supported
5. Save and close the file. Restarting the Server is not required.
75
nGeniusONE 5.4.1 Online Help Topics
Configuring KPI Alarms for Applications Overview of KPI Alarms in nGenius Server In general, KPI alarms are displayed in Service Delivery Manager (UMC) and the Performance Manager Alarm Viewer. However, you can receive alarms in nGeniusONE for ASI-based KPI error codes by including error codes as triggers in service alert profiles in the Service Configuration Editor. In contrast to device-based or interface-based alarms, KPI alarms are based on application response time. To alarm on KPIs, ensure that you meet all requirements for monitoring Response Time. KPIs are tracked at both the physical and virtual interface level. You can create KPI alarms for the following metrics (supported metrics vary by application): •
Responsiveness
•
Application Level Errors
•
Packet Loss/Retransmits
•
Voice and Video Quality
•
KPI Error Codes
Responsiveness To alarm on Responsiveness KPIs, define both of the following: •
Response Time threshold (milliseconds)
•
Number of times the threshold must be exceeded (using the KPI Alarm dialog box)
KPI alarms are generated based on the contents of responsiveness bucket 5 and bucket 6 (Availability and Timeouts). Because the Response Time boundary represents the highest value (worst responsiveness) for its respective bucket, values that exceed the Service Level boundary fall into bucket 5 (Slow Responses) and those that exceed the Availability boundary fall into bucket 6 (Timeouts) as shown below.
76
MONITORING PERFORMANCE AND HEALTH
Application Level Errors •
To alarm on Application Level KPIs, define a value for the number of times a User or Server event must be seen on the selected application using the Edit KPI dialog box.
•
You can also alarm on multiple KPI error codes for supported applications. Note: •
Supported codes are listed in the Select Error Codes dialog box.
•
You can define Critical and Warning alarms separately for parent and child applications. Error codes defined on the parent application are not inherited by the children.
Packet Loss/Retransmits To alarm on Packet Loss KPIs, define a Retransmit threshold in the KPI Alarm dialog box using an equation. •
Packet Loss — used for TCP and SCTP applications
•
Retransmits — used for UDP applications
Voice and Video Quality 77
nGeniusONE 5.4.1 Online Help Topics To alarm on Voice and Video Quality KPIs you must: •
Configure the appropriate nGenius InfiniStream appliance options.
•
Enable RTP, Audio, and Video for Response Time and ASRs. Enable signaling protocols if integrated with nGenius Voice | Video Manager.
•
Optionally adjust default quality boundaries.
•
Optionally configure alarms based on these boundaries. Refer to the Voice and Video Quality Overview for more information.
KPI Error Codes To alarm on KPI Error Codes: •
Select an application in Global Settings > Applications.
•
Define Critical and/or Warning severities by: o
o
Entering a threshold and minimum transaction count. Adding the error codes you require.
Refer to Configuring KPI Protocol Error Code Alarms in nGeniusONE for more information.
Configuring KPI Monitoring and Alarming in nGeniusONE You can configure monitoring and alarming on Key Performance Indicators (KPIs) for the following metrics: •
Responsiveness
•
Application level errors
•
Packet Loss
•
Voice and Video Quality
•
Error Classification
The instructions in this topic describe how to monitor KPIs (for both ASI and CDM) and how to set KPI alarms (CDM only). CDM KPI alarms are displayed in Service Delivery Manager (UMC) and the Performance Manager Alarm Viewer. To configure KPI monitoring and alarms: 1. From the nGeniusONE console, select the
Global Settings icon.
2. Click the Applications tab. 3. Select an application you want to track. 4. Responsiveness alarms — From the Select monitoring options drop-down menu, select Responsiveness and modify the response time boundaries as required. 5. Voice and Video Quality alarms only—Optionally toggle whether you want the alarms to be based on MOS or Jitter thresholds. This setting only applies to appliances configured with asi_mode=CDM or hybrid, since alarms on ASI metrics are set using service-based Alarm Profiles.
78
MONITORING PERFORMANCE AND HEALTH
To toggle: a. Select RTP. b. From the Select monitoring options drop-down menu, select Voice and Video Quality. c. Select MOS or Jitter and enter parameters. d. Click OK and Apply. 6. Other alarm types — From the Select monitoring options drop-down menu (or right-click button), select KPI Alarm. (The KPI Alarms dialog box allows you to enter thresholds for KPI Variables regardless of whether the application supports KPIs. ) 7. In the KPI Variables tab, enter a count for each variable, as appropriate. Enter zero for a variable if you do not want to generate an alarm. Use this tab to set alarms for metrics collected on CDM flows. The numeric fields indicate the number of times the indicated event must occur before you want an alarm triggered. For example, you might set an alarm to trigger when the Responsiveness threshold for Timeouts has occurred 50 times. You can also designate alarms on the selected application to be Warning or Critical, select a server-side script to run when the alarm is triggered, and specify forwarding for the alarm as an SNMP trap or as an email to designated addresses (set in nGeniusONE Server Management>Servers>Email Settings tab).
8. (Optional) For applications supported for application level KPIs, click the KPI Error Codes tab to configure KPI error code alarms. (The tab does not display for unsupported applications.) 9. Click OK to exit the selected Edit KPI dialog box and Apply to save your configuration.
79
nGeniusONE 5.4.1 Online Help Topics
Configuring KPI Protocol Error Code Alarms in nGeniusONE Requirements •
Response time enabled for the application
•
Power alarms enabled on the data source (refer to CDM documentation)
•
KPI application error code tracking enabled on the data source (refer to CDM documentation) Monitoring KPI error codes is disabled by default. You can adjust the table size (default 1,000 entries) and enable or disable monitoring per interface (including aggregated interfaces) in the CDM Agent Configuration Utility command line. (Entering interface 0 configures monitoring on all interfaces.) Refer to CDM documentation for details.
Alarming is supported on selected KPI error codes for specific applications. You can prioritize error codes as either Critical or Warning and define alarm thresholds for each category. A maximum of two alarms (one critical, one warning) per application per 5-minute interval is reported. Error code alarm settings are applicable to both nGeniusONE (ASI) and nGenius Performance Manager (CDM) data. By default, alarms are not triggered on KPI error codes. To alarm on error codes, first create a definition for Critical and Warning severity levels for the selected application. For example, you may want to define a severity of Warning to mean that errors constituted 2% of transactions within the interval. After you define Critical and Warning severity levels, define the minimum number of transactions that must occur before the alarm is triggered. You can define Critical and Warning alarms separately for parent and child applications. Error codes defined on the parent application are not inherited by the children. When you configure definitions for Warning and Critical, consider the amount of traffic you expect to see for this application and how important the application is to the operation of your enterprise. For example, the threshold and minimum transaction counts defining a Critical alarm would likely differ for SIP (relatively low volume, high importance) and HTTP (high volume, low importance) in a GPRS/UMTS network. In the case of SIP, you might want to set a low Minimum Transaction Count (for example, 1) so that errors are counted immediately. After you configure Critical and Warning definitions, apply those definitions to the error codes for which you want to receive alarms. To receive alarms for ASI-based error codes, define KPI error codes for applications in Global Settings, then include KPI error codes as triggers in service alert profiles in the Service Configuration Editor. These service-based alerts are reported in the nGeniusONE Service Dashboard and the Alert Browser. CDM-based alarms are reported in the UMC Service Delivery Manager (displayed as Power Alarms) and Performance Manager Alarm Viewer (displayed as KPIError Alarms). To configure monitoring and alarming for KPI error codes: 1. On the nGeniusONE console, click the
Global Settings icon.
2. Click the Applications tab. 3. Select an application supported for error codes.
80
MONITORING PERFORMANCE AND HEALTH Note: The KPI Error Codes tab (used to configure KPI error code alarms) does not display for unsupported applications. 4. Ensure the application is enabled for Response Time monitoring. If it is not enabled, right-click the application and select Response Time > Enable. 5. Right-click the application and select KPI Alarm... . 6. In the Edit KPI dialog box, click the KPI Error Codes tab. 7. Define Critical and/or Warning severities as follows: a. Enter a Threshold and Min. Transaction Count. You are defining what Critical/Warning means in the context of these alarms. Threshold and Min. Transaction Count Note: Increasing the Minimum Transaction Count and/or Threshold decreases sensitivity (makes it less likely that an alarm will be generated) while decreasing the Minimum Transaction Count and/or Threshold increases sensitivity (makes it more likely that an alarm will be generated). Threshold (%) — Enter the percentage of errors (0-100.00%) that must be reached before an alarm is generated. Values are supported to two decimal places (for example, 10.55). Errors are counted only after the Minimum Transaction Count is reached. Min. Transaction Count — Enter the total (successful or error) number of transactions that must be reached before the device begins checking for errors. When the percentage of errors equals or exceeds the configured threshold value, an alarm is generated. b. Select the checkbox to enable critical and/or warning alarms for the selected error codes. c. For each severity you want to configure, click Add error codes and select the preferred error codes. You can select a maximum of 40 codes individually for each severity (Warning or Critical) per application. d. Click OK. 8. Select a maximum of 40 for each severity (Warning or Critical) per application. If the code you want to monitor is not listed, click Add user defined error codes. Tips: •
You can enable/disable multiple codes at one time: Shift-click or Ctrl-click to multi-select codes, then right-click and select Enable or Disable as appropriate.
•
A range of codes counts as one entry. For example, entering codes 200, 201, and 203-235 counts as 3 rather than 35 entries. The total of individual codes and ranges of codes cannot exceed 40. Click Add user defined error codes to create a custom entry to enter the appropriate range.
81
nGeniusONE 5.4.1 Online Help Topics 9. Click OK. 10. If you want to configure ASI-based KPI error code alarms in nGeniusONE, you also need to include KPI error codes as triggers in service alert profiles in the Service Configuration Editor. These service-based alerts are reported in the nGeniusONE Service Dashboard and the Alert Browser.
82
MONITORING PERFORMANCE AND HEALTH
Viewing Alerts in the Alert Browser Using the Alert Browser and Alert Lists The nGeniusONE Alert Browser displays all alerts for services and devices configured in your nGeniusONE deployment. Alert Lists display alerts for a single service or domain selected in the Service Dashboard Hierarchy. In addition, when drilling down from alerts in Server Health, you see details in specialized Alert Browser tabs. The Alert pages contain three sections: •
Alert Summary with general information for all alerts during a specified time frame
•
Alert Details with specific information for a selected alert or alert group
•
Alert Evidence containing a chart, table, or heat map for a selected alert or alert group
General usage notes: •
You can resize the three panels by selecting and dragging the green splitter bars. (Not supported on tablets.)
•
You can maximize the Alert Summary table and the Alert Evidence pane by clicking the yellow Open button in the center of the splitter. Restore to previous views by clicking Close.
•
Services and network domains must first be added to service domains in Service Configuration to enable their alerts to be displayed in the Alert Browser.
•
Alerts are displayed for application services and network domains with alert profiles. Refer to Configuring Alert Profiles for Services and Network Domains for additional information.
•
Users can see service-based alerts for the application services, network domains, and service domains assigned to them. Refer to Assigning Services and Domains to nGeniusONE Users for additional information.
•
To see process and device-based alerts, users must have the privileges for both Device Health and Server Health. Refer to Predefined User Roles in nGeniusONE for additional information about roles, privileges, and modifying them.
•
When drilling down from a service or domain in the Service Dashboard, the Alert List opens as a separate tab in the Alert Browser. This contextual list includes all alerts for the selected service or domain and specified time period. The Alert Browser tab is independent of the contextual Alert List.
Viewing Alert Information Use the nGeniusONE Alert Browser to view all alerts for services and devices configured in your nGeniusONE deployment. Use Alert Lists to view alerts for a single service or domain selected in the Service Dashboard Hierarchy. These pages contain three sections: an Alert Summary section (described below) with general information for all alerts during a specified time frame, Alert Details with specific information for a selected alert or alert group, and an evidence section containing a chart or table for the selection.
83
nGeniusONE 5.4.1 Online Help Topics
Alert Summary The top of the Alert Browser or Alert List tab is a summary showing the currently selected time frame and the total number of occurrences for all critical and warning alerts during the interval. Alerts and associated information are displayed in a table. By default, the most recent alerts are at the top of the table. You can sort most columns in ascending or descending order by clicking the column head. Use the available controls to perform the following tasks: Parameter/ Control
Description Refresh list contents to retrieve the most recent alerts.
Refresh Reset the filter to display the full list.
Display or hide options for filtering the alerts. Filter
84
Filtering is available only in the Alert Browser. Parameter/ Control
Description
Problem Detection Time
Allows you to filter by specified hours or time ranges. When choosing User Defined, enter the starting and ending dates and times in the appropriate fields.
Severity
Allows you to filter by severity level: Critical and/or Warning.
Acknowledge
Allows to you filter for acknowledged and unacknowledged alerts.
Source
Allows you to filter by a complete or partial interface name.
Description
Allows you to filter by a complete or partial alert description.
Type
Allows you to filter by type of alert.
Sort By
Allows you to display the most recently detected alerts or those that are most frequently occurring.
Apply
Applies the current filter settings to the alert list.
MONITORING PERFORMANCE AND HEALTH
Restore Defaults
Search
Resets all filtering options to their original settings.
Open a text box where you can enter a known alert ID number. Click Search to open the Alert Details for the specified alert. Drill down to see alert data in an associated Service Monitor.
Launch Monitor
Launch Traffic Monitor
Acknowledge
Drill down to see data for the current network domain alert in the Traffic Monitor.
Acknowledge all selected alerts. When an alert is acknowledged, it continues to be displayed in the Alert Browser with the acknowledging user's name. Remove acknowledgement from all selected alerts.
Unacknowledge The table contains the following information: Parameter
Description
Alert ID
The Alert ID is a unique number assigned to each alert. All Alert IDs are in the form: X-YYYYY, where X=Server ID. The Server ID is used to identify alerts from different local servers in distributed configurations. In non-distributed environments, the Server ID is 1. If a given alert condition persists, the alert continues updating for 4 hours after which a new alert is triggered. In cases where multiple alerts occur for the same service, the alerts are consolidated in a service group designated by Service Alert: n (# of individual alerts in the group). Expand the service group to view the individual alerts. If multiple alerts occur for the same nGeniusONE process or monitored element, the alerts are grouped and designated by Device Alert: n (# of individual alerts in the group). Expand the service group to view the individual alerts. (Note that Device Alerts are not displayed, by default. You must select the Device type in the Filter Options dialog box.) If the alert group contains a large number of alerts, they are divided into sub-groups that you can expand and collapse. A service might also have multiple alerts for the same metric and event, but occurring at different times and qualifying for different severities (Warning and Critical). In these cases, the alert list displays separate alert IDs and entries.
85
nGeniusONE 5.4.1 Online Help Topics
Severity
The severity assigned to the alert: Warning or Critical. Severities for ASI alerts are predefined but can be modified. Refer to Alert Profile Settings for additional information about modifying alert severities.
Acknowledged
The current acknowledgement status. Select or clear individual check boxes to change the status of a particular alert. Acknowledged alerts include the acknowledging user's name.
Type
The alert category: Availability, Baseline, Threshold, Real-time, or Device.
Source
The name of the interface on which the alert was triggered.
Detected
The time when the alert was triggered.
Occurs
The number of occurrences for the alert during the time frame selected in the filter. For a service grouping, the number of occurrences is a total of counts for the individual service members.
Description
A brief summary of the alert. Additional details are provided in the Alert Details panel.
Viewing Alert Details The nGeniusONE Alert Browser displays all alerts for services configured in your nGeniusONE deployment. Alert Lists display alerts for a single service or domain selected in the Service Dashboard Hierarchy. These pages contain three sections: an Alert Summary with general information for all alerts during a specified time frame, Alert Details with specific information for a selected alert or alert group (described below), and an evidence section containing a chart or table for the selection.
Alert Details When you select an alert or alert group in the Alert Summary section, an Alert Details panel opens at the bottom of the page. Alert Groups An alert group is formed when multiple alerts occur for the same service or for the same nGeniusONE server process. When you select an alert group (designated by Service Alert and Device Alert in the Alert Browser table), the alert details provide summarized information for the alerts in the group, such as: • The first and last time an anomaly was detected in the group •
Counts for critical and warning alerts
•
Counts for baseline and threshold alert types
•
Counts for specific metrics triggering alerts in the group, such as average response time and failure rate
Alerts For a single selected alert, the Alert Details panel provides a full description and all available diagnostic information.
86
MONITORING PERFORMANCE AND HEALTH Use the supplied controls to perform tasks in the Alert Details panel: Control
Description Retrieve the most recent alert details.
Refresh
Launch Monitor
Launch Traffic Monitor
Acknowledge
Drill down to see data for the current application service alert in an associated Service Monitor. Drill down to see data for the current network domain alert in the Traffic Monitor.
Acknowledge all selected alerts. When an alert is acknowledged, it continues to be displayed in the Alert Browser with the acknowledging user's name. Remove acknowledgement from all selected alerts.
Unacknowledge
Add notes
Open a text box where you can add, edit, and save comments applicable to the current alert. The notes are displayed in the alert details pane.
Depending on the type of alert, you can view the following details: Detail
Description
Severity
The severity assigned to the alert: Warning or Critical. Severities for ASI alerts are predefined but can be modified. Refer to Alert Profile Settings for additional information about modifying alert severities.
Type
The alert category: Availability, Baseline, Threshold, Real-Time, or Device.
Description
A statement of the problem, such as: "Average Response Time for Service:Email Infrastructure (App:SMTP ) has exceeded the baseline over a 5 minute period (baseline = 15 ms; last delta = 11.9 ms; numOccurs = 1)" In this example, the service "Email Infrastructure" includes the application SMTP. This application's average response time exceeded its statistical baseline of 15 ms one time during a 5minute period. The "last delta" value is the difference between the maximum value for the sample period and the historical median of the data. The "numOccurs" value is the total number of occurrences for the alert since it was first triggered. Note: If the alert description includes the label "Aggregated Service," the alert details apply to the entire service instead of its individual service members.
87
nGeniusONE 5.4.1 Online Help Topics
Detected
The time when the anomaly was first detected.
Last Detected
The last time the anomaly was detected.
Set Threshold
The configured or default threshold. You can set thresholds for Baseline and Threshold alerts when you configure triggers for alert profiles. You set separate thresholds for real-time alarms.
Triggered Value
The actual value that triggered the alarm.
Interval
The frequency (in minutes) at which the monitoring device samples data.
Acknowledge
The alert's current acknowledgement status, including the acknowledging user's name. Select or clear the check box to change the status.
PM Server
The IP address, name, and port for the nGeniusONE Server that logged the alert.
Monitoring Interface
The address of the interface on which the anomaly was detected.
Monitoring Device IP Address
The address of the monitoring device on which the anomaly was detected.
URL
A URL that can be copied and provided to others for viewing this alert's details. In a distributed environment, the alert URL points to the Global Manager.
Notes
Comments that have been applied to the current alert.
Alert ID
The unique number assigned to the alert.
Viewing Alert Evidence The nGeniusONE Alert Browser displays all alerts for services configured in your nGeniusONE deployment. Alert Lists display alerts for a single service or domain selected in the Service Dashboard Hierarchy. These pages contain three sections: an Alert Summary with general information for all alerts during a specified time frame; Alert Details with specific information for a selected alert or alert group; and an evidence section (described below) containing a chart or table for the selection.
Alert Evidence After selecting an alert or alert group in the Alert Summary section, the evidence section displays different views depending on the selected object: •
88
Alert group — Displays a heat map with yellow and red sections to indicate warning and critical alerts for service members in the group. Example:
MONITORING PERFORMANCE AND HEALTH
•
Aggregated service alert — Displays a heat map with one bar counting all alerts on the aggregated service. Example:
•
Service alert — Displays a chart with an over-time plot line for the metric triggering the alert. The time of alert occurrence is displayed as a yellow bar. If available, the baseline for the metric is also shown. Example:
•
Real-time alert — Displays a table with tabs for Protocol Evidence and Conversation Evidence. Real-time alerts for utilization do not provide evidence. Example:
89
nGeniusONE 5.4.1 Online Help Topics
•
Availability alert — Displays a chart with plot lines for SYN requests and Unacknowledged SYNs above a defined threshold. When an alert occurs, these values are the same. Example:
Definitions Definition: nGeniusONE alerts The following types of alerts are displayed in the nGeniusONE Alert Browser: • Availability alert — Generated by the nGeniusONE server when a server becomes unavailable (based on unacknowledged SYN requests). • Baseline alert — Generated by the nGeniusONE server when supported ASI metrics rise above the statistical baselines for a configured service. Baselines can be calculated for data that is considered cyclical (for example, transaction rates) or noncyclical (for example, server/client retransmissions). • Threshold alert — Generated by nGeniusONE server when metrics go above or below a user-defined threshold. • Real-time alert — Generated by nGenius data sources when a defined threshold has been exceeded in the following types of metrics: utilization, burst utilization, message loss. • Device alert — Generated by the nGeniusONE Server or InfiniStream appliance when an event occurs, such as an unreachable device, or a defined threshold has been exceeded on metrics affecting nGenius instrumentation and other devices, such as CPU and memory utilization. By default, device alerts are not displayed in the Alert Browser; however, you can select the filter option to view them. To see Device alerts, you must have the user privileges for Device Health Viewing and Server Health Viewing.
90
MONITORING PERFORMANCE AND HEALTH
Viewing Health Alerts Overview of Health Alerts in nGeniusONE The nGeniusONE solution provides the Health module with two sub-modules where you can quickly view the status of data sources and servers in your nGeniusONE environment: •
Instrumentation Health
•
Server Health
When using the Instrumentation Health module, you can see warning or critical alarms from InfiniStreams and Flow Collectors. These alarms report on issues with components such as physical disks and RAID controllers during the last 24 hours of operations and provide drilldowns for details about any issues that arise. Refer to Instrumentation Health in nGeniusONE for additional details. When using the Server Health module, you can see warning or critical alarms from nGeniusONE servers. These alarms report on issues with system operations such as disk utilization, database, and processes over the last 24 hours of operations. Refer to Understanding Server Health Alerts in nGeniusONE for additional details.
91
nGeniusONE 5.4.1 Online Help Topics
MONITORING SERVER AND DEVICE HEALTH nGeniusONE Health Overview The following nGeniusONE modules provide an at-a-glance view of health within the last 24 hour period for data sources and servers associated with this nGeniusONE server, including status and assorted details. •
Instrumentation Health
•
Server Health
Viewing Server Health in nGeniusONE The Server Health summary provides an at-a-glance view of the current state of the nGeniusONE environment based on the last 24 hours. From the nGeniusONE Console, go to Health > Server Health to view the current status of all servers for system operations such as free disk space, allocated memory and usage, and processes. In addition to environmental information, health is depicted as OK or generating Warning or Alert Critical Alerts when conditions have worsened. A drill-down to the Alert list in Browser is provided for more specific information about all Warning and Critical alerts. Important: Ensure that you enable the Server Health Viewing privilege for any users using this feature—go to Server Management > Users > Roles. SYSADMIN role user can access the System Health page by default. Tool bar You can use these tools to reorder the list of servers: •
Flat list view — Displays servers on "first-come, first-serve" basis. You can also click a column heading to sort the server list by that heading.
•
Tree list view — Displays servers in a parent-child relationship. You cannot sort the list by column headings.
Refreshing the View •
Refresh Every — Use the drop down list to choose an automatic refresh interval for the server list on this page. Options are: 15, 30, 45, 60 minutes, or Never.
•
Refresh — Click to display on-the-fly changes in any view, especially after acknowledging an alert. For best results, close the standing view, click , and reopen the view.
Click a row in the server list to display the Summary information. The tables below describe Server Health fields and functions: Name
Description/Information
Servers Server
92
Server name
MONITORING PERFORMANCE AND HEALTH
State
Indicator for the health of the server. Either: Ok , or Down .
Type
Standalone, Global, Local, Standby, or NewsStand.
System
Indicator with Warning or Critical drill-down to the Alert Browser alert list and summary details. Click here to view more information about graphical System views.
IPMI
If the DRAC is configured and the interface enabled, the status icons display and report status. Click a status button to view IPMI status details.
(Intelligent Platform Management Interface)
•
Secondary DNS Server
•
Default Gateway
•
VLAN ID
•
VLAN
•
MAC Address
•
Primary DNS Server
•
IP Address
•
Subnet Mask
If the server is not an appliance or the DRAC is not configured, a double-dash (-) is shown. Note: You must enable the Device Health MIB on each device to show IPMI status. Process
Indicators with Warning or Critical drill-down to Alert Browser alert list and summary details, process status, and per process data including Memory Usage, session Up Since time, and counts of Memory Alerts and Watchdog Restarts. See the table below for more details. Click here to view more information about graphical Process views.
Logger
Indicator with Warning or Critical drill-down to Alert Browser alert list and summary 93
nGeniusONE 5.4.1 Online Help Topics details about logger health. Click here to view more information about graphical Logger views. Reporting
Indicator with Warning or Critical drill-down to Alert Browser alert list and summary details for Reporting activities.
User
Indicator with Warning or Critical drill-down to Alert Browser alert list and summary details for User activities.
Database
Indicator with Warning or Critical drill-down to Alert Browser alert list and summary details for Database activities.
License
Type of modules licensed. For example: UC, SDM, PM.
Summary Physical Memory
Installed RAM size. For example 11.7 GB
Authentication Mode
nGenius (Native) or external authentication including RADIUS, LDAP, Windows Domain, or TACACS+.
Timezone
Time zone and offset from Greenwich Mean Time. For example: EDT US/Eastern (400)
Serial Number
Server serial number
Version
Server release and build numbers. For example: 5.3 [Build 136 ]
Operating System
Operating System (Windows or Linux) type and release number. For example: Linux 2.6.18-274.el5
Communication Type
Communication protocol type (HTTP/HTTPS) and port number. For example: HTTP / 8080
94
MONITORING PERFORMANCE AND HEALTH
Decode Version
Decode version and build number. For example: 13.1 [ Build 29 ]
Used Space
Total amount of disk space in use (GBytes)
Disk Capacity
Total amount of disk space (GBytes)
SSL Configured
Whether configured for secure mode or not
License License Info Summary
Type of modules licensed. For example: SDM, nEI
Maximum Type I Interfaces
The maximum number of Type I interfaces allowed based on your license.
Maximum Type II Interfaces
The maximum number of Type II interfaces allowed based on your license.
Type I (Total)
Breakdown of Type I interfaces added to the selected server, total number of a Type I interface category, and total of all Type I interfaces. Type I interfaces include physical interfaces (Ethernet) and Common Data Model (CDM) Adaptors. CDM Adaptors consist of the following: • • • •
Type II (Total)
Link Aggregation Probe (Gigachannel) Aggregation or High-Speed Link Aggregation NetFlow sFlow
Breakdown of the Type II interfaces that have been added to the selected server, the total number of a Type II interface category, and the total of all Type II interfaces. Type II interfaces include any combination of the following: • •
'Other Device' interfaces, Switch ports
95
nGeniusONE 5.4.1 Online Help Topics
• •
• •
Switch FEC and VLAN interfaces Virtual interfaces such as TAC, VLAN, Site, SITE-APN, Site/QOS, RAI, QOS, BSID, TAC, etc. Virtual interfaces of NetFlow and sFlow Fast EtherChannel (FEC)
Viewing Logging Information in Server Health You can use the Health Server module to display logging information in graph and table formats over the last 24 hours. To access the Logger status screen go to Health > Server Health, and click a status button in the Logger column of the server for which you want to view logging information. These aspects of ASI logging in nGeniusONE are displayed: •
Total number of ASI rows (flow records) logged per interval (in thousands) by the logger
•
Interval elapsed to complete the logging cycle
The summary boxes show average and max counters across all intervals over the past 24 hours: Summary Box
Counter Avg
Rows logged across Average number of ASI rows intervals logged into the nGeniusONE database (FDS) across all intervals for the last 24 hours Time to finish logging cycle
Max Maximum number of ASI rows logged in any 5-minute interval over the last 24 hours
Average time taken to finish Maximum time a logging cycle the logging cycle over the last took over the last 24 hours 24 hours
Hourly warehousing Average time taken to finish Maximum time a logging an time across cycle the warehousing logging cycle hourly warehousing cycle took for all the logging intervals over the last 24 hours over the last 24 hours Daily warehousing time across cycle
Average time taken to finish Maximum time a logging the warehousing logging cycle warehousing cycle has taken for all the logging intervals over the last 24 hours over the last 24 hours
Service roll up time Average time taken to finish across cycle the roll up cycle over the last 24 hours
Maximum time a logging roll up cycle has taken over the last 24 hours
The ASI Logging Performance area in the Logger window shows the last 24-hours of summarized ASI information and logging cycle details for these ASI tables: •
96
All Tables
MONITORING PERFORMANCE AND HEALTH •
Key Server Indicator (KSI)
•
Key Performance Indicator (KPI)
•
Key Error Indicator (KEI)
•
Key Throughput Indicator (KTI)
•
Key Throughput Indicator (15 Sec) (KTI-EXT)
•
UC Key Performance Indicator (UC-KPI)
•
UC Conversations (UC-CONV)
•
TOPN Conversations
•
Host Activity Map
•
Server Transport Statistics
The line graph shows actual counters for each interval--showing the time interval on the Xaxis and the row count and logging cycle time on the dual Y-axes. A logging cycle consists of two main elements: polling and logging of various ASI tables. The nGeniusONE server polls and logs tables from multiple interfaces on multiple threads in parallel. Logging to the FDS database is performed after the data is available from the InfiniStream. For every InfiniStream interface, multiple tables are polled one after the other. The time at which the last ASI table is fetched and logged across all ASI interfaces is marked as an interval to finish that particular logging cycle. Average and maximum counters are calculated by applying average and maximum functions on that number across all intervals. These functions are available: •
Use the Table and Interfaces drop down lists to filter the line graph results.
•
Hover your cursor over a node on the graph line to display the ASI Logging Performance at that time.
•
Use the
•
Select Rows Logger Per Interval or Logging Cycle Time options by toggling icons in the box below the graph lines.
•
Drill-down to the Alert list in and Critical alerts.
handle icon to lengthen or shorten the interval displayed.
Alert Browser for more information about Warning
Viewing Process Information in Server Health From the nGeniusONE Console, go to Health > Server Health > Process column status button to display the Process page, which shows: •
A table view of currently running processes for the server row in which you click the status button.
•
Health status of the processes by drill-down-capable, color-coded dots.
•
Information about each process.
You can: •
Click these buttons to access more information for the selected process:
97
nGeniusONE 5.4.1 Online Help Topics
to display the Process details screen (default view, shown below).
• •
to display the Peak Memory Utilization chart, with data for the last 30 days.
•
to display the Memory Utilization chart, with data for the last 24 hours.
•
to display the CPU Utilization chart, with data for the last 24 hours.
•
Drill down to the Alert list in Alert Browser to view more specific information about all Warning and Critical alerts.
•
Hover your cursor over a point on the graph to see the server's utilization percentage for that day of the week, date, and time.
•
Select the handle on the ends of the graph to lengthen or shorten the viewable time frame.
•
Click the options in the box below the graph to select another process.
Viewing System Information in Server Health The nGeniusONE Console Health > Server Health > System column button displays Disk Utilization and Power Utilization bar graphs.
status
The Disk Utilization graph displays the percentage of the nGeniusONE disk utilized over the last 30 days (shown below). You can: •
Hover your cursor over a point on the graph to display the disk utilization percentage of the selected server (shown below).
•
Click the Status
Critical or
Warning button, if displayed, to drill down to the
Alert Browser for more information. •
Click the
Disk or
Power screen buttons to toggle between the views.
The Power Utilization screen displays the percentage of power the nGeniusONE disk utilized over the last 30 days.
Understanding Server Health Alerts in nGeniusONE The Server Health Summary view contains commentary to explain and help you address the alert condition.
System Alerts The following Warning alerts are generated in the System section of Server Health: •
Disk Space Insufficient: A Warning alarm is generated if the disk percent full rises above 75% of total disk space available in the following property: serveralarm.ServerDiskAlarm.DiskPercentFullWarning=75(default)
•
98
RAID Degraded: This hardware alert is related to the PM appliance if any RAID for PM appliance is in a degraded state (a disk fails)
MONITORING PERFORMANCE AND HEALTH The following Critical alerts are generated in the System section of Server Health: •
Disk Space Insufficient: A Critical alarm is generated if the disk percent full rises above the threshold in the following property: serveralarm.ServerDiskAlarm.DiskPercentFullEmergency=90(default)
•
RAID Inoperable: This Hardware alert is related to the PM appliance if any RAID for PM appliance is in an inoperable state.
•
Physical Disk Sector Failure: This is alert is generated if any Disk of the PM appliance fails to start.
You can monitor disk and power utilization in Server Health System screens. Logger Alerts All existing logger alerts are supported for ASIlogger and the ASI2xServiceWarehouse process for which the alert will be generated every 5 minutes if the service roll up overruns the 5-minute boundary. The following Logger Status alerts are generated in Server Health: •
Logger Over Run: If data logging does not occur within the default execution interval of 15 minutes and spills over to the next interval, this alert is generated.
•
Indexing Overrun: If indexing does not occur within the default time of 30 minutes, a warning alert is generated.
•
Roll Up Overrun: If data roll up does not occur within the default time of 15 minutes for most data types, a warning alert is generated.
You can monitor ASI logging in the Server Health Logger screen.
User Alerts The following User alerts are generated in Server Health: •
Maximum Concurrent Users Alert: If the number of user logged in to the server exceeds the threshold, this critical alert is generated (default: 50 users). This is governed by the following hidden property: WebxAuthenticationService.UserMaxLimit=50
•
Maximum Locked Users Alert: If the number of locked users exceeds the defined threshold, this Warning alert is generated (default: 5 users). This is governed by the following default property: sh.lockedusers.threshold = 10 (in %age) This property calculates 10% of WebxAuthenticationService.UserMaxLimit to learn the locked users threshold. The frequency for which this user alert will be checked is one hour governed by this value: propertyserverhealth.usersStatus.schedulableFrequency=60 (default value)
Database Alerts The following Database alerts are generated in Server Health: •
Database Backup Failed: A Critical alert is generated if, when you specify a path for database backup, and the specified folder does not have permissions to copy, the
99
nGeniusONE 5.4.1 Online Help Topics database crashes, or for any other reason such as the server is down for scheduled backup, this alert will be generated. •
Database Not Responding: A Critical alert is generated when the database fails to respond within the time specified in the following hidden property: dbx.connection.queryTimeout=300 seconds (default)
•
Data Base Concurrent Connection Exceeded Limit: A Critical alert is generated if the number of database connections exceed the limit specified in the following property: db.maxConnectionsLimit=150(default)
•
The monitoring database connection is based on the following property and by disabled by default: db.enable.concurrentconnections.check=false Database Not Responding and Database Concurrent Connection alerts are monitored based on the scheduling frequency set in the property: serverhealth.databaseStatus.schedulableFrequency=180 minutes (default) These alerts are updated in the Server Health dashboard once every three hours.
Reporting Alerts The following Warning alerts are generated in the Reporting section of Server Health: •
Scheduled Report Generation Failure Alert: If the scheduled report fails to generate due to a missing ME, a server blackout state, or similar cause, an alert is triggered.
The following Critical alerts are generated in the Reporting section of Server Health: •
Report Email Delivery Failure: If report delivery fails because due to SMTP not being configured and similar conditions, this alert is generated.
•
Report Over Run Condition: If reports failed to generate within the specified time, this alert is generated. For example: If an hourly scheduled report fails to generate within 3,600 seconds, and spills over to the next hour, an over run alert is generated.
Note: To avoid a repetitive alert for the same failure, a reporting alert is generated under the following conditions: •
It does not exist for the given component (E.g. ‘abc’ Report)
•
Previous generation/delivery was successful followed by the failure of that component.
•
A server or process restart.
Process Alerts Alerts are generated for processes. The following Critical alerts are generated and displayed in the Process section of Server Health: •
If any process does not start, a Critical alarm is raised.
•
If any process fails to start and was restarted by the PM watch dog, a Critical Watch dog alert is raised.
100
MONITORING PERFORMANCE AND HEALTH The following Warning alerts are generated and displayed in the Process section of Server Health: •
In v5.4, the OutOfMemory Alarm replaces the Memory Threshold Alarm which was generated if memory utilization for any process rose above the memory threshold. Now, when out-of-memory conditions occur, the Java process on the InfiniStream is stopped and the Watchdog process prompted to restart the Java process. The OutOfMemory Alarm eliminates any glut of alarms generated by processes running abnormally at more than 90% capacity as well as streamlines the watchdog check time for the process from 15 minutes down to 5 minutes.
You can monitor memory issues in the Server Health Process screen.
101
nGeniusONE 5.4.1 Online Help Topics
Instrumentation Health in nGeniusONE From the nGeniusONE Console, go to Health > Instrumentation Health to view health information about nGenius InfiniStream/Collector appliances. This view, and associated drilldown views, displays information for the previous 24 hours. Information is updated at the refresh interval you select, or click to refresh the page at any time. This table describes the Instrumentation Health page and available functions. Button/Field
Description Click to use the drop down list and click any of these options to obtain more information about a selected device:
/
/
•
InfiniStream Details
•
Status > Hardware
•
Status > Interface
•
Status > Usage
•
Status > IPMI
Click to Show/Hide/Reset the filter (drop down lists and text boxes below column headings). Click to export the Summary Table. You are prompted by your browser to save the file. Click to refresh the view. To display on-the-fly changes to this view, especially after acknowledging an alert, it is important to click
. For best results, close the Current Alarm Status view,
click
, and re-open the view.
Refresh Every
Use the drop down list to select a periodic refresh interval for this page.
Column
Description
Status
Displays the present operating state of the InfiniStream, either Up , Pending , or Down .
Device Name
Lists devices associated with the server or distributed cluster. Click the link to launch a view displaying device details. • • • • • •
102
Name - Name of the selected device Address - IP address for the selected device Alias - Alternate name for the selected device Local server - Type and IP Address of the local server managing the selected device Model - Device model number InfiniStream CDM - CDM firmware version and build
MONITORING PERFORMANCE AND HEALTH
• • • • • • • • • • • •
• Hardware
number Decode pack version - If applicable Up since - Day of the week, date, time, and time zone of the last restart IS serial - nGenius InfiniStream serial number ESU1 serial - If the appliance contains RAID arrays, the serial number for the specified External storage Unit. ESU2 serial - If the appliance contains RAID arrays, the serial number for the specified External Storage Unit. Templates - Template applied to the device. For example: Default Device Template Device protocol templates - Device protocol template applied to the device, if any Total disk space - Device total disk space Storage type - Raw (NetScout) or XFS INMC mode - On or Off Gateway Address - The IPv4 or IPv6 address of the default gateway for the selected device NTP Address - The IPv4 or IPv6 address of one or more NTP (Network Time Protocol) servers for the selected device Notes - Notes, if any, included when the device was added
Click the status symbol to launch the Hardware dialog box alarm type display. Alarm status symbols can be: — No unacknowledged alarms or errors. — Any unacknowledged warning alarms and no unacknowledged critical alarms or errors. — Any critical alarm for the category. The Hardware dialog box alarm type display shows: •
•
Alarm Type: •
Physical Disk
•
RAID Controller
•
Power Supply
•
Temperature
•
Voltage
•
Fan
Current Alarm Status - Real-time status for each alarm type (Critical, Warning, OK, or Rebuilding). Click any or to obtain more information about a specific alarm status, which includes information about the Hardware ID, Severity, and Description. Note: The current alarm status of any alarm will always display ‘Not Available’ even on an
103
nGeniusONE 5.4.1 Online Help Topics InfiniStream which has CDM 5.0 code installed until you enable the Device Health MIB on each device. •
Total Critical/Warning - Count of critical and warning alarms for each alarm type. Click any number in either of these columns to produce an Alert ID list page for a device. Click an Alert ID to drill down to a summary view for more information, and place a check in the Acknowledge check box to acknowledge the alarm. When you acknowledge an alarm, the next refresh decrements the total count. Note: The alarm also appears in the PM Alarm Viewer.
Interface
Click the status symbol to launch the link details display. •
Link - List of physical interfaces associated with the selected device
•
Status - Operational state: Active, Inactive, or ABS(ent). Note: inactive interfaces do not display a warning state they display with OK status.
•
IF Type - Interface Type: GigabitEthernet or ethernetCsmacd LR, SR, or SX
•
Light Level - Rx power in dB
•
Media Type - Optical module type: XFP, SFP+, SFP
•
Speed (MB) - Assigned interface speed
•
Duplex - Type: Half or Full
•
Virtualization - Type of virtual interface, if any, configured on the link such as VLAN, Site, VRF, QOS, etc.
•
Number of Virtuals - Count of virtual interfaces configured on the link
Alarm status symbols can be: — No unacknowledged alarms or real time errors. Also, an inactive or absent link displays a green icon. — Warning: Any link is down. — Critical. Usage
104
Click the status symbol to launch the usage status display for the previous 24 hours. •
Global settings updates - Date and time of the most recent updates to global settings within the last 24 hours
•
Total number of messages logged - Count of error, warning, and information messages logged in the previous 24 hours
•
Total number of decode users - Count of active decode users
MONITORING PERFORMANCE AND HEALTH Alarm status symbols can be: — No unacknowledged alarms or real time errors. Also, an inactive or absent link displays a green icon. — Warning: Any link is down. — Critical. IPMI (Intelligent Platform Management Interface)
Note: You must enable the Device Health MIB on each device to show IPMI status. Shows one of these status symbols: •
-- : Indicates that IPMI is not configured on the device.
•
: Indicates that the IPMI is configured (refer to nGenius InfinIStream Administrator Guide) on the device and the interface is enabled; click to show IPMI status details. •
IP Address
•
IP Address Source
•
IP Address Type
•
Subnet Mask
•
Subnet Mask Type
•
MAC Address
•
Ethernet Port Statistics
•
Gateway IP Address
Total number of InfiniStream appliances and status type counts shown at the bottom of the screen (OK, warning, and critical). Show/Hide Task Progress Report arrow.
Viewing IPMI Health Information You can display Intelligent Platform Management Interface (IPMI) health information for certain nGeniusONE servers and for Instrumentation, as shown below. IPMI is a standardized interface used for device monitoring and out-of-band management. All Dellbased platforms use the Dell Remote Access Controller (DRAC) for IPMI. To display IPMI health information for: •
nGeniusONE server, go to nGeniusONE Console > Health > Server Health and click the IPMI column status button ( ) of the server for which you want to view IPMI information. Note: Refer to the server hardware instructions to enable DRAC and ensure the interface is enabled to view IPMI information.
105
nGeniusONE 5.4.1 Online Help Topics
•
Instrumentation, go to nGeniusONE Console > Health > Instrumentation Health, and click the IPMI column information button ( of the device for which you want to view IPMI information. Note: Refer to Device Health MIB for information on which InfiniStream models support IPMI.
IPMI metrics are gathered from the Health-MIB and stored in the nGeniusONE server. Polling is performed on each device regularly; the polling interval varies per usage type.
106
)
TROUBLESHOOTING ISSUES Using nGeniusONE to Troubleshoot Issues Isolate the root causes of problems and target solutions using the following nGeniusONE modules: •
Discover My Network: Access an overall view of activity on the network, useful for monitoring load and failures using metrics and charts illustrating for transactions, throughput, TCP windows, and volume/packet counts.
•
Isolating Details using Monitors: Use business-specific and protocol-specific monitors, including Traffic Monitors, specialized Service Monitors, Network Management Monitors, and Enablers, to analyze application, server, and network performance affecting the user experience.
•
Performing Forensics using Packet Analysis: Use these modules to perform deepdive, protocol-level analysis and forensic evidence collection using real-time data captures and historical data mining, or by saving trace files for future decode analysis.
•
Isolating Unified Communication Issues (Call Search/Media Monitor): For environments with Unified Communication tools deployed, use the features of the UC Server solution to troubleshoot issues with audio and video streams and associated signaling for Voice or Video traffic over IP.
Related Topics: The following topics may also be useful with troubleshooting efforts. •
Using Search & Discover
107
nGeniusONE 5.4.1 Online Help Topics
Using Search & Discover Using Search & Discover Search & Discover Overview Perform the following procedure to use the nGeniusONE Search & Discover tool: Step 1: Entering a Search Parameter Clicking the Search icon displays a panel, as shown below, in which you can enter any supported search entry.
An entry can contain plain text only; + and - operators or wild cards are not supported. For every object type, the text format accepted is either the complete or actual name. For example: Search Object
Sample Input
VLAN
VLAN 199
Client/Server Origin Host
Origin 233
BSID
BSID 22-8
Cell Area
CellArea 41397-122
The advanced search can include a Location key but only one at a time. Any search applies to the last hour of traffic by default. One hour of total duration is supported, by default but you can choose any one-hour interval of the day from the search result page as described further below. You can enter a search string or select search elements by using the auto complete feature, as shown below, which lists search entries by the alphanumeric character entered and their rank by number of transactions or octets. Search objects are matched against cached data compiled during server startup derived from objects configured in Global Settings and Device Configuration. Entering an "b", for example, returns the following objects. Note that the list is truncated. You can click Show more to display additional list items or Show less to display fewer items..
108
TROUBLESHOOTING ISSUES
Selecting an entry and clicking Enter within the panel displays results of the search. Close the panel by clicking X. Search results contain various element types along with the number of discovered entries in parentheses, as shown in the sample below. Note that you can page through the list using the tool at the bottom of the screen to display additional entries. •
Applications — Beneath each interface, a list of applications associated with that server appear, as shown below. Applications are also listed in descending order by transaction count for each application for that server. Only three applications are listed by default.
•
Interfaces — An IP Address:interface pair, or interface name, or alias is displayed for a given server search. They are listed in descending order of octets.
•
Client/Server and Client/Server Communities — including associated community types and Host Group Other
109
nGeniusONE 5.4.1 Online Help Topics •
Discovered Location Keys — including QoS Groups, VLAN Services, VRF (Admins, Assigns), Sites, TACs, BSIDs, APNs, CompID, Cell (Areas, Groups, Ids), CMTS lists, DPCs, OPCs, QCIs, Origins, RAT Types
•
Codecs — including associated individual entries
•
Handset Groups — including associated individual entries
•
Messages — including associated Interfaces, Application Service, and Communities
•
UC Applications — including associated UC applications such as SCCP
•
Application Services, Network Domains — including associated communities, UC entries, Host Group Other, etc. for Application Services; and associated applications for Network Domains
•
Hosts, Servers, Clients — including associated individual entries
•
Internet Categories — including associated IP Addresses and interfaces
Drill-downs from the following Application modules with context are supported: •
Service Monitors
Step 2: Using the Time Duration and Settings Options Optionally, you can adjust the search time duration by selecting any one-hour interval from the previous 24 hours. The first search result is always based on the last one-hour duration from the present. Additionally, once the search result is displayed, the time option menu will be available in the top right corner of the view, as shown below.
110
TROUBLESHOOTING ISSUES The search time is displayed in the client time zone or the time zone configured in Preference. After you choose the time range, it is converted to the server time zone and forwarded to the server with the searched object. Also, choose preferences from the Preference Settings in nGenius Console for how you want your search entries displayed. The following list presents available choices: •
Interface/Device Description — Name, Address, or Alias
•
Host Description — Name with domain, Name, or Address
•
Application Description — Short name, Long name, or Port
•
Cell Site Description — Name or ID
Step 3: Drilling Down to Service Monitors Another feature of this tool is support for launching various service monitors from the IP Addresses/communities/virtual interfaces or applications returned. When you click on any resultant entry hyperlink, the Service Monitor is opened with the context of the selected entry and object being searched. For example, if you search for and find the DAL Sales Office, click on Applications (2), and click on the caret next to CITRIX, the Universal Monitor appears as an entry, as shown below.
Clicking on Universal Monitor returns the module, as shown below.
111
nGeniusONE 5.4.1 Online Help Topics
Note: Some searches have more than one associated Service Monitor. For instance, DNS Monitor and Cable Modem Monitor for DNS. Be aware that the Service Monitors listed are controlled by the Business Type configured. Caveats •
Drill downs to Traffic Monitor are not supported at this time.
•
Because Search & Discovery drill downs to the MDF Monitor are based on the predefined, default MDF Group template, if a custom application group were defined, the functionality is not able to determine that so in this regard the MDF Monitor is not listed as a choice for drill down. As a work around, you can create a service using the MDF template and manually add any custom groups.
Search & Discover Tool — Overview Using Search & Discover Host Analysis Monitor The Search & Discover tool, located prominently at the header level in all nGeniusONE modules, globally queries a host of objects with the ability to discover all possible associations for searched context. For example, if a client address is searched, Search & Discover also looks for the nGeniusONE server, which applications are talking to this client, which location is seeing this client — by querying all ASI tables — and based on all discovered objects, displays these associations along with a total count (first row data only). Search data are ranked by either total transactions or throughput.
112
TROUBLESHOOTING ISSUES The feature also supports drill downs to correlative service monitors. Search & Discover has been greatly enhanced from the Server Search feature in an earlier release to support queries for: •
Applications — search using the application Short name. Searches for Application Groups are not supported.
•
Messages — be aware that the search presents the parent application name as a prefix to the message name. For example, if you search for a particular Message ID for "SIP", it will display messages in auto complete such as SIP:SIP-1. But if you enter "SIP_TCP", "SIP:", or "SIP-1", Message IDs will not display at all.
•
Server and Client Addresses and Communities — search using either the server or client name, server or client name with domain, the client or server IP4/6 Address, and Client or Server Community name. Search results for these objects are for the particular client/server community only and not for individual client/server addresses configured inside them. Be aware that if a client or server address is added to a client or server community, no result is returned. Also, search results for communities do not return individual client/server addresses configured within them.
•
InfiniStream Interfaces — search interfaces (ME) using the actual interface name, alias or ipaddress:ifn. The interface name should be complete; for example, IS123:if3 where IS123 is the device name and if3 the interface name. When searching using an alias, specify the device alias along with either the name of the interface or interface alias. Auto-complete will show either the interface name, actual IP address or alias based on the configured preference.
•
QoS/VLAN/CompID/CellID — search discovered location keys using the Location key name followed by the actual number. For example, QoS 255 can be searched by entering QoS 255. VLAN100 can be searched by entering VLAN 100.
•
Location Keys (Sites, APNs, VRF Groups, Handsets, VLANs, Cell Sites, PLMNs, and others) — search using the actual name of these objects. For all these configured objects in Global Settings, search results are based on the actual configured object and not for individual objects configured inside them. For example, for a QoS group, the search result is for QoS group only and not for individual QoS configured for that QoS group. Typing the complete location key name and actual ID — VLAN 10, for example — will return correct query results. List of supported Location Keys The following list includes the nGeniusONE-designated names of supported Location Keys at this time. Whether keys are Discovered or Configured keys is noted. •
Client_Site (Configured)
•
Server_Site (Configured)
•
RAT (Discovered)
•
APN (Configured)
•
Origin (Discovered)
•
Client_ORIGIN (Configured)
•
Server_ORIGIN (Configured)
•
OCI (Discovered)
•
CMTS (Discovered)
•
HandsetGroup (Configured)
113
nGeniusONE 5.4.1 Online Help Topics •
VLAN (Discovered)
•
vlanservice (Configured)
•
VRFGroup (Configured)
•
BSID (Discovered)
•
CellArea (Discovered and Configured)
•
CellID (Discovered)
•
CellGroup (Discovered)
•
cellsite (Configured)
•
DPC (Discovered)
•
OPC (Discovered)
•
TAC (Discovered)
•
QoSGroup (Configured)
•
QoS (Configured)
•
Application Services — search using the actual service name for drill downs to Service Monitors. Domain is not supported at this time.
•
Network domain — search using the actual domain name. Searches for ME Groups are not supported.
•
Handset groups — search using actual names for drill downs to the Call Server Monitor.
•
Hosts — search using either the host name, host name with domain, or the host IP address. The Host Activity Map Table is copied to the nGeniusONE server every five minutes. Subnet-based host searches are not supported.
Loosely related to the Host search feature in the UMC, Search & Discover is especially valuable as applied in the following scenarios: •
When an IT user seeks a server's identity but does not know which MEL is monitoring that server. Once the MEL is discovered, IT will want to generate a Service Monitor display by providing a filter of an application-plus-IP Address to a service or monitor. In a second example, it is beneficial for IT to learn if a given server is an overlyconsumptive client that is hogging bandwidth or, worse, an interloper that should not be present on the network in the first place.
•
When an application is consuming too much bandwidth and that protocol may not be all that critical to monitor performance for. In this case, IT will want to inform the user of that condition or simply block user access at the firewall. For instance, this situation could be at issue by observing a monitor and noting the Facebook application is devouring bandwidth but the identity of Facebook users is unknown.
Search and Discover Use Cases More specific use cases of this tool are as follows. Be aware that Handset Group, Subscriber, and Host searches presume that data required to perform the search is already cached on the nGeniusONE server. •
114
Sites — In this scenario, multiple users from the remote office in London are dealing with poor response time across multiple services. A user might manually launch multiple Service Monitors and then apply a site filter to London. Or the user could
TROUBLESHOOTING ISSUES perform a search for "London" to return all Applications and Servers accessed from London and all interfaces monitoring the London site. Results are ranked either based on transaction or error count or throughput which quickly pinpoints the most relevant entity by Server/Application/Interface. These objects then serve as context to quickly drill down to the corresponding service monitor view. •
Handset Groups — In a Wireless service provider environment, if a user wants to quickly find which geographic areas (cell sites) have maximum penetration of iPhone 6, he can search for “iPhone 6” and quickly get a list of Cell Sites.
•
Applications — In a case where multiple users are dealing with heavy latency on, say, Oracle, IT suspects that mis-configured routers are causing wrong QoS levels to be assigned to Oracle on multiple segments. In response, a user can search for “Oracle” to return a list of three different QoS groups associated with Oracle as monitored by different interfaces. This alone confirms that the problem really is due to mis-configured routers. Drill downs to a Service Monitor can yield more specific answers.
•
Servers — In a situation where IT needs downtime to perform maintenance on some of its DNS servers, a user needs to learn which locations and client communities are dependent on these servers. By searching for the server or the range of servers (by subnets) the dependency map can be quickly produced and IT decide what to do next.
•
Hosts — Consider a case where a user in the enterprise calls IT complaining that “everything is slow”. IT then searches for the user's IP address to return a list of applications it is accessing as ranked by throughput. When many applications in the list that are ranked fairly high with a corresponding bulk of throughput appear unexpectedly, malware or a virus is suspected and a corrective course taken.
Caveats •
Be aware that complete, up-to-date search results will vary depending on the search object. Global indices for host, application and location data are committed at every five minutes after the logging cycle finishes. So, searches for these entries will be populated at the end of every logging cycle finish event - after five minutes.
•
A 15-30 second search delay may occur for freshly configured objects.
•
Drill downs to Traffic Monitor are not supported at this time.
•
Display results are derived by searching all ASI tables. Service monitors present data from particular ASI tables so be aware that not all Service monitors display metrics that can be queried by Search & Discover.
•
Because Search & Discover drilldowns to the MDF Monitor are based on the predefined, default MDF Group template, the functionality is not able to determine userdefined custom application groups. Therefore, the MDF Monitor is not listed as a choice for drilldown. As a workaround, you can create a service using the MDF template and manually add any custom groups.
Using Search & Discover Search & Discover Overview Perform the following procedure to use the nGeniusONE Search & Discover tool: Step 1: Entering a Search Parameter
115
nGeniusONE 5.4.1 Online Help Topics Clicking the Search icon displays a panel, as shown below, in which you can enter any supported search entry.
An entry can contain plain text only; + and - operators or wild cards are not supported. For every object type, the text format accepted is either the complete or actual name. For example: Search Object
Sample Input
VLAN
VLAN 199
Client/Server Origin Host
Origin 233
BSID
BSID 22-8
Cell Area
CellArea 41397-122
The advanced search can include a Location key but only one at a time. Any search applies to the last hour of traffic by default. One hour of total duration is supported, by default but you can choose any one-hour interval of the day from the search result page as described further below. You can enter a search string or select search elements by using the auto complete feature, as shown below, which lists search entries by the alphanumeric character entered and their rank by number of transactions or octets. Search objects are matched against cached data compiled during server startup derived from objects configured in Global Settings and Device Configuration. Entering an "b", for example, returns the following objects. Note that the list is truncated. You can click Show more to display additional list items or Show less to display fewer items..
116
TROUBLESHOOTING ISSUES
Selecting an entry and clicking Enter within the panel displays results of the search. Close the panel by clicking X. Search results contain various element types along with the number of discovered entries in parentheses, as shown in the sample below. Note that you can page through the list using the tool at the bottom of the screen to display additional entries. •
Applications — Beneath each interface, a list of applications associated with that server appear, as shown below. Applications are also listed in descending order by transaction count for each application for that server. Only three applications are listed by default.
•
Interfaces — An IP Address:interface pair, or interface name, or alias is displayed for a given server search. They are listed in descending order of octets.
•
Client/Server and Client/Server Communities — including associated community types and Host Group Other
117
nGeniusONE 5.4.1 Online Help Topics •
Discovered Location Keys — including QoS Groups, VLAN Services, VRF (Admins, Assigns), Sites, TACs, BSIDs, APNs, CompID, Cell (Areas, Groups, Ids), CMTS lists, DPCs, OPCs, QCIs, Origins, RAT Types
•
Codecs — including associated individual entries
•
Handset Groups — including associated individual entries
•
Messages — including associated Interfaces, Application Service, and Communities
•
UC Applications — including associated UC applications such as SCCP
•
Application Services, Network Domains — including associated communities, UC entries, Host Group Other, etc. for Application Services; and associated applications for Network Domains
•
Hosts, Servers, Clients — including associated individual entries
•
Internet Categories — including associated IP Addresses and interfaces
Drill-downs from the following Application modules with context are supported: •
Service Monitors
Step 2: Using the Time Duration and Settings Options Optionally, you can adjust the search time duration by selecting any one-hour interval from the previous 24 hours. The first search result is always based on the last one-hour duration from the present. Additionally, once the search result is displayed, the time option menu will be available in the top right corner of the view, as shown below.
118
TROUBLESHOOTING ISSUES The search time is displayed in the client time zone or the time zone configured in Preference. After you choose the time range, it is converted to the server time zone and forwarded to the server with the searched object. Also, choose preferences from the Preference Settings in nGenius Console for how you want your search entries displayed. The following list presents available choices: •
Interface/Device Description — Name, Address, or Alias
•
Host Description — Name with domain, Name, or Address
•
Application Description — Short name, Long name, or Port
•
Cell Site Description — Name or ID
Step 3: Drilling Down to Service Monitors Another feature of this tool is support for launching various service monitors from the IP Addresses/communities/virtual interfaces or applications returned. When you click on any resultant entry hyperlink, the Service Monitor is opened with the context of the selected entry and object being searched. For example, if you search for and find the DAL Sales Office, click on Applications (2), and click on the caret next to CITRIX, the Universal Monitor appears as an entry, as shown below.
Clicking on Universal Monitor returns the module, as shown below.
119
nGeniusONE 5.4.1 Online Help Topics
Note: Some searches have more than one associated Service Monitor. For instance, DNS Monitor and Cable Modem Monitor for DNS. Be aware that the Service Monitors listed are controlled by the Business Type configured. Caveats •
Drill downs to Traffic Monitor are not supported at this time.
•
Because Search & Discovery drill downs to the MDF Monitor are based on the predefined, default MDF Group template, if a custom application group were defined, the functionality is not able to determine that so in this regard the MDF Monitor is not listed as a choice for drill down. As a work around, you can create a service using the MDF template and manually add any custom groups.
120
TROUBLESHOOTING ISSUES
ISOLATING SERVICE, NETWORK, AND TRAFFIC ISSUES Overview of nGeniusONE Monitors NetScout Systems provides several business-specific and protocol-specific monitors, including Traffic Monitors and specialized Service Monitors, Network Management Monitors, and Service Enabler Monitors. These monitors allow you to analyze relevant metrics in order to triage application, server, and network performance degradation affecting end user experience. These monitors also provide a correlated view of relevant metrics for a selected interval as well as contextual charts for visual analysis and for further isolation of results. Key metrics are correlated with other critical measures, such as application and link throughput volume, retransmissions, success/fail transactions, and application error codes. Metrics are presented in a single summary panel, allowing you to quickly gain insight into the behavior of multiple applications across multiple segments. You can filter displayed results, allowing you to delve into an application, a physical link, or a service (predefined or user-defined) to display performance-related information, troubleshoot network and application events, and pinpoint probable cause. You can select specific rows for comparative analysis, and you can further isolate results by time using menu options or time-based charts. From the summary panel for most monitors, you can then further display correlated session analysis, from which you can drill into packet details. Users can access monitors from several areas of the nGeniusONE solution. Monitors can be opened directly from the nGeniusONE Console, from the Search & Discover tool, a Dashboard, or from the Alert Browser to quickly reach resolution from the level of an enterprise-wide service down to individual transactions and packets. Note: These tools use the ASI dataset from nGenius InfiniStream appliances, which provides statistics for the network, server, and application aspects of service delivery. Before you begin, it may be helpful to review configuration requirements as this will affect whether data is displayed in the monitors, how it is displayed, and whether session analysis can be performed. Usage Each monitor is presented in a view with different data perspectives presented as separate sub-tabs: Summary, Session Analysis, and Packet Analysis. Traffic Monitor offers a link- or application-based Summary and Packet Analysis, and a Conversation view. For details on usage, get started Working with Service Monitors or Working with Traffic Monitors. Data Note that each monitor relies on particular types of data captured on the monitoring device. Traffic Monitors and Host Analysis use a set of volume and conversation/activity tables. The UC-based monitors (RTP Monitor; Media Monitor) rely solely on a set of KPI and conversation tables designed to handle audio/video traffic particularly from a peer-to-peer perspective. All other monitors (and Service Enablers) leverage a set of tables intended for analyzing applications against which we can generate response time and KPI metrics, including server-based applications. Most monitors leverage the latter set of tables. Types Note that the nGeniusONE Console provides icons for several pre-defined monitors, some of which may be hidden if your environment has optionally been customized to
121
nGeniusONE 5.4.1 Online Help Topics display a subset deemed appropriate for your business needs. Following is a description of the Monitors and Enablers available by default. TRAFFIC MONITORS Link
Analyze anomalous conditions affecting network performance such as unexpected/unidentified application traffic and link health based on specific indicators.
Application
Analyze network performance based on behavior of specific applications / application groups, or application behavior in certain network locations.
SERVICE MONITORS Discover My Network Module Host Analysis Module
This specialized module provides a quick glance at TCP and UDP application activity on your network. A toggle is provided to view media-based application activity. This specialized module provides a quick view of host activity for the selected context.
Business-specific These specialized monitors include pre-defined Monitors collections of protocols associated with a specific business or use-case. They include specialized metrics, unique to that protocol set, along with a toggle to the general application metrics set. Advanced Voice Monitor VoIP signaling for SCCP, SIP, H.323 and Statistics Q.931 protocols using advanced metrics; see also Call Server Monitor
122
Cable Modem
Track metrics for DNS, DHCP, NTP, HTTP/S, LDAP, and TFTP in support of monitoring cable modem firmware updates
Call Server
Monitor VoIP signaling using SCCP, SIP, H.323 and Q.931 protocols; also see Advanced Voice Statistics
Card Processing
Track transaction processing protocols such as AMEX, AS2805, Discover, MasterCard, Union Pay, and VISA
Certificate
Track certificates in use across the enterprise, including which are coming up for expiration and the server to which they are assigned.
TROUBLESHOOTING ISSUES
Database
Monitor service issues relating to Oracle and MySQL traffic
MDF (Market Data Feed)
Monitor the user experience of market data feed activities to ensure the continuous delivery of services satisfactory to all users (see also Trading Monitor)
MQ
Monitor performance characteristics of the IBM message queue client-server API (MQI), including server to server channel communications and XA transactions
Media Monitor
Perform advanced monitoring of voice and video quality for RTP-based streams; requires a UC Server license
Network Access Measure health of Network Access in GPRS, UMTS and LTE deployments, for Network Attach, Authentication, Paging and Service Request Procedures PDN Connection
Measure health of Packet Data Network Connection in GPRS, UMTS, CDMA2K and LTE Networks. Covers Activation of Default (GPRS, UMTS, CDMA2K and LTE) and Dedicated (GPRS, UMTS, and LTE) Connection, and Connection Modification/Update (GPRS, UMTS, CDMA2K and LTE) Procedures
Radio (NBAP/RRC)
Analyze UTRAN (Radio Network) traffic over IuB interfaces
RTP
Monitor quality of voice and video streams using RTP payloads
Trading
Monitor FIX, OUCH, and STAMP protocols associated with Trading traffic (see also MDF Monitor)
Web Services
Track in-depth performance metrics for HTTP and all URL-based and Server-based applications to triage web service related problems
Network Management Monitors
This category of monitors enables analysis of network management protocols.
SNMP
NetFlow
123
nGeniusONE 5.4.1 Online Help Topics
Service Enablers This collection is useful for analyzing protocol-specific details. DNS
LDAP
DHCP
RADIUS
Voice Monitors These specialized monitors support environments integrated with nGenius Subscriber Voice and nGenius InfiniStream voice probe models. Voice Sessions Track voice call service for both wireline and wireless calls CS Mobile Call
Track CS (circuit-switched) wireless voice call control
CS Mobile SMS Track CS wireless SMS (short message service) CS Mobility Management
Track CS wireless mobility
Note: The Voice Monitors are visible and usable when integration with an nGenius Subscriber Voice deployment is performed. Details for configuring and enabling these monitors are provided in the nGenius Subscriber Voice Administrator Guide.
124
TROUBLESHOOTING ISSUES
Verifying Service and Traffic Monitor Prerequisites A few configurations are required before using the Service Monitors and Enablers, the Universal Monitor, and Traffic Monitors. Many of the prerequisites below are already in place to support other nGeniusONE modules, however a review of this list is recommended. Note: Each release offers new or updated features, some of which have a dependency on the monitoring appliance being at the same release level. In cases where a feature is release dependent, you may see No Data, a blank screen, or other unexpected results. NetScout recommends all systems in a deployment be running the same release version to ensure an optimal result. •
Use of the monitors requires browsers with HTML5 support, such as Internet Explorer 9, Firefox 18.x, and Chrome 24.x.
•
In the Server Management> Users> Roles tab, privileges may be configured to allow or deny session analysis drilldown, packet decode drilldown, or viewing of user identity values. Following is a summary of the privileges that affect monitor usage: o Session Analysis Drilldown: Enabled by default for certain roles, this allows drilldown to the session analysis tab when ASRs are available. o View User Identity: Disabled by default for certain roles, this unmasks values that may be used to identify a mobile or voice subscriber (such as phone numbers, IMSI IDs, MSISDN IDs, IMEI addresses, NAI usernames, URIs and URLs). For Service Monitors, masking is done by replacing the left 4 characters with an "x." Note: In cases where the data is within a tunneled Enterprise protocol such as HTTP or POP3, data types such as URLs or email addresses cannot be associated with a user identity. For that reason, this type of data in tunneled enterprise traffic will also be masked. (User data is not visible in Traffic Monitors.) o Packet Analysis - General: This privilege is used to allow or deny drilldown to Packet Decode tabs within the monitors and from the nGeniusONE Console. For environments with restricted access to user identity, this role should be disallowed for users not permitted to View User Identity, as decodes are not masked. o Packet Analysis - User Decryption: For encrypted traffic, decryption will occur automatically upon to this tab if this role is enabled and SSL key configuration has been done. To view the packets without decryption, use the Packet Analysis Data Mining Module.
•
In Global Settings, ensure traffic you want to see is properly identified and visible. These settings, along with the traffic type settings on the appliance, affect the values available for display in the Monitors as well as how they are displayed. o In Global Settings, configure My Network and Communities (ensures Community keys are populated). If you will be using Certificate Monitor, ensure that server addresses / subnets ranges include the servers hosting certificates that you want to monitor. For additional details on configuring Certificates, refer to Adding the Certificate App. o If your environment uses Sites or other virtual configurations, ensure your nGeniusONE server and the associated devices are configured appropriately to map and display associated addresses. Refer to Adding Site
125
nGeniusONE 5.4.1 Online Help Topics Virtual Interface Definitions and Configuring VLAN Services Monitoring for further details. Refer to Configuring Interface Groups for further details. o Ensure the proper business types are enabled for the corresponding traffic type. Note that you will not be able to view monitors or activate the desired applications if they are hidden based on the business type. o
Ensure applications are activated
o
ASR monitoring is enabled (for session-based analysis)
o Response-time monitoring is enabled (required in addition to the appliance Response Time setting on appliances) •
Use the Service Configuration editor to create services and network domains: o Create a service for any applications that do not have a pre-defined monitor or to create a custom definition unique to your environment. For example, to monitor MSS, a service must be defined for IuCS or GSMA traffic monitored on InfiniStream appliances configured with MSS as a link type. To monitor DHCP, though, you can just open the pre-defined monitor directly from the nGeniusONE Console. o When creating network domains based on QoS members that are specifically for use with Application (Traffic) Monitor, be aware that the data table this monitor tracks QoS values from Client to Server, not Server to Client. For these definitions, ensure that the “Orientation preference for Location Keys” set to Client instead of Server. o Note that service definitions with both messages and the parent application for that message yield metrics that include counts for both. For example, DNS (parent) and DNS:AAAA in the same service are counted twice.
•
On the InfiniStream appliance, verify the following settings: o ASI mode is enabled on the InfiniStream appliance — All monitors are based primarily on ASI data from properly configured InfiniStream appliances. This mode is on by default. However, if you do not see monitored elements and data in the monitors, ensure that asi_mode is set to ASI or hybrid (in addition to the other required settings below). o
TCP analysis tables are enabled — For applicable monitors, ensure the
tcp_monitor setting is on to support the TCP Analysis Switch-to
option.
o Conversation tables are enabled — To support the Host Analysis module the Traffic Monitor Conversation tab, these tables must be enabled on the data sources. Conversation tables are available for configuration when ASI mode or hybrid mode is set certain InfiniStream appliances running v5.4. Review guidelines for asi_modes and enabling the tables. o xDR (ASR) generation is enabled on each interface — To use the Session Analysis feature, enable ASR collection on each InfiniStream interface. o Correct traffic type is specified on each interface — These settings are used to define the data to be collected, to determine whether the interface is a supported Monitored Element for a specific monitor or service, and to populate a set of the options in the Monitor's Location Keys button. o
If you are monitoring IPv6 traffic, be sure to enable ipv6_mode.
For Enterprise / Financial traffic:
126
TROUBLESHOOTING ISSUES - Ensure the interface type is set to "Enterprise" - Ensure virtual interfaces are enabled (vifn_enable=on) - Ensure the virtual interface mode matches your traffic type (vifn_mode) - To use the Cable Modem Monitor, review steps in Enable CMTS Classification. - For RTP Monitor, ensure the appliance Protocol Options are enabled for Voice/Video Quality analysis. Also note that in cases when monitoring appliance is configured with vifn_mode set to site, service definitions intended for use with that appliance and RTP Monitor or Media Monitor must have the "Orientation preference for Location Keys" set to Client. - For use of Trading Monitor, ensure Protocol Options are enabled for Extended FIS monitoring - For use of MDF Monitor, ensure Protocol Options on the appliance are enabled for Extended FIS monitoring. Note that on the nGeniusONE Server you must add and activate child applications for the desired stack under Global Settings>Financial Trading>Market Data Feeds / MSG Platforms. Ensure the MDF messages under the Global Settings>Messages list are activated (they are by default); there is no need to modify them as the same set of messages are used for all stacks. Note that if you create a custom service for MDF, you must select the Market Data Feed child applications; not just the MDF messages. Also, if you create a custom application group for Market Data Feeds, that group is not automatically included in the Service Configuration template for MDF. You can create a service definition using the template for MDF, then manually add your custom group. For Mobile traffic: - Use the appropriate mobile_params command to set required configurations, including interface type and vifn_mode. - To monitor Pi traffic, ensure your environment is configured for RADIUS (to obtain mobile IDs). - Optionally, configure handsets and PCF tagging (for PH or Pi), as appropriate for your environment. For Voice Monitors: Refer to the nGenius Subscriber Voice Release Note and nGenius Subscriber Voice Administrator Guide for details on enabling these monitors and ensuring the associated nGenius Subscriber Voice Server and nGenius InfiniStream voice probe models are configured properly to supply data for the monitors. o For all traffic types, the appliance Agent Options must be set with Response Time Monitor on (this is the default setting). Note: Always reset the Agent after making configuration changes. With these configurations complete, monitored elements and applications are available for selection and display in Service Monitors, Service Enablers, and the Traffic Monitors. Access these modules directly from the nGeniusONE Console.
127
nGeniusONE 5.4.1 Online Help Topics
Discover My Network In addition to the Service, Network and Traffic Monitors, this module provides an overall view of activity on your network, useful for ad hoc troubleshooting. You can analyze load and failures using provided metrics for transactions, throughput, TCP windows, and volume/packet counts, which are provided along with charts for visual interpretation. You can also toggle this module to display media traffic with a high level view for ad hoc network impairments analysis. The Discover My Network module is available directly from the nGeniusONE Console and operates similarly to Service Monitors. The Summary tab for this module displays results up to one hour. Use the icon to optionally launch a Service Monitor sub-tab with support for extended durations. If the currently selected row matches a specialized monitor, that monitor type is loaded to the sub-tab, otherwise a standard Service Monitor with Universal metrics is displayed. Use that monitor sub-tab to drill down to Session Analysis and optionally to Packet Decode. Use the icon to toggle the view to Discover My Network -Media. Additional notes for this specific monitor: •
This monitor supports direct drilldown to a decode view for a selected row or chart element, including Messages or Message Attributes. The Decode icon is not supported if any Location key is displayed other than the Messages or Message Attributes. Decode is supported for the default mode as well as the Media view, however Messages are not displayed in the Media view.
•
The Location Keys dialog includes an option to toggle display of Messages and Message Attribute columns. Message Attributes include details such as SIP supplementary services (OIR, TIR, HOLD, RESUME, CW, CDIV, and CB), which are reported as a comma separated list in this field.
For details on usage, get started Working with Service Monitors.
128
TROUBLESHOOTING ISSUES
Note: This module is unrelated to Device Configuration> Global Settings > My Network feature.
129
nGeniusONE 5.4.1 Online Help Topics
Host Analysis In addition to the Service, Network and Traffic Monitors, the Host Analysis module provides utilization and host activity details for a specific host detected on the monitored network. Unlike other monitors, which launch from the nGeniusONE Console or Dashboard, this monitor is accessed by searching a specific host name or IP address in the Search & Discover tool, available at the top of the nGeniusONE Console window. Note: •
Use of this feature requires certain ASI tables be enabled. If needed, review Monitor Prerequisites.
•
For guidance displaying this module, refer to Accessing the Host Analysis Module
130
TROUBLESHOOTING ISSUES
Using Host Analysis The Host Analysis module operates the same as a standard Service Monitor Summary, with a few variations noted in the descriptions below. •
The time duration for this module is one hour, starting with the last 15 minute interval. For example, a query performed at 6:20AM yields a one-hour interval from 5:15AM-6:15AM.
•
The time duration for this module is specific to the drilldown context. As such, it is not applicable to customize the duration or navigate forward/backward in time. If an alternate time is required, return to the Search & Discover tool and adjust the time prior to drilldown. The time slider in Search & Discover navigates in one hour blocks forward or backward from the current time of the search.
•
This monitor does not have a Home tab, since it obtains context by drilldown from the Search & Discover tool.
•
It includes a summary table only.
Toolbar options include: •
Filter results: Narrow the results by filtering on specific values for each displayed field. If needed, click this icon again to display the currently set filter options. Add multiple filter options using the + icon. If desired, you can specify whether the query should match records with all the criteria or match any one of your multiple criteria. Click the Find button when ready to run the query. When a filter is in use, the icon is highlighted with a gold border.
•
Reset filter:
•
Customize displayed columns: Certain columns in this module are fixed. You can, however, customize which Metrics are displayed, using this icon.
•
Export displayed results (CSV, PDF, RTF): in one of three formats.
•
Launch Packet Analysis : To drill into packets from this icon select the row of interest, then click the decode icon. A separate packet (decode) analysis tab displays.
•
Customize displayed keys: Add and remove key columns that can be used identify results based on Location. The Location keys are primarily based on the vifn_mode specified for that interface on the InfiniStream appliance (ME Location). Note that when the vifn_mode is QoS, the key values are not applicable to this view, and the location key dialog is blank.
•
Customize view options: You can use this option to toggle display format of values in the Summary table. Note that, by default, certain fields are formatted as per nGeniusONE User Preferences. You can override these settings, then use the Save Settings option (below) to set your overrides as the new default for this module. Note that toggling these options causes column titles to change accordingly (e.g., ME Name to ME Alias). The options from this menu are:
Clear the filter options.
Export the currently displayed data
131
nGeniusONE 5.4.1 Online Help Topics o Host Description: For Client and Server columns, the values can be toggled between Name, IP Address, or full Name with Domain. If a namebased option is selected and the nGeniusONE server has record of a DNSresolved name for that address, the name is displayed instead of the IP address. If no name is resolved, the IP address is still displayed. o Monitored Element: This toggle correspond to the way the appliance is configured in Device Management. From there, an administrator can provide an Alias and a Name, in addition to the device Address. Selecting Alias, Name or Address in the view options dialog changes the column title and, if the administrator provided a value other than IP address for these, the corresponding value is displayed. o Application Description: Use this toggle to change display of the value in the Application column between values defined in Global Settings (Short Name, Long Name, Port). •
Save / Reset settings: Use this tool to save and reset configurations changes you have made for Metrics, Key options, View Options, and column sort order. Selecting the Save option saves the settings for this module for the current user. To revert the settings to the factory defaults, select the Reset option. There is no need to log out or restart the monitor for the settings to be applied; each new module instance launched from Search & Discover uses the modified settings (Reset does not modify the currently active monitor instance).
•
Show more tools: When the browser is too narrow for display of the full set of icons in the toolbar, this icon displays to indicate that more options are available. Click the icon to display a pick list.
•
Display Help:
•
Resize columns: You can change the width of any column. Hover your mouse cursor over the vertical separator between the column headings until the cursor changes to a gripper icon, then click and drag to adjust.
•
Sort columns: Click the heading of any column to sort the Summary table by that field or metric. The entire table is sorted on that key, not just the currently displayed results. Click a column title multiple times to toggle sort order between ascending and descending.
•
Navigate available results: The table displays up to 50 results at a time. When more than 50 rows match the query, the Page navigation icons on the upper pane’s status bar are enabled with icons to jump to the start or end, or to a specific page number, and to move forward or backward through the results. The status bar indicates which set of 50 is currently displayed,
Open contextual help for this module.
along with the total number of records
132
.
TROUBLESHOOTING ISSUES
Accessing the Host Analysis Module After you have a host name or IP address of interest, use the following steps to access the Host Analysis module: 1. Access the Search and Discover tool and enter the host name or IP address to locate within monitored data (not an ME name or IP). The query will match against instances of that ID appearing as a client, a server, or a host. 2. If the results displayed below the search field indicate only Host matches were found, skip to the next step. If a pick list is present, ensure the list is toggled to Host, as shown here:
3. When the results list is toggled to Host, the drilldown list available from each of the categories changes to include Host Analysis.
133
nGeniusONE 5.4.1 Online Help Topics 4. As illustrated above, select the row of interest. From that row, choose the Host Analysis drilldown option. 5. A new module tab is opened for Host Analysis - Search.
134
TROUBLESHOOTING ISSUES
Working with Service Monitors and Enablers The Service Monitors, Network Management Monitors and Service Enablers have common features that can be described independently of the specific service or protocol being analyzed. Use the information presented here for general guidance on working with monitors. Note that the Traffic Monitors function similarly, however the features are more specifically described in Working with Traffic Monitors. For a summary of all monitors refer to the Overview of nGeniusONE Monitors. Users can access monitors from several areas of the nGeniusONE solution. Monitors can be opened directly from the nGeniusONE Console, from the Search & Discover tool, a Dashboard, or from the Alert Browser to quickly reach resolution from the level of an enterprise-wide service down to individual transactions and packets. Note that the default nGeniusONE configuration provides icons for several pre-defined monitors, some of which may be hidden if your environment has been customized to display a subset deemed appropriate for your business needs. Note: Before you begin, it may be helpful to review configuration requirements as this will affect whether data is displayed in the monitors, how it is displayed, and whether session analysis can be performed. Each Monitor opens with a Home tab. Actions performed here trigger launch of a view for managing several tabs, the first of which is a Summary tab. From the Summary tab, you can launch a Session Analysis tab (for most Monitors). When applicable, the Session Analysis tab supports launch of a Packet Analysis tab. •
Using the Home Tab: This tab provides a list of pre-defined services and custom services defined using the Service Configuration editor, along with a list of monitored elements (or network domains) to select for analysis.
•
Using the Summary Tab: The summary tabs provide an at-a-glance view of application-server performance metrics, such as Load, Responsiveness, Throughput, Server Application Errors and TCP Errors.
•
Using the Session Analysis Tab: From the Summary tab, you can drill down to perform correlated analysis of session results in two different ways. Depending on the appliance configuration, the drilldown option for Session Analysis opens either nGenius Subscriber Voice (when applicable) or a Session Analysis tab. This tab type is not applicable for Traffic Monitor.
•
Using the Packet (Decode) Analysis Tab: From the Session Analysis tab or the Traffic Monitor Summary tab, you can drill down further into this tab for deep-dive packet decode and analysis.
Note: Use of the Monitors requires your environment be configured appropriately.
135
nGeniusONE 5.4.1 Online Help Topics
Navigating Monitor Views When you create a monitor view from the Home tab of a monitor, its summary tab is displayed along with tools to simplify navigating the additional tabs/views you may open while working in the monitor. Each time you Launch a view from a monitor home tab, that view is listed separately in the View navigation menu available by clicking the monitor name at the top left. Each time you launch a sub-tab within a view, a blue button for that sub-tab is added to the tab navigation menu along with a blue icon at the left of the monitor main display area. The example below illustrates this using the Universal Monitor, however the functionality is the same in all monitors, including Traffic Monitors. This topic reviews how to use the View navigation menu to switch between Monitor instances and to use the Tab navigation menu to switch between sub-tabs and to close sub-tabs.
View Navigation •
To display the list of views: Click the title at the upper left of the monitor. To hide the list without changing the active view, click the title again. The example above shows the Universal Monitor with views for individual monitors or services opened from the Universal Monitor Home tab. Since the Universal Monitor
136
TROUBLESHOOTING ISSUES displays all monitors and services other than Traffic Monitor and Discover My Network, the example shows the user has opened a variety of Monitor views: Call Server, RTP, and Advanced Voice Statistics. The active view, in blue, is Call Server. If the user had opted to open an individual monitor, such as Call Server, it would display in a separate tab. In the example below, the user has opened assorted Call Server views based on services created for different geographies:
When the monitor has been opened from drilldown through the nGeniusONE Console Search & Discover tool, the title of the view is the context of that drilldown. In the example below, a search was conducted for DNS, then DNS Monitor was selected for drilldown. The DNS Monitor is opened, with the context of the last hour, and with DNS and the selected interface. The interface is used as the view name.
137
nGeniusONE 5.4.1 Online Help Topics
•
To switch between views: From the view selection menu, click the title of the view you want to display.
•
To close a view: You can either close the entire monitor by clicking the X on the tab in the nGeniusONE Console, or you can close individual monitor views. From the View navigation menu, click the X on the view title. Note that closing the view also closes all its associated sub-tabs (Session Analysis and Packet Analysis, for example). A prompt displays to confirm that you want to close the entire view, including its tabs. To close individual tabs, see below.
•
To create a new view: Click the menu option for Open New View to display the Home tab. Alternatively, click the Home icon tab navigation pane (described below).
at the bottom left of the monitor's
Tab Navigation Each monitor has a collapsible navigation pane to the left side of the main display area. Each time you open a tab or sub-tab within a monitor view, a blue or gray vertical bar is added to the left navigation pane. You can navigate between sub-tabs of the view by clicking the colored bars, or by expanding the navigation pane and clicking the tab label, as illustrated below.
138
TROUBLESHOOTING ISSUES
•
Expand or collapse the tab navigation pane: Click the navigation icon aligned to the top left row of the monitor contents. Click it again to collapse the pane. You can navigate the tabs in either mode.
•
Navigate tabs/sub-tabs: Click the label or colored bar to load the tab into the view.
•
Close a tab / sub-tab: Parent tabs are grey; child tabs (sub-tabs) are shades of blue. Closing a parent tab will also close the child tabs, as described below. You cannot close the Summary tab. To close a tab, expand the navigation pane and click the X to the right of the tab name. In the example above, clicking X on either of the Session tab labels closes the individual Session Analysis tabs. Clicking the X on the Drilldown tab label closes the Drilldown tab (Hourly drilldown from the Summary tab) and the three tabs below it (Sessions, Packet Decode, Packet Decode). There is no confirmation when you close a tab group such as the Drilldown set.
139
nGeniusONE 5.4.1 Online Help Topics
Using a Service Monitor Home Tab (Monitors / Enablers) Service Monitors, Network Management Monitors, and Service Enablers are specialized versions of the Universal Monitor, which supports queries based on multiple applications / services and multiple monitored elements. These monitors are supplied by data from appliances enabled for ASI classification (asi_mode=ASI or hybrid) and for which appropriate additional configurations have been made. For an overview of these tools, and how to access them, refer to the Overview of nGeniusONE Monitors. Following is an overview of the Home tab for application-based monitors. The Home tab for Service Monitors differs from the Home tab for Traffic Monitors, described separately. The Home tab for each monitor is used to define the query criteria for the monitor and to provide help access to a help link for that monitor. Return to the Home tab to perform additional queries (each time you click the Launch button, a separate query is performed and a new Summary tab is opened). Following are guidelines for using the Home tab.
Icons/Buttons Help: If you require help while using the Monitor, navigate to the monitor's Home tab and click the help icon
140
, located at the far right of the tab title bar.
TROUBLESHOOTING ISSUES Refresh Lists: If a monitored element/domain or service definition has recently been added to your nGeniusONE Server, it may not appear in the above lists. Click the Refresh icon
to update the lists.
Return: If you access the Home tab using the home icon from within a monitor view, you can return to that previous view using the Return icon to monitors for which you have already opened a view.
. This icon applies only
Search: You can search within the Monitors, Services, and Elements (Monitored Elements and Network Domains) sub-tabs by typing in the search field above the subtabs. The field is indicated with a text string and icon. . Select the sub-tab in which you want to search (e.g., Services), then click to select the search field and type a search string. Launch: After you have selected a service and one or more elements (described below), click the Launch button to perform the query. A new view opens with a Summary tab to display the results to be analyzed. Note that the Home tab can be used to create multiple views with unique context. You can return to the Home tab from any sub-tab in any view and can also navigate between views. For details, refer to Navigating Monitor Views. View Selection The left hand pane of the Home tab contains two tabs (Services and Monitors) used to specify your query of interest. You must select either a service or a monitor, even if only one is displayed. If you select a monitor, you must also select at least one Element. See below for details. •
Services: User defined services are created in the Service Configuration editor and associated with specific monitors during the definition process. The Services list for all monitors, except the Universal Monitor, displays only services that are the same type as that monitor. In contrast, the Universal Monitor displays all service types and monitor types (excluding Traffic Monitors). When you select a service, the monitored elements are predefined, so you can click Launch immediately after selecting a service name. Multiple services of the same type are grouped under headings, as shown below. You can double-click the heading to expand or collapse the list. If your selected service is within a collapsed heading, a small, blue square appears on the heading to highlight the location of your selection. The example below shows a collection of user-defined services with assorted monitor types that have names matching the search string: "exc." Also note that the definition associated with the selected service is displayed in the right hand pane.
141
nGeniusONE 5.4.1 Online Help Topics
•
Monitors: When you select a Monitor, you must also select at least one Monitored Element or Network Domain, as depicted in the first image above, before clicking Launch.
Elements The content of the right hand pane varies based on the View selection. If you selected a service, this pane displays the service definition. If you selected a monitor, this pane displays an Elements list. In that case, you must select at least one element before clicking Launch. User Defined Service Details: As illustrated above, when you select a pre-defined service the definition for it is listed in the right hand Elements pane. You can click Launch to proceed. Monitored Elements/Network Domains: When you select a Monitor, rather than a Service, you must also select one or more interfaces or Network Domains to query for the selected monitor before you click Launch. You can search within the lists by typing in the field above the active tab. By default, Monitored Elements configured for classification of ASI metrics that are known to the nGeniusONE Server are displayed. Note that the Network Domains are offered as a convenience; the Monitor sub-tabs still display individual interfaces from that domain, not the domain itself. Also note that if a Monitored Element is valid but currently unavailable (upgrade in progress or other temporary condition), the address is annotated with an "(*)." For certain Monitors/Service types, selection triggers an additional configuration validation for the Monitored Element list; limiting the list to ensure the selected combination has applicable data. Specifically, for mobile-related services (PDN Connection, Network Access, Radio Monitors), the Monitored Element list is limited to those for which the interface type is set to a mobile type, such as Gn, IuPS, S11, et cetera). When more than one monitored element or domain is available the following selection methods apply:
142
TROUBLESHOOTING ISSUES •
Filter the displayed elements by entering a string to match in one of the fields: ME Location, IP Address, Alias.
•
Click the column title to sort the list by that field.
•
Click individual rows to highlight and toggle the checkbox for that row to on or off.
•
Click the checkbox above the list of elements to select all elements.
143
nGeniusONE 5.4.1 Online Help Topics
Using Service Monitor Summary Tabs (Monitors & Enablers) This topic provides guidance using the Summary tab from any application-based monitor type. Although these instructions are generally applicable to all monitors, for specifics on Traffic Monitors, refer instead to Working with Traffic Monitors. Each time a query is performed from the Home tab of a Monitor or Enabler, a new Summary tab is displayed, titled with the same Service name. Use the ME Location and the Time duration (see below) to discern the difference between tabs of the same name. In the Universal Monitor, the Home tab allows you to access multiple service types, so multiple summary tabs, session analysis tabs, and packet analysis tabs for each service type can be navigated within one view area when you start with the Universal Monitor. The Summary tab contains two panes, a table in the upper pane and a collection of charts in the lower pane. The contents of the table and charts include parameters and metrics that vary based on the original query criteria and the associated protocol or service. Note: •
If Response Time has not been enabled for the underlying protocols, the Summary tab may display a message: No Data Found. If that occurs, first try changing the duration of time (see below) to an earlier window, then verify configuration requirements.
•
For simplicity, the term "Monitor" is used throughout, although the features described apply to both Monitors and Enablers.
•
In cases where the browser has insufficient resolution to show the Summary table and all four charts, two of the charts are automatically collapsed (hidden). Guidance for expanding/collapsing these is provided in Working with the Charts, below. In addition, the content can be scaled using browser scaling functions, although column alignments are less optimal.
Working with the Table The title bar and status bar of the this table provide several means of analyzing and filtering results in addition to driving the contents displayed in the associated charts. Note that in some cases, the table title (Server and Community Summary, by default) may vary slightly. Here are descriptions of the actions you can perform in Monitor tables. The options on the title bar of the Summary Table pane allow you to perform the following actions: •
144
Customize time: Use the time toolbar to adjust the duration of results you want to display at a time, and to move forward and backward through time, by defined
TROUBLESHOOTING ISSUES increments.
o Duration: To change the overall duration of the chart, which is set to "1 Hour(s)" by default, click the duration menu. For all menu options other than User Defined, the duration is preset and displayed in the time duration pane. To customize the time to a value other than a preset, choose User Defined, then use the Calendar icon to change the Start date and End date, then use the time selectors to specify hour and minutes for both start and end.
Note the following guidelines:
145
nGeniusONE 5.4.1 Online Help Topics The overall duration cannot exceed 31 days (Note that the Discover My Network module is restricted to one hour durations.) The Hour and Minute values are validated against the duration set for Chart Resolution in the View Options menu (described below). In cases where the chart resolution is a day, then User Defined time must be a 24-hour boundary; when it is 1 Hour, the Minutes must be 00. Chart Resolution Setting
Impact on User Defined Time
> 7 Days and <= 31 Days
1 Day
Start and End HH:MM must be on the 24-hour boundary: 12:00AM
>= 3 Days and <= 7 Days
1 Day
Start and End HH:MM must be on the 24-hour boundary: 12:00AM
1 Hour
Start and End HH:MM must be HH:00 (minutes must be 00).
1 Hour
Start and End HH:MM must be HH:00 (minutes must be 00).
5 Min
Required if duration in Time Dialog is in any increment other than 00
> 1 Hour and < 3 Days
o Time Shift: To change the default time shift of 1 Hour, click the "Shift by" menu and select 5, 15, 30 minutes. Click the time stamps on left and right side of the time toolbar to move forward and back by that increment. Note that time shift is not available after drilldown to hourly data (see below). After the table and charts reload, if you selected a menu option that toggles results for more than a one-hour duration, the time drilldown icon
is
enabled on both the table and charts; also, the Session Analysis drilldown is disabled as durations exceeding one hour are unsupported for Session Analysis. The time drilldown icon available from the Summary table opens a new tab for all selected rows limited to that one-hour duration and the nudge menu (see above) is restricted to that specific hour. Session Analysis drilldown is supported from this new tab, since it is limited to one hour. Note that the Time drilldown icon is also available from charts, but the duration corresponds to the chart time or swiped chart time. •
Expand/collapse table: Click these icons to show or hide the Summary table. When the table is hidden, the charts automatically scale to use the additional space.
•
Maximize/restore table: Use these to toggle between display of only the upper pane / Summary Table and a split display of the upper pane Summary table and the lower pane with charts.
146
TROUBLESHOOTING ISSUES The tools on the Summary table allow you to perform the following actions: •
Filter results: Narrow the results by filtering on specific values for each displayed field. If needed, click this icon again to display the currently set filter options. Add multiple filter options using the + icon. If desired, you can specify whether the query should match records with all the criteria or match any one of your multiple criteria. Click the Find button when ready to run the query. When a filter is in use, the icon is highlighted with a gold border. Note: In some cases, the list of filter elements includes options that do not appear to match the table column labels, such as Call Server and Call Server IP. These are provided to simplify the query process - use one for searching on hostname and the other for searching the same field using IP address. A special case is also provided to facilitate filtering for flows detected on multiple interfaces. In this case, the associated rows in the table are tagged with a multi-segment icon indicating that you can filter on "singlesegment" or "multisegment" by selecting the Characteristics filter option.
•
Reset filter:
•
Customize displayed columns: In addition to certain fixed columns (ME Location and Application) and optional Locations (see below), each Monitor has a collection of metrics of which only a subset is displayed by default. Use this icon to customize which metrics are displayed in the Summary table. Note that some are actually groups of messages. Within each grouping (Latency, Requests, Failures, et cetera), an “Others” field may display. This field contains an aggregate of all available, related metrics that are not explicitly listed in the other fields of that grouping. This is done to conserve real estate on the UI. Note that Certificate Monitor uses these columns to display version and certificate expiration status, rather than metrics. Certificate status is based on the status as of 00:00 Hour GMT. Although you can navigate backward and forward in time, certificates that are updated during a 24-hour period retain the same status until the status table is purged and refreshed upon the next 00:00 Hour GMT.
o
Customize message groups: In certain view modes, select monitors support customization of the grouping for messages displayed in the summary table. When present, use this icon to display a dialog to perform the following modify actions:
Clear the filter options.
o
Add or remove messages within a group
o
Change the group name
o
Enable / disable a group from being displayed
Note: This feature supports modification of the existing groups. To "delete" a group, disable its display. Adding groups is not supported. Supported monitors for this option: ActiveSync Monitor, Card Processing Monitor, Database Monitor, DHCP Monitor, DNS Monitor, LDAP Monitor, MQ Monitor, NetFlow Monitor, SNMP Monitor, and Web Services Monitor. This icon is not available in Universal Monitor, or when the Switch-to view mode is set to Universal or TCP Analysis. o
Export displayed results (CSV (Table), CSV (Charts), PDF, RTF): Export the currently displayed data in one of three formats. Exporting charts creates a zip file with a CSV for each separate chart.
147
nGeniusONE 5.4.1 Online Help Topics
o
Compare selected rows: Active when more than one row is selected within the currently displayed table; use this to update charts with comparative results for all rows with check boxes (charts are not automatically updated during row selection). As needed, change the selected rows and click the icon again to update the charts with new comparisons. Hover the mouse cursor over individual elements in the chart to display a tooltip that identifies the source row. The comparison only operates on rows selected from the currently displayed page. Note that use of this feature toggles a metrics icon to be displayed on the charts. Use the icon to display a dialog that allows you to select alternate primary metrics for comparison. In cases where only one metric is listed, selecting that option has no affect on the chart. See Working with the Charts, below, for more guidance.
•
Create Session Analysis for selection: This icon is used to perform correlated analysis of session results in different ways. o Use this option in Certificate Monitor to view details such as Identity, Issuer Name, specific expiration date, and Client IP:Port. Note that for faster results using Session Analysis from Certificate Monitor, reduce the duration to an hour or less. o In cases where the selected rows are standard InfiniStream appliances with ASRs configured, the icon launches a new tab with correlated session results for the selected rows. If ASRs are not configured on that interface, or if the user's role is restricted, an error dialog displays. The rows do not need to be from related protocols or session events; the Session Analysis retrieves all flows related to the selected rows and displays them in a new Session Analysis tab from which you can select flows to display correlated session details. This option is not available from within Traffic Monitors. o Note that when you select this option from certain monitors (e.g., Card Processing, Cable Modem, and Trading Monitor), a pre-filter dialog provides you the option of filtering the session results before the new tab is populated. For Card Processing, you are provided the option of filtering based on PAN, Acceptor ID, and Error Code. If you are performing Session Analysis on a DHCP flow within Cable Modem, you can pre-filter on the specific MAC address for a problematic modem. For Trading Monitor analysis of FIX traffic, you can specify a particular ClOrdID,SenderCompID, TargetCompID, or SenderSubID. o Note that in cases where ASRs are not available for the selected row, but are supported for that protocol type, the Session Analysis tab opens with No Data displayed even though there is data in the Summary tab. This can occur because the Summary tables are based on ASI data, while the Session Analysis mines ASRs directly. In some cases, there may be no ASRs for the time frame or ASRs are not collected for the selected message or related protocol may not be supported for ASRs even though they are for the overall application is supported. For example, ASRs are collected for SNMP but not SNMPTRAP. For details working with the new Session Analysis tab, refer to Using Session Analysis. o In cases where the selected Monitored Element is an appliance configured to support nGenius Subscriber Voice, then selecting this icon opens a browser window to nGenius Subscriber Voice with the analysis
148
TROUBLESHOOTING ISSUES context instead of opening a Session Analysis tab. If the selected rows include a mix of this appliance type and standard InfiniStream appliances, only the standard InfiniStream appliance interfaces are used and a Session Analysis tab is opened. For details enabling and working with nGenius Subscriber Voice, refer to the nGenius Subscriber Voice Administrator Guide. •
Customize displayed keys: Add and remove key columns that can be used identify results based on Location or Community. o Location keys are primarily based on the vifn_mode specified per interface on the InfiniStream appliance (ME Location), such as Site, QoS, VLAN, VRF, or APN or on attributes specific to that monitor, such as Codec or Cell Area. The Location keys settings are not available in Service Views. o Communities keys are based on values defined Global Settings>Enterprise for Client Communities and Server Communities. The context of these keys varies with each monitor type. For example, the key column for source addresses may be displayed as Source Site, Client Community or Sender CompID; and the key column for Destination address may appear as Server Name, Call Server, Server Community, Target CompID, or IP Address. o The Apply To toggle is useful when you have found a row of interest and want to expand the key information on key rows of interest, rather than the whole table. The default setting (All Rows), refreshes the entire table; the Selected Rows setting refreshes the table with only the selected rows, along with the expanded key information. This option is not applicable for Discover My Network and Service Views.
149
nGeniusONE 5.4.1 Online Help Topics
o You can also enable display of Message and/or Message Attribute details. The Message option is only available in the Discover My Network monitor. The Message Attribute option is available the Discover My Network monitor and the Universal View. Message attributes include details such as SIP supplementary services (OIR, TIR, HOLD, RESUME, CW, CDIV, and CB), which are reported as a comma-separated list in these views. For applications other than SIP, or when no data is available, a "-" is displayed. Note that the Advanced Voice Statistics Monitor includes these service types as individual columns that can be added using the Customize Column dialog. Also note that when Message and/or Message Attributes are displayed, those flow records do not include TCP Server/Client Min or Traffic Volume. o Use the reset icon within this dialog to revert these settings to the values present when the table was initially loaded. •
Note the following: o For addresses are grouped using the Client Community Subnet option in Global Settings>Enterprise>Client Communities, that group is displayed in its masked IP Address form rather than with a Community ID. For example, with a subnet mask of /16, the last two octets are displayed as 0.0 (192.168.22.34 and 192.168.35.42 are grouped into 192.168.0.0). This allows you to identify activity by address range rather than hiding the range within a label. Drilldowns to Session Analysis and subsequently to Decodes show underlying client IPs. This is not applicable for RTP Monitor and Media Monitor. o In addition to values populated based on the vifn_mode setting, other flow / key attributes, such as Cell Area, Handset Group, or RAT Type, appear in this options dialog based on Agent settings, particularly those related to mobile configurations. o If more than one interface is selected on drilldown from the Home Tab, the location keys associated with all selected ME Locations are displayed in this dialog. If you enable the key columns for all interface types, a "-" is displayed as the value for any type that is not applicable for a given row. For example, if interfaces configured for VLAN and for Site are present in the table, and you opt to display both VLAN and Site key columns, each row will have a value in either the Site or VLAN column and a "-" in the other column. An exception to this occurs with multi-type modes such as vrf-site, as the row will have data populated for both key types (VRF and Site). Because the location key dialog includes all keys applicable to the summary table contents, it is possible to select display of key type that is not applicable for the currently active row. o If a key column is a type where the value is derived from packet data (such as VLAN) but the value is not found in the packet data, the lack of data is reported as "Unknown." For guidance configuring VLAN deployments, refer to the VLAN Services Monitoring Overview. o If a key column is a type where the value is defined and/or associated using nGeniusONE administrative tools, but this has not been done for the detected traffic, the value is reported as "Not Defined." This can occur for Location Keys such as Site and the Client and Server Community columns. In the latter case, definitions for addresses in the network must be configured using Global Settings>Enterprise>MyNetwork and associated Server
150
TROUBLESHOOTING ISSUES Communities and Client Communities. For more details on these refer to Understanding Communities. For guidance configuring Site deployments, refer to Site Monitoring Overview. o Note that for certain peer-to-peer applications, such as RTP, the source and destination addresses are both displayed in a single Community column since the concept of server is not applicable. Instead, RTP Monitor and Media Monitor offer the option to toggle community between, described in Change view mode, below. o If desired, specific addresses can be displayed for flows with Community-defined key values by hovering over the value to display a tooltip, or by drilling down to Session Analysis and, from there, Packet Decode. If the Community value is undefined, the tooltip displays "0.0.0.0." o In predefined monitors, Location keys are presented for both client and server directions. For monitors based on user-defined services that include Network Domains containing ONLY virtuals, the direction is specified to be either client or server at the time the service is created. Therefore, location keys for a user-defined service are only client or server. •
Switch to: Certain monitors have an option to change the data displayed in the Summary table. The icon function varies per monitor as described here: o Alternate Statistics: Many monitors display a set of specialized metrics, unique to analysis of the application type. When present in the monitor, this icon toggles display of the Summary table from the default mode with metrics specific for that monitor other formats. If more than one alternative mode is available, a pick list is displayed, otherwise the mode is toggled automatically to the format of the Universal Monitor.
Universal: Displays metrics applicable to most protocols in general; this view is not applicable or available for MDF Monitor, RTP Monitor or, when available, Media Monitor. Note that when Business Type Service Provider is enabled, the metrics and charts for Universal view in all monitors are adjusted to include session-relevant details. Advanced Voice Statistics: Displays more detailed statistics for voice signaling protocols; this mode is available in Call Server Monitor.
151
nGeniusONE 5.4.1 Online Help Topics Service View: In cases where the monitor was launched by selecting a Service either in a Dashboard or in the Services sub-tab of a Monitor Home tab, this option is available to display a set of metrics rolled up for the service itself rather than a breakdown by Monitored Element (ME), ME Group or Network Domain. Note that Service View option is not applicable for Certificate Monitor, MDF Monitor, or UC-based monitors (Media Monitor and RTP Monitor). The following features are not supported in this view:
Error code filtering
Hourly drill down
View options>Apply to All rows/selected rows Location keys (Community keys are supported) TCP Analysis: By default, monitors display metrics based on Key Performance Indicators. In some cases, it may be useful to see TCP metrics for the same flows. Use this option to view metrics and charts TCP attributes such as Latency, TCP Window Size, TCP Retransmissions, and Resets. This option is not displayed for UDP-based monitors. Also note that when the view is not applicable for certain protocols (such as SIP or Diameter) TCP metrics are not displayed in the table and charts of this view. Discover My Network / Discover My Network Media: (For Discover My Network module only) In this module, the Switch-to icon allows toggling between the default view of client-server applications and a view with media applications. o Community: (For RTP Monitor / Media Monitor only) This button displays a menu allowing you to toggle display of the Summary table contents between source, destination, source and destination results. Click the icon to select the desired mode (The currently active mode is shown in the table title). The following applies to these view modes: Source: Displays results associated with outbound traffic to the community displayed in the Source Community column. Destination: Displays results based on inbound traffic to the community displayed in the Destination Community column. Source and Destination: Show results based on both directions with the column labeled Community. The source and destination rows appear together initially (Your sort choices can change this ordering; see sort columns, below). Use the values in the Community
152
TROUBLESHOOTING ISSUES column to identify the traffic direction. Source community labels are annotated with :IN; for Destination community labels are annotated with :OUT. •
Drill down to hourly results: If you selected one of the time menu options exceeding a one-hour duration, this time drilldown icon is enabled on both the table and charts. To use this drilldown feature, select rows of interest in the table, then click the icon to open a Drilldown tab containing the data for originally selected rows for the same duration, but the data are now represented in rows of one hour at a time and charts of 5 minute granularity. Note that since this new tab is within the one hour or less duration limit, Session Analysis is enabled (it is disabled on the originating tab of duration exceeding one hour).
•
Customize view options: You can use this option to toggle display format of values in the Summary table. Note that, by default, certain fields are formatted as per nGeniusONE User Preferences. You can override these settings per monitor, in both the Summary tab and Session tab, then save settings if desired. Note that toggling these options causes column titles to change accordingly (e.g., ME Name to ME Alias). The options from this menu are: o Host Description: For Client and Server columns, the values can be toggled between Name, IP Address, or full Name with Domain. If a namebased option is selected and the nGeniusONE server has record of a DNSresolved name for that address, the name is displayed instead of the IP address. If no name is resolved, the IP address is still displayed. o Monitored Element: This toggle correspond to the way the appliance is configured in Device Management. From there, an administrator can provide an Alias and a Name, in addition to the device Address. Selecting Alias, Name or Address in the view options dialog changes the column title and, if the administrator provided a value other than IP address for these, the corresponding value is displayed. o Application Description: Use this toggle to change display of the value in the Application column between values defined in Global Settings (Short Name, Long Name, Port). In views containing Message-based extensions or child applications, the value in the Application column for those rows includes the parent application name prefixed with the message name (e.g., DHCP:Renew). You can opt to display just the message name for those rows (Message), if desired. Note that the column title changes to Message, but the rows that contain only applications still contain the application name. This option is not presented in specialized monitors / monitors toggled to specialized view because messages are only displayed with the default metrics associated with the Universal metrics set. o Response Time Latency: Toggle between displaying results in milliseconds (default) or microseconds. o Chart Resolution: Change units for chart based on the overall duration of the tab. For durations of three to less than seven days, you can toggle the charts to display resolution in units of 1 Day (default) or 1 Hour. If the overall duration is more than one hour but less than three days, you can toggle the charts to display units in 1 Hour (default) or 5 Min(utes). o Show service as (Service View only): In cases where the monitor was launched by selecting a Service either in a Dashboard or in the Services sub-tab of a Monitor Home tab, and is toggled to Service View, the View
153
nGeniusONE 5.4.1 Online Help Topics Options menu includes settings to switch the summary table from Aggregated (default setting, which displays results by service name) to Expanded mode. In the Expanded mode, a row is displayed for each Monitored Element (ME), ME Group, Network Domain, or Application Group. o Limit To (Universal View only): Use this new option to specify a metric against which initial results are pre-sorted before a user specified maximum (Top N) of those results are displayed. A minimum of 1 and maximum of 100K are supported for this setting. These configurable settings (sort and maximum) are preserved when Save Settings is used. Note that this “sort” is unrelated to the sort order of the table itself, which can be changed by clicking table column headings. •
Error Code Match : Use this icon to specify one or more (comma separated) error codes such as 404, 500, 503 upon which to filter displayed results. Upon clicking OK, the current original query is re-run with the new filter and a new column, Filtered Failure Count is available in the Customize Columns selector . Open this selector and add the column to display counts for cases where a row has matching values. A value of "0" indicates no matches; values greater than zero include matches for any of the provided codes. Use the filter reset icon to clear the currently applied error filter. The values in the Filtered Failure Count column are reset to "-."
•
The UC Conversation Launch UC Conversation View (Media Monitor only): view drilldown is active when the Community column is enabled from the Key Options dialog (use the options icon to display the dialog). Select the Conversation View icon to display a UC Server Conversations tab with the context of the row selected in the Summary table. Note that the UC Server features, including Media Monitor, are enabled only when the nGeniusONE Server is configured with a UC Server license.
•
Launch Streams View (Media Monitor only): Streams view drilldown displays a UC Server Streams tab with the context of the row selected in the Summary table. Up to 50,000 streams are queried to match the selection. Note that the UC Server features, including Media Monitor, are enabled only when the nGeniusONE Server is configured with a UC Server license.
•
Launch Related Monitor: Use this icon to open a relevant Service Monitor tab with context of the selected row. An option dialog is first displayed to allow you to select a specific monitor type. For example, if the application is SCCP, the monitors offered are Universal, Call Server Monitor, and Advanced Voice Statistics. For FIX traffic, the offered views are Trading and Universal. From Discover My Network Media view, the offered monitors are RTP Monitor and, if licensed for UC Server, the Media Monitor).
•
Launch nGenius Subscriber Intelligence (nSI): An icon to launch nSI is active and available for drilldown, with context, only when the nGeniusONE server is integrated with nSI and the selected row is applicable traffic.
•
Display Context: Use this icon to display a summary of the context used to generate the displayed results.
154
TROUBLESHOOTING ISSUES
•
Save / Reset settings: Use this tool to save and reset configurations changes you have made for Metrics, View Options, column sort order, and chart legend selections. o Save: This saves settings for this monitor and this tab for the current user. Settings are independent per tab. For example, in Traffic Monitor, the Summary tab settings are independent of the Conversation tab. In Call Server Monitor, the Summary tab settings are independent of the Session Analysis tab settings. o Reset: Use this option to revert the settings to the currently stored system defaults. The next time the monitor is opened, it will use the reset values (Reset does not modify the currently active monitor instance.) o Save for All / Reset for All: These options are displayed in the settings menu when users have the SYSADMIN role. These allow an administrator can configure settings for each monitor once for the entire server, then select the Save for All menu option. Those customizations become the new system default for each user. Users can subsequently create their own customizations. Future Save for All updates by the administrator do not overwrite customizations made by users, rather the internal “default” is updated and applied when non-administrative users select the Reset option. To restore settings to NetScout defaults, the administrator applies Reset for All.
•
Show more tools: When the browser is too narrow for display of the full set of icons in the toolbar, this icon displays to indicate that more options are available. Click the icon to display a pick list.
•
Navigate available results: The table displays up to 50 results at a time. When more than 50 rows match the query, the Page navigation icons on the upper pane’s status bar are enabled with icons to jump to the start or end, or to a specific page number, and to move forward or backward through the results. The status bar indicates which set of 50 is currently displayed, along with the total number of records
.
The columns of the Summary table include Monitored Elements, Application type, Location keys, and a set of metrics relevant to the service/protocol associated with that Monitor. For a detailed list of the metrics for each Monitor, refer to the nGeniusONE Metrics Guide associated with your release version. •
Resize columns: You can change the width of any column. Hover your mouse cursor over the vertical separator between the column headings until the cursor changes to a gripper icon, then click and drag to adjust.
•
Sort columns: Click the heading of any column to sort the Summary table by that field or metric. The entire table is sorted on that key, not just the currently displayed results. Click a column title multiple times to toggle sort order between ascending and descending.
Working with the Charts The types of charts vary based on the service/protocol associated with the specific Monitor. In addition, the contents of the charts vary based on selections made in the Summary table.
155
nGeniusONE 5.4.1 Online Help Topics Use the information below to understand the types of charts available in assorted monitors, how to customize and interpret chart data, and how to drill into more detail. Types of Charts The chart titles below are NetScout defaults. Users are permitted to customize chart titles and metrics so the following may not reflect your current environment. DNS / DHCP / LDAP / RADIUS / Database / Card Processing Monitors
• • • •
Latency Variation Over Time with Application Usage Failure (%) Over Time Total Requests Performance Variation Over Latency
Error Code Distribution | Information Distribution | Error & Information Distribution Call Server
• • • •
Latency Variation Over Time with Application Usage Failure (%) Over Time and Total Calls Performance Variation Over Latency
Error Code Distribution | Information Distribution | Error & Information Distribution Trading Monitor
• • • •
Response Time Over Time with Application Usage Rejects (%) Over Time with Active and Total Transactions Performance Variation over Latency
Error Code Distribution | Information Distribution | Error & Information Distribution MDF Monitor
• •
Message Over Time Message IFG and Message Loss Count
Radio Monitor (NBAP)
• • •
Trend of Dropped NBAP Connections Over Time Node B RTWP Distribution Node B Tx Power Distribution
SNMP Monitor
• • • •
Latency Variation Over Time with Application Usage Failure (%) Over Time Total Requests
• •
Stream Counters Over Time
• •
Absolute MOS Problems Over Time
Packet Loss Network Impairment Problems Over Time Jitter Network Impairment Problems Over Time | Error & Information Distribution
PDN Connection / Network Access Monitors
• • • •
Success and Failure Transactions Over Time Latency Over Time Error Code Distribution | Information Distribution | Error & Information Distribution
Response Time Distribution and Application Latency Over Time Cable Modem Monitor
• • • •
Server Load and Performance Server Response Time and Throughput Errors Errors Error Code Distribution | Information Distribution | Error & Information Distribution
Advanced Voice Statistics
• • • •
Success-Failure Over Time
• • •
Throughput Analysis Over Time
Call Summary Latency Variation over time with Application
Error Code Distribution | BYE Reason Code | CANCEL Reason Code | Failures & Reason Codes Radio Monitor (RRC) CPICH Ec/No Distribution Trend of RRC Dropped Connections and Percentage of Active Size
• CPICH RSCP Distribution NetFlow Monitor • •
Flows Over Time Flows Drops Events Over Time
Performance Variation Over Latency
Error Code Distribution | Information Distribution | Traps | Error & Information Distribution Media Monitor (UC Server license required)
• •
Stream Counters Over Time
• •
Degradation MOS Problems Over Time
156
RTP Monitor
Packet Loss Network Impairment Problems Over Time Level Payload Problems Over Time
Certificate Monitor
• •
Certificate Expiration Distribution Certificate Servers/Counters (table)
TROUBLESHOOTING ISSUES Discover My Network
• • • •
Transactions Over Time Throughput Over Time Response Time Over Time TCP Window Size Over Time
View Mode Chart changes Universal mode
• • • •
Transaction Success vs. Failure Server Response Time and Throughput Error Code Distribution | Information Distribution
TCP Analysis mode
• • • •
Universal mode (Service Provider)
Server Load
• •
Success and Failure Transactions Over Time
•
Error Code Distribution | Information Distribution | TCP Counters
Response Time Distribution and Application Latency Over Time
• Throughput and Response Time Over Time Service View mode
Network and Application Latency Window Size SYN vs SYN-ACK TCP Counters Distribution
• •
Success and Failure Transactions Over Time
•
Error Code Distribution | Information Distribution |Error & Information Distribution
•
Response Time Distribution and Application Latency Over Time
Throughput and Response Time Over Time
Discover My Network - Media
• •
Stream Counters Over Time
• •
Absolute MOS Problems Over Time
Packet Loss Network Impairment Problems Over Time Jitter Network Impairment Problems Over Time
Populating and Manipulating Charts Charts are automatically updated each time a new row is selected in the table. To plot data for multiple rows (up to 5), check the selection boxes for each row, then click the Compare icon
from the Summary table status bar.
In any chart, the source information associated with a data point is available by hovering your cursor over a bar or point on the chart (details provided below). Contents of the tooltip vary with each Monitor but typically include the packet-based timestamp, the source ME Location, the Application, Community label, if present, and the value of the corresponding metric
157
nGeniusONE 5.4.1 Online Help Topics For most charts, the primary metrics from each row are plotted in bars or stacked bars over time on the X-axis, with an overlaid line chart of one or more supplemental metrics (such as Response Time, Error Count, Stream Count). When results from multiple rows are displayed, the lines are differentiated by unique icons at each data point, rather than by color. Note that when the metrics for a single row are charted, the attributes are differentiated by color. When more than one row is selected, the attributes are differentiated by color and pattern (example below). In addition, the metric names in the legend are annotated with "N," where N corresponds to the selected row number in the table. A few options can be used to view charted details more clearly, if needed: - Maximize the chart to view the pattern variations - Disable different metrics (click labels in legend) - Zoom into details (click and drag over time) In the example below, the details are more visible by disabling Order New-3, which allowed the other metrics to scale accordingly, and by zooming into the chart (click and drag).
158
TROUBLESHOOTING ISSUES Note that when the number of entries for a chart legend exceeds the allowed space, a paging control is displayed below the chart legend area. The control includes an up and down arrow and the current page. Click the arrows to move forward and back through the pages of legends.
Following is a description of icons and actions available in all charts, except as noted: •
Expand/collapse charts: When the browser is scaled such that all charts cannot automatically fit, two charts are displayed with a gold down-arrow icon to the left of the chart title. This inactive icon alerts you that a chart is hidden. Toggle display of alternate charts by clicking the right facing white arrow icon or the title of the other chart. If you do not see the title bar of the hidden charts, you must change the browser size or scaling to display the title bars.
•
Create Session Analysis for selection: Use this icon to display correlated session results for the selected rows in a new tab. When a Session Analysis icon is available from the chart, drilldown from the chart passes the same context as from the table, with the exception that you can narrow your query using the chart. To subset information in a time-based chart, click and drag to zoom into a chart area. For pie charts, click a pie piece (click any pie piece to restore the original pie
159
nGeniusONE 5.4.1 Online Help Topics chart). Refer to Using Session Analysis Tabs for more information on using that new tab. •
Maximize / restore chart: For charts, these icons behave slightly differently than for the Summary table. The charts are maximized within the lower pane only. Use these icons to toggle display of a single chart in the entire lower pane area or to restore it and display all charts. These icons are not displayed when the browser is scaled down such that only two charts are visible.
•
Launch a Packet Decode tab: In some cases, such as the MDF Monitor, you can directly open a packet analysis tab (instead of first launching Session Analysis). For monitors that support this, select an individual item from the chart with this icon, and then select the icon to open a decode tab.
•
Customizing displayed details: o For time-based charts, click and drag to zoom into a more detailed view of the data over time. Click the Reset zoom popup to reset the chart. o Analyze Details (Error Distributions Only): Identify which reported error codes occurred the most frequently in the current view. The error codes in the legend of Error Distribution charts are ordered left to right based on the highest overall percentage contribution of that error to the total failures in the current view context. To view the percentage contribution of the errors, click this icon and select either the Top 10-Pie or the Snapshot view. The Snapshot view is a tabular list of all the codes, with sortable columns for Count, Relative % contribution of that error to the total errors for the selected flows, and the Absolute % (contribution of the error to the total transactions for the selected flows). To further analyze the specific error data, select one or more rows in this table, then click the Session Analysis icon on the chart. You can also use this menu to Enable All/Disable All of the codes in the chart, to simplify re-selecting just the codes of interest. (Note that the Snapshot table selections are for use in drilldown to Session Analysis, not to enable/disable codes in the chart itself; also note that selecting all error codes for drilldown here includes Session Status=3 (Failure) in the context rather than the individual error codes.)
o Choose Error Distribution: Use this option to toggle error based distribution charts between assorted views: Error Code Distribution (default) and Information Distribution, or a combination of both Error Code and Information on the same chart. Note that for Advanced Voice Statistics Monitor the combined option is instead Failures & Reason Codes Distribution. Also note that when the chart is in combined mode, the data types (such as errors versus information) are not differentiated in the chart, but are depicted when toggled to Snapshot (see Analyze Details above).
160
TROUBLESHOOTING ISSUES
o Toggle table view: This icon can be used to toggle the chart between graph and tabular form. o
Reduce Time: When overall Time of the view is set to any duration exceeding an hour, a time drilldown icon is enabled on the table and on time-based charts. Click this icon to open a new tab with a table and charts based the selected rows for the first hour duration in the Time menu or, ideally, after first narrowing down the duration of time by swiping a subset in a chart. o Measure Picker: When available on a chart, use this icon to display a dialog for toggling the underlying metrics of the chart to a different option (e.g., In Kbps, Out Kbps, TCP RTT (ms)). o Measure Configuration: This option allows you to customize the chart title and the measures on the left and right Y-axes of the charts. Select the metric and plot type (bar or line) for Y1 (left axis) and Y2 (right axis). The title of the chart can also be modified. The changes made in this dialog are preserved with Save Settings. You can select up to 7 measures in this dialog, however the measure Type for each of the two axes must be of the same type. For example, all of Y1 must be either Rate, Response Time or Count, not a combination. Selected measures are highlighted in blue for easy identification. This feature is not applicable to the Error Distribution charts and related views available within that chart type.
Note: To revert the chart, use the Reset icon in the Save Settings dialog, which resets the monitor to globally stored defaults. o Responsiveness (Universal Monitor only): Charts such as Server Load that are based on Response Time distributions include legends such as Fast, Degraded, and Slow. In Universal Monitor, these charts include an option to display the configured values for those Response Time Buckets, as
161
nGeniusONE 5.4.1 Online Help Topics defined in Global Settings > Responsiveness for the selected application.
o For any chart, click the legend label to disable/enable that item from display in the chart. o In pie charts, click a pie piece to isolate data in corresponding charts. If desired, click the disabled metric labels in the associated chart to view the hidden results for that application.
The following apply to Certificate Monitor charts: The OK, Warning, Critical status indicates whether the server has certificates in a specific expiration range based on configuration of the Certificate Application's Days to Expiration settings. By default, the settings are Critical: Expiration within 30 days; Warning: Expiration greater than 30 but less than 60 days; Ok: expiration greater than 60 days. Note that expiration status is based on the status as of 00:00 Hour GMT. Although you can navigate backward and forward in time, certificates that are updated during a 24-hour period retain the same status until the status table is purged and refreshed upon the next 00:00 Hour GMT. The following apply to Error Code Distribution charts: •
162
Click individual bars to include that error code in the context for Session Analysis drilldown. The code number (not the type of error) can be seen when you click the Session Context icon to display the full query details from the Session Analysis tab.
TROUBLESHOOTING ISSUES
•
Use the icon to toggle the chart display between distribution types: Error Code Distribution (default), and Information Distribution; for SNMP Monitor the options are Error Code Distribution (default), Information Distribution, and Traps. To drill down from the Information Distribution chart to Session Analysis, first select an individual information code.
To export all charts, use the export icon on the main toolbar of the monitor. Select the option for CSV (Charts), which creates a zip file containing a CSV for each separate chart.
163
nGeniusONE 5.4.1 Online Help Topics
Using the Measure Group Dialog (Monitors) As described in Using Service Monitor Summary Tabs, you can use the icon (when present) in a Service Monitor to customize how messages are grouped in application-based monitors.
Using Monitor Session Tabs (Monitors & Enablers) The Session Analysis tab provides a correlated view of flows selected for drilldown from the table or charts in the Summary tab of Monitors or Enablers (Session Analysis drilldown is not supported from Traffic Monitors). All flows related to the selection, within the specified time range, are retrieved and displayed. So, although you may have selected one or two flows, a more substantial number of related flows are typically displayed. For drilldowns
164
TROUBLESHOOTING ISSUES from the Summary tab table, the time range is based on the duration displayed in the table title. Drilldowns from charts support zooming into subsets of that duration before launching Session Analysis (refer to Working with Charts for details). Multiple session tabs may be launched from any Summary tab and multiple Packet Analysis (Decode) tabs can be launched from any Session tab. This topic provides guidance using the Session tab, which contains three panes: •
Session Overview: Summary of criteria for originally selected flows; use this pane to select a session for analysis in the other panes
•
Session Trace: Ladder diagram depicting correlated flows with response times for the selection made in Session Overview pane
•
Session Summary: This pane contains one or more tables summarizing characteristics of the entities associated with the session and flows comprising the session. A small set of performance metrics is included.
Note: •
Session Analysis drilldown is available from application-based Monitors and Enablers. This capability is not applicable for Traffic Monitors.
•
Use of this tab requires ASRs are enabled in Global Settings for the originally selected protocol and that the monitoring appliance is configured to collect ASR/xDR records. If this has not been done, or if ASRs are not available for the selected application, or application message (e.g., SNMP Traps), the monitor displays No Data. If needed, review the overview of prerequisites for using monitors.)
•
As with most panes in the Monitors, you can perform the following actions to change layout: o
Maximize/restore pane: Use these to toggle between display of only that one pane, or sharing the space between all three panes.
o
Expand/collapse pane: In some cases, an individual pane can be expanded or collapsed rather than maximizing it. Click these icons to show or hide a pane. When a pane is hidden, the other panes automatically scale to use the additional space.
o
Resize columns: (Not applicable for Session Trace) You can change the width of any column. Hover your mouse cursor over the vertical separator between the column headings until the cursor changes to a gripper icon, then click and drag to adjust.
o
Sort columns: (Not applicable for Session Trace) Click the heading of any column to sort the table by that field or metric. The entire table is sorted on that key, not just the currently displayed results. Successive sort is not supported. Click a column title to toggle sort order between ascending and descending.
Session Overview Table Use this table to select which session details to analyze in the Session Trace and Session Summary panes. Icons in the status bar of this table provide options for filtering and navigating within the displayed records. Icons also appear in the body of the table, in certain cases, to indicate status or other flow attributes. Refer to the following for guidance:
165
nGeniusONE 5.4.1 Online Help Topics •
Table icons: The following icons may appear in the Session Analysis Overview table. o
Multi-segment: In cases where the flow appears on multiple interfaces, this icon appears with the interface name in the ME column if those different interfaces are selected for drilldown to session analysis. This attribute can also be filtered, as indicated in Filter results below.
o
Status: The state of each displayed flow is either OK/Successful Error/Failed , Critical also filter on Status.
, In Progress
, or Aged out
,
. You can
•
Filter results: Narrow the results by filtering on specific values. If needed, click this icon again to display the currently set filter options. Add multiple filter options using the + icon. If desired, you can specify whether the query should match records with all the criteria or match any one of your multiple criteria. Click the Find button when ready to run the query. When a filter is in use, the icon is highlighted with a gold border. Note: In some cases, the list of filter elements includes options that do not appear to match the table column labels, such as Call Server and Call Server IP. These are provided to simplify the query process - use one for searching on hostname and the other for searching the same field using IP address. In the RTP Monitor and Media Monitor Session Analysis tabs, an additional filter element, Characteristics, is provided to allow you to isolate "single segment" or "multi segment" monitored elements (mixed case and substrings such as "multi" are supported).
•
Reset filter:
•
Customize displayed metrics: In addition to certain fixed columns (ME Location, Application, Server, and Client) the Session Overview table includes a collection of metrics of which only a subset is displayed by default. Use this icon to customize which metrics are displayed. The collection varies slightly based on monitor type and whether the monitor is toggled to TCP Analysis view; certain monitors and views include supplemental metrics (e.g., Card Processing includes PAN Number, Accessor ID, and Error Code). However, if a specialized monitor is toggled to the Universal view, a general set of metrics are available. Similarly, a monitor based on custom service created using the Service Configuration editor will only have specialized metrics if a specialized Monitor is used as the template; when "Universal" is used as the template, generic metrics are provided.
•
Export displayed results (CSV, PDF, RTF): one of three formats.
•
Toggle analysis based on session start: By default, the Sessions tab displays only those sessions that were active in the time duration of the Summary tab when the Session Analysis drilldown was performed. For some protocols, such as DNS, the whole session is likely to be represented in this duration and accordingly displayed in the ladder diagram. For other protocols, such as those for VoIP traffic, the start of the session may have occurred prior to the selected time duration, so only a portion of the needed information is mapped in the ladder diagram. Use this icon to display a dialog allowing you to toggle between displaying the set of session events from the start of the session through the end-time of the originally selected duration and displaying events for the original duration.
166
Clear the filter options.
Save the currently displayed data in
TROUBLESHOOTING ISSUES
•
Customize view options: Similar to the Summary tab, you can use this option to toggle display format of values in the Summary table. Note that, by default, certain fields will be formatted as per nGeniusONE User Preferences. You can override these settings per monitor, in both the Summary tab and Session tab, then save settings if desired. Note that toggling these options causes column titles to change accordingly (e.g., ME Name to ME Alias). The options are: o Host Description: For Client and Server columns, the values can be toggled between Name, IP Address, or full Name with Domain. If a namebased option is selected and the nGeniusONE server has record of a DNSresolved name for that address, the name is displayed instead of the IP address. If no name is resolved, the IP address is still displayed. o Monitored Element: This toggle correspond to the way the appliance is configured in Device Management. From there, an administrator can provide an Alias and a Name, in addition to the device Address. Selecting Alias, Name or Address in the view options dialog changes the column title and, if the administrator provided a value other than IP address for these, the corresponding value is displayed. o Application Description: Use this toggle to change display of the value in the Application column between values defined in Global Settings (Short Name, Long Name, Port). In views containing Message-based extensions or child applications, the value in the Application column for those rows includes the parent application name prefixed with the message name (e.g., DHCP:Renew). You can opt to display just the message name for those rows (Message), if desired. Note that the column title changes to Message, but the rows that contain only applications still contain the application name. Also note that this option is not presented in specialized monitors as messages are only displayed in monitors using the Universal metrics set. o Response Time Latency: Toggle between displaying results in milliseconds (default) or microseconds.
•
Display context: Use this icon to display a summary of the context used to generate this Session tab upon drilldown from the original tab.
•
Launch nGenius Subscriber Intelligence: This icon is present in all Session Analysis tabs, but is relevant for drilldown with context to nGenius Subscriber Intelligence (nSI) only when the nGeniusONE server is integrated with nSI and the selected row is applicable traffic.
•
Save / Reset settings: Use this tool to save and reset configurations changes you have made for Metrics, View Options, column sort order, and chart legend selections. o Save: This saves settings for this monitor and this tab for the current user. Settings are independent per tab. For example, in Traffic Monitor, the Summary tab settings are independent of the Conversation tab. In Call Server Monitor, the Summary tab settings are independent of the Session Analysis tab settings. o Reset: Use this option to revert the settings to the currently stored system defaults. The next time the monitor is opened, it will use the reset values (Reset does not modify the currently active monitor instance.)
167
nGeniusONE 5.4.1 Online Help Topics o Save for All / Reset for All: These options are displayed in the settings menu when users have the SYSADMIN role. These allow an administrator can configure settings for each monitor once for the entire server, then select the Save for All menu option. Those customizations become the new system default for each user. Users can subsequently create their own customizations. Future Save for All updates by the administrator do not overwrite customizations made by users, rather the internal “default” is updated and applied when non-administrative users select the Reset option. To restore settings to NetScout defaults, the administrator applies Reset for All. •
Show more tools: When the browser is too narrow for display of the full set of icons in the toolbar, this icon displays to indicate that more options are available. Click the icon to display a pick list.
•
Navigate available results: The table displays up to 50 results at a time. When more than 50 rows are available, the Page navigation icons on the Session Overview pane's status bar are enabled with icons to jump to the start or end, or to a specific page number, and to move forward or backward through the results. The status bar indicates which set of 50 is currently displayed, along with the total number of records.
Session Trace Diagram The ladder diagram and data in this table are generated based on selections in the Session Overview table. Specific actions you can perform in this table are: •
By default, the values in Relative Time column reflect the earliest timestamp in milliseconds relative to the beginning of the selected session. If the Overview table has been toggled to display results from the Session start, then these values are represented as absolute time. Hover over the values to display the time in traditional notation.
•
Drill into packet details by clicking one of the addresses displayed in the column header of the ladder diagram (depicted below). A new Packet Analysis tab opens, based on the selected context. Note that you can change the context of this chart prior to decode using the Session start time icon open a Decode using the Decode icon
168
described above. You can also
on the title bar of this pane.
TROUBLESHOOTING ISSUES
Session Summary The contents of this pane vary based on the type of monitor, the selections made in the Overview pane, and whether the toggle to display start packets is active. For most monitors, the summary is split into two tables as described below. For the RTP Monitor and Media Monitor, these are merged into a single table, augmented with performance metrics. •
Session Information: This table includes identifying criteria for the specific session. Contents vary based on the type of traffic. For example a DHCP summary includes Host Name, Client and Server IPs, Relay IP, Domain, et cetera. The Call Server summary information table includes contents such as the Calling Party, Called Party , Call Reference Value, Conference ID, and Calling/Called Party Dial Plans. Note that when Session Analysis is launched from a monitor toggled to TCP Analysis view, this table includes additional TCP metrics.
•
Flow Information: This table includes an address:port number pair along general performance metrics (byte and packet counts for both directions between client and server, as well as retries and timeouts) for each monitored element at the Client end points in the Session Trace.
Note: The combined Session and Flow Information table for RTP Monitor and Media Monitor provides the Monitored Element (Interface), Source/Destination addresses, SSRC, Duration of the flow, and associated codec, along with performance metrics (such as IP MOS and Jitter).
Using Packet Decode Tabs From most monitors, you can follow a workflow to drill down to the packet level for forensic analysis after isolating traffic to one hour or less, as follows: •
From the Summary tab of a Service Monitor/Enabler that supports Session Analysis, you can open a Session tab, and from there you can launch a Packet Decode tab. In certain cases, such as in MDF Monitor, it is possible launch decode directly from the Summary tab. When applicable, an icon is displayed on the chart toolbar. Multiple decode tabs can be launched from any Session tab.
•
From the Traffic Monitor charts that display Application statistics you can select a single application and then launch a Packet Decode tab using the icon. You can launch multiple decode tabs. Note that although these monitors provide a variety of perspectives into the data (Applications, Application Groups, Locations, MEs, Network Domains), decode can only be launched on individual applications.
•
From a UC Streams view tab or UC Single-Call view tab.
•
From the Host Analysis module.
•
From the Discover My Network module.
•
For encrypted traffic, decryption will occur automatically upon drilldown from the above modules if the user's role is enabled for Packet Analysis - User Decryption and SSL key configuration has been done. To view the packets without decryption, use the Packet Analysis Data Mining Module.
169
nGeniusONE 5.4.1 Online Help Topics After you isolate packets and select decode, the results are displayed in the new Packet Decode tab in three panes that, together, illustrate the various protocol layers embedded in a frame. Use the following as a guide for the actions you can perform in each of these panes: •
Packet Summary pane
•
Packet Detail pane
•
Packet Hex pane
Packet Summary Pane The Packet Summary pane displays several packets at once, providing a condensed view of the decoded packets’ source and destination addresses, the highest layer protocol in each packet, and various timing information. Although each packet is abbreviated and condensed, you can see at a glance the sequence and context of the frames. You can then examine individual packets in greater detail or skip over them. Usage Scroll through the entries in this pane to identify a row of interest. Select a packet row to update the Packet Detail pane and Packet Hex pane with decode information for the selected frame. Toolbar In addition to using the Summary pane to select packets for display in the other panes, you can perform the following actions using the toolbar located in the Packet Summary pane.
•
Navigate decode sessions: Each time you apply a Quick filter or Custom filter (see below) in the current decode tab, a new entry is added into this navigation list. Click the icon to display a dialog with a list of each decode session for this tab. Within the dialog you can edit and navigate between the original decode results and filtered results. To edit a session name or delete a decode session use the icons to the far right of that session title.
•
Stop Mining:
170
This stops data mining and returns the accumulated results.
TROUBLESHOOTING ISSUES
•
Launch Quick Filter: trace data.
•
Launch/apply a custom filter: Use this icon to open the Filter Builder to access a tool allowing you to create and apply custom, shared or local filters.
•
Launch Bounce Chart: Open a tab illustrating the flow of packets exchanged in the stream to which the selected frame belongs. Guidance for understanding and using the chart is provided in Viewing Data Mining Bounce Charts.
•
Launch Enhanced Decode: Launches the Enhanced Decode view to display additional information on TCP packets.
•
Compare Two Decode Windows Side by Side: Launches the Compare Decode view to allow you to view the contents of two packets side by side.
•
View Display Options: following options:
Apply a Context, Connection, or Application Filter on the
Adjust the granularity of displayed data with the
o
Time: Select seconds to nanoseconds and whether view all layers or just the top layer in the Summary View pane. It also allows you to filter out unresolved packets.
o
Layers: This option affects the value in Interpretation column. Select All Layers to display one line for each protocol level in a frame. Select Top Layers to display only one line (for the highest enabled protocol level).
o
Resolved / Unresolved: Select whether to display of name or IP address in the Source and Destination columns of the decode summary pane.
o
Column Display: Allows you to adjust how columns display on your screen.
o
Relative Mark: Mark a packet as a baseline for timing packets.
•
Save Packets as a Trace: If desired, you can save the selected packets to a trace file. Refer to Using Remote Save for detailed steps.
•
Launch Decode As: Launch the Decode As tool to map port numbers for specific applications in your decode.
•
Apply IP Security Decryption Configuration: on encrypted packets.
Launch IP Security Decryption
171
nGeniusONE 5.4.1 Online Help Topics •
Navigate frames: These tools allow you to navigate through the set of frames associated with the packet.
•
More:
The More button displays a menu with the following options: o
o
Export (Print to File) Column Management
Fields/Columns The Packet Summary pane includes the following fields for each displayed packet (fields marked with * are displayed by default; all fields, except Packet, can be added or removed using the Customize columns option: Field
Description
Packet*
The Summary panel lists frames sequentially in the same order in which they were received. Each frame is assigned a sequential number to simplify navigation. You can move quickly to a particular frame number by entering it in the Go To Frame tool at the top of the pane.
Absolute Time*
The time when the last byte of the packet was received. At that time, nGenius InfiniStream timestamps the packet. All other time displays are based on this value.
Delta Time*
The interval between the current frame’s timestamp and that of the preceding frame.
Size*
The length of the packet, not including the CRC bits.
Source*
The source address for this packet: By default, the Summary pane shows the network layer address, if present. If it is not present, the MAC address is shown.
172
Destination*
The destination address for this packet. Destination addresses are shown in the same way as source addresses.
Interpretation*
An abbreviated description of the packet’s contents. The exact data shown will depend on the packet, but may include destination and source port numbers, ACK numbers, sequence numbers, and so on. The protocol layer information displayed in this column can be adjusted using
TROUBLESHOOTING ISSUES the View Options icon (see above). Status*
Displays a packet status if the packet is one of the following: ACK, PSH, RST, FIN
Capture Size
Displays the amount of packet data captured (this may be less than the actual packet size)
Relative Time
You can select a particular packet in a data trace as a baseline for timing packets (by default, the Relative Mark is set for the first packet). The Relative Time column calculates the time difference (up to the nanosecond) from the marked packet. Packets above the marked packet display negative numbers and packets below the marked packet display positive numbers.
Source Mac
MAC address of the source system
Destination Mac
MAC address of the destination system
Source Port
Port number coming from the source system
Destination Port
Port number going into the destination system
Interface
Interface number from which the data was captured
Cumulative Bytes
Total bytes of the data capture (increments with each subsequent packet)
Custom
Columns created using the Customizing Columns for Data Mining
Packet Detail Pane The Packet Detail pane displays and interprets each protocol layer of the packet currently selected in the Packet Summary pane. The first line in the Detail pane provides some metadata on the decoded packet – the frame number assigned to it in the Packet Summary pane, its length as displayed, and its length as captured. Any difference between the two length values is the result of packet slicing on the capturing nGenius InfiniStream appliance. Following the packet metadata, the layers of the frame are arranged with the lowest protocol layer displayed first (top of the pane) with the remaining frames displayed in sequence down to the highest protocol layers. Initially, each of the layers is shown with a one-line summary. Here are actions you can perform in this pane: •
You can cascade open layers (double-click) to see the full interpretation of each field and parameter in that layer (VLAN tags, TCP header fields, application layer commands, et cetera).
•
As you expand packets in this pane and select different layers or fields (by dragging mouse to highlight), corresponding records update in the Packet Hex pane. Use this to identify which hex code corresponds to which layer or field in the packet.
•
Icons are also provided to Expand / Collapse and to Print the entire detail.
173
nGeniusONE 5.4.1 Online Help Topics
Packet Hex Pane This pane shows both the hexadecimal and ASCII interpretation of the frame selected in the Packet Summary panel. The highlighted area in the Packet Hex panel updates according to selections made in the Packet Detail panel, allowing you to map that code to a specific layer or field. Each byte is displayed as two hex characters, 00 to FF, with a blank between successive bytes. The bytes are arranged 16 to a row in a full-width table. The far left column shows the offset from the beginning of the packet, which allows you to readily calculate each field’s location in the packet. The ASCII portion of the panel shows the translations for the hex codes using either ASCII, Extended ASCII, or EBCDIC transliteration. An icon is also provided to Print the currently displayed Hex data.
174
TROUBLESHOOTING ISSUES
Working with Traffic Monitors The Traffic Monitor category of monitors (Link Monitor and Application Monitor) has common features that can be described independently of the monitor you are using. These topics provide general guidance on working with these monitors, both of which are available from the nGeniusONE Console. Note: The Traffic Monitors are supplied data from InfiniStream appliances enabled for ASI classification (asi_mode=ASI or hybrid) and for which appropriate additional configurations have been made. For an overview of monitors and how to access them, refer to the Overview of nGeniusONE Monitors. Link Monitor: Primarily useful for analyzing anomalous conditions affecting network performance such as unexpected/unidentified application traffic and link health based on specific indicators. Application Monitor: Primarily useful for analyzing network performance based on behavior of specific applications / application groups, or application behavior in certain network locations. Each Monitor opens with a Home tab. Actions performed here trigger launch of a Summary tab, where primary analysis is done. If needed, from certain views, deeper analysis of a selected application can be done by launching a Packet Analysis tab for that context. Conversation tabs are also available for source/destination and host activity analysis. •
Using the Home Tab: Use this tab to select the Monitored Elements or Network Domains of interest, or to launch help for the monitor.
•
Using the Summary Tab: The summary tab provides an at-a-glance view of network performance metrics with options to visualize more detail.
•
Using the Conversation Tab: The Conversation tab provides a quick method of assessing the source/destination conversation and host activity.
•
Using the Packet (Decode) Analysis Tab: From certain chart views in Traffic Monitor, you can drill down further into this tab for deep-dive packet decode and analysis.
Note: Use of the Monitors requires your environment be configured appropriately.
Navigating Monitor Views When you create a monitor view from the Home tab of a monitor, its summary tab is displayed along with tools to simplify navigating the additional tabs/views you may open while working in the monitor. Each time you Launch a view from a monitor home tab, that view is listed separately in the View navigation menu available by clicking the monitor name at the top left. Each time you launch a sub-tab within a view, a blue button for that sub-tab is added to the tab navigation menu along with a blue icon at the left of the monitor main display area. The example below illustrates this using the Universal Monitor, however the functionality is the same in all monitors, including Traffic Monitors. This topic reviews how to use the View navigation menu to switch between Monitor instances and to use the Tab navigation menu to switch between sub-tabs and to close
175
nGeniusONE 5.4.1 Online Help Topics sub-tabs.
View Navigation •
To display the list of views: Click the title at the upper left of the monitor. To hide the list without changing the active view, click the title again. The example above shows the Universal Monitor with views for individual monitors or services opened from the Universal Monitor Home tab. Since the Universal Monitor displays all monitors and services other than Traffic Monitor and Discover My Network, the example shows the user has opened a variety of Monitor views: Call Server, RTP, and Advanced Voice Statistics. The active view, in blue, is Call Server. If the user had opted to open an individual monitor, such as Call Server, it would display in a separate tab. In the example below, the user has opened assorted Call Server views based on services created for different geographies:
176
TROUBLESHOOTING ISSUES
When the monitor has been opened from drilldown through the nGeniusONE Console Search & Discover tool, the title of the view is the context of that drilldown. In the example below, a search was conducted for DNS, then DNS Monitor was selected for drilldown. The DNS Monitor is opened, with the context of the last hour, and with DNS and the selected interface. The interface is used as the view name.
•
To switch between views: From the view selection menu, click the title of the view you want to display.
177
nGeniusONE 5.4.1 Online Help Topics •
To close a view: You can either close the entire monitor by clicking the X on the tab in the nGeniusONE Console, or you can close individual monitor views. From the View navigation menu, click the X on the view title. Note that closing the view also closes all its associated sub-tabs (Session Analysis and Packet Analysis, for example). A prompt displays to confirm that you want to close the entire view, including its tabs. To close individual tabs, see below.
•
To create a new view: Click the menu option for Open New View to display the Home tab. Alternatively, click the Home icon tab navigation pane (described below).
at the bottom left of the monitor's
Tab Navigation Each monitor has a collapsible navigation pane to the left side of the main display area. Each time you open a tab or sub-tab within a monitor view, a blue or gray vertical bar is added to the left navigation pane. You can navigate between sub-tabs of the view by clicking the colored bars, or by expanding the navigation pane and clicking the tab label, as illustrated below.
•
Expand or collapse the tab navigation pane: Click the navigation icon aligned to the top left row of the monitor contents. Click it again to collapse the pane. You can navigate the tabs in either mode.
•
Navigate tabs/sub-tabs: Click the label or colored bar to load the tab into the view.
•
Close a tab / sub-tab: Parent tabs are grey; child tabs (sub-tabs) are shades of blue. Closing a parent tab will also close the child tabs, as described below. You
178
TROUBLESHOOTING ISSUES cannot close the Summary tab. To close a tab, expand the navigation pane and click the X to the right of the tab name. In the example above, clicking X on either of the Session tab labels closes the individual Session Analysis tabs. Clicking the X on the Drilldown tab label closes the Drilldown tab (Hourly drilldown from the Summary tab) and the three tabs below it (Sessions, Packet Decode, Packet Decode). There is no confirmation when you close a tab group such as the Drilldown set.
Using a Traffic Monitor Home Tab Traffic Monitors are used to perform analysis primarily of the overall network, rather than specific applications, although isolation of general application behavior is possible within these monitors. For this reason, the Traffic Monitor Home tab only requires selection of Monitored Elements or Network Domains, rather than a Service or Monitor type. Following is an overview of the Home tab for Traffic Monitors. (The Traffic Monitor Home tab differs from the Service Monitor Home tab, described separately. The Home tab is used to define the query criteria and to provide help access to a help link for that monitor. Return to the Home tab to perform additional queries (each time you click the Launch button, a separate query is performed and a new Summary tab is opened). Following are guidelines for using the Home tab.
179
nGeniusONE 5.4.1 Online Help Topics Icons/Buttons Help: If you require help while using the Monitor, navigate to the monitor's Home tab and click the help icon
, located at the far right of the tab title bar.
Refresh Lists: If a monitored element or network domain has recently been added to your nGeniusONE Server, it may not appear in the above lists. Click the Refresh icon
to update the lists.
Return: If you access the Home tab using the home icon from within monitor view, you can return to that previous view using the Return icon to monitors for which you have already opened a view.
. This icon applies only
Search: You can search within the Monitored Elements and Network Domain tabs by typing in the search field above the tabs, indicated with a text string and icon . Select the tab you want to search, then click to select the search field and type a search string. Launch: After you have selected one or more elements, click the Launch button to perform the query. A new view opens with a Summary tab to display the results to be analyzed. Note that the Home tab can be used to create multiple views with unique context. You can return to the Home tab from any sub-tab in any view and can also navigate between different views. For details, refer to Navigating Monitor Views. Elements Monitored Element list: This list, selected by default, is populated with InfiniStream appliances configured for classification of ASI metrics that are known to the nGeniusONE Server. Select one or more interfaces. Network Domain list: As a convenience, you can opt to select interfaces based on network domain. Note that for domains created with virtual interfaces, the data for the physical interfaces is reported in Traffic Monitors, not data from the virtuals. Also note that if an ME Location is valid but currently unavailable (upgrade in progress or other temporary condition), the address is annotated with an "(*)." When more than one monitored element or domain is available the following selection methods apply: •
Filter the displayed elements by entering a string to match in one of the fields: Name, Address, Alias.
•
Click the column title to sort the list by that field.
•
Click individual rows to highlight and toggle the checkbox for that row to on or off.
•
Click the checkbox above the list of elements to select all elements
Using Traffic Monitor Summary Tabs This topic provides guidance using the Summary tab from either Traffic Monitor (Link or Application). Although some instructions here are applicable to all monitors, for specifics on Service Monitors, refer instead to Working with Service Monitors. The Summary tab contains two panes, a table in the upper pane and a set of charts in the lower pane. Each time a query is performed from the Home tab, a new Summary tab is
180
TROUBLESHOOTING ISSUES displayed, titled with the same monitor name. Use the ME Name and the Time duration (see below) to discern the difference between tabs of the same name. The Summary table for both Traffic Monitors (Link and Application) is the same -- it contains Monitored Elements and throughput metrics. The function of the two monitors varies based on options for displaying data in the charts. Use the section below to understand how to work with the summary table and associate icons to customize the results displayed in the charts.
Working with the Summary Table The title bar and status bar of the this table provide several means of analyzing and filtering results in addition to driving the contents displayed in the associated charts. Here are descriptions of the actions you can perform in Monitor tables. The options on the toolbar of the Summary Table pane allow you to perform the following actions: •
Customize time: Use the time toolbar to adjust the duration of results you want to display at a time, and to move forward and backward through time, by defined increments.
o Duration: To change the overall duration of the chart, which is set to "1 Hour(s)" by default, click the duration menu. For all menu options other than User Defined, the duration is preset and displayed in the time duration pane. To customize the time to a value other than a preset, choose User Defined, then use the Calendar icon to change the Start date and End date, then use the time selectors to specify hour and minutes for both start and end.
181
nGeniusONE 5.4.1 Online Help Topics
Note the following guidelines: The overall duration cannot exceed 31 days (Note that the Discover My Network module is restricted to one hour durations.) The Hour and Minute values are validated against the duration set for Chart Resolution in the View Options menu (described below). In cases where the chart resolution is a day, then User Defined time must be a 24-hour boundary; when it is 1 Hour, the Minutes must be 00. Chart Resolution Setting > 7 Days and <= 31 Days
1 Day
Start and End HH:MM must be on the 24-hour boundary: 12:00AM
>= 3 Days and <= 7 Days
1 Day
Start and End HH:MM must be on the 24-hour boundary: 12:00AM
1 Hour
Start and End HH:MM must be HH:00 (minutes must be 00).
1 Hour
Start and End HH:MM must be HH:00 (minutes must be 00).
5 Min
Required if duration in Time Dialog is in any increment other than 00
> 1 Hour and < 3 Days
182
Impact on User Defined Time
TROUBLESHOOTING ISSUES Time Shift: To change the default time shift of 1 Hour, click the "Shift by" menu and select 5, 15, 30 minutes. Click the time stamps on left and right side of the time toolbar to move forward and back by that increment. Note that time shift is not available after drilldown to hourly data (see below). After the table and charts reload, if you selected a menu option that toggles results for more than a one-hour duration, the time drilldown icon is enabled. The time drilldown icon available from the Summary table opens a new tab for all selected rows limited to a one-hour duration. The new duration of time is indicated in the title of the table, and the nudge menu (see above) is restricted to one hour. •
Expand/collapse table: Click these icons to show or hide the Summary table. When the table is hidden, the charts automatically scale to use the additional space.
•
Maximize/restore table: Use these to toggle between display of only the upper pane / Summary Table and a split display of the upper pane Summary table and the lower pane with charts.
Additional options on the Summary table toolbar allow you to perform the following actions: •
Filter results: Narrow the results by filtering on specific values for each displayed field. If needed, click this icon again to display the currently set filter options. Add multiple filter options using the + icon. If desired, you can specify whether the query should match records with all the criteria or match any one of your multiple criteria. Click the Find button when ready to run the query. When a filter is in use, the icon is highlighted with a gold border.
•
Reset filter:
•
Customize displayed columns: In addition to certain fixed columns, each Monitor has a collection of metrics of which only a subset is displayed by default. Use this icon to customize which metrics are displayed in the Summary table.
•
Export displayed results (CSV, PDF, RTF): data in one of three formats.
•
Drill down to hourly results: If you selected one of the time menu options exceeding a one-hour duration, this icon is enabled. To use this drilldown feature, select rows of interest in the table, then click the icon to open a Drilldown tab containing the data for originally selected rows for the same duration, but the data are now represented in rows of one hour at a time (the specific hour for each row is listed in a new Time column) and charts of 5 minute granularity.
•
Customize view options: You can use this option to toggle display format of values in the Summary table. Note that, by default, certain fields are formatted as per nGeniusONE User Preferences. You can override these settings per monitor, then save settings if desired. Toggling these options causes column titles to change accordingly. The options from this menu are:
Clear the filter options.
Export the currently displayed
Monitored Element: This setting corresponds to the way the appliance is configured in Device Management. From there, an administrator can provide an Alias and a Name, in addition to the device Address. Toggling Alias, Name or Address in the view options dialog changes the column title and, if the administrator 183
nGeniusONE 5.4.1 Online Help Topics provided a value other than IP address for these, the corresponding value is displayed. Chart Resolution: Use this option to change units within charts based on the overall duration of the tab. For durations of three to less than seven days, you can toggle the charts to display resolution in units of 1 Day (default) or 1 Hour. If the overall duration is more than one hour but less than three days, you can toggle the charts to display units in 1 Hour (default) or 5 Min(utes). Network Domain: If the monitor view was opened with a Network Domain rather than Monitored Elements, you can select Expanded in this dialog to reveal monitored elements aggregated in the all the displayed network domains. To change the view back to Network Domains, select the Aggregated option in the View Options dialog. •
Save / Reset settings: Use this tool to save and reset configurations changes you have made for Metrics, View Options, column sort order, and chart legend selections. o Save: This saves settings for this monitor and this tab for the current user. Settings are independent per tab. For example, in Traffic Monitor, the Summary tab settings are independent of the Conversation tab. In Call Server Monitor, the Summary tab settings are independent of the Session Analysis tab settings. o Reset: Use this option to revert the settings to the currently stored system defaults. The next time the monitor is opened, it will use the reset values (Reset does not modify the currently active monitor instance.) o Save for All / Reset for All: These options are displayed in the settings menu when users have the SYSADMIN role. These allow an administrator can configure settings for each monitor once for the entire server, then select the Save for All menu option. Those customizations become the new system default for each user. Users can subsequently create their own customizations. Future Save for All updates by the administrator do not overwrite customizations made by users, rather the internal “default” is updated and applied when non-administrative users select the Reset option. To restore settings to NetScout defaults, the administrator applies Reset for All.
•
Change view modes: Use these icons to change the mode in which the data is presented in the charts: Application Monitor o Application Mode: Data grouped by detected applications for the monitored element row selected in the Summary table. In this mode, when you select a specific application pie slice, the Top 10 Applications and Link Usage Over Time chart updates to Top 10 Locations and Link Usage Over Time for just that specific application. The new chart includes a Location Keys icon that allows you to further isolate details for that application's Link Usage. In cases where multiple keys are present in the data (such as VLAN and QoS), use this icon to select a specific location. Also note that in this mode, IP_OTHER applications are depicted as a category. Drilldown to Packet
184
TROUBLESHOOTING ISSUES Analysis is supported when you select a single application from one of the charts. o Application Group Mode: Data are displayed by application groups. In this mode, drilldown to Packet Analysis is supported after you toggle the right-side chart to Application Mode and select a single application. o Location Mode: The charts present data grouped by detected location keys for the monitored element rows selected in the Summary table. In this mode, a Location Keys icon is displayed on the Traffic Distribution chart, allowing you to select which key types to display (applicable in cases where multiple keys are present in the data, such as VLAN and QoS). In this mode, drilldown to Packet Analysis is supported after you select a single location. Link Monitor o Application Mode: Data grouped by detected applications for the monitored element row selected in the Summary table. Note that in Link Monitor, selecting an application/pie slice does not add a location key toggle to the companion Top 10 Applications and Link Usage Over Time chart as it does in Application Monitor, which is specifically designed for application/location analysis; this monitor is intended for application link usage analysis. In this mode, IP_OTHER applications are depicted as a category. Drilldown to Packet Analysis is supported when you select a single application from one of the charts. o Discovered Applications Mode: Displays TCP/UDP/IP traffic occurring on server-based ports that does not match any of the defined and active applications in Global Settings. The port number and a name, if available, are displayed with ingress/egress packet and octet statistics. If the port is defined in Global Settings, but deactivated, the defined name is displayed. If no matching port is found in Global Settings, but an IANA application type matches the port number, the IANA application type is displayed. If neither of those occurs, the protocol type and port number are used as the application name. To change whether an application is classified as IP_OTHER traffic, use the Global Settings Traffic Discovery tab. Note: This feature relies on an ASI table being enabled. It is on by default, however if no data displays in this tab despite having IP_OTHER traffic, ensure that set asi disc_table is set to on. Also note: Up to 5000 entries are maintained for active traffic and available for display in the Link Monitor; the top 1000 of these by volume are displayed in the Global Settings Traffic Discovery tab. Further, this is a subset of traffic categorized as IP_OTHER; heuristics are used to prevent false positive matches, so only server-based ports are matched. As a result, the total IP_OTHER traffic will be more than the total Discovered Applications table. Drilldown to Packet Analysis is supported when you select a single application from one of the charts. o Vital Signs Mode: Toggles the bottom left chart to a table containing link layer traffic indicators for the selected element in the Summary table. Includes throughput statistics for criteria such as packet types (Unicast, Multicast, Broadcast), packet size distribution, and physical
185
nGeniusONE 5.4.1 Online Help Topics link layer errors, such as CRCs and fragments. It also accounts for some internal packet processing issues as drops and duplicate packets intentionally dropped with span duplicate heuristics. This mode does not support Packet Analysis drilldown. o Granularity Drilldown Mode: Toggles bottom left chart to Link Usage Over Time with next highest granularity based on the current duration, and then step down all the way down to millisecond granularity. In conjunction, the right chart is updated to Traffic Distribution by Application for that same granular time. For example, if the monitor is set to a duration of 1 hour, this toggle changes the chart to Link Usage Over Time at 5 minute granularity. The chart includes an icon to continue increasing granularity as needed. Details for working with charts in this mode are described below. Note that the Discovered Applications Mode and Vital Signs Mode are designed to retrieve link-based statistics. In cases where the selected row is a Network Domain that contains one or more Location Keys in its service definition, the charts display no data since the statistics were not logged by link for that service. See Working with the Charts, below, for more guidance. •
Launch Conversation View: Use this icon to open a Conversation tab with context of the selected row. Note that the Conversation view includes up to 100 conversations based on the In/Out Octets, overall. Optionally, select a specific application from a chart and then use this icon from the companion chart toolbar to limit the Conversation view to only the conversations for that application. If a conversation you are interested in is not displayed in this view, use the Search & Discover tool to query for one of the specific hosts in that conversation.
•
Show more tools: When the browser is too narrow for display of the full set of icons in the toolbar, this icon displays to indicate that more options are available. Click the icon to display a pick list.
•
Navigate available results: The table displays up to 50 results at a time. When more than 50 rows match the query, the Page navigation icons on the upper pane’s status bar are enabled with icons to jump to the start or end, or to a specific page number, and to move forward or backward through the results. The status bar indicates which set of 50 is currently displayed, along with the total number of records
.
•
Resize columns: You can change the width of any column. Hover your mouse cursor over the vertical separator between the column headings until the cursor changes to a gripper icon, then click and drag to adjust.
•
Sort columns: Click the heading of any column to sort the Summary table by that field or metric. The entire table is sorted on that key, not just the currently displayed results. Click a column title multiple times to toggle sort order between ascending and descending.
Working with the Charts The types of charts vary based on the service/protocol associated with the specific Monitor. In addition, the contents of the charts vary based on selections made in the Summary table.
186
TROUBLESHOOTING ISSUES Use the information below to understand the types of charts available in assorted monitors, how to customize and interpret chart data, and how to drill into more detail. Types of Charts Link Monitor
• •
Traffic Distribution by Application
•
Traffic Distribution by Discovered Applications
•
Top 10 Applications and Link Usage Over Time
Top 10 Discovered Applications and IP_OTHER Usage Over Time
• •
Traffic Distribution by Vital Signs
• •
Link Usage Over Time
Application Monitor
• •
Traffic Distribution by Application
• • • •
Traffic Distribution by Application Group
Top 10 Applications and Link Usage Over Time
Top 10 Application Groups and Link Usage Over Time Traffic Distribution by Location Top 10 Locations and Link Usage Over Time
Vital Signs - Metric and Link Usage Over Time Traffic Distribution by Application
Populating and Manipulating Charts Charts are automatically updated each time a new row is selected in the table. In any chart, the source information associated with a data point is available by hovering your cursor over a bar or point on the chart (example below). Contents of the tooltip vary with each Monitor but typically include the packet-based timestamp, the source Monitored Element, the application, and value of the corresponding metric.
187
nGeniusONE 5.4.1 Online Help Topics
For most charts, the primary metrics from each row are plotted in bars or stacked bars over time on the X-axis, with an overlaid line chart of one or more supplemental metrics. Selecting an item in the left-side chart typically updates the right-side chart to a more granular analysis. The following can be used to view charted details more clearly, if needed: •
Measure Picker: When available on a chart, use this icon to display a dialog for toggle the underlying metrics for the chart to a different option (e.g., Volume, Packets, % Utilization).
•
Select Location Keys: This icon, when present, is useful when the chart includes content from more than one Location Key type. Use this dialog to switch the chart to alternate location key types. To disable individual detected values for that key type (e.g., VLAN-243, VLAN-101), use the legend icons on the bottom of the chart. The icon appears when Location Mode is active from within Application Monitor. Note that because the location key dialog includes all keys applicable to the summary table contents, it is possible to select display of key type that is not applicable for the currently active row.
•
188
Launch Decode: This option is displayed from either Traffic Monitor in the Top 10 "Application-based" charts in which you are able to select an individual application (not applicable for Application Groups, Locations, or ME Groups ). To drill into packets from this icon, first ensure the monitor duration does not exceed one hour,
TROUBLESHOOTING ISSUES select a single application from the chart, then click the decode icon. A separate packet (decode) analysis tab displays. For views based on Network Domains, you can perform a decode if you first use the View options dialog to change the view to Expanded mode. •
Toggle Resolution:
This icon is displayed on the lower left chart when the
Toggle Granularity mode icon is selected from the monitor toolbar. In the chart, this icon can be used to incrementally drill down into a selected data point all the way down to millisecond granularity. For views based on Network Domains, you can use this feature if you first use the View options dialog to change the view to Expanded mode. The drilldown granularity start point varies depending on the original duration of time in the monitor. Here are the sequences and actions available in this chart: Starting Durations: When the monitor time is set to a certain duration, the chart starting duration is as indicated here: o
Duration more than 1 Day - chart starts at 1 Day resolution
o
Duration 5 minutes up to 1 Hour - chart starts at 5 minutes
o Duration more than 1 Hour up to 1 Day - chart starts at 1 Hour resolution Drilldown Usage: Select one data point on the chart, either a line, point or bar, then click this icon from the chart toolbar. The chart refreshes at the next higher resolution. The granularity steps in this sequence: Daily, 1 Hour, 5 minutes, 15 seconds, 100 ms, to 1ms. Note: Data for the Utilization metric is available down to 5 minute resolution for nGeniusONE data. When the chart is set to this metric and drilldown is attempted below 5 minute, the chart displays no data. •
Reset Resolution: This icon resets the Link Usage Over Time chart to its original granularity; useful when the Toggle Resolution icon has been used to drill into more granular data views.
•
Launch Conversation View: Use this icon to open a Conversation view tab. Optionally, select a specific application from a chart and then use this icon from the chart toolbar to limit the Conversation view to that context.
•
Toggle chart to table: Available in certain charts for both Traffic Monitors, this icon is used to toggle that chart to a table view and back. In table mode, each row reflects the individual key attribute with its associated throughput metrics (Volume, Packets, and Utilization). The table includes a status bar similar to the Summary table, with options to filter, adjust metrics, and page through data. Note that table mode is the default state for the Vital Signs mode of Link Monitor. That chart is not applicable for graphical display. Following is the Traffic Distribution by Application chart, toggled to table mode:
189
nGeniusONE 5.4.1 Online Help Topics
•
Maximize / restore chart: For charts, these icons behave slightly differently than for the Summary table. The charts are maximized within the lower pane only. Use these icons to toggle display of a single chart in the entire lower pane area or to restore it and display all charts. These icons are not displayed when the browser is scaled down such that only two charts are visible.
•
Additional Chart Actions: o For time-based charts, click and drag to zoom into a more detailed view of the data over time. Click the Reset zoom popup to reset the chart. o For any chart, click the legend label to disable/enable that item from display in the chart.
190
TROUBLESHOOTING ISSUES
o In Traffic Monitor charts, click a pie piece or bar to analyze data for that item in the companion chart. For example, in Application (Traffic) Monitor, selecting one location in the left chart, toggles the right chart from Top 10 Locations and Link Usage to Top 10 Applications and Link Usage for the selected location. In Link Monitor, selecting one bar from the left Link Usage chart to display the Traffic Distribution by Applications for just that moment in time.
Using the Conversation (View) Tab The Conversation tab provides a quick method of assessing the Conversation and Host activity on the monitored network. The data is pre-filtered based on your drilldown method. From within Application Traffic Monitor or Link Traffic Monitor, you can opt to launch the Conversation view on a selected row, or you can select an item from a chart, then use the icon from the companion chart to open a Conversation view with that context. The displayed results include up to 100 conversations based on the In/Out Octets, overall. If a conversation you are interested in is not displayed in this view, use the Search & Discover tool to query for one of the specific hosts in that conversation. Within the Conversation tab, you can then toggle perspectives between Conversation activity (Host A / Host B) and Host activity. Note: Use of this feature requires the data source run v5.4 or later and that certain ASI tables be enabled. If needed, review Monitor Prerequisites.
Working with the Conversation / Host Summary Table The toolbar options operate the same as in the Summary tab of a Traffic monitor. This tab, however, includes a Switch to modes:
icon for toggling the monitor results between different
•
Conversation mode: Summary table of the top conversations detected on the that monitored element. Associated applications and link usage for each conversation are displayed in companion charts.
•
Host mode: Summary table of the top hosts active on that monitored element, with application activity and link usage for the selected host displayed in the companion charts.
191
nGeniusONE 5.4.1 Online Help Topics Additional options on the toolbar of the table allow you to perform the following actions: •
Customize Time: The time toolbar supports the same durations and actions as the Traffic Monitor Summary tab.
•
Filter results: Narrow the results by filtering on specific values for each displayed field. If needed, click this icon again to display the currently set filter options. Add multiple filter options using the + icon. If desired, you can specify whether the query should match records with all the criteria or match any one of your multiple criteria. Click the Find button when ready to run the query. When a filter is in use, the icon is highlighted with a gold border.
•
Reset filter:
•
Customize displayed columns: In addition to certain fixed columns, each Monitor has a collection of metrics of which only a subset is displayed by default. Use this icon to customize which metrics are displayed in the table.
•
Export displayed results (CSV, PDF, RTF): data in one of three formats.
•
Drill down to hourly results: If you selected one of the time menu options exceeding a one-hour duration, this icon is enabled. To use this drilldown feature, select rows of interest in the table, then click the icon to open a Drilldown tab containing the data for originally selected rows for the same duration, but the data are now represented in rows of one hour at a time (the specific hour for each row is listed in a new Time column) and charts of 5 minute granularity.
•
Customize view options: You can use this option to toggle display format of values in the Summary table. Note that, by default, certain fields are formatted as per nGeniusONE User Preferences. You can override these settings per monitor, then save settings if desired. Toggling these options causes column titles to change accordingly. The options from this menu are:
Clear the filter options.
Export the currently displayed
Monitored Element: This setting corresponds to the way the appliance is configured in Device Management. From there, an administrator can provide an Alias and a Name, in addition to the device Address. Toggling Alias, Name or Address in the view options dialog changes the column title and, if the administrator provided a value other than IP address for these, the corresponding value is displayed.
192
TROUBLESHOOTING ISSUES
Chart Resolution: Use this option to change units within charts based on the overall duration of the tab. For durations of three to less than seven days, you can toggle the charts to display resolution in units of 1 Day (default) or 1 Hour. If the overall duration is more than one hour but less than three days, you can toggle the charts to display units in 1 Hour (default) or 5 Min(utes). •
Customize Displayed Keys: This icon allows you to display additional columns (Application, Host A Port, Host B Port) in the summary table. When the chart is switched to Host perspective, only the Application option is available. Note that in cases where the port number is not known or not applicable (such as for peer-topeer applications), the port number is displayed as a '-'.
•
Save / Reset settings: Use this tool to save and reset configurations changes you have made for Metrics, View Options, column sort order, and chart legend selections. o Save: This saves settings for this monitor and this tab for the current user. Settings are independent per tab. For example, in Traffic Monitor, the Summary tab settings are independent of the Conversation tab. In Call Server Monitor, the Summary tab settings are independent of the Session Analysis tab settings. o Reset: Use this option to revert the settings to the currently stored system defaults. The next time the monitor is opened, it will use the reset values (Reset does not modify the currently active monitor instance.) o Save for All / Reset for All: These options are displayed in the settings menu when users have the SYSADMIN role. These allow an administrator can configure settings for each monitor once for the entire server, then select the Save for All menu option. Those customizations become the new system default for each user. Users can subsequently create their own customizations. Future Save for All updates by the administrator do not overwrite customizations made by users, rather the internal “default” is updated and applied when non-administrative users select the Reset option. To restore settings to NetScout defaults, the administrator applies Reset for All.
•
Expand/collapse table: Click these icons to show or hide the Summary table. When the table is hidden, the charts automatically scale to use the additional space.
•
Maximize/restore table: Use these to toggle between display of only the upper pane / Summary Table and a split display of the upper pane Summary table and the lower pane with charts.
•
Navigate available results: The table displays up to 50 results at a time. When more than 50 rows match the query, the Page navigation icons on the upper pane’s status bar are enabled with icons to jump to the start or end, or to a specific page number, and to move forward or backward through the results. The status bar indicates which set of 50 is currently displayed, along with the total number of records
.
193
nGeniusONE 5.4.1 Online Help Topics •
Resize columns: You can change the width of any column. Hover your mouse cursor over the vertical separator between the column headings until the cursor changes to a gripper icon, then click and drag to adjust.
•
Sort columns: Click the heading of any column to sort the table by that field or metric. The entire table is sorted on that key, not just the currently displayed results. Click a column title multiple times to toggle sort order between ascending and descending.
Working with the Charts The following chart types are displayed in the Conversation tab: •
Traffic Distribution by Application | Location
•
Top 10 Applications and Link Usage Over Time
Toolbar options for these charts include the items below. •
Toggle Chart Distribution : This icon, when present, provides the option to toggle the Traffic Distribution chart results between Locations and Applications. When the Location Distribution is active, the chart includes an icon to change the Location key. Note that when the Traffic Distribution chart is in Location mode and the selected interface is configured for QoS, the chart and the Location Keys dialog are blank.
•
Select Location Keys: This icon, present when Traffic Distribution chart is toggled to Location, is useful when the chart includes content from more than one Location Key type. Use this dialog to switch the chart to alternate location key types. To disable individual detected values for that key type (e.g., VLAN-243, VLAN-101), use the legend icons on the bottom of the chart. Note that when the Traffic Distribution chart is in Location mode and the selected interface is configured for QoS, the chart and the Location Keys dialog are blank.
•
Customize chart criteria: Use this icon to display a dialog for changing the underlying metrics for the chart (e.g., Bit Rate, Volume, Packets, % Utilization).
•
Launch Decode: This option is displayed in the "Top 10 Applications and Link Usage Over Time" chart. To drill into packets from this icon, first ensure the duration does not exceed one hour, optimally select a single application from the chart, then click the decode icon. A separate packet (decode) analysis tab displays.
•
Toggle chart to table: This icon is used to toggle that chart to a table view and back. In table mode, each row reflects the individual key attribute with its associated throughput metrics (Volume, Packets, and Utilization). The table includes a status bar similar to the Summary table, with options to filter, adjust metrics, and page through data.
194
TROUBLESHOOTING ISSUES
You can select / deselect chart elements to perform the following tasks: •
Select a pie segment to toggle the companion chart to a more specific context. For example, when the left chart is in application mode, selecting a pie segment changes the right chart to "Application - Link Usage Over Time."
•
Select a bar from the right chart before performing a decode, to limit the decode context to the specific time slice.
•
Click and drag across a bar chart to perform a visual zoom.
Using Packet Decode Tabs From most monitors, you can follow a workflow to drill down to the packet level for forensic analysis after isolating traffic to one hour or less, as follows: •
From the Summary tab of a Service Monitor/Enabler that supports Session Analysis, you can open a Session tab, and from there you can launch a Packet Decode tab. In certain cases, such as in MDF Monitor, it is possible launch decode directly from the Summary tab. When applicable, an icon is displayed on the chart toolbar. Multiple decode tabs can be launched from any Session tab.
•
From the Traffic Monitor charts that display Application statistics you can select a single application and then launch a Packet Decode tab using the icon. You can launch multiple decode tabs. Note that although these monitors provide a variety of perspectives into the data (Applications, Application Groups, Locations, MEs, Network Domains), decode can only be launched on individual applications.
•
From a UC Streams view tab or UC Single-Call view tab.
•
From the Host Analysis module.
•
From the Discover My Network module.
195
nGeniusONE 5.4.1 Online Help Topics For encrypted traffic, decryption will occur automatically upon drilldown from the above modules if the user's role is enabled for Packet Analysis - User Decryption and SSL key configuration has been done. To view the packets without decryption, use the Packet Analysis Data Mining Module.
•
After you isolate packets and select decode, the results are displayed in the new Packet Decode tab in three panes that, together, illustrate the various protocol layers embedded in a frame. Use the following as a guide for the actions you can perform in each of these panes: •
Packet Summary pane
•
Packet Detail pane
•
Packet Hex pane
Packet Summary Pane The Packet Summary pane displays several packets at once, providing a condensed view of the decoded packets’ source and destination addresses, the highest layer protocol in each packet, and various timing information. Although each packet is abbreviated and condensed, you can see at a glance the sequence and context of the frames. You can then examine individual packets in greater detail or skip over them. Usage Scroll through the entries in this pane to identify a row of interest. Select a packet row to update the Packet Detail pane and Packet Hex pane with decode information for the selected frame. Toolbar In addition to using the Summary pane to select packets for display in the other panes, you can perform the following actions using the toolbar located in the Packet Summary pane.
•
196
Navigate decode sessions: Each time you apply a Quick filter or Custom filter (see below) in the current decode tab, a new entry is added into this navigation list. Click the icon to display a dialog with a list of each decode session for this tab. Within the dialog you can edit and navigate between the original decode results and filtered results. To edit a session name or delete a decode session use the icons to the far right of that session title.
TROUBLESHOOTING ISSUES
•
Stop Mining:
•
Launch Quick Filter: trace data.
•
Launch/apply a custom filter: Use this icon to open the Filter Builder to access a tool allowing you to create and apply custom, shared or local filters.
•
Launch Bounce Chart: Open a tab illustrating the flow of packets exchanged in the stream to which the selected frame belongs. Guidance for understanding and using the chart is provided in Viewing Data Mining Bounce Charts.
•
Launch Enhanced Decode: Launches the Enhanced Decode view to display additional information on TCP packets.
•
Compare Two Decode Windows Side by Side: Launches the Compare Decode view to allow you to view the contents of two packets side by side.
•
View Display Options: following options:
•
This stops data mining and returns the accumulated results. Apply a Context, Connection, or Application Filter on the
Adjust the granularity of displayed data with the
o
Time: Select seconds to nanoseconds and whether view all layers or just the top layer in the Summary View pane. It also allows you to filter out unresolved packets.
o
Layers: This option affects the value in Interpretation column. Select All Layers to display one line for each protocol level in a frame. Select Top Layers to display only one line (for the highest enabled protocol level).
o
Resolved / Unresolved: Select whether to display of name or IP address in the Source and Destination columns of the decode summary pane.
o
Column Display: Allows you to adjust how columns display on your screen.
o
Relative Mark: Mark a packet as a baseline for timing packets.
Save Packets as a Trace: If desired, you can save the selected packets to a trace file. Refer to Using Remote Save for detailed steps.
197
nGeniusONE 5.4.1 Online Help Topics
•
Launch Decode As: Launch the Decode As tool to map port numbers for specific applications in your decode.
•
Apply IP Security Decryption Configuration: on encrypted packets.
•
Navigate frames: These tools allow you to navigate through the set of frames associated with the packet.
•
More:
Launch IP Security Decryption
The More button displays a menu with the following options: o
o
Export (Print to File) Column Management
Fields/Columns The Packet Summary pane includes the following fields for each displayed packet (fields marked with * are displayed by default; all fields, except Packet, can be added or removed using the Customize columns option: Field
Description
Packet*
The Summary panel lists frames sequentially in the same order in which they were received. Each frame is assigned a sequential number to simplify navigation. You can move quickly to a particular frame number by entering it in the Go To Frame tool at the top of the pane.
Absolute Time*
The time when the last byte of the packet was received. At that time, nGenius InfiniStream timestamps the packet. All other time displays are based on this value.
Delta Time*
The interval between the current frame’s timestamp and that of the preceding frame.
Size*
The length of the packet, not including the CRC bits.
Source*
The source address for this packet: By default, the Summary pane shows the network layer address, if present. If it is not present, the MAC address is shown.
Destination*
198
The destination address for this packet. Destination
TROUBLESHOOTING ISSUES addresses are shown in the same way as source addresses. Interpretation*
An abbreviated description of the packet’s contents. The exact data shown will depend on the packet, but may include destination and source port numbers, ACK numbers, sequence numbers, and so on. The protocol layer information displayed in this column can be adjusted using the View Options icon (see above).
Status*
Displays a packet status if the packet is one of the following: ACK, PSH, RST, FIN
Capture Size
Displays the amount of packet data captured (this may be less than the actual packet size)
Relative Time
You can select a particular packet in a data trace as a baseline for timing packets (by default, the Relative Mark is set for the first packet). The Relative Time column calculates the time difference (up to the nanosecond) from the marked packet. Packets above the marked packet display negative numbers and packets below the marked packet display positive numbers.
Source Mac
MAC address of the source system
Destination Mac
MAC address of the destination system
Source Port
Port number coming from the source system
Destination Port
Port number going into the destination system
Interface
Interface number from which the data was captured
Cumulative Bytes
Total bytes of the data capture (increments with each subsequent packet)
Custom
Columns created using the Customizing Columns for Data Mining
Packet Detail Pane The Packet Detail pane displays and interprets each protocol layer of the packet currently selected in the Packet Summary pane. The first line in the Detail pane provides some metadata on the decoded packet – the frame number assigned to it in the Packet Summary pane, its length as displayed, and its length as captured. Any difference between the two length values is the result of packet slicing on the capturing nGenius InfiniStream appliance. Following the packet metadata, the layers of the frame are arranged with the lowest protocol layer displayed first (top of the pane) with the remaining frames displayed in sequence down to the highest protocol layers. Initially, each of the layers is shown with a one-line summary. Here are actions you can perform in this pane: •
You can cascade open layers (double-click) to see the full interpretation of each field and parameter in that layer (VLAN tags, TCP header fields, application layer commands, et cetera).
199
nGeniusONE 5.4.1 Online Help Topics •
As you expand packets in this pane and select different layers or fields (by dragging mouse to highlight), corresponding records update in the Packet Hex pane. Use this to identify which hex code corresponds to which layer or field in the packet.
•
Icons are also provided to Expand / Collapse and to Print the entire detail.
Packet Hex Pane This pane shows both the hexadecimal and ASCII interpretation of the frame selected in the Packet Summary panel. The highlighted area in the Packet Hex panel updates according to selections made in the Packet Detail panel, allowing you to map that code to a specific layer or field. Each byte is displayed as two hex characters, 00 to FF, with a blank between successive bytes. The bytes are arranged 16 to a row in a full-width table. The far left column shows the offset from the beginning of the packet, which allows you to readily calculate each field’s location in the packet. The ASCII portion of the panel shows the translations for the hex codes using either ASCII, Extended ASCII, or EBCDIC transliteration. An icon is also provided to Print the currently displayed Hex data.
200
TROUBLESHOOTING ISSUES
PERFORMING DIAGNOSTICS WITH PACKET ANALYSIS Overview of Packet Analysis Three methods of Packet Analysis are available within nGeniusONE to support direct analysis or drilldown. •
Drilldown method: From most Service Monitors and Traffic Monitors you can drill down to the packet level. Details of using the Packet Analysis tab for this workflow are described in Packet Analysis using Service Monitors.
•
Direct decode method: If you know the specific interfaces and time duration you want to decode, you can perform Packet Analysis using the Data Mining module.
•
Viewing Archived Trace Files: You can view archived trace files using the Trace Archive module
201
nGeniusONE 5.4.1 Online Help Topics
Using Packet Decode Tabs From most monitors, you can follow a workflow to drill down to the packet level for forensic analysis after isolating traffic to one hour or less, as follows: From the Summary tab of a Service Monitor/Enabler that supports Session Analysis, you can open a Session tab, and from there you can launch a Packet Decode tab. In certain cases, such as in MDF Monitor, it is possible launch decode directly from the
•
Summary tab. When applicable, an icon is displayed on the chart toolbar. Multiple decode tabs can be launched from any Session tab. From the Traffic Monitor charts that display Application statistics you can select a
•
single application and then launch a Packet Decode tab using the icon. You can launch multiple decode tabs. Note that although these monitors provide a variety of perspectives into the data (Applications, Application Groups, Locations, MEs, Network Domains), decode can only be launched on individual applications. •
From a UC Streams view tab or UC Single-Call view tab.
•
From the Host Analysis module.
•
From the Discover My Network module.
•
For encrypted traffic, decryption will occur automatically upon drilldown from the above modules if the user's role is enabled for Packet Analysis - User Decryption and SSL key configuration has been done. To view the packets without decryption, use the Packet Analysis Data Mining Module.
After you isolate packets and select decode, the results are displayed in the new Packet Decode tab in three panes that, together, illustrate the various protocol layers embedded in a frame. Use the following as a guide for the actions you can perform in each of these panes: •
Packet Summary pane
•
Packet Detail pane
•
Packet Hex pane
Packet Summary Pane The Packet Summary pane displays several packets at once, providing a condensed view of the decoded packets’ source and destination addresses, the highest layer protocol in each packet, and various timing information. Although each packet is abbreviated and condensed, you can see at a glance the sequence and context of the frames. You can then examine individual packets in greater detail or skip over them. Usage Scroll through the entries in this pane to identify a row of interest. Select a packet row to update the Packet Detail pane and Packet Hex pane with decode information for the selected frame. Toolbar In addition to using the Summary pane to select packets for display in the other panes, you can perform the following actions using the toolbar located in the Packet Summary pane. 202
TROUBLESHOOTING ISSUES
•
Navigate decode sessions: Each time you apply a Quick filter or Custom filter (see below) in the current decode tab, a new entry is added into this navigation list. Click the icon to display a dialog with a list of each decode session for this tab. Within the dialog you can edit and navigate between the original decode results and filtered results. To edit a session name or delete a decode session use the icons to the far right of that session title.
•
Stop Mining:
•
Launch Quick Filter: trace data.
•
Launch/apply a custom filter: Use this icon to open the Filter Builder to access a tool allowing you to create and apply custom, shared or local filters.
•
Launch Bounce Chart: Open a tab illustrating the flow of packets exchanged in the stream to which the selected frame belongs. Guidance for understanding and using the chart is provided in Viewing Data Mining Bounce Charts.
•
Launch Enhanced Decode: Launches the Enhanced Decode view to display additional information on TCP packets.
•
Compare Two Decode Windows Side by Side: Launches the Compare Decode view to allow you to view the contents of two packets side by side.
•
View Display Options: following options:
This stops data mining and returns the accumulated results. Apply a Context, Connection, or Application Filter on the
Adjust the granularity of displayed data with the
o
Time: Select seconds to nanoseconds and whether view all layers or just the top layer in the Summary View pane. It also allows you to filter out unresolved packets.
o
Layers: This option affects the value in Interpretation column. Select All Layers to display one line for each protocol level in a frame. Select Top Layers to display only one line (for the highest enabled protocol level).
203
nGeniusONE 5.4.1 Online Help Topics o
Resolved / Unresolved: Select whether to display of name or IP address in the Source and Destination columns of the decode summary pane.
o
Column Display: Allows you to adjust how columns display on your screen.
o
Relative Mark: Mark a packet as a baseline for timing packets.
•
Save Packets as a Trace: If desired, you can save the selected packets to a trace file. Refer to Using Remote Save for detailed steps.
•
Launch Decode As: Launch the Decode As tool to map port numbers for specific applications in your decode.
•
Apply IP Security Decryption Configuration: on encrypted packets.
•
Navigate frames: These tools allow you to navigate through the set of frames associated with the packet.
•
More:
Launch IP Security Decryption
The More button displays a menu with the following options: o
o
Export (Print to File) Column Management
Fields/Columns The Packet Summary pane includes the following fields for each displayed packet (fields marked with * are displayed by default; all fields, except Packet, can be added or removed using the Customize columns option: Field
204
Description
Packet*
The Summary panel lists frames sequentially in the same order in which they were received. Each frame is assigned a sequential number to simplify navigation. You can move quickly to a particular frame number by entering it in the Go To Frame tool at the top of the pane.
Absolute Time*
The time when the last byte of the packet was received. At that time, nGenius InfiniStream timestamps the packet. All other time displays are based on this value.
Delta Time*
The interval between the current frame’s timestamp and
TROUBLESHOOTING ISSUES that of the preceding frame. Size*
The length of the packet, not including the CRC bits.
Source*
The source address for this packet: By default, the Summary pane shows the network layer address, if present. If it is not present, the MAC address is shown.
Destination*
The destination address for this packet. Destination addresses are shown in the same way as source addresses.
Interpretation*
An abbreviated description of the packet’s contents. The exact data shown will depend on the packet, but may include destination and source port numbers, ACK numbers, sequence numbers, and so on. The protocol layer information displayed in this column can be adjusted using the View Options icon (see above).
Status*
Displays a packet status if the packet is one of the following: ACK, PSH, RST, FIN
Capture Size
Displays the amount of packet data captured (this may be less than the actual packet size)
Relative Time
You can select a particular packet in a data trace as a baseline for timing packets (by default, the Relative Mark is set for the first packet). The Relative Time column calculates the time difference (up to the nanosecond) from the marked packet. Packets above the marked packet display negative numbers and packets below the marked packet display positive numbers.
Source Mac
MAC address of the source system
Destination Mac
MAC address of the destination system
Source Port
Port number coming from the source system
Destination Port
Port number going into the destination system
Interface
Interface number from which the data was captured
Cumulative Bytes
Total bytes of the data capture (increments with each subsequent packet)
Custom
Columns created using the Customizing Columns for Data Mining
Packet Detail Pane The Packet Detail pane displays and interprets each protocol layer of the packet currently selected in the Packet Summary pane. The first line in the Detail pane provides some metadata on the decoded packet – the frame number assigned to it in the Packet Summary pane, its length as displayed, and its length as captured. Any difference between the two length values is the result of packet slicing on the capturing nGenius InfiniStream appliance. Following the packet metadata, the layers of 205
nGeniusONE 5.4.1 Online Help Topics the frame are arranged with the lowest protocol layer displayed first (top of the pane) with the remaining frames displayed in sequence down to the highest protocol layers. Initially, each of the layers is shown with a one-line summary. Here are actions you can perform in this pane: •
You can cascade open layers (double-click) to see the full interpretation of each field and parameter in that layer (VLAN tags, TCP header fields, application layer commands, et cetera).
•
As you expand packets in this pane and select different layers or fields (by dragging mouse to highlight), corresponding records update in the Packet Hex pane. Use this to identify which hex code corresponds to which layer or field in the packet.
•
Icons are also provided to Expand / Collapse and to Print the entire detail.
Packet Hex Pane This pane shows both the hexadecimal and ASCII interpretation of the frame selected in the Packet Summary panel. The highlighted area in the Packet Hex panel updates according to selections made in the Packet Detail panel, allowing you to map that code to a specific layer or field. Each byte is displayed as two hex characters, 00 to FF, with a blank between successive bytes. The bytes are arranged 16 to a row in a full-width table. The far left column shows the offset from the beginning of the packet, which allows you to readily calculate each field’s location in the packet. The ASCII portion of the panel shows the translations for the hex codes using either ASCII, Extended ASCII, or EBCDIC transliteration. An icon is also provided to Print the currently displayed Hex data.
206
TROUBLESHOOTING ISSUES
Data Mining Using Packet Analysis Data Mining The Data Mining view is one of the main screens for the nGeniusONE-based Packet Analysis. All of the monitored elements (allowed by your user role) are listed on this screen.
To perform an operation on a monitored element, click the interface and then click one of the following buttons found on the menu bar: Refresh the view Filter Constructor User Settings Navigate to launched decode sessions Navigate to launched Data Capture sessions Access online help Selecting Monitored Elements Selecting Network Domains
207
nGeniusONE 5.4.1 Online Help Topics
How to use the Decode function How to use the Export function How to use the Data Capture function
Selecting Monitored Elements From the list of Monitored Elements, you can select up to four interfaces on which to perform a Decode or Save, or select a single interface on which to perform a Data Capture. To help you locate a particular interface or interfaces, there is a search icon that allows you to locate a particular IP address, element/domain name, or alias. Also, each field in the Monitored Element list has the option to sort a field in ascending or descending order. To sort the list, click the desired field and click the Sort Ascending/Descending button next to the field name.
When you select the interface(s) to perform the Decode/Save/Capture operation, see the following links for more information: •
How to use the Decode function
•
How to use the Export function
•
How to use the Data Capture function
Note: You can perform only one Capture operation at a time. Also, performing Data Capture operations from Network Domains is unsupported.
208
TROUBLESHOOTING ISSUES
Selecting Network Domains From the list of Network Domains, you can select a Network Domain (Packet Analysis derives the Network Domain names from those configured in the Service Domain) on which to perform a Decode or Save. To help you locate a particular interface or interfaces, there is a search icon that allows you to locate a particular IP address, element/domain name, or alias. Also, each field in the Monitored Element list has the option to sort a field in ascending or descending order. To sort the list, click the desired field and click the Sort Ascending/Descending button next to the field name.
Once you select a Network Domain, choose a domain member from the drop-down list next to the ME Name contained in the ME Details section and perform the Decode or Save operation. Note: Performing Data Capture operations from Network Domains is unsupported.
List of Network Domain Member Interfaces
209
nGeniusONE 5.4.1 Online Help Topics
When you select the interface to perform the Decode/Save operation, see the following links for more information: •
How to use the Decode function
•
How to use the Export function
•
Filtering
210
TROUBLESHOOTING ISSUES
Customizing Packet Analysis User Settings You can adjust user settings using this dialog box. This allows you to customize the Decode view.
Colorize Filtered Packets - When you apply a filter, the filtered packets display with a different color. Time Format - Use the radio button to display time in 12- or 24-hour format (for example, 05:26:00 PM [12-hour] or 17:26:00 [24-hour]) Default Save On - When running a trace file export, you can set the default device to display in the drop-down box (nGeniusONE, InfiniStream, Desktop)
211
nGeniusONE 5.4.1 Online Help Topics
Launch Remote Analysis Decode To launch Remote Analysis (Protocol Decode), do the following:
1. Select the interface(s) on which you want to perform the Decode. You can select more than one interface by holding down the or key and clicking on the desired interfaces. You can select more than one interface on a single nGenius InfiniStream appliance. 2. Click the Decode button on the right hand side of the pane. 3. (Optional, unchecked by default) Check the Use previously saved Time and Filter settings box to have the last saved time interval and filter automatically fill in. To reset the time interval and filter settings, clear the check box and change the
212
TROUBLESHOOTING ISSUES appropriate settings. When you click Submit, your settings are saved for the next session. 4. Open the Time Zone drop-down box and select a time zone if you wish to adjust the packet timestamps to a particular time zone. This step is optional. Adjusting the time zone is useful if you have devices in different time zones from the nGeniusONE server and you want to adjust to a local time. You can select either the server time zone, client time zone, or any of the major time zones from the drop-down list. 5. Set the Start Date by clicking the calendar icon on the Start Date line and set the End Date by clicking the calendar icon on the End Date line. 6. Set the Start Time by manually entering or clicking the time box on the Start Date line and set the End Time by manually entering or clicking the time box on the End Date line. Note: After performing steps 5-6, you can set a time (up to one hour) in the Duration box to collect trace data for a particular length of time. If you want to collect the latest trace data, after setting the duration, click the Refresh adjust the start and end time/date to the latest available data.
button to
7. (Optional) If you want to use a predefined or customize a quick filter, see the Filtering section. 8. (Optional) Click Use SSL Decryption to view decrypted SSL encrypted packets if your nGeniusONE user ID is configured to decrypt SSL encrypted packets. Note: When you enable the Use SSL Decryption feature and export a decrypted data trace, the packets are exported in decrypted form. 9. Click Decode to start the Protocol Decode.
Filtering Open the Define Filter accordion by clicking the
button. The Filter dialog displays.
1. Select either a predefined filter (Decode only) by clicking the Choose from predefined filters radio button or click Create your own Quick Filter to create a custom quick filter. Note: Predefined filter selection is only supported in Decode operations. 2. If choosing a predefined filter, click the drop-down box in the drop-down box and select your filter. 3. If entering a custom filter, do the following: a. Select an application on which you wish to filter by clicking the to filter.
drop-down box and select the application you wish
b. (Optional) You can sort on particular protocols, IP addresses, or port numbers. You can select up to four Applications with two IP Address/Port combinations. This means for each protocol, you can sort on two IP addresses, two port numbers, or one of each. Enter a source IP address or port number by entering data in the first IP Address/Port box that follows the application you selected. To enter a destination IP address or
213
nGeniusONE 5.4.1 Online Help Topics port, enter data in the second IP Address/Port box. You can enter data in either or both IP Address/Port boxes. If you enter data in both boxes, the filter selects packets that contain the specified source and destination information you provide. Each IP Address/Port box works as an AND operator to its complement. Important: When entering IPv6 addresses in filters, surround the IPv6 address with brackets []. For example, ipv6==[fda2:7043:e658:e556:0123:4567:89ab:cdef/128] or ipv6==[fda2:7043:e658:e556:0123:4567:89ab:cdef/128]:8080 4. If you want to filter additional applications, click the button to add another application filter. Repeat step 3 for the new application. When using more than one custom filter, each filter is treated independently (each filter works as an OR operator). 5. To remove a custom filter, click the
214
button next to the filter you wish to remove.
TROUBLESHOOTING ISSUES
Launch Trace File Export/Save To export (save) a trace file, do the following:
1. Select the interface(s) on which you want to perform the Save. You can select more than one interface by holding down the or key and clicking on the desired interfaces. You can select more than one interface on a single nGenius InfiniStream appliance. 2. Click the Save button on the right hand side of the pane.
215
nGeniusONE 5.4.1 Online Help Topics 3. (Optional, unchecked by default) Check the Use previously saved Time and Filter settings box to have the last saved time interval and filter automatically fill in. To reset the time interval and filter settings, clear the check box and change the appropriate settings. When you click Save, your settings are saved for the next session. 4. Open the Time Zone drop-down box and select a time zone if you wish to adjust the packet timestamps to a particular time zone. This step is optional. Adjusting the time zone is useful if you have devices in different time zones from the nGeniusONE server and you want to adjust to a local time. You can select either the server time zone, client time zone, or any of the major time zones from the drop-down list. 5. Set the Start Date by clicking the calendar icon on the Start Date line and set the End Date by clicking the calendar icon on the End Date line. 6. Set the Start Time by manually entering or clicking the time box on the Start Date line and set the End Time by manually entering or clicking the time box on the End Date line. Note: After performing steps 5-6, you can set a time (up to one hour) in the Duration box to collect trace data for a particular length of time. If you want to collect the latest trace data, after setting the duration, click the Refresh adjust the start and end time/date to the latest available data.
button to
7. (Optional) If you want to use a predefined or customize a quick filter, see the Filtering section. 8. In the Save On section, select whether to save the file to the nGenius InfiniStream, the nGeniusONE server, or to your system. If saving to an nGenius InfiniStream appliance or the nGeniusONE server, select the folder into which you want to place the file. 9. Enter the file name in the File Name field. You only need to enter the file name. The PCAP extension is added automatically. 10. Check the Overwrite box if overwriting an existing file. This step is optional. 11. Click Export to save the file. If you chose to save the file on your local machine, the file is most often saved to your browser Download folder. 12. The Export Status section of the tab displays the status of the export (such as: Preparing, percentage completed, and Complete). 13. If you want to cancel an export, click the of the tab.
indicator that appears at the bottom
Filtering Open the Define Filter accordion by clicking the
button. The Filter dialog displays.
1. Select either a predefined filter (Decode only) by clicking the Choose from predefined filters radio button or click Create your own Quick Filter to create a custom quick filter. Note: Predefined filter selection is only supported in Decode operations.
216
TROUBLESHOOTING ISSUES
2. If choosing a predefined filter, click the drop-down box in the drop-down box and select your filter. 3. If entering a custom filter, do the following: a. Select an application on which you wish to filter by clicking the to filter.
drop-down box and select the application you wish
b. (Optional) You can sort on particular protocols, IP addresses, or port numbers. You can select up to four Applications with two IP Address/Port combinations. This means for each protocol, you can sort on two IP addresses, two port numbers, or one of each. Enter a source IP address or port number by entering data in the first IP Address/Port box that follows the application you selected. To enter a destination IP address or port, enter data in the second IP Address/Port box. You can enter data in either or both IP Address/Port boxes. If you enter data in both boxes, the filter selects packets that contain the specified source and destination information you provide. Each IP Address/Port box works as an AND operator to its complement. Important: When entering IPv6 addresses in filters, surround the IPv6 address with brackets []. For example, ipv6==[fda2:7043:e658:e556:0123:4567:89ab:cdef/128] or ipv6==[fda2:7043:e658:e556:0123:4567:89ab:cdef/128]:8080 4. If you want to filter additional applications, click the button to add another application filter. Repeat step 3 for the new application. When using more than one custom filter, each filter is treated independently (each filter works as an OR operator). 5. To remove a custom filter, click the
button next to the filter you wish to remove.
217
nGeniusONE 5.4.1 Online Help Topics
Launching Data Capture When you detect a network problem, you might need specific packet level information for your troubleshooting purposes. The Packet Analysis feature contained in nGeniusONE enables you to obtain packet level data by performing a Data Capture. You can then decode the captured data either in real time as the data capture occurs, or save the data capture trace for further analysis. Use the Data Capture function to view real-time data. This is helpful when analyzing a problem that is currently occurring on your network. Note: Data Capture is only supported on one interface from the list of Monitored Elements You can run up to four Data Capture sessions at one time
Procedure Real-time Data Capture is supported on a single nGenius InfiniStream appliance physical interface.
A toolbar is provided at the top of the Summary panel allowing you to perform the following operations, as shown in the image and described in the table below: Refresh the view
Filter Constructor
218
TROUBLESHOOTING ISSUES
User Settings
Navigate to launched decode sessions Navigate to launched capture sessions Access online help
To launch a Data Capture, do the following: 1. Select the interface on which you want to perform the Capture. You can select a single interface on a single nGenius InfiniStream appliance. 2. Select the Slice Size (number of packet bytes displayed) of the packets you wish to capture from the drop-down box. The default is 2048 bytes. 3. Select the Buffer Size of the data capture from the drop-down box. The default is one megabyte. 4. (Optional) Click Use SSL Decryption to decrypt SSL encrypted packets if your nGeniusONE user ID is configured to decrypt SSL encrypted packets. 5. (Optional, unchecked by default) Check the Use previously saved settings box to have the last used filter automatically fill in. To reset the filter settings, clear the check box and change the appropriate settings. When you start the capture, your settings are saved for the next session. 6. (Optional) If you want to customize a quick filter, see the Filtering section. 7. (Optional) In the Save On section, select whether to save the file to the nGenius InfiniStream, the nGeniusONE server, or to your system. If saving to an nGenius InfiniStream appliance or the nGeniusONE server, select the folder into which you want to place the file. a. Enter the file name in the File Name field. You only need to enter the file name. The PCAP extension is added automatically. b. Check the Overwrite box if overwriting an existing file. This step is optional. c. If you wish to save the data capture without viewing, click Save. You can open it later using the Trace Archive. d. If you want to cancel an export, click the at the bottom of the tab.
indicator that appears
8. Click the Start button on the right hand side of the pane to start the Data Capture. 9. The capture progress displays in the Show Capture Statistics section of the Capture
tab.
219
nGeniusONE 5.4.1 Online Help Topics 10. Once complete or when you press the Stop button, you can either Decode or Save the capture trace. To decode the trace, see step 11. To Save the trace, see step 7. 11. Click Decode to view the Data Capture Decode.
Filtering Open the Define Filter accordion by clicking the
button. The Filter dialog displays.
1. Select either a predefined filter (Decode only) by clicking the Choose from predefined filters radio button or click Create your own Quick Filter to create a custom quick filter. Note: Predefined filter selection is only supported in Decode operations. 2. If choosing a predefined filter, click the drop-down box in the drop-down box and select your filter. 3. If entering a custom filter, do the following: a. Select an application on which you wish to filter by clicking the to filter.
drop-down box and select the application you wish
b. (Optional) You can sort on particular protocols, IP addresses, or port numbers. You can select up to four Applications with two IP Address/Port combinations. This means for each protocol, you can sort on two IP addresses, two port numbers, or one of each. Enter a source IP address or port number by entering data in the first IP Address/Port box that follows the application you selected. To enter a destination IP address or port, enter data in the second IP Address/Port box. You can enter data in either or both IP Address/Port boxes. If you enter data in both boxes, the filter selects packets that contain the specified source and destination information you provide. Each IP Address/Port box works as an AND operator to its complement. Important: When entering IPv6 addresses in filters, surround the IPv6 address with brackets []. For example, ipv6==[fda2:7043:e658:e556:0123:4567:89ab:cdef/128] or ipv6==[fda2:7043:e658:e556:0123:4567:89ab:cdef/128]:8080 4. If you want to filter additional applications, click the button to add another application filter. Repeat step 3 for the new application. When using more than one custom filter, each filter is treated independently (each filter works as an OR operator). 5. To remove a custom filter, click the
220
button next to the filter you wish to remove.
TROUBLESHOOTING ISSUES
Create Your Own Quick Filter When performing a Decode, Save, or Data Capture operation, you can filter packets based on predefined (Decode and Save only) or ad-hoc filters. The Define Filter field contains an option for selecting a pre-defined filter or an option to Create your own Quick Filter (adhoc). Using the Create your own Quick Filter feature, you can sort on particular protocols, IP Addresses, or port numbers. You can select up to four four Applications with two IP Address/Port combinations. This means for each protocol, you can sort on two IP addresses, two port numbers, or one of each. When selecting more than one protocol, the search works as an OR operator. When searching on an IP address and/or port pair, the search operates as an AND operator. You can add or remove lines from this type of filter. To use the Create your own Quick Filter feature, do the following (Note: You can perform a maximum of four simultaneous Quick Filters): Open the Define Filter accordion by clicking the
button. The Filter dialog displays.
1. Select either a predefined filter (Decode only) by clicking the Choose from predefined filters radio button or click Create your own Quick Filter to create a custom quick filter. Note: Predefined filter selection is only supported in Decode operations. 2. If choosing a predefined filter, click the drop-down box in the drop-down box and select your filter. 3. If entering a custom filter, do the following: a. Select an application on which you wish to filter by clicking the to filter.
drop-down box and select the application you wish
b. (Optional) You can sort on particular protocols, IP addresses, or port numbers. You can select up to four Applications with two IP Address/Port combinations. This means for each protocol, you can sort on two IP addresses, two port numbers, or one of each. Enter a source IP address or port number by entering data in the first IP Address/Port box that follows the application you selected. To enter a destination IP address or port, enter data in the second IP Address/Port box. You can enter data in either or both IP Address/Port boxes. If you enter data in both boxes, the filter selects packets that contain the specified source and destination information you provide. Each IP Address/Port box works as an AND operator to its complement. Important: When entering IPv6 addresses in filters, surround the IPv6 address with brackets []. For example, ipv6==[fda2:7043:e658:e556:0123:4567:89ab:cdef/128] or ipv6==[fda2:7043:e658:e556:0123:4567:89ab:cdef/128]:8080 4. If you want to filter additional applications, click the button to add another application filter. Repeat step 3 for the new application. When using more than one custom filter, each filter is treated independently (each filter works as an OR operator).
221
nGeniusONE 5.4.1 Online Help Topics
5. To remove a custom filter, click the
222
button next to the filter you wish to remove.
TROUBLESHOOTING ISSUES
Launching Remote Analysis (Protocol Decode/Save/Data Capture) From the Data Mining tab, you can launch a Decode of historical data, save a trace file for future analysis, or perform a real-time data capture. This is useful in forensic analysis of a current or past event. When viewing the Data Mining tab, you see a list of Monitored Elements or Network Domains from which you can select and run your data mining operations. There is a search icon that allows you to locate a particular IP address, element/domain name, or alias. Also, each field in the Monitored Element or Network Domain list has the option to sort a field in ascending or descending order. To sort the list, click the Sort Ascending/Descending button next to the field name on which you want to sort.
A toolbar is provided at the top of the Summary panel allowing you to perform the following operations, as shown in the image and described in the table below: Refresh the view Filter Constructor User Settings Navigate to launched decode sessions Navigate to launched capture sessions Access online help
223
nGeniusONE 5.4.1 Online Help Topics There are also three buttons on the right side of the pane. Select the Decode button for a Protocol Decode, select the Save button to save a trace file, or select the Data Capture button to perform a real-time data capture. Click the question mark icon for online help.
Decode Button To launch Remote Analysis (Protocol Decode), do the following:
224
TROUBLESHOOTING ISSUES 1. Select the interface(s) on which you want to perform the Decode. You can select more than one interface by holding down the or key and clicking on the desired interfaces. You can select more than one interface on a single nGenius InfiniStream appliance. 2. Click the Decode button on the right hand side of the pane. 3. (Optional, unchecked by default) Check the Use previously saved Time and Filter settings box to have the last saved time interval and filter automatically fill in. To reset the time interval and filter settings, clear the check box and change the appropriate settings. When you click Submit, your settings are saved for the next session. 4. Open the Time Zone drop-down box and select a time zone if you wish to adjust the packet timestamps to a particular time zone. This step is optional. Adjusting the time zone is useful if you have devices in different time zones from the nGeniusONE server and you want to adjust to a local time. You can select either the server time zone, client time zone, or any of the major time zones from the drop-down list. 5. Set the Start Date by clicking the calendar icon on the Start Date line and set the End Date by clicking the calendar icon on the End Date line. 6. Set the Start Time by manually entering or clicking the time box on the Start Date line and set the End Time by manually entering or clicking the time box on the End Date line. Note: After performing steps 5-6, you can set a time (up to one hour) in the Duration box to collect trace data for a particular length of time. If you want to collect the latest trace data, after setting the duration, click the Refresh adjust the start and end time/date to the latest available data.
button to
7. (Optional) If you want to use a predefined or customize a quick filter, see the Filtering section. 8. (Optional) Click Use SSL Decryption to view decrypted SSL encrypted packets if your nGeniusONE user ID is configured to decrypt SSL encrypted packets. 9. Click Decode to start the Protocol Decode. 10. The Decode View opens.
225
nGeniusONE 5.4.1 Online Help Topics
Export Button To save a trace file, do the following:
226
TROUBLESHOOTING ISSUES 1. Select the interface(s) on which you want to perform the Save. You can select more than one interface by holding down the or key and clicking on the desired interfaces. You can select more than one interface on a single nGenius InfiniStream appliance. 2. Click the Save button on the right hand side of the pane. 3. (Optional, unchecked by default) Check the Use previously saved Time and Filter settings box to have the last saved time interval and filter automatically fill in. To reset the time interval and filter settings, clear the check box and change the appropriate settings. When you click Save, your settings are saved for the next session. 4. Open the Time Zone drop-down box and select a time zone if you wish to adjust the packet timestamps to a particular time zone. This step is optional. Adjusting the time zone is useful if you have devices in different time zones from the nGeniusONE server and you want to adjust to a local time. You can select either the server time zone, client time zone, or any of the major time zones from the drop-down list. 5. Set the Start Date by clicking the calendar icon on the Start Date line and set the End Date by clicking the calendar icon on the End Date line. 6. Set the Start Time by manually entering or clicking the time box on the Start Date line and set the End Time by manually entering or clicking the time box on the End Date line. Note: After performing steps 5-6, you can set a time in the Duration box to collect trace data for a particular length of time. If you want to collect the latest trace data, after setting the duration, click the Refresh time/date to the latest available data.
button to adjust the start and end
7. (Optional) If you want to use a predefined or customize a quick filter, see the Filtering section. 8. In the Save On section, select whether to save the file to the nGenius InfiniStream, the nGeniusONE server, or to your system. If saving to an nGenius InfiniStream appliance or the nGeniusONE server, select the folder into which you want to place the file. 9. Enter the file name in the File Name field. You only need to enter the file name. The PCAP extension is added automatically. 10. Check the Overwrite box if overwriting an existing file. This step is optional. 11. Click Export to save the file. If you chose to save the file on your local machine, the file is most often saved to your browser Download folder. 12. The Export Status section of the tab displays the status of the export (such as: Preparing, percentage completed, and Complete). 13. If you want to cancel an export, click the of the tab.
indicator that appears at the bottom
Data Capture To launch a Data Capture, do the following:
227
nGeniusONE 5.4.1 Online Help Topics
1. Select the interface on which you want to perform the Capture. You can select a single interface on a single nGenius InfiniStream appliance. 2. Select the Slice Size (number of packet bytes displayed) of the packets you wish to capture from the drop-down box. The default is 2048 bytes. 3. Select the Buffer Size of the data capture from the drop-down box. The default is one megabyte.
228
TROUBLESHOOTING ISSUES 4. (Optional) Click Use SSL Decryption to view decrypted SSL encrypted packets if your nGeniusONE user ID is configured to decrypt SSL encrypted packets. 5. (Optional, unchecked by default) Check the Use previously saved settings box to have the last saved filter automatically fill in. To reset the filter settings, clear the check box and change the appropriate settings. When you start the capture, your settings are saved for the next session. 6. (Optional) If you want to use a quick filter, see the Filtering section. 7. (Optional) In the Save On section, select whether to save the file to the nGenius InfiniStream, the nGeniusONE server, or to your system. If saving to an nGenius InfiniStream appliance or the nGeniusONE server, select the folder into which you want to place the file. a. Enter the file name in the File Name field. You only need to enter the file name. The PCAP extension is added automatically. b. Check the Overwrite box if overwriting an existing file. This step is optional. c. If you wish to save the data capture without viewing, click Save. You can open it later using the Trace Archive. d. If you want to cancel an export, click the at the bottom of the tab.
indicator that appears
8. Click the Start button on the right hand side of the pane to start the Data Capture. 9. The capture progress displays in the Show Capture Statistics section of the Capture tab. 10. Once complete or when you press the Stop button, you can either Decode or Save the capture trace. To decode the trace, see step 11. To Save the trace, see step 7. 11. Click Decode to view the Data Capture Decode.
Filtering Open the Define Filter accordion by clicking the
button. The Filter dialog displays.
1. Select either a predefined filter (Decode only) by clicking the Choose from predefined filters radio button or click Create your own Quick Filter to create a custom quick filter. Note: Predefined filter selection is only supported in Decode operations. 2. If choosing a predefined filter, click the drop-down box in the drop-down box and select your filter. 3. If entering a custom filter, do the following: a. Select an application on which you wish to filter by clicking the to filter.
drop-down box and select the application you wish
b. (Optional) You can sort on particular protocols, IP addresses, or port numbers. You can select up to four Applications with two IP Address/Port combinations. This means for each protocol, you can sort on two IP
229
nGeniusONE 5.4.1 Online Help Topics addresses, two port numbers, or one of each. Enter a source IP address or port number by entering data in the first IP Address/Port box that follows the application you selected. To enter a destination IP address or port, enter data in the second IP Address/Port box. You can enter data in either or both IP Address/Port boxes. If you enter data in both boxes, the filter selects packets that contain the specified source and destination information you provide. Each IP Address/Port box works as an AND operator to its complement. Important: When entering IPv6 addresses in filters, surround the IPv6 address with brackets []. For example, ipv6==[fda2:7043:e658:e556:0123:4567:89ab:cdef/128] or ipv6==[fda2:7043:e658:e556:0123:4567:89ab:cdef/128]:8080 4. If you want to filter additional applications, click the button to add another application filter. Repeat step 3 for the new application. When using more than one custom filter, each filter is treated independently (each filter works as an OR operator). 5. To remove a custom filter, click the
230
button next to the filter you wish to remove.
TROUBLESHOOTING ISSUES
Launch Enhanced Decode The Launch Enhanced Decode feature allows you to narrow your Decode view to TCP frames. A TCP Enhanced Decode displays additional TCP-specific information (such as tcp.window_size, tcp.info_bytes_in_flight, tcp.alarm, etc.). The Enhanced Decode is based on a unique IP address and port pair combination derived by the packet on which you click before launching Enhanced Decode. Enhanced Decode is useful in analyzing and differentiating whether an issue is related to the server or the network. For example, your network has remote clients connecting to servers on high-capacity (10Gb throughput) links. An issue may arise where there is slow or bad processing of client requests. This may cause the entire link to appear slow or unreachable. In a case like this, the TCP Window size may equal zero, which could cause the server to stop sending packets. Enhanced Decode gives you greater insight into TCP stack behavior. This insight saves time by indicating a client/server issue, rather than following the path of diagnosing a network/link problem. To launch an Enhanced Decode, do the following:
1. From the Decode view, select a packet and click the Launch Enhanced Decode button. 2. The TCP Enhanced Decode view displays.
231
nGeniusONE 5.4.1 Online Help Topics
A toolbar is provided at the top of the Summary panel allowing you to perform the following operations, as shown in the image and described in the table below: Return to the Managed Entities (Data Mining or Trace Archive) screen Navigate to launched decode sessions. Stop mining. This stops data mining and returns the results it has accumulated. View Options Save As
IP SEC Decrypt
Decode As
More Options - includes Export (Print to File) Show Graph View
232
TROUBLESHOOTING ISSUES
Click to access online help Close decode. This closes the decode session and returns you to either the Data Mining or Trace Archive main view. Scroll Up one packet Scroll Down one packet Select the packet number you wish to view Go to First packet
Go to Last packet
Go to Marked frame (in Data Capture, this is the first frame in the trace) Expand and Collapse all layers in pane Expand and Collapse pane 3. When you click on a packet and examine the TCP section of the Detail pane, you see a new field named Additional Info. When you expand the Additional Info field, various TCP information derived from the packet displays.
233
nGeniusONE 5.4.1 Online Help Topics
4. To view more detailed information, click the Show Graph View the TCP Graph.
234
button to launch
TROUBLESHOOTING ISSUES
Show Graph View The Show Graph View provides an additional level of visibility into TCP packets by graphically displaying additional TCP information derived from the packets contained in the Enhanced Decode. To launch the TCP Graph: 1. From the Enhanced Decode view, click the Show Graph View
button.
2. The TCP Graph displays in the Summary pane of the Enhanced Decode view. The left-hand Y axis displays the TCP Window size in bytes. The right-hand Y axis displays the TCP Bytes in Flight value in bytes. You can toggle the X axis to display packet times or packet numbers. Any additional TCP information derived by Packet Analysis is displayed in the TCP Graph.
3. You can click the available fields in the view to show or hide them. 4. You can also click the Toggle X axis packet number.
to display the TCP Graph by time or by
235
nGeniusONE 5.4.1 Online Help Topics TCP Graph Displayed over Time
TCP Graph Displayed by Packet 5. To return to the standard Summary view (exit the TCP Graph), click the Show Table View
236
button.
TROUBLESHOOTING ISSUES
Quick Filter From the Summary panel of the Decode View, you can choose the Quick Filter menu option to run a Context, Connection, or Application Filter on your trace data. To use the Quick Filter: 1. Click a packet in the Summary View 2. Click the Quick Filter
button.
3. A dialog box opens with information relevant to the packet you selected; select the type of filter operation you wish to perform (Context, Connection, or Application)
Connection Filter
237
nGeniusONE 5.4.1 Online Help Topics
Application Filter
Context Filter 4. You can automatically run the filter as displayed or you can customize the filter further. See the Filter Constructor topic for more information on filter syntax. 5. Click Apply. The filter automatically runs and the filtered data is displayed.
238
TROUBLESHOOTING ISSUES
Using the Filter Constructor Creating and managing filters is an essential component of successful packet analysis. Filters help you isolate the information you need when you perform a protocol decode or view a trace file. Creating a filter allows you to define parameters that are represented in the filter as specific bit patterns. •
When you apply a Data Mining (pre-capture) filter to a protocol decode, every packet detected on the selected interface is compared to the bit pattern defined by your filter. All packets that match the filter criteria are copied to the capture buffer.
•
When you apply a post-capture filter to a protocol decode, each packet in the file is compared to the filter to further define your focus.
Note: If you use Advanced Terms in a filter, that filter is only supported as a postcapture filter. A message displaying This filter uses Advanced Terms. Advanced Terms are only supported in post-decode filters appears in the Status Bar when using Advanced Terms. Also, post-capture filter files do not appear in views where only Data Mining filters are supported.
Filter Builder Topic Sections The Filter Builder topic is broken into the following sections. Click the link to go to the appropriate section: •
The Filter Constructor Dialog Box
•
Filter Management
•
Filter Operations
•
Filter Operators
•
Filter Terms •
Basic Terms
•
Advanced Terms
•
Filter Syntax
•
Viewing Filtered Packets
•
Saving Filters
Filter Management You can create a filter as a Shared or Private filter. Shared filters are visible by all users of nGeniusONE. Any user can use, edit, rename, or delete shared filters. The Private filters are only available to the user who created them for use, modification, and deletion.
Filter Operations There are three basic filter operations: create, rename, and delete. The table below explains the procedure for each operation.
239
nGeniusONE 5.4.1 Online Help Topics
Operation
Procedure
Create
To create a new filter, click on Shared or Private (in the Filter List section) and click the New button. The Filter Builder automatically adds a filter_ (time in epoch). When you open the Filter Builder, there is a filter_ (which is blank) filter file in the Filter List you can use to create a new filter.
Edit
To edit a filter, click on the filter name in the Filter List. The syntax appears in the Expression area. You can edit directly from there.
Rename
To rename a filter, click on the filter in the Filter List and click Rename. Enter the new name in the dialog box that appears and click OK.
Delete
To delete a filter, click on the filter in the Filter List and click Delete. Click OK in the dialog box to confirm the filter delete.
Filter Operators Use the following operators to create your filter: Operators ()
Optional parentheses you can put around the expression. For example, (ip==10.2.3.4)
==
Equals
!=
Does not equal
&&
And
||
Or
!
Do not include packets that have the specified term - used as ! (filter term) Note: Only one filter term is supported with a NOT operator.
and
And
not
Do not include packets that have the specified term - used as not (filter term) Note: Only one filter term is supported with a NOT operator.
or
Or
Filter Terms There are two types of filter terms - Basic Terms and Advanced Terms.
240
TROUBLESHOOTING ISSUES Basic Terms – There are standard terms provided as part of packet analysis infrastructure without having to decode the packets. These terms offer quicker filter results. Basic Terms can be used in both pre- and post-capture filtering. Basic Terms - used for data mining or post-capture filtering application
Type of application (for example, application==FTP or application!=Telnet. The list of available applications corresponds to the list of active applications in nGeniusONE Global Settings)
eth
Ethernet (MAC) address (aa:bb:cc:dd:ee:ff format, for example eth==08:00:8c:01:02:03)
eth.src
Source Ethernet (MAC) address (aa:bb:cc:dd:ee:ff format, for example - eth.src==08:00:8c:01:02:03)
eth.dst
Destination Ethernet (MAC) address (aa:bb:cc:dd:ee:ff format, for example - eth.dst==08:00:8c:01:02:03)
ethernet
Ethernet address (MAC) information
ip
IP Address in octet form (for example - ip==192.168.200.12)
ip.src
Source IP Address in octet form (for example ip.src==192.168.200.12)
ip.dst
Destination IP Address in octet form (for example ip.dst==192.168.200.12)
ipv6
Internet Protocol version 6 information (for example ipv6==fda2:7043:e658:e556:0123:4567:89ab:cdef)
Advanced Terms – These are standard terms provided as part of packet analysis infrastructure and require packet decode. These terms are slower providing filter results. Advanced terms are restricted to post-capture filtering. Advanced Terms - used for post-capture filtering When entering terms, if you put a period (.) character after the term, a list may appear (if available for that term) with more specific terms to allow you to drill down further into the packet data. 802_1ad
IEEE 802.1 AD information
802_1ah
IEEE 802.1 AH information
802_1q
VLAN 802.1Q information
ansi_map
ANSI Map information
application
Application type - Free text (for example application==http)
bpdu
Bridge Protocol Data Unit information
browser
Browser information
241
nGeniusONE 5.4.1 Online Help Topics
cisco_vntag
Cisco Virtual Network tag information
cpim
Common Profile for Instant Messaging information
disl
Cisco Dynamic Inter-Switch Link information
dsmcc
Digital Storage Media Command and Control information
dssetup
Directory Services Setup information
eps_mm
Evolved Packet System Mobility Management information
eps_sm
Evolved Packet System Session Management information
eth
Ethernet (MAC Address) information
ethernet
Ethernet (MAC Address) information
eurex_emdi
Eurex Enhanced Market Date Interface information
fc
Fibre Channel information
fc_els
Fibre Channel Extended Link Service
fcoe
Fibre Channel over Ethernet information
fip
Fibre Channel over Ethernet (FCoE) Initiation Protocol
iccp_mms
Inter-Control Center Communications Protocol Multimedia Message Service information
ice_impact_m
ICE iMpact information
ima
Independent Management Architecture information
imsi
International Mobile Subscriber Identity
ip
Internet Protocol information
ipars
International Program Airline Reservation System information
ipv4
IP version 4 information
ipv6
Internet Protocol version 6 information
ise_mdi_fast
International Securities Exchange Market Data Interface FAST information
isl
Cisco Inter-Switch Link information
isup
ISDN User Part information
lcc ldap
Lightweight Directory Address Protocol information
llc
Link Layer Control information
lse-gtp
242
TROUBLESHOOTING ISSUES
lse_mitch m3ua
MTP Layer 3 User Adaptation Layer information
map
Mobile Information Part (MAP) information
matip
Mapping of Airline Traffic over Internet Protocol information
mime
Multi-Purpose Internet Mail Extensions information
mpls
Multi-Protocol Label Switching information
ms_oxcrpc
Microsoft Exchange Remote Procedure Call information
msisdn
Mobile Station Integrated Services Digital Network
ospf
Open Shortest Path First information
packet
Packet information
pattern[-]
You can search on the hexadecimal pattern in the Hex pane of the Protocol Decode view. For more information, see the Pattern Filter topic. Note: After the word pattern, enter the beginning and end data offsets (use decimal numbers for the byte numbers) in brackets (for example, pattern[2629]==0a0a000a).
plain_text port
Port Number (integer or range of integers between 1 - 65535; for example - port==1024, port==80-1024)
port.src
Source Port Number (integer or range of integers between 1 65535; for example - port.src==1024, port.src==80-1024)
port.dst
Destination Port Number (integer or range of integers between 1 65535; for example - port.dst==1024, port.dst==80-1024)
ppp
Point-to-Point Protocol information
ptc_c ptc_d rtpevent
RTP Event information
sctp
Stream Control Transmission Protocol information
sctp _data
SCTP data information
sender_compid Value used to identify firm sending packets sgsap
SGs intergace Application Part information
sip
Session Initiation Protocol information
sipfrag
SIP fragment information
243
nGeniusONE 5.4.1 Online Help Topics
sms_im
Short Messaging Service Instant Message information
ssl
Secure Socket Layer information
target_compid Value used to identify firm receiving packets tcp
TCP Information
tcp.port
TCP Port Number (integer or range of integers between 1 - 65535; for example - tcp.port==1024, tcp.port==80-1024)
tcp.src
TCP Source Port Number (integer or range of integers between 1 65535; for example - tcp.src==1024, tcp.src==80-1024)
tcp.dst
TCP Destination Port Number (integer or range of integers between 1 - 65535; for example - tcp.dst==1024, tcp.dst==801024)
text
Text in Detail or Summary panes. To search in the Summary pane use the text.summary=="text" convention. To search in the Detail pane use the text.detail=="text". Note: Enter the text to be searched in double quotes.
tls
Transport Layer Security information
tos
Type of Service (integer [decimal or hexadecimal]; for example tos==12, tos==12b)
udp
UDP Information
udp.port
UDP Port Number (integer or range of integers between 1 65535; for example - udp.port==1024, udp.port==80-1024)
udp.src
UDP Source Port Number (integer or range of integers between 1 65535; for example - udp.src==1024, udp.src==80-1024)
udp.dst
UDP Destination Port Number (integer or range of integers between 1 - 65535; for example - udp.dst==1024, udp.dst==801024)
url
Uniform Resource Locator (web site, for example url==www.netscout.com)
vlan
Virtual LAN information
xml
eXtensible Markup Language information
xre
XML User Interface Language (XUL) Runtime Environment information
Protocol-Specific Advanced Terms When entering terms, if you put a period (.) character after the term, a list may appear (if available for that term) with more specific terms to allow you to drill down further into the packet data.
244
TROUBLESHOOTING ISSUES
alp
Appliance Link Protocol information
amex
American Express credit card information
arp
Address Resolution Protocol information
bfd
Cisco Bidirectional Forwarding Detection information
bgp
Border Gateway Protocol (BGP) information
bittorrent
BitTorrent Protocol information
bssap
BSS Application Part information
bssap+
BSS Application Part Plus information
bssgp
BSSGP (Base Station System GPRS Protocol) information
cdp
Cisco Discovery Protocol information
cgp
Common Gateway Protocol information
citrix
Citrix protocol information
citrix_cgp
Citrix CGP information
citrix_ica
Citrix Independent Computing Architecture (ICA) information
dhcp
Dynamic Host Control Protocol information
dhcpv6
DHCP version 6 information
diameter
Diameter protocol information
discover
Discover credit card information
dns
Domain Name Service information
ftp
FTP (File Transfer Protocol) information
hsrp
Hot Standby Router Protocol information
hsrpv2
Hot Standby Router Protocol version 2 information
http
Hypertext Transmission Protocol information
ibm_mq
IBM Market Query information
genband
GENBAND information
gprs_gmm
General Packet Radio Services (GPRS) GPRS Mobility Management information
gprs_llc
General Packet Radio Services (GPRS) Logical Link Control information
gprs_sm
General Packet Radio Services (GPRS) Session Management information
245
nGeniusONE 5.4.1 Online Help Topics
gprs_sndcp
General Packet Radio Services (GPRS) Sub Network Dependence Convergence Protocol information
gsm_dtap
Global System for Mobile Communications Direct Transfer Application sub-Part information
gsm_rp
Global System for Mobile Communications Relay Protocol information
gsm_sms
Global System for Mobile Communications Short Messaging Service
gtp_prime
GTP (GPRS Tunneling Protocol) information
gtpc_v1
GTP version 1 information
gtpu
GTP version 1 information
gtpv2
GTP version 2 information
hsrp
Hot Standby Router Protocol information
hsrpv2
Hot Standby Router Protocol version 2 information
http
HTTP information
ibm_mq
IBM WebSphere MQ information
ica
Citrix Independent Computing Architecture (ICA) information
ica_sb
Citrix ICA Server Browser Flow information
icmp
ICMP (Internet Control Message Protocol) information
ldap
Lightweight Directory Address Protocol information
loop
Configuration Testing Protocol (Loop) information
maestro_debit Maestro pre-paid MasterCard information master_credit
MasterCard credit card information
mbcp
Media Burst Control Protocol information
mop_rc
Maintenance Operations Protocol Remote Console information
msrp
Message Session Relay Protocol information
mysql
My SQL protocol information
netb
Microsoft NetBIOS information
netflow
NetFlow datagram information
nsip
Network Services over IP information
ntp
Network Time Protocol information
oracle_sql
Oracle SQL information
246
TROUBLESHOOTING ISSUES
oracle_tns
Oracle Transparent Network Substrate information
pim
Protocol Independent Multi-Cast information
ranap
Radio Access Network Application Part protocol information
rtcp
RTP Control Protocol information
rtp
Real-Time Protocol information
rtsp
Real-Time Streaming Protocol information
s1ap
S1 Application Protocol (S1AP) information
sccp
Skinny Client Control Protocol information
sccp_ss7
SCCP Signaling System number 7 information
sdp
Session Description Protocol information
sip
Session Initiation Protocol information
smb
Server Message Block protocol information
smb2
SMB version 2 protocol information
smbmsp
SMB Mail Service Protocol information
smbtcp
SMB on TCP information
snap
Sub-Network Access Protocol information
snmp
Simple Network Management Protocol information
soap
Simple Object Access Protocol information
ssdp
Simple Service Directory Protocol information
ssh
Secure Shell (SSH) information
tcap
Transaction Capabilities Application Part information
tds
Tabular Data System Protocol information
telnet
Telnet protocol information
union_pay
UnionPay credit card processing information
vrrp
Virtual Router Redundancy Protocol information
wins
Windows Internet Naming Service information
xcap
XML Configuration Access Protocol information
xmpp
Extensible Messaging and Presence Protocol information
x2ap
X2 Application Protocol information
To build a filter, enter syntax using the following terms. When you finish entering terms, click Apply to run the filter (without saving) or Save to save the filter:
247
nGeniusONE 5.4.1 Online Help Topics Note: The Apply button is active only in post-capture filters.
The Filter Constructor Dialog Box When you click the Filter Constructor
button, the Filter Constructor dialog box appears.
When the Filter Constructor dialog box is opened, the Expression screen is blank and there are no filters selected. You can choose a variety of operations to perform: •
Enter filter syntax
•
View filtered packets
•
Click on a filter to display its Filter Terms and/or apply the filter
•
Run a Quick Filter
248
TROUBLESHOOTING ISSUES
Filter Syntax
To enter filter syntax, type the terms, operators, and options in the Expression screen. The terms are described in the Filter Terms section. The Expression screen is red when there is incorrect syntax. The Expression screen turns green when correct syntax is entered. For example, you could enter the following in the Expression screen: (ip==10.2.3.4) and (port!=80) if you wanted to get packets that contain the IP address 10.2.3.4 and come on all ports except 80. For most applications listed in the table, you can enter only the application name in the Expression screen and click Save or the Apply button. This automatically saves/executes a filter that just searches for packets matching the selected application. To clear out the information in the Expression screen, click the Clear
button.
If you do not enter any value with a Filter Term and the Expression screen turns green, this means you can filter on packets that contain that particular field. When entering Filter Terms, if you close the Filter Constructor and reopen it before exiting the particular decode session, the information in the Expression Screen is saved for you. Filter Term Granularity When entering terms, if you put a period (.) character after the term, a list may appear (if available for that term) with more specific terms to allow you to drill down further into the packet data. Select the appropriate granulated term from the drop-down list to filter on a
249
nGeniusONE 5.4.1 Online Help Topics more specific attribute of a Filter Term. Some examples of the granulated terms contained in the drop-down boxes are in the following images:
250
TROUBLESHOOTING ISSUES
Viewing Filtered Packets After you build or load a capture filter, the packets that meet the filter conditions are displayed in a new Protocol Decode view. You can return to the previous decode session by clicking the Navigate to Launched Decode Sessions button
. From the previous decode session, you can load or build a different
filter to see other packet data from the original trace. Click the Filter Constructor button and build or load another filter. You can have up to eight filters or Bounce Chart sessions running concurrently. You can also create another filter from the packets that you filtered previously. Click the Filter Constructor button
and build or load another filter.
You can have up to eight filters running, whether they are separate filters or nested filters. Packets that were previously filtered display with different colored lines.
Saving Filters When you apply a filter, the filter terms automatically save into the Private folder with the name last_filter. When you create a filter and want to save it, click the Save the save dialog box:
button and enter a name in
251
nGeniusONE 5.4.1 Online Help Topics
Other ways to save filters are: •
When you click the Add Filter
button in either the Shared or Private folder, add
your filter terms, and click the Save
button, the filter is saved with a system
generated name. You can click the Rename Filter name. •
When you click the Add Filter button in either the Shared or Private folder, add your filter terms, the filter is given with a system generated name. You can click the Rename Filter
•
252
button and change the filter
button, change the filter name, and click the Save
Select the last_filter, click the Rename Filter name.
button.
button, and change the filter
TROUBLESHOOTING ISSUES
Using the Pattern Filter You can search on a particular byte pattern by doing the following: There are two ways to use the Pattern filter term. 1. This method involves using a predetermined pattern and knowing on which bytes you find that pattern. a. Determine the pattern and the byte offset on which you want to search. b. Launch the Filter Constructor. c. Enter the byte offset (in decimal) and the byte pattern (hexadecimal) to search (for example, pattern[26-29]==0a0a000a) in the Expression screen. d. Save or click Apply to filter on the desired pattern. 2. This method involves selecting a particular pattern from the Detail pane of the Decode window. Open a Decode window. a. From a packet that contains the pattern you wish to search, click the desired pattern in the Detail Pane.
b. Click Apply to start the filter operation.
253
nGeniusONE 5.4.1 Online Help Topics c. The filtered results display.
254
TROUBLESHOOTING ISSUES
Exporting a Trace File Click the Save button to export a trace file to your nGeniusONE server, your nGenius InfiniStream appliance, or to your client system.
To launch the trace file export, do the following: 1. Select the interface(s) on which you want to perform the Save. You can select more than one interface by holding down the or key and clicking on the desired interfaces. You can select more than one interface on a single nGenius InfiniStream appliance. 2. Click the Save button on the right hand side of the pane.
255
nGeniusONE 5.4.1 Online Help Topics 3. (Optional, unchecked by default) Check the Use previously saved Time and Filter settings box to have the last saved time interval and filter automatically fill in. To reset the time interval and filter settings, clear the check box and change the appropriate settings. When you click Save, your settings are saved for the next session. 4. Open the Time Zone drop-down box and select a time zone if you wish to adjust the packet timestamps to a particular time zone. This step is optional. Adjusting the time zone is useful if you have devices in different time zones from the nGeniusONE server and you want to adjust to a local time. You can select either the server time zone, client time zone, or any of the major time zones from the drop-down list. 5. Set the Start Date by clicking the calendar icon on the Start Date line. 6. Set the End Date by clicking the calendar icon on the End Date line. 7. Set the Start Time by manually entering or clicking the time box on the Start Date line. 8. Set the End Time by manually entering or clicking the time box on the End Date line. 9. (Optional) If you want to use a predefined or customize a quick filter, see the Filtering section. 10. In the Save On section, select whether to save the file to the nGenius InfiniStream, the nGeniusONE server, or to your system. If saving to an nGenius InfiniStream appliance or the nGeniusONE server, select the folder into which you want to place the file. 11. Enter the file name in the File Name field. You only need to enter the file name. The PCAP extension is added automatically. 12. Check the Overwrite box if overwriting an existing file. This step is optional. 13. Click Save to save the file. If you chose to save the file on your local machine, the file is most often saved to your browser Download folder. During the export, the Export Status field displays the status of the export process (such as Preparing, percentage completed, or Complete). 14. If you want to cancel an export, click the of the tab.
indicator that appears at the bottom
15. To view the trace file, go to the Trace Archive Viewer.
Filtering Open the Define Filter accordion by clicking the
button. The Filter dialog displays.
1. Select either a predefined filter (Decode only) by clicking the Choose from predefined filters radio button or click Create your own Quick Filter to create a custom quick filter. Note: Predefined filter selection is only supported in Decode operations. 2. If choosing a predefined filter, click the drop-down box in the drop-down box and select your filter. 3. If entering a custom filter, do the following:
256
TROUBLESHOOTING ISSUES a. Select an application on which you wish to filter by clicking the to filter.
drop-down box and select the application you wish
b. (Optional) You can sort on particular protocols, IP addresses, or port numbers. You can select up to four Applications with two IP Address/Port combinations. This means for each protocol, you can sort on two IP addresses, two port numbers, or one of each. Enter a source IP address or port number by entering data in the first IP Address/Port box that follows the application you selected. To enter a destination IP address or port, enter data in the second IP Address/Port box. You can enter data in either or both IP Address/Port boxes. If you enter data in both boxes, the filter selects packets that contain the specified source and destination information you provide. Each IP Address/Port box works as an AND operator to its complement. Important: When entering IPv6 addresses in filters, surround the IPv6 address with brackets []. For example, ipv6==[fda2:7043:e658:e556:0123:4567:89ab:cdef/128] or ipv6==[fda2:7043:e658:e556:0123:4567:89ab:cdef/128]:8080 4. If you want to filter additional applications, click the button to add another application filter. Repeat step 3 for the new application. When using more than one custom filter, each filter is treated independently (each filter works as an OR operator). 5. To remove a custom filter, click the
button next to the filter you wish to remove.
257
nGeniusONE 5.4.1 Online Help Topics
Bounce Charts in nGeniusONE From the Summary pane of the Protocol Decode view, you can select an IP (TCP, UDP, or SCTP) packet to launch a Bounce Chart view. The Bounce Chart displays the flow of packets exchanged in the stream to which the selected packet belongs. The Bounce Chart includes time data to enable you to do quicker response time analysis of the stream. The Bounce Chart displays the source and destination IP addresses and ports associated with the session. Note: You must select an IP-based packet (TCP, UDP, or SCTP) to launch a Bounce Chart. Each transaction on the connection is represented by a separate entry in the Bounce Chart that displays the following information: •
Packet number
•
Absolute Time
•
Packet Interpretation - contains the following information: o
Internet Protocol (IP) type
o
Destination Port
o
o
Source Port Packet Length
•
Latency Time
•
Interface name or trace file name
•
Packet direction - when you mouse over the arrow, the following displays:
•
o
Source IP address
o
Source port
o
Destination IP address
o
Destination Port
Application Type (when column is selected using the Customize Columns feature)
Summary Panel Toolbar A toolbar is provided at the top of the Summary panel allowing you to perform the following operations, as shown in the image and described in the table below:
258
TROUBLESHOOTING ISSUES
Return to the Managed Entities (Data Mining or Trace Archive) screen Navigate to launched decode sessions Stop Mining. This stops data mining and returns the results it has accumulated. Launch Quick Filter Direction of packet flow. You can choose left to right only (-->), right to left only (<---), or both directions (<--->) Customize Columns Save As View Options Scroll Up one packet Scroll Down one packet Select the packet number you wish to view Top packet Bottom packet Go to Marked frame Exit the Bounce Chart Session and return to the Protocol Decode The following conditions apply to the Bounce Chart view: •
You can launch (per user) a maximum of eight Bounce Chart views and filter sessions combined.
•
Bounce Chart views must be launched from the Summary pane of the Protocol Decode view; you cannot launch a Bounce Chart view from a Protocol Decode while the decode is in process. If you click the Stop Decode the Bounce Chart feature is available.
button to stop a decode,
259
nGeniusONE 5.4.1 Online Help Topics
Viewing Bounce Charts From the Summary Toolbox of the Protocol Decode view, you can select an IP (TCP, UDP, or SCTP) packet to launch a Bounce Chart view. The Bounce Chart displays the flow of packets exchanged in the stream to which the selected packet belongs. The Bounce Chart includes time data to enable you to do quicker response time analysis of the stream. The Bounce Chart displays the source and destination IP addresses and ports associated with the session. Note: You must select an IP-based packet (TCP, UDP, or SCTP) to launch a Bounce Chart. Click here for information on Enhanced Bounce Charts. Each transaction on the connection is represented by a separate entry in the Bounce Chart that displays the following information: •
Packet number
•
Absolute Time
•
Packet Interpretation - contains the following information: o
Internet Protocol (IP) type
o
Destination Port
o
o
Source Port Packet Length
•
Latency Time
•
Interface name or trace file name
•
Packet direction - when you mouse over the arrow, the following displays:
•
o
Source IP address
o
Source port
o
Destination IP address
o
Destination Port
Application Type (when column is selected using the Customize Columns feature)
The following conditions apply to the Bounce Chart view: •
You can launch (per user) a maximum of eight Bounce Chart views and filter sessions combined.
•
Bounce Chart views must be launched from the Summary pane of the Protocol Decode view; you cannot launch a Bounce Chart view from a Protocol Decode while the decode is in process. If you click the Stop Decode the Bounce Chart feature is available.
button to stop a decode,
To launch a Bounce Chart, click a packet in the Summary Panel of the Protocol Decode view and click the Bounce Chart button. When a Bounce Chart opens, the view splits and the new view looks like the following image:
260
TROUBLESHOOTING ISSUES
Summary Panel Toolbar A toolbar is provided at the top of the Summary panel allowing you to perform the following operations, as shown in the image and described in the table below: Return to the Managed Entities (Data Mining or Trace Archive) screen Navigate to launched decode sessions. Stop Bounce Chart. This stops data mining and returns the results it has accumulated. Launch Quick Filter Direction of packet flow. You can choose left to right only (--->), right to left only (<---), or both directions (<--->) Customize Columns View Options Save As Click to access online help Close decode. This closes the Bounce Chart and returns you to the previous Protocol Decode view. Scroll Up one packet Scroll Down one packet Select the packet number you wish to view Go to First packet
261
nGeniusONE 5.4.1 Online Help Topics
Go to Last packet Go to Marked frame Exit the Bounce Chart Session and return to the Protocol Decode
262
TROUBLESHOOTING ISSUES
Enhanced Bounce Chart Bounce Chart views display the flow of packets exchanged in the stream to which a selected packet belongs. With an nGenius InfiniStream, Enhanced Bounce Chart views are also available. Enhanced Bounce Charts display timestamps in packets exchanged between a pair of hosts through multiple network segments. As packets hop across the network, many factors can delay these packets. Enhanced Bounce Charts help you find where these delays occur. nGeniusONE supports bounce charts with up to seven hops for TCP or UDP streams. On an InfiniStream (or multiple InfiniStream systems), you can launch an Enhanced Bounce Chart view on up to seven physical interfaces. While Bounce Charts are available for TCP-, UDP-, or SCTP-based applications, Enhanced Bounce Charts are supported for TCP- or UDP-based applications only. You can run up to eight Bounce Chart or filter sessions concurrently. To launch an Enhanced Bounce Chart view: 1. From the Packet Analysis -> Data Mining view, select up to seven InfiniStream physical interfaces on which you wish to perform the Enhanced Bounce Chart. To select additional interfaces, press the key and click on all interfaces you wish to have in the Enhanced Bounce Chart. Note: this version of nGeniusONE only supports the Enhanced Bounce Chart on interfaces that reside on a single InfiniStream. 2. Select the Start and End date/time. 3. (Optional) Select a Data Filter from the drop-down list. 4. Click Submit to start the Protocol Decode. 5. From the Protocol Decode view, select a packet on which you want to see the Enhanced Bounce Chart. 6. Click the Bounce Chart button. The Enhanced Bounce Chart displays. You can see the Latency Time, direction of the packet, and on which interface the packet was captured.
263
nGeniusONE 5.4.1 Online Help Topics
Summary Panel Toolbar A toolbar is provided at the top of the Summary panel allowing you to perform the following operations, as shown in the image and described in the table below: Return to the Managed Entities (Data Mining or Trace Archive) screen Navigate to launched decode sessions. Customize Columns View Options Launch Quick Filter Direction of packet flow. You can choose left to right only (--->), right to left only (<---), or both directions (<--->)
264
TROUBLESHOOTING ISSUES
Stop Bounce Chart. This stops data mining and returns the results it has accumulated.
Go Up/Down by one packet Select the packet number you wish to view
Go to First/Last packet Go to Marked frame Exit the Bounce Chart Session and return to the Protocol Decode
265
nGeniusONE 5.4.1 Online Help Topics
Performing Remote Analysis Decode
Viewing Decoded Packets After you specify your analysis criteria and perform a decode, the results are displayed in three panels that work together to show you the various protocol layers embedded in a packet (for more information on each of the panels, click the associated link): •
Summary Panel Toolbar
•
Summary
•
Detail
•
Hex
Note: When using SSL Decryption to decrypt packets, the first HTTP packet captured is 25 bytes less than the actual packet size. For example, if the first HTTP packet is 240 bytes, Packet Analysis only displays 215 bytes in the Hex portion of the Decode pane and shows that only 215 bytes were captured in the Detail pane.
Masking User Identifiable Information nGeniusONE packet decode supports masking certain User Identifiable Information (UII) from data packets. When enabled, the Detail and Hex panes of the decode view display a series of "X" characters where you would normally find the UII. Currently, you can mask the following packet information in the Decode packets: •
SMS user content (from GSM)
•
SMS Instant Message user content
266
TROUBLESHOOTING ISSUES •
IMSI data from: RANAP, GPRS_GMM, EPS_MM, SgSAP, GTPv1, GTPv2, MM, BSSGP, GMM, S1AP
•
IMEI data from: RANAP, GPRS_GMM, EPS_MM, SgSAP, GTPv1, GTPv2, MM, GMM, S1AP
•
MSISDN data from: GTPv1, GTPv2, CC
•
SIP Uniform Resource Indicator (URI)
•
SIP Display Name
•
SIP URI user part
•
HTTP User Resource Indicator
To enable the UII data masking, you must disable the View User Identity user role for any user from which you want to hide this information. When disabling this role, the user does not see UII when exporting the packet data. For more information on User Roles, please see the Predefined User Roles online help topic. Important: The View User Identity user role only applies to the nGeniusONE user interface. Enabling or disabling it has no effect on output derived from the Unified Management Console (UMC).
Summary Panel Toolbar A toolbar is provided at the top of the Summary panel allowing you to perform the following operations, as shown in the image and described in the table below: Return to the Managed Entities (Data Mining or Trace Archive) screen Navigate to launched decode sessions. Stop mining. This stops data mining and returns the results it has accumulated. Quick Filter Filter Constructor Bounce Chart Compare Two Decode Windows Side By Side Launch Enhanced Decode View Options Save As IP SEC Decrypt
267
nGeniusONE 5.4.1 Online Help Topics
Decode As More Options - includes Export (Print to File), Column Management (Customize Columns) Click to access online help Close decode. This closes the decode session and returns you to either the Data Mining or Trace Archive main view. Scroll Up one packet Scroll Down one packet Select the packet number you wish to view Go to First packet Go to Last packet Go to Marked frame Expand and Collapse all layers in pane Expand and Collapse pane
Summary Panel The Summary panel is at the top of each Decode sub-tab. It gives you a condensed view of the decoded packets’ source and destination addresses, the highest layer protocol in each packet, and various timing information. The Summary panel is the only panel that shows several packets at once. Although each packet is abbreviated and condensed, you can see at a glance the sequence and context of the packets. You can then examine individual packets in greater detail or skip over them. Scroll through the Summary panel to see the entries for each of the decoded packets. Selecting a packet causes the Detail and Hex panels to update with decode information for the selected packet. Summary Panel Fields The Summary panel includes the following fields for each displayed packet: Field Packet
268
Description The Summary panel lists packets sequentially in the same order in which they were received. Each packet is assigned a sequential number to make it easy to move around in the Summary panel. You can move quickly to a particular
TROUBLESHOOTING ISSUES packet number by entering it in the Go To packet box at the top of the display. Absolute Time
The time when the last byte of the packet was received. At that time, nGenius InfiniStream timestamps the packet. All other time displays are based on this value.
Relative Time You can select a particular packet in a data trace as a baseline for timing (Optional) packets (by default, the Relative Mark is set for the first packet). The Relative Time column calculates the time difference (up to the nanosecond) from the marked packet. Packets above the marked packet display negative numbers and packets below the marked packet display positive numbers.
Delta Time
The interval between the current packet’s timestamp and that of the preceding packet.
Size
The length of the packet, not including the CRC bits.
Source
The source address for this packet: By default, the Summary panel shows the network layer address, if present. If it is not present, the MAC address is shown.
Destination
The destination address for this packet. Destination addresses are shown in the same way as source addresses.
Interpretation An abbreviated description of the packet’s contents. The exact data shown will depend on the packet, but may include destination and source port
269
nGeniusONE 5.4.1 Online Help Topics numbers, ACK numbers, sequence numbers, and so on. If Show Top Layer is enabled in the Tools menu, only one line (for the highest enabled protocol level) is shown. If Show All Layers is enabled in the Tools menu, the Summary panel shows one line for each protocol level contained in a packet. Status
Displays a packet status if the packet is one of the following: ACK, PSH, RST, FIN
Capture Size Displays the amount of packet data captured (this may be less than the actual packet size) Source MAC
MAC address of the source system
Destination MAC
MAC address of the destination system
Source Port
Port number coming from the source system
Destination Port
Port number going into the destination system
Interface
Interface number from which the data was captured
Cumulative Bytes
Total bytes of the data capture (increments with each subsequent packet)
Detail Panel The Detail panel is in the middle of each Decode sub-tab. It shows the detailed contents of the packet currently selected in the Summary panel. Each protocol layer of the packet is interpreted and displayed. The first line in the Detail panel provides some metadata on the decoded packet – its packet number in the Summary panel, its length as displayed, and its length as captured. Any differences between the two length values is the result of packet slicing on the capturing nGenius InfiniStream appliance. Following the packet metadata, the layers of the packet are arranged with the lowest protocol layer at the top of the panel and then work their way down to the highest protocol layers. Initially, each of the layers is shown with a one-line summary. You can cascade open layers to see the full interpretation of each field and parameter in the layer (VLAN tags, TCP header fields, application layer commands, etc.). If you want to expand all the packet layers at one time, click the Expand All Layers button. To collapse all the packet layers, click the Collapse All Layers To expand the size of the panel window, click the Move Up window, click the Move Down
270
button.
button.
button. To collapse the panel
TROUBLESHOOTING ISSUES Selecting Portions of a Packet in the Detail Panel You can expand a packet in the Detail panel and select different layers or fields using the mouse. When you do so, the highlight in the Hex panel updates according to the line selected in the Detail panel so you can see exactly which hex code corresponds to which layer or field in the packet.
Hex Panel The Hex panel is at the bottom of each Decode sub-tab. It shows both the hexadecimal and ASCII interpretation of the packet selected in the Summary panel. The highlight in the Hex panel updates according to the line selected in the Detail panel so you can see exactly which hex code corresponds to which layer or field in the packet. The hex portion of the panel shows each byte as two hex characters, 00 to FF, with a blank between successive bytes. The bytes are arranged 16 to a row in a full-width table. The far left column shows the offset from the beginning of the packet, which allows you to readily calculate each field’s location in the packet. To expand the size of the panel window, click the Move Up window, click the Move Down
button. To collapse the panel
button.
The ASCII portion of the panel shows the translations for the hex codes using either ASCII, Extended ASCII, or EBCDIC transliteration. To toggle between an ASCII and EBCDIC view, click the ASCII
or EBCDIC
buttons.
You can copy the bytes from the Hex Panel to your clipboard. Select any or all bytes in the Hex or ASCII/EBCDIC portion of the Hex Panel, right-click your mouse, and choose Copy.
271
nGeniusONE 5.4.1 Online Help Topics
Column Management in nGeniusONE Packet Analysis The Column Management feature allows you to customize your decode view by adding or removing columns. The left side of the pane displays the columns you are currently viewing. The right side of the pane displays columns that are available for view. To access Column Management, click the More Management.
icon from the toolbar and select Column
To add a column to your view, click on the column's + sign. You can also click Add All to add all the columns to the view. To add a new profile or select a different profile, either enter the new profile name in the Profile Name dialog box or click the arrow to select an existing profile. To make the select profile a default profile for your user ID, check the box next to Set this as default Column Profile. The default profile always reverts to its original configuration. To remove a column from your view, click the column's - sign. When you are done, click Save to save the changes to the profile or OK to commit changes. You can click Reset to restore the default column view.
Custom Columns There is a Custom Column Builder which you can use to add additional fields to your decode. The available terms include many field level terms found in the Filter Constructor.
272
TROUBLESHOOTING ISSUES To see if a term is available, type the first few letters of the term. A list appears with the available terms from which you can select. For example, you can add a custom field named Application that displays the application name derived from Global Settings. To see sub-fields associated with each term, enter a period (.) after the term and a list of available sub-terms appears (if there are any). To add a custom column to your view, click on the column's + sign. To remove a custom column, click the red "x" in the column field. Note: You can change the column configuration in the default profile after renaming it.
273
nGeniusONE 5.4.1 Online Help Topics
Navigate to Launched Decode Sessions You can change the decode session on the right hand pane by clicking the Navigate to Launched Decode Sessions Decode sessions.
button. A dialog box opens that displays all of the open
This dialog box displays all of the active decode sessions. Filtered decodes are located under the original Packet Decode and have a Filter-x (x being a number) designation. Enhanced Decodes have an (E) designation after the session name. From this dialog box, you can perform one of the following tasks: •
Change the Decode session by double-clicking on another session in the list
•
Rename a Decode session by clicking the rename icon in the dialog box that appears
•
Close a Decode session by clicking the
•
Stop a session mining by clicking the
•
When examining a filtered session, click the For example:
274
and changing the name
button button button to see the filter information.
TROUBLESHOOTING ISSUES
Navigate to Launched Capture Sessions You can change the Data Capture session on the right hand pane by clicking the Navigate to Launched Capture Sessions Data Capture sessions.
button. A dialog box opens that displays all of the open
From this dialog box, you can perform one of the following tasks: •
Change the Decode session by double-clicking on another session in the list
•
Stop a capture session by clicking the
button
275
nGeniusONE 5.4.1 Online Help Topics
Decoding Ports as a Specified Application You can use the Decode As feature to decode ports in a data capture as a certain application. For example, traffic on port 8080 appears in the decode window and decodes as a TCP application. The user can map port 8080 to decode as HTTP.
Procedure 1. From the Protocol Decode tab, click the Decode As
button.
2. Select either Source or Destination from the Location drop-down list. 3. Enter the Port number of the source or destination packet on which you want to perform the operation. If you scroll on a packet, its port number is filled in, based on whether you selected Source or Destination in the Location field. 4. Select (check the box next to IP) if you want to only select packets containing the displayed IP address. 5. Select the application with you wish to decode the data from the Forced Protocol field. Click the
276
button for a list of available protocols.
TROUBLESHOOTING ISSUES 6. (Optional) To view the currently mapped ports, click the Show Mapping button. To delete a port map, click the Delete button. To hide the port mapping, click Hide Mapping.
Note: Port Mappings are derived from previously saved forced protocols from the current or prior Decode As sessions. Port mapping only applies to the outer (tunneled) layer when you use the Decode As feature on tunneled packets. 7. Click Apply. When you apply a forced protocol, it is saved as a protocol mapping in future sessions. You can see these previously configured forced protocols in the Show Mappings link in the Decode As dialog box.
277
nGeniusONE 5.4.1 Online Help Topics
Using Compare Mode in nGeniusONE The Decode display provides a Compare mode that lets you simultaneously view the Summary, Detail, and Hex panel decodes for two packets. The following procedure explains how to use Compare mode. 1. Start by selecting the first packet for comparison by clicking its entry in the Summary panel. This is the "anchor" packet – once you are in Compare mode, you can compare any other packet to it by selecting entries in the Summary panel. 2. Click the Compare button
at the top of the Decode display.
3. Select the second packet for comparison by clicking its entry in the other Summary panel (it appears on the right of the anchor packet Summary panel). The Summary, Detail, and Hex panels show the decodes for the two packets side-by-side with the anchor packet initially on the left. 4. You can change the second packet selected for comparison by clicking another packet in the Summary panel. 5. You can also change the Decode session on the right hand pane. See Comparing Packets from Two Different Decode Sessions for more information. 6. Change the anchor packet using either of the following methods:
278
•
Double-click the Summary panel of the packet to be used as the anchor.
•
Exit Compare mode, select a new packet as an anchor, and then reenter Compare mode.
TROUBLESHOOTING ISSUES
Summary Panel Toolbar A toolbar is provided at the top of the each pane allowing you to perform the following operations, as shown in the image and described in the table below: Return to the Managed Entities (Data Mining or Trace Archive) screen Navigate to launched decode sessions. Customize Columns Scroll Up one packet Scroll Down one packet Select the packet number you wish to view Go to First packet Go to Last packet Expand or collapse window panel Expand or Collapse all layers in Summary window Click to exit the Compare Decode window (right hand pane only)
Comparing Packets from Two Different Decode Sessions You can change the decode session on the right hand pane by clicking the Navigate to Launched Decode Sessions Decode sessions.
button. A dialog box opens that displays all of the open
From this dialog box, you can perform one of the following tasks:
279
nGeniusONE 5.4.1 Online Help Topics •
Change the Decode session by clicking on another session in the list
•
Close a Decode session by clicking the x button
After you select another Decode session, it opens on the right hand pane. Packets that were filtered in other Decode sessions display with different colored highlights around the packet.
280
TROUBLESHOOTING ISSUES
Saving a Trace File Remotely The Remote Save feature allows you to save a trace file to either the nGenius InfiniStream appliance, the nGeniusONE server, or to the user system. If saving an encrypted trace you have decoded, the decoded packets are saved in the new trace file.
To perform the Remote Save, do the following: 1. Enter a file name. 2. Select the file type from the drop-down box. 3. In the Save On section, select whether to save the file to the nGenius InfiniStream, the nGeniusONE server, or to your system. If saving to an nGenius InfiniStream appliance or the nGeniusONE server, select the folder into which you want to place the file. 4. Select either all packets or enter a range of packets to save. 5. Click Save to perform the save operation.
281
nGeniusONE 5.4.1 Online Help Topics
Printing (Export) a Trace File The Print to File (Export) feature allows you to export any or all of the Summary, Detail, and Hex panes from a data trace to a Comma Separated Value (.CSV) file for printing or other file operations. You can print all the packets in a trace or a range of packets. You can export data from a decode session performed in Data Mining or on files in the Trace Archive. Note: Some Enhanced Decode fields are not included when performing a trace file print (export) The Relative Time columns are not included when performing a trace file print (export)
To use the Print to File feature, do the following: 1. Enter a file name (in the text box next to File Name) for the export file. When the file is exported, it is placed in your browser Download folder. 2. Ensure that Comma Separated values (*.csv) is selected in the drop-down box next to File Type. This feature currently only supports export to CSV files. 3. In the Export What section, you can select to export any or all of the following by checking the box next to the name: Summary, Detail, Hex.
282
TROUBLESHOOTING ISSUES 4. In the Packets section select whether you want to export All Frames or a range of frames (Frames Range). If you select a range of frames, you can enter a single packet number or a group of packets. To export a single packet, enter the packet number. To export a group of packets, enter the first packet number, a dash key (-), and the last packet number. If you wish to export more than one single packet or range of packets, separate the values you enter with commas. 5. Click OK to export the packets or Cancel to quit this screen. 6. Depending on your browser, you may be prompted whether you want to save or print the file. 7. Look in your browser Download folder for the export (CSV) file.
283
nGeniusONE 5.4.1 Online Help Topics
Configure IP SEC Decryption The IP SEC Decrypt feature allows you to decode and view the packet contents of IP SEC (IP Security) encrypted packets. IP SEC Decryption – IP SEC (IP Security) is a method of encrypting IP packets for secure transmission over a secure IP tunnel and decrypting the packets on the destination system. nGeniusONE supports IP SEC Decryption for local trace files in addition to remote Protocol Decode sessions. nGeniusONE Packet Analysis performs post-capture decoding of the IP SEC encrypted packet data and allows you so see the unencrypted packet data. You can configure IP SEC Decryption to work with the following options: •
Protocol – IPv4 or IPv6
•
Source and Destination IP addresses of the packets you wish to decrypt
•
The following encryption types are supported: NULL, TripleDES-CBC, AES-CBC, AESCTR, DES-CBC, CASTS-CBC, BLOWFISH-CBC, TWOFISH-CBC
•
User-provided encryption key
•
The following authentication methods are supported: NULL, HMAC-SHA-1-96, HMACSHA-256-96, HMAC-SHA-256-128, HMAC-MD5-96, MAC-RESPEMD-160-96, Any 96/128/192/256 bit authentication
•
User-provided authentication key
284
TROUBLESHOOTING ISSUES To perform IP SEC decryption on an nGenius InfiniStream Protocol Decode or archived trace file, do the following:
Protocol Decode Decryption 1. From Packet Analysis -> Data Mining, select an nGenius InfiniStream interface and execute a Protocol Decode. 2. Click on an ESP packet in the Protocol Decode view. 3. Click the IP SEC Decrypt
button.
4. From the IP Security Configuration dialog box, enter the following information to configure the IP SEC decryption: a. Select the Protocol from the Protocol drop-down box. The available options are IPv4 and IPv6. b. Enter the IP address of the source of the encrypted flow in the Source IP field. c. Enter the IP address of the destination of the encrypted flow in the Destination IP field. d. Leave the SPI (Security Parameter Index) in the SPI field as the default asterisk (*). e. Select your encryption type from the Encryption drop-down box. The available options are: NULL, TripleDES-CBC, AES-CBC, AES-CTR, DESCBC, CASTS-CBC, BLOWFISH-CBC, TWOFISH-CBC f. Enter the encryption key used for the encryption in the previous step in the Encryption Key field. This can be ASCII text or hexadecimal digits. Click the Show/Hide button to display the key (Show) or as a series of dots (Hide). g. Select the authentication type from the Authentication drop-down box. The available options are: NULL, HMAC-SHA-1-96, HMAC-SHA-256-96, HMAC-SHA-256-128, HMAC-MD5-96, MAC-RESPEMD-160-96, ANY 96 bit authentication, ANY 128 bit authentication, ANY 192 bit authentication, ANY 256 bit authentication h. Enter the authentication key used for the authentication algorithm in the previous step in the Authentication Key field. This can be ASCII text or hexadecimal digits. Click the Show/Hide button to display the key (Show) or as a series of dots (Hide). 5. Click Decrypt to decrypt the packet trace.
Decrypting a Local Trace file 1. From Packet Analysis -> Trace Archive, either open the saved trace file or add a trace file. 2. Perform a Protocol Decode of the trace file. Select the trace file and click the Submit button. 3. Click on an ESP packet in the Protocol Decode view. 4. Click the IP SEC Decrypt
button.
285
nGeniusONE 5.4.1 Online Help Topics 5. From the IP Security Configuration dialog box, enter the following information to configure the IP SEC decryption: a. Select the Protocol from the Protocol drop-down box. The available options are IPv4 and IPv6. b. Enter the IP address of the source of the encrypted flow in the Source IP field. c. Enter the IP address of the destination of the encrypted flow in the Destination IP field. d. Leave the SPI (Security Parameter Index) in the SPI field as the default asterisk (*). e. Select your encryption type from the Encryption drop-down box. The available options are: NULL, TripleDES-CBC, AES-CBC, AES-CTR, DESCBC, CASTS-CBC, BLOWFISH-CBC, TWOFISH-CBC f. Enter the encryption key used for the encryption in the previous step in the Encryption Key field. This can be ASCII text or hexadecimal digits. Click the Show/Hide button to display the key (Show) or as a series of dots (Hide). g. Select the authentication type from the Authentication drop-down box. The available options are: NULL, HMAC-SHA-1-96, HMAC-SHA-256-96, HMAC-SHA-256-128, HMAC-MD5-96, MAC-RESPEMD-160-96, ANY 96 bit authentication, ANY 128 bit authentication, ANY 192 bit authentication, ANY 256 bit authentication h. Enter the authentication key used for the authentication algorithm in the previous step in the Authentication Key field. This can be ASCII text or hexadecimal digits. Click the Show/Hide button to display the key (Show) or as a series of dots (Hide). 6. Click Decrypt to decrypt the packet trace.
286
TROUBLESHOOTING ISSUES
Packet View - Before and After IP SEC Decryption The screen captures below display a packet that is IP SEC encrypted and the decrypted version of that packet. See packet number 8 in the trace for the decryption/encryption.
287
nGeniusONE 5.4.1 Online Help Topics
288
TROUBLESHOOTING ISSUES
Quick View The View Options allow you to set the following: •
Time - you can set the granularity of packet data to seconds, milliseconds, microseconds, or nanoseconds.
•
All Layers/Top Layers - you can select to view all layers or just the top layer in the Summary View pane.
•
Resolved/UnResolved - you can select whether to display the resolved name or unresolved MAC and IP addresses in the Source and Destination columns of the decode summary pane. This function supports both the inner and outer IP addresses of tunneled packets.
•
Tunneled IP - you can select whether to display the inner or outer IP address of a tunneled packet in the Summary pane. By default, the outer IP address is displayed.
•
Column Display Option - you can select whether to view all the columns you selected to display in the window (each column compresses to fit) or view as full size columns where you scroll across the window to view columns that run out of the window.
•
Set/Reset Relative Mark - you can select a particular packet in a data trace as a baseline for timing packets (by default, the Relative Mark is set for the first packet). The Relative Time column calculates the time difference (up to the nanosecond) from the marked packet. Packets above the marked packet display negative numbers and packets below the marked packet display positive numbers. Note: When launching an Enhanced Decode, the Relative Mark feature is automatically set to the first packet.
289
nGeniusONE 5.4.1 Online Help Topics
Trace Archive
Using the Packet Analysis Trace Archive The nGeniusONE Trace Archive is one of the main screens for the nGeniusONE-based Packet Analysis. All of the saved trace files are listed on this screen. The nGeniusONE Packet Analysis Trace Archive is a repository that you can keep on an nGeniusONE server and/or nGenius InfiniStream appliance. This repository allows you to save data traces and recall them at a point in the future when you want to perform packetlevel forensic analysis on the saved data. When viewing the tabs, you see a list of Monitored Elements from which you can select and display a list of saved trace files. There is a search icon that allows you to locate a particular IP address, element/domain name, or alias. Also, each field in the Monitored Element or Network Domain list has the option to sort a field in ascending or descending order. To sort the list, click the Sort Ascending/Descending button next to the field name on which you want to sort. When viewing the list of trace files stored on a particular element, you can use the click the Sort Ascending/Descending button to sort the file list by Name, Trace Size, or Date.
Refresh Filter Constructor Save a copy of trace file Change name of trace file Move trace between folders
290
TROUBLESHOOTING ISSUES Save trace on desktop Add file to list Remove trace file from server and list User Settings Navigate to launched decode sessions Click to access online help
To decode a saved trace file, do the following: 1. Select the Monitored Element on which the file resides. When you click the Monitored Element and the appropriate folder (Shared or Private), the list of saved trace files appears on the action box on the right side of the screen. 2. Click on the file you wish to decode. The file name appears in the action box on the right side of the screen. 3. (Optional) Click Use SSL Decryption to decrypt SSL encrypted packets if your nGeniusONE user ID is configured to decrypt SSL encrypted packets. 4. Click Decode. The Decode View opens.
291
nGeniusONE 5.4.1 Online Help Topics
Performing Remote Analysis Decode
Viewing Decoded Packets After you specify your analysis criteria and perform a decode, the results are displayed in three panels that work together to show you the various protocol layers embedded in a packet (for more information on each of the panels, click the associated link): •
Summary Panel Toolbar
•
Summary
•
Detail
•
Hex
Note: When using SSL Decryption to decrypt packets, the first HTTP packet captured is 25 bytes less than the actual packet size. For example, if the first HTTP packet is 240 bytes, Packet Analysis only displays 215 bytes in the Hex portion of the Decode pane and shows that only 215 bytes were captured in the Detail pane.
Masking User Identifiable Information nGeniusONE packet decode supports masking certain User Identifiable Information (UII) from data packets. When enabled, the Detail and Hex panes of the decode view display a series of "X" characters where you would normally find the UII. Currently, you can mask the following packet information in the Decode packets: •
SMS user content (from GSM)
•
SMS Instant Message user content
292
TROUBLESHOOTING ISSUES •
IMSI data from: RANAP, GPRS_GMM, EPS_MM, SgSAP, GTPv1, GTPv2, MM, BSSGP, GMM, S1AP
•
IMEI data from: RANAP, GPRS_GMM, EPS_MM, SgSAP, GTPv1, GTPv2, MM, GMM, S1AP
•
MSISDN data from: GTPv1, GTPv2, CC
•
SIP Uniform Resource Indicator (URI)
•
SIP Display Name
•
SIP URI user part
•
HTTP User Resource Indicator
To enable the UII data masking, you must disable the View User Identity user role for any user from which you want to hide this information. When disabling this role, the user does not see UII when exporting the packet data. For more information on User Roles, please see the Predefined User Roles online help topic. Important: The View User Identity user role only applies to the nGeniusONE user interface. Enabling or disabling it has no effect on output derived from the Unified Management Console (UMC).
Summary Panel Toolbar A toolbar is provided at the top of the Summary panel allowing you to perform the following operations, as shown in the image and described in the table below: Return to the Managed Entities (Data Mining or Trace Archive) screen Navigate to launched decode sessions. Stop mining. This stops data mining and returns the results it has accumulated. Quick Filter Filter Constructor Bounce Chart Compare Two Decode Windows Side By Side Launch Enhanced Decode View Options Save As IP SEC Decrypt
293
nGeniusONE 5.4.1 Online Help Topics
Decode As More Options - includes Export (Print to File), Column Management (Customize Columns) Click to access online help Close decode. This closes the decode session and returns you to either the Data Mining or Trace Archive main view. Scroll Up one packet Scroll Down one packet Select the packet number you wish to view Go to First packet Go to Last packet Go to Marked frame Expand and Collapse all layers in pane Expand and Collapse pane
Summary Panel The Summary panel is at the top of each Decode sub-tab. It gives you a condensed view of the decoded packets’ source and destination addresses, the highest layer protocol in each packet, and various timing information. The Summary panel is the only panel that shows several packets at once. Although each packet is abbreviated and condensed, you can see at a glance the sequence and context of the packets. You can then examine individual packets in greater detail or skip over them. Scroll through the Summary panel to see the entries for each of the decoded packets. Selecting a packet causes the Detail and Hex panels to update with decode information for the selected packet. Summary Panel Fields The Summary panel includes the following fields for each displayed packet: Field Packet
294
Description The Summary panel lists packets sequentially in the same order in which they were received. Each packet is assigned a sequential number to make it easy to move around in the Summary panel. You can move quickly to a particular
TROUBLESHOOTING ISSUES packet number by entering it in the Go To packet box at the top of the display. Absolute Time
The time when the last byte of the packet was received. At that time, nGenius InfiniStream timestamps the packet. All other time displays are based on this value.
Relative Time You can select a particular packet in a data trace as a baseline for timing (Optional) packets (by default, the Relative Mark is set for the first packet). The Relative Time column calculates the time difference (up to the nanosecond) from the marked packet. Packets above the marked packet display negative numbers and packets below the marked packet display positive numbers.
Delta Time
The interval between the current packet’s timestamp and that of the preceding packet.
Size
The length of the packet, not including the CRC bits.
Source
The source address for this packet: By default, the Summary panel shows the network layer address, if present. If it is not present, the MAC address is shown.
Destination
The destination address for this packet. Destination addresses are shown in the same way as source addresses.
Interpretatio An abbreviated description of the packet’s contents. The exact data shown will n depend on the packet, but may include destination and source port numbers, ACK numbers, sequence numbers, and so on.
295
nGeniusONE 5.4.1 Online Help Topics If Show Top Layer is enabled in the Tools menu, only one line (for the highest enabled protocol level) is shown. If Show All Layers is enabled in the Tools menu, the Summary panel shows one line for each protocol level contained in a packet. Status
Displays a packet status if the packet is one of the following: ACK, PSH, RST, FIN
Capture Size Displays the amount of packet data captured (this may be less than the actual packet size) Source MAC
MAC address of the source system
Destination MAC
MAC address of the destination system
Source Port
Port number coming from the source system
Destination Port
Port number going into the destination system
Interface
Interface number from which the data was captured
Cumulative Bytes
Total bytes of the data capture (increments with each subsequent packet)
Detail Panel The Detail panel is in the middle of each Decode sub-tab. It shows the detailed contents of the packet currently selected in the Summary panel. Each protocol layer of the packet is interpreted and displayed. The first line in the Detail panel provides some metadata on the decoded packet – its packet number in the Summary panel, its length as displayed, and its length as captured. Any differences between the two length values is the result of packet slicing on the capturing nGenius InfiniStream appliance. Following the packet metadata, the layers of the packet are arranged with the lowest protocol layer at the top of the panel and then work their way down to the highest protocol layers. Initially, each of the layers is shown with a one-line summary. You can cascade open layers to see the full interpretation of each field and parameter in the layer (VLAN tags, TCP header fields, application layer commands, etc.). If you want to expand all the packet layers at one time, click the Expand All Layers button. To collapse all the packet layers, click the Collapse All Layers To expand the size of the panel window, click the Move Up window, click the Move Down
296
button.
button.
button. To collapse the panel
TROUBLESHOOTING ISSUES Selecting Portions of a Packet in the Detail Panel You can expand a packet in the Detail panel and select different layers or fields using the mouse. When you do so, the highlight in the Hex panel updates according to the line selected in the Detail panel so you can see exactly which hex code corresponds to which layer or field in the packet.
Hex Panel The Hex panel is at the bottom of each Decode sub-tab. It shows both the hexadecimal and ASCII interpretation of the packet selected in the Summary panel. The highlight in the Hex panel updates according to the line selected in the Detail panel so you can see exactly which hex code corresponds to which layer or field in the packet. The hex portion of the panel shows each byte as two hex characters, 00 to FF, with a blank between successive bytes. The bytes are arranged 16 to a row in a full-width table. The far left column shows the offset from the beginning of the packet, which allows you to readily calculate each field’s location in the packet. To expand the size of the panel window, click the Move Up window, click the Move Down
button. To collapse the panel
button.
The ASCII portion of the panel shows the translations for the hex codes using either ASCII, Extended ASCII, or EBCDIC transliteration. To toggle between an ASCII and EBCDIC view, click the ASCII
or EBCDIC
buttons.
You can copy the bytes from the Hex Panel to your clipboard. Select any or all bytes in the Hex or ASCII/EBCDIC portion of the Hex Panel, right-click your mouse, and choose Copy.
297
nGeniusONE 5.4.1 Online Help Topics
Launch Enhanced Decode The Launch Enhanced Decode feature allows you to narrow your Decode view to TCP frames. A TCP Enhanced Decode displays additional TCP-specific information (such as tcp.window_size, tcp.info_bytes_in_flight, tcp.alarm, etc.). The Enhanced Decode is based on a unique IP address and port pair combination derived by the packet on which you click before launching Enhanced Decode. Enhanced Decode is useful in analyzing and differentiating whether an issue is related to the server or the network. For example, your network has remote clients connecting to servers on high-capacity (10Gb throughput) links. An issue may arise where there is slow or bad processing of client requests. This may cause the entire link to appear slow or unreachable. In a case like this, the TCP Window size may equal zero, which could cause the server to stop sending packets. Enhanced Decode gives you greater insight into TCP stack behavior. This insight saves time by indicating a client/server issue, rather than following the path of diagnosing a network/link problem. To launch an Enhanced Decode, do the following:
1. From the Decode view, select a packet and click the Launch Enhanced Decode button. 2. The TCP Enhanced Decode view displays.
298
TROUBLESHOOTING ISSUES
A toolbar is provided at the top of the Summary panel allowing you to perform the following operations, as shown in the image and described in the table below: Return to the Managed Entities (Data Mining or Trace Archive) screen Navigate to launched decode sessions. Stop mining. This stops data mining and returns the results it has accumulated. View Options Save As IP SEC Decrypt Decode As More Options - includes Export (Print to File) Show Graph View Click to access online help Close decode. This closes the decode session and returns you to either the Data Mining or Trace Archive main view. Scroll Up one packet Scroll Down one packet
299
nGeniusONE 5.4.1 Online Help Topics
Select the packet number you wish to view Go to First packet Go to Last packet Go to Marked frame (in Data Capture, this is the first frame in the trace) Expand and Collapse all layers in pane
Expand and Collapse pane 3. When you click on a packet and examine the TCP section of the Detail pane, you see a new field named Additional Info. When you expand the Additional Info field, various TCP information derived from the packet displays.
4. To view more detailed information, click the Show Graph View the TCP Graph.
300
button to launch
TROUBLESHOOTING ISSUES
Show Graph View The Show Graph View provides an additional level of visibility into TCP packets by graphically displaying additional TCP information derived from the packets contained in the Enhanced Decode. To launch the TCP Graph: 1. From the Enhanced Decode view, click the Show Graph View
button.
2. The TCP Graph displays in the Summary pane of the Enhanced Decode view. The left-hand Y axis displays the TCP Window size in bytes. The right-hand Y axis displays the TCP Bytes in Flight value in bytes. You can toggle the X axis to display packet times or packet numbers. Any additional TCP information derived by Packet Analysis is displayed in the TCP Graph.
3. You can click the available fields in the view to show or hide them. 4. You can also click the Toggle X axis packet number.
to display the TCP Graph by time or by
301
nGeniusONE 5.4.1 Online Help Topics TCP Graph Displayed over Time
TCP Graph Displayed by Packet 5. To return to the standard Summary view (exit the TCP Graph), click the Show Table View
302
button.
TROUBLESHOOTING ISSUES
Adding Trace Files The Add Trace Files (importing) feature allows you to import a trace file from your client system and store it on the nGeniusONE server.
To import a file, do the following: 1. Click the Browse button to select the capture file you wish to import. 2. Select whether you want to put it in the Private or Shared folder by using the dropdown box. 3. Click Overwrite if you are replacing an existing trace file. 4. Click Upload to upload the file to the server. 5. Click Close to close this screen.
303
nGeniusONE 5.4.1 Online Help Topics
Moving a Trace File This feature allows you to move a trace file from the Shared folder to the Private folder and also move files from the Private folder to the shared folder. To move a file, do the following: 1. Select the trace file from the list. 2. Click the Move Trace Between Folders button. 3. In the dialog box, select the folder from the drop-down box into which you want to move the trace file. 4. Click OK to move the file.
304
TROUBLESHOOTING ISSUES
Renaming a Trace File This feature allows you to rename an existing trace file. To rename a trace file, do the following: 1. Select the trace file from the list. 2. Click the Rename Trace File button. 3. Enter the new file name. 4. Click OK to change the file name.
305
nGeniusONE 5.4.1 Online Help Topics
Save a Copy of a Trace File This feature allows you to save a copy of a trace file by another name or into a different folder. This may be useful if you want to grant access to the file but maintain the original trace file. To copy a trace file, do the following: 1. Select the trace file from the list. 2. Click the Save a copy of Trace File button. 3. Either keep the original name or enter a new name on the Filename line. 4. Select the folder from the Folder drop-down list. 5. Click OK to save the copy of the trace file.
306
TROUBLESHOOTING ISSUES
Configure IP SEC Decryption The IP SEC Decrypt feature allows you to decode and view the packet contents of IP SEC (IP Security) encrypted packets. IP SEC Decryption – IP SEC (IP Security) is a method of encrypting IP packets for secure transmission over a secure IP tunnel and decrypting the packets on the destination system. nGeniusONE supports IP SEC Decryption for local trace files in addition to remote Protocol Decode sessions. nGeniusONE Packet Analysis performs post-capture decoding of the IP SEC encrypted packet data and allows you so see the unencrypted packet data. You can configure IP SEC Decryption to work with the following options: •
Protocol – IPv4 or IPv6
•
Source and Destination IP addresses of the packets you wish to decrypt
•
The following encryption types are supported: NULL, TripleDES-CBC, AES-CBC, AESCTR, DES-CBC, CASTS-CBC, BLOWFISH-CBC, TWOFISH-CBC
•
User-provided encryption key
•
The following authentication methods are supported: NULL, HMAC-SHA-1-96, HMACSHA-256-96, HMAC-SHA-256-128, HMAC-MD5-96, MAC-RESPEMD-160-96, Any 96/128/192/256 bit authentication
•
User-provided authentication key
307
nGeniusONE 5.4.1 Online Help Topics To perform IP SEC decryption on an nGenius InfiniStream Protocol Decode or archived trace file, do the following:
Protocol Decode Decryption 1. From Packet Analysis -> Data Mining, select an nGenius InfiniStream interface and execute a Protocol Decode. 2. Click on an ESP packet in the Protocol Decode view. 3. Click the IP SEC Decrypt
button.
4. From the IP Security Configuration dialog box, enter the following information to configure the IP SEC decryption: a. Select the Protocol from the Protocol drop-down box. The available options are IPv4 and IPv6. b. Enter the IP address of the source of the encrypted flow in the Source IP field. c. Enter the IP address of the destination of the encrypted flow in the Destination IP field. d. Leave the SPI (Security Parameter Index) in the SPI field as the default asterisk (*). e. Select your encryption type from the Encryption drop-down box. The available options are: NULL, TripleDES-CBC, AES-CBC, AES-CTR, DESCBC, CASTS-CBC, BLOWFISH-CBC, TWOFISH-CBC f. Enter the encryption key used for the encryption in the previous step in the Encryption Key field. This can be ASCII text or hexadecimal digits. Click the Show/Hide button to display the key (Show) or as a series of dots (Hide). g. Select the authentication type from the Authentication drop-down box. The available options are: NULL, HMAC-SHA-1-96, HMAC-SHA-256-96, HMAC-SHA-256-128, HMAC-MD5-96, MAC-RESPEMD-160-96, ANY 96 bit authentication, ANY 128 bit authentication, ANY 192 bit authentication, ANY 256 bit authentication h. Enter the authentication key used for the authentication algorithm in the previous step in the Authentication Key field. This can be ASCII text or hexadecimal digits. Click the Show/Hide button to display the key (Show) or as a series of dots (Hide). 5. Click Decrypt to decrypt the packet trace.
Decrypting a Local Trace file 1. From Packet Analysis -> Trace Archive, either open the saved trace file or add a trace file. 2. Perform a Protocol Decode of the trace file. Select the trace file and click the Submit button. 3. Click on an ESP packet in the Protocol Decode view. 4. Click the IP SEC Decrypt
308
button.
TROUBLESHOOTING ISSUES 5. From the IP Security Configuration dialog box, enter the following information to configure the IP SEC decryption: a. Select the Protocol from the Protocol drop-down box. The available options are IPv4 and IPv6. b. Enter the IP address of the source of the encrypted flow in the Source IP field. c. Enter the IP address of the destination of the encrypted flow in the Destination IP field. d. Leave the SPI (Security Parameter Index) in the SPI field as the default asterisk (*). e. Select your encryption type from the Encryption drop-down box. The available options are: NULL, TripleDES-CBC, AES-CBC, AES-CTR, DESCBC, CASTS-CBC, BLOWFISH-CBC, TWOFISH-CBC f. Enter the encryption key used for the encryption in the previous step in the Encryption Key field. This can be ASCII text or hexadecimal digits. Click the Show/Hide button to display the key (Show) or as a series of dots (Hide). g. Select the authentication type from the Authentication drop-down box. The available options are: NULL, HMAC-SHA-1-96, HMAC-SHA-256-96, HMAC-SHA-256-128, HMAC-MD5-96, MAC-RESPEMD-160-96, ANY 96 bit authentication, ANY 128 bit authentication, ANY 192 bit authentication, ANY 256 bit authentication h. Enter the authentication key used for the authentication algorithm in the previous step in the Authentication Key field. This can be ASCII text or hexadecimal digits. Click the Show/Hide button to display the key (Show) or as a series of dots (Hide). 6. Click Decrypt to decrypt the packet trace.
Packet View - Before and After IP SEC Decryption The screen captures below display a packet that is IP SEC encrypted and the decrypted version of that packet. See packet number 8 in the trace for the decryption/encryption.
309
nGeniusONE 5.4.1 Online Help Topics
310
TROUBLESHOOTING ISSUES
Saving a Trace File Remotely The Remote Save feature allows you to save a trace file to either the nGenius InfiniStream appliance, the nGeniusONE server, or to the user system. If saving an encrypted trace you have decoded, the decoded packets are saved in the new trace file.
To perform the Remote Save, do the following: 1. Enter a file name. 2. Select the file type from the drop-down box. 3. In the Save On section, select whether to save the file to the nGenius InfiniStream, the nGeniusONE server, or to your system. If saving to an nGenius InfiniStream appliance or the nGeniusONE server, select the folder into which you want to place the file. 4. Select either all packets or enter a range of packets to save. 5. Click Save to perform the save operation.
311
nGeniusONE 5.4.1 Online Help Topics
Bounce Charts in nGeniusONE From the Summary pane of the Protocol Decode view, you can select an IP (TCP, UDP, or SCTP) packet to launch a Bounce Chart view. The Bounce Chart displays the flow of packets exchanged in the stream to which the selected packet belongs. The Bounce Chart includes time data to enable you to do quicker response time analysis of the stream. The Bounce Chart displays the source and destination IP addresses and ports associated with the session. Note: You must select an IP-based packet (TCP, UDP, or SCTP) to launch a Bounce Chart. Each transaction on the connection is represented by a separate entry in the Bounce Chart that displays the following information: •
Packet number
•
Absolute Time
•
Packet Interpretation - contains the following information: o
Internet Protocol (IP) type
o
Destination Port
o
o
Source Port Packet Length
•
Latency Time
•
Interface name or trace file name
•
Packet direction - when you mouse over the arrow, the following displays: o
o
Destination IP address
o
Destination Port
o •
Source IP address Source port
Application Type (when column is selected using the Customize Columns feature)
Summary Panel Toolbar A toolbar is provided at the top of the Summary panel allowing you to perform the following operations, as shown in the image and described in the table below:
312
TROUBLESHOOTING ISSUES
Return to the Managed Entities (Data Mining or Trace Archive) screen Navigate to launched decode sessions Stop Mining. This stops data mining and returns the results it has accumulated. Launch Quick Filter Direction of packet flow. You can choose left to right only (--->), right to left only (<---), or both directions (<--->) Customize Columns Save As View Options Scroll Up one packet Scroll Down one packet Select the packet number you wish to view Top packet Bottom packet Go to Marked frame Exit the Bounce Chart Session and return to the Protocol Decode The following conditions apply to the Bounce Chart view: • You can launch (per user) a maximum of eight Bounce Chart views and filter sessions combined. • Bounce Chart views must be launched from the Summary pane of the Protocol Decode view; you cannot launch a Bounce Chart view from a Protocol Decode while the decode is in process. If you click the Stop Decode the Bounce Chart feature is available.
button to stop a decode,
313
nGeniusONE 5.4.1 Online Help Topics
Viewing Bounce Charts From the Summary Toolbox of the Protocol Decode view, you can select an IP (TCP, UDP, or SCTP) packet to launch a Bounce Chart view. The Bounce Chart displays the flow of packets exchanged in the stream to which the selected packet belongs. The Bounce Chart includes time data to enable you to do quicker response time analysis of the stream. The Bounce Chart displays the source and destination IP addresses and ports associated with the session. Note: You must select an IP-based packet (TCP, UDP, or SCTP) to launch a Bounce Chart. Click here for information on Enhanced Bounce Charts. Each transaction on the connection is represented by a separate entry in the Bounce Chart that displays the following information: • Packet number • Absolute Time • Packet Interpretation - contains the following information: o
Internet Protocol (IP) type
o
Destination Port
o
o
Source Port Packet Length
• Latency Time • Interface name or trace file name • Packet direction - when you mouse over the arrow, the following displays: o
Source IP address
o
Source port
o
Destination IP address
o
Destination Port
• Application Type (when column is selected using the Customize Columns feature) The following conditions apply to the Bounce Chart view: • You can launch (per user) a maximum of eight Bounce Chart views and filter sessions combined. • Bounce Chart views must be launched from the Summary pane of the Protocol Decode view; you cannot launch a Bounce Chart view from a Protocol Decode while the decode is in process. If you click the Stop Decode the Bounce Chart feature is available.
button to stop a decode,
To launch a Bounce Chart, click a packet in the Summary Panel of the Protocol Decode view and click the Bounce Chart button. When a Bounce Chart opens, the view splits and the new view looks like the following image:
314
TROUBLESHOOTING ISSUES
Summary Panel Toolbar A toolbar is provided at the top of the Summary panel allowing you to perform the following operations, as shown in the image and described in the table below: Return to the Managed Entities (Data Mining or Trace Archive) screen Navigate to launched decode sessions. Stop Bounce Chart. This stops data mining and returns the results it has accumulated. Launch Quick Filter Direction of packet flow. You can choose left to right only (--->), right to left only (<---), or both directions (<--->) Customize Columns View Options Save As Click to access online help Close decode. This closes the Bounce Chart and returns you to the previous Protocol Decode view. Scroll Up one packet Scroll Down one packet Select the packet number you wish to view
315
nGeniusONE 5.4.1 Online Help Topics
Go to First packet Go to Last packet Go to Marked frame Exit the Bounce Chart Session and return to the Protocol Decode
316
TROUBLESHOOTING ISSUES
Printing (Export) a Trace File The Print to File (Export) feature allows you to export any or all of the Summary, Detail, and Hex panes from a data trace to a Comma Separated Value (.CSV) file for printing or other file operations. You can print all the packets in a trace or a range of packets. You can export data from a decode session performed in Data Mining or on files in the Trace Archive. Note: Some Enhanced Decode fields are not included when performing a trace file print (export) The Relative Time columns are not included when performing a trace file print (export)
To use the Print to File feature, do the following: 1. Enter a file name (in the text box next to File Name) for the export file. When the file is exported, it is placed in your browser Download folder. 2. Ensure that Comma Separated values (*.csv) is selected in the drop-down box next to File Type. This feature currently only supports export to CSV files.
317
nGeniusONE 5.4.1 Online Help Topics 3. In the Export What section, you can select to export any or all of the following by checking the box next to the name: Summary, Detail, Hex. 4. In the Packets section select whether you want to export All Frames or a range of frames (Frames Range). If you select a range of frames, you can enter a single packet number or a group of packets. To export a single packet, enter the packet number. To export a group of packets, enter the first packet number, a dash key (), and the last packet number. If you wish to export more than one single packet or range of packets, separate the values you enter with commas. 5. Click OK to export the packets or Cancel to quit this screen. 6. Depending on your browser, you may be prompted whether you want to save or print the file. 7. Look in your browser Download folder for the export (CSV) file.
318
TROUBLESHOOTING ISSUES
Quick Filter From the Summary panel of the Decode View, you can choose the Quick Filter menu option to run a Context, Connection, or Application Filter on your trace data. To use the Quick Filter: 1. Click a packet in the Summary View 2. Click the Quick Filter
button.
3. A dialog box opens with information relevant to the packet you selected; select the type of filter operation you wish to perform (Context, Connection, or Application)
Connection Filter
319
nGeniusONE 5.4.1 Online Help Topics
Application Filter
Context Filter 4. You can automatically run the filter as displayed or you can customize the filter further. See the Filter Constructor topic for more information on filter syntax. 5. Click Apply. The filter automatically runs and the filtered data is displayed.
320
TROUBLESHOOTING ISSUES
Using the Filter Constructor Creating and managing filters is an essential component of successful packet analysis. Filters help you isolate the information you need when you perform a protocol decode or view a trace file. Creating a filter allows you to define parameters that are represented in the filter as specific bit patterns. • When you apply a Data Mining (pre-capture) filter to a protocol decode, every packet detected on the selected interface is compared to the bit pattern defined by your filter. All packets that match the filter criteria are copied to the capture buffer. • When you apply a post-capture filter to a protocol decode, each packet in the file is compared to the filter to further define your focus. Note: If you use Advanced Terms in a filter, that filter is only supported as a postcapture filter. A message displaying This filter uses Advanced Terms. Advanced Terms are only supported in post-decode filters appears in the Status Bar when using Advanced Terms. Also, post-capture filter files do not appear in views where only Data Mining filters are supported.
Filter Builder Topic Sections The Filter Builder topic is broken into the following sections. Click the link to go to the appropriate section: • The Filter Constructor Dialog Box • Filter Management • Filter Operations • Filter Operators • Filter Terms • Basic Terms • Advanced Terms • Filter Syntax • Viewing Filtered Packets • Saving Filters
Filter Management You can create a filter as a Shared or Private filter. Shared filters are visible by all users of nGeniusONE. Any user can use, edit, rename, or delete shared filters. The Private filters are only available to the user who created them for use, modification, and deletion.
Filter Operations There are three basic filter operations: create, rename, and delete. The table below explains the procedure for each operation.
321
nGeniusONE 5.4.1 Online Help Topics
Operation
Procedure
Create
To create a new filter, click on Shared or Private (in the Filter List section) and click the New button. The Filter Builder automatically adds a filter_ (time in epoch). When you open the Filter Builder, there is a filter_ (which is blank) filter file in the Filter List you can use to create a new filter.
Edit
To edit a filter, click on the filter name in the Filter List. The syntax appears in the Expression area. You can edit directly from there.
Rename
To rename a filter, click on the filter in the Filter List and click Rename. Enter the new name in the dialog box that appears and click OK.
Delete
To delete a filter, click on the filter in the Filter List and click Delete. Click OK in the dialog box to confirm the filter delete.
Filter Operators Use the following operators to create your filter: Operators ()
Optional parentheses you can put around the expression. For example, (ip==10.2.3.4)
==
Equals
!=
Does not equal
&&
And
||
Or
!
Do not include packets that have the specified term - used as ! (filter term) Note: Only one filter term is supported with a NOT operator.
and
And
not
Do not include packets that have the specified term - used as not (filter term) Note: Only one filter term is supported with a NOT operator.
or
Or
Filter Terms There are two types of filter terms - Basic Terms and Advanced Terms.
322
TROUBLESHOOTING ISSUES Basic Terms – There are standard terms provided as part of packet analysis infrastructure without having to decode the packets. These terms offer quicker filter results. Basic Terms can be used in both pre- and post-capture filtering. Basic Terms - used for data mining or post-capture filtering application
Type of application (for example, application==FTP or application!=Telnet. The list of available applications corresponds to the list of active applications in nGeniusONE Global Settings)
eth
Ethernet (MAC) address (aa:bb:cc:dd:ee:ff format, for example eth==08:00:8c:01:02:03)
eth.src
Source Ethernet (MAC) address (aa:bb:cc:dd:ee:ff format, for example - eth.src==08:00:8c:01:02:03)
eth.dst
Destination Ethernet (MAC) address (aa:bb:cc:dd:ee:ff format, for example - eth.dst==08:00:8c:01:02:03)
ethernet
Ethernet address (MAC) information
ip
IP Address in octet form (for example - ip==192.168.200.12)
ip.src
Source IP Address in octet form (for example ip.src==192.168.200.12)
ip.dst
Destination IP Address in octet form (for example ip.dst==192.168.200.12)
ipv6
Internet Protocol version 6 information (for example ipv6==fda2:7043:e658:e556:0123:4567:89ab:cdef)
Advanced Terms – These are standard terms provided as part of packet analysis infrastructure and require packet decode. These terms are slower providing filter results. Advanced terms are restricted to post-capture filtering. Advanced Terms - used for post-capture filtering When entering terms, if you put a period (.) character after the term, a list may appear (if available for that term) with more specific terms to allow you to drill down further into the packet data. 802_1ad
IEEE 802.1 AD information
802_1ah
IEEE 802.1 AH information
802_1q
VLAN 802.1Q information
ansi_map
ANSI Map information
application
Application type - Free text (for example application==http)
bpdu
Bridge Protocol Data Unit information
browser
Browser information
323
nGeniusONE 5.4.1 Online Help Topics
cisco_vntag
Cisco Virtual Network tag information
cpim
Common Profile for Instant Messaging information
disl
Cisco Dynamic Inter-Switch Link information
dsmcc
Digital Storage Media Command and Control information
dssetup
Directory Services Setup information
eps_mm
Evolved Packet System Mobility Management information
eps_sm
Evolved Packet System Session Management information
eth
Ethernet (MAC Address) information
ethernet
Ethernet (MAC Address) information
eurex_emdi
Eurex Enhanced Market Date Interface information
fc
Fibre Channel information
fc_els
Fibre Channel Extended Link Service
fcoe
Fibre Channel over Ethernet information
fip
Fibre Channel over Ethernet (FCoE) Initiation Protocol
iccp_mms
Inter-Control Center Communications Protocol Multimedia Message Service information
ice_impact_m
ICE iMpact information
ima
Independent Management Architecture information
imsi
International Mobile Subscriber Identity
ip
Internet Protocol information
ipars
International Program Airline Reservation System information
ipv4
IP version 4 information
ipv6
Internet Protocol version 6 information
ise_mdi_fast
International Securities Exchange Market Data Interface FAST information
isl
Cisco Inter-Switch Link information
isup
ISDN User Part information
lcc ldap
Lightweight Directory Address Protocol information
llc
Link Layer Control information
lse-gtp
324
TROUBLESHOOTING ISSUES
lse_mitch m3ua
MTP Layer 3 User Adaptation Layer information
map
Mobile Information Part (MAP) information
matip
Mapping of Airline Traffic over Internet Protocol information
mime
Multi-Purpose Internet Mail Extensions information
mpls
Multi-Protocol Label Switching information
ms_oxcrpc
Microsoft Exchange Remote Procedure Call information
msisdn
Mobile Station Integrated Services Digital Network
ospf
Open Shortest Path First information
packet
Packet information
pattern[-]
You can search on the hexadecimal pattern in the Hex pane of the Protocol Decode view. For more information, see the Pattern Filter topic. Note: After the word pattern, enter the beginning and end data offsets (use decimal numbers for the byte numbers) in brackets (for example, pattern[2629]==0a0a000a).
plain_text port
Port Number (integer or range of integers between 1 - 65535; for example - port==1024, port==80-1024)
port.src
Source Port Number (integer or range of integers between 1 65535; for example - port.src==1024, port.src==80-1024)
port.dst
Destination Port Number (integer or range of integers between 1 65535; for example - port.dst==1024, port.dst==80-1024)
ppp
Point-to-Point Protocol information
ptc_c ptc_d rtpevent
RTP Event information
sctp
Stream Control Transmission Protocol information
sctp _data
SCTP data information
sender_compid Value used to identify firm sending packets sgsap
SGs intergace Application Part information
sip
Session Initiation Protocol information
sipfrag
SIP fragment information
325
nGeniusONE 5.4.1 Online Help Topics
sms_im
Short Messaging Service Instant Message information
ssl
Secure Socket Layer information
target_compid Value used to identify firm receiving packets tcp
TCP Information
tcp.port
TCP Port Number (integer or range of integers between 1 - 65535; for example - tcp.port==1024, tcp.port==80-1024)
tcp.src
TCP Source Port Number (integer or range of integers between 1 65535; for example - tcp.src==1024, tcp.src==80-1024)
tcp.dst
TCP Destination Port Number (integer or range of integers between 1 - 65535; for example - tcp.dst==1024, tcp.dst==801024)
text
Text in Detail or Summary panes. To search in the Summary pane use the text.summary=="text" convention. To search in the Detail pane use the text.detail=="text". Note: Enter the text to be searched in double quotes.
tls
Transport Layer Security information
tos
Type of Service (integer [decimal or hexadecimal]; for example tos==12, tos==12b)
udp
UDP Information
udp.port
UDP Port Number (integer or range of integers between 1 65535; for example - udp.port==1024, udp.port==80-1024)
udp.src
UDP Source Port Number (integer or range of integers between 1 65535; for example - udp.src==1024, udp.src==80-1024)
udp.dst
UDP Destination Port Number (integer or range of integers between 1 - 65535; for example - udp.dst==1024, udp.dst==801024)
url
Uniform Resource Locator (web site, for example url==www.netscout.com)
vlan
Virtual LAN information
xml
eXtensible Markup Language information
xre
XML User Interface Language (XUL) Runtime Environment information
Protocol-Specific Advanced Terms When entering terms, if you put a period (.) character after the term, a list may appear (if available for that term) with more specific terms to allow you to drill down further into the packet data.
326
TROUBLESHOOTING ISSUES
alp
Appliance Link Protocol information
amex
American Express credit card information
arp
Address Resolution Protocol information
bfd
Cisco Bidirectional Forwarding Detection information
bgp
Border Gateway Protocol (BGP) information
bittorrent
BitTorrent Protocol information
bssap
BSS Application Part information
bssap+
BSS Application Part Plus information
bssgp
BSSGP (Base Station System GPRS Protocol) information
cdp
Cisco Discovery Protocol information
cgp
Common Gateway Protocol information
citrix
Citrix protocol information
citrix_cgp
Citrix CGP information
citrix_ica
Citrix Independent Computing Architecture (ICA) information
dhcp
Dynamic Host Control Protocol information
dhcpv6
DHCP version 6 information
diameter
Diameter protocol information
discover
Discover credit card information
dns
Domain Name Service information
ftp
FTP (File Transfer Protocol) information
hsrp
Hot Standby Router Protocol information
hsrpv2
Hot Standby Router Protocol version 2 information
http
Hypertext Transmission Protocol information
ibm_mq
IBM Market Query information
genband
GENBAND information
gprs_gmm
General Packet Radio Services (GPRS) GPRS Mobility Management information
gprs_llc
General Packet Radio Services (GPRS) Logical Link Control information
gprs_sm
General Packet Radio Services (GPRS) Session Management information
327
nGeniusONE 5.4.1 Online Help Topics
gprs_sndcp
General Packet Radio Services (GPRS) Sub Network Dependence Convergence Protocol information
gsm_dtap
Global System for Mobile Communications Direct Transfer Application sub-Part information
gsm_rp
Global System for Mobile Communications Relay Protocol information
gsm_sms
Global System for Mobile Communications Short Messaging Service
gtp_prime
GTP (GPRS Tunneling Protocol) information
gtpc_v1
GTP version 1 information
gtpu
GTP version 1 information
gtpv2
GTP version 2 information
hsrp
Hot Standby Router Protocol information
hsrpv2
Hot Standby Router Protocol version 2 information
http
HTTP information
ibm_mq
IBM WebSphere MQ information
ica
Citrix Independent Computing Architecture (ICA) information
ica_sb
Citrix ICA Server Browser Flow information
icmp
ICMP (Internet Control Message Protocol) information
ldap
Lightweight Directory Address Protocol information
loop
Configuration Testing Protocol (Loop) information
maestro_debit Maestro pre-paid MasterCard information master_credit
MasterCard credit card information
mbcp
Media Burst Control Protocol information
mop_rc
Maintenance Operations Protocol Remote Console information
msrp
Message Session Relay Protocol information
mysql
My SQL protocol information
netb
Microsoft NetBIOS information
netflow
NetFlow datagram information
nsip
Network Services over IP information
ntp
Network Time Protocol information
oracle_sql
Oracle SQL information
328
TROUBLESHOOTING ISSUES
oracle_tns
Oracle Transparent Network Substrate information
pim
Protocol Independent Multi-Cast information
ranap
Radio Access Network Application Part protocol information
rtcp
RTP Control Protocol information
rtp
Real-Time Protocol information
rtsp
Real-Time Streaming Protocol information
s1ap
S1 Application Protocol (S1AP) information
sccp
Skinny Client Control Protocol information
sccp_ss7
SCCP Signaling System number 7 information
sdp
Session Description Protocol information
sip
Session Initiation Protocol information
smb
Server Message Block protocol information
smb2
SMB version 2 protocol information
smbmsp
SMB Mail Service Protocol information
smbtcp
SMB on TCP information
snap
Sub-Network Access Protocol information
snmp
Simple Network Management Protocol information
soap
Simple Object Access Protocol information
ssdp
Simple Service Directory Protocol information
ssh
Secure Shell (SSH) information
tcap
Transaction Capabilities Application Part information
tds
Tabular Data System Protocol information
telnet
Telnet protocol information
union_pay
UnionPay credit card processing information
vrrp
Virtual Router Redundancy Protocol information
wins
Windows Internet Naming Service information
xcap
XML Configuration Access Protocol information
xmpp
Extensible Messaging and Presence Protocol information
x2ap
X2 Application Protocol information
To build a filter, enter syntax using the following terms. When you finish entering terms, click Apply to run the filter (without saving) or Save to save the filter:
329
nGeniusONE 5.4.1 Online Help Topics Note: The Apply button is active only in post-capture filters.
The Filter Constructor Dialog Box When you click the Filter Constructor
button, the Filter Constructor dialog box appears.
When the Filter Constructor dialog box is opened, the Expression screen is blank and there are no filters selected. You can choose a variety of operations to perform: • Enter filter syntax • View filtered packets • Click on a filter to display its Filter Terms and/or apply the filter • Run a Quick Filter
330
TROUBLESHOOTING ISSUES
Filter Syntax
To enter filter syntax, type the terms, operators, and options in the Expression screen. The terms are described in the Filter Terms section. The Expression screen is red when there is incorrect syntax. The Expression screen turns green when correct syntax is entered. For example, you could enter the following in the Expression screen: (ip==10.2.3.4) and (port!=80) if you wanted to get packets that contain the IP address 10.2.3.4 and come on all ports except 80. For most applications listed in the table, you can enter only the application name in the Expression screen and click Save or the Apply button. This automatically saves/executes a filter that just searches for packets matching the selected application. To clear out the information in the Expression screen, click the Clear
button.
If you do not enter any value with a Filter Term and the Expression screen turns green, this means you can filter on packets that contain that particular field. When entering Filter Terms, if you close the Filter Constructor and reopen it before exiting the particular decode session, the information in the Expression Screen is saved for you. Filter Term Granularity When entering terms, if you put a period (.) character after the term, a list may appear (if available for that term) with more specific terms to allow you to drill down further into the packet data. Select the appropriate granulated term from the drop-down list to filter on a
331
nGeniusONE 5.4.1 Online Help Topics more specific attribute of a Filter Term. Some examples of the granulated terms contained in the drop-down boxes are in the following images:
332
TROUBLESHOOTING ISSUES
Viewing Filtered Packets After you build or load a capture filter, the packets that meet the filter conditions are displayed in a new Protocol Decode view. You can return to the previous decode session by clicking the Navigate to Launched Decode Sessions button . From the previous decode session, you can load or build a different filter to see other packet data from the original trace. Click the Filter Constructor button and build or load another filter. You can have up to eight filters or Bounce Chart sessions running concurrently. You can also create another filter from the packets that you filtered previously. Click the Filter Constructor button
and build or load another filter.
You can have up to eight filters running, whether they are separate filters or nested filters. Packets that were previously filtered display with different colored lines.
Saving Filters When you apply a filter, the filter terms automatically save into the Private folder with the name last_filter. When you create a filter and want to save it, click the Save in the save dialog box:
button and enter a name
333
nGeniusONE 5.4.1 Online Help Topics
Other ways to save filters are: • When you click the Add Filter
button in either the Shared or Private folder, add
your filter terms, and click the Save
button, the filter is saved with a system
generated name. You can click the Rename Filter name.
button and change the filter
• When you click the Add Filter button in either the Shared or Private folder, add your filter terms, the filter is given with a system generated name. You can click the Rename Filter
button, change the filter name, and click the Save
• Select the last_filter, click the Rename Filter name.
334
button.
button, and change the filter
TROUBLESHOOTING ISSUES
Using the Pattern Filter You can search on a particular byte pattern by doing the following: There are two ways to use the Pattern filter term. 1. This method involves using a predetermined pattern and knowing on which bytes you find that pattern. a. Determine the pattern and the byte offset on which you want to search. b.Launch the Filter Constructor. c. Enter the byte offset (in decimal) and the byte pattern (hexadecimal) to search (for example, pattern[26-29]==0a0a000a) in the Expression screen. d.Save or click Apply to filter on the desired pattern. 2. This method involves selecting a particular pattern from the Detail pane of the Decode window. a. Open a Decode window. b.From a packet that contains the pattern you wish to search, click the desired pattern in the Detail Pane.
c. Click Apply to start the filter operation.
335
nGeniusONE 5.4.1 Online Help Topics d.The filtered results display.
336
TROUBLESHOOTING ISSUES
Using Compare Mode in nGeniusONE The Decode display provides a Compare mode that lets you simultaneously view the Summary, Detail, and Hex panel decodes for two packets. The following procedure explains how to use Compare mode. 1. Start by selecting the first packet for comparison by clicking its entry in the Summary panel. This is the "anchor" packet – once you are in Compare mode, you can compare any other packet to it by selecting entries in the Summary panel. 2. Click the Compare button
at the top of the Decode display.
3. Select the second packet for comparison by clicking its entry in the other Summary panel (it appears on the right of the anchor packet Summary panel). The Summary, Detail, and Hex panels show the decodes for the two packets side-by-side with the anchor packet initially on the left. 4. You can change the second packet selected for comparison by clicking another packet in the Summary panel. 5. You can also change the Decode session on the right hand pane. See Comparing Packets from Two Different Decode Sessions for more information. 6. Change the anchor packet using either of the following methods: • Double-click the Summary panel of the packet to be used as the anchor. • Exit Compare mode, select a new packet as an anchor, and then reenter Compare mode.
337
nGeniusONE 5.4.1 Online Help Topics
Summary Panel Toolbar A toolbar is provided at the top of the each pane allowing you to perform the following operations, as shown in the image and described in the table below: Return to the Managed Entities (Data Mining or Trace Archive) screen Navigate to launched decode sessions. Customize Columns Scroll Up one packet Scroll Down one packet Select the packet number you wish to view Go to First packet Go to Last packet Expand or collapse window panel Expand or Collapse all layers in Summary window Click to exit the Compare Decode window (right hand pane only)
Comparing Packets from Two Different Decode Sessions You can change the decode session on the right hand pane by clicking the Navigate to Launched Decode Sessions Decode sessions.
338
button. A dialog box opens that displays all of the open
TROUBLESHOOTING ISSUES From this dialog box, you can perform one of the following tasks: • Change the Decode session by clicking on another session in the list • Close a Decode session by clicking the x button After you select another Decode session, it opens on the right hand pane. Packets that were filtered in other Decode sessions display with different colored highlights around the packet.
339
nGeniusONE 5.4.1 Online Help Topics
Customizing Packet Analysis User Settings You can adjust user settings using this dialog box. This allows you to customize the Decode view.
Colorize Filtered Packets - When you apply a filter, the filtered packets display with a different color. Time Format - Use the radio button to display time in 12- or 24-hour format (for example, 05:26:00 PM [12-hour] or 17:26:00 [24-hour]) Default Save On - When running a trace file export, you can set the default device to display in the drop-down box (nGeniusONE, InfiniStream, Desktop)
340
TROUBLESHOOTING ISSUES
Quick View The View Options allow you to set the following: • Time - you can set the granularity of packet data to seconds, milliseconds, microseconds, or nanoseconds. • All Layers/Top Layers - you can select to view all layers or just the top layer in the Summary View pane. • Resolved/UnResolved - you can select whether to display the resolved name or unresolved MAC and IP addresses in the Source and Destination columns of the decode summary pane. This function supports both the inner and outer IP addresses of tunneled packets. • Tunneled IP - you can select whether to display the inner or outer IP address of a tunneled packet in the Summary pane. By default, the outer IP address is displayed. • Column Display Option - you can select whether to view all the columns you selected to display in the window (each column compresses to fit) or view as full size columns where you scroll across the window to view columns that run out of the window. • Set/Reset Relative Mark - you can select a particular packet in a data trace as a baseline for timing packets (by default, the Relative Mark is set for the first packet). The Relative Time column calculates the time difference (up to the nanosecond) from the marked packet. Packets above the marked packet display negative numbers and packets below the marked packet display positive numbers. Note: When launching an Enhanced Decode, the Relative Mark feature is automatically set to the first packet.
341
nGeniusONE 5.4.1 Online Help Topics
342
TROUBLESHOOTING ISSUES
Navigate to Launched Decode Sessions You can change the decode session on the right hand pane by clicking the Navigate to Launched Decode Sessions Decode sessions.
button. A dialog box opens that displays all of the open
This dialog box displays all of the active decode sessions. Filtered decodes are located under the original Packet Decode and have a Filter-x (x being a number) designation. Enhanced Decodes have an (E) designation after the session name. From this dialog box, you can perform one of the following tasks: • Change the Decode session by double-clicking on another session in the list • Rename a Decode session by clicking the rename icon in the dialog box that appears • Close a Decode session by clicking the • Stop a session mining by clicking the
and changing the name
button button
• When examining a filtered session, click the For example:
button to see the filter information.
343
nGeniusONE 5.4.1 Online Help Topics
Additional Topics Enhanced Bounce Chart Bounce Chart views display the flow of packets exchanged in the stream to which a selected packet belongs. With an nGenius InfiniStream, Enhanced Bounce Chart views are also available. Enhanced Bounce Charts display timestamps in packets exchanged between a pair of hosts through multiple network segments. As packets hop across the network, many factors can delay these packets. Enhanced Bounce Charts help you find where these delays occur. nGeniusONE supports bounce charts with up to seven hops for TCP or UDP streams. On an InfiniStream (or multiple InfiniStream systems), you can launch an Enhanced Bounce Chart view on up to seven physical interfaces. While Bounce Charts are available for TCP-, UDP-, or SCTP-based applications, Enhanced Bounce Charts are supported for TCP- or UDP-based applications only. You can run up to eight Bounce Chart or filter sessions concurrently. To launch an Enhanced Bounce Chart view: 1. From the Packet Analysis -> Data Mining view, select up to seven InfiniStream physical interfaces on which you wish to perform the Enhanced Bounce Chart. To select additional interfaces, press the key and click on all interfaces you wish to have in the Enhanced Bounce Chart. Note: this version of nGeniusONE only supports the Enhanced Bounce Chart on interfaces that reside on a single InfiniStream. 2. Select the Start and End date/time. 3. (Optional) Select a Data Filter from the drop-down list. 4. Click Submit to start the Protocol Decode. 5. From the Protocol Decode view, select a packet on which you want to see the Enhanced Bounce Chart. 6. Click the Bounce Chart button. The Enhanced Bounce Chart displays. You can see the Latency Time, direction of the packet, and on which interface the packet was captured.
344
TROUBLESHOOTING ISSUES
Summary Panel Toolbar A toolbar is provided at the top of the Summary panel allowing you to perform the following operations, as shown in the image and described in the table below: Return to the Managed Entities (Data Mining or Trace Archive) screen Navigate to launched decode sessions. Customize Columns View Options Launch Quick Filter Direction of packet flow. You can choose left to right only (--->), right to left only (<---), or both directions (<--->) Stop Bounce Chart. This stops data mining and returns the results it has accumulated.
345
nGeniusONE 5.4.1 Online Help Topics
Go Up/Down by one packet Select the packet number you wish to view
Go to First/Last packet Go to Marked frame Exit the Bounce Chart Session and return to the Protocol Decode
Quick Filter From the Summary panel of the Decode View, you can choose the Quick Filter menu option to run a Context, Connection, or Application Filter on your trace data. To use the Quick Filter: 1. Click a packet in the Summary View 2. Click the Quick Filter
button.
3. A dialog box opens with information relevant to the packet you selected; select the type of filter operation you wish to perform (Context, Connection, or Application)
346
TROUBLESHOOTING ISSUES
Connection Filter
Application Filter
347
nGeniusONE 5.4.1 Online Help Topics
Context Filter 4. You can automatically run the filter as displayed or you can customize the filter further. See the Filter Constructor topic for more information on filter syntax. 5. Click Apply. The filter automatically runs and the filtered data is displayed.
Using the Pattern Filter You can search on a particular byte pattern by doing the following: There are two ways to use the Pattern filter term. 1. This method involves using a predetermined pattern and knowing on which bytes you find that pattern. a. Determine the pattern and the byte offset on which you want to search. b.Launch the Filter Constructor. c. Enter the byte offset (in decimal) and the byte pattern (hexadecimal) to search (for example, pattern[26-29]==0a0a000a) in the Expression screen. d.Save or click Apply to filter on the desired pattern. 2. This method involves selecting a particular pattern from the Detail pane of the Decode window. a. Open a Decode window.
348
TROUBLESHOOTING ISSUES b.From a packet that contains the pattern you wish to search, click the desired pattern in the Detail Pane.
c. Click Apply to start the filter operation. d.The filtered results display.
Show Graph View The Show Graph View provides an additional level of visibility into TCP packets by graphically displaying additional TCP information derived from the packets contained in the Enhanced Decode. To launch the TCP Graph: 1. From the Enhanced Decode view, click the Show Graph View
button.
2. The TCP Graph displays in the Summary pane of the Enhanced Decode view. The left-hand Y axis displays the TCP Window size in bytes. The right-hand Y axis
349
nGeniusONE 5.4.1 Online Help Topics
displays the TCP Bytes in Flight value in bytes. You can toggle the X axis to display packet times or packet numbers. Any additional TCP information derived by Packet Analysis is displayed in the TCP Graph.
3. You can click the available fields in the view to show or hide them. 4. You can also click the Toggle X axis packet number.
TCP Graph Displayed over Time
350
to display the TCP Graph by time or by
TROUBLESHOOTING ISSUES TCP Graph Displayed by Packet 5. To return to the standard Summary view (exit the TCP Graph), click the Show Table View
button.
Quick View The View Options allow you to set the following: • Time - you can set the granularity of packet data to seconds, milliseconds, microseconds, or nanoseconds. • All Layers/Top Layers - you can select to view all layers or just the top layer in the Summary View pane. • Resolved/UnResolved - you can select whether to display the resolved name or unresolved MAC and IP addresses in the Source and Destination columns of the decode summary pane. This function supports both the inner and outer IP addresses of tunneled packets. • Tunneled IP - you can select whether to display the inner or outer IP address of a tunneled packet in the Summary pane. By default, the outer IP address is displayed. • Column Display Option - you can select whether to view all the columns you selected to display in the window (each column compresses to fit) or view as full size columns where you scroll across the window to view columns that run out of the window. • Set/Reset Relative Mark - you can select a particular packet in a data trace as a baseline for timing packets (by default, the Relative Mark is set for the first packet). The Relative Time column calculates the time difference (up to the nanosecond) from the marked packet. Packets above the marked packet display negative numbers and packets below the marked packet display positive numbers. Note: When launching an Enhanced Decode, the Relative Mark feature is automatically set to the first packet.
351
nGeniusONE 5.4.1 Online Help Topics
352
TROUBLESHOOTING ISSUES
ISOLATING UC ISSUES Introduction to UC Server The nGenius Unified Communications Server (UC Server) solution is used to troubleshoot issues with audio and video streams and associated signaling for Voice or Video over IP. This licensed product is integrated with the nGeniusONE Server. These topics provide usage information for the UC Server views, along with basic configuration requirements. The following sections provide a brief introduction to key concepts pertaining to this product. • UC Enabled Views • Deployment Overview • Example Workflows
353
nGeniusONE 5.4.1 Online Help Topics
UC Enabled Views and Features When an nGeniusONE Server is licensed for UC Server features, the following views and updates are available from the nGeniusONE Server: • UC Server Views: Access to these analysis views is done either through the Call Search application, available from the nGeniusONE dock, or by drilldown from the Media Monitor, available from the nGeniusONE Service Monitor dock icon. The views are: o Conversation View: available as a drilldown from Call Search or Media Monitor o Streams View: available as a drilldown from Media Monitor or from Conversation View. o Single Call View: available as a drilldown from Call Search or from Streams View • Media Monitor: This Service Monitor provides additional metrics and drilldowns to and from UC Server features. When a license is configured on the nGeniusONE server, this monitor replaces the default RTP Monitor from the Service Monitor dock icon or from drilldowns in the Unified Communications Dashboard and Discover My Network module available from the nGeniusONE Console (RTP Monitor is still available from within the Universal Monitor). • Call Server Monitor integration: The UC Server Call Search application includes an icon to open Call Server Monitor with the selected context, and an icon to open a Call Server Session analysis tab in the Call Search application. Drilldown from Call Server Monitor to UC Server views is not supported. Related Features In addition to the analysis tools above, a UC Server license enables UC-specific features in the following nGeniusONE modules: • Dashboard / Spaces / Spaces Configuration - UC views / UC Dashboard available • Service Monitors - drilldowns are enabled from UC features to certain monitors • Global Settings - additional configuration options and metrics are visible in the Voice/Video tab • Service Configuration - Media is available as a monitor type; additional service templates and alarm profile options are available • Reporting - additional metrics are available. • Server Management - Use this module to enable/disable user privileges related to UC analysis.
354
TROUBLESHOOTING ISSUES
Deployment Overview: UC Server A UC Server deployment is an assessment and analysis architecture that gathers data on voice and video quality from multiple strategic instrumentation points along the call path, from endpoints and optionally call data from Lync Servers and Cisco Call Managers (when a UC Lync Collector is integrated to the deployment). Whether the service is voice or video, desktop or dedicated room, soft client or fixed phone, common analysis algorithms enable data assessments that are derived from RTP packet headers and payloads and signaling traffic. At the head of this architecture is the UC Server-enabled nGeniusONE Server, which collects data from dedicated, passive InfiniStream appliances, or from dedicated UC Lync Collectors that aggregate relevant third-party data. The UC Server specifically analyzes ASRs mined directly from data sources and correlates these with conversation data and with UC-KPI data collected by the nGeniusONE Server from InfiniStream appliances. UC Server features are available on nGeniusONE server deployments. The UC Server software is automatically installed with nGeniusONE Server software, although the features are enabled by a license. The UC Server runs in an independent web server process but is accessed like any other nGeniusONE application, through the nGeniusONE console. For details on setting up server configurations, refer to the nGeniusONE online help and nGeniusONE Administrator Guide. Data Sources The UC Server features are based on UC-KPI, UC conversation and ASR data collected from InfiniStream appliances configured to monitor RTP, SIP /SIP_SCTP / SIP_TCP, SCCP, and Q931/H323 traffic. To support analysis of Microsoft Lync and Cisco CDR records, add a UC Lync Collector to the deployment. InfiniStream Appliances Properly configured InfiniStream appliances enable analysis of voice and video media and signaling in nGeniusONE RTP Monitor, by default. This analysis is provided by the UC-KPI tables and ASR tables. Enabling the UC Conversation table on an InfiniStream appliance enables it to supply additional, required information to support certain UC Server views. InfiniStream appliances must be running v5.3 Patch, or later. UC Lync Collector Analysis of Microsoft Lync audio and video records and Cisco CDR data is available when integrated with a UC Lync Collector to collect and convert records to ASI format. The UC Lync Collector is added as an InfiniStream appliance using the nGeniusONE Server’s Device Configuration utility, although the records are only utilized by certain UC Server views (Conversation data are not available from UC Lync Collectors). Note that this collector is not related to nGenius Voice | Video Manager Data Collectors or nGenius 3300 Collectors and that the nGenius Voice | Video Manager Data Collectors and nGenius Voice | Video Engines do not interoperate with UC Server. Note: The UC Lync Collector is specifically intended to monitor audio and video records. Other record types managed by Microsoft Lync Server are not applicable.
355
nGeniusONE 5.4.1 Online Help Topics Servers This section provides an explanation of server details that are mentioned in the UC Server online help. UC Server The UC Server features are supported by a process that independently collects, computes, and correlates certain metrics and generates views. It performs separate database and mining activities from those for standard nGeniusONE applications. nGeniusONE Server Users access UC Server views using the nGeniusONE Console. The nGeniusONE Server is also used to manage devices and configure the applications, thresholds and profiles for use by the data sources. These are set using the nGeniusONE Device Configuration interface and Global Settings. Following are the nGeniusONE modules that enable or provide access to UC Server functionality: • nGeniusONE Console: Call Search is launched directly from the nGeniusONE Console; Media Monitor is launched from the Service Monitor collection • Service Dashboard: A Unified Communication tab provides drilldown to Media Monitor • Discover My Network: From the Media view in this module, an option is available to launch either RTP Monitor or Media Monitor • Global Settings: The Voice/Video tab includes additional sub-tabs for customizing Thresholds, Device Profiles, and Endpoint profiles. Settings in this tab only apply to UC views • Server Management: Configure user roles and privileges for access to certain features • Device Configuration: Add UC Lync Collector to the nGeniusONE Server • Service Configuration: Media is available as a monitor type; additional service templates and alarm profile options are available • Alarms: The alarms generated for configured alert profiles allow triggers to be created for the following metrics: Problematic MOS % Problematic Jitter % Problematic Packet Loss % Average Active Streams Problematic Out-of-sequence (%) Percentage of Streams with DTMF • Reporting: Services created for use in UC Server views can be used as templates to create scheduled reports • Spaces / Spaces Configuration: UC views are available when configured in the Spaces Configuration tool nGenius Voice | Video Manager Server Existing nGenius Voice | Video Manager deployments integrated with an nGeniusONE Server can be converted to a UC Server deployment. The existing nGenius Voice | Video Manager license can be applied toward a UC Server license. Deployments without an nGeniusONE Server do not require purchase of a new UC Server license, but do require
356
TROUBLESHOOTING ISSUES addition of an nGeniusONE Server. Customers with these configurations who wish to upgrade their deployment should contact support for guidance. Note that InfiniStream appliances configured for integration with nGenius Voice | Video Manager will continue to derive Payload Processing Profile and Endpoint (Device) profiles from that server. The profile configurations set in the nGeniusONE Server’s Global Settings> Voice / Video tab are not used by InfiniStream appliances configured to support nGenius Voice | Video Manager. However, those appliances can still be enabled to collect and route UC Server data to the nGeniusONE server.
357
nGeniusONE 5.4.1 Online Help Topics
Example Workflows Following are examples of how UC Server views can be used for analysis and troubleshooting: • User Complaints: A user has complained about a quality issue experienced on a recent call or about a recent failed call. • UC Dashboard Alarm: An alarm has been raised indicating there is a problem. User Complaints A user complains about a problem he or she has experienced. Such complaints will typically be raised via the IT helpdesk (Tier 1 support). The helpdesk function may perform an initial investigation, or may pass the ticket to a secondary IT team. The complaint may be for a failed call (such as number unobtainable) that will have no media streams. Context information provided by user: • User’s phone number or username (or possibly extension) • Remote phone number/username (optional) • Time and date for the issue experienced (the time window related to a specific user complaint is usually fairly well defined; searches are limited to one hour). Context information provided by operator: • Service Definition(s) to use for the workflow. This is typically configured during the system setup, but the operator will need to know which one applies (if there multiple definitions, say, for assorted regional areas) Procedure 1. Access the Call Search application from the nGeniusONE console and enter the user information and time window to launch detailed views. 2. A list of matching calls is displayed, including a ‘media call-health’ indicator for each call (where available) to highlight which calls are problematic and enable selection of the relevant call or calls. The view also shows the media health of the two communities (Calling Party and Called Party) involved in each call. Note: Failed calls are also shown, without media health, but the error (status) code indicates an issue. 3. If the relevant call is not shown or more records are needed, the previous hour of calls can be retrieved by clicking the button at the bottom of the table, up-to a time limit of 12 hours or the maximum number of calls. 4. If needed, identify problem calls by sorting the columns. The value of certain columns, such as health, is generated dynamically and therefore not keyed for sorting. 5. When a specific call row is of interest, select the row and launch the Conversation view to see the conversations between communities that are causing issues, or launch the Single Call View can be launched to display all related streams and a network view diagram with all monitoring points shown.
358
TROUBLESHOOTING ISSUES UC Dashboard Alarm If an alert profile has been configured for a UC service, triggers manifest in the Unified Communications Dashboard of the nGeniusONE Console. This alarm contains context information used for drilldown to UC views. Context information provided by Dashboard: • Monitored element (InfiniStream/interface) • Metrics used to generate the alarm • Alarm type (application/metric) • Time and date • Service Definition Procedure 1. Drilldown from UC Dashboard to the Media Monitor, which provides more detail on the problem, including which community is manifesting an issue. 2. From within Media Monitor, select the problematic row, then: • Launch a UC Conversation Summary tab. This highlights approximate traffic flows, summarizes metrics for the call, and provides additional drilldown options including a Results Assistant. • Launch a Streams View tab 3. Filter and sort the result set to show only problem streams (e.g., MOS < 2.5) and try to identify patterns. 4. Select a single problem stream and construct a network view to help locate the source of the issue.
359
nGeniusONE 5.4.1 Online Help Topics
Getting Started
Overvew This section provides brief instructions for configurations required to supply data to the UC Server views and how to access the views. For details working with appliances, refer to administrator guides for those systems. For details working with nGeniusONE Device Management/Global Settings, refer to nGeniusONE online help. • Data Source Configuration • Server Configuration • Accessing UC Server Features • Navigation • General Usage
360
TROUBLESHOOTING ISSUES
UC Data Source Configuration Two sources supply data for UC Server views, InfiniStream appliances, and UC Lync Collectors. Following are key configuration changes to make to support the UC Server features: InfiniStream Appliances Note: InfiniStream appliances must be running v5.3 Patch, or later. For detailed instructions setting up an InfiniStream appliance, refer to the nGenius InfiniStream Administrator Guide. Access the Agent Utility from the appliance command line and set the following: • Ensure the Config Server Address is that of the nGeniusONE Server associated with the UC Server configuration. • Access the Protocol Options menu and set Voice and Video Quality to on. This enables collection of UC-KPI metrics for use in RTP Monitor, Media Monitor, and all UC Server views. • Access the Select Interface menu and, for each interface on which you are monitoring UC traffic • Ensure Toggle enable xDR is on. This option is required for Call Search, Session Analysis drilldowns, and for the Streams view in Media Monitor and Single Call view drilldown. • For each interface monitoring UC traffic, ensure Change interface type is set to Enterprise. For Service Provider deployments, review specific considerations for your configuration type. • If the traffic is tunneled, also set Tunnel Parsing on. • Although any virtual types valid for RTP analysis can be used, the following vifn_modes are applicable for use with Media Monitor. It is important to note that UC Server views are peer-to-peer based and therefore virtual keys pertaining to client-server are not relevant. Only certain keys associated with these virtual types are applicable for drilldown workflows to other UC views. • • • • •
vlan qos site vlan-qos site-qos
• Access the utility command line and set the following to enable collection and tracking of UC conversations and advanced data contained in RTP ASRs such as Echo Delay, CQ and LQ MOS: set asi uc_conv on set vq supplement_asr_data on • If payload assessment is desired, also configure the following from the command line: set vq payload on
361
nGeniusONE 5.4.1 Online Help Topics Note that payload processing is a computationally intensive activity. If processing resources are limited, use the Global Settings>Voice/Video tab on the nGeniusONE Server to tune payload processing priorities. • If grouping by geography or area code/prefix is desired, set the command community_type to geo_ip, or to phone_num (additional steps are required). • If applicable to your environment, for use of other nGeniusONE modules, you can enable a-cdm outer_ip to on to use outer IP Addresses in tunneled packets, rather than inner IP addresses. Note that this is not required for UC session data. For example, UC Streams View and Single Call Viewalways show both inner and outer IP addresses. • Note that when Community Health is unavailable, drilldowns to Conversation/Streams Views from Call Search are not available. After above configurations, reset the agent. For detailed instructions on the above, refer to the Agent Administrator Guide. UC Lync Collector This optional appliance can be configured to route MS Lync audio and video records and/or Cisco CDR data to the nGeniusONE server, for display in UC Server views. Note: Details for setup of the UC Lync Collector are provided in the UC Lync Collector Administrator Guide. Subsequent to the UC Lync Collector being installed and networked, ensure the following: • From the UC Lync Collector, ensure the system is configured to point to the nGeniusONE Server that is licensed as a UC Server. Refer to the UC Lync Collector Administrator Guide for details. • Configure the MS Lync and/or Cisco CDR data sources to route to the UC Lync Collector. • From the nGeniusONE Server, access the Device Configuration utility and add the UC Lync Collector to the nGeniusONE Server. Set the Type to nGenius InfiniStream and be sure to provide a Name that indicates the unit is a UC Lync Collector. Note: nGenius Voice | Video Engines and nGenius Voice | Video Data Collectors are not supported for integration with UC Server.
362
TROUBLESHOOTING ISSUES
Configuring nGeniusONE for UC Server Refer to the following as a brief guide to required configurations to support UC Server features. Configurations for this product are managed on the nGeniusONE Server. UC Server The UC Server features are enabled by a license either directly on the nGeniusONE Server or nGeniusONE Standby Server. In any of these cases, no additional software installation or configuration is required to enable the UC features. Note: Before you can use UC Server features, you must enable the license for it. To convert an existing nGenius Voice | Video Manager Server license to a UC Server license, contact your NetScout representative for guidance. User Management The UC Server views support the following privileges set using nGeniusONE Server Management > Users > Roles: • UC Call Search Launch: Display Call Search icon in nGeniusONE Console if user has this privilege. If the user manages to launch the UC Call Search directly (e.g. via the URL) a dialog box with an error message is displayed after the user clicks Launch from the Call Search Home tab. • UC Media Streams: Drilldown to Streams Views and Single Call Views are available when the user has this privilege. • Session Analysis Drilldown: This privilege allows drilldown from UC Views to Call Server Session Analysis. • Packet Analysis - General Access: Enables drilldown to decodes from Single Call View and Streams View. • View User Identity: If the user does not have this privilege, the left four characters of certain user identity fields are masked using an "x" character. Note: The View User Identity privilege is used to toggle display of the identity elements and associated user plane transactions (IMSI IDs, MSISDN IDs, IMEI addresses, NAI usernames, URIs and URLs, and email addresses) in several applications, including the UC Server views. This privilege does not affect the identity values in Packet Decodes. For environments that require it, administrators should also disable the Packet Analysis-General privilege. To configure visibility based on user role: 1. As an Administrative user, access nGeniusONE Server Management > Users. 2. Select the Roles tab. 3. From the left pane, select the role associated with the user group you would like to mask or unmask the identities. If desired, create and select a new user role. 4. With the desired role selected on the left, then, from the right pane, scroll to the privilege (for example: View User Identity). 5. To hide the IDs for the user role, uncheck the associated check box. To enable the IDs to be viewed by that role, check the associated box. 6. Click Save.
363
nGeniusONE 5.4.1 Online Help Topics 7. Users must refresh their login for the changed user roles to take effect. Device Configuration Access the Device Configuration utility and ensure that InfiniStream appliances and UC Lync Collectors are known to the nGeniusONE Server. If not, add them using this utility, selecting the nGenius InfiniStream as the Device Type for both cases. Use the Name field to provide a label to help you differentiate InfiniStream appliances from the InfiniStreambased UC Lync Collectors. Note that these appliances must be running v5.3 or later for compatibility with UC Server features. Global Settings The nGeniusONE Server is used to configure consistent application/protocol options for all data sources in the deployment. Details for working with the tabs below are provided in the nGeniusONE online help. Use the following as a guide, adjusting for your traffic types: • Business Types tab The UC Server features and associated protocols are accessible by default with the Enterprise business type. If some voice protocols do not appear to be available in Global Settings, try also enabling the Service Provider business type. • Applications tab > Multimedia list Ensure the following applications / protocols are enabled, as applicable for your traffic: o Media analysis: For all environments, enable response time for RTP, Audio, Video; ensure ASRs are enabled for RTP. Optionally, enable MSB and MPEG2-TS. These are displayed in Conversation View and supported for pass through context to UC Streams View. o Signaling analysis: SIP / SIP_SCTP / SIP_TCP, SCCP, Q931/H323. For SIP configurations, all three SIP types (SIP, SIP_SCTP, SIP_TCP) should be configured to ensure consistent results for this application when launching Call Server Monitor from Call Search or Call Server Session Analysis tab in Call Search. • Enterprise tab The UC Server applications leverage the Client and Server Communities and VIP List tabs. • Voice/Video tab This tab contains sub-tabs to customize Thresholds, Endpoint Profiles, and Processing profiles. Note that Gap metrics are disabled by default by setting Threshold values to 0; values must be entered for Gap results to appear in the UC Views. In cases where an environment has been migrated from an nGenius Voice | Video Manager deployment, these configurations replace customizations previously done manually on the InfiniStream appliance and on the nGenius Voice | Video Manager Server. Service Configuration The UC Server Call Search application requires an Application Service definition be created; there are none created by default since each environment is unique. The Call Search application recognizes definitions with at least one signaling protocol; it is also
364
TROUBLESHOOTING ISSUES recommended to include RTP and at least one of Audio or Video. Details for using the Service Configuration tool are provided in the nGeniusONE online help; use the following as a guide for creating UC-specific services: Monitor type: For the "Monitor" selection, optimally choose Media, although Call Server and RTP are supported. Advanced Voice Statistics is also supported, however note that use of this service type will yield signaling results only; no media, unless media protocols are added to the service definition (allowed, although media protocols are not used in Advanced Voice Statistics monitor). Location Key orientation preference: This setting is not applicable for peer-to-peer applications. Alert profiles: Optionally create an alert profile to associate with this service, and set the triggers for alarms to support notification/drilldown from the Unified Communications Dashboard of the nGeniusONE Console. Service Members: Select the option to Add Service Members, and then add the mix of protocols that are applicable for your environment. Without this step, the Service Name list is empty in Call Search, although Media Monitor does support selection by Monitor Name and a named Monitored Element. • Required: RTP and one or both of Audio, Video; Optional: MSB, MPEG2-TS • Signaling (at least one required): SIP, SIP_TCP, SCCP, Q931/H323; note that SIP_SCTP and H.245 can be included in a service definition, but these protocols are not used in Call Search. They are passed through when drilling down to Call Server Monitor. For SIP analysis, select both SIP and SIP_TCP. Signaling is not required for use of Media Monitor but is for other UC views and end-to-end workflows. Note: • To use the Media Monitor, no additional configuration is required. When the nGeniusONE Server is enabled with a UC Server license, the Media Monitor is automatically enabled. By default, the RTP Monitor is then accessible only from the Universal Monitor. • Service Definitions can include location keys, however these are not used within Call Search itself. Keys are applicable upon drilldown from Media Monitor. For definitions including location keys, be aware that keys which are applicable in Service Monitors, including Media Monitor, may not be applicable to Call Search and other UC Server views. Relevant keys to use are QoS, Codec ID and VLAN. For example, RAT Type is not applicable to Streams view, and Site is not applicable for drilldown (as from Media Monitor) so the context of the Site key is not forwarded through drilldown workflows. • Note that in cases where the monitoring appliance is configured with vifn_mode set to site, the service definitions intended for use with that appliance and RTP Monitor or Media Monitor must have the "Orientation preference for Location Keys" set to Client.
365
nGeniusONE 5.4.1 Online Help Topics
UC for Service Providers Configuration This topic augments the UC Server configuration topics for Data Sources and the nGeniusONE Server. Service Provider deployments are supported with a variety of configuration options, particularly on data sources, whereas Enterprise deployments have a single interface type and a smaller set of applicable virtual interface modes. For UC Server views, there are particular configuration options applicable for monitoring RTP/SIP over GTP-U tunnels in Service Provider environments. Use this topic as a guide for the configuration options to consider. Data Source Considerations Review the following configuration options to understands how your InfiniStream appliance configurations may affect output in UC Server views. Interface Types: The following interface types are applicable for Service Provider use of UC Server views, use the corresponding set mobile_params command to configure your appliance: • S5/S8-GTPv2 or Gn • S11 (for S1 user plane traffic) • SGi or Gi (for Mg or Mw links, with RTP traffic) • IMS-Access (for deployments monitoring Mb (media) links) • IMS-Auxiliary (for deployments monitoring Mb (media) links) For reference, the following table depicts the expected traffic when a data source is configured with the indicated IMS Interface type. Interface Target Network Node Type Setting
IMS Links
Protocol
IMS-Access* P-CSCF, MGW
Gm, Rx, Rf, Mb*
SIP, Diameter (Rx)
IMSAuxiliary*
MRF-C, MRF-P
Mr, Mp, Mb*, Rf
SIP
BGCF, MGCF
Mi, Mj, Mk, Rf
IBCF, TrGW
Mm, Ix, Ici, Izi*, Rf
ATCF
Mw, Mx, Iq
I-CSCF, S-CSCF
Mw, Mx, I2, Cx, Rf
MGCF
Mg, Mn
HSS/HLR
S6a, MAP, CAP
IMS-Core
IMS-Services AS
ISC, Ma, Sh, MAP, CAP, Rf
SIP
SIP, Diameter (Sh), MAP, CAP
*Media Interface UC Server views are predicated on RTP analysis, which is not applicable when the data source is configured with the following Interface Types: • Gb
366
TROUBLESHOOTING ISSUES • IMS-Core • IMS-Services • • • • • • • • • • •
Iu-PS P-H Pi MSS RNC R-P S1 S102 S2a/PMIPv6 S2b_GTPv2 SGs
vifn_modes: Although any virtual types valid for RTP analysis can be used, it is important to note that UC Server views are peer-to-peer based and therefore virtual keys pertaining to clientserver are not relevant. The following vifn_modes are applicable for use with Media Monitor, note however that certain keys (see service definitions, below) associated with these virtual types are not applicable to drilldown workflows to other UC views. • • • • •
vlan qos site vlan-qos site-qos
nGeniusONE Server Considerations Service Definitions are required for Call Search and are often used to create custom monitor views. For definitions including location keys, be aware that keys which are applicable in Service Monitors, including Media Monitor, may not be applicable to Call Search and other UC Server views. Relevant keys to use are QoS, Codec ID and VLAN. For example, RAT Type is not applicable to Streams view, and Site is not applicable for drilldown (as from Media Monitor) so the context of the Site key is not forwarded through drilldown workflows.
367
nGeniusONE 5.4.1 Online Help Topics
Accessing UC Server Features UC Server features can be accessed from the nGeniusONE Console. From there, the following launch points are available after the configurations and licensing are complete: • Drilldown to Media Monitor from the Unified Communications Dashboard of the nGeniusONE Console • Launch Call Search directly from the nGeniusONE Console. If this icon is not visible, ensure that the nGeniusONE Server was restarted after installation of the UC Server license and verify user privileges. • Launch Media Monitor from the Service Monitors icon; this monitor replaces RTP Monitor in the Service Monitors icon collection when the UC Server license is installed. (RTP Monitor is still available within the Universal Monitor module.) Note that supported minimum browser versions are: • Microsoft Internet Explorer v9 • Firefox v18 • Chrome v24
368
TROUBLESHOOTING ISSUES
UC Launch Points Certain UC Server views can be launched from the Media Monitor. The Call Search application can launch the same views as well as a Call Server Session Analysis tab, the Call Server Monitor, and the Media Monitor. This section describes the launch points for the assorted views when an nGeniusONE Server is enabled with the UC Server license. Note: When the data for a selected row are provided from the UC Lync Collector, drilldown is disabled for features that are not applicable, such as Conversation View. Here are the launch points and navigational workflows: • From nGeniusONE Console launch Call Search application: The following features are accessed using icons on the Call Search toolbar and displayed as tabs within the Call Search application, except where noted. o
Launch Conversation View tab Display Conversation Results Assistant Launch Streams View tab
o
Launch Single Call View tab
Launch Packet Decode tab
Display Streams View Results Assistant
Launch Single Call View tab Launch Packet Decode tab Display Single Call Results Assistant
o Launch Session Analysis tab (Call Server Monitor Session Analysis displayed in Call Search application) o Launch Call Server Monitor separate application tab)
(Contextual drilldown opens as a
o Launch Media Monitor (Contextual drilldown opens as a separate application tab; the views below display in the Media Monitor as separate tabs in Media Monitor) From within Media Monitor, launch Conversation View tab From within Media Monitor, launch Streams View tab • From nGeniusONE Console > Service Monitors launch Media Monitor • From Service Dashboard >Unified Communications tab launch Media Monitor • From Search & Discover, queries applicable to UC applications offer drilldown to Media Monitor
369
nGeniusONE 5.4.1 Online Help Topics
Navigating Call Search When you create a view from the Home tab of the Call Search application, the Call Search Summary tab is displayed along with tools to simplify navigating the additional tabs/views you may open while working in Call Search. Each time you Launch a new view from the Call Search Home tab, that view is listed separately in the View navigation menu available by clicking the menu at the top left of the Call Search display area. Each time you launch a sub-tab within a Call Search view, a blue button for that tab is added to the Tab navigation menu along with blue icon
at the left of the view itself.
This topic reviews how to use the View navigation menu to switch between Call Search instances and to use the Tab navigation menu to switch between sub-tabs and to close sub-tabs. Note: Launching Media Monitor and Call Server Monitor from within Call Search opens a separate main tab in the nGeniusONE Console, rather than a sub-tab in Call Search. For this reason, the monitors do not appear in the View Navigation list. View Navigation • To display the views: Click the title at the upper left of the Call Search module. To hide the list without changing the active view, click the title again. This example shows the Call Search display with individual views for UC Data and Regional Call services, opened from the home tab. The active view, in blue, is Regional Calls.
370
TROUBLESHOOTING ISSUES
• • To switch between views: Display the list of views, then click the title of the view you want to make active. • To close a view: You can either close Call Search by clicking the X on the main tab in the nGeniusONE Console, or you can close individual Call Search views. From the View navigation menu, click the X on the view title. Note that closing a view also closes all its associated sub-tabs (Sessions or Conversations, for example). A prompt displays to confirm that you want to close the entire view, including the tabs. To close individual tabs, see below. • To create a new view: Click the menu option for Open New View to display the Home tab. Alternatively, click the Home icon navigation pane (below).
at the bottom left of the Tab
Tab Navigation Each Call Search view has a collapsible navigation pane at the left side of the display area. Each time you open a tab or sub-tab within the view, a blue or gray vertical bar is added to the left navigation pane. You can navigate within a view by clicking the colored bars, or by expanding the navigation pane and clicking the tab label, as illustrated below.
371
nGeniusONE 5.4.1 Online Help Topics
• Expand or collapse the tab navigation pane: Click the navigation icon aligned to the top left row of the Call Search view contents. Click it again to collapse the pane. You can navigate the tabs in either mode. • Navigate tabs/sub-tabs: Click the label or colored bar to load the tab into the view. • Close a tab / sub-tab: Parent tabs are grey; child tabs (sub-tabs) are shades of blue. Closing a parent tab will also close the child tabs, as described below. You cannot close the Summary tab. To close a tab, expand the navigation pane and click the X to the right of the tab name. In the example above, clicking X on either of the of the Packet Decode tabs closes those individual tabs. Clicking the X on the Sessions List tabs that have a Packet Decode sub-tab also closes those Packet Decode sub-tabs that were created by drilldown from the Sessions list. There is no confirmation when you close a tab group.
372
TROUBLESHOOTING ISSUES
General Usage: UC Server Following are general guidelines for working with UC Server views. For details working with specific views, refer instead to those topics: • Working with the Call Search Application • Working with the Media Monitor • Using the Conversation View • Using the Streams View • Using the Single Call View Drilldown to Call Server Monitor, a standard nGeniusONE monitor, is described in Launch Points. For more details using Service Monitors, refer to Working with Service Monitors. Guidance for using the Service Monitors is provided in the nGeniusONE online help. Understanding Health and Status Indicators: Throughout the UC views, the Green/Amber/Red indicators represent status or health as described below. Community Health: Selected metrics are used for computation of health. In all cases, a problematic condition is indicated when the metric falls in the Warning/Critical bucket as per threshold settings as defined in the nGeniusONE>Global Settings>Voice/Video tab. The following boundaries are represented in these views: Acceptable: No metric was problematic for more than 5% of the total stream time for all streams going to or from that community during the time period. Warning: At least one metric was problematic within 5% and 20% of the total stream time for all streams going to or from that community during the time period. Critical: At least one metric was problematic for more than 20% of the total stream time for all streams going to or from that community during the time period. N/A: Community health not available Media Flags (Call Search): In this view, Green/Amber icons indicate whether one of the following issues was found in the call: Single direction, Gaps, QoS Mismatch. If the icon is Amber, hover the mouse cursor over it for a tooltip indication of which issue contributed to the status. If no media streams are available, a "-" is displayed. Note that Gaps are not reported unless thresholds are customized. Media Health (Single Call View): These status icons indicate the worst metric status for a stream, they are not based on a 5% or 20% limit. If at least one metric falls in the category, the media health is
373
nGeniusONE 5.4.1 Online Help Topics assigned that category. Example: If one metric is in Critical and another in Warning, the Media Health is classified as Critical. Frequently Used Tools • Filter results : Narrow the results by filtering on specific values for each field (fields do not need to be displayed in the tab to match the filter; if the field appears as a selection in the filter dialog it can be used to narrow results). If needed, click this icon again to display the currently set filter options. Add multiple filter options using the + icon. If desired, you can specify whether the query should match records with all the criteria or match any one of multiple criteria. Click the Find button when ready to run the query. • Reset filter : This icon is enabled only when a filter has been set. Use it to clear the filter options. • Customize displayed columns : In addition to certain fixed metrics, panes that have this icon include a collection of metrics that can be displayed or hidden. Use this icon to customize which metrics are displayed in the associated pane. • Export displayed results (All, CSV, PDF, RTF) : Export All records or the currently displayed data (page) in one of three formats. The All option is exported only to CSV, and is limited to the maximum records for the current view (Call Search is 2,000; Streams is 10,000). In cases where all metrics are displayed in the view, the resulting table in output may be compressed; zoom into the document to view the data. Also note that since media data are mined per page, the dynamically generated results in the Call Search screen (Media Health, End Time, Duration) are not included in the export All output. • Save / Reapply / Reset settings : Use this tool to save and reset configurations changes you have made for the current view (Metrics, Chart vs Table display, View mode for charts with multiple modes such as IP Bearer or Summary). Selecting the Save option will save the settings for this view for the current user. To refresh the view with the settings previously saved, use the Reapply option. To revert the settings to the factory defaults, select the Reset option. There is no need to log out or restart the application for the settings to be applied; each new tab uses the modified settings (Reset does not modify the currently active tab). Note that the settings are saved for the logged in user and will be retained and reapplied when that user ID is used to log in each time. • Navigate available results : For certain views, the results table displays up to 50 results at a time. When more than 50 rows match the query, the Page navigation icons on the upper pane’s status bar are enabled with icons to jump to the start or end, or to a specific page number, and to move forward or backward through the results. The status bar indicates which set of 50 is currently displayed, along with the total number of records . Note that each time you navigate to a page, the next set of results is mined at that time. • Toggle table view : In certain graphical views, such as in the Conversation View tab, the presence of this icon indicates the view can be toggled between graphical and tabular form.
374
TROUBLESHOOTING ISSUES You can also perform the following actions in a table-formatted view: • Resize columns: You can change the width of any column. Hover your mouse cursor over the vertical separator between the column headings until the cursor changes to a gripper icon, then click and drag to adjust. • Sort columns: Click the heading of any column to sort a table by that field or metric. The entire table is sorted on that key, not just the currently displayed results. Click a column title multiple times to toggle sort order between ascending and descending. Note that dynamic columns such as computed call duration, start time, end time, community health, and media health cannot be sorted. Note that table columns in the Conversation View cannot be sorted. • Masking: The UC Server supports role-based masking of user identities. If the View User Identity privilege is disabled for the logged in user, data in certain fields (User/Extension, Calling Party, Called Party) are masked in the UC Server views. However, Call Search still supports querying an ID, with or without a wildcard. The matched result itself is displayed with the four right-most values replaced with an "x" character.
375
nGeniusONE 5.4.1 Online Help Topics
Licensing the UC Server After you have set up your UC Server deployment, you may need to obtain and install licenses. A license is required for any nGeniusONE Server that hosts the UC Server. Licenses are not required for data sources. Use the steps in the following sections to understand the types of licenses, how to use the MasterCare portal to register your software and obtain a license, and the options for installing the license. • Understanding License Types and Requirements • Registering a License • Installing Licenses
376
TROUBLESHOOTING ISSUES
Understanding UC License Types and Requirements Use the following to understand the types of licenses you may encounter with your UC Server deployment and what information to use from each for the different license type and licensing method. Note that you may receive multiple Registration Coupons that allow you to license more than one feature on a single component. License Types and Options Following are the license types applicable to UC Server components: • Evaluation: This time-based license requires a generated serial number (based on the software option code) and password, and a date reflecting the duration of the license. When your evaluation is complete, you can remove this key and install a Permanent license. • Permanent: This type of license requires a generated serial number (based on the software option code) and password, and a Host ID based on the MAC address of the component. Since the key is locked to the specific hardware, only install a permanent license when you are ready to deploy in a production environment. • Incremental: This license type supplements a permanent license to increase the number of supported streams or interfaces. The UC Server licenses must match the license configuration of the nGeniusONE Server. If the nGeniusONE Server has incremental licenses, then the UC Server requires matching UC Server incremental licenses. • Options: The following license options are available for UC Server. Review the option notes carefully to understand which are required for your deployment. o 180 (UC Server): Standard license for use when the nGeniusONE server is not enabled using a Workgroup or Standby license. o 185 (UC Workgroup Server): This option is required when the UC Server feature is added to an nGeniusONE Server with a Workgroup licenser. o 181 (UC Standby Server): This option is required when a Standby Server is configured for an nGeniusONE Server directly enabled with a UC Server license (180). o 182 (UC G.729 Codec): License additional features such as support for the G.729 codec. This license option is added along with the main server type (180 181, 185) on the nGeniusONE Server that manages the InfiniStream appliances. o N/A (UC Lync Collector): License for up to 10,000 streams; collection of Microsoft Lync and Cisco CDRs to ASI-based format; see note below under Data sources License Requirements All components of your deployment require a license except for InfiniStream appliances. Use the information in this section to understand when a license is required and when you might need to register or re-reregister to obtain a permanent license. Note that features may be licensed separately, so you may need to install more than one license per component to enable all feature combinations. • Servers: All servers that host the UC Server must be licensed.
377
nGeniusONE 5.4.1 Online Help Topics o Standalone Configuration: When the UC Server resides only on a standalone server, the license is installed directly on that nGeniusONE Server (180) or nGeniusONE Workgroup (185) server. o Standby Server: Standby servers require a separate license from that of the server that hosts the UC Server, since all licenses are locked to the Host ID. The UC Server features on that server have a separate license type (181). • Data sources: o The UC Lync Collector requires purchase of a license, although the license is not installed. In addition, for standard nGeniusONE implementations that include a UC Lync Collector along with probes, note that each UC Lync Collector consumes one Type1 license. o
nGenius InfiniStream appliances do not require licenses.
License Contents The information you use to enable a feature varies based on the method you use for licensing the component. Use the table below to understand the correct format to use for the two methods. License Confirmation via Web Page / Email
What to Enter in license.properties
Evaluation Keys Serial Number: 3116060977 Expiration Date: 08/17/2014 Password: f35e-635d-53d0-c3d3 Today’s Date: 07/17/2014 Software Option: 180
180.SERIAL_NUMBER = 3116060977 180.EXPIRATION_DATE = 08-17-14 180.PASSWORD = f35e-635d-53d0-c3d3
Trial Days: 30 Registration Key: 4671-e055-510e-f72a-060977 Product Name: UC Server Permanent Keys Serial Number: 316067745 Host ID: b932c91e Password: f150-51c5-5461-f4f4 Software Option: 182 Registration Key: 5ab6-8cb5-06d9-d0da-071121 Product Name: G.729 Codec Analysis Support
378
182.SERIAL_NUMBER = 316067745 182.PASSWORD = f150-51c5-5461-f4f4 182.HOSTID = b932c91e
TROUBLESHOOTING ISSUES
Registering a UC License Following are instructions to obtain a key based on new or existing licenses. Registering a Permanent License You will need to use the Registration Coupon from your shipment to generate a license. Use the procedure below for each of the coupons you have received: 1. Locate all Registration Coupons for which you need to generate licenses. 2. Access the NetScout MasterCare portal: https://my.netscout.com/Pages/mcplanding.aspx 3. Log in with your MasterCare user credentials. 4. Navigate to Support & Services and then to Download, Register and License Software. 5. Navigate to the link for UC Server. 6. Click the tab that corresponds to the type of license you are generating (Evaluation or Permanent). For an explanation of these types, refer to Understanding License Types and Requirements. 7. Click the link that corresponds to the component you are licensing. 8. First-time users of the software download pages, or users who have not accessed the page within a year of the last published EULA, need to accept an End User License Agreement (EULA). If the EULA displays, click the "I Agree" button. 9. The Product Registration page that displays allows you to enter the following required information: • Registration Key: Obtain this from the Registration Coupon you received with your product shipment. • Host ID: Although some products permit keying on an IP address, UC Server licenses are locked to the hardware. You must enter the Host ID of the component into this field. Obtain the Host ID by typing: ifconfig eth0 from the command line of the system. The ID is the last four bytes of the HW Address. For example, given output of eth0 Link encap:Ethernet HWaddr 00:25:90:01:24:1A, the Host ID is 9001241A. Note: For Incremental keys, the Host ID must match that for an existing permanent license. 10. Click the Submit button. 11. Your license information is displayed and is emailed to the address on file for the user account used to log into the MasterCare portal. Print the information to archive it and for use when you install the license on your nGeniusONE Server. Re-registering a License To convert an existing nGenius Voice | Video Manager Server license to a UC Server license, contact your NetScout representative for guidance.
379
nGeniusONE 5.4.1 Online Help Topics
Installing UC Licenses After registering the UC Server software and obtaining keys (see Registering a License), use the instructions below to install the license. 1. Initiate the licensing utility: • Linux — From the /rtm/bin directory, execute ./LicenseCL.sh. • Windows — From Start > (All) Programs > NetScout nGenius Server, select Update License 2. Enter the required information, clicking Next or pressing Enter after each entry: • Permanent — Serial number, password, MAC or IP address, and software option number • Incremental — Serial number, password, MAC or IP address, and software option number • Evaluation — Serial number, password, and expiration date 3. (GUI installations) When licensing is complete, click OK. 4. Restart the server.
380
TROUBLESHOOTING ISSUES
Working with the Call Search Application Overview The Call Search application retrieves call signaling and media ASRs from multiple nGenius InfiniStream appliances (monitored elements) deployed on your network and provides correlated quality diagnostics. Supplemental information is provided for each call, including a red/amber/green (RAG) analysis of media health and of the Community endpoints. Further analysis for selected calls is available from here, including a Conversation View and Single Call View. The UC Server Call Search application is accessible from the dock of a UC-licensed nGeniusONE Server. From the Home tab you can select service definitions (combinations of applications and monitored elements) and then query for a User ID, IP Address, or extension for a specific range of time. Service definitions must be created prior to using the Call Search view. Refer to Server Configuration for setup requirements. Details for using Call Search are provided in the following sections: • Using the Call Search Home Tab • Using Call Search Summary Tabs
381
nGeniusONE 5.4.1 Online Help Topics
Using the Call Search Home Tab The Call Search Home tab is the starting point to isolate data for many of the UC Server views. Although you can isolate data in the Media Monitor and then drill down to a UC Server view, if you have a specific ID and start time, the Call Search application offers a more direct path. As with Service and Traffic Monitors, the Home tab for Call Search is used to define the query criteria. Return to the Home tab to perform additional queries (each time you click the Launch button, a separate query is performed and a new Call Search Summary tab is opened). Following are guidelines for using the Call Search Home tab.
Icons/Buttons The following icons are available at the top right of the Call Search Home tab. Refresh Service List: If you have added or modified services after opening Call Search, you may need to refresh the Home Tab to retrieve the updates. Use the refresh icon
at the top right of the tab, as needed.
Return: If you access the Call Search Home tab using the home icon from within a Call Search sub-tab, you can return to that previous view using the Return icon This icon applies only when you have already opened a Call Search workspace. Help: Use the help icon Call Search application.
382
.
, as needed, to access contextual help for this tab of the
TROUBLESHOOTING ISSUES Create a Query To use Call Search, first select a service in the View pane, then specify a Keyword type and value for IP Address or User/Extension in the fields next to the Launch button. Service Name: As with Service Monitors, the left-hand pane of the Call Search Home Tab only displays Application Services that include minimum criteria for this query type. Services are created in the nGeniusONE Service Configuration utility. They must include the following Applications: RTP, one or both of Audio/Video, and at least one of SIP, SCCP, or Q931. Select one service from the displayed list. You can Search within the view pane by typing in the search field, indicated with a text string and icon
. Click to select the search field and then type a search string.
Services of the same type are grouped together under headings as shown above. You can double-click the heading to expand or collapse the list. In the above image, the RTP services are collapsed; the Call Server services are expanded. If your selected service is within a collapsed heading, a small, blue square appears on the heading to highlight the location of your selection. In the image below, the navigation highlight is on RTP, but the currently selected service name is inside the Call Server set.
After you select a service the right pane, User Defined Service Details populates with the details of the service definition. Before you click Launch for the selected service, you must provide either a User ID/Extension or an IP Address in the Show Calls for... keyword input field. Select the type and then enter the value. Keyword Type: Use this menu to specify whether the keyword is a User/Extension or IP Address. Keyword Field: You can enter part or all of the value to query. • User: This is a logon or user ID of a user - it can be characters and numbers, e.g., user123, as well as hyphen, dot, colon, underscores, forward slash, comma, semi-comma, @, #, and space. The user IDs can be user names or numbers as applicable for the signaling protocol in the selected service. At least four characters are required; mixed case is supported (case-insensitive); wildcards are not supported, although values are matched to any ID ending in those characters. Note that calls with the same ID (based on the last 6 digits as shown below) that occur within 10 seconds are potentially merged. For example, with the default of six, the following are merged: 123456 and +123456 855123456 and 123456 (merged value is the larger of the two, 855123456)
383
nGeniusONE 5.4.1 Online Help Topics 123456;abc and 123456 (characters after “;” are not used as part of the match, merged value is 123456;abc) But the following are not merged: 123456 and 456 (second ID is less than 6) 456 and 56 (neither ID is at least 6) The default number of digits can be overridden by setting the following property on the nGeniusONE Server. Add the following line to /opt/NetScout/rtm/bin/vvmserver.properties: callsearch.merge.extension.digits=N Where N is an integer from 4-20 • Extension: This is a phone extension number - This value can contain letters, numbers, underscores, forward slash, hyphen, dot, colon, comma, semi-comma, @, #, and space. The "+" character, also allowed, is primarily intended to support searches on calls with an international prefix of "+" but can be anywhere in the query string. At least four characters are required. Wildcards are not supported, although values are matched to any extension ending in those characters. Note: UC Server features support role-based masking of user identities. If the View User Identity privilege is disabled for the logged in user, certain fields (User/Extension, Calling Party, Called Party) are masked in the UC Server views. However, Call Search still supports querying an ID, even if masking is enabled. The matched result itself is displayed with the four right-most values replaced with an "x" character. For details on configuring user-based masking, refer to topics on customizing User Roles. • IP Address: This queries the Signaling Server and Signaling Client IPs (not the Domain/Media IP addresses). IPv4 and IPv6 addresses are supported; hostnames and wild cards are not valid for this query type. Netmasks are not supported. Valid examples are: 10.20.160.8 2001:0db8:1219:0000:0000:0087:aeb1:2be7 2001:db8:1219:0:0:87:aeb1:2be7 2001:db8:1219::87:aeb1:2be7 To specifically query records provided via UC Lync Collector, use a User ID or Extension since Signaling addresses are not available from these records. Time Selection: The default query duration is set to the Last Hour. As needed, select a different hour start time for your query. To start on an alternate date, select the menu option: Change custom period. A time and date dialog allows you to adjust the starting date and hour. Your custom setting is added to the selection menu for the duration of your current nGeniusONE login session or until you change the date/time again. The image below illustrates how the menu appears after a custom date and time have been set.
384
TROUBLESHOOTING ISSUES
Launch: After selecting criteria, click this button to initiate the query. After deduplication and merging, the oldest calls (up to 2000) are retrieved for display in the Call Search Summary tab.
385
nGeniusONE 5.4.1 Online Help Topics
Using the Call Search Summary Tab Each query from the Call Search Home tab opens a new Call Search Summary tab with a table of matched results. The tab title corresponds to the Service Name selected from the Home tab. Optimally, the initial query from the Home tab is specific enough to yield a focused set of records. However, Call Search can match up to 2,000 calls per query, displaying the results in pages of 50 records at a time. When more than 2,000 calls are matched, a message indicates this, and the first page is displayed. To change the start duration or other search criteria, return to the Home tab and specify the new criteria to create a new view.
For calls with signalling messages, including failed calls, the results displayed then vary based on the data source: • Data derived from InfiniStream appliances includes calls that have started and ended within the specified duration. • Data derived from UC Lync Collectors includes calls that have ended within the specified duration. Note that the oldest calls are matched, with the most recent of those displayed first. Also note that records with incomplete or missing media streams are included but indicated with a '-' in the Community Health column. Calls that are in progress are indicated with an icon in the Media Health column. If both sides of the call are missing media records, drilldown to conversation view is disabled. For calls with both audio and video media, each row includes indicator of both media types as shown here:
386
TROUBLESHOOTING ISSUES
This section describes how to interpret the results of the table and how to how to use the assorted tools to isolate details within the displayed results or perform drilldown and other actions. Interpreting Results The Call Search summary table includes the following columns, some of which are hidden by default. As noted in Customizing Results below, use the columns are displayed.
icon to adjust which
The following are user details displayed for both Calling and Called: • User: This is a logon or user ID of the user. • Extension: This is the phone number or extension used for the call. International calls are prefixed with a "+" symbol. • Domain (optional display): This value is either a hostname (such as a Cisco Call Manager), an IP address, or an actual domain (such as netscout.com) associated with the media. The following are overall call details: • Start Time: This is the start time of the call, based on signaling events in packet data. • Call Duration: Computed dynamically based on the call’s Start and End times. This column displays "In Progress" when appropriate. • Signaling IP Address (Client or Server): IP or hostname of the signaling server closest to the instrumentation point. The following represent attributes relating to the media: • Media Health: For calls with detected media, the overall worst status for each media type (audio alone, video alone, or audio and video may appear together) is displayed based on metrics derived from collected ASRs and the thresholds set in Global Settings> Voice / Video tab. For example, if a call has an OK status audio stream and a warning status video stream, this field will show the audio icon with an Acceptable status and the video icon with a warning status . Calls that are still in progress for the specified duration are indicated with an ongoing icon . Overall media health is not available when information is missing or incomplete, such as occurs when signing is present without media IP addresses or the addresses are present but no media is available. In these cases, the Media Health status is reflected with a broken call icon . Drilldown to a Conversation View is disabled in this case. (Try adjusting the search parameters to a different time range to ensure the start of the call is within the boundaries.) Status:
387
nGeniusONE 5.4.1 Online Help Topics
Acceptable: Indicates that no metric for the call was in the critical or warning category Warning: Indicates that at least one metric was in the warning category but none were in the critical category Critical: At least one metric for the call was in the critical category N/A: Media health not available N/A: Media not available • Media Flags: Displays either a green or amber status icon to indicate whether one of the following issues was found in the call: Single direction, Gaps, QoS Mismatch. When a flag appears you can hover over the icon to display which issue of these affected the call. If needed, drill down to the Streams view or Single Call view to see exactly which streams were affected by these issues. Note that Gaps are not reported unless thresholds are customized. • Media Community: The health for each Media Community’s (Calling or Called ) is based on analysis of several UC-KPI ingress and egress metrics (MOS, network degradation, Loss, Jitter, and so on) for each media type (audio or video) in same duration time period as the call search. These thresholds on which the Status is based (see below) can be adjusted in the nGeniusONE Server, Global Settings> Voice / Video tab. Icons for this column are: Type: : Health is based on Audio media : Health is based on Video media '-' : No media found in signaling for this portion of the call Status: Selected metrics are used for computation of health. In all cases, a problematic condition is indicated when the metric falls in the Warning/Critical bucket as per threshold settings as defined in the nGeniusONE>Global Settings>Voice/Video tab. The following boundaries are represented in these views: Acceptable: No metric was problematic for more than 5% of the total stream time for all streams going to or from that community during the time period. Warning: At least one metric was problematic within 5% and 20% of the total stream time for all streams going to or from that community during the time period. Critical: At least one metric was problematic for more than 20% of the total stream time for all streams going to or from that community during the time period. N/A: Community health not available
388
TROUBLESHOOTING ISSUES To view the specific metric(s) contributing to a Warning or Critical status, open a Conversation view and display the primary metric selector menu. • Audio IP/Port & Video IP/Port (Optional): These columns display the IP address and port for audio/video specific to the originating caller and callee. The supplemental details are displayed at the end of each row: • Status Code or Status Code Description (optional): The Status code column lists the error code, if available, associated with the signaling traffic for the stream. For a text interpretation, hover the mouse over the code or add the Status Code Description column using the column selection icon. Note that the error codes vary for each application type; a value of 1 for SCCP has different meaning than Q.931. • Application: The name of the signaling application associated with that call. Customizing Results There are a few ways to customize the displayed results and drill down to varying details. Adjust Columns: Use column sorting, if needed, to highlight areas of interest. The sort is performed on the entire data set, not just the displayed page. You can adjust column width by hovering your mouse cursor over the vertical separator between the column headings until the cursor changes to a gripper icon, then click and drag to adjust. Add or remove columns from the table, using the columns icon. Note that sorting is not available on columns with dynamically generated values such as media health, call end time, or call duration. Filter Results: If a large number of records are displayed, consider refining the results using the filter icon (described in Using Summary Tab Tools, below), or using the Query toolbar above the table to search within the results. Using Summary Tab Tools This section describes the toolbar options available in the Call Search view. Drilldown Options •
: Select this icon to display a Conversation View tab with the context of that row. This icon is enabled when the selected row includes a complete media stream for at least one party. Depending on the media status for audio and video for each party, different launch options are displayed in a pick list for this item. In this example, Party B’s Audio and Video are present, so it is possible to pick one of those to display a conversation view tab. Alternatively, you drill down to the Conversation View by clicking in the Community Health field of a row with media results (drilldown is disabled if the media is not detected for that community). If the row contains both audio and video media records, then clicking the Community Health field opens the Conversation View with audio results. Note that Conversation views are not applicable when the drilldown data is based on information derived from a UC Lync Collector.
389
nGeniusONE 5.4.1 Online Help Topics
•
: Also enabled when selected row includes media, select this icon to display a Single Call View tab with detailed analysis for that specific call.
•
: Use this icon to open a Session Analysis tab to examine details of the signaling applications associated with the selected row. This tab operates the same as session analysis in the nGeniusONE Call Server Monitor; usage details are not elaborated in this topic. This option is disabled when the selected row is derived from UC Lync Collector reports or when the connected user does not have View User Identity privileges.
•
: To analyze the selected context separately in Call Server Monitor, select this icon. Refer to those nGeniusONE online help topics for usage guidance. This icon is enabled for calls even with incomplete media or incomplete connections, such as failed calls.
•
: To analyze the selected context separately in the Media Monitor, select this icon. This monitor operates generally the same as nGeniusONE Service Monitors; however, it is available only with a UC Server license and includes unique drilldown options.
•
: Use this icon open contextual help for the tab.
Customization Options • Filter results : Narrow the results by filtering on specific values for each field (fields do not need to be displayed in the tab to match the filter; if the field appears as a selection in the filter dialog it can be used to narrow results). If needed, click this icon again to display the currently set filter options. Add multiple filter options using the + icon. If desired, you can specify whether the query should match records with all the criteria or match any one of multiple criteria. Click the Find button when ready to run the query. • Reset filter : This icon is enabled only when a filter has been set. Use it to clear the filter options. • Customize displayed columns : In addition to certain fixed metrics, panes that have this icon include a collection of metrics that can be displayed or hidden. Use this icon to customize which metrics are displayed in the associated pane. • Export displayed results (All, CSV, PDF, RTF) : Export All records or the currently displayed data (page) in one of three formats. The All option is exported only to CSV and is limited to the maximum records for the current view (Call Search is 2,000; Streams is 10,000). In cases where all metrics are displayed in the view, the resulting table in output may be compressed; zoom into the document to view the data. Also note that since media data are mined per page, the dynamically
390
TROUBLESHOOTING ISSUES generated results in the Call Search screen (Media Health, End Time, Duration) are not included in the export All output. •
View Options: You can use this option to toggle display format of values in the view. Note that, by default, certain fields are formatted as per nGeniusONE User Preferences. You can override these settings per view, then save settings if desired. Note that toggling these options causes column titles to change accordingly (e.g., ME Name to ME Alias). The options from this menu are: o Host Description: The values can be toggled between Name, IP Address, or full Name with Domain. If a name-based option is selected and the nGeniusONE server has record of a DNS-resolved name for that address, the name is displayed instead of the IP address. If no name is resolved, the IP address is still displayed. o Monitored Element (Not applicable to Call Search ): This toggle corresponds to the way the appliance is configured in Device Management. From there, an administrator can provide an Alias and a Name, in addition to the device Address. Selecting Alias, Name or Address in the view options dialog changes the column title and, if the administrator provided a value other than IP address for these, the corresponding value is displayed.
• Save / Reapply / Reset settings : Use this tool to save and reset configurations changes you have made for the current view (Metrics, Chart vs Table display, View mode for charts with multiple modes such as IP Bearer or Summary). Selecting the Save option will save the settings for this view for the current user. To refresh the view with the settings previously saved, use the Reapply option. To revert the settings to the factory defaults, select the Reset option. There is no need to log out or restart the application for the settings to be applied; each new tab uses the modified settings. (Reset does not modify the currently active tab.) Note that the settings are saved for the logged in user and will be retained and reapplied when that user ID is used to log in each time. • Retrieve More Data : Use this icon from the Call Search results status bar to retrieve the previous hour of calls and include these with the current collection of results. The total duration displayed at the top of the Call Search Summary tab is updated to include the new start time. Calls are appended to the list in date order; depending on the way you have sorted your table; if you sorted it based on Start time, they will appear at the end or the beginning of the table. This option is disabled when 12 hours or the maximum record limit (2,000) is reached. Also note that the Community Health for these additional records is calculated within that one hour set; the original records in the table are not used in the calculation. There is no option to retrieve the next hour. • Navigate available results : For certain views, the results table displays up to 50 results at a time. When more than 50 rows match the query, the Page navigation icons on the upper pane’s status bar are enabled with icons to jump to the start or end, or to a specific page number, and to move forward or backward through the results. The status bar indicates which set of 50 is currently displayed, along with the total number of records . Note that each time you navigate to a page, the next set of results is mined at that time.
391
nGeniusONE 5.4.1 Online Help Topics
Working with the UC Conversation View The UC Conversation view illustrates media activity based on a selection made at drilldown from Call Search or Media Monitor. This view is displayed as a tab within the drilldown application (Call Search or Media Monitor). Drilldown from Media Monitor requires the Community column be displayed in the Summary tab; similarly, if the Codec column is displayed in Media Monitor, that value is present in the Conversation view. Note: Drilldown to this view from data derived from a UC Lync Collector yields "No Data" as that appliance does not collect conversation metrics.
The illustrated activity is between the selected user community and associated key values (such as Codec, VLAN, or QoS) and any other communities with the same key values. These are represented in the view as the Target (primary) community and its Associated communities in a left and right pane as follows: Active Communities Map: The left pane provides a visual diagram that maps activity between the Target community and its Associated communities. Selections made here trigger dynamic updates in the Details pane, to the right. Details Pane: The right pane includes the following chart with additional details in tabs.
392
TROUBLESHOOTING ISSUES o Conversation Chart: This diagram provides a supplemental visual representation of ingress and egress data for the currently selected conversation in the Active Communities Map. o Additional Statistics tab: Detailed ingress and egress metrics based on conversations streams for currently selected community pair displayed in the Conversation Chart. o Over Time View tab: Visual chart representing underlying traffic and activity over time; these metrics are based on KPIs for all streams to and from the Target:Associated community pair. o Results Assistant tab: Information about metrics and underlying causes for the highest percentage of streams that violated either the warning or critical threshold. Use the details below for guidance working with these assorted panes.
Using the Active Communities Map The Active Communities map (left pane) reflects the most active (maximum of seven) conversations associated with the target community. If there are more than seven active conversations, those are grouped into an eighth community labeled "Other." The Target community is always displayed on the left, with the Associated communities leading out to the right. The set of Associated communities is ordered top to bottom based either on highest Average Activity or highest Average Problems (default). The currently selected Target:Associated pair whose data are reflected in the Details pane is indicated by a blue leader line between the pair that are also highlighted in light blue. The contents of the Details Pane are driven by the changes made in this map pane. Selecting any Associated community icon changes the Target:Associated community pairing, so it also updates the Details pane to match the new conversation pair.
393
nGeniusONE 5.4.1 Online Help Topics
Note: The Other Community is a special case of an associated community. It cannot be selected for analysis or to become Target. Additionally, the percentage of problems indicator on the connector between target and community is not populated. The streams value displayed on the connector reflects all streams in the map, not only the Others. Drilldown to a Streams view is not supported for this special community type. You can perform the following actions in this map: • Change Primary Metric: This menu provides the option of changing the primary metric to a different set based on either Audio or Video. The menu entries include the metric value and type, along with the direction and the target community. Note the following about this menu: o Changes made in this menu affect the Active Communities Map and the Conversation Chart. The details in tabs below the Conversation Chart are displayed independently of this metric selection. o The menu order varies based on the currently active metric type. If Audio is currently displayed, the alternate Audio metrics are displayed above a collapsed list of options for Video. Alternatively, if a Video metric is active,
394
TROUBLESHOOTING ISSUES the top portion of the menu displays video metrics, with Audio metrics in a collapsed list at the bottom. o Two types of metrics are provided, those that impact MOS Degradation, and all other metrics. o For metrics in the top portion, a visual indicator of health is included with the menu label; metrics at 20% or more of a threshold have a critical indicator (see below); those within 5% but less than 20% have a warning indicator.
•
Change Target Community: Select an Associated community icon in the map and then click this icon to change that community to be the Target. If you determine that one of the Associated communities warrants deeper analysis, you can select one to become the Target. Ensure the Associated Community you want to become the target is actively selected in the conversation pair, then click the Change Target Community icon to change it to the Target. The Conversation View refreshes and displays that community as the Target, along with any other communities found to have conversations with it in the specified duration. Note: Any time this icon is enabled, the currently active Associated Community becomes the new Target. To return to your original Target Community, select it and click the icon again.
•
Toggle between map and table: The specific values for the traffic or problems in the conversation map can be viewed by toggling the map between graphical and table format using this icon. In table view, all of the underlying conversations are
395
nGeniusONE 5.4.1 Online Help Topics displayed, in addition to the top seven. Note that columns in this table cannot be sorted. • Change Sort Order: Use this menu to change the direction and priority of the plotted activity from or to the target. In cases where the metric contributes to MOS Degradation, the menu includes Impact as well as the default Activity options. • Launch Streams View: Click on the word "stream" from the connecting leaders between a community pair. This displays a pick list allowing you to select (all) Conversation Streams; Streams from Target; Streams to Target. The Streams view opens in a new tab. Using the Conversation View Toolbar The following additional actions are available from the Conversation View toolbar above both panes. • Time Shift: For queries of an hour or less, you can change the default time shift of 5 min. Click the "Shift by" menu and select 5, 15, 30 minutes, or 1 Hour. Click the time stamps on left and right side of the time toolbar to move forward and back by that increment. The shift interval varies based on the scope of the original drilldown.
396
•
Launch Streams View: Displays a pick list allowing you to select (all) Conversation Streams; Streams from Target; Streams to Target. The Streams view opens in a new tab.
•
Export displayed results (All, CSV, PDF, RTF): Export All records or the currently displayed data (page) in one of three formats. The All option is exported only to CSV.
•
Display the Session context: Open a dialog displaying the drilldown parameters used to open the view. If the view was opened from Media Monitor, additional data such as Codec is displayed.
TROUBLESHOOTING ISSUES
Using the Details Pane The Details Pane includes a Conversation Chart and tabs with non-interactive representations of underlying data for Target Community and Associated Community selected in the Active Communities Map pane. Note: Changes made to the Primary Metric menu in the left pane of the Conversation view affect the Active Communities Map and the Conversation Chart. The details in tabs below the Conversation Chart are displayed independently of the Conversation View primary metric selection. Selected Conversation Chart This diagram provides separate analysis of the flow between the communities, with the primary metric behavior plotted separately for ingress versus egress. This diagram is a visual tool only, with one exception: You can click on the word "stream" to open the streams menu and display a pick list allowing you to select (all) Conversation Streams; Streams from Target; Streams to Target. The Streams view opens in a new tab. Additional Statistics Tab The metrics in this table are average KPIs (ingress and egress) for all activity relating to the selected Target Community and Associated Community. Note that in cases where the Target and Associated Community are the same, only Target Community is displayed. This broader set of metrics identifies health and performance issues independently of the conversation metrics. Note the following: • All values represent percentages except Average Active Streams and Completed Streams. • Percentage values are based on percentage of that metric occurring in active streams. • Metrics of the "Problems" type are based on % of stream seconds in warning and critical status. • Columns in this table cannot be sorted.
397
nGeniusONE 5.4.1 Online Help Topics
Over Time View Tab The chart plots Average Problems and Average Streams over time for both directions of the conversation (to and from Target and Associated Community). In cases where the conversation is within a community (Target and Associated are the same label), the chart plots the totals. Display the metrics supporting the chart by clicking the chart to table toggle icon
398
.
Note that columns in the table view cannot be sorted.
TROUBLESHOOTING ISSUES
Results Assistant Tab Certain UC views include a tool that provides information about metrics and underlying causes. In the Conversation view, the streams between the selected Target and Associated community are analyzed to identify the metrics with the most cases in which a threshold boundary was crossed. The set of streams in which that metric threshold boundary was crossed is then evaluated to identify whether any thresholds for any other metrics were crossed. The resulting set of problematic metrics and associated percentage of streams is reported in the Results Assistant dialog, with one box for each issue. The problematic metric and threshold are listed along with the direction of the streams, percentage of streams, and additional threshold. To use this feature, select an Associated community with problematic results, then select this icon
to display the Results Assistant dialog. Additional information is available by
clicking the information icon provided on the title bar of each explanation box or by accessing the Reference section.
399
nGeniusONE 5.4.1 Online Help Topics
400
TROUBLESHOOTING ISSUES
Using the UC Streams View The UC Streams view is a detailed list of the first 10,000 media streams matching the context at drilldown from a Conversation View in either Call Search or Media Monitor or directly from Media Monitor. This view is displayed as a tab within the drilldown application (Call Search or Media Monitor). Note that the drilldown to this view is based on a duration of one hour or less; the Conversation view automatically complies with this requirement; however, a warning will display in Media Monitor advising the duration be reduced to an hour or less, if applicable. This view presents a variety of metrics for media streams, in table form. To facilitate navigating the volume of metrics, the Streams view includes toggles to display metrics in sets: Summary, Network, Payload, and General. All of the metrics can be added to any of these views, if desired. Use this section to understand the options available for display, analysis, and drilldown from the Streams view.
Working with the Streams Table The table data are informational (non-interactive) but can be sorted and filtered, and the rows can be selected for drilldown. You can also customize any of the sub-views to include more or less of the default key values and metrics using the Customize Columns icon. Note that key values, such as VLAN, appear in all the sub-views. Changes to metrics are applied to just the active view. Use the Save Settings to set new default key values for all the views and save the current metrics. This icon is applicable once for the whole Streams view, not for individual sub-views. Key Values By default, all the sub-views include these columns: • Status • Start Time • Duration • Src. IP Address • Dest. IP Address
401
nGeniusONE 5.4.1 Online Help Topics • ME Name • Codec Summary View By default, this sub-view includes these metrics: • QoS • IP MOS Degradation • Compression Degradation • Packet Loss • Max. Jitter • Round Trip Delay (ms) • Echo Loss • Voice Level Network View By default, this sub-view includes these metrics: • QoS • Packet Loss • Min. Jitter • Max. Jitter • Avg. Jitter • Max. Consecutive Loss • Avg. Consecutive Loss • Mis-sequenced Packets (%) • QoS Mismatch Payload View By default, this sub-view includes these metrics: • Compression Degradation • Bit Rate • Frame Rate • CQ MOS • Echo Delay • Echo Loss • LQ MOS • Voice Level • SNR (db) General View By default, this sub-view includes these metrics by default: 402
TROUBLESHOOTING ISSUES • Single Direction (One-way) • QoS Mismatch • DTMF Present • Short Call / Long Call For this view, the presence of the above conditions is indicated with an icon, rather than a value. If none are found, a dash is displayed, otherwise an icon this field.
is shown in
• Gaps: Gaps are represented as an icon, to indicate where gaps occurred within the stream. (The minimum the gap threshold is set in the Global Settings>Voice/Video tab.) When no gaps are detected, a dash is displayed in this column. Otherwise, the icon has indicators (white circle) of whether the gap occurred in the beginning, middle, end of the call (or a combination of these) as shown below:
Note that Gaps are not reported unless thresholds are customized. Additional Metrics The following columns/metrics are not displayed by default in any view but can be added with the
1
Customize Columns icon: •
End Time
•
Src. Community
•
VLAN
•
Src. Port
•
Dest. Community
•
SSRC
•
Dest. Port
• •
•
Src Extension
•
IP MOS
Src. Outer IP
1
•
Dest. Extension
•
Min. IP MOS
Dest. Outer IP
1
•
Src User ID
•
Max. IP MOS Deg
•
Dest. User ID
•
Round Trip delay
This value is populated when the traffic is tunneled and tunnel parsing is
enabled on the data source.
Using the Streams View Toolbar The following tools are available from the Streams view toolbar. •
Filter results: Use this to narrow the results by filtering on specific values for each field. Click the Find button when ready to run the query.
•
Reset filter: This icon is enabled only when a filter has been set. Use it to clear the filter options.
403
nGeniusONE 5.4.1 Online Help Topics
•
Customize displayed columns: Use this icon to customize which metrics are displayed in each sub-view. To save the customizations (per user), use the save settings icon described below.
•
Export displayed results (All, CSV, PDF, RTF): Export All records or the currently displayed data (page) in one of three formats. The All option is exported only to CSV.
•
Launch Single Call View: Open a tab with detailed analysis for the selected row.
•
Launch Packet Decode: Open a tab with packet analysis for the selected row. This icon is disabled when the selected row is associated with a UC Lync Collector.
•
Display Results Assistant: Open a dialog with more informati about metrics for the highest percentage of streams that violated either the Warning or Critical threshold (see Using the Results Assistant, below).
•
View Options: You can use this option to toggle display format of values in the view. Note that, by default, certain fields are formatted as per nGeniusONE User Preferences. You can override these settings per view, then save settings if desired. Note that toggling these options causes column titles to change accordingly (e.g., ME Name to ME Alias). The options from this menu are: o Host Description: The values can be toggled between Name, IP Address, or full Name with Domain. If a name-based option is selected and the nGeniusONE server has record of a DNS-resolved name for that address, the name is displayed instead of the IP address. If no name is resolved, the IP address is still displayed. o Monitored Element (Not applicable to Call Search ): This toggle corresponds to the way the appliance is configured in Device Management. From there, an administrator can provide an Alias and a Name, in addition to the device Address. Selecting Alias, Name or Address in the view options dialog changes the column title and, if the administrator provided a value other than IP address for these, the corresponding value is displayed.
•
Save / Reapply / Reset settings : Use this tool to save and reset configurations changes you have made for the current view. Selecting the Save option will save the settings for this view for the current user. To refresh the view with the settings previously saved, use the Reapply option. To revert the settings to the factory defaults, select the Reset option. There is no need to log out or restart the application for the settings to be applied; each new tab uses the modified settings (Reset does not modify the currently active tab.)
•
Display the Session context: Open a dialog displaying the drilldown parameters used to open the view. If the view was opened from Media Monitor, additional data such as Codec, are displayed.
You can also navigate results using the navigation icons in the center of the status bar . For certain views, the results table displays up to 50 results at a time. When more than 50 rows match the query, the Page navigation icons on the upper pane’s status bar are enabled with icons to jump to the start or end, or to a specific page number, and to move forward or backward through the results. The status bar indicates
404
TROUBLESHOOTING ISSUES which set of 50 is currently displayed, along with the total number of records . Note that each time you navigate to a page, the next set of results is mined at that time.
Using the Results Assistant Certain UC views include a tool that provides information about metrics and underlying causes. In the Streams view, select a row with problematic results, then select this icon to display the Results Assistant dialog. The dialog includes a box for any metric that approached an upper or lower threshold limit, a recap of the metric and configured threshold settings, and analysis of that issue. Additional information is available by clicking the information icon provided on the title bar of each explanation box. The Results Assistant for this view displays details only in cases where the metrics exceed a threshold boundary (Acceptable/Warning and Warning/Critical).
405
nGeniusONE 5.4.1 Online Help Topics
Using the UC Single Call View The UC Single Call view provides supplemental information for a selected call, including: • Network Map pane: Diagram illustrating the call’s IP endpoints and paths through instrumentation points, annotated with problematic metrics • Related Streams pane: Overview table of all the streams related to the call • Stream Details pane: Tables of available metrics for the stream selected in the Related Streams pane This tri-pane view is available by drilldown from a Streams View tab (in either Call Search or Media Monitor) or directly from Call Search. This view is displayed as a tab within the drilldown application (Call Search or Media Monitor). The duration of this view is the exact duration of the originally selected call. Note that you can maximize the top two panes by clicking the Maximize icon title bar of the pane. To restore the layout, click the
in the
icon. You can also hide or show
the Details pane using the corresponding icons in the pane title bar
.
Working with the Network Map Pane A network map is anchored by the two endpoints of the call, each annotated with its IP Address, Community name, and User ID. The lines on the map represent the part of the network between an endpoint and the points at which the data source (InfiniStream appliance or UC Lync Collector) is monitoring. The map includes certain devices along the
406
TROUBLESHOOTING ISSUES network path: InfiniStream appliances, SBCs, NATs, and Media Gateways. The icons for these clearly identify the type of device (shown below). The InfiniStream appliance icons are annotated with IP address and monitoring interface. Multi-leg conference calls, supported by correlating records reported from a UC Lync Collector, are depicted in here with a diagram for each leg of the call. These maps appear in collapsible sub-panes within Network Map Pane. Use the +/- icons in the title bar of the sub-panes to expand or collapse them. Note that if an InfiniStream appliance is present in the network, it will also appear in the map. In the example below, Loss and Jitter were reported by an InfiniStream appliance. Note that UC Lync Collectors are not depicted since the metrics they report are displayed on the endpoints of the map.
Note: You can maximize the Network Map Pane by clicking the Maximize icon the title bar of the pane. To restore the layout, click the
in
icon.
Map Components Following is a summary of the items that may appear on a network map: • Devices are indicated as follows: Endpoint1
Analog Gateway
PSTN Gateway
Data Source2
Analog Telephone Adapter
Soft Phone
Session Border Controller
Telepresence Room
Video Conference Unit
407
nGeniusONE 5.4.1 Online Help Topics
NAT device
Voicemail Server
Media Gateway / Bridge
Desktop Phone
Outer IP Address/Tunnel
1
Each diagrammed endpoint includes an IP Address, Community name and User ID Monitoring device (InfiniStream appliance); each diagrammed appliance shows the IP address and interface associated with the appliance
2
• Metrics are indicated on each leg, along with their RAG (red, amber, green) status. Note that if any metric is Critical, the entire call is marked as Critical: Acceptable: Indicates that no metric for the call was in the critical or warning category Warning: Indicates that at least one metric was in the warning category but none were in the critical category Critical: At least one metric for the call was in the critical category • Special events are indicated with an informational icon: Indicates a QoS Mismatch was detected or additional data were provided via RTCP records • Network legs are indicated with directional, dashed lines. • If a call includes both Audio and Video data across all points, then the data for both audio and video are plotted on the same map. In cases where certain points have only one or the other, or if a different device is used as an endpoint for the audio and video, then the audio and video for that call are treated as separate streams. To view them as maps, you must drill down to the Single Call View by selecting the individual streams separately from the previous drilldown point. • If a call includes tunneled data, the outer IP address information (IPv4/IPv6) can be toggled on for display. The availability of outer IP information for the map is indicated by a special icon next to the maximize icon of the map’s title bar. Click the icon to show/hide the outer IP address information on the map. The tunnel and outer IP information are reported as detected by the monitoring InfiniStream appliance. In the first example below, the outer IP addresses for the tunnel are node24.dev.netscout.com and 192.168.23.98.
408
TROUBLESHOOTING ISSUES
The example below illustrates a call with two tunnels. The first tunnel occurs over the first appliance, with addresses of 10.0.0.1 and 10.0.0.5. The second tunnel occurs over the second appliance, with outer IP addresses of 10.0.0.201 and 10.0.0.205.
The example below illustrates two tunnels again, with no tunnel reported by the appliance in the middle of the call flows.
Note: Outer IP addresses are not applicable for data provided from a UC Lync Collector. Map Views The chart can be toggled between a set of views that illustrate different perspectives on the call metrics. For all views other than the Summary view, the metrics are predetermined and the values are displayed regardless of status (Acceptable, Warning, Critical). Following is a description of the views you can toggle by clicking the corresponding options in the Network Map title bar:
409
nGeniusONE 5.4.1 Online Help Topics Summary View This general view, shown by default, displays any metrics that cross threshold boundaries; QoS Mismatch, if detected, will also be reported here. IP Bearer View This view layers the map with the following metrics: Absolute IP MOS, IP MOS Degradation, Round-trip delay, Voice IP, Voice Degradation, Video IP, Video Degradation Loss and Jitter View Specific metrics for Voice and Video Packet Loss and Jitter are displayed in this view. Voice Payload View This view provides a snapshot of key metrics for analyzing Voice payload performance: SNR, Voice Level, Echo Loss, Echo Delay, LQ MOS, and CQ MOS. If the call has no voice metrics, the map will be displayed without metric indicators. Video Payload View Similar to the Voice Payload, this view summarizes key performance metrics for Video: Compression Degradation, Bit rate, and Frame Rate. If the call has no video metrics, the map will be displayed without metric indicators. QoS View This view identifies QoS values, QoS Mismatch results, DSCP (Differentiated Services Code Point) values and indicates changes in DSCP values.
Working with the Related Streams Pane This table lists all the streams related to the call displayed in the map, along with relevant metrics. To simplify the display, the table can be toggled between a set of views with different sets of metrics. You can also customize any of the sub-views to include more or less of the default key values and metrics using the Customize Columns icon. Note that key values, such as VLAN, appear in all the sub-views. Changes to metrics are applied to just the active view. Use the Save Settings to set new default key values for all the views and save the current metrics. This icon is applicable once for the whole Single Call view, not for individual sub-views. Note: You can expand the Related Streams pane by clicking the Maximize icon the title bar of the pane. To restore the layout, click the
icon.
Following is a description of the data displayed in the Related Streams sub-panes: Key Values By default, all the views include these columns: • Status • Start Time • Duration • Src. IP • Dest. IP
410
in
TROUBLESHOOTING ISSUES • ME Name • Codec Summary View In addition to the above key values, the Summary view includes these metrics by default: • QoS • IP MOS Degradation • Compression Degradation • Packet Loss • Max Jitter • Round Trip • Echo Loss • Voice Level Network View By default, this view includes these metrics: • VLAN • SSRC • QoS • Packet Loss • Min. Jitter • Max. Jitter • Avg. Jitter • Max. Consecutive Loss • Avg. Consecutive Loss • Mis-Seq. Packets (Out of Sequence) • QoS Mismatch Payload View By default, this view includes these metrics: • Compression Degradation • Bit Rate • Frame Rate • CQ MOS • Echo Delay • Echo Loss • LQ MOS • Voice Level • SNR 411
nGeniusONE 5.4.1 Online Help Topics General View By default, this sub-view includes these metrics by default: • Single Direction (One-way) • QoS Mismatch • DTMF Present • Short Call / Long Call For this view, the presence of the above conditions is indicated with an icon, rather than a value. If none are found, a dash is displayed, otherwise an icon this field.
is shown in
• Gaps: Gaps are represented as an icon, to indicate where gaps occurred within the stream. (The minimum the gap threshold is set in the Global Settings>Voice/Video tab.) When no gaps are detected, a dash is displayed in this column. Otherwise, the icon has indicators (white circle) of whether the gap occurred in the beginning, middle, end of the call (or a combination of these) as shown below:
Note that Gaps are not reported unless thresholds are customized. Additional Metrics The following columns/metrics are not displayed by default in any view but can be added with the
Customize Columns icon: • End Time • Src. Port • Dest. Port • Src. Outer IP 1 • Dest. Outer IP 1
• Src. Communi ty • Dest. Communi ty • Src Extensio n
• IP MOS • Min. IP MOS • Max. IP MOS Deg • Round Trip delay • Leg Number • Branch ID
• Dest. Extensio n • Src User ID • Dest. User ID 1
This value is populated when the traffic is tunneled and tunnel parsing is
enabled on the data source.
412
TROUBLESHOOTING ISSUES
Using the Related Streams Toolbar Options The following tools are available from the Streams Summary toolbar. •
Filter results: Use this to narrow the results by filtering on specific values for each field. Click the Find button when ready to run the query.
•
Reset filter: This icon is enabled only when a filter has been set. Use it to clear the filter options.
•
Customize displayed columns: Use this icon to customize which metrics are displayed in each sub-view. To save the customizations (per user), use the save settings icon, described below.
•
Export displayed results (All, CSV, PDF, RTF): Export All records or the currently displayed data (page) in one of three formats. The All option is exported only to CSV. In this view, the End Time and Duration are included with the Export All option, since the values are not dynamically generated.
•
Launch Packet Decode: Open a tab with packet analysis for the selected row. This icon is disabled when the selected row is associated with a UC Lync Collector.
•
Display Results Assistant: Open a dialog with more information about metrics for the highest percentage of streams that violated either the Warning or Critical threshold. (see Using the Results Assistant, below).
•
Save / Reapply / Reset settings: Use this tool to save and reset configurations changes you have made for the current view. Selecting the Save option will save the settings for this view for the current user. To revert the settings to the factory defaults, select the Reset option. There is no need to log out or restart the application for the settings to be applied; each new tab uses the modified settings (Reset does not modify the currently active tab).
•
Display the Session context: Open a dialog displaying the drilldown parameters used to open the view. If the view was opened from Media Monitor, additional data such as Codec, are displayed.
You can also navigate results using the navigation icons in the center of the status bar . For certain views, the results table displays up to 50 results at a time. When more than 50 rows match the query, the Page navigation icons on the upper pane’s status bar are enabled with icons to jump to the start or end, or to a specific page number, and to move forward or backward through the results. The status bar indicates which set of 50 is currently displayed, along with the total number of records . Note that each time you navigate to a page, the next set of results are mined at that time.
Working with the Stream Details This tri-pane table provided details for the row selected in the Related Streams table. The table is not customizable but, similar to the Related Streams, additional metrics are provided in sub-views, described below. Note that the Stream Detail views provide some
413
nGeniusONE 5.4.1 Online Help Topics data not available in the other UC views. You can also hide or show the Stream Details pane using the corresponding icons in the pane title bar. Summary View • Src. IP Address
• Start Time
• ME Name
• Src. Port
• End Time
• Probe IP Address
• Dest. IP Address
• Duration
• Dest. Port
• Codec
• Interface Number
• Src. Community
• VLAN
• Dest. Community
• QoS
• SSRC • Branch ID • Leg Number
IP Bearer View • IP MOS
• Max. Jitter
• IP MOS Degradation
• Avg. Jitter
• Min. IP MOS • Max. IP MOS Degradation • Max. IP MOS Degradation Time
• Mis-seq. Packets • Packet Loss • Max. Packet Loss Rate • Max. Consecutive Loss
• Degradation Due to • First Root Cause • Second Root Cause • Round Trip Delay • RTCP Jitter • RTCP Packet Loss
Payload View • Comp Degradation
• Voice Level
• Echo Loss
• Bit Rate
• SNR
• Echo Delay
• Frame rate
• Voice Activity
• CQ MOS
• Total Frames
• LQ MOS
• I Frames
Using the Results Assistant This feature is available from the Conversation View, Streams View, and Single Call View. It provides interpretative details for the metrics displayed in the active view. From the Single Call View’s Related Streams table, select a row with problematic results, then select this icon to display the Results Assistant dialog. The dialog includes a box for any metric that approached an upper or lower threshold limit, a recap of the metric and configured threshold settings, and analysis of that issue. Additional information is available by clicking the information icon provided on the title bar of each explanation box. The Results Assistant for this view displays details only in cases where the metrics exceed a threshold boundary (Acceptable/Warning and Warning/Critical). Additional details for guidance offered by the Results Assistant is provided in the Reference section, also available as a link from the information icon displayed next to the metric explanation. 414
TROUBLESHOOTING ISSUES
415
nGeniusONE 5.4.1 Online Help Topics
Working with the UC Media Monitor The Media Monitor automatically replaces the RTP Monitor in the nGeniusONE Service Monitor collection when the nGeniusONE server is configured with a UC Server license. (RTP Monitor is still available in the Universal Monitor, but the default Service Monitor collection is Media Monitor as are the drilldowns from other modules such as the Dashboard.) The Media Monitor adds support for MPEG2-TS and MSB analysis, expands the available metrics, and provides payload analysis details. It is unique from other Service Monitors in the drilldown options which include the UC Streams View and UC Conversation View. These tabs open within the Media Monitor.
The Media Monitor can be accessed from the Service Monitor icon of the nGeniusONE Dock, by drilldown from Call Search, from the Unified Communications Dashboard, from applicable queries in the Search & Discover tool, or from the Discover My Network Media view of the Discover My Network module. Accessing this monitor from the Service Monitor dock icon displays a standard Monitor Home tab that allows users to select a specific Service and a Monitored Element or Network Domain to query. From there, a Summary tab is displayed with a default window of one hour. When the Media Monitor is opened from Call Search or the Dashboard drilldown, the Home tab is bypassed and a Summary tab is opened with the context from the drilldown application. Call Search drilldown duration includes one hour from the start time of the call. Dashboard drilldowns are based on the duration of the dashboard itself.
416
TROUBLESHOOTING ISSUES Other than the UC drilldown options, the monitor functions the same as all other nGeniusONE Service Monitors. General usage for those is described in Working with Service Monitors. The sections below describe the features unique to this monitor.
Metrics The following metrics are available in Media Monitor (bolded items are visible by default): Streams • Average Active (standard in RTP Monitor) • Completed (standard in RTP Monitor) • The following are all based on a percentage of completed streams. o
QoS Mismatch (%)1
o
Single Direction (%) (One-way)1
o
Long Calls (%)
o
DTMF (%)
o
Short Calls (%)
o
Gaps (%)4
The following metrics are all based on the percentage of time spent in the indicated problem state over all active streams. The problematic condition is indicated when the metric falls in the Warning/Critical bucket as per threshold settings as defined in the nGeniusONE>Global Settings>Voice/Video tab. MOS Problems • Degradation (%)2 • Compression (%)1 • Absolute (%) (standard in RTP Monitor)2 Network Impairment Problems • Packet Loss (%) (standard in RTP Monitor) • Jitter (%) (standard in RTP Monitor)3 • IP Delay (%) • OoS (Out of Sequence) Packets (%) Payload Problems • Echo (%)1 • Level (%) • SNR (%) The following apply to the indicated metrics when the selected row is based on UC Lync Collector reports: 1 The UC Lync Collector does not report these metrics. 2 The UC Lync Collector does not report these for video. 3 Note that the Jitter reported in Lync-based data differs from Jitter calculated by NetScout, which can lead to inconsistent measurements for a single call. 4 Note that Gaps are not reported unless thresholds are customized.
417
nGeniusONE 5.4.1 Online Help Topics
Table Toolbar Options In addition to the standard Monitor toolbar options, the Media Monitor includes the following icons: •
Conversation View: This icon is active when the Community column is enabled from the Key Options dialog (use the options icon to display the dialog ). Select the Conversation View icon to display a tab with the context of the row selected in the Summary table. Note that Conversation Views are not supported when the selected row is derived from UC Lync Collector reports.
•
Streams View: Select this icon to display a tab with the context of the row selected in the Summary table. Up to 2,000 streams are queried to match the selection. Note that from Conversation View, drilldown to Streams View offers the option of specifying whether to display all Conversation Streams, Streams to Target, or Streams from Target. Drilldown from Media Monitor instead uses the value of the View Mode toggle
to determine this:
o Community as Source: In the monitor, this displays results associated with outbound traffic to the community displayed in the Source Community column. Drilldown to Streams view matches Streams to Target. o Community as Destination: In the monitor, this displays results based on inbound traffic to the community displayed in the Destination Community column. Drilldown to Streams view matches Streams from Target. o Community as Source and Destination: In the monitor, this displays results based on both directions in a column labeled Community. Drilldown to Streams view matches Conversation streams.
Chart Types and Options These charts operate functionally the same as all Service Monitor charts. However, the chart parameters differ from RTP Monitor, since additional metrics and payload analysis are available. The default charts for Media Monitor are: • Stream Counters Over Time • Packet Loss Network Impairment Problems Over Time: • Degradation MOS Over Time • Level Payload Problems Over Time Chart actions include: •
: Use the metrics icon to toggle the chart to alternate metrics (Stream Counters chart is fixed): o o
418
Degradation MOS Absolute MOS
TROUBLESHOOTING ISSUES o
Compression
o
Jitter IP Bearer
o
Payload Level
o
Payload SNR
o
Packet Loss IP Bearer Problems
o
IP Delay IP Bearer
o
Payload Echo
•
: Toggle the chart to display underlying data by clicking the toggle table view icon.
•
: For time durations exceeding one hour, use this icon to open a drilldown tab to a one hour duration.
•
: Select this icon to display a Conversation View tab with the metric from the table as context. The duration of the overall tab is used, rather than a selected bar, as durations less than an hour are not applicable for Conversation views. Note that Conversation views are not applicable when the drilldown data is based on information derived from a UC Lync Collector.
•
: Select this icon to display Streams view tab with the current context. Optionally, select a bar with problematic results to limit context duration to five minutes. When no bar is selected, the time context is the same as that of the overall tab. When a bar is selected, the metric and five minute period are used as a context for drilldown to the Streams view.
The following conditions apply when the charts are plotted from a row based on UC Lync Collector reports. • Drilldown to Conversation view is not supported. • The following charts are not available, since the data are not present in the reports: o
o
Compression Payload Echo
• The Stream Counters chart does not include the following metrics, since the data are not present in the reports: o
Avg. Active
o
Single Direction
o
QoS Mismatch
419
nGeniusONE 5.4.1 Online Help Topics
REFERENCE: UNIFIED COMMUNICATIONS The topics in this section include an overview of voice and video transmission over IP and, where relevant, troubleshooting tips and additional information. Note that the UC Server Results Assistant, available from the Streams View, Single Call View, and Conversation View, provides links to specific content in this reference to aid with understanding root cause for selected results. • Introduction to Voice and Video over IP o
Voice and Video Over IP Basics
o
Video Transmission Basics
o
Decibels
o
Voice Coding
o
Introduction to MOS
• Voice Quality Metrics o
Voice IP MOS
o
Listening Quality MOS
o
Voice Level
o
Echo Loss
o
Packet Loss
o
Out of Sequence Packets
o
Voice IP MOS Degradation
o
Conversation Quality MOS
o
Signal to Noise Ratio
o
Delay
o
Jitter
• Video Metrics o
Video IP MOS
o
Video Degradation
o
Jitter
o
Video IP MOS Degradation
o
Packet Loss
o
Out of Sequence Packets
• Additional Metrics
420
o
Active Streams (Average)
o
DTMF
o
Long Calls
o
Short Count
o
Completed Streams
o
Gaps
o
QoS Mismatch
o
Single Direction
TROUBLESHOOTING ISSUES • IP Transmission Problems o o
Basic Troubleshooting IP Root-cause Analysis
421
nGeniusONE 5.4.1 Online Help Topics
Introduction to Voice and Video over IP Introduction to Voice and Video over IP The topics in this section provide an introduction to voice and video over IP, basic information on voice and video encoding, an overview of MOS (mean opinion scores) and an overview of the role decibels have in voice and video performance analysis. • Voice and Video Over IP Basics • Voice Coding • Video Transmission Basics • Introduction to MOS • Decibels Voice and Video Over IP Basics A key objective in providing a voice or video communications service is the delivery of excellent quality to the end-user. This includes many considerations such as minimizing any audible or visible distortions introduced by media compression algorithms, managing factors such as voice level, noise level and echo within acceptable limits, and minimizing the delay of conversational services such as voice over IP (VoIP) and audio-visual conferencing. In the following sections, we describe the basics of voice and video over IP transmission and introduce some of the design considerations that go into a successful service. Edge-devices The term "edge-device" is often used to describe IP media clients or gateways at the edge of the IP network. IP media clients are typically either hard-clients or soft-clients. Hard-clients are dedicated hardware devices with an integrated network port; soft-clients are software applications that use the host computer’s network and audio-visual capabilities. In the case of a softclient, the microphone, speakers and camera may be fully integrated into the computer, completely external or use an external all-in-one device such as a USB phone. Gateways provide access to external networks. Where a call needs to continue beyond one IP network to reach its destination, either a Gateway or IP peering point is used. Gateways receive and decode the outgoing packets before passing them on to an external network, typically a non-IP network such as a cellular network or the public switched telephone network (PSTN). Gateways also reencode the signals received from the external network and transmit them over the IP network. IP peering points connect two networks that each carry voice or video over IP traffic. In these situations, decoding and re-encoding may not necessary, provided that both networks support the same codecs. Calls from beyond a peering point are termed "peering calls". In general, edge-devices provide the following functions: • Inbound voice and/or video signal capture • Media encoding (compression) to reduce the bit-rate of the outbound stream
422
TROUBLESHOOTING ISSUES • Packetization of the compressed voice or video signal • Transmission of the outbound packets • Reception of inbound packets • Packet buffering to remove the effects of jitter • Media decoding (decompression) • Playout of the decoded voice and/or video signal These functions are described in one of the following sections, along with aspects of the IP networks over which voice and video IP calls are carried. Packet Transmission Input Signal In a media client, the input signal is most likely to come from a microphone or camera. In a gateway, the input signal typically comes from another network, e.g., a cellular network or the PSTN. Media Encoding Edge-devices encode the input voice or video signal so that it can be transmitted more efficiently over the network. This process is often called compression because it reduces the bandwidth of the signal. The encoded signal will later require decoding, and encoders and decoders come in matched pairs known as codecs (COder - DECoder). There are a variety of media codecs available for use in voice and video over IP systems, all with their own advantages and disadvantages. However, it is important to understand that virtually all voice and video codecs introduce a degree of perceptible distortion and that multiple stages of encoding and decoding can introduce unexpectedly large amounts of distortion. This can be particularly true of lower bit-rate voice codecs such as G.729. In the case of a gateway, the input signal may already be encoded, for example using the G.711 voice codec, and further encoding may not be necessary; however, the signal may be transcoded to a different coding scheme if one of the networks has different bandwidth constraints from the other. Packetization After encoding, the media signal must be placed into packets for transmission over the IP network. This process is known as packetization. The duration of a voice signal that is put into each packet is a trade-off between bandwidth efficiency and transmission delay. Larger packets reduce the overhead of the IP/UDP/RTP and Ethernet headers, but increase the delay before the packet can be sent (the packetization delay). The packet length must be a multiple of the frame length of the voice codec; for example G.729 has a frame length of 10ms whereas G.723.1 has a frame length of 30ms. In practice, voice packets are typically 20 – 30ms in duration, although carrier voice grade networks typically use G.711 encoding with a 10ms packet duration. The components that make up the header of a typical voice packet are shown in the diagram below, illustrating that the IP header is much larger than the 10ms G.729 payload.
423
nGeniusONE 5.4.1 Online Help Topics
For a Gigabit Ethernet link, there is also the Ethernet header (176 bits), Ethernet checksum (32 bits) and Inter-frame gap (96 bits) to consider, which are not included in the above diagram. In the case of video signals, video frames often exceed the maximum transmission unit (MTU) size allowed for an IP packet, which is typically 1500 bytes, and hence the frames are split across multiple packets. This is particularly likely in higher bit-rate video systems. IP Network Considerations Bulk Delay and Jitter Once packetized, media packets must be transmitted over the IP network. In general, packets are sent at a regular interval equal to the frame duration. Ideally, all of the packets corresponding to a particular voice or video frame should arrive at the receiving edge-device after a short, constant delay. In practice, however, media packets are carried over multiple links before they arrive at the far edge-device and encounter a number of network elements, such as routers and switches, which delay their progress across the IP network. The exact delay experienced by a packet at a network element depends on the other traffic passing through the network. The overall transmission delay experienced by media packets may be considered to consist of two parts: the bulk delay and jitter. The bulk delay is the average time that a packet takes to travel from the sending edge-device to the receiving edge-device and can be used to calculate an expected arrival time for each media packet. Jitter is the difference between a packet’s expected arrival time and its actual arrival time. For example, imagine a voice over IP system sending packets every 20ms. The first three packets arrive at the receiving edge device 100, 95 and 105ms after they were sent respectively. The bulk delay is 100ms (the average of the three packet transmission) times and the jitter is +/-5ms (the variation in transmission time). Both bulk delay and jitter contribute to the overall delay of a voice or video over IP service. Minimizing this delay is important in conversational services where very long delays can make natural and effective conversation difficult. Packet Loss Packets loss generally occurs when a packet is discarded because it has arrived at a switch or router that has a full input buffer. The user datagram protocol (UDP) transmission protocol used in most conversational voice and video services does not retransmit lost packets because the delay incurred would be too long. Packets may also be discarded by an edge-device if they arrive too late to be played out. Managing IP Network Performance In order to achieve good voice and video quality, an IP network carrying media packets should exhibit the following characteristics: • Low packet loss
424
TROUBLESHOOTING ISSUES • Low jitter • Low bulk delay Two common strategies for achieving these objectives are to over-provision the network or employ some form of service-based delivery policy. The first of these strategies involves allowing the network to treat all packets as equal priority and ensuring that the network is designed to cope with the peak demand of all types of traffic. Such a network can be very expensive to deploy. The second strategy involves using a network architecture that treats some packets with higher priority than others. Such an approach is often referred to as "enabling QoS" (Quality of Service). A common QoS delivery architecture is DiffServ, or differentiated services, whereby packets are labeled according to the level of service they require and routers prioritize the delivery of packets from services requiring low delay. QoS can be common source of problems in voice and video over IP systems, for example if the QoS labeling is incorrectly configured or if a particular switch or router changes or removes the QoS packet markings. Packet Reception The following diagram shows the architecture of the receive side of a typical edge-device.
Jitter Buffer Edge-devices employ a jitter buffer to enable packets to be played out without interruption. The main purpose of the jitter buffer is to try to ensure that the next packet in sequence is available to be decoded immediately after the preceding packet has been decoded and played out. Jitter buffers are also used to re-order packets that arrive out of sequence. Jitter buffers inherently introduce delay into a media transmission and can be either fixedlength or adaptive. Fixed length jitter buffers essentially apply a fixed delay to the first packet received and thus introduce a fixed amount of additional delay. Adaptive jitter buffers minimize the amount of delay introduced by adapting their length to the prevailing network conditions. For example, the jitter buffer size is small when packets arrive with little jitter, but increases in the presence of greater jitter or out-of-sequence packets. If a packet arrives outside the window of the jitter buffer, it is discarded. While a long jitter buffer allows the edge-device to compensate for a large amount of jitter, it also increases the delay between the talker speaking a word and the listener hearing that word. Increased delay makes it more difficult to have a conversation, which is reflected in the CQ MOS voice metric. Unidirectional video systems can use very large jitter buffers because there is no conversation between the two ends of the link. Decoding and Packet Loss Concealment Once received, media packets are decoded by the decoder part of the codec. Packet loss concealment (PLC) algorithms are designed to minimize the noticeable effects of lost or discarded packets on the decoded media quality. Such algorithms may be an integrated part of the decoder or applied separately on the decoded signal.
425
nGeniusONE 5.4.1 Online Help Topics Finally, the decoded media signal is played out to the receiving party or sent on to another network, depending on whether the edge-device is a media client or gateway. Voice Coding The primary task of a voice codec is to reduce the amount of data transmitted between the encoder and decoder. Voice codecs can vary in a number of ways, including: • The voice quality under ideal transmission conditions • Operating bit-rate range • The delay introduced due to buffering and processing • Error resilience and error concealment capabilities • Processing and memory requirements • Licensing cost Another important factor when considering voice codec performance is the ability of the codec to handle a wide range of input signals. For example, some voice codecs provide good performance in the presence of a low-noise, high quality input signal, but their performance degrades considerably if the input signal is noisy or has been previously compressed by another voice codec. There are many codecs that are suitable for use in voice over IP systems. Most enterprise and carrier-grade systems use a codec that has been standardized by an international standardization organization such as the ITU-T, MPEG or 3GPP/3GGP2; however, there are also a number of voice over IP systems that use proprietary voice codecs. The following table lists the main characteristics of some common codecs.
426
Voice codec
Bit rate Frame (kbit/s) size
Audio Coding bandwidth technology
Linear PCM
128
0.125ms 4 kHz
PCM
G.711
64
0.125ms 4 kHz
Nonuniform PCM
G.726
32
0.125ms 4 kHz
ADPCM
AMR-NB
4-75 12.2
20ms
4 kHz
ACELP
G.729
8
10ms
4 kHz
ACELP
G.723.1
5.3/6.3
30ms
4 kHz
ACELP/MPMLQ
G.722
64
0.125 ms
8 kHz
ADPCM
G.722.1
24 - 32
20ms
8 kHz
MLT
G.722.2/AMR-WB
6.6 – 23.85
20ms
8 kHz
ACELP
TROUBLESHOOTING ISSUES Video Transmission Basics In common with a voice codec, the primary task of a video codec is to reduce the amount of data transmitted between the encoder and decoder. Video codecs can vary in a number of ways, including: • Frame types used (typically I, P and B frames) • The video quality under ideal transmission conditions as a function of bit-rate • Error resilience and error concealment capabilities • Processing requirements • Licensing cost • The following factors have a large impact on the quality of an encoded video: • Frame rate • Frame resolution • Bit rate The quality resulting from many codecs is also highly dependent on the degree of motion – some codecs are much better at coding high speed action scenes whereas others are more suited to talking-head applications. Some of the main factors relating to video coding are described in more detail in the following sections. Some of the most popular video codecs are then listed. Frame Rate Video clips are made up of many images, which, when played very quickly one after another, give the impression of continuous motion. Each of these images is referred to as a frame, and the term "frame rate" describes how frequently the picture is updated. Television signals broadcast in the USA and in Japan using NTSC have a frame rate of 29.97 frames per second. Broadcasts in Europe using PAL have 25 frames per second. These frame rates allow most motion to appear relatively uninterrupted. In order to save bandwidth, video conferencing systems may use a lower frame rate (such as 15 frames per second) and therefore when there is motion, the viewer may see significant changes from one frame to the next and the video may appear as a series of snapshots rather than looking smooth and continuous. Frame Resolution The frame resolution refers to the number of pixels in each image. The following table shows the resolution of a number of popular video formats. Format
Width x Height in pixels
HDTV 1080
1920 x 1080
HDTV 720
1280 x 720
NTSC
720 x 486 or 720 x 480
PAL
720 x 576
427
nGeniusONE 5.4.1 Online Help Topics
SIF
352 x 240 or 352 x 288
VGA
640 x 480
CIF
352 x 288 or 352 x 243
QVGA
320 x 240
QCIF
176 x 144
For the last two formats, the leading "Q" in their names indicates that the frame resolution is one quarter of the corresponding non-Q format. Many video players allow videos in one format to be shown on a display with a different format. If the display resolution is higher than that of the video signal, this can lead to pixilation whereby the viewer can see that the picture is made up of a number of squares, as demonstrated by these images: QCIF image
428
TROUBLESHOOTING ISSUES QCIF image expanded to sixteen times its original size
I, P and B Frames As many consecutive frames in a video stream are often very similar, codecs make use of this redundancy by not always transmitting frames independently. Coded video streams typically consist of the following different frame types: • Intra-coded frames (I frames) • Predictive-coded frames (P frames) • Bidirectionally-predictive-coded frames (B frames) I frames are coded as single frames and are not dependent on any other frames. P frames are coded with reference to past frames. B frames are coded with reference to past and/or future frames. Transmission errors affecting I frames are likely to have a greater effect on the video quality than those affecting P or B frames because I frames contain information on which the other types of frames are dependent.
429
nGeniusONE 5.4.1 Online Help Topics Degradations Seen in Videos A number of degradations can be observed in video sequences. These can be due to encoding or transmission problems. This section describes some commonly observed degradation. Blockiness Blockiness (also known as block distortion or blocking) is characterized by the appearance of an underlying block structure in the image. Blockiness generally appears when a high data compression ratio is used to transmit a video signal over a low bandwidth. It can be especially pronounced for signals with a high level of motion. Images containing blockiness are shown below. Original
Blocky
Blurriness Blurriness is also mainly caused when a high data compression ratio is used. Some video encoders intentionally blur contents prior to encoding, while some video decoders smooth the image during playback if transmission problems have been encountered. Images containing blurriness are shown below.
430
TROUBLESHOOTING ISSUES
Original
Blurry
Distortions Due to Transmission Errors The perceptual impact of transmission impairments such as packet loss or bit errors depends on a number of factors. The visual impact of the transmission error depends on the type of frame that is corrupted, i.e., I, P or B and the effectiveness of the error concealment, which in turn depends on the codec implementation. The video content also affects the extent of the degradation and how visible the degradation is. Below are snapshots taken from the same video sequence, i.e., same content encoded with same codec, same frame rate and bit rate. The first snapshot shows a video that did not suffer from transmission errors, only coding impairments (resulting in blockiness and blurriness). The second and third videos have both suffered from 1% packet loss, but with different burst characteristics. As can be seen, the same average level of packet loss can cause quite different types of visual degradations. The second snapshot shows the effect of transmission errors that hardly had any further impact on the video quality. On the other hand, the third snapshot shows transmission errors that have caused heavy image distortions. This example shows that similar levels of transmission error can result in different quality. This phenomenon is taken into account by the edge-device calibration used in UC Server software.
431
nGeniusONE 5.4.1 Online Help Topics
No packet loss
1% packet loss (pattern A)
1% packet loss (pattern B)
Jerkiness Jerkiness (or jerky motion) is motion perceived as a series of distinct "snapshots", rather than smooth and continuous motion. It is commonly observed in video-telephony or videoconferencing applications and other low-bit rate video systems. When transmitting video data over low-bandwidth networks, encoding bit rates must be lowered by reducing the amount of information to transmit. As a consequence, the frame rate of the delivered video may be reduced. Jerkiness is the result of skipping video frames to reduce the amount of video information that the system is required to transmit or process per unit of time. Lack of motion smoothness can be due to frames dropped by the encoder or decoder, and repeated frames. Video Codecs There are a number of codecs that have been standardized by organizations such as the International Telecommunications Union (ITU) and the ISO/IEC Moving Pictures Expert Group (MPEG), and there are also some video systems that use proprietary codecs. The following table lists a number of popular video codecs and provides some information about their applications and relative quality.
432
Codec
Information
ITU-T H.261
Primarily used in older video conferencing systems
ITU-T H.263
Primarily used in older video conferencing systems
ITU-T H.263+ and H.263++
Used in 3G mobile video communication
ITU-T H.264 / MPEG-4 Part 10 AVC
Primarily used in newer systems for various applications including video conferencing, HD video or mobile transmissions
MPEG-1 Video
Mainly used to digitize VHS
ITU-T H.262 / MPEG-2 Video
Digital television
TROUBLESHOOTING ISSUES
MPEG-4 Part 2 Visual
Used in 3G mobile video communication
VC-1
Based on Microsoft's WMV9
WMV
Microsoft's family of video codecs
RealVideo
A popular codec for web and mobile video streaming
Introduction to MOS A mean opinion score (MOS) is used to give a numerical indication of the perceived quality of a voice or video signal. All of the MOS values reported by UC Server software are reported on the following scale: MOS
Quality
5
Excellent
4
Good
3
Fair
2
Poor
1
Bad
Mean Opinion Scores can be divided into two categories: • Subjective MOS - these are derived from the opinions of people • Objective MOS - these are produced by mathematical models of human perception Both of these categories can be further divided into another two categories: • Listening / viewing quality • Conversational quality Subjective MOS A subjective listening / viewing quality MOS value is generated by averaging the opinions given by a number of people when they are asked to rate the quality of a number of degraded media clips produced by transmitting an undegraded media clip through a transmission system. There are many methods for running subjective tests. The most commonly used involve asking a directed question, such as "What was the quality of the voice signal?" and providing a limited set of possible responses for the user to choose from (e.g., Excellent, Good, Fair, Poor or Bad). In the case of voice experiments, such listening quality tests are called Absolute Category Rating Listening Quality (ACR-LQ) tests. The opinions of a given
433
nGeniusONE 5.4.1 Online Help Topics condition from the different people are then translated into a numeric value (Excellent = 5, Bad = 1) and averaged to generate a mean opinion score, or MOS. Subjective conversational quality MOS values are generated by asking a number of pairs of people to converse over a single communications medium. As with listening / viewing quality tests, there are many methods for running conversational quality tests. Again, the most commonly used involve asking a directed question, such as "What is your opinion of the connection you have just been using?" and providing a limited set of possible responses for the user to choose from. These produce results on the "Conversation opinion scale". The votes from the people at one end of the communications medium are translated into numeric values and averaged to produce a single Conversational MOS for that end of the connection. One important factor that affects people's subjective opinion when asked about quality is the context in which they are asked. For example, if a user normally converses over a narrowband telephone system, and is asked to rate the quality of a noise-free narrowband (300-3400Hz) signal that has been encoded and decoded using a good codec, without introducing any transmission errors, he or she is likely to rate it as either good or excellent. However, if the user normally uses a wideband (50-7000Hz) telephone system, and is asked to rate the quality of the same signal, his or her opinion is likely to be lower; perhaps only fair. For this reason, prior to conducting a subjective experiment, subjects are presented with a number of preliminary conditions that demonstrate the range of conditions that they will hear / view during the experiment. The results from these preliminary conditions are discarded for data analysis. The following table shows three different experiment scenarios and the context of the resulting MOS values in the case of a voice quality assessment experiment. Conditions
MOS context
Narrowband only
Narrowband (300-3400Hz)
Wideband only
Wideband (50-7000Hz)
Narrowband and wideband
Wideband (50-7000Hz)
Similarly for a video quality assessment experiment, participants are shown a few preliminary conditions with video clips at the same resolution as the ones used in the main part of the experiment and exhibiting the range of visual distortions that can be expected during the experiment. In addition to the time and cost required to run a subjective experiment, another problem with subjective experiments is that the absolute MOS values obtained for any given condition is influenced by a number of factors other than the condition itself. The effect of bandwidth context has already been described above, but there are many other factors that can influence absolute MOS values. These include the overall content of the experiment, i.e., does the experiment mainly include high-quality conditions or poorquality conditions, cultural differences between subjects, and the exposure of the subjects to different technologies in everyday life. This means that it is not generally possible to directly compare MOS values from different subjective experiments. The problems of time, cost and repeatability are addressed by objective models. 434
TROUBLESHOOTING ISSUES Objective MOS Objective models aim to accurately predict these subjective Mean Opinion Scores, and it is these models that are used within UC Server software. The models that are used to generate the Video IP MOS, Voice IP MOS and LQ MOS use mathematical models of human perception to predict the results of ACR-LQ tests. The model that is used to generate the CQ MOS predicts the results on the "Conversation opinion scale." Many of these models have context switches so that they can produce MOS values in the appropriate context. By default the MOS values shown match the context of the codec (e.g. narrowband for G.729 and wideband for G.722). However, where a wideband MOS has been generated for a narrowband codec the "WB" is appended to the MOS value. Decibels There are many variants of the decibel (dB), which can make it difficult to understand. In general, the decibel is a logarithmic unit that expresses the magnitude of one quantity relative to another quantity, typically a reference. This section describes the variants of decibel used in UC Server software. The formula used to represent a power measurement, Pm, relative to a reference power, Pr, in dB is: PdB = 10 log10(Pm / Pr) When expressing amplitude in dB it is normal to square the amplitude measurement first because the power of a signal is typically related to the square of its amplitude. Hence the level of a signal with measured amplitude Am relative to a reference level Ar is: PdB = 10 log10(Am2 / Ar2) or PdB = 20 log10(Am2 / Ar2) Voice and Noise Levels in dB In UC Server software, the digital overload point is used as the reference level, to which all other levels are related. This is a variant of the decibel known as dBov. The "ov" stands for overload. The digital overload point is the maximum absolute value a sample can take, so the loudest possible signal would have Am and Ar equal in the above formula, which would mean that the dBov value would equal 20 log(1), which is zero. Any quieter signal would have a lower, i.e., negative level. An algorithm inside UC Server software categorizes the samples of the signal as voice or noise and calculates the average level over the voice samples. This is reported as the voice level. Similarly, the average level over all the noise samples is reported as the noise level. The following diagram shows how the overload point, signal peak, voice level and noise level relate to the amplitude of the top half of the signal.
435
nGeniusONE 5.4.1 Online Help Topics
Traditionally -26dBov was regarded as the ideal voice level because it is almost guaranteed to avoid amplitude clipping of the voice signal. In many situations, however, higher levels have been found to provide better performance, particularly in cellular (mobile), and voice levels above -20dBov are now commonplace. When using decibels for level measurements, a 6dBov drop equates to the volume halving. You may be familiar with dBm0, which is defined relative to relative to 1mW in a 600Ω network instead of relative to the digital overload point. You can convert between the two using the formula: dBov = ( dBm0 – 6.15 ). Echo Loss and Signal to Noise Ratio in dB Echo Loss and Signal to Noise Ratio relate one signal with another, rather than with a fixed reference point (such as that used in dBov). In these cases, the original reference point is irrelevant and the result is therefore reported as a dB value. If the two levels have already been calculated in the form of decibel (i.e., a logarithmic unit), one level is simply subtracted from another to give the ratio. The Echo Loss is the ratio of the level of the echo to the level of the original voice that caused it, i.e., it indicates the loss of the echo path - the smaller the Echo loss figure, the louder the echo. If the original voice is at -20dBov and the echo is at -55dBov, the echo loss is -20dBov minus -55dBov, i.e., 35dB. The Signal to Noise Ratio (SNR) reported in UC Server software is the ratio of the Voice Level to the Noise Level. If the voice is at -25dBov and the noise is at -65dBov, the SNR is -25dBov - -65dBov, i.e., 40dB.
436
TROUBLESHOOTING ISSUES
Voice Quality Metrics Use the information in these topics to better understand the key metrics used to determine voice performance. • Voice IP MOS • Voice IP MOS Degradation • Listening Quality MOS • Conversation Quality MOS • Voice Level • Signal to Noise Ratio • Echo Loss • Delay • Packet Loss • Jitter • Out of Sequence Voice IP MOS Voice IP MOS (Mean Opinion Score) is a measure of voice quality and reflects distortions due to voice coding and IP transmission errors up to the monitoring point. The IP payload is not taken into account, but instead a well-conditioned voice signal is assumed when determining the impact of IP impairments on the listening quality perceived by the enduser. Codec, packet loss, jitter, edge-devices and payload size are considered when measuring Voice IP MOS. Troubleshooting Tips Possible reasons for low Voice IP MOS include • Multiple users with very high concurrent data consumption • High data network usage such as streaming audio or video • Mis-configuration of network elements reducing throughput and causing links to intermittently disconnect • Mis-configuration of routers causing voice packets to be de-prioritized and packet loss due to high volume of traffic • Route flapping, load sharing or diverse core routing • Low bandwidth connection at network extremities • Mis-configuration of port settings See the section on "IP Transmission Problems" for further information. More Information In order to use the Voice IP MOS, it is important that you understand some background information.
437
nGeniusONE 5.4.1 Online Help Topics If you are not already familiar with voice signals, audio bandwidth, sample rates, encoding, packetization, transmission, reception, jitter buffers, decoding and gateways and how these terms relate to voice over IP, review the sections on "Voice and Video Over IP Basics" and "Voice Coding". If you are not already familiar with Mean Opinion Score (MOS) terminology, the difference between subjective and Objective MOS values and the difference between listening-quality and conversational-quality MOS values, read the "Introduction to MOS". The Voice IP MOS takes the following factors into account: • Voice codec being used (e.g., on a "perfect network" a stream using the G.711 codec provides a higher quality than a stream using the G.729 codec) • Detailed packet loss characteristics • Detailed jitter (packet delay variation) characteristics • Characteristics of the edge-device and its behavior in the presence of IP impairments • Payload size (e.g., 20ms) However, the following factors are not taken into account: • The state of the voice payload (e.g., whether there is distortion, noise or echo present prior to encoding) • One-way or round-trip delay • Any IP impairments occurring after the monitoring point Voice payload and delay impairments can be taken into account by other measurements: • LQ MOS is a measure of the payload quality • CQ MOS is a measure of conversational impairments (e.g., echo, delay and levels) The software that generates the Voice IP MOS correlates distortions measured on a packet network, such as packet loss and jitter, with the subjective annoyance of that distortion. It does this by having been previously "calibrated" for the receiving edge-device (e.g., a particular VoIP phone, or gateway) by measuring the quality produced over a very large number of test calls. As the Voice IP MOS is purely concerned with one way listening quality and as it is generated by an objective algorithm, rather than people providing their subjective opinion, it is more completely described as a MOS-LQO. Factors that affect the Voice IP MOS are described below. Packet Loss Packet loss occurs when packets fail to reach their destination. Packet loss can be caused by oversaturated networks, faulty hardware and packet prioritization techniques. Many edge-devices use concealment techniques to conceal the effects of packet loss. The effect of packet loss on the Voice IP MOS depends on the edge-device and its configuration. In general, if packet loss concealment is in place, packet loss of less than 1% is barely audible. With good packet loss concealment and depending on the pattern of the lost packets, it can still be possible to understand what is being said over a network with more than 25% packet loss. However, in this situation, the voice is badly distorted and understanding may take considerable effort. Jitter Jitter is caused by variations in the delay experienced by packets passing through the network. If packets arrive too early or too late then they may be discarded by the jitter
438
TROUBLESHOOTING ISSUES buffer and considered to be lost by the codec. Many different types of jitter metric exist, but the values reported by UC Server software use packet-to-packet delay variation where a positive jitter value indicates the packet was later than expected, a negative jitter value indicates the packet was earlier than expected, and a value of zero is the ideal case of no delay variation between packets. The maximum and minimum jitter values are reported along with the mean absolute jitter. The effect of jitter on the Voice IP MOS is dependent on the edge-device and its configuration, in particular the behavior of the jitter buffer. Edge-devices As described previously, different edge-devices employ different codecs and different techniques for error concealment. The algorithm that is used to generate the Voice IP MOS measures the effects of network impairments in terms of the jitter and packet loss. In order to predict how this affects the voice quality the algorithm uses knowledge of how the receiving edge-device in the configuration in use will respond to the measured jitter and packet loss. Payload Sizes The payload size only affects Voice IP MOS when transmission problems occur. Although most modern edge-devices have sophisticated error concealment technology, it is always easier to conceal the loss of a shorter packet than the loss of a longer packet; however, it is not always desirable to use smaller packets because as the payload size decreases, the proportion of the overall packet size taken up by the packet header increases. Voice IP MOS Degradation Voice IP MOS, as described above, provides a measure of the voice quality taking account of voice coding and IP transmission errors. Because it takes the voice coding into account this can vary even when the IP transmission is perfect, due to different voice codecs being used (e.g. G.711 and G.729 provide different quality levels). In some cases it is useful to understand the impact of the IP network on quality and ignore the impact of the voice codec, and this is where the IP MOS degradation can be used. This metric shows the reduction in MOS due to only IP transmission errors and ignores the effect of the codec. Note that this is a MOS degradation, so a value of zero indicates that there are no problems and higher values indicate increasing degradations due to IP transmission problems. Listening Quality MOS The Listening Quality Mean Opinion Score (LQ MOS) reflects the quality of the voice signal. The following factors affect the LQ MOS: • Voice codec being used (e.g., on a "perfect network" a stream using the G.711 codec provides a higher quality than a stream using the G.729 codec) • Packet loss • Packet size (in the presence of packet loss) • Background noise in the voice signal However, the following factors do not influence the LQ MOS: • Jitter in the VoIP packets being assessed
439
nGeniusONE 5.4.1 Online Help Topics • Receive edge-device (e.g., IP phone, VoIP gateway or video streaming client on a PC) • One-way or round-trip delay Jitter, edge-device and delay can be taken into account by other measurements: • Speech IP MOS takes into account jitter and the receive edge-device • CQ MOS is a measure of conversational impairments (e.g., echo, delay and levels) Troubleshooting Tips As described above, many factors can cause low LQ MOS, many of which are beyond the control of the administrator of the VoIP network. It is therefore important to understand how frequently problems occur before starting to investigate low LQ MOS. If the problem is persistent and regular, follow the steps in the following flow chart.
More Information Voice codecs are one of the fundamental components of telephony networks. If you are not already familiar with the various codecs in use and the difference between narrowband and wideband codecs, read the section on "Voice Coding". If you are not already familiar with mean opinion score (MOS) terminology, the difference between subjective and Objective MOS values, and the difference between listening-quality and conversational-quality MOS values, read the "Introduction to MOS". There are a number of factors that contribute to the perceived listening quality of the voice signal. The following sections describe some of the most important ones. Coding Distortion
440
TROUBLESHOOTING ISSUES Nearly all sub-16kbit/s voice codecs show some degree of signal dependency in their performance. Hence the analysis of a large number of calls from a number of different talkers is particularly important when assessing the performance of systems including such codecs. Other factors that can affect the transmission quality of a voice codec include the input level of the voice signal and the input level and characteristics of the acoustic background noise. Indeed, many codecs perform much better for clean voice (voice with a very low noise floor) than signals with more realistic levels of noise. Signals from handsets in wireless systems are particularly prone to high levels of background noise because wireless calls are often made from noisy locations such as in vehicles or public places. Another important consideration is the effect of multiple concatenated coding stages, which can be highly non-linear, such that two or more stages often produce significantly more perceptible distortion than a single coding stage. A common example of this situation is a call between two cellular phone users. If a call is within a single VoIP system, there should be only one coding stage. Transmission Errors VoIP systems may discard whole packets of voice information due to buffer overflow or routing problems while bit errors are almost inevitable in second and third generation digital wireless systems. Although measures can be taken to mitigate the effects of transmission errors, for example the use of packet loss concealment techniques in VoIP systems, all but the very lowest packet loss or error rates result in some degree of audible degradation. Noise Level and SNR We have already noted that the presence of noise reduces the performance of voice compression algorithms. However, high levels of acoustic background noise in the signal, producing a low acoustic signal-to-noise ratio (SNR), also result in a more direct reduction of perceived quality because the noise interferes with the voice signal, making it less intelligible. Conversation Quality MOS The Conversation Quality Mean Opinion Score (CQ MOS) reflects the quality of each party involved in a two-way conversation. The following factors are taken into account from each side of the conversation: • Echo loss • Delay • Voice level • Noise level The following factors are not taken into account: • Distortion of the voice payload due to coding and packets discarded due to IP transmission errors • Factors in the voice signal that reduce the perceived quality, e.g., poor quality microphones, muting, coding distortion These impairments can be taken into account by other measurements:
441
nGeniusONE 5.4.1 Online Help Topics • Voice IP MOS reflects distortions due to codecs and transmission errors within the VoIP network • LQ MOS reflects distortions to the voice signal both prior to and since entering the VoIP network and the quality of the original signal Troubleshooting Tips It is expected that some variation in CQ MOS is always seen because people often make calls from environments that are not conducive to good conversational quality. Therefore, before taking action to try to identify a potential conversational quality problem, it is important to understand whether or not it is a systematic problem. Click on the Stream details tab for the stream and see if any of the following parameters are marked as red or amber: • CQ echo delay • CQ echo loss • LQ low voice level • LQ high voice level • SNR If none of these parameters are flagged as problematic, it is likely that two or more of them are close to the amber thresholds. Check their values and compare with the thresholds to find the parameters that are combining to cause the conversational problem. Note that you should also look at the Payload quality section of the Stream details tab, which shows you the parameter values for the return leg of the stream in case a problem is being reported for the reverse link. When you have identified the cause of the low CQ MOS, use the main Troubleshoot view to see if this is a systematic problem. More Information In order to use the CQ MOS, it is important that you understand some background information. If you are not already familiar with Mean Opinion Score (MOS) terminology, the difference between subjective and Objective MOS values and the difference between listening-quality and conversational-quality MOS values, read the"Introduction to MOS". As mentioned in the introduction, when calculating the CQ MOS, the following factors are taken into account from each side of the conversation: • Echo Loss • Delay • Voice Level • Noise Level On their own, these measurements do not have a simple relationship with a user’s perception of quality; however, when combined the resultant CQ MOS provides a good prediction of perceived conversational quality. The CQ MOS provides a single figure that relates directly to the perceived quality and can help to identify more subtle problems in the underlying factors. For example, the figure
442
TROUBLESHOOTING ISSUES below shows acceptable calls with a tick and unacceptable calls with a cross as a function of echo and delay.
It can be seen that setting simple thresholds on echo and delay can result in a significant proportion of calls being misclassified. For example, a call with very low echo might be of acceptable clarity even if the delay is above the delay threshold; similarly, a call with echo and delay just below the respective thresholds might still be unacceptable. In reality these interactions are more complex, and the CQ MOS takes into account the interaction between the echo, delay, voice level and noise level from both directions to estimate the conversational quality experienced by each party. By setting a threshold on the CQ MOS, those calls with poor conversational quality can be identified, and then the underlying metrics analyzed to determine main problem. The following guidelines can be useful in diagnosing low CQ MOS values: • Echo Loss – a low echo loss figure at one end of a link causes low conversational quality for the party at the other end of the link • Delay – the CQ MOS for both parties decreases as the total delay of the link increases • Voice Level – a high or low voice level from one end causes a low conversational quality for the other party • Noise Level – a high noise level from one end results in a low conversational quality for both parties Voice Level Extreme voice levels result in a reduction in perceived quality, and very high levels also result in amplitude clipping of the signal, resulting in harmonic distortion and other undesirable effects. The voice level heard by a user can be determined by a combination of: • The level at which the person talking speaks • The sensitivity of the microphone in the send terminal • Any level adjustments made within the network by pads or automatic gain control (AGC) systems
443
nGeniusONE 5.4.1 Online Help Topics • How the terminal device presents the signal to the listener's ear UC Server software takes the first two of these factors into account and any level adjustments made before the measurement point. The LQ Voice Level is calculated by the algorithm that calculates the listening LQ MOS metrics, hence the "LQ" designation. The LQ Voice Level is measured in dBov and is therefore always a negative number; the more negative the value, the quieter the voice will be. See the section on "Decibels" for further details. Voice levels that are consistently outside the range -10dBov to -30dBov are a cause for concern. Troubleshooting Tips It is expected that variations exist in the voice level between streams. However, if there are a significant number of calls outside of the optimal range, use the following tips. Gateways and IP peering points are described in the "Introduction to Voice and Video over IP" section. Voice level too high (> -15dBov)? • Check the gain settings at the gateway or IP peering point. These may be too low. Are all the streams too loud, or only those from the external network or peering network? • There may be high voice levels on the external network or peering network. Voice level too low (< -35dBov)? • Check the gain settings at the gateway or peering point. These may be too high. Are all the streams too quiet, or only those from the external network or peering network? • There may be low voice levels on the external network or peering network. More Information In order to use the LQ Voice Level measurement, it is important that you understand the use of decibels (dB) for measuring levels in audio signals. If you are not familiar with this topic, review the section on "Decibels". Components of telephone networks are designed to operate best when the voice is at a particular level. This level is often around -26dBov. Input voice significantly louder or quieter may result in poorer performance of elements such as "Voice Coding". Moreover, higher levels can result in the signal becoming amplitude clipped, while very quiet levels lead to loss of resolution in the signal. Both of these effects can be heard as audible distortions. The following graphs show a voice sample with two sentences at difference levels. Signal with voice level of -26dBov
444
TROUBLESHOOTING ISSUES
Signal with voice level of -16dBov
Signal with voice level of -5dBov
The signal shown in the second graph has been amplified to the point where amplitude clipping is just about audible - some of the sample values have reached the point at which they can no longer be amplified in the same proportion as the other samples. In the third graph, many of the samples have saturated and the effect of the amplitude clipping is clearly audible.
445
nGeniusONE 5.4.1 Online Help Topics Signal to Noise Ratio The SNR is the Signal to Noise Ratio. In this context, the signal is the incoming voice. The signal to noise ratio shows how much louder the voice is than the noise present in the signal. Poor SNR makes it more difficult to understand what is being said, as more effort is required to distinguish the voice from the noise. The SNR is calculated by the algorithm that calculates the listening quality mean opinion score (LQ MOS). The SNR is measured in decibels (dB), and is normally a positive number. See the section on "Decibels" for further details. The larger the SNR value, the better the signal quality. In general, SNRs exceeding 40dB are very good, and values between 30 and 40dB are more typical for calls made in office environments using good quality telephones. As the SNR reduces below 30dB, it becomes more and more difficult for the listener to understand what is being said by the other party. Troubleshooting Tips It is expected that variation exists in the SNR between streams. However, if there are a significant number of calls outside of the optimal range, use the following tips. Gateways and IP peering points are described in the "Introduction to Voice and Video over IP" section. Low SNR is expected when calls are made using cellular handsets in noisy environments. The following checks should be made across many streams and action taken if persistent problems are identified. Is the Voice level < -35 dBov? • Check the gain settings at the voice gateway or peering point. These may be too high. Are all the streams too quiet, or only those from the peering network? • There may be low voice levels on the external network or peering network. Is the noise level > -55 dBov? • There may be a circuit noise problem in gateway line cards. • Calls may come from an area with high background noise - calls from cellular networks are particularly likely to be affected. More Information In order to use the LQ SNR measurement it is important that you understand the use of decibels (dB) for measuring levels in audio signals. If you are not familiar with this topic, review the section on "Decibels". It is also necessary to have some understanding of "Voice Coding". There are many sources of noise in telephone networks. The most common that are likely to affect the measured SNR are: • Acoustic background noise • Circuit noise
446
TROUBLESHOOTING ISSUES There are also many parts of telephone networks that can influence the voice level (see the section on "Voice Level"). The combination of these and the sources of noise produce the SNR. The following sections describe the different types of noise in more detail. Acoustic Background Noise This term is used to describe the environmental noise that the microphone picks up along with the voice signal. It is inevitable that some background noise is present in all calls, because very quiet environments are rare, and this is the most likely source of poor SNR. The levels of background noise that are captured by the microphone depends on the levels of noise in the environment and the design of the terminal. Cellular handsets are more likely to capture voice with a lower SNR than their traditional telephone equivalents because the microphone is further away from the mouth and therefore picks up less of the voice signal than a microphone positioned directly in front of the mouth. In addition to this, calls made with cellular handsets are more likely to be made in noisy environments (e.g., on streets, in vehicles, at stations, in airports) than those made with traditional, or desktop handsets, which are typically situated in offices. Microphones used with soft-clients that are integrated into web cameras and laptops often produce a poor SNR because they are positioned some distance from the talker and can easily pick up noise from computer fans, disk drives, etc. Circuit Noise In analogue telephony systems circuit noise was a common problem. It was caused by interference between adjacent wires and other electrical components. Now that most analogue links are restricted to the copper access network in the PSTN, this is less of a problem. However, the problem of circuit noise has resurfaced in recent years as the copper access network is also used to carry broadband internet signals. Circuit noise can also be a problem for soft-clients that use external microphones or microphones integrated into a laptop because such microphones can be prone to pickingup electrical interference from the host computer and other nearby electrical equipment. Echo Loss Echo is experienced when one party in a conversation hears their own voice return after a delay of around 40 milliseconds (ms) or more. The louder and more delayed the echo becomes, the more disturbing it will be. Echo Loss is a measurement of how loud the echo is compared with the original signal. A smaller value indicates a louder echo. The echo loss value reported is derived from the echo that would have been heard at the destination. In general, where there is an echo problem, the echo is most likely to have been reflected at the source end of the network. The Echo loss figure that UC Server software associates with a stream is the Echo loss at the source location of the stream. At first sight, this may seem counterintuitive; but it is the source location that generates any echo heard at the stream’s destination. Echo loss is reported in "Decibels" (dB). An Echo loss figure lower than 40dB combined with a delay of more than 40ms is likely to be disturbing to the user. Troubleshooting Tips Situations where echo is not controlled properly, and is therefore audible, are becoming increasingly common due to the widespread use of cellular phones and voice over IP,
447
nGeniusONE 5.4.1 Online Help Topics which can introduce long delays, non-linear echo paths and acoustic echo. Reasons for echo being audible include: • Echo cancellers being incorrectly configured, e.g., insufficient tail-length • Echo cancellers been under-provisioned • Unanticipated sources of the echo such as acoustic echo from a handset with a poor TCLw figure These possibilities should be investigated when low Echo Loss is a persistent problem. The two most common sources of echo in a telephony system are electrical reflections and acoustical coupling. The main source of electrical reflections are the hybrid circuits in traditional telephony systems that are used to interconnect the two-wire transmission system used between the local exchange and the customer premises with the four-wire transmission system used in the core network and telephone handsets. Acoustical coupling occurs in the remote party's telephone equipment when sound leaks from the earpiece or speaker into the microphone. Types of equipment that are likely to return high levels of acoustic echo include: • Cellular phones • Speaker-phones • Voice conferencing equipment • PC telephony without a headset In cellular phones, the microphone is often much closer to the speaker than in traditional telephones. The shorter distance means that more sound from the speaker leaks into the microphone. In the other three types of equipment, the volume played out by the speakers is generally considerably louder than that which would be played out by either a handset or a headset and the microphone is generally further away from the talker(s), so must be more sensitive than in a telephone handset. Each of these two factors result in more echo being returned. In all four of these types of equipment echo-cancelling software should generally used, but this may not be present or fully effective. More Information In order to use the Echo loss measurement, it is important that you understand the use of decibels (dB) for measuring levels in audio signals. If you are not familiar with this topic, review the section on "Decibels". Traditional telephones are designed with a short delay echo path in the handset which returns the speaker's voice into his or her ear after just a few milliseconds. This signal, known as sidetone, reassures the user that the telephone is working and can help control the level of the user's voice. Echo is experienced when one party in a conversation hears his or her own voice return after a delay of around 40 milliseconds (ms) or more. The louder and more delayed the echo becomes, the more disturbing it will be. Echo is usually analyzed using the concept of an echo path, which describes the route taken by a talker's outbound voice to the point where it passes into the return path and is heard as echo. The echo path can be characterized in terms of its delay and echo loss. The delay is the time taken for a talker's voice to transit the echo path. The echo loss is essentially the ratio of the level of the inbound echo with the level of the outbound voice that caused it - the smaller the figure, the louder the echo. These measurements are illustrated in the following diagram.
448
TROUBLESHOOTING ISSUES
Echo generally becomes a problem when the Echo loss of the echo path is 45 decibels (dB) or less and the path delay exceeds about 40 milliseconds (ms). When the delay is less than 40ms people cannot generally distinguish echo from their own voice. Many telephone calls are made over relatively short distances with a round-trip delay of 40ms or less, thus rendering any echo inaudible. However, for trans-continental connections, international connections and systems employing significant processing, such as cellular (mobile) and VoIP networks, the signal propagation delay can result in very much longer round-trip delays. The most common source of echo in the public switched telephone network (PSTN) is electrical echo from hybrid circuits in local telephone exchanges. These hybrid circuits are used to convert between the 4-wire transmission system used in the core of the telephone network and the 2-wire transmission system used between the local exchange and the customer premises. Hybrid circuits typically result in Echo Loss figures in the order of 20dB. This combination of long delay and low echo return loss means that echo control equipment is installed in almost all international and long-haul switching centers and cellular networks. If such equipment were not installed, these routes would suffer from audible echo. Echo cancellers should be placed as close to the echo source as possible, as it is easiest to cancel echo before the echo is distorted by encoding or transmission errors. Cellular telephone networks typically introduce a round-trip delay of 200ms and voice over IP systems can introduce delays of 40ms upwards. This means that echo cancellers should now be deployed at the interfaces between such systems and the PSTN by default. Such cancellers are configured to cancel any network echo from the local part of the PSTN, for example with a delay of less than 128ms. And it is assumed that, if a call is routed to a more distant location, cancellers are deployed at the far end. It is recommended that echo cancellers are used wherever the round-trip delay will exceed 50ms, however, it may be beneficial to use echo cancellers even when the round-trip delay is between 40 and 50ms, as customers appear to begin to notice and complain about echo when the delay is 40ms. Acoustic echo is the result of sound leaking from the handset speaker into its microphone. A commonly used measure of this leakage is terminal coupling loss (TCL), which is often calculated using a frequency weighting (TCLw). The TCLw exhibited by a plain old
449
nGeniusONE 5.4.1 Online Help Topics telephony system (POTS) handset tends to be fairly good, and typically exceeds 45dB. The same should be true of IP phones that are designed to look and feel like a POTS phone. However, cellular handsets tend to have much poorer TCLw figures because they are substantially smaller, and hence the speaker and microphone are closer together, and the designers have many more factors to balance against acoustic considerations. Hands-free telephony causes particular problems because sound from the speaker almost inevitably leaks into the microphone. An increasing number of cellular and hands-free terminals therefore have some form of acoustic echo control built-in, but there are still many handsets that do not. One of the problems associated with acoustic echo is that the echo path may be rapidly varying due to changes in the primary sources of reflection. In the case of a handset, this is due to interactions with the head. In the case of a hands-free system, this may be due to movement of people and objects in the vicinity of the terminal. Echo control equipment should also be present in VoIP and loudspeaker-based conferencing systems. It is recommended that the echo loss should exceed 40dB for any call with a round-trip delay exceeding 40ms. Delay Large delays in a conversational interaction can lead to both parties talking at the same time, resulting in a more difficult conversation. In addition, the greater the delay, the more impact any echo that is present has on the quality of a conversation. In addition, the UC Server software produces two types of delay estimate: Echo Delay and IP delay. These are both reported as "round-trip delays", which means the time taken for a signal or packet to travel from a reference point to edge-devices and back again. IP Delay The IP delay value is calculated from information in RTCP packets that are exchanged between the two edge-devices, and is an estimate of time taken for a packet to travel from one edge-device to the other and back again. This is a useful diagnostic value because it isolates the contribution of the IP network from the overall delay. However, it must be noted that this delay does not include the various sources of delay introduced by the edgedevices and does not include the delay of the external network if one of the edge-device is a gateway. Also note that not all VoIP systems generate RTCP packets. Echo Delay UC Server software primarily provides results for a single stream. However, in order to measure conversational metrics such as echo and delay, IP engines monitor the packet stream in both directions. IP engines generally monitor at a mid-network point, i.e., somewhere between the source and destination of the stream. The Echo Delay associated with a particular stream refers to the delay of the echo path from the monitoring point to the source location and back to the monitoring point again. At first sight, this may seem counterintuitive; but it is the source location that generates echo heard at the stream’s destination. Most people are now familiar with connections with a 400ms round-trip delay due to making calls between cellular phones; however, round-trip delays greatly in excess of 400ms start to cause conversational difficulties. Voice over IP systems virtually always introduce a round-trip delay of more than 40ms and therefore exposes any echo that may be present. Troubleshooting Tips 450
TROUBLESHOOTING ISSUES The network map pane in the Single Call view of the user interface enables you to see payload measurements from both directions of a call. If Echo delay values are reported in both directions, these can be added together to produce the round-trip delay from one terminal, to the far end of the network and back to the original terminal. This is the total time for the tasks shown in the following table to be completed for a call between a person at end A and another at end B. When investigating a call with high delay it is first important to understand if the call is within the VoIP network, or if it goes via a Gateway or peering point to an external network. If it goes via a Gateway, then in the extreme case it may be connecting to a mobile handset and the signal could be traveling via a satellite link. This would add many hundreds of milliseconds to the delay and while this delay has a significant effect on the conversational quality, it may be preferable to have a connection than not. Therefore, when considering calls with long delay, it is important to understand whether many calls are affected, or just a few before undertaking any troubleshooting. Calls Traveling via External Network Cellular (mobile) networks typically add 200ms to the round-trip delay. International networks can introduce delays of many hundreds of milliseconds. There may be little you can do to reduce this. Calls Remaining within the VoIP Network As described below, every element of the VoIP system introduces delay. Many of these elements are configurable and changing the configuration options may change the amount of delay that they introduce. One element that can be responsible for significant amounts of delay is the jitter buffer. Fixed length jitter buffers with long delays are one possible source of large amounts of delay. Adaptive jitter buffers that are experiencing large amounts of jitter can also introduce long delays. Check the jitter buffer configuration of the VoIP device in question as well as RTCP round-trip delay statistics (a.k.a. IP Delay) in the UC Server Streams View (if available) to see if this could be the case. More Information If you are not already familiar with input voice signals, encoding, packetization, transmission, reception, jitter buffers and decoding and how these terms relate to voice over IP, review the section on "Introduction to Voice and Video over IP". You should also read the information about "Echo Loss". The following table shows some of the sources of delay in a call made from a notional end A to a notional end B.
Location
Task
Send side of phone at end A
Capture voice signal Encode and packetize encoded signal
IP Network
Transport packets from end A to end B or gateway (equal to the round-trip RTCP delay divided by two)
Receive side of phone at end B or Receive packets and remove jitter gateway Decode packets and conceal any transmission errors
451
nGeniusONE 5.4.1 Online Help Topics
External network (if present)
The one-way delay of the external network from end A to end B
Hybrid between 4-wire and 2wire circuit / Acoustic coupling at end B
Reflect signal at the far end (generate echo)
External network (if present)
The one-way delay of the external network from end B to end A
Send side of phone at end B or gateway
Capture voice signal
IP Network
Transport packets from end B or gateway to end A (equal to the round-trip RTCP delay divided by two)
Receive side of phone at end A
Receive packets and remove jitter
Encode and packetize encoded signal
Decode packets and conceal any transmission errors Halving this time gives a good approximation of the one-way delay, i.e., the time it takes from the speaker saying a word for the receiver to hear that word. Typical one-way delays for some of these sources are shown in the following table.
Delay source
Typical total one-way delay introduced
Encoding, packetization, decoding G.711, 10ms packets
10ms
G.711, 30ms packets
30ms
G.729, 10ms packets
25ms
G.729, 30ms packets
45ms
G.723.1, 30ms packets
67.5ms
Transmission cable
5μs/km
satellite @ 400km altitude
12ms
satellite @ 36,000km altitude
260ms
Echo canceller
0.5ms - 2ms
Encoding, transmission via cellular network, decoding and error concealment
100ms
The following sources of delay are not included in the above table: • Jitter buffers - these should be designed to account for the maximum delay variation that packets are likely to encounter and can add a commensurate amount of delay • Network elements - every router, switch and repeater adds delay - the amount of delay depends on the design of the element and the network loading
452
TROUBLESHOOTING ISSUES Note that the one-way delay may be different in each direction of transmission, particularly in VoIP networks. Packet Loss Packet loss occurs when packets fail to reach their destination. Packet loss can be caused by oversaturated networks, faulty hardware and packet prioritization techniques. Many edge-devices use concealment techniques to conceal the effects of packet loss. The effect of packet loss on the Voice IP MOS depends on the edge-device and its configuration. In general, if packet loss concealment is in place, packet loss of less than 1% is barely audible.With good packet loss concealment and depending on the pattern of the lost packets, it can still be possible to understand what is being said over a network with more than 25% packet loss. However, in this situation, the voice is badly distorted and understanding may take considerable effort. Jitter Jitter is caused by variations in the delay experienced by packets passing through the network. If packets arrive too early or too late then they may be discarded by the jitter buffer and considered to be lost by the codec. Many different types of jitter metrics exist, but the values reported by UC Server software use packet-to-packet delay variation where a positive jitter value indicates the packet was later than expected, a negative jitter value indicates the packet was earlier than expected, and a value of zero indicates the ideal case of no delay variation between packets. The maximum and minimum jitter values are reported along with the mean absolute jitter. The effect of jitter on the Voice IP MOS is dependent on the edge-device and its configuration, in particular the behavior of the jitter buffer. Out of Sequence Out of Sequence indicates the volume of streams where out of sequence packets were detected. This is calculated in the same way as active streams. Possible reasons for out of sequence packets include: • Route flapping, load sharing or diverse core routing. • Endpoints which send RTP streams with incorrect sequence numbers.
453
nGeniusONE 5.4.1 Online Help Topics
Video Metrics These topics provide a brief overview of the video MOS, video degradation and troubleshooting suggestions when degradation is suspected. • Video IP MOS • Video IP MOS Degradation • Video Degradation • Packet Loss • Jitter • Out of Sequence Video IP MOS The Video MOS (Mean Opinion Score) reflects the quality of the video at the monitoring point and reflects distortions due to voice coding and IP transmission errors up to the monitoring point. The IP payload is not taken into account, but instead a well-conditioned video signal is assumed when determining the impact of IP impairments on the viewing quality perceived by the end-user. The following factors are taken into account: • Codec being used • Detailed packet loss characteristics • Detailed jitter (packet delay variation) characteristics • Characteristics of the edge-device and its behavior in the presence of IP impairments • Bit-rate • Frame-rate When a video application reduces the bit-rate or frame-rate of the video codec, it is increasing the amount of compression being applied to the video signal. Higher compression generally means lower video quality at the receiver. The Video IP MOS value metric is the Video MOS prediction with the effects of compression removed, i.e., it is a prediction of what the video quality would be if the video application were applying minimum compression. Video IP MOS is therefore a useful means of separating the effect of IP impairments from the behavior of the video application. Video IP MOS Degradation Video IP MOS, as described above, provides a measure of the video quality taking account of video coding and IP transmission errors. Because it takes the video coding into account this can vary even when the IP transmission is perfect, due to different video codecs being used (e.g. H.264 and H.264 provide different quality levels). In some cases it is useful to understand the impact of the IP network on quality and ignore the impact of the video codec, and this is where the IP MOS degradation can be used. This metric shows the reduction in MOS due to only IP transmission errors and ignores the effect of the codec. Note that this is a MOS degradation, so a value of zero indicates that there are no
454
TROUBLESHOOTING ISSUES problems and higher values indicate increasing degradations due to IP transmission problems. Video Degradation Often video degradation can be useful to separate the effects of video compression (e.g., lower bit-rate or frame-rate) from the effects of IP network performance. The video degradation metric provides an indication of the MOS degradation that is due to compression alone (without the effect of the IP network). Note that this is a MOS degradation, so a value of zero indicates that there are no problems and higher values indicate increasing degradations due to compression. The following table provides a summary of the three video MOS-based values. Whether factor is taken into account Factor
Video IP MOS
Video IP Video MOS degradation Degradation
Characteristics of the edge-device and its behavior in the presence of IP impairments
Yes
Yes
Yes
Codec being used
Yes
Yes1
Yes
Bit-rate
Yes
Frame-rate
Yes
Detailed packet loss characteristics
Yes
Yes
Detailed jitter (packet delay variation) characteristics
Yes
Yes
1
The absolute maximum quality of the codec is not taken into account, but the reaction of the codec to packet loss and jitter is accounted for, for different codecs.
Troubleshooting Tips When troubleshooting a low Video MOS, it is recommended that the Video IP MOS investigated first. Possible reasons for low Video IP MOS include: • Multiple users with very high concurrent data consumption • High data network usage such as streaming audio or video • Mis-configuration of network elements reducing throughput and causing links to intermittently disconnect • Mis-configuration of routers causing voice packets to be de-prioritized and packet loss due to high volume of traffic • Route flapping, load sharing or diverse core routing • Low bandwidth connection at network extremities • Mis-configuration of port settings 455
nGeniusONE 5.4.1 Online Help Topics Further information on troubleshooting "IP Transmission Problems" can be found below. If the Video IP MOS is acceptable, i.e., there are no problems with the IP network, but the Video MOS is still low, then the problem is the amount of compression being introduced by the video application. This is generally the result of a low video bit rate, which can occur in the following situations: • Presentation streams - when sending a presentation stream at the same time as the main video, devices allocate a limited bandwidth for this stream and lower the bit rate • Network capacity - endpoints try to adjust the video bit rate depending on the network capacity • Network impairments - depending on the network impairments (jitter, packet loss), the video application may choose to lower the bit rate • No video source - when no video source is connected, devices may choose to send blank video frames at a very low bit rate • Video content - videos with very low complexity and low motion may use a lower bit rate • Mis-configured settings in the video application More Information In order to use the Video MOS Video IP MOS and Video degradation, it is important that you understand some background information. If you are not already familiar with input video signals, frame rates, frame resolutions, encoding, bit rates, packetization, transmission, reception, jitter buffers and decoding and how these terms relate to video calls, review the section on "Introduction to Voice and Video over IP". If you are not already familiar with Mean Opinion Score (MOS) terminology, the difference between subjective and Objective MOS values, review the "Introduction to MOS". The software that generates the Video MOS and Video IP MOS correlates distortions measured on a packet network, such as packet loss and jitter, with the subjective annoyance of that distortion. It does this by having been previously "calibrated" for the receiving edge-device (e.g., a Video conferencing terminal, or soft-client on a PC) by measuring the quality over a very large number of test calls. The performance of video systems can be dependent on the nature of the content, e.g., a low frame rate may result in poorer viewing quality for sports footage than for a news program. The Video MOS, Video IP MOS and Video degradation represent the MOS that would be obtained by averaging the effects of the observed IP impairments over a range of common content classes, including videoconferencing, sports footage and a mixture of film and television material. Factors that influence the viewing quality and that affect the Video MOS and Video IP MOS are described below. Video Resolution The resolution of a video sequence has a very strong impact on the perceived quality, e.g., the perceived quality of a 720x480 digital television picture is much greater than that of a 176x144 QCIF picture. If the effect of picture resolution were to be included in the MOS score prediction, it could easily mask more subtle effects such as the impact of IP packet loss; hence the Video MOS and Video IP MOS values are normalized so that they take the
456
TROUBLESHOOTING ISSUES picture resolution into account; e.g., a very high quality QCIF picture would receive a similar score to a very high quality television picture. Edge-Device and Codec Different edge-devices employ different codec implementations and techniques for error concealment. The algorithm that is used to generate the Video MOS and Video IP MOS measures the effects of network impairments in terms of the jitter and packet loss. In order to predict how this affects the video quality the algorithm uses knowledge of how the receiving edge-device in the configuration in use will respond to the measured jitter and packet loss. Most standard codecs, e.g. H.263 or H.264, do not guarantee a specific level of quality across different codec manufacturers. Only the bit stream syntax and the decoder are standardized to ensure interoperability. This enables codec manufacturers to use proprietary encoding techniques and know-how to produce a compliant bit stream. Quality can therefore vary across codec manufacturers even if the codec is specified by an international standard. Video coding standards also include a lot of optional modes of operation that typically improve picture quality at the cost of other factors, such as increased computation or delay. The choice of when to use such optional modes is often left to manufacturers. Packet Loss Packet loss can be caused by oversaturated networks, faulty hardware and packet prioritization techniques. Most edge-devices use concealment techniques to conceal the effects of packet loss, but the exact effect of packet loss on the Video IP MOS depends on the edge-device and its configuration. In some cases 1% packet loss results in bad viewing quality, while in other cases 5-10% packet loss can still result in fair video quality. Jitter Jitter is caused by variations in the delay experienced by packets passing through the network. If packets arrive too early or too late then they may be discarded by the jitter buffer and considered as lost by the codec. Many different types of jitter metric exist, but the values reported by UC Server software use packet-to-packet delay variation where a positive jitter value indicates the packet was later than expected, a negative jitter value indicates the packet was earlier than expected and a value of zero is the ideal case of no delay variation between packets. The maximum and minimum jitter values are reported along with the mean absolute jitter. The effect of jitter on the video quality is dependent on the edge-device and its configuration, in particular the behavior of the jitter buffer. Bit Rate and Frame Rate Many systems allow the user to specify the desired bit rate and then attempt to adapt the frame rate and frame resolution accordingly to achieve the best possible quality, trading off bits-per-frame against frame rate and frame resolution. The effects of bit-rate and frame-rate are excluded from the Video IP MOS metric so that IP problems can be more easily identified. The impact of purely bit-rate and frame-rate on the quality is shown by the Video degradation metric. Audio The Video MOS and Video IP MOS reported are designed to be independent of the audio quality. Checking the value of the Voice IP MOS, LQ MOS and CQ MOS (where available) allow you to assess the quality of the associated voice.
457
nGeniusONE 5.4.1 Online Help Topics Packet Loss Packet loss can be caused by oversaturated networks, faulty hardware and packet prioritization techniques. Most edge-devices use concealment techniques to conceal the effects of packet loss, but the exact effect of packet loss on the Video IP MOS depends on the edge-device and its configuration. In some cases 1% packet loss results in bad viewing quality, while in other cases 5-10% packet loss can still result in fair video quality. Jitter Jitter is caused by variations in the delay experienced by packets passing through the network. If packets arrive too early or too late then they may be discarded by the jitter buffer and considered as lost by the codec. Many different types of jitter metrics exist, but the values reported by UC Server software use packet-to-packet delay variation where a positive jitter value indicates the packet was later than expected, a negative jitter value indicates the packet was earlier than expected and a value of zero indicates the ideal case of no delay variation between packets. The maximum and minimum jitter values are reported along with the mean absolute jitter. The effect of jitter on the video quality is dependent on the edge-device and its configuration, in particular the behavior of the jitter buffer. Out of Sequence Out of Sequence indicates the volume of streams where out of sequence packets were detected. This is calculated in the same way as active streams. Possible reasons for out of sequence packets include: • Route flapping, load sharing or diverse core routing. • Endpoints which send RTP streams with incorrect sequence numbers.
458
TROUBLESHOOTING ISSUES
Additional Metrics Following are descriptions of additional results that are displayed in UC Server views. Active Streams (Average) This is an indication of the average active streams over the time period. For example, over a five-minute period if one stream was active for the whole of the five minutes this metric would be 1.0. If the stream was active for only half this period, then this metric would be 0.5, and so on. Note that calls imported into the system from MS Lync reports do not contribute to this indication. Completed Streams This is the number of streams that have ended during the time period. DTMF This value is an indication of number of completed streams where DTMF (Dual-tone multifrequency signaling) has been detected and that have ended during the time period. Note that this only applies to out-of-band DTMF digits encoded as RFC2833/4733 RTP packets and not DTMF tones in the voice payload. Possible reasons for DTMF include: • Users accessing voice mail or other systems which are controlled by DTMF. Gaps This value is an indication of the number of completed streams which contain gaps and that have ended during the time period. Gaps are periods of time where no RTP packets were detected and can be at the start, middle or end of the call. For start and end gaps packets must be detected in the other direction of the call to be considered as gaps. Thresholds for the minimum durations to be considered a gap are configurable in the Global Settings>Voice/Video tab. Long Calls Long Calls is an indication of the number of completed streams which have a duration greater than the long call threshold and that have ended during the time period. Possible reasons for long calls include: • Constantly active streams • Conference calls QoS Mismatch This is an indication of the number of streams that have that have ended during the time period where the monitoring appliance has seen a mismatch between the QoS values used
459
nGeniusONE 5.4.1 Online Help Topics in the two directions of a bi-directional call. Here the QoS value is taken from the IP header. Note that calls imported into the system from MS Lync reports do not contribute to this count. Possible reasons for QoS mismatches include: • Mis-configuration of network equipment to set precedence incorrectly for one direction. Short Calls This is an indication of the number of completed streams which have a duration less than the short call threshold and that have ended during the time period. The threshold is configurable in Global Settings. In the Streams and Single Call view tables there is an indicator to identify short streams. Possible reasons for short streams include: •
Call quality problems causing users to hang-up early.
•
New streams being set-up once the call has been fully connected.
Single Direction This is an indication of the volume of single-direction streams that have ended during the time period. A single-direction stream is identified when no stream is detected in the opposite direction. In the Streams and Single Call view tables there is an indicator to identify single-direction streams. Standard voice calls comprise two separate streams on the IP network, sent between the same IP addresses and UDP ports but in opposite directions (e.g. A to B and B to A). If the monitoring agent is unable to detect a stream in the opposite direction then the stream is counted as a single-direction stream. Note that calls imported into the system from MS Lync reports do not contribute to this count. Possible reasons for single direction streams include:
460
•
Users listening to voice-mail (i.e., not a problem).
•
Endpoint configuration issues such as codec compatibility.
•
Mis-configuration of firewalls.
•
Load sharing or diverse core routing
TROUBLESHOOTING ISSUES
IP Transmission Problems Isolating IP network problems to determine whether the network is affecting voice or video performance is a crucial part of the diagnostic process. The topics in this section provide a general overview of the role IP transmission errors play in voice and video performance analysis. • Basic Troubleshooting • IP Root-cause Analysis Basic Troubleshooting Possible reasons for low Voice IP MOS, Video IP MOS and Video MOS include: • Multiple users with very high concurrent data consumption • High data network usage such as streaming audio or video • Mis-configuration of network elements reducing throughput and causing links to intermittently disconnect • Mis-configuration of routers causing voice packets to be de-prioritized and packet loss due to high volume of traffic • Route flapping, load sharing or diverse core routing • Low bandwidth connection at network extremities • Mis-configuration of port settings The following flow chart shows the steps to take when investigating low IP MOS.
461
nGeniusONE 5.4.1 Online Help Topics If most calls have low IP MOS, access the UC Streams view to find the streams with low IP MOS, check the "1st cause" and "2nd cause" values and look up these categories in the table in the following section. IP Root-cause Analysis This section provides an explanation of the "1st cause" and "2nd cause" values generated by UC Server software when the voice or video IP MOS is low. The causes are separated into the categories shown in the table below. Possible causes are then described in the following sections.
Category
Description
Characterized by
LAN Congestion
End-devices competing to access the network via hubs and switches
Excessive jitter
Router Congestion
Routers processing packets and managing queues
Excessive jitter and packet loss
Access Link Congestion
Large data packets being transmitted over slow access links disrupting the flow of media packets and causing them to be queued
A long delay followed by several very short delays between media packets
Diverse Routing
Packets being transmitted via different routes, each with slightly different delay profiles
Packets appearing at the receiver out-ofsequence
Unreliable Link
A network link that is causing high levels of packet corruption or that has failed
Low levels of jitter but high levels of packet loss
LAN Congestion • Symptom: Packet congestion in Hub / Switch • Results in: Difficulty for packets getting onto the wire • Maybe similar to router congestion but low packet loss • Possible causes: o
Using a Hub instead of a Switch
o
Under-specified link capacities
o
Multiple users with very high concurrent data consumption
Router Congestion • Symptom: High data rate through router • Results in: Difficulty for packets passing through router • Possible causes: o
o o
462
Multiple ports may be using high data rates Misconfigured QoS on router Under specified router for amount of traffic
TROUBLESHOOTING ISSUES • Diagram showing scenario that could result in router congestion:
Access Link Congestion • Symptom: Bottleneck in link throughput • Results in: Difficulty for voice packets passing across links • Possible causes: o
o
o
o
Low bandwidth connection at network extremities Slow link overloaded with high data rates Misconfigured network elements reducing throughput Badly configured QoS causing voice/video packets to be de-prioritized
Diverse Routing • Symptom: Mis-sequenced packets detected • Results in: Voice packets using different routes with different latency • Possible causes: o
Load sharing or diverse core routing
o
Problems in the core network
o o
Load sharing containing a problem link Route flapping
• Diagram showing diverse routing scenario:
463
nGeniusONE 5.4.1 Online Help Topics Unreliable Link • Symptom: Intermittent connectivity problems • Results in: Intermittent complete drop out for voice packets • Possible causes: o
Faulty physical connection on particular link
o
Port setting problems e.g., Duplex, Full, 10, 100, Auto
o
464
Element configuration could cause links to intermittently disconnect
CONFIGURING AND MANAGING nGeniusONE Administering the nGeniusONE Server Configure and manage features of your nGeniusONE deployment using the following modules: • Configure monitoring settings (Global Settings): Configure and view monitoring settings for your deployment including defining communities, configuring applications and messages, and assorted thresholds. • Add and manage servers (Server Management): Perform essential server maintenance and configuration, including adding servers (NewsStand, Standby, Associated, Local) managed by this server. • Add and manage users (Server Management): Add and modify users, user groups, and user roles and activity. • View and configure server settings (Server Management): Perform software updates, join the nGenius Deployment Database, add and modify authentication servers, add and modify exclusions. • View deployment details (Server Management): View session statistics, activity logs, and user deployment information. • Manage data sources (Device Management): Add or modify InfiniStream appliances and other data sources or instrumentation, and manage monitored element groups. • Configure or modify services (Service Configuration): Manage definitions for application or network-based services for use in Service Monitors, Reporting, and the Service Dashboard. • Create, view, and manage Spaces (Spaces Configuration): Modify Dashboard Spaces to customize the data displayed in the views. • Verify requirements for Monitors (Service/Traffic Monitors): In addition to the above configuration of servers, applications, and devices on the nGeniusONE Server, ensure the monitoring data sources are configured appropriately for detecting the required traffic type. • Create and view reports (Report Configuration): Manage reports for troubleshooting and sharing information with others on a regular basis.
465
nGeniusONE 5.4.1 Online Help Topics
MANAGING DEVICES Welcome to Device Configuration Device Configuration provides you with an easy-to-use interface that allows you to manage the monitoring devices in your enterprise. The installation process automatically creates a user account with System Administrator and Network Administrator roles. The default account allows you to configure devices and application monitoring including performing the following tasks: • Add or import devices • Upload and upgrade InfiniStream or Decode Pack software • Add or modify Monitored Element Groups or SuperGroups
Device Configuration in nGeniusONE — Overview The Device Configuration module in nGeniusONE supports the functionality under these tabs: • Devices - add or modify functionality of InfiniStream appliances. For complete details, click here. • Upgrade - InfiniStream or InfiniStream Decode Pack software • Monitored Element Groups - add or modify Monitored Element Groups or SuperGroups Note: • You can add a Cisco Catalyst 5000 or 6000 Network Analysis Module (NAM) in the same manner as other devices. • To prevent more than one user from updating the same device simultaneously, the device is automatically locked while being modified. Therefore, you may receive a message stating that the display has changed. Refresh the display to view the latest settings. Section 508 Compliance nGeniusONE supports industry-recognized user-interface accessibility standards implemented in compliance with Section 508 of the U.S. Rehabilitation Act. This Act requires that Federal Departments/Agencies’ Electronic and Information Technology (EIT) be accessible to people with disabilities.
466
CONFIGURING AND MANAGING nGeniusONE
Navigating the Interface Refreshing the Display in nGeniusONE To view the latest changes in a window, click the Refresh icon. Clicking the refresh icon refreshes the parent window and any child windows that may be open. If the information you are currently viewing is changed by another user at a different location, a message displays prompting you to refresh the display.
Device Configuration Interface This topic provides a quick introduction to the following components of the Device Configuration user interface. • Tabs • Tools • Task Progress • Controls
Tabs The Device Configuration interface consists of a series of tabs containing major device configuration functions. Tab
Description
Devices
Configure and manage data sources
Upgrade
Update InfiniStreams and InfiniStream Decode Packs
Monitored Element Groups
Display and configure monitored element groups, super groups, and their constituent parts
Tools The following table lists general purpose tools used throughout Device Configuration. The location and function of some tools varies depending on context: Add
Add devices, applications, and groups
Modify
Modify any attribute of the selected object: device configurations, application monitoring options
467
nGeniusONE 5.4.1 Online Help Topics
/ /
/
Delete
Delete a device, application, or group
Show/Hide/Reset Filter
Show, hide, or clear the filter. Whether the list shown has been filtered or not is indicated by the appropriate filter icon and accompanying tool tip displayed at the bottom of the screen.
Activate/Deactivate
Enable or disable the selected object
Relearn
Update device details
Device Settings
Set device read and write community values, and Config Server IP Address
Information
Display physical and virtual device parameters
Remote Login
Access the nGenius Command Line Administrator of the device This screen displays the protocols and their correlated settings you applied either to all InfiniStream appliances from the nGeniusONE server or to this InfiniStream device from Device Protocol Settings
Associated Applications
you configured in Performance Manager (UMC). The Protocol Settings Type is displayed in parentheses at the top of the screen as either Global or Local. Information displayed includes settings for application Name and Parent, Response Time, Responsiveness intervals, ASR, and Slice Size.
/
468
Import/Export
Import or export devices, software, or application definitions
Column Management
Show or remove columns displayed on the screen
Refresh
Update the Device Configuration display
CONFIGURING AND MANAGING nGeniusONE
Task Progress The Task Progress Report displays the progress of tasks. In a distributed server environment, the Global Manager aggregates the progress from all Local Servers and displays the overall progress. You can hide/show the Task Progress Report by using the up/down arrow at the bottom of the screen (on the left). You can view the details for a task by selecting the task and clicking the Details button. Also, a message similar to the one below displays after you perform a configuration action.
• Name — The task currently being performed. • Details — More information on the task that the server performs. When the task completes, the Details column displays "Done". • Status — The status of the task that the server is performing. A progress bar displays for tasks in process. For completed tasks the Status column displays Information, Warning, or Errors.
Controls In addition to the tools listed above, you can organize the interface using the following controls: Sort
Display a list of entries in caseinsensitive, alpha-numeric order by toggling up and down arrows next to column names
Page View
The Page fields let you select one or more pages from a larger, dropdown number of devices for viewing.
469
nGeniusONE 5.4.1 Online Help Topics
Devices Tab in nGeniusONE The Devices tab in Device Configuration displays a list of devices that have been added to the nGeniusONE server along with their associated characteristics. Click the Column Management
icon to add or remove columns from view.
Configuring Devices You can perform the following actions on this page: • Add a device by clicking the Add button . The Add Device sliding screen appears. Complete the fields and click OK when finished. • Modify a device by selecting the device and clicking the Modify button . The Modify Device screen appears, showing information about the device and its interfaces, including general information and settings, physical and virtual interface details. Make your changes and click OK. • Delete a configured device by selecting the device and clicking the Delete button . • Show/Hide column filters by using the Show/Hide Filter buttons • Clear all filters using the Reset the Filter button • Deactivate
or Activate
/
.
.
a configured device.
• Relearn settings on a rebooted or modified device. The nGenius Server automatically relearns the device whenever the device reboots (for example, when a new physical interface is added or removed or firmware is upgraded). • View and configure Device Settings and Config Server IP Address. • View Information
including the Read and Write Community
about a device including:
o
Status of Ping, Read and Write Community tests.
o
CDM Level type. For example: Advanced.
o
Hardware/Software model names, CDM and build numbers.
o Device Up time including the day of the week, date, time, and time zone. o Hardware, InfiniStream and InfiniStream Extended Support serial numbers. o
Total, Free, and Used Memory totals (MB).
• Remotely log in
470
to a device using the Agent Configuration Utility.
CONFIGURING AND MANAGING nGeniusONE
• Display Associated Applications . Clicking the icon displays a sliding screen "template" of applications and correlated settings you selected in the Device Protocol Settings finished viewing, click • Import
and Export
module of the Unified Management Console. When Back to withdraw the screen. device settings.
• Perform Column Management by removing or adding one or more columns for display in the Devices screen. Double-click a selection in the Column Management screen to move it to the display (left) or hide (right) pane and click OK to execute the action. Optionally, you can Remove All or Add All columns, and rearrange a column's horizontal placement on the screen by selecting an item in the display pane, dragging and dropping it higher or lower in the list. Refer to the "Columns" section below for a list of the columns and associated descriptions. • Click the Task Progress arrow at the bottom of the screen to display the details and status of operations. You can select an operation and click Details to display additional information. A message similar to the one below displays after you perform a configuration action.
• Refresh
the display.
Columns Field
Description
Status
The current operational status of a device. Down Pending , or Active .
, Inactive
,
An active device is online and operating normally. The pending state is an initial stage of a device that has not yet been added to the system. The device is unreachable until it is completely learned. Similar to an inactive device, a pending device's interfaces do not count against the license limit. The device is in a sleep-like mode where it is no longer performs logging or relearns. Interfaces on inactive devices do not count against the license limit. A Down device is considered unreachable first by unsuccessful IMCP then SNMP pings. When both pings fail, the device is marked down. Name
The name of a device. The device name is defined when you add a device to the nGenius Server.
Address
The IP address (IPv4, IPv6, or host name) of a device.
471
nGeniusONE 5.4.1 Online Help Topics
Alias
An optional alternate name for a device.
Type
The operational type of device including: nGenius InfiniStream, InfiniStream Virtual Appliance, nGenius Probe, NetScout Packet Flow Switch , NetScout FlowCollector, Router, Server, Switch, Router Network Analysis Module, or Unknown.
Device Protocol Settings
Protocol settings type describing whether application settings were applied to all InfiniStreams by the nGeniusONE server (Global) or to this InfiniStream through the UMC (Local).
Interfaces (Act)
The number of interfaces enabled and operational (active) for monitoring on a device.
Interfaces (Inact)
The number of interfaces disabled (inactive) for monitoring on a device.
Decode Pack
The file name of the installed Decode Pack containing the code release version and build number. For example: 15.1 Build 185
Description
Device system information including the model name, firmware version, and build number. This field cannot be modified. Thirdparty devices may include Technical Support sites, copyright information, and a date-stamp when last compiled and by whom.
Notes
(Optional) Additional user-supplied information about a device such as its physical location.
Sorting devices Click a column header to sort
alphabetically by that column.
Device Details - Interfaces Screen The Interfaces or Ports section of the Modify Devices screen, as shown below, provides for configuration and display of physical interface information for InfiniStreams, probes, routers, and switches as well as drill-down access to associated virtual interfaces. Be aware that depending on the interface type chosen, some data and functions are not available.
From this screen you can: •
472
Modify interface properties.
CONFIGURING AND MANAGING nGeniusONE
•
Delete an interface.
•
Activate or
Deactivate an interface.
•
Clear Captures to empty buffers of packets collected by previous captures. This function is not available for switches or routers.
•
Monitoring options to configure virtual interface parameters: IPSLA, NetFlow Aggregate, IP Ping, Associate Sites, Associate APN, or Associate VRF Groups and others. This function is not available for switches or routers.
•
Virtuals to view and configure virtual interfaces, as shown below. This function is not available for switches or routers. Also, the Virtuals icon is disabled if the selected physical interface does not have configured virtual interfaces.
Important: Inline editing is not supported. Modify Interface Name, Alias, or Speed To modify a physical interface Name, Alias, or Speed, refer to: • Modifying Device Information • Modifying Physical Interfaces • Modifying FEC Interfaces • Modifying virtual interfaces: APN, BSID, LA-RA, NetFlow, QoS, sFlow, Site, TAC, VLAN, VRF Group, and VRF Site. Important: Depending on the interface type, changing a name or interface speed may not be permitted. Column
Description
Name
The name of the interface. This field is configurable: • Spaces and alphanumeric characters are valid up to a limit of 128 characters. • Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some, all, or none. • The name must be unique for each interface. Note: Interface names are based on if Descriptors or if Names (if entered on the device). If the nGenius Server learned the name of the interface from the device, you cannot modify the interface name.
Alias
(Optional) A user-defined alternate name for the interface. This field is configurable: • Spaces and alphanumeric characters are valid. • Rules governing the use of special characters vary by function. In most cases, the user
473
nGeniusONE 5.4.1 Online Help Topics
interface validates characters as you enter them, allowing some, all, or none. • The alias must be unique for each interface. IP Address (Routers Only)
The IP address of the interface. If an interface has multiple IP addresses, only one address displays. This field does not display for probes or switches.
Number (Probes and Routers Only)
The interface number. This field does not display for switches.
Slot/Port (Switches Only)
The slot and port numbers on the device.
IF Type
The type of network the device is connected to such as Ethernet (ET), Frame Relay (FR), ATM, Token Ring (TR), WAN, GigabitEthernet, or ASI PORTAL (for select voice-supporting InfiniStream models). If the nGenius Server does not recognize the interface type, then the topology is defined as Other.
Speed Override (Routers and Switches Only)
Check box indicating whether or not the original interface speed was overridden.
Speed (Mbps)
The interface speed. By default, the speed is learned when a device is added. In many instances, this value can be overwritten.
Fdx (Routers and Switches Only)
Select this check box if the device supports full duplex. With Fdx (Full duplex) selected, the interface speed is doubled for utilization calculations. This field does not display for probes.
Status
The status of an interface— Active, Inactive, Absent, or Pending. You can deactivate an active interface by selecting the interface and clicking Deactivate, or activate an inactive interface by selecting the interface and clicking
Activate.
Alarm Template
Lists the alarm template (or Default) for each interface.
Locations/Virtualization
Indicates the type of Location Key (virtual interface) discovered by the InfiniStream appliance such as Site, VLAN, VRF, QoS, Cell Site, Cell Area, Cell ID, HandsetGroup, CMTS, APN, CMTS, TAC, BSID, LA-RA, and PLMN. Multiple and hybrid Location Key types are displayed in this column per physical interface as well as in the Virtuals screen. A list stretching longer than the field can be viewed in its entirety by hovering your cursor over the entry.
474
CONFIGURING AND MANAGING nGeniusONE
They are also displayed in the Location Keys pane of the Service Configuration monitor where users can choose to display locations discovered by the InfiniStream (already carrying traffic) or those configured in Global Settings but not yet in operation. Caveats • A delay of between 6 and 10 minutes will occur for Location Keys to display after they are discovered. • Only when asi_mode is set to ASI will the InfiniStream display all supported location keys it discovers from the ASI tables. CDM mode will display virtual interfaces only. • When a virtual interface is changed in ASI mode (from VLAN to Site, for example), the relearn process will take 15 minutes to process the old virtual interface and return the new virtual interface type. • Note: With hybrid mode selected, this column is titled Virtualization. When ASI mode is selected, the column is titled Locations.
Upgrade Tab The Upgrade tab in the Device Configuration module provides system administrators with convenient configuration options for software updates to InfiniStream software and InfiniStream Decode Packs. Tabs The Upgrade tab includes two sub-tabs that provide one convenient location to configure the following types of remote upgrades: • InfiniStream software remote upgrades. Important: When upgrading a NetScout Lync Collector, be aware that a remote upgrade is not supported. You must manually upgrade this type of NetScout device. Refer to the nGenius InfiniStream Administrator Guide for instructions. • Decode Pack remote upgrades The functionality and upgrade details available for both InfiniStream software and Decode Pack tabs are described below. Icon/Column
Description Upgrades the InfiniStream/Decode pack software.
/
/
Displays, Hides, or Resets the fields to filter for any of the decode pack details listed below. Reset reverts the filter to the default view.
475
nGeniusONE 5.4.1 Online Help Topics
Refreshes data in the table. Status
Current status of the upgrade displayed in three states: • Green
- the InfiniStream or Decode Pack is up to date.
• Red - upgrades are available for either InfiniStream software or Decode packs. • Empty - no files were copied to the appropriate directories. Name
User-supplied name of the InfiniStream.
Address
IP address of the InfiniStream appliance.
Model Version
Description
Model number of the InfiniStream appliance. For example: 6980B Current installed decode major/minor version and build numbers. Decode example: 12.3.52. InfiniStream example: 5.00.405 Decode major/minor version and build numbers. InfiniStream upgrades include the CDM release and build numbers. Decode example: 12.3 Build 55. InfiniStream example: IS Model 6980 CDM 5.0.0 (Build 415)
Monitored Element Groups Tab in Device Configuration Monitored Element Groups Overview The Monitored Element Groups tab in Device Configuration displays a list of configured monitored elements, groups, super groups and their associated characteristics, described in the table below. Important: When upgrading, monitored element groups containing one or more ASI physical or virtual interfaces are automatically converted to network domains in nGeniusONE. If you previously had services with monitored element groups, the services are updated to use the new network domains instead of ME Groups. Virtual interfaces from the previous ME Groups are shown as location keys in the service member details for the network domains. Functionality Monitored Element Groups can contain: • Physical or virtual interfaces • Switches and routers • A combination of the above The screen also provides buttons to perform the following functions. Click the hyperlink for step-by-step instructions.
476
CONFIGURING AND MANAGING nGeniusONE
• Add
a monitored element group or Super Group.
• Delete
a monitored element group or Super Group.
• Show or Hide Filter to display or hide the filter field. When displayed, the filter field lists one or more specified ME Groups or Super Groups in the ME Groups pane. A more selective filter is provided in the Group Details pane where you can arrange the list by Name, Full Name, Alias, IP Address, Speed, Device Category, or Interface Category. • Reset Filter
displays or hides the filter field.
• Import
Super Groups in bulk.
• Refresh
the ME Group display.
• Clicking the Task Progress Report arrow screen displays a report with the Name of the particular ME Group, Details and Status of the operation. You can click Details to display additional information about the task. Field
Description Monitored Element Groups Pane
or Name
Type of group (Monitored Element Group or Monitored Element Super Group) Name of the group Group Details Pane
Name
For adding/editing the group name. Becomes available when Add a monitored element group
is clicked.
Group Type filter options:
Check the Super Group check box to display members of the super group selected in the left pane.
• Super Group
Check the Show Members Only check box to display members of the group selected in the left pane. Uncheck the box to display all configured ME members.
• Show Members Only Column function/name
Description
Check box to select/deselect devices
477
nGeniusONE 5.4.1 Online Help Topics
Name
The name of an ME member, defined when you add a device to the nGenius Server.
Full Name
Descriptive name for an ME member which can include the associated device name, physical and virtual interface names, and QoS group level. For example: john234:if5:VRFGROUP_Other:QOS
Alias
User-supplied, optional, alternate name for an ME member.
Address
The IP address of an ME member.
Speed (Mbps)
Speed of the interface in bits per second. The speed is detected by the nGenius Server.
Device Category
Type of device associated with the ME member. For example: InfiniStream
Interface Category
Type of interface: either Physical, Virtual, or User Defined ME.
Task Progress Report in nGeniusONE The Task Progress Report displays the progress of each task you are currently performing. In a distributed server environment, the Global Manager aggregates the progress from all Local Servers and displays the overall progress. You can view the progress for each individual local server by clicking the Details button. You can also view details of other tasks by clicking the down arrow at the bottom of the screen. • Name — The task currently being performed. For example: Adding Route • Details — Details for the task that the server is currently performing. When the task completes, the Details column displays "Done". • Status — The status of the task that the server is performing. A progress bar displays for tasks in process. For completed tasks the Status column displays Success, Warnings, or Errors. • The dialog opens automatically when a new task is received if you click the box, as shown below, at the top of the dialog.
478
check
CONFIGURING AND MANAGING nGeniusONE Viewing Details To view detailed information about a particular task, select the task and click Details. The Details window includes the Progress and Warnings/Information/Errors tabs, as shown below. Progress Tab When viewing progress details from the Global Manager, select the appropriate Local Server. The Progress tab displays all subtasks that the server performs to complete the task you requested.
Icons display with the task or selected device name to indicate the task status: Symbol
Description Completed successfully Partial failure Failed completely
Warnings/Errors Tab The tab label changes based on the current status of the task. A detailed description of the message displays, including the Timestamp, Description, and Details such as the device name, application, port number, and other information. For more information about a specific warning, information, or error, you can view the Activity Log.
479
nGeniusONE 5.4.1 Online Help Topics Clearing a Task To clear a task from the report window, select the task and click Clear. The task is removed from the window but server still performs the task.
Viewing the Status of a Device or Interface in nGeniusONE You can view the status of a device or interface in the Devices tab window of Configuration. Interface status is also displayed in the Modify device screen.
Device
The following table explains the four status assignments that can apply to a device or interface. Status Down
Pending Inactive Active Absent
480
Assigned By
Description
nGeniusONE Server
Assigns Down status to a device if SNMP and ICMP Pings from the nGeniusONE server are unable to return it to an Active state.
nGeniusONE Server
Assigns Pending status to a device if the device you added failed to configure.
User
Assigns Inactive status to a device or interface that the user wants to deactivate.
nGeniusONE Server
Assigns Active status to all devices and interfaces that are successfully learned or relearned.
nGeniusONE Server
Assigns Absent status to any interface that cannot be located during a relearn.
CONFIGURING AND MANAGING nGeniusONE
Adding/Modifying Devices Adding a Device in nGeniusONE Users assigned the Network Administrator role can add devices. When you add a device, monitoring and logging is enabled by default. The nGeniusONE Server automatically learns all the interfaces and you can configure the device by selecting the Devices tab. You can modify these settings after adding the device. Important: when adding a device behind a firewall, be aware that nGeniusONE Server uses particular ports for the SNMP, HTTP, and HTTPS communications protocols. Alternatively, you can use optional ports for these protocols. Refer to the Ports Used by nGeniusONE Server Hardware section in the nGeniusONE Administrator Guide for these mandatory and optional port numbers. In a distributed server environment, Applications settings must be modified through the Global Manager. More about adding devices. • Information Specific to Adding Switches • Adding a UC Lync Collector • Adding Other Supported Devices • Importing Multiple Devices • Licensing and Monitoring Limits Important: If you configuring a device using the SNMPv3 communication protocol, refer to Add/Modify Device for more information. Configuration To add a device to the nGeniusONE Server: 1. From the nGeniusONE console, click the
Device Configuration icon.
2. Select the Devices tab. 3. Click
Add.
4. In the Add Device dialog box, enter information in the required fields. Be sure to observe rules regarding special characters. 5. (Optional) Click Advanced to enter values for Retries, Timeouts, and SNMPv3 Settings as well as Enable Device Unreachable Alarm, Enable learn only mode, DLC, and Do not add routers for NetFlow check boxes if applicable. 6. Click Apply to save your configuration. Tip: If the Add dialog box moves to the background, press ALT+Tab to bring it to the foreground. Note: If you specify an incorrect switch type, you can correct the error by deleting the switch and re-adding it to the nGeniusONE Server using the correct switch type.
481
nGeniusONE 5.4.1 Online Help Topics
Viewing Device Information in nGeniusONE Device Information lists specific details about a selected device, switch, or other device. To view device Information: 1. From the nGeniusONE console, click the
Device Configuration icon.
2. Select the Devices tab. 3. Select a device and click
482
Information. The following information displays.
Field
Description
Ping Test
The results of a ping request. OK indicates that the device was successfully contacted.
Read Community
OK indicates a correct setting
Write Community
OK indicates a correct setting (more).
Hardware/Software
Probe type, model number, firmware version, and build number.
Device Up Since
The day of the week, date, time, and time zone when the probe was last started or rebooted.
CDM Level
Not applicable
Hardware Serial Number
The device hardware serial number, if applicable and available; otherwise the field is populated with zeroes.
Total Memory
Displays the total installed memory (in Megabytes).
Free Memory
Displays the amount of available memory (in Megabytes) on the device.
Used Memory
Displays the amount of used memory (in Megabytes) on the device.
IS Serial Number
Serial identification for the InfiniStream and Extended Storage Unit (ESU1 and ESU2).
CONFIGURING AND MANAGING nGeniusONE
Adding a Device in nGeniusONE Users assigned the Network Administrator role can add devices. When you add a device, monitoring and logging is enabled by default. The nGeniusONE Server automatically learns all the interfaces and you can configure the device by selecting the Devices tab. You can modify these settings after adding the device. Important: when adding a device behind a firewall, be aware that nGeniusONE Server uses particular ports for the SNMP, HTTP, and HTTPS communications protocols. Alternatively, you can use optional ports for these protocols. Refer to the Ports Used by nGeniusONE Server Hardware section in the nGeniusONE Administrator Guide for these mandatory and optional port numbers. In a distributed server environment, Applications settings must be modified through the Global Manager. More about adding devices. • Information Specific to Adding Switches • Adding a UC Lync Collector • Adding Other Supported Devices • Importing Multiple Devices • Licensing and Monitoring Limits Important: If you configuring a device using the SNMPv3 communication protocol, refer to Add/Modify Device for more information. Configuration To add a device to the nGeniusONE Server: 1. From the nGeniusONE console, click the
Device Configuration icon.
2. Select the Devices tab. 3. Click
Add.
4. In the Add Device dialog box, enter information in the required fields. Be sure to observe rules regarding special characters. 5. (Optional) Click Advanced to enter values for Retries, Timeouts, and SNMPv3 Settings as well as Enable Device Unreachable Alarm, Enable learn only mode, DLC, and Do not add routers for NetFlow check boxes if applicable. 6. Click Apply to save your configuration. Tip: If the Add dialog box moves to the background, press ALT+Tab to bring it to the foreground. Note: If you specify an incorrect switch type, you can correct the error by deleting the switch and re-adding it to the nGeniusONE Server using the correct switch type.
483
nGeniusONE 5.4.1 Online Help Topics
Adding Devices in nGeniusONE Server — Overview The nGeniusONE software supports a variety of InfiniStreams, other NetScout devices, routers, and switches that you can add to the nGeniusONE server to collect data. The number of devices you can add to the nGeniusONE Server is controlled by your software license. Click here for information on UC Lync Collector licenses. When you add a device, the nGeniusONE Server automatically learns all the interfaces and configures the device by applying settings in Devices and a default Alarm Template (or one you configure - UMC only). You can modify these settings prior to or after adding the device. In a distributed server environment, Devices settings can only be modified through the Global Manager. To add devices, you must be assigned the Network Administrator role. Distributed Server Environment In a distributed server environment, the Global Manager cannot own devices; therefore, all devices must be associated with a Local Server. You can add devices using the Global Manager but you must assign the device to a Local Server. All devices within the server cluster must have a unique IP address. Methods of Adding Devices Network Administrators can add devices to the nGeniusONE Server using the following methods: • Add devices one at a time — Use this method if you want to add one or only a few new devices to the nGeniusONE Server. • Import multiple devices simultaneously — Use this method if you want to add several devices to the nGeniusONE Server simultaneously. Adding Switches and Other Device Types Refer to the following topics when adding switches and other MIB2 devices: • Information Specific to Adding Switches • Other Supported Devices
484
CONFIGURING AND MANAGING nGeniusONE
Adding and Configuring Devices The nGeniusONE software supports a variety of InfiniStreams, switches, and other devices that you can add to the nGeniusONE server to collect data. The number of devices you can add to the nGeniusONE server is controlled by your software license. When you add a device, the nGeniusONE server automatically learns all the interfaces and configures the device by applying global settings and a default template. Be aware that to add devices, you must be assigned the Network Administrator role. The main tasks to perform for adding and configuring devices include: • Adding a device • Creating a Monitored Element Group or SuperGroup • Configuring Monitored Element Groups • Using Alarm Templates • Also click here for more information regarding device configuration. Adding a Device Network Administrators can add devices to the nGeniusONE server one at a time (for one or a few new devices) or import multiple devices in bulk if you want to add several devices to the nGeniusONE server simultaneously. Switches are added in the same manner as other device but for additional information, refer to the Information Specific to Adding Switches section. To add a device individually: 1. Open
Device Configuration > Devices tab.
2. Click
Add.
3. In the Add Device dialog box, General tab, enter information in the required fields including a Name, Alias (optional), IP Address, Server, Description, Device Type, Communication Protocol, Read and Write Community, and Device Template. 4. (Optional) Click the Advanced tab to enter values for Retries, Timeouts, and SNMP Settings as well as Enable Device Unreachable Alarm, Enable learn only mode, DLC, and Do not add routers for NetFlow check boxes if applicable. NetScout highly recommends that you select HTTP as the communication protocol. 5. Click Apply then OK. To export the contents of one device's configuration on another device: 1. Successively click
Device Configuration and the Devices tab.
2. On the device you want to copy the device configuration from, click devices, Save File, and OK. 3. On the device you want to copy the device configuration to, click devices, browse for the file, and click Open.
Export Import
485
nGeniusONE 5.4.1 Online Help Topics To add devices in bulk by creating a CSV file to import devices (the following requirements apply to the CSV file): • Enter information for each device on a separate line. • Device type, device name, and IP address (IPv4 or IPv6) are required. • In a distributed nGeniusONE server environment, include the name of the Local Server Name to which the device is to be added. The Local Server name supplied must match the name used for the Local Server configuration. When adding devices, you can enter the device type as AUTOMATIC. This allows the nGeniusONE server to determine the device type and display the information in the Device Type column in the Device Configuration window. Manually Creating the CSV File To create the CSV file manually: 1. Create a new text file using a text editor: 2. Enter one line of information for each device using the following format: Device type, Device Name, Device IP Address, Read Community String, Write Community String, Retries, Timeout, Learn Only, Local Server Name, Device Alias, Notes, Web Server Port, Server Address, nFR Server Name, Workspace Name, Device Unreachable Alarm, MIB2Mode, Status, System Description, Physical Address, Communication Protocol, Authentication Protocol, Privacy Protocol, Privacy Password Click here for information on these parameters. Note: • Enter AUTOMATIC in upper case. (nGenius InfiniStream is added as device type AUTOMATIC). For example, to specify a probe device type, enter PROBE. The CSV file is case-sensitive on Linux systems. • To accept defaults for all fields that follow required fields, you can leave the fields blank. Refer to the example below. • You can use the default value for a parameter by entering a comma for that field. Defaults are accepted for all fields between Local Server Name and MIB2Mode. 3. Save the file with a .csv extension and close the file. 4. You can add all of the devices in your CSV file using the Import Devices feature. Example: Adding an nGenius InfiniStream AUTOMATIC,My InfiniStream,10.44.55.66,,,3 In this example, the defaults are accepted for Read and Write communities and for all fields following Retries. Creating a Monitored Element Group or SuperGroup Creating Monitored Element (ME) groups allows you to group probe interfaces, router interfaces, and switch ports in a way that is most useful to your organization. For example, you can group monitored elements according to topology, type of link, region, or business
486
CONFIGURING AND MANAGING nGeniusONE unit. You could also aggregate ME groups to make it possible to restrict access to data for certain users. In a distributed server environment, you can create ME Groups from the Global Manager as well as from the Local Server. The advantage of creating ME Groups from the Global Manager is that you can include device interfaces and switch ports that reside on different Local Servers in one group. You can also see other ME Groups that are created on each Local Server. From a Local Server, you can view all ME Groups, but within each group, you can view only those device interfaces and switch ports that exist on that Local Server. ME Groups display in the Monitored Element Groups tab in Device Configuration. ME Group attributes include: • Network Administrators and Approvers can create, edit, rename, or delete ME Groups in the nGeniusONE Server. • You can further group ME Groups into SuperGroups. • System Administrators can restrict access to groups for certain users. • All users can view ME Groups and contents. ME Groups are supported for both physical and virtual interfaces but the following monitored elements cannot belong to a group: • Top-level device groups such as Ethernet, WAN, or Enterprise • Probes (at the device level) To configure a Monitored Element Group: You can select either physical/virtual interfaces, a switch or router to add all of the switch or router interfaces to the group at once, or a combination of these choices. Note: You cannot select a probe to add all of the probe interfaces in this manner. To create a Monitored Element Group or Super Group individually: 1. Open
Device Configuration and then the Monitored Element Groups tab.
2. Select Add monitored element group. Clicking this button activates the Name field in the Group Details pane. 3. Enter a group name. Note: Monitored Element Group names can have a maximum of 128 alphanumeric characters and/or spaces. With the exception of the forward slash (/), special characters are not allowed. The name must be unique for each group. Do not use "Enterprise" as a group name. 4. To create an ME Group, continue with the next step but to create a Super Group, click the Super Group check box. Tips: - This procedure describes how to create an individual Super Group. See below to import Super Groups in bulk. You can do so more conveniently by creating and importing a properly configured text file. - You cannot add Super Groups to another Super Group; but, you can expand an existing Super Group and add its members to another Super Group.
487
nGeniusONE 5.4.1 Online Help Topics - Monitored elements cannot be added to a Super Group, only Monitored Element Groups. 5. Click the check box of one or more monitored elements or groups from the list and click Apply to save the group. Note: Un-clicking the checked Show Members Only check box displays all configured monitored elements, groups, and Super Groups in the nGeniusONE server. After the group is created and displays in the list, the name remains in the Name field but is grayed out until you add another group or select a group to display. To import Super Groups in bulk: 1. Open a text editor and create an import file using the following format: ,megroup1 ,megroup2 ,megroup Notes: • Enter each Monitored Element Group on a separate line. • Group and Super Group names support alphanumeric characters and spaces. With the exception of the forward slash (/) special characters are not supported. • Entries are case sensitive. Example To import Super1 enter: Super1,ME1 Super1,ME2 Super1,ME3 To import Super2 enter: Super2,ME3 Super2,ME2 To import Super3, the following formats are invalid for ME1 and ME2 Super3,ME2,ME1 [list each ME group on a separate line] Super3,me1 [case sensitive] Super3,me2 [case sensitive] 2. Save the file in CSV format. 3. Click the
Device Configuration icon.
4. Select the Monitored Element Groups tab. 5. If you have not previously configured the appropriate Monitored Element Groups, do so now. 6. Click Import super groups and navigate to the location where you saved your import file. (Select All Files if you saved the file in other than *.csv format.) 488
CONFIGURING AND MANAGING nGeniusONE 7. Select the file, making sure it displays in the File name field and click Open. Using Alarm Templates Alarm Templates allow you to define logging and alarm settings for each interface on a data source. A default probe interface template is automatically applied to all interfaces when you add a probe to the nGeniusONE Server. The default template configures monitoring and logging of statistics for protocols, hosts, conversations, and response time.
489
nGeniusONE 5.4.1 Online Help Topics
Add/Modify Device More on Adding a Device Click the Add button to enter information or the Modify button to modify information. The Add Device or Modify Device sliding screen appears. Displayed fields vary depending on the type of device you are adding or modifying. All fields are required unless otherwise noted. When finished, click Apply and OK. Field
Description General tab
Name
The device name. • The name must be unique for each device. • Up to 128 alphanumeric characters are valid. • Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all. • Do not include commas or spaces in the name. Be advised that if you use non-approved characters or spaces, you may encounter problems generating alarms with user-defined protocols and using certain CLA commands. • The underscore _ and dash — are not considered special characters.
Alias
(Optional) An alternate name for the device. • Up to 128 alphanumeric characters are valid. • Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all. • The alias must be unique for each device.
Address
The device IP address or host name. If an IP Address, enter either an IPv4 or IPv6 address. For convenience inputting IPv6 addresses, we recommend using the "standard shortened" method although the long form is permitted. Refer to IP Addresses in nGenius Products for more information on permitted IPv6 Address forms. Any IPv4/IPv6 address entered is displayed as entered but expansion of IPv6 addresses to the full format is not performed. Note: Before configuring Sites with IPv6 addresses, be sure that the InfiniStream supports IPv6 monitoring. Important: If a device with an IPv6 address is added using the nGeniusONE (HTML) client, it will appear in the Performance Manager console with a pseudo IPv4 address which is mapped to the actual IPv6 address in the database. Important: Embedded IPv4 addresses are not supported. For example, the following address cannot be entered —
490
CONFIGURING AND MANAGING nGeniusONE
::10.45.75.219 Host name rules When inputting a host name, each segment separated by a dot must observe these rules. •
A to Z upper case characters are allowed
•
a to z lower case characters are allowed
•
0 to 9 numeric characters are allowed
•
(–) dash is allowed
•
A host name (segment/label) can start or end with a letter or a number
•
A host name (segment/label) must not start or end with a '–' (dash)
•
A host name (segment/label) must not consist of all numeric values
•
A host name (segment/label) can number no more than 63 characters
•
The entire host name cannot exceed 255 characters
Server
Distributed server environment only. If you are adding a device from a Global Manager system, select a Local Server to which the device is added.
Description
Viewable in the Modify screen only. Depending on the device type, the device model, model number, firmware release and build numbers are displayed automatically.
Device Status
Viewable in the Modify screen only. The current operational status of the device. Down , Inactive , Pending , or Active . Note: icons do not display in the Modify screen. An Active device is online and operating normally. The Pending state is an initial stage of a device that has not yet been added to the system. The device is unreachable until it is completely learned. Similar to an inactive device, a pending device's interfaces do not count against the license limit. The device is in a sleep-like mode where it is no longer performs logging or relearns. Interfaces on Inactive devices do not count against the license limit. A Down device is considered unreachable first by unsuccessful IMCP then SNMP pings. When both pings fail, the device is marked down.
Device Type
Viewable in the Add Device screen only. Select one of the following from the drop-down list: • Automatic — (Default) The server first attempts to
491
nGeniusONE 5.4.1 Online Help Topics
add the device as a probe, then (if this fails) as a router. If you select Automatic, switches are added as routers. Note: Selecting this device type disables any other choice of communication protocol. When the device is added, the actual protocol detected - either SNMP or HTTP - will display in the Details (modify) screen. It is preferable to select one of the following types when adding a device: • NetScout Flow Collector — 3100, 3200, and 3300 Flow Collectors • NetScout InfiniStream — Any InfiniStream device. • nGenius Packet Flow Switch — NetScout's 1500 or 3900 Series Packet Flow Switch • NetScout Probe — Any NetScout appliance • Router — Any third-party router • Switch — Any third-party switch • Router Network Analysis Module — Displays only if you enable the rnams.display=true property in serverprivate.properties. Notes
(Optional) Additional information you can enter about the device such as its vendor and physical location.
Communication Protocol
Choose a communication protocol from the drop-down list: Automatic, HTTP, HTTPS, SNMPv1, SNMP (SNMPv2c), or SNMPv3. Default: Automatic. If set to automatic, the only available communication protocol is automatic and the control will be disabled. When automatic is added, the protocol that is detected - SNMP or HTTP - will be set as the communication protocol in the Details screen. Protocol choices are dependent on the Device Type. Important: NetScout strongly recommends that HTTP/HTTPS be selected instead of an SNMP version. HTTPS communications between NetScout appliances is performed such that certificates are verified on both server and client sides of the traffic once you have added the SSLHelper.trustAllCertificates=false property to the serverprivate.properties file. Important: When adding a device behind a firewall, be aware that nGeniusONE Server uses particular ports for the SNMP, HTTP, and HTTPS communication protocols. Alternatively, you can use optional ports for these protocols. Refer to the Ports Used by nGeniusONE Server Hardware section in the nGeniusONE Administrator Guide for these mandatory and optional port numbers.
Read Community
The SNMP read community string. The initial default setting is public. Limit: 32 characters. Important: If you chose the SNMPv3 communication
492
CONFIGURING AND MANAGING nGeniusONE
protocol, this field changes, prompting for the User Name. Write Community
The SNMP write community string. This setting must match the write community string defined in the device (more). The initial default setting is private. Limit: 32 characters. Important: If you chose the SNMPv3 communication protocol, this field prompts for the Authentication Password.
Device Template
Viewable in the Modify screen only. The device alarm template applied to this device from the drop-down menu. Advanced tab
Retries
The number of times you want the nGenius Server to attempt to reach the device if there is no response. This value must be an integer between 1 and 1000. Default = 3. Note: When modifying the communication protocol, if HTTP or HTTPS is selected, be aware the default retry value applied is 1 which does not display in the Details screen if you initially added the device with a protocol other than HTTP/HTTPS. You can manually enter this recommended value in the field however.
Timeout
The interval (seconds) you want the nGenius Server to wait before retrying an SNMP request. The value must be an integer between 1 and 1000. Default: 1. Note: When modifying the communication protocol, if HTTP or HTTPS is selected, be aware the default timeout value applied is 5 which does not display in the Details screen if you initially added the device with a protocol other than HTTP/HTTPS. You can manually enter this recommended value in the field however.
Enable deviceunreachable alarm
If selected, an alarm displays in the Alarm Viewer if the device is unreachable; a subsequent alarm displays if the device comes back up. This option is selected by default.
Enable learn only mode
Selected by default for switches. Enable Learn Only if you want to detect switch configuration, but do not want to apply Global Settings, history, templates, or alarms. More about the Learn Only option. nGenius PFS only — Checked by default and disabled. Option cannot be edited.
DLC
Switches only — Select to enable mini-RMON. nGenius PFS only — Unchecked by default. RMON1 alarms are not displayed in PM with DLC mode selected
Do not add routers for NetFlow
Enable this option if you do not want routers to be discovered. When disabled (default), system relearn identifies routers discovered by virtual interfaces.
493
nGeniusONE 5.4.1 Online Help Topics
Netflow Collectors only— This option is available only when adding the device. Note: If you enable this option (so that routers are not discovered) previously added routers are not automatically removed. They must be removed manually. SNMPv3 Settings Important: The property files snmpversion.dat and snmpv3deviceconfig.txt as well as the snmp3config.bat executable are no longer supported. Settings you configured in earlier releases, especially those contained in the snmp3config.bat file, are not migrated but must now be added or modified using the nGeniusONE console only because the snmp3config.bat file contains encrypted data which cannot be migrated. SNMPv3 devices must now be upgraded manually using this GUI. Authentication Protocol
Choose one of the following from the drop-down menu: MD5 or SHA
Privacy Settings
Click the check box to enable. Not supported for InfiniStream, Probe, or FlowCollector.
Privacy Protocol
Choose one of the following from the drop-down menu: AES, DES, or 3DES. Note: the PFS supports only AES and DES.
Password
494
If you have chosen a Privacy protocol, enter a Privacy password of no more than 128 bytes.
CONFIGURING AND MANAGING nGeniusONE
Modifying Device Information in nGeniusONE The Devices screen displays information about each device and configured interfaces added to the nGeniusONE Server. Information displaying in the Status, System Description, and Switch Family (switches only) fields are retrieved from the device and cannot be modified. All other fields are defined by the Network Administrator when the device is added to the nGeniusONE Server and can be modified when required. If you modify settings in device information, click Relearn to update the device immediately with the new information or wait until the nGeniusONE Server synchronizes with the devices. To modify device information: 1. From the nGeniusONE console, click the
Device Configuration icon.
2. Select the Devices tab. 3. Double-click the device you want to modify. Alternately, you can click
Modify.
4. Click the General and Advanced tabs to modify particular settings as required. • More on Switch fields Note: • To discard changes you make, click the Cancel button before continuing. • Switches only — In the Details window, at Log/Monitor, you can choose to configure the switch for monitoring and/or logging MIB2 (default) or DLC. More on changing between MIB2 and DLC. 5. Click OK and Apply to save your changes. 6. (Optional) Click Relearn from the Devices window to immediately apply the changes to the device, or wait until the nGeniusONE Server synchronizes devices.
495
nGeniusONE 5.4.1 Online Help Topics
Modifying Device Settings — Config Server and Read/Write Communities You can modify the read and write communities or the configuration server addresses of one or more devices you have added to the nGeniusONE server. To modify device settings: 1. From the nGeniusONE console, click the
Device Configuration icon.
2. Select the Devices tab. 3. Choose a device. Select multiple devices only if you want to apply the same modification to all devices in the group. 4. Click
Device Settings.
5. In the Read Community, Write Community, and Config Server IP Address fields, enter new values as required. IPv4 and IPv6 addresses are supported for the Config Server IP Address although you must configure an IPv6 management port to enter an address for the IPv6 Config Server. The name of one or more devices being modified is displayed in the dialog box. Note: Certain special characters are not allowed in nGeniusONE as follows: ' < > & " Important: Enter only settings for Read Community, Write Community, and Config Server IP Address you want to modify. Leave blank those fields you do not want to change. 6. When finished, click OK. When your changes to the device and database are successfully completed, the Progress Report status displays "Success".
Task
Note: NetScout Device Settings are automatically updated by this process. For nonNetScout devices, such as switches and routers, only the database is modified. On any non-NetScout device you must make the same changes to the read and, if applicable, write community on the actual device. Note: If the probe that you are trying to apply Device Settings to does not have a write community string that matches on the device and the database, then the Device Settings will not be applied to the device.
496
CONFIGURING AND MANAGING nGeniusONE
Device Details The Modify Device dialog box in Device Configuration > Devices allows you to view and, except as noted below, modify information about a specific probe, InfiniStream, router, or switch. It is accessed by double-clicking a device in the Devices tab. Note that, depending on the device type, not all parameters display. Field
Description
General information Name
The probe name. This field accepts spaces and alphanumeric characters. • Up to 128 alphanumeric characters are valid. • The device name must be unique. • Do not include commas or spaces in the name. Be advised that if you use non-approved characters or spaces, you may encounter problems generating alarms with user-defined protocols and using certain CLA commands. • The underscore _ and dash — are not considered special characters. • Rules governing the use of special char acters vary by function. In most cases, the user interface validates characters as you enter them, allowing some, all, or none.
Alias
(Optional) A user-defined alternate name for the probe.
Address
The IP address or host name of the probe, InfiniStream, router, or switch.
Notes
(Optional) Additional user-supplied information such as the device's location.
Device Template
The template applied to this device chosen from a pulldown menu. Default: Default Device Template
Communication Protocol
The communication protocol type used to exchange information between network devices. Choices: Automatic (default), HTTP, HTTPS, SNMPv1, SNMP (SNMPv2c), or SNMPv3. If set to automatic, the only available communication protocol is automatic and the control will be
• • • •
Up to 128 alphanumeric characters are valid. The alias must be unique for each device. Spaces and alphanumeric characters are valid. Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some, all, or none.
497
nGeniusONE 5.4.1 Online Help Topics
disabled. When automatic is added, the protocol that is detected - SNMP or HTTP - will be set as the communication protocol in the Details screen. Protocol choices are dependent on the Device Type. Note: HTTP is automatically detected only on 5.0.x and later InfiniStream devices. HTTPS and SNMPv3 are not automatically detected - you must manually choose these protocols. Important: NetScout strongly recommends that HTTP/HTTPS be selected instead of an SNMP version. HTTPS communications between NetScout appliances is performed such that certificates are verified on both server and client sides of the traffic once you have added the SSLHelper.trustAllCertificates=false property to the serverprivate.properties file. Important: When adding a device behind a firewall, be aware that nGeniusONE Server uses particular ports for the SNMP, HTTP, and HTTPS communication protocols. Alternatively, you can use optional ports for these protocols. Refer to the Ports Used by nGeniusONE Server Hardware section in the nGeniusONE Administrator Guide for these mandatory and optional port numbers. Read Community
The read community string. The initial default setting is public. Important: If you selected SNMPv3 as the communication protocol, this field changes, prompting for the authentication User Name.
Write Community
The write community string. This setting must match the write community string defined in the probe (more). The initial default setting is private. Important: If you selected SNMPv3 as the communication protocol, this field changes, prompting for the authentication Password.
Device Status
Displays the current status of the device. Device status can be active, inactive, or pending. This field cannot be modified.
Description
Displays system information about the device such as vendor, model, and firmware version of the device. This field cannot be modified.
Advanced Retries
The number of times you want the nGeniusONE Server to attempt to reach the probe if there is no response. This value must be an integer between 1 and 1000. Default value: 3 Note: When modifying the communication protocol, if HTTP or HTTPS is selected, be aware the default retry value
498
CONFIGURING AND MANAGING nGeniusONE
applied is 1 which does not display in the Details screen if you initially added the device with a protocol other than HTTP/HTTPS. You can manually enter this recommended value in the field however. Timeout
The interval (in seconds) you want the nGeniusONE Server to wait before retrying an SNMP request. The value must be an integer between 1 and 1000. Default value: 1 Note: When modifying the communication protocol, if HTTP or HTTPS is selected, be aware the default timeout value applied is 5 which does not display in the Details screen if you initially added the device with a protocol other than HTTP/HTTPS. You can manually enter this recommended value in the field however.
Enable deviceunreachable alarm
If enabled, an alarm displays in the Alarm Viewer if the device is unreachable; a subsequent alarm displays if the device comes back up.
Enable learn only mode (switch only)
Select this check box if this switch is used for spanning purposes only and you do not want to apply Application settings, history, templates, or alarms to the switch. More about the Enable Learn Only option. This field can be modified. This option is selected by default. nGenius PFS only — Checked by default and disabled. Option cannot be edited.
DLC (switch only)
Data Link Control check box. A switch setting for monitoring and logging MIB2 data. This field can be modified. Switches only — Select to enable mini-RMON. nGenius PFS only — Unchecked by default and disabled. Option cannot be edited. RMON1 alarms are not displayed in PM with DLC mode selected
Do not add routers for NetFlow
Enable this option if you do not want routers to be discovered. When disabled (default), system relearn identifies routers discovered by virtual interfaces. Netflow Collectors only — This option is available only when adding the device. Note: If you enable this option (so that routers are not discovered) previously added routers are not automatically removed. They must be removed manually.
SNMP V3 Settings (available only when the SNMPv3 communication protocol is chosen)
Authentication Protocol drop-down menu: MD5 or SHA Privacy Settings: Click this check box to choose a privacy protocol from the drop-down menu and enter a privacy password. Privacy Protocol drop-down menu: AES, DES, or 3DES Password: A privacy password is required if the privacy protocol is provided.
499
nGeniusONE 5.4.1 Online Help Topics
500
CONFIGURING AND MANAGING nGeniusONE
Device Details — Switches Note: The VLANs and FECs tabs are either disabled or do not appear if VLAN or FEC interfaces are not discovered on the switch. Also some of the following parameters may not appear in the screen display depending on the switch type. Field
Description
General settings Name
The switch name. This field can be modified and accepts spaces and alphanumeric characters.
Alias
(Optional) A user-defined alternate name for the switch • Spaces and alphanumeric characters are valid. • With the exception of the forward slash (/), special characters are not allowed in alias names. • The alias must be unique for each device.
Address
The switch IP address. This field can be modified.
Notes
Additional information about a switch such as the physical location. This field can be modified.
Device Template
The alarms template applied to this device. Templates can be added from the UMC only.
Communication Protocol
The communication protocol type used to exchange information between network devices. Choices: Automatic (default), HTTP, HTTPS, SNMPv1, SNMP (SNMPv2c), or SNMPv3.
Read Community
The read community string. The initial default setting is public. This field can be modified.
Write Community
The write community string. This setting must match the write community string defined in the switch (more). The initial default setting is public. This field can be modified.
Device Status
Identifies the current status of the switch. The switch status can be Active, Pending, Inactive, or Absent. This field cannot be modified.
Description
Displays system information such as vendor name, model, and software version.
Advanced settings Enable device unreachable alarm
If enabled, an alarm displays in the Alarm Viewer if the device is unreachable; a subsequent alarm displays if the device comes back up.
Retries
The number of times you want the nGenius Server to attempt to reach the switch if there is no response. This value must be an integer between 1 and 1000. This field can be modified.
501
nGeniusONE 5.4.1 Online Help Topics
Timeouts
The amount of time (in seconds) you want the nGenius Server to wait before retrying an SNMP request. The value must be an integer between 1 and 1000. This field can be modified.
Enable device unreachable alarm
If enabled, an alarm displays in the Alarm Viewer if the device is unreachable; a subsequent alarm displays if the device comes back up.
Enable learn only mode
Select this check box if this switch is used for spanning purposes only and you do not want to apply Global Settings, history, templates, or alarms to the switch. More about the Enable Learn Only option. This field can be modified.
DLC SNMP v3 Settings
502
Select this option to log and monitor Data Link Control (DLC) data for this switch. More on the DLC option. This setting is not supported.
CONFIGURING AND MANAGING nGeniusONE
Device and Interface Alias Overview You can optionally give a device or an interface an alternate name known as an alias. You might want to use aliases when, for example, the Network Administrator has a preferred method for naming devices that is useful in the Administrator role, but which is inconvenient for other users who are accessing views or reports. You can create aliases for devices and for physical and virtual interfaces: • Device — You can create an alias when you add a device to the nGeniusONE Server, or you can add or modify a device alias. • Physical interface — Add or modify aliases for physical interfaces at the Interfaces tab of the device details window. • Virtual interface — Add or modify alias names for virtual interfaces by clicking Virtuals in the device details window. After you define aliases for devices and/or interfaces, you can also choose to have device/interface aliases display for a specific NewsPaper report. Note: If you select aliases to display and no alias is defined for a device or interface, the device or interface name displays.
503
nGeniusONE 5.4.1 Online Help Topics
Viewing Associated Applications Devices Tab Application policy is rendered as an easy-to-read, tabular display when you click the Associated Applications icon. This screen displays the protocols and their correlated settings you applied either to all InfiniStream appliances from the nGeniusONE server or to this InfiniStream device from Device Protocol Settings you configured in Performance Manager (UMC). The Protocol Settings Type is displayed in parentheses at the top of the screen as either Global or Local. Information displayed includes settings for application Name and Parent, Response Time, responsiveness intervals, ASR, and Slice Size. The template type is displayed in parentheses at the top of the screen. To view the Associated Applications screen: 1. Login to the nGeniusONE console, and click
Device Configuration.
2. Select a device from the list displayed in the Devices screen. 3. Click
Associated Applications. The Associated Applications sliding screen
displays. When finished viewing, click
Back to withdraw the screen.
Refer to the following table for supported functionality. Icon/Column /
/
Description Show/Hide the filter to order the display. You can filter entries in any column. Reset the filter to the default. Refresh the display.
Device Protocol Settings
This column in the Devices tab describes the template you created in the Device Protocol Settings module (UMC). If you did not create a template, the Global template including all active protocols, but not messages, displayed.
Associated Application pane Name
Application Name which can include child applications. For example: BGP
Parent
Parent of the listed application. For example, IP is the parent application of the child application MIPV6.
504
CONFIGURING AND MANAGING nGeniusONE
Response Time
Checkbox indicating whether or not you assigned time values to the specified application.
Fast/Expected/Degraded/Service/Available
Intervals you assigned to the specified application including Fast, Expected, Degraded, Service, and Available settings, in microseconds.
ASR
Checkbox indicating whether or not you enabled ASR.
Recording
The slice size value you assigned to the application. Options: Default, Full, None, or a custom value in bytes.
505
nGeniusONE 5.4.1 Online Help Topics
Adding a UC Lync Collector UC Introduction Accessing UC Services NetScout's UC (Unified Communications) Lync Collector gathers and converts voice/video data processed by Microsoft Lync reports and Cisco CDRs (Call Detail Records) to extract data for ASI analysis of UC-KPI metrics. It is added as an InfiniStream appliance in Device Configuration similar to any other NetScout device. The records collected are utilized by certain UC Server views with the exception of conversation data. The UC Lync Collector is capable of supporting up to 10,000 calls per minute. Note that the UC Lync Collector is not related to nGenius Voice | Video Manager Data Collectors or nGenius 3300 Collectors and that the nGenius Voice | Video Manager Data Collectors and nGenius Voice | Video Engines do not inter-operate with the UC Server. Important: When upgrading the UC Lync Collector, be aware that remote upgrades are not supported. You must manually upgrade this type of NetScout device. Refer to the nGenius UC Lync Collector Administrator Guide for instructions. Configuration To add a UC Lync Collector to the nGeniusONE Server: 1. Click
Device Configuration.
2. Select the Devices tab. 3. Click
Add.
4. In the Add Device dialog box, enter information in the required fields. Important: The UC Lync Collector must be set to device type nGenius InfiniStream. Use of Flow Collector or any other setting for this device type is not supported. 5. (Optional) Click Advanced to enter values for Retries, Timeouts, and SNMPv3 Settings as well as Enable Device Unreachable Alarm, Enable learn only mode, and DLC check boxes if applicable. 6. Click Apply. 7. Click OK to save your configuration.
506
CONFIGURING AND MANAGING nGeniusONE
Deactivating or Activating a Device If you want to temporarily stop the nGeniusONE server from polling a device, you can deactivate it. You can subsequently activate the device when appropriate. More about deactivating and activating devices. What happens when you deactivate or activate a device To deactivate or reactive a device: 1. From the nGeniusONE Console, click
Device Configuration.
2. Select Devices tab. 3. Do one of the following: • Deactivate — Select an active device, and click Deactivate. Click OK to confirm that you want to deactivate the selected device. • Activate — Select an inactive device and click Activate. Click OK to confirm that you want to activate the selected device. 4. Click Apply.
507
nGeniusONE 5.4.1 Online Help Topics
PFS Integration with the nGeniusONE Server Enable PFS Ports to Display as Physical Interfaces NetScout's nGenius Packet Flow Switch (PFS) is a high performance, ultra low-latency network monitoring switch that aggregates, replicates, filters, and distributes network traffic for data, voice, video monitoring, and CyberSecurity deployments. nGeniusONE supports integration with the PFS as follows: • Logs MIB-2 statistics polled from PFS ports connected to the InfiniStream • Provides secure communications with the PFS through SNMPv3. Support includes these Authentication and Privacy protocols and associated AuthPriv or authNoPriv modes. Refer to Add/Modify Device for directions to configure SNMPv3. authNoPriv • MD5 • SHA-1 AuthPriv • MD5 auth with DES privacy • MD5 auth with AES-128 privacy • MD5 auth with 3DES privacy • SHA-1 auth with DES privacy • SHA-1 auth with AES-128 privacy • SHA-1 auth with 3DES privacy • SHA-2 authentication are included • AES-192 and AES-256 encryption (PFS 3900 Series) PFS Ports Displayed as Physical Interfaces With the introduction of PFS Mode, ingress ports (and their sources) on the PFS can be monitored and mapped to InfiniStream-monitored ports connected to an egress port on the PFS, and viewed on the nGeniusONE server. The number of supported combinations varies based on whether the configuration is enabled for: • full duplex — ifn12-31 are used to support up to 20 ingress ports and up to 450 virtuals, or • half duplex — ifn12-51 are used to support up to 40 ingress ports and up to 900 virtuals. PFS Mode is supported as follows. Traffic streams from several PFS ingress ports combine into one PFS egress port which is then directed to an InfiniStream appliance. The PFS can be configured to insert the PFS ID of each ingress port into packets for classification by the InfiniStream which uses this PFS tagging to create a logical interface identifying ingress ports in nGenius applications. To support cases in which you prefer to identify the port as a physical interface (such as when Host Analysis is needed, which only operates on physical interfaces; or when the environment includes monitoring virtual networks and stacking a VLAN ID on top of those
508
CONFIGURING AND MANAGING nGeniusONE IDs is not desirable), the InfiniStream appliance can be configured to map the inserted IDs to logical interfaces. This mapping allows PFS ports to be represented the same way as physical interfaces in nGeniusONE applications along with standard support for virtual networks being monitored on those links. After the mapping is performed, the PFS interface functions in the user interface and Device Configuration as a physical interface would. Also, data can then be tracked in Traffic Monitor and examined in Packet Analysis. This implementation allows detected traffic to be displayed in nGeniusONE as a logical PFS interface indicating the origin of the traffic. To aid identification of these data sources, you can create meaningful names to label this traffic by creating a configuration file in the opt/NetScout/rtm/config folder on the Server. Refer to Enable PFS Traffic to Appear as Physical Interfaces for details. For example, having created logical interfaces for PFS physical interface 3, the separate traffic streams are displayed in nGeniusONE Modify Device interface pane (shown below) as follows.
Important: Regarding licensing requirements, PFS physical interfaces do not count against the 50 physical interface limit of the nGeniusONE server. Important: To access the PFS GUI, you must first have added the PFS in the Devices tab > Add Device screen. Be aware that Learn Only Mode and DLC functions are not supported for the PFS. Refer to Add/Modify Device for more information. For more information, refer to nGenius Packet Flow Switch documentation.
509
nGeniusONE 5.4.1 Online Help Topics
Information Specific to Adding Switches in nGeniusONE The following information which is specific to adding switches, includes the following topics: • Preventing automatic switch configuration by enabling the Learn Only mode • How the nGeniusONE Server handles Ether Stat entries and trap destinations • Setting switches to log and monitor DLC (Data Link Control) or MIB2 Preventing Automatic Device Configuration By default, when you add a device to the nGeniusONE Server, the server automatically configures the device by applying Global Settings. For switches, however, you can prevent automatic configuration by using the Enable Learn Only option. Selecting Enable Learn Only prevents the server from applying Global Settings, templates, history, and alarms to the switch. You can select the Enable Learn Only option when you add the switch to the nGeniusONE Server or at a later time. If you enable the Learn Only option after the switch has been added to the nGeniusONE Server, the initial Global Settings, templates, alarms, and history settings are not removed. However, no further updates to the Global Settings, templates, alarms, or history are written to the switch. Ether Stat Entries and Trap Destinations When you add switches, the nGeniusONE Server handles Ether Stat entries and trap destinations as follows: • Learns the Ether Stat entries on the switch, if any exist • Creates Ether Stat entries if none exist • Creates trap destination entries. An error message is generated if the switch does not allow trap destinations to be installed. • Cisco Catalyst switches running CatOS firmware — If RMON is disabled on the switch, RMON entries (Ether Stats, Ether History, Alarms and Events, and trap destinations) are not created. The following table shows how the nGeniusONE Server adds or deletes trap destinations on a switch, depending on the trap destination setting (global_settings.switch_config_trap_dest) defined in the serverprivate.properties file and whether or not Learn Only Mode is enabled. Note: If you want to modify the global_settings.switch_config_trap_dest property, you must add it to the serverprivate.properties file. You do not need to restart the server. serverprivate.properties Learn Only Mode setting Disabled (default)
Learn Only Mode Enabled
global_settings.switch_ config_trap_dest=true
The nGeniusONE Server does not delete current entries in the switch trap destination table, and adds only the local server as a new trap destination.
510
The nGeniusONE Server deletes all entries in the switch trap destination table, and adds the entries that are defined in Global Settings.
CONFIGURING AND MANAGING nGeniusONE
global_settings.switch_ config_trap_dest=false (default)
The nGeniusONE Server deletes only the entries in the switch trap destination that are owned by nGenius, and adds the entries that are defined in Global Settings.
The nGeniusONE Server does not delete current entries in the switch trap destination table, and does not add new entries.
Setting Switches to Monitor/Log MIB2 or DLC By default, when you add a switch, it is set to monitor and log MIB2 data. You can optionally modify the device settings so that the switch monitors and logs DLC (Data Link Control) data. Changing logging/monitoring from DLC to MIB2 or MIB2 to DLC has the following results: Toggling from MIB2 to DLC The nGeniusONE Server: • Learns the Ether Stat entries on the switch, if any exist • Creates Ether Stat entries if none exist • Creates Alarms Toggling from DLC to MIB2 If created by the nGeniusONE Server, the following entries are deleted: • Ether Stat • Ether History • Alarm events
511
nGeniusONE 5.4.1 Online Help Topics
Viewing Ports Discovered on a Switch To view details about switch physical and virtual interfaces: 1. From the nGeniusONE Console, launch
Device Configuration.
2. Click the Devices tab. 3. Double-click the device to view all ports that the nGeniusONE Server discovered on the switch when the switch was added to the server or during
Relearn.
You can perform the following tasks: • Modify the port name — If the nGeniusONE Server learned the name of the interface from the device, it cannot be renamed. When the interface name is configurable, alphanumeric characters are valid. • Add or modify physical interface aliases • Deactivate or reactivate a port • View the port type and description • Designate a port as an analyzer port and specify an external probe
512
CONFIGURING AND MANAGING nGeniusONE
Setting Speed Override for Router Interfaces By default, the nGeniusONE software automatically learns device interface speeds when devices are added to the nGeniusONE Server. You can optionally override the learned speed for router interfaces. Also, you can enter or edit interface names or aliases. Note: Because override speeds are used in calculating utilization, it is important that you enter an accurate speed if you enable the override. To override the learned speed for the router and optionally edit the interface Name and Alias, or enter an alias: 1. From the nGeniusONE Console, launch
Device Configuration.
2. Select the Devices tab. 3. Double-click the router containing the interfaces you want to modify. 4. Select one or more router interfaces. Click and drag the cursor, or use Shift-click or Ctrl-click to select multiple interfaces. 5. Click
Modify or double-click the selected router interface.
Note: Inline editing is not supported. 8. Click the
Speed check box and enter the new speed.
9. Click OK. The new speed displays for the interfaces you selected. Note: To revert to the learned speed, deselect the interface and click OK.
Speed check box for the
10. Optionally, add or edit the interface add Alias. 11. Click OK and OK again to save your changes.
513
nGeniusONE 5.4.1 Online Help Topics
Changing Router Duplex State in nGeniusONE Accurate utilization views require correct NetFlow duplex settings. The nGeniusONE Server assumes router interfaces to be full duplex. If any flow source interfaces on the router are half-duplex, you must manually change the router duplex state. To change the router duplex state: 1. From the nGeniusONE Console, click
Device Configuration.
2. Select the Devices tab. 3. Double-click the router. 4. Select the interface. The Fdx checkbox displays the duplex setting for each router interface. (A check indicates full duplex mode.) 5. Click the Fdx check box required.
to toggle the interface between full and half duplex, as
Note: If you cannot toggle the Fdx check box, nGeniusONE Server was able to learn the correct duplex state from the router. You do not need to modify the setting. 6. Click Apply to save the new setting. Configuring Flow Interfaces on Routers, Probes, and Collectors
514
CONFIGURING AND MANAGING nGeniusONE
Setting Speed Override for Switch Port Interfaces By default, when devices are added, the nGeniusONE Server automatically learns device interface speeds and speeds from switch port interfaces. Note: Because override speeds are used in calculating utilization, it is important that you enter an accurate speed if you enable the override. To override the learned speed for switch port interfaces: 1. From the nGeniusONE Console, launch
Device Configuration.
2. Select the Devices tab. The Ports tab is selected by default. 3. Double-click the switch containing the interface you want to modify. 4. Select an interface. Click and drag the cursor, or use Shift-click or Ctrl-click to select multiple interfaces. 5. Double-click the selected interface, Click the speed.
Speed check box, and enter the new
6. Click OK. In the Modify Device dialog, the new speed displays for the interfaces you selected and a check mark in the Speed Override column indicates that you have overridden the speed learned when the device was added. Note: To revert to the learned speed, deselect the the interface and click OK.
Speed Override check box for
10. Click OK and Apply to save your configuration.
515
nGeniusONE 5.4.1 Online Help Topics
Adding Extreme Switches The following Extreme switches are supported: • Summit48Si version 6.2.2 (build 56) or higher • Alpine3804 version 6.2.2 (build 124) • Alpine3808 version 6.2.2 (build 124) • BlackDiamond6808 version 6.2.2 (build 124) You can configure nGeniusONE probes to receive packets from specific UDP ports on the Extreme switch. The probe CDM Adaptor interfaces that monitor this traffic are located on Interfaces 13 through 16. The probe allows one UDP port per interface and one interface per UDP port for a maximum of four NetFlow sources per probe. Adding Extreme Switches You can add an Extreme switch in either of the following ways: • Add the switch as a device. If you select Automatic as the device type, the nGeniusONE Server reads the switch sysOID and chooses the proper device plugin to support the switch. When you add the Extreme switch using the nGeniusONE Server Add Device function, it can be monitored as a Basic Level CDM Adaptor. • Add a probe currently receiving NetFlow data from the switch. When you add the probe, the switch is also added and displays in nGeniusONE Server. When you add an Extreme switch to the nGeniusONE Server, all of its ports and 802.1Q VLANs are learned. Extreme supports aggregated interfaces called Shares. These interfaces are similar to FECs/GECs on Cisco switches. Shares do not display because Extreme does not create interfaces for them in the Interface table.
516
CONFIGURING AND MANAGING nGeniusONE
Viewing/Modifying Interfaces Device Details - Interfaces Screen The Interfaces or Ports section of the Modify Devices screen, as shown below, provides for configuration and display of physical interface information for InfiniStreams, probes, routers, and switches as well as drill-down access to associated virtual interfaces. Be aware that depending on the interface type chosen, some data and functions are not available.
From this screen you can: •
Modify interface properties.
•
Delete an interface.
•
Activate or
Deactivate an interface.
•
Clear Captures to empty buffers of packets collected by previous captures. This function is not available for switches or routers.
•
Monitoring options to configure virtual interface parameters: IPSLA, NetFlow Aggregate, IP Ping, Associate Sites, Associate APN, or Associate VRF Groups and others. This function is not available for switches or routers.
•
Virtuals to view and configure virtual interfaces, as shown below. This function is not available for switches or routers. Also, the Virtuals icon is disabled if the selected physical interface does not have configured virtual interfaces.
Important: Inline editing is not supported. Modify Interface Name, Alias, or Speed To modify a physical interface Name, Alias, or Speed, refer to: • Modifying Device Information • Modifying Physical Interfaces • Modifying FEC Interfaces • Modifying virtual interfaces: APN, BSID, LA-RA, NetFlow, QoS, sFlow, Site, TAC, VLAN, VRF Group, and VRF Site. Important: Depending on the interface type, changing a name or interface speed may not be permitted. Column
Description
Name
The name of the interface. This field is configurable:
517
nGeniusONE 5.4.1 Online Help Topics
• Spaces and alphanumeric characters are valid up to a limit of 128 characters. • Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some, all, or none. • The name must be unique for each interface. Note: Interface names are based on if Descriptors or if Names (if entered on the device). If the nGenius Server learned the name of the interface from the device, you cannot modify the interface name. Alias
(Optional) A user-defined alternate name for the interface. This field is configurable: • Spaces and alphanumeric characters are valid. • Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some, all, or none. • The alias must be unique for each interface.
IP Address (Routers Only)
The IP address of the interface. If an interface has multiple IP addresses, only one address displays. This field does not display for probes or switches.
Number (Probes and Routers Only)
The interface number. This field does not display for switches.
Slot/Port (Switches Only)
The slot and port numbers on the device.
IF Type
The type of network the device is connected to such as Ethernet (ET), Frame Relay (FR), ATM, Token Ring (TR), WAN, GigabitEthernet, or ASI PORTAL (for select voice-supporting InfiniStream models). If the nGenius Server does not recognize the interface type, then the topology is defined as Other.
Speed Override (Routers and Switches Only)
Check box indicating whether or not the original interface speed was overridden.
Speed (Mbps)
The interface speed. By default, the speed is learned when a device is added. In many instances, this value can be overwritten.
Fdx (Routers and Switches Only)
Select this check box if the device supports full duplex. With Fdx (Full duplex) selected, the interface speed is doubled for utilization calculations. This field does not display for probes.
518
CONFIGURING AND MANAGING nGeniusONE
Status
The status of an interface— Active, Inactive, Absent, or Pending. You can deactivate an active interface by selecting the interface and clicking Deactivate, or activate an inactive interface by selecting the interface and clicking
Activate.
Alarm Template
Lists the alarm template (or Default) for each interface.
Locations/Virtualization
Indicates the type of Location Key (virtual interface) discovered by the InfiniStream appliance such as Site, VLAN, VRF, QoS, Cell Site, Cell Area, Cell ID, HandsetGroup, CMTS, APN, CMTS, TAC, BSID, LA-RA, and PLMN. Multiple and hybrid Location Key types are displayed in this column per physical interface as well as in the Virtuals screen. A list stretching longer than the field can be viewed in its entirety by hovering your cursor over the entry. They are also displayed in the Location Keys pane of the Service Configuration monitor where users can choose to display locations discovered by the InfiniStream (already carrying traffic) or those configured in Global Settings but not yet in operation. Caveats • A delay of between 6 and 10 minutes will occur for Location Keys to display after they are discovered. • Only when asi_mode is set to ASI will the InfiniStream display all supported location keys it discovers from the ASI tables. CDM mode will display virtual interfaces only. • When a virtual interface is changed in ASI mode (from VLAN to Site, for example), the relearn process will take 15 minutes to process the old virtual interface and return the new virtual interface type. • Note: With hybrid mode selected, this column is titled Virtualization. When ASI mode is selected, the column is titled Locations.
519
nGeniusONE 5.4.1 Online Help Topics
Viewing Interface Details for nGeniusONE Data Sources The Modify Device screen in the Devices tab of Device Configuration provides information about interfaces associated with the selected device. This window also provides options to configure functions and display settings of selected interfaces. 1. From the nGeniusONE Console, launch
Device Configuration.
2. Click the Devices tab. 3. Double-click a device to view physical interfaces discovered on the nGeniusONE data source. Note: Interfaces in Manage Only mode do not display in the Modify Device window. For more information about Manage Mode, refer to the appropriate probe agent administrator guide. 4. Select an interface containing virtual interfaces and click Virtuals. (The Virtuals button is enabled only when virtual interfaces exist for the selected physical interface.) In the Modify Devices window, you can perform the following tasks for supported devices: • Modify the interface name or alias (You cannot modify the interface name for NetFlow or sFlow interfaces.) • Add or modify physical interface aliases • View virtual interfaces • Deactivate or reactivate an interface • Clear data captures on selected interfaces • Delete an absent interface • Configure Site Monitoring definitions • Configure an SAA Device for IPSLA • Define IP Ping intervals • Create NetFlow Aggregate groups • View a list of Alarm Policies associated with a selected interface, and, if necessary, apply a different policy. 5. When finished, click OK, then Apply.
520
CONFIGURING AND MANAGING nGeniusONE
Modifying Physical Interfaces You can change the Name, Alias, Speed, Alarm Policy, or Link Type of physical interfaces listed in the Devices tab. Important: Support to change a physical interface name, alias, or speed depends on the type of associated probe, router, or switch. Not all settings are available for each device. To modify physical interface settings: 1. From the nGeniusONE Console, open
Device Configuration.
2. Select the Devices tab. 3. Double-click a device from the list and select an interface. 4. Click
Modify.
5. Enter a new Name or Alias. Special characters are not supported except for the following: ( ) _ - { } [ ] : ; , . , 6. Click the
Speed check box and enter a new Speed.
7. Select an Alarm Template from the drop-down menu. 8. Select a Link Type from the drop-down menu. 9. Click OK and OK again to save your configuration. Check the Report to ensure the new values were accepted successfully.
Task Progress
521
nGeniusONE 5.4.1 Online Help Topics
Modifying a Physical Interface Alias To modify a physical interface alias: 1. From the nGeniusONE Console, launch
Device Configuration.
2. Select the Devices tab. 3. Select a device and click the General tab. 4. Double-click a physical interface and in the Interfaces panel, enter a new alias or edit the old alias. Note: • Spaces and alphanumeric characters are valid. • With the exception of the forward slash (/), special characters are not allowed. • You must use an alias that is unique among all monitored physical interfaces. 5. Click OK and OK again to save your configuration.
522
CONFIGURING AND MANAGING nGeniusONE
Viewing Location Keys in Device Configuration Location Keys, also referred to as virtual interfaces, can be viewed in Global Settings > Locations screens by drilling down from their associated devices and physical interfaces. When discovered by the InfiniStream appliance, they are displayed in the Location Keys pane of the Service Configuration monitor where users can choose to list locations already carrying traffic or only those configured in Global Settings but are not yet in operation. Multiple and hybrid Location Key types are displayed in the Locations column per physical interface, as shown immediately below, and particular Location Keys are shown in the Virtuals screen, shown further down. A list stretching longer than the field can be viewed in its entirety by hovering your cursor over the entry.
To display discovered Location Keys in a monitor, click here. Caveats • A delay of between 6 and 10 minutes will occur for Location Keys to display after they are discovered. • When a virtual interface is changed in ASI mode (from VLAN to Site, for example), the relearn process will take 15 minutes to process the old virtual interface and return the new virtual interface type. • Only when asi_mode is set to ASI will the InfiniStream display all supported location keys it discovers from the ASI tables. InfiniStreams set to CDM mode will display virtual interfaces only. • In hybrid mode, the Locations column is titled Virtualization. Configuration To view the Location Keys (virtual interfaces) associated with a specific physical interface: 1. Click
Device Configuration.
2. Click the Devices tab and double-click a device. 3. Select the physical interface configured for virtual interfaces, and click Virtuals , as shown below. The virtual interface Name, Alias, ID, Speed Override setting (when applicable), and Speed (in Mbps) display. The Virtuals button is disabled if no virtual interfaces exist for the selected interface.
523
nGeniusONE 5.4.1 Online Help Topics
Note: To sort a column, click the arrow head in the column heading. You can also use the
filter to find a particular Location Key.
Click on the links below for more information about these Location Key types: • QOS (including QoSGroup) • RAT • Server/Client Communities • VLAN (including vlanservice) • Site (including Server Site and Client Site) • VRF (including VRFGroup, VRFAssign and VRFAdmin) • Cell (including cellsite, CellID, CellGroup, CellArea) • APN • Handset • PLMN • CMTS • BSID • TAC • RAI Viewing Virtual Interfaces on the Aggregate Interface If you configured the aggregate interface (interface 12) on the data source, the data source is automatically put in load balanced mode and virtual interfaces display only on the aggregate interface. No virtual interfaces display on the aggregated physical interfaces. For details on configuring the aggregate interface, refer to the appropriate agent administrator guide for your specific data source. 524
CONFIGURING AND MANAGING nGeniusONE
Modifying a Virtual Interface Alias To add or modify a virtual interface alias: 1. From the nGeniusONE Console, launch
Device Configuration.
2. Select the Devices tab. 3. Double-click a device. 4. Select a physical interface and click the
Virtuals icon.
5. Select a virtual interface whose alias you want to edit and click
Modify.
6. Enter a new or edit the old alias, click OK and OK again to save your configuration. Note: • In the Alias field, spaces and alphanumeric characters are valid. • With the exception of the forward slash (/), special characters are not allowed in alias names. • You must use an alias that is unique among all monitored virtual interface aliases.
525
nGeniusONE 5.4.1 Online Help Topics
Enabling Extended Virtual Interface Support on the nGeniusONE Server By default, the number of virtual interfaces you can detect is limited to 1000. If you have already configured your InfiniStream appliances for this feature, use the steps below to enable Extended Virtual Interface Support on the nGeniusONE Server. This is not required for collectors configured with extended virtual interfaces: 1. Access the nGeniusONE Server using SSH or a terminal emulation program. 2. Navigate to the /rtm/html directory. 3. Make a backup copy of client.properties before making any changes. 4. Using a text editor, open the client.properties file. 5. Add the following parameter on a new line: siteAssociation.maximumSitesPerME=2000 6. Save and exit the file. 7. Navigate to /rtm/bin directory. 8. Make a backup copy of the serverprivate.properties file. 9. Using a text editor, open the serverprivate.properties file. 10. Add the same parameter on a new line: siteAssociation.maximumSitesPerME=2000 11. Save and exit the file. 12. Restart the nGeniusONE Server processes. Note: For a more comprehensive set of configuration steps, including data source steps, refer to Configuring Extended Virtual Interfaces Support.
526
CONFIGURING AND MANAGING nGeniusONE
Deactivating or Activating an Interface If you want to temporarily stop the nGeniusONE Server from polling an interface, you can deactivate it. You can subsequently activate the interface when appropriate. More about deactivating and activating devices. To deactivate or activate an interface: 1. From the nGeniusONE Console, launch
Device Configuration.
2. Select the Devices tab. 3. Double-click a device and do one of the following: • Deactivate — Select an active interface, and click Deactivate . Click OK to confirm that you want to deactivate the selected interface. The status of the interface changes to Inactive. • Activate — Select an inactive interface and click Activate . Click OK to confirm that you want to activate the selected interface. The status of the interface changes to Active. 4. Click Apply.
527
nGeniusONE 5.4.1 Online Help Topics
Modifying FEC Interfaces Configured Fast EtherChannel (FEC) interfaces display in the FECs tab of the Modify Device screen (accessed by double-clicking a switch in the Devices tab of Device Configuration). You can modify or delete FECs using buttons in the toolbar. The following table describes the parameters/columns. Parameter
Description
Name
Not configurable. The FEC interface designation. For example: FEC_162.
Alias
Configurable. (Select the interface and click the Modify button.) Note that special characters are not supported except for the following: ( ) _ - { } [ ] : ; , . ,
Interface #
Not configurable. The switch interface number. For example: 162
Status
Not configurable. The real-time state of the interface: Active, Inactive, or Absent.
Description
Not configurable. The type of interface. For example: aggregated interface
528
CONFIGURING AND MANAGING nGeniusONE
Viewing FECs Discovered on a Switch The Modify Device screen list all the Fast EtherChannel (FEC) interfaces discovered by the nGeniusONE Server during the relearn process, or when the switch was added to the server. The information that displays is retrieved from the MIB table on the switch. To view FECs: 1. From the nGeniusONE Console, click
Device Configuration.
2. Select the Devices tab. 3. Double-click a switch. 4. Select FECs to display any associated slots/ports. Note: The FEC tab is unavailable to the Packet Flow Switch. 5. Click the Modify
icon to modify values.
529
nGeniusONE 5.4.1 Online Help Topics
Viewing FEC, Gigabit, and 10-Gigabit Interfaces Discovered on a Switch Fast EtherChannel, Gigabit, and 10-Gigabit interfaces discovered by the nGeniusONE Server during the relearn process, or when the switch was added to the server, are displayed in the Devices > Modify Device pane. The information that displays is retrieved from the MIB table on the switch. To view physical interfaces: 1. From the nGeniusONE Console, launch
Device Configuration.
2. Select the Devices tab. 3. Double-click a switch. 4. Click either Ports, VLANS, or FECs. 5. Select a FEC and click Virtuals
530
to display any associated slots/ports.
CONFIGURING AND MANAGING nGeniusONE
Viewing BSID Interfaces in nGeniusONE All BSID interfaces discovered by the nGeniusONE Server during relearn, or when the device was added to the server display in the Devices tab in nGeniusONE Server. To view BSID interfaces: 1. From the nGeniusONE Console, launch
Device Configuration.
2. Select the Devices tab. 3. Double-click a device. 4. Select a physical interface and click Virtuals. Configured BSID interfaces are displayed with the Status, Name, Alias, and BSID columns as shown below. Note: To sort a column, click the arrow head in the column heading.
531
nGeniusONE 5.4.1 Online Help Topics
Viewing LA-RA Interfaces in nGeniusONE All LA-RA interfaces discovered by the nGeniusONE Server during relearn, or when the device was added to the server display in the Devices tab in nGeniusONE Server. To view LA-RA interfaces: 1. Click
Device Configuration from the nGeniusONE Console.
2. Select the Devices tab. 3. Double-click a device. 4. Select a physical interface and click
Virtuals.
5. Configured LA-RA interfaces are displayed with their Name, Alias, and LA-RA ID. Note: To sort a column, click the arrow head in the column heading.
532
CONFIGURING AND MANAGING nGeniusONE
Viewing TAC Interfaces in nGeniusONE All TAC interfaces discovered by the nGeniusONE Server during relearn, or when the device was added to the server display in the Devices tab in the nGeniusONE Server. To view TAC interfaces: 1. From the nGeniusONE Console, launch
Device Configuration.
2. Select the Devices tab. 3. Double-click a device. 4. Select a physical interface and click Virtuals
.
5. Configured TAC interfaces are displayed with the Name, Alias, and TAC ID. Note: To sort a column, click the arrow head in the column heading.
533
nGeniusONE 5.4.1 Online Help Topics
Viewing VLAN Interfaces in nGeniusONE All VLAN interfaces discovered by the nGeniusONE Server during relearn, or when the device was added to the server display in the Modify Devices screen. When a probe is connected to an analyzer port on a device, the source of the data is coming directly from the device and sent to the probe on the analyzer port. If you are using this configuration, you can view VLANs. To view VLANS: 1. From the nGeniusONE Console, launch
Device Configuration.
2. Select the Devices tab. 3. Double-click a device. 4. Select a physical interface and click
Virtuals.
5. Configured VLANs are displayed with the Status, Name, Alias, ID, Speed Override check box, and DTE/DTE or Speed (Mbps). DTE/DCE columns display for Full Duplex interfaces, the Speed column displays for Half Duplex. Note: To sort a column, click the arrow head in the column heading.
534
CONFIGURING AND MANAGING nGeniusONE
Viewing VRF Group Virtual Interfaces in nGeniusONE When a device physical or flow interface detects network traffic that matches a VRF Group, it is displayed as a virtual interface. If needed, click Re-Learn in the Devices window to ensure the group definition is available on the device. To view the VRF Groups associated with a device: 1. From the nGeniusONE Console, launch
Device Configuration.
2. Select the Devices tab. 3. Double-click the applicable device. 4. Select the appropriate physical interface and click Virtuals. The Virtuals button is enabled only for those interfaces containing virtual interface(s). 5. The VRF Group interfaces display with Name, Alias, VRF Group ID, and DTE and DCE speeds. Note: To sort a column, click the arrow head in the column heading.
535
nGeniusONE 5.4.1 Online Help Topics
Modifying VRF Group Virtual Interface Speeds Use this procedure to configure VRF Group definitions for individual interfaces on probes. To modify speeds on individual interfaces, the speed set in Global Settings must be equal to zero. Device Configuration.
1. From the nGeniusONE Console, open
2. Select the Devices tab and double-click a supported device. 3. Select the physical interface and click the 4. Select the virtual interface and click 5. Click the
Virtuals icon.
Modify.
Speed Override check box and enter the Speed (Mbps).
6. Click OK and OK again to save your configuration.
536
CONFIGURING AND MANAGING nGeniusONE
Viewing VRF Site Interfaces in nGeniusONE To view discovered VRFs on an interface: 1. From the nGeniusONE Console, click
Device Configuration.
2. Select the Devices tab. 3. Double-click the appropriate device. 4. Select the physical interface and click
Virtuals.
Note: If the interface is not in download mode, and there are no virtual interfaces associated with the selected physical interface, the Virtuals button is disabled. 5. Configured interfaces for VRF Sites are displayed with the Status, Name, Alias, Admin and Assigned numbers, and Speed. If you configured the device to monitor both VRF and QoS, the QoS Level/Group displays for selected interfaces. Note: To sort a column, click the arrow head in the column heading.
537
nGeniusONE 5.4.1 Online Help Topics
Associating APN Definitions with a Physical Interface in nGeniusONE Adding APN Virtual Interface Definitions Adding or Modifying APN Groups After adding or modifying APN definitions in Global Settings, you must associate the APN definitions with an appropriately-configured physical interface. Associating APNs with a specific interface allows you to configure each interface on a probe to monitor a different virtual interface type. To download APN virtual interface definitions to the probe: 1. From the nGeniusONE Console, launch
Device Configuration.
2. Select the Devices tab. 3. Double-click the appropriate device. 4. Select the physical interface configured for APN Monitoring. 5. Click menu.
Select monitoring options and click Associate APN from the drop-down
6. Click an APN site to associate the site with the interface. Note: If the Associate check box is inactive, ensure that you have properly configured the selected interface in the device Agent Configuration Utility. To associate multiple APNs, do one of the following: • In the Associate column, select the appropriate
check box(es) one-by-one.
• Shift-click or Ctrl-click to multi-select APNs, then right-click and select Associate. You can use the same procedure to remove multiple APNs if required. • Click Associate all. (The button changes to associations.)
Remove all
7. Click OK. The Associate APNs window closes and the associations are saved to the selected physical interfaces. APN definitions download and apply only to physical and flow interfaces that you configure for APN monitoring.
538
CONFIGURING AND MANAGING nGeniusONE
Viewing VLANs Discovered on a Switch The Modify Device window displays all the virtual LAN interfaces that were discovered by the nGeniusONE Server during relearn, or when the switch was added to the server. When a probe is connected to an analyzer port on a switch, the source of the data is coming directly from the switch and sent to the probe on the analyzer port. If you are using this configuration, you can view Switch VLANs. To view switch VLANS: 1. From the nGeniusONE Console, click
Device Configuration.
2. Select the Devices tab. 3. Double-click a switch. 4. Select a physical interface with a VLAN and click the VLANs tab. The screen displays the Name, Alias, Interface #, ID, Status, and Description. Slot/Port, IF Type, Speed Override, Speed (Mbps), Fdx, Status, and Alarm Template of the VLAN interface. Note: To sort a column, right click the column heading.
539
nGeniusONE 5.4.1 Online Help Topics
Site-APN Interfaces The Site-APN Interfaces dialog box displays virtual interfaces associated with the selected Site interface on an appropriately configured probe. Viewing Site-APN Interfaces You can perform the following: Parameter Name
Description 1. Double-click or click Modify interface.
for the selected
2. Enter a new name for the device. Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all. 3. Click OK. Alias
1. Double-click or click Modify interface.
for the selected
2. Enter a new alias or edit the existing alias. 3. Click OK. ID
An auto-generated APN identifier that is not configurable. This column is not always displayed.
IP Address
Not configurable
Speed (bps)
Not configurable
540
CONFIGURING AND MANAGING nGeniusONE
BSID Interfaces in nGeniusONE Base Station ID (BSID) codes enable the monitoring of mobile cell site-based information on SID-NID virtual interfaces. The BSID interfaces dialog box displays virtual interfaces associated with the selected interface on an appropriately configured probe. Viewing BSID Interfaces You can perform the following functions: Parameter Name
Description 1. Click anywhere on the interface row and click Alternately, you can double click the row.
Modify.
2. The edit dialog box opens. Write an entry in the Name field. 3. Click OK. Alias
1. Click anywhere on the interface row and click Alternately, you can double click the row.
Modify.
2. The edit dialog box opens. Write an entry in the Alias field. 3. Click OK. BSID
Not configurable
541
nGeniusONE 5.4.1 Online Help Topics
LA-RA Interfaces Location Area (Code)-Routing Area (Code) (LA-RA) virtual interfaces enable the monitoring of mobile cell ID-based information. LA-RA virtual interfaces are available for selected physical links and must be configured on an nGenius InfiniStream appliance. These interfaces are situated in GPRS/UMTS networks. The LA-RA Interfaces dialog box displays virtual interfaces associated with the selected physical interface on an appropriately configured probe. Viewing LA-RA interfaces You can perform the following functions: Parameter Name
Description 1. Double-click anywhere on the interface row. 2. Write an entry in the Name field. 3. Click OK.
Alias
1. Double-click anywhere on the interface row. 2. Write an entry in the Alias field. 3. Click OK.
LA-RA ID
542
Not configurable
CONFIGURING AND MANAGING nGeniusONE
Quality of Service Interfaces You can modify a Quality of Service (QoS) virtual interface name, alias, or speed from Device Configuration > Devices > >
Virtual.
By default, nGeniusONE software automatically learns device interface speeds, as well as speeds for any QoS Levels or Groups. You can optionally override the learned speed on specific probe interfaces. Because override speeds are used in calculating utilization, it is important that they be accurately configured. Note: To override learned QoS speeds, the probe must be configured in the speed modifyonly mode. Refer to the appropriate agent administrator guide for details. You can perform the following functions: Parameter Name
Description 1. Click anywhere on the interface row and click Alternately, you can double click the row.
Modify.
2. The Modify dialog box opens. Write an entry in the Name field. 3. Click OK. Alias
1. Click anywhere on the interface row and click Alternately, you can double click the row.
Modify.
2. The Modify dialog box opens. Write an entry in the Alias field. 3. Click OK. QoS (ID)
Not configurable
IP Address
Not configurable
Speed Override Speed (Mbps)
Check box indication that the speed for the selected QoS Level/Group is overidden. 1. Select one or more QoS interfaces. Shift-click or Ctrl-click to make multiple selections. 2. Double-click the selected QoS interface or click Modify. 3. Click Speed Override. 4. Enter the new speed. 5. Click OK and OK again to save your configuration.
543
nGeniusONE 5.4.1 Online Help Topics
Site Interfaces The Site Interfaces dialog box displayed by clicking the Virtuals icon in Device Configuration displays virtual interfaces associated with the selected Site interface on an appropriately configured probe. If you configured the probe interface for QoS, the QoS Level/Group displays for selected Site interfaces. Viewing Site interfaces You can perform the following: Parameter
Description
Name
Not configurable
Alias
1. Double-click or click interface.
Modify for the selected
2. Enter a new alias or edit the existing alias. 3. Click OK. Site ID
Not configurable
IP Address
(Displays for Flow interfaces only) IP address of the source router.
Speed (Mbps)
Not configurable
If you configured the probe for Site-QoS, (vifn_mode = site-qos), do one of the following: Name
Not configurable. The name drives from the parent virtual interface and the QoS Level/Group.
Alias
Optionally enter an alias for the QoS Level/Group.
Site ID
Not configurable
QOS Level/Group
Not configurable
Speed Override Speed (Mbps)
Overrides the speed of the selected QoS Level/Group. 1. Double-click or click Modify for the QoS virtual you want to modify. 2. Select
Speed Override.
3. Enter a new speed. 4. Click OK.
544
CONFIGURING AND MANAGING nGeniusONE
Modifying Switch Ports The Switch Ports Details screen displays slots, ports and their associated values accessed from the Device Configuration > Devices tab > Modify Device screen. Actions you can take with switch ports are as follows: • Modify
interface parameters
• Delete
the interface
• Activate • Deactivate
the port the port
Important: In exception to other switches, nGenius 1500 Series Packet Flow Switch (PFS) parameters including Name, Alias, Fdx, and Speed Override can be modified. Parameter
Description
Name
The designation for the port showing the slot/port number. Example: 1/1 PFS only: 1. Click anywhere on the interface row and click Modify . Alternately, you can double click the row. 2. The edit dialog box opens. Write an entry in the Name field. 3. Click OK.
Alias
1. Click anywhere on the interface row and click Modify . Alternately, you can double click the row. 2. The edit dialog box opens. Write an entry in the Alias field. 3. Click OK.
Port
Not configurable. The slot/port number for the switch.
IF Type
Not configurable. The network typology type. For example: ET
Speed Override
Not configurable inline. Check box indicating whether the speed of the selected port was overridden.
Speed (Mbps)
Not configurable inline. The speed of the selected port.
Fdx
Not configurable. Check box indicating whether Fdx is enabled. PFS only: Not configurable inline. Click the
Fdx check box.
545
nGeniusONE 5.4.1 Online Help Topics
Status
Not configurable. The real-time state of the interface: Active, Inactive, or Absent.
Alarm Template
Not configurable inline. On the Switch Port dialog box, select a policy from the drop-down menu.
546
CONFIGURING AND MANAGING nGeniusONE
TAC Interfaces in nGeniusONE Tracking Area Code (TAC) virtual interfaces enable the monitoring of mobile cell ID-based information on LTE networks. Support for TAC virtual interfaces is available only for S1MME or S11 physical links. Throughput-related views for LTE protocols collected on TAC virtuals do not support S1 interface (S1.AP, ESM, EMM, and Diameter Children) metrics. The only supported workflows are Response Time views. The TAC interfaces dialog box displays virtual interfaces associated with the selected interface on an appropriately configured probe. Viewing TAC interfaces Important: Throughput-related metrics in TAC virtuals for Control Plane traffic on the S1MME Interface (when S1-U is not collected) are not supported due to S1/deciphering performance limitations. The Cell Site Summary view is not available and associated QoE/KPI data is not verifiable for S1 NAS child applications; the only supported workflows are Response Time views. NetScout recommends using the S1U interface on an S11 link (with a TAC virtual). You can perform the following functions: Parameter Name
Description 1. Click anywhere on the interface row and click Alternately, you can double click the row.
Modify.
2. The edit dialog box opens. Write an entry in the Name field. 3. Click OK. Alias
1. Click anywhere on the interface row and click Alternately, you can double click the row.
Modify.
2. The edit dialog box opens. Write an entry in the Alias field. 3. Click OK. TAC ID
Not configurable
547
nGeniusONE 5.4.1 Online Help Topics
VLAN Interfaces in nGeniusONE When a dedicated nGenius data source is attached to a trunk, the nGeniusONE Server discovers the VLANs that exist on the switches. The data source can provide analysis on the traffic generated by the two connecting switches.
The VLAN interfaces screen, shown below, displays virtual interfaces associated with the selected physical interface on an Ethernet probe. If you configured the data source interface for VLAN-QoS, the QoS Level/Group displays for selected interfaces in the same screen. The example below represents a Full Duplex interface.
Viewing VLAN interfaces You can perform the following functions: Parameter Name
Description 1. Click anywhere on the interface row and click Modify. Alternately, you can double click the row. 2. The edit dialog box opens. Write an entry in the Name
548
CONFIGURING AND MANAGING nGeniusONE field. 3. Click OK. Alias
1. Click anywhere on the interface row and click Modify. Alternately, you can double click the row. 2. The edit dialog box opens. Write an entry in the Alias field. 3. Click OK.
ID Speed Override DTE/DCE or Speed (Mbps)
Not configurable. Check box to override speed for the selected virtual interface. Devices with Full Duplex interfaces display DTE/DCE speeds; devices with Half Duplex interfaces display Speed only. 1. Select one or more VLANs. Shift-click or Ctrl-click to make multiple selections. 2. Double-click the selected VLAN or click 3. Click
Modify.
Speed Override.
4. Enter the new speed for DTE and DCE, or Speed values. 5. Click OK. If you configured the probe for VLAN-QoS, (vifn_mode = vlan-qos), your choices are as follows. Mixed location types are displayed in one screen. Name
Not configurable. The name drives from the parent virtual interface and the QoS Level/Group.
Alias
Optionally enter an alias for the QoS Level/Group.
ID
Not configurable. Same as the parent ID.
QOS
The QOS Level or group. Not configurable.
Speed Override Speed (Mbps)
Enables speed override for the selected QoS Level/Group. 1. Double-click the QoS interface you want to modify. 2. Select Speed Override. 3. Enter a new speed. 4. Click OK.
549
nGeniusONE 5.4.1 Online Help Topics
Setting Speed Override, Name, and Alias for VLANs A VLAN interface's speed, name, and alias can be set. By default, the server automatically learns device interface speeds but, optionally, you can override the learned speed for VLANs using the procedure below. Note: Because override speeds are used in calculating utilization, it is important that you enter an accurate speed if you enable the override. Without an override speed, the value is derived from the parent. To override the learned speed, and set a name and alias for VLANs: 1. From the nGeniusONE Console, launch
Device Configuration.
2. Select the Devices tab. 3. Double-click the data source containing the VLANs you want to modify. 4. Select the physical interface with associated VLANs and click
Virtuals.
5. Select one or more VLANs. Shift-click or Ctrl-click to select multiple VLANs. 6. Click
Modify for multiple VLAN interfaces or double-click one VLAN interface.
Note: Inline editing is not supported. Name and Alias can be changed only one interface at a time. 8. Enter a Name, Alias, and click the
Speed Override check box, as necessary.
9. Enter the new speed in the DTE and DCE or Speed fields. Devices with Full Duplex interfaces display DTE/DCE speeds; devices with Half Duplex interfaces display Speed only. 10. Click OK. The dialog closes, the new name, alias, or speed displays for the VLANs you selected, and a check mark in the Speed Override column indicates that you have overridden the speed learned when the device was added. Note: To revert to the learned speed, deselect the for the interface and click OK.
Speed Override check box
11. Click OK to close the VLAN interfaces dialog and save your configuration.
550
CONFIGURING AND MANAGING nGeniusONE
VRF Group Interfaces in nGeniusONE When you click the Virtuals icon, the dialog box displays VRF Groups associated with the selected interface on an appropriately configured device. If you configured the probe interface for VRF-groups and QoS, the QoS Level/Group displays for the selected interface. You can perform the following functions: Parameter
Description
Name
Not configurable
Alias
1. Double-click the Alias field of the selected interface. 2. Enter a new alias or edit the existing alias. 3. Click OK.
VRF Group ID
Not configurable
Speed (Kbps)
Not configurable in this dialog box. But, you can change speeds by clicking
Set monitoring options > Associate VRF Groups.
1. From the VRF associations list, select the VRF Group you want to modify. 2. Click
Modify.
3. Enter a new speed. 4. Click OK and OK again to save your configuration. If you configured the probe for VRF-Group QoS, (vifn_mode = vrf-group-qos), do one of the following: Name
Not configurable. The name derives from the parent virtual interface and the QoS Level/Group.
Alias
Optionally enter an alias for the QoS Level/Group.
VRF Group ID
Not configurable
QOS (Level/Group)
Not configurable
Speed Override
Click to override the speed of the selected QoS Level/Group.
Speed (bps)
• • • • •
Select Speed Override. Right click the speed you want to modify. Click Edit Speed. Enter a new speed. Click OK.
551
nGeniusONE 5.4.1 Online Help Topics
VRF Site Interfaces When you click the Virtuals icon, the dialog box displays VRF Sites associated with the selected interface on an appropriately configured device. If you configured the probe interface for VRF and QoS, the QoS Level/Group displays for the selected interfaces. You can modify the following values. Note: Inline editing is not supported. Parameter Name
Description 1. Click anywhere on the interface row and click Modify. Alternately, you can double click the row. 2. The edit dialog box opens. Write an entry in the Name field. 3. Click OK. e
Alias
1. Click anywhere on the interface row and click Modify. Alternately, you can double click the row. 2. The edit dialog box opens. Write an entry in the Alias field. 3. Click OK.
Speed Override Speed (Mbps)
When selected this check box opens the Speed field to override the default speed setting. Not configurable. The speeds are associated with the parent interface.
If you configured the probe for VRF-Site-QoS, (vifn_mode = vrf-site-qos), do one of the following: Name
Not configurable. The name drives from the parent virtual interface and the QoS Level/Group.
Alias
Optionally enter an alias for the QoS Level/Group.
QoS
Not configurable
Speed Override Speed (Mbps)
552
Not configurable Not configurable
CONFIGURING AND MANAGING nGeniusONE
553
nGeniusONE 5.4.1 Online Help Topics
Viewing Flow Interfaces in nGeniusONE Server 1. From the nGeniusONE Console, launch
Device Configuration.
2. Select the Devices tab. 3. Double-click an nGenius Collector configured as a flow destination. 4. Select the flow interface and click Virtuals
.
Note: If the Virtuals button is disabled, then no virtual interfaces are available.
554
CONFIGURING AND MANAGING nGeniusONE
NetFlow Interfaces The NetFlow Interfaces for NetFlow Interface-Mode dialog box displays virtual interfaces associated with nGenius Collector appliances. If you configured the Collector interface for QoS, the QoS Level/Group displays for selected NetFlow interfaces. You can perform the following functions: Parameter
Description
Name
Not configurable
Alias
1. Click anywhere on the interface row and click Modify . Alternately, you can double click the row. 2. The edit dialog box opens. Write an entry in the Alias field. 3. Click OK.
Alarm Template
Drop-down menu choices of alarm templates created in the UMC or the default.
Fdx
Checkbox
NetFlow ID
Not configurable
IP Address
Not configurable. IP address of the source router.
Topology
Type of network.
Speed Override
Checkbox interface.
Speed (Mbps)
Note: You must disable auto-discovery on the probe to modify the speed. Refer to the agent administrator guide for your probe for details.
to select Full Duplex.
to override the speed of the selected NetFlow
1. Select one or more NetFlow interfaces. Click and drag the cursor, or use Shift-click or Ctrl-click to select multiple interfaces. 2. Double-click the selected interfaces. 3. Enter the new speed. 4. Click OK. If you configured the probe for QoS, (vifn_mode = router-ifn-qos), do one of the following: Name
Not configurable. The name derives from the parent virtual interface and the QoS Level/Group.
Alias
Optionally enter an alias for the QoS Level/Group.
NetFlow ID
Not configurable
555
nGeniusONE 5.4.1 Online Help Topics
QOS Level/Group
Not configurable
Speed Override
Click to override the speed of the selected QoS Level/Group.
DTE/DCE
1. Select Speed Override. 2. Right click the speed you want to modify. 3. Click Edit Speed. 4. Enter a new speed. 5. Click OK.
556
CONFIGURING AND MANAGING nGeniusONE
sFlow Interfaces The sFlow Interfaces dialog box displays virtual interfaces associated with the selected interface on an appropriately configured nGenius Collector. You can perform the following functions: Parameter Name
Description 1. Click anywhere on the interface row and click Modify Alternately, you can double click the row.
.
2. The edit dialog box opens. Write an entry in the Name field. 3. Click OK. Alias
1. Click anywhere on the interface row and click Modify Alternately, you can double click the row.
.
2. The edit dialog box opens. Write an entry in the Alias field. 3. Click OK. Alarm Template Number
Select a particular interface alarm template or use the default template. Interface Number. Not configurable
Speed Override
Checkbox to override the speed of the selected sFlow interface.
DTE/DCE
Note: You must disable auto-discovery on the Collector to modify the speed. Refer to the agent administrator guide for your Collector for details. 1. Select one or more sFlow interfaces. Click and drag the cursor, or use Shift-click or Ctrl-click to select multiple interfaces. 2. Right-click the selected interfaces. 3. Click Edit Speed. 4. Enter the new speed. 5. Click OK.
557
nGeniusONE 5.4.1 Online Help Topics
Setting NetFlow Interface Speed Override By default, the nGeniusONE software automatically learns device interface speeds, as well as speeds for any NetFlow interfaces. You can optionally override the learned speed for any NetFlow interface. Because override speeds are used in calculating utilization, it is important that you enter an accurate speed if you enable the override. To set NetFlow interface speed override: 1. From the nGeniusONE Console, launch
Device Configuration.
2. Click the Devices tab and double-click the probe you want modify. 3. Select the NetFlow interface. 4. Click Virtuals
.
5. Select one or more NetFlow interfaces. Click and drag the cursor, or use +click or +click to select multiple interfaces. 6. Click Modify
or double-click the selected NetFlow interfaces.
Note: For Full Duplex probes, DTE and DCE speed columns display. Note: Inline editing is not supported. 7. Click the Speed Override
checkbox.
8. Enter the new speed. 9. Click OK. The new speed displays for the NetFlow interfaces you selected and a check mark in the Speed Override column indicates that you have overridden the speed learned when the device was added. Note: To revert to the learned speed, deselect the Speed Override check box for the interface and click OK. 10. (Optional) If you want to add or change an existing Alias, enter a value in the Alias field. 11. Click OK.
558
CONFIGURING AND MANAGING nGeniusONE
Importing/Exporting Creating a File to Import Devices in nGeniusONE You can save time when adding multiple devices to the nGeniusONE Server by creating a comma-separated value (CSV) file. Meeting Requirements Importing nGenius devices Supporting SNMPv3 Creating the File Examples Requirements The following requirements apply to the CSV file: • Enter information for each device on a separate line. • Device type, device name, and IP address (IPv4 or IPv6) are required. • In a distributed nGeniusONE Server environment, include the name of the Local Server Name to which the device is to be added. The Local Server name supplied must match the name used for the Local Server configuration. When adding devices, you can enter the device type as AUTOMATIC. This allows the nGeniusONE Server to determine the device type and display the information in the device Type column in
Device Configuration.
Importing nGenius InfiniStreams Supporting SNMPv3 You can import nGenius InfiniStreams that support SNMPv3 as follows: • Import InfiniStreams configured for SNMPv2 (the default configuration). After importing the probes, configure the probes for SNMPv3. • Import InfiniStreams already configured for SNMPv3. Then: o Reboot the InfiniStream. Rebooting changes the nGeniusONE Server communication to SNMPv3 (the Config Server Address on the probe must match the IP address of the nGeniusONE Server). o Note: To verify that the Config Server address in the probe matches the Sniffer Analysis nGeniusONE Server address, you can click Remote Login to remotely login to the probe and confirm that the correct address is entered in option 4. Creating the File To create the CSV file: 1. Create a new text file using a text editor. 2. Enter one line of information for each device using the following format (the last three fields are used to configure SNMP v3): Device type, Name, IP Address, Read Community, Write Community, 559
nGeniusONE 5.4.1 Online Help Topics Retries, Timeout, Learn Only, Server Name, Device Alias, Notes, Web Server Port, Server Address, nFR Server Name, Workspace Name, Device Unreachable Alarm, Log/Monitor MIB2, Status, System Description, Physical Address, Communication Protocol, Authentication Protocol, Privacy Protocol, Privacy Password Click here for a description and defaults for each field Note: • When creating the import file, create a space for all of the above fields (including SNMPv3 fields), even if they do not contain any values. • Enter AUTOMATIC in upper case. (nGenius InfiniStream is added as device type AUTOMATIC). For example, to specify an nGenius InfiniStream, enter nGenius InfiniStream. The CSV file is casesensitive on Linux systems. • To accept defaults for all fields that follow required fields, you can leave the fields blank. Refer to Example 1 below. • You can use the default value for a parameter by entering a comma for that field. In Example 2 below, defaults are accepted for all fields between Local Server Name and MIB2Mode. 3. Save the file with a .csv extension and close the file. 4. You can add all of the devices in your CSV file by clicking
Import devices.
Examples Example 1: Adding an nGenius InfiniStream appliance nGenius InfiniStream,boston_server,10.20.160.111,public,public,3,1,Standalone Server,OH-Operations,,0,,,,TRUE,Active,InfiniStream Model 2910A - CDM 5.4.0 (Build 307),10.20.160.111,HTTP,,,, Example 2: Adding a switch to a Global Manager in a distributed server environment, with Learn Only enabled AUTOMATIC,My Switch2,10.45.67.89,public,public,3,4,LO, LocalServer1,,,,,,,,true In this example, since there is an entry for MIB2Mode, commas must be entered to accept the defaults for all fields between Local Server Name and MIB2Mode. With MIB2Mode set to true, the switch is set to monitor and log MIB2 data.
Importing Devices in nGeniusONE You can add multiple devices more efficiently by creating and importing a .CSV file that contains all relevant device information. To add multiple devices: 1. Create a CSV file containing information about each device you want to add. by creating the file manually. 2. From the nGeniusONE Console, click 3. Select the Devices tab.
560
Device Configuration.
CONFIGURING AND MANAGING nGeniusONE
4. Click
Import devices.
5. Locate and select your .CSV file. Make sure the filename displays in the File name field. 6. Click Open. The devices are added and display in the Devices window. Be aware if the Task Progress Report for errors.
Exporting Device Settings You can export device settings from one nGeniusONE Server to a file that you can then import to another Server. Features Exported • Well known Apps • Server-based Applications • Extension Apps • Application Groups • Sites • Host Groups • QoS Groups • APN Groups • SNMP Trap Listeners • KPI Alarm • KPI Error Code Config • KPI Error Codes Exporting Device settings is useful to accomplish the following tasks: • Export the device configuration • Export custom protocols — When you import custom protocols, certain rules are applied to prevent importing duplicate. Export is not supported for protocols provided by default. • Export Application Group associations To export device settings: 1. From the nGeniusONE Console, click
Device Configuration.
2. Click the Devices tab. 3. Click
Export devices.
Important: Saving the file with the same name as a previously-saved file overwrites files contents. 4. Click Save File and OK. You can later import the file to another system.
561
nGeniusONE 5.4.1 Online Help Topics
Fields for Import Devices CSV File To create a CSV file to import devices to nGeniusONE server, refer to the parameters described in the table below. NOTE: All fields must be included but only required fields must be populated. Creating a File to Import Devices in nGeniusONE Field
Default
Required?
Description
Device Type
None
Required
Enter one of the following: • AUTOMATIC • PROBE (or NETSCOUT PROBE) • OTHER DEVICE (Use for Routers) Enter the device type in upper case. The CSV file is case-sensitive on Linux systems.
Name
None
Required
Enter a unique device name. This field accepts spaces and alphanumeric characters.
Device IP Address
None
Required
Enter the device IP address (IPv4 or IPv6).
Read Community
public
Optional
The read community string.
Write Community
public
Optional
The write community string. This setting must match the write community string defined in the device (more).
Retries
3
Optional
The number of times you want the nGeniusONE Server to attempt to reach the device if there is no response. This value must be an integer between 1 and 1000.
Timeout
1
Optional
The amount of time (in seconds) you want the nGeniusONE Server to wait before retrying an SNMP request. The value must be an integer between 1 and 1000.
Learn Only
False
Optional
For switches only. Enter LO if you want the nGeniusONE Server to only learn the configuration from the switch, and you do not want to apply Global Settings, history, templates, or alarms to the switch. More about
562
CONFIGURING AND MANAGING nGeniusONE
the Enable Learn Only option. Server Name
None
Required if importing from a Global Manager
Required for distributed server environment only. If you are adding a device from a Global Manager system, enter the Local Server Name of the Local Server to which the device is to be added. The Local Server Name supplied must match the name in the Server Configuration. Note: If you entered the Server IP Address as the Server Name during configuration, then enter the Server IP Address in the Server Name field.
Alias
None
Optional
A user-defined alternate name for the device. • Spaces and alphanumeric characters are valid. • With the exception of the forward slash (/), special characters are not allowed in alias names. • The alias must be unique for each device.
Notes
None
Optional
Additional user-entered information about the device such as the physical location. Spaces and alphanumeric characters only are valid.
Web Server Port
0
Optional
Used by nGenius Flow Recorder
Server Address
None
Optional
Used by nGenius Flow Recorder
nFR Server Name
None
Optional
Used by nGenius Flow Recorder
WorkSpace Name
None
Optional
Used by nGenius Flow Recorder
Device Unreachable Alarm
true
Optional
If set to true, an alarm displays in the Alarm Viewer if the device is unreachable; a subsequent alarm displays if the device comes back up. Enter false for this field if you do not want an alarm displayed if the device is unreachable.
Log/Monitor MIB2Mode
false
Optional
For switches only. You can optionally set a switch to monitor and log Data Link Control (DLC) data, or MIB2
563
nGeniusONE 5.4.1 Online Help Topics
data. By default MIB2Mode is set to false; the switch monitors and logs DLC data. To monitor and log MIB2 data, set this parameter equal to true. More on the DLC/ MIB2 option. Status
None
Optional
Active or inactive
System Description
None
Optional
System info including software version
Physical Address
None
Required
Physical IP address
Communication Protocol
Auto
Optional
Automatic, HTTP, HTTPS, SNMP, SNMPV1, or SNMPV3
Authentication Protocol
None
Required for SNMPv3
Used for SNMPv3
Privacy Protocol
None
Required for SNMPv3
Used for SNMPv3
Privacy Password
None
Required for SNMPv3
Used for SNMPv3
Default Values for Devices in nGeniusONE The following table lists the default values for devices. Fields marked with an asterisk (*) are required. Fields are displayed depending on the device type. Parameter
Default Value
Description General tab
*Name
None
Device name
Alias
None
Optional user-defined alias for the device
*Address
None
IP address of the device
Device Type
Automatic
Device type — select Automatic if the type is unknown
Notes
None
Optionally enter notes about the device
Communication Protocol
None
Optionally enter the communication protocol for the device
Read Community
public
Read community string
Write Community
public
Write community string Advanced tab
564
CONFIGURING AND MANAGING nGeniusONE
*Retries
3
Number of times the server tries to contact the device in order to add it
*Timeout
1
Interval between retries (seconds)
Enable deviceunreachable alarm
Checked (true)
When selected (or set to true in a CSV file for adding multiple devices), an alarm displays in the Alarm Viewer if the device is unreachable; if the device comes back up, a subsequent alarm displays
Enable learn only mode
Checked
For switches only in support of spanning. Click the check box to prevent the nGeniusONE server from applying Global Settings, templates, and alarms to the switch.
Do not add routers for NetFlow
Unchecked (false)
Click the check box if you do not want routers to be discovered (NetFlow Collectors only)
MIB2
For switches only. Click the check box to monitor/log Data Link Control traffic. If unchecked, the setting is MIB2.
Authentication Protocol
MD5
Choose one of the following from the drop-down menu: MD5 or SHA
Privacy Settings
Unchecked (false)
Applies to SNMPv3 settings only. Click the check box to enable.
Privacy Protocol
AES
Applies to SNMPv3 settings only. Drop-down menu choices: AES, DES, or 3DES
*Password
None
Applies to SNMPv3 settings only. If you have chosen a Privacy protocol, enter a Privacy password of no more than 128 bytes
DLC
565
nGeniusONE 5.4.1 Online Help Topics
Upgrade Remotely Upgrading the nGenius InfiniStream Appliance — Overview The nGeniusONE solution allows users granted the System Administrator role to remotely upgrade the nGenius InfiniStream with the following: • nGenius InfiniStream software • Decode Packs Note: • You cannot use the remote upgrade function to re-image the appliance operating system. • You can also remotely upgrade nGeniusONE Server software. To perform the remote upgrade, you must first download the software package or decode pack to the parent server (Global Manager/Dedicated Global Server or standalone nGeniusONE Server). Following upgrade the decode pack major and minor versions and build numbers display in the Upgrade screens in Device Configuration. This information displays in the Device Configuration screen following the automatic reboot at the end of the upgrade. Version and build display in the Upgrade screen following refresh or automatically after midnight. MasterCare customers can schedule software package and decode pack download to the parent server to take place automatically; however, you can download packages manually if you prefer. Note that downgrades to previous software versions are not supported. Remotely Upgrading InfiniStream Software Requirements: Automatic Download Requirements: Remote Upgrade Order of Upgrade Multiple Upgrades Partitioning File System Prerequisites Requirements: Scheduling Automatic Download • You must be a MasterCare customer and be granted the System Administrator role to perform this procedure. Requirements: Remote Upgrade • Refer to the nGenius InfiniStream Administrator Guide and Deployment Essentials Guide for up to date information about Remote Upgrades of nGeniusONE, InfiniStream and Decode pack software from earlier versions. Order of Upgrade The nGeniusONE Server must be running an equal or higher version of software than the nGenius InfiniStream appliance it manages.
566
CONFIGURING AND MANAGING nGeniusONE Multiple Upgrades — You can select any number of appliances for upgrade. However, the nGeniusONE Server downloads files to appliances in batches to minimize bandwidth consumption. Nevertheless, network congestion may cause some upgrades to fail. Retry the upgrade for each appliance that initially fails if you are certain the appliance is up and responding. Partitioning — When you upgrade you can choose to preserve or modify existing partitions. Re-partitioning results in loss of data. Because of this, you may want to make changes to the existing partitions before you start capturing data. • Individual upgrade — When you upgrade a single nGenius InfiniStream appliance, the Upgrade screen displays existing partition sizes. You can preserve or modify the existing partition. • Multiple upgrade — When you select multiple nGenius InfiniStream appliances for upgrade you can preserve the existing partitions on all selected systems Partition Guidelines, Description, and Ranges File System — For the Packet storage partition, you can select one of the following: • NetScout (Raw) • XFS Prerequisites • The nsprobe process must be running on each target appliance. • You must have write access to the devices being upgraded. Verifying nsprobe and Write Community a. From the nGeniusONE Console, launch
Device Configuration.
b.Select the device. c. Click
Information and verify the following:
• Ping Test = OK • Write Community = OK d. Click Close. You can also determine whether nsprobe is running by logging on to the appliance operating system, navigating to /rtm/bin folder, and executing the ./PS command.
Remotely Upgrading the nGenius InfiniStream Appliance — Overview The nGeniusONE solution allows users granted the System Administrator role to remotely upgrade the nGenius InfiniStream with the following: • nGenius InfiniStream software • Decode Packs
567
nGeniusONE 5.4.1 Online Help Topics Note: • You cannot use the remote upgrade function to re-image the appliance operating system. • You can also remotely upgrade nGeniusONE Server software. To perform the remote upgrade, you must first download the software package or decode pack to the parent server (Global Manager/Dedicated Global Server or standalone nGeniusONE Server). Following upgrade the decode pack major and minor versions and build numbers display in the Upgrade screens in Device Configuration. This information displays in the Device Configuration screen following the automatic reboot at the end of the upgrade. Version and build display in the Upgrade screen following refresh or automatically after midnight. MasterCare customers can schedule software package and decode pack download to the parent server to take place automatically; however, you can download packages manually if you prefer. Note that downgrades to previous software versions are not supported. Remotely Upgrading InfiniStream Software Requirements: Automatic Download Requirements: Remote Upgrade Order of Upgrade Multiple Upgrades Partitioning File System Prerequisites Requirements: Scheduling Automatic Download • You must be a MasterCare customer and be granted the System Administrator role to perform this procedure. Requirements: Remote Upgrade • Refer to the nGenius InfiniStream Administrator Guide and Deployment Essentials Guide for up to date information about Remote Upgrades of nGeniusONE, InfiniStream and Decode pack software from earlier versions. Order of Upgrade The nGeniusONE Server must be running an equal or higher version of software than the nGenius InfiniStream appliance it manages. Multiple Upgrades — You can select any number of appliances for upgrade. However, the nGeniusONE Server downloads files to appliances in batches to minimize bandwidth consumption. Nevertheless, network congestion may cause some upgrades to fail. Retry the upgrade for each appliance that initially fails if you are certain the appliance is up and responding. Partitioning — When you upgrade you can choose to preserve or modify existing partitions. Re-partitioning results in loss of data. Because of this, you may want to make changes to the existing partitions before you start capturing data.
568
CONFIGURING AND MANAGING nGeniusONE • Individual upgrade — When you upgrade a single nGenius InfiniStream appliance, the Upgrade screen displays existing partition sizes. You can preserve or modify the existing partition. • Multiple upgrade — When you select multiple nGenius InfiniStream appliances for upgrade you can preserve the existing partitions on all selected systems Partition Guidelines, Description, and Ranges File System — For the Packet storage partition, you can select one of the following: • NetScout (Raw) • XFS Prerequisites • The nsprobe process must be running on each target appliance. • You must have write access to the devices being upgraded. Verifying nsprobe and Write Community a. From the nGeniusONE Console, launch
Device Configuration.
b.Select the device. c. Click
Information and verify the following:
• Ping Test = OK • Write Community = OK d. Click Close. You can also determine whether nsprobe is running by logging on to the appliance operating system, navigating to /rtm/bin folder, and executing the ./PS command.
Remotely Upgrading InfiniStream Software Before you perform the remote upgrade, ensure that your environment meets all prerequisites. To upgrade software for one or more nGenius InfiniStream appliances: 1. Do one of the following: • Download the appropriate upgrade file to the /rtm/tftpboot directory on the nGeniusONE Server. In a distributed server environment, you can perform the upgrade from the Global Manager or from the Local Server that owns the appliance. b. Upgrade files are named according to the following convention: is-[major version]-[build]-[topology].bin c. For example, a v5.4 build 500 upgrade file would be named: is-5400-500-eth.bin d. Note: MasterCare customers can download the binary upgrade files for the latest version of software from the NetScout Systems Support site: https://my.netscout.com/mcp/Pages/landing.aspx
569
nGeniusONE 5.4.1 Online Help Topics Refer to the appropriate software release notes for your appliance for specific instructions. • Schedule automatic software download. When using this method in a distributed server environment, you must download the files to the Global Manager. 2. From the nGeniusONE console, click
Device Configuration.
3. Click the Upgrade tab. 4. Click the InfiniStreams tab. Installed InfiniStream appliances are listed with their current Status, Name, (IP) Address, Model number, Version number, and Description including the firmware release and Build numbers. 5. Select one or more appliances to upgrade. — A red icon in the Status column indicates the existence of an upgrade file with a higher version than the appliance is currently running. — A green icon indicates that the appliance is already upgraded to the latest file version in the nGeniusONE Server upgrade file repository. Note: All selected appliances must share the same topology. For example: eth(ernet). 6. Click
Select file to upgrade.
7. In the nGenius InfiniStream Software Package dialog box, each software package displays with a unique version number that includes the device type, release version, build number, and topology. Select the appropriate upgrade file (the dialog box displays only those software packages appropriate to the selected appliance) and click OK. Note: To delete a software package, select it and click Delete. Confirm the deletion to complete the action. 8. Click Upgrade. The Upgrade Parameters dialog box displays. Configure upgrade parameters according to the type of upgrade you are performing: • Individual appliance • Multiple appliances 9. When you finish configuring upgrade parameters, click Upgrade. 10. Click OK to confirm. The software package is uploaded to the selected nGenius InfiniStream appliance(s). The Task Progress Report arrow displays detailed, step-by-step information as the upgrade progresses. In the case of multiple upgrades, progress displays for each individual device. Following a successful upload, the appliance saves its current configuration, runs the binary upgrade executable, restores the configuration, and reboots. Upgrade can take 10-15 minutes to complete, including the automatic post-upgrade reboot of the appliance. Click Details to review progress. 570
CONFIGURING AND MANAGING nGeniusONE
Following reboot, the upgraded appliance automatically requests a re-learn from nGeniusONE Server. In the Upgrade dialog, a red icon displays next to the appliance name. Following re-learn (usually within 60 seconds), nGeniusONE Server updates the dialog by removing the red icon and updating the appliance description software version and build number. To view the new upgrade status for the appliance along with decode pack version and build number, refresh the Upgrade dialog (the dialog does not refresh automatically). If you do not refresh, the information automatically displays at midnight following the upgrade. 11. (Optional) In the Devices screen, select the appliance and click to verify that upgrade was successful.
Information
Note: The first time the CDM Agent starts following upgrade, the CodecTable settings are automatically backed up to CodecTable.V. A new CodecTable is created that converts previous codec settings, and also includes any new payload types. If you modified EVRC or EVRC-B codecs, verify that your settings were carried forward. Copy any required changes from the backed up CodecTable to the new CodecTable and restart the CDM Agent to apply. Troubleshooting • If upload of the upgrade file to the device fails (for example, due to network congestion or slow connectivity), restart the upgrade. • If upload completes, but the upgrade fails on the device, you must manually upgrade by logging directly into the device. • The following files may be helpful in diagnosing issues: o
nGeniusONE Server: Global Manager: /rtm/log/debuglog-globalm-xxx.txt Local Server or standalone nGenius Server: /rtm/log/debuglog-xxx.txt
o
nGenius InfiniStream: /opt/platform/nsupgrade/upgrade.log
• If for any reason the device is not automatically relearned, use the nGeniusONE Server Relearn option to do so manually (in the Devices window, select the device and click
Relearn.)
Remotely Upgrading InfiniStream Decode Packs Before you perform the remote upgrade, ensure that your environment meets all prerequisites. Perform the following procedure to upgrade decode packs for the nGenius InfiniStream appliance. 1. Do one of the following: • On the parent server, download the appropriate upgrade file to the /rtm/pmupgrade directory. (Note that the download directory differs from that for nGenius InfiniStream software.)
571
nGeniusONE 5.4.1 Online Help Topics
Upgrade files are named according to the following convention: dep-[major version]-[minor version] - [build] - [OS].bin For example, a v15.1 build 166 upgrade file for Linux would be named: dep-15-1-166-lin.bin Note: MasterCare customers can download the binary upgrade files for the latest version of software from the NetScout Systems Support site: https://my.netscout.com/mcp/Pages/landing.aspx You can find the software in the Sniffer Decode and Expert Pack section. Refer to the appropriate software release notes for your appliance for specific instructions. • Schedule automatic software download. When using this method in a distributed server environment, you must download the files to the Global Manager. 2. From the nGeniusONE console, click the Device Configuration
icon.
3. Click the Upgrade tab. 4. Click the Decode Pack tab. Installed Decode Packs are listed with their current Status, Name, (IP) Address, Model number, Version number, and Description including the firmware release and Build numbers. 5. Select one or more appliances to upgrade. — A red icon in the Status column indicates the existence of an upgrade file with a higher version than the appliance is currently running. — A green icon indicates that the appliance is already upgraded to the latest file version in the nGeniusONE Server upgrade file repository. — Note: If no status icons display in the Status column, no valid upgrade files reside in the pmupgrade directory. 6. Click Upgrade . The releases that have been copied to pmupgrade directory are listed in descending version order. 7. Select the decode pack version you want to upload and click Upgrade. 8. Click OK to confirm. The software package is uploaded to the selected nGenius InfiniStream appliance(s). The Task Progress Report arrow displays detailed, step-by-step information as the upgrade progresses. In the case of multiple upgrades, progress displays for each individual device. Upgrade can take 10-15 minutes to complete. The Task Progress Report displays progress for each appliance.
572
CONFIGURING AND MANAGING nGeniusONE 9. (Optional) In the Devices > Device list screen, select the appliance and click Information
to verify that the upgrade was successful.
Upgrade Parameters in nGeniusONE WARNING: Any change to existing partitions or to the type of file system results in the loss of all stored data. • Partition Guidelines • File System Format Changes • Partition Sizing and Usage • Individual Device • Multiple Devices • Partition Descriptions and Defaults Partition Guidelines Keep in mind these guidelines: • Stored data can be retained during an upgrade if you do not change partition settings or the type of file system used for the packet store partition (/data). • Any changes to other partitions or the type of file system used for the packet store partition results in the loss of all stored data and metadata. This includes: o Changing the format of the packet store partition (for example, from XFS to the NetScout File System [raw format]). o o
Changing the size of any other partition (/flow, /metadata, or /xdr). Creating or deleting any other partition (/flow, /metadata, or /xdr).
• All stored data is lost when upgrading the appliance by re-imaging. • Total storage capacity of the nGenius InfiniStream appliance. • Type of data you plan to monitor. For example: If you anticipate heavy use of the InfiniStream Console, consider increasing the /metadata partition default to a greater percentage of total storage. • Partitions are located on the nGenius InfiniStream storage drives used for packet storage. Therefore, allocating more space for these partitions reduces space available for packet storage. • Review current documentation for the nGenius InfiniStream appliance for the most up to date information. File System Format Changes During upgrades, you will have the option to change your file system and partitioning strategy. In some cases you will have the opportunity to change the data partition format. It is important to understand that anytime you change format or partition size, stored data is not preserved on the InfiniStream appliance. Refer to the table below to understand the options that will be presented to you for re-partitioning, and the impact of your choice on the data store.
573
nGeniusONE 5.4.1 Online Help Topics
Packet Store File System Scenarios
Available Impact of Selection Options
XFS to XFS NetScout File System to NetScout File System
Retain or Recreate the Partitions
If you select Retain, the data and partition size are preserved.
XFS to NetScout File System
Recreate only
The only option presented is to Recreate the partition. When you change file system type, the partition must be recreated. Data is not preserved in this case.
NetScout File System to XFS
If you select Recreate, you will be prompted to designate the size for a new partition. Data is not preserved in this case.
Partition Sizing and Usage Refer to the table in the Partition Descriptions and Defaults section review the partition formats, impact of changing partition formats and sizes, and the sizing required for the way you will use the InfiniStream appliance. Additionally, consider the following: • For releases v5.0 through v5.4, the default minimum /metadata partition size was increased to 25 GB to accommodate additional TFA analysis index files, HTTP/VoIP replays, nGeniusONE/Performance Manager and InfiniStream Console trace storage, and Adaptive Session Intelligence (ASI) metadata. During an upgrade to v5.4.1, you are not required to re-partition your appliance and you can retain this 25 GB partition size. In this scenario, ASI metadata continues to be written to the /metadata partition. However, if you choose to modify your partitions during or after an upgrade to v5.4.1, the following partition changes occur: o A new /asi partition is automatically created and allocated 50 GB of storage space by default (minimum size for this new partition is 25 GB). All ASI metadata is now written to this new partition instead of /metadata, providing improved performance and avoiding contention for space in the /metadata partition from saved trace and decode files. o The default size of the /metadata partition changes to 50 GB, although the minimum partition size of 25 GB is still allowed. So, the amount of storage reserved for remote decode, mining trace files, and ASI metadata increases from a 25 GB to 50 GB (25 GB minimum for /metadata and 25 GB minimum for /asi) if you choose to change the partition settings during/after an upgrade to v5.4.1. Important: If you choose to retain your partitions during the v5.4.1 upgrade, it is strongly recommended that you do not save remote trace files on the InfiniStream appliance. These trace files consume space on the /metadata partition and reduce the space available for the ASI metadata required for nGeniusONE monitors and enablers. • During an application update to any v5.x release from a v4.x release, a new partition, /private, may be created on certain InfiniStream appliances. This partition is used for the temporary storage of compressed files. Because this partition is file-mounted, it always appears at 100% utilization, which is normal and
574
CONFIGURING AND MANAGING nGeniusONE no cause for concern. This partition is not used for packet storage and should not be modified. • On InfiniStream 45xxD appliances equipped with external storage units (ESU-ZS), the installation process creates asymmetrical partitions across the RAID 6 array. The /asi, /xdr, /metadata, and /flow partitions are only created on the internal storage drives of the InfiniStream appliance, and these drives do not contain any /data partitions for packet storage. The drives in the ESU-ZS contain /data partitions only. This arrangement is created automatically during installation; no special steps are required. Upgrading an Individual Device When you upgrade an individual nGenius InfiniStream appliance, you can choose to preserve or modify existing partitions. Allowable ranges and defaults vary depending on the appliance total disk free space. Option
Description
Preserve all existing partitions and data
(Default) Preserves existing partition sizes.
Modify one or more partitions and rewrite the partition table
Select to modify a partition size or eliminate a partition entirely. When you select this option the partition options become configurable. Note: Stored data is lost if you choose this option. o Size — Select (enable) the partition check box and enter a value that falls within the displayed range. Deselecting (disabling) a check box eliminates that partition. The Packet storage option reflects the values you enter for the remaining partitions. o File System (Packet storage partition) — From the drop-down menu, select NetScout or XFS. (NetScout File System is not supported for appliances configured with multi-nsprobe.)
Upgrading Multiple Devices When you upgrade multiple nGenius InfiniStream appliances, you can choose to preserve the partitions existing on each device or use partition defaults in all cases. Option
Description
Preserve the existing partitions on all selected systems
(Default) When selected preserves current partition sizes for all selected appliances. Note: Existing NetScout file system partitions are not preserved.
Partition Descriptions and Defaults WARNING: Any change to existing partitions or to the type of file system results in the loss of all stored data.
575
nGeniusONE 5.4.1 Online Help Topics
Partition
Description
/asi
This partition is dedicated to 50 GB storing Adaptive Service Intelligence (ASI) metadata. In previous releases, ASI metadata was written to the /metadata partition. In v5.4.1, for improved performance and to avoid contention for space in the /metadata partition from saved trace and decode files, this new /asi partition can be created. Whether or not this partition is created depends upon your choices when upgrading to v5.4.1: • If you choose to retain your partitions during the upgrade, this partition is not created and ASI data continues to be written to the /metadata partition as it has in previous releases (refer to recommendations for the /metadata partition below). • If you choose to modify your partitions, the /asi partition is automatically created and linked to the /metadata partition. All ASI metadata is written to this partition instead of /metadata and this cannot be eliminated.
576
Defaults
Minimum
Maximum
Size (GB)
File System
25 GB
10% of available storage
50 GB
XFS
CONFIGURING AND MANAGING nGeniusONE
/metadata for nGeniusONE, Sniffer Analysis
This partition is required for nGeniusONE, Performance Manager, and InfiniStream Console features such as remote decode, data capture, and InfiniStream trace file storage.
50 GB
25 GB
10% of available storage
Enter the required size for selected partitions
XFS
Set a size for this partition based on your anticipated usage of features listed below: • nGeniusONE Decode View/ Performance Manager Remote Decode stores transient session data files in /data and /rtm/pa/data folders. Although these files are automatically removed when the decode session is closed, multiple simultaneous decode sessions can also create temporary index files in the /metadata partition consuming as much as 20 GB of space. • InfiniStream Console and Performance Manager users can save remote trace files on the InfiniStream appliance’s /metadata partition instead of immediately moving mined packets to the InfiniStream Console system or nGeniusONE Server, respectively. NOTE: For releases v5.0 through v5.4, the default/minimum /metadata partition size was 25 GB. Now for v5.4.1, the default/minimum partition size has increased to 50 GB. When upgrading to v5.4.1, you are not required to modify existing partition sizes and you can choose to leave existing /metadata partitions at 25 GB. However, if you retain the existing /metadata partition size, it is strongly recommended that you do not save remote trace files on the InfiniStream appliance. These trace files consume space on the partition and reduce the space available for the ASI metadata required for nGeniusONE monitors and enablers.
Excluding remote decode operations, files saved on this partition must be managed manually. Users who expect heavy use of any of the above features should increase the default to a greater percentage of the total storage. Note that if you choose to increase the size of an existing /metadata partition, all stored metadata will be lost.
577
nGeniusONE 5.4.1 Online Help Topics
/xdr for nGeniusONE, nGenius Subscriber Intelligence, and nGenius Voice | Video Manager
If the appliance will be 20% of configured to produce available xDRs/ASRs (eXtended Data storage Records/Adaptive Session Records) and Conversation data for use by nGeniusONE or nGenius Subscriber Intelligence, you MUST allocate an /xdr partition to store this session data. This partition can be eliminated if the appliance will not be used to produce session data for use with those applications.
6 GB
50% of available storage
Enter the required size
1% of available storage
35% of available storage
Enter the required size
N/A
N/A
Total remaining storage space after space is allocated to the other partitions. Unconfigurable and cannot be eliminated.
XFS
(entering 0 eliminates the partition)
An xDR stores eXtended Data Records (xDRs) for mobile subscriber sessions. The nGenius Subscriber Intelligence application uses these records to correlate mobile sessions across multiple monitored legs. The more space you allocate to xDR storage, the further back Subscriber Intelligence will be able to mine for mobile data session correlation. /flow for InfiniStream Console
/data or /raw for Packet storage
578
Required for use with the InfiniStream Console. InfiniStream Console users MUST allocate a /flow partition for the storage of RMON data, 15-second flow records, and aggregated 5minute statistics. All others can enter 0 to eliminate this partition. On XFS-formatted appliances, collected packets are stored in a /data partition. On NetScout File System-formatted appliances, collected packets are stored in a /raw partition.
5% of available storage
N/A
XFS
(entering 0 eliminates the partition)
Select one of the following:
• NetScout (Raw) default
• XFS
CONFIGURING AND MANAGING nGeniusONE
Configuring Monitored Element Groups Monitored Element Groups Tab in Device Configuration Monitored Element Groups Overview The Monitored Element Groups tab in Device Configuration displays a list of configured monitored elements, groups, super groups and their associated characteristics, described in the table below. Important: When upgrading, monitored element groups containing one or more ASI physical or virtual interfaces are automatically converted to network domains in nGeniusONE. If you previously had services with monitored element groups, the services are updated to use the new network domains instead of ME Groups. Virtual interfaces from the previous ME Groups are shown as location keys in the service member details for the network domains. Functionality Monitored Element Groups can contain: • Physical or virtual interfaces • Switches and routers • A combination of the above The screen also provides buttons to perform the following functions. Click the hyperlink for step-by-step instructions. • Add
a monitored element group or Super Group.
• Delete
a monitored element group or Super Group.
• Show or Hide Filter to display or hide the filter field. When displayed, the filter field lists one or more specified ME Groups or Super Groups in the ME Groups pane. A more selective filter is provided in the Group Details pane where you can arrange the list by Name, Full Name, Alias, IP Address, Speed, Device Category, or Interface Category. • Reset Filter
displays or hides the filter field.
• Import
Super Groups in bulk.
• Refresh
the ME Group display.
• Clicking the Task Progress Report arrow screen displays a report with the Name of the particular ME Group, Details and Status of the operation. You can click Details to display additional information about the task.
579
nGeniusONE 5.4.1 Online Help Topics
Field
Description Monitored Element Groups Pane
or Name
Type of group (Monitored Element Group or Monitored Element Super Group) Name of the group Group Details Pane
Name
For adding/editing the group name. Becomes available when Add a monitored element group
is clicked.
Group Type filter options:
Check the Super Group check box to display members of the super group selected in the left pane.
• Super Group
Check the Show Members Only check box to display members of the group selected in the left pane. Uncheck the box to display all configured ME members.
• Show Members Only Column function/name
Description
Check box to select/deselect devices Name
The name of an ME member, defined when you add a device to the nGenius Server.
Full Name
Descriptive name for an ME member which can include the associated device name, physical and virtual interface names, and QoS group level. For example: john234:if5:VRFGROUP_Other:QOS
Alias
User-supplied, optional, alternate name for an ME member.
Address
The IP address of an ME member.
Speed (Mbps)
Speed of the interface in bits per second. The speed is detected by the nGenius Server.
Device Category
Type of device associated with the ME member. For example: InfiniStream
Interface
Type of interface: either Physical, Virtual, or User Defined ME.
580
CONFIGURING AND MANAGING nGeniusONE
Category
Monitored Element Groups/Super Groups in nGeniusONE — Overview Creating Monitored Element groups allows you to group nGenius InfiniStream and probe interfaces, router interfaces, and switch ports in a way that is most useful to your organization. For example, you can group monitored elements according to topology, type of link, region, or business unit. You could also group Monitored Element groups to make it possible to restrict access to data for certain users. By further aggregating Monitored Element Groups into Super Groups, you can manage monitored elements to reflect the structure of your enterprise. Super Groups are particularly useful in large distributed enterprises. In a distributed server environment, you can create Monitored Element Groups from the Global Manager as well as from the Local Server. The advantage of creating Monitored Element Groups from the Global Manager is that you can include device interfaces and switch ports that reside on different Local Servers in one group. You can also see other Monitored Element Groups that are created on each Local Server. From a Local Server, you can view all Monitored Element Groups, but within each group, you can view only those device interfaces and switch ports that exist on that Local Server. Monitored Element Groups with ASIs Automatically Converted When upgrading, monitored element groups containing one or more ASI physical or virtual interfaces are automatically converted to network domains in nGeniusONE. Once added to nGenius Performance Manager, monitored element groups are available in nGeniusONE. If you previously had services with monitored element groups, the services are updated to use the new network domains instead of ME Groups. Virtual interfaces from the previous ME Groups are shown as location keys in the service member details for the network domains. Monitored Element Groups and Super Groups display in the module.
Device Configuration
• Network Administrators and Approvers can create, edit, rename, or delete Monitored Element Groups and Super Groups in the nGeniusONE Server. • You can combine Monitored Element Groups into Super Groups. • System Administrators can restrict access to groups for certain users. • All users can view Monitored Element Groups, Super Groups and their contents. Monitored Element Groups are supported for both physical and virtual interfaces. The following monitored elements cannot belong to a group: • Top level device groups such as Ethernet, WAN, or Enterprise • Probes (at the device level) Super Groups can contain Monitored Element Groups but not monitored elements.
581
nGeniusONE 5.4.1 Online Help Topics
Adding a Monitored Element Group in nGeniusONE The add monitored element (ME) group functionality in the Device Configuration module lets you create a ME group or Super Group, and aggregate existing monitored elements into groups or ME groups into Super Groups. To create a monitored element group on the nGeniusONE Server: 1. From the nGeniusONE Console, click
Device Configuration.
2. Select the Monitored Element Groups tab. 3. Click Add monitored element group. Clicking this button activates the Name field in the Group Details pane. 4. Enter a name for the ME Group or Super Group name. The name must be unique for each device. Up to 128 alphanumeric characters are valid. Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all. Do not include commas or spaces in the name. Be advised that if you use nonapproved characters or spaces, you may encounter problems generating alarms with user-defined protocols and using certain CLA commands. Do not use "Enterprise" as a group name. The underscore _ and dash — are not considered special characters. 5. Click the check box of one or more monitored elements or groups and click Apply to save the group. After the group is added, the name remains in the field but is grayed out until you add another group or select a group to display.
Creating a Monitored Element Group or Super Group When you create groups to monitor, you can select the following: • Physical or virtual interfaces • A switch or router to add all of the switch or router interfaces to the group at once Note: You cannot select a probe to add all of the probe interfaces in this manner. • A combination of the above To create a Monitored Element Group or Super Group: 1. From the nGeniusONE console, click the
Device Configuration icon.
2. Select the Monitored Element Groups tab. 3. Select Add monitored element group. Clicking this icon activates the Name field in the Group Details pane. 4. Enter a group name. It must be unique for each group. Note: Monitored Element Group names can have a maximum of 128 alphanumeric
582
CONFIGURING AND MANAGING nGeniusONE characters and/or spaces. Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all. Do not use "Enterprise" as a group name and do not include commas or spaces in the name. Be advised that if you use non-approved characters or spaces, you may encounter problems generating alarms with user-defined protocols and using certain CLA commands. The underscore _ and dash — are not considered special characters. 5. To create an ME Group, continue with the next step but to create a Super Group, click the Super Group check box. Tips: - This procedure describes how to create an individual Super Group. You can also import Super Groups in bulk. - You cannot add Super Groups to another Super Group; but, you can expand an existing Super Group and add its members to another Super Group. - Monitored elements cannot be added to a Super Group, only Monitored Element Groups. 6. Click the check box of one or more monitored elements or groups from the list and click Apply to save the group. Note: Un-clicking the checked Show Members Only check box displays all configured monitored elements, groups, and Super Groups in the nGeniusONE server. After the group is created and displays in the list, the name remains in the Name field but is grayed out until you add another group or select a group to display. Note: To remove one or more groups or Super Groups, click the corresponding member group.
check box and click
Delete the selected monitored element
Creating a Monitored Element Super Group You can group Monitored Element Groups to create Super Groups. By combining Monitored Element Groups into Super Groups, you can creatively and flexibly manage monitored elements to reflect the structure of your enterprise. Super Groups are particularly useful in large distributed enterprises. You can delete or modify Super Groups in exactly the same manner as Monitored Element Groups. Note: The procedure in this topic describes how to create an individual Super Group. You can also import Super Groups in bulk. To create a Super Group: 1. From the nGeniusONE console, click the
Device Configuration icon.
2. Click the Monitored Element Groups tab.
583
nGeniusONE 5.4.1 Online Help Topics 3. If you have not previously configured Monitored Element Groups, do so now. 4. In the Monitored Element Groups dialog box, click Add monitored element group. 5. Enter a group Name; it must be unique for each group. Up to 128 alphanumeric characters and spaces are supported. Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all. Do not use "Enterprise" as a group name and do not include commas or spaces in the name. Be advised that if you use non-approved characters or spaces, you may encounter problems generating alarms with userdefined protocols and using certain CLA commands. The underscore _ and dash — are not considered special characters. 6. Click the Super Group
check box.
7. In the Monitored Element pane, select the Monitored Element Groups you want to include and click Apply. Click and drag the cursor, or use Shift-click, or Ctrl-click to make multiple selections. Tips: • You cannot add Super Groups to another Super Group; however, you can expand an existing Super Group and add its members to another Super Group. • To remove a Monitored Element Group, select it from the Group Members list (you can make multiple selections), and click Remove. To remove all entries, click Remove All.
Importing Monitored Element Super Groups in nGeniusONE If you plan to create many Monitored Element Super Groups, you can do so more conveniently by creating and importing a properly configured text file. 1. Open a text editor create an import file using the following format: ,megroup1 ,megroup2 ,megroup Notes: • Enter each Monitored Element Group on a separate line. • Group and Super Group names support alphanumeric characters and spaces. With the exception of the forward slash (/) special characters are not supported. • Entries are case sensitive. Example To import Super1 enter: Super1,ME1 Super1,ME2 Super1,ME3
584
CONFIGURING AND MANAGING nGeniusONE To import Super2 enter: Super2,ME3 Super2,ME2 To import Super3, the following formats are invalid for ME1 and ME2 Super3,ME2,ME1 [list each ME group on a separate line] Super3,me1 [case sensitive] Super3,me2 [case sensitive] 2. Save the file in CSV format. 3. From the nGeniusONE console, click the
Device Configuration icon.
4. Select the Monitored Element Groups tab. 5. If you have not previously configured the appropriate Monitored Element Groups, do so now. 6. Click Import super groups and navigate to the location where you saved your import file. (Select All Files if you saved the file in other than *.csv format.) 7. Select the file, making sure it displays in the File name field. 8. Click Open. Note: If the group does not immediately display, click the
Refresh icon.
Modifying a Monitored Element Group Network Administrators and Approvers can modify Monitored Element Groups or Super Groups by adding or removing group members. To modify a Monitored Element Group: 1. From the nGeniusONE console, click the
Device Configuration icon.
2. Select the Monitored Element Groups tab. 3. In the Monitored Element Groups pane, select the group you want to modify. 4. Perform one of the following: • Select Add monitored element group, select one or more monitored elements from the Group Details member list, and click Apply to save your changes. Important: be sure that the Show Members Only check box is unchecked to view all available members. • Select Delete the selected monitored element group, select one or more monitored elements from the Group Details member list, and click Apply to save your changes. Important: be sure that the Show Members Only check box is unchecked to view all available members.
585
nGeniusONE 5.4.1 Online Help Topics Note: If you add monitored elements to a group to which a Restricted User has access, the Restricted User must log out of nGeniusONE and then log back in to be able to view the new monitored elements. If the group does not immediately display, click the Refresh icon or press F5 to display your new Monitored Element group.
Deleting a Monitored Element Group in nGeniusONE In the Network Administrator role, you can delete Monitored Element groups. Deleting Monitored Element groups does not remove the interface, port, or device from the nGeniusONE server but simply removes the group as a logical listing. Note: You cannot delete the only Monitored Element group associated with a user account. Doing so would provide the previously Restricted User Account access to enterprise-wide data. Click here for options available to the System and Network Administrators. To delete a Monitored Element Group: 1. From the nGeniusONE console, click the
Device Configuration icon.
2. Click the Monitored Element Groups tab. 3. In the Monitored Element Groups pane, select an existing group and click the selected monitored element group.
Delete
If the Monitored Element group is associated with any user account, the Delete Monitored Element dialog box informs you that deleting the group also deletes the group association with user accounts, and lists the affected user accounts. 4. Click OK when prompted to delete the selected groups. 5. Click Apply. One of the following occurs: • The Monitored Element group is deleted if either of the following is true: o The Monitored Element group is not associated with any user account o The Monitored Element group is associated with one or more user accounts, but it is not the only group associated with any user account • If a Monitored Element Group is the only group associated with any user account, a message indicates that the group cannot be deleted and advises you to contact your System Administrator. Click OK. Options.
586
CONFIGURING AND MANAGING nGeniusONE
NetFlow Groups NetFlow and sFlow Collection Overview Flow collection is based on receiving flow records from enabled devices. nGenius Collectors support the following: • NetFlow versions 1, 5, 7, and 9 • Vendor formats, such as JFlow and IPFIX, that conform to NetFlow • sFlow versions 2, 3, 4, and 5 NetFlow and sFlow are enabled directly on the routers and switches themselves, but require an nGenius Collector to receive flow data. nGenius Collectors can be configured to act as collection devices for flow data. nGenius Collectors (3300 Series) support collection of NetFlow and IP SLA data. By default, when you add an nGenius Collector to nGeniusONE, its associated routers are added automatically, provided the Read/Write communities are Public. If the communities are other than Public, you can manually add the router to the nGenius Collector from Device Configuration. Each nGenius Collector can support up to 10 NetFlow-enabled devices with a combined maximum number of 1000 interfaces. Alternatively, the nGenius Collector can be deployed to support an unlimited number of flow-enabled devices with a combined maximum number of 250 interfaces. Using the extd_vifn_mode command, you can increase the virtual interface support on nGenius Flow Collector and nGenius Collector appliances to 5000. The flow information collected on each device is sent to the management interface of a nGenius Collector, and each flow source (interface on a switch/router) is mapped to an independent virtual interface in the Collector. The Collector dynamically creates the flow virtual interfaces as it receives flow export for those interfaces. Statistics available for NetFlow and sFlow virtual interfaces include: • Utilization • Average Packet Size • Application Statistics • IP Hosts and Conversations • Application Layer Host and Conversation data Note: nGenius Collectors support sFlow versions 2, 3, 4, and 5. sFlow v5 includes two variations of formatting, a regular format and an extended interface format; both are supported. However, ifIndex values of greater than 64K (65535) are not supported in sFlow collections. IfIndex values above the 1-65535 range are collected in the default ifIndex 0 virtual interface associated with the exporting device.
587
nGeniusONE 5.4.1 Online Help Topics
Flow Overview A flow is a unidirectional sequence of unicast packets between given source and destination endpoints. The following seven elements define a unique flow. If a flow has one or more elements different from another flow, then it is considered a new flow. • Source IP Address • Destination IP address • Source port number (TCP, UDP) • Destination port number (TCP, UDP) • Layer 3 protocol type (IP, ICMP) • Type of Service (ToS) byte (0-7) • Input logical interface NetFlow and sFlow are technologies used to monitor IP traffic flows in routed and switched environments. nGenius Collectors (3300 Series) support the following: • NetFlow versions 1, 5, 7, and 9 • Vendor formats, such as IPFIX and JFlow, that conform to NetFlow • sFlow versions 2, 3, 4, and 5 When configured to generate NetFlow datagrams, routers and switches can be directed to send the data to the nGenius Collector. nGenius Collectors, dedicated high-density NetFlow and IP SLA collection devices, gather NetFlow datagrams and IP SLA test data from Cisco routers and/or switches for display in nGeniusONE, nGenius Performance Manager, and nGenius Performance Manager for Flows. Configuring Flow Interfaces on Routers, Probes, and Collectors
Add or Modify a NetFlow Aggregate Group Field
Description
Name
Enter a name for the group. Alphanumeric characters are supported.
DTE Speed
(Optional) Enter the DTE speed in bits per second (bps). For accurate utilization calculation, you must enter the correct speed. If no speed is entered, the speed is set to 0.
DCE Speed
(Optional) Enter the DCE speed in bits per second (bps). For accurate utilization calculation, you must enter the correct speed. If no speed is entered, the speed is set to 0.
Discovered
Displays only those NetFlow interfaces that do not belong to another Aggregate Group.
Associated
Select the interface(s) you want to associate with the
588
CONFIGURING AND MANAGING nGeniusONE group from the Discovered column, and click Add. Ctrlclick or Shift-click to selection multiple interfaces. Your selections display in the Associated column. Select an interface and click Remove or Remove All to revise your selections. Tip: To make multiple selections, use Shift-click, or Ctrlclick to select interfaces.
Creating a NetFlow Aggregate Group You can group existing NetFlow interfaces created on an nGenius Collector as a logical group. The logical group you create becomes a virtual interface on the Collector that you can monitor. You can create more than one NetFlow Aggregate group for a Collector, but each NetFlow interface discovered on the Collector can belong to only one group. Note: The nGenius Collector must be set to Interface-Mode. Device mode is not supported for creating NetFlow aggregate groups. Refer to the nGenius Collector Administrator Guide for details on how to configure Interface-Mode. Requirements Note: The nGenius Collector must be set to Interface-Mode. Device mode is not supported for creating NetFlow aggregate groups. Refer to the nGenius Collector Administrator Guide for details on how to configure Interface-Mode. To create a NetFlow Aggregate group: 1. From the nGeniusONE Console, launch
Device Configuration.
2. Select the Devices tab. 3. Double-click the appropriate nGenius Collector. 4. Select the interface, click Select monitoring options, and from the drop-down menu, select Aggregate NetFlow. The Aggregate NetFlow window displays. 5. Click Add
. The Aggregate Groups Edit window displays.
Note: If you created other Aggregate groups for the selected Collector, only those NetFlow interfaces that do not belong to another display in the Discovered column. 6. Enter the appropriate data in the fields in the Aggregate Groups window. 7. From the Discovered column, select the interface you want to include and click Add. Ctrl-click or Shift-click to add multiple interfaces. (Click Remove or Remove All if you need to revise your selections.)
589
nGeniusONE 5.4.1 Online Help Topics 8. When you finish adding interfaces to the group, click OK. The Aggregate Groups window closes and the new group displays in the Aggregate NetFlow window. Select a group to display its associated interfaces. Note: • The Aggregate ID column displays ID numbers that are automatically assigned to each group in sequence as they are created. You can create a maximum of 254 groups. • Modify or delete a group by selecting it and clicking the appropriate button. 9. Click OK. The blue triangle on the Aggregate NetFlow button indicates a change to an aggregate group that has not been downloaded to the Collector. 10. Click OK to download the new group to the Collector.
Deleting a NetFlow Aggregate Group To delete a NetFlow Aggregate Group: 1. From the nGeniusONE Console, click
Device Configuration.
2. Select the Devices tab. 3. Double-click the probe on which you created the NetFlow Aggregate Group. 4. Select the interface and click
Select monitoring options.
5. From the drop-down menu, click Aggregate NetFlow. The Aggregate NetFlow window displays. 6. Select the group you want to delete and click
Delete.
7. Click Yes to confirm the deletion. 8. Click OK. The blue triangle on the Aggregate NetFlow button indicates a change to an Aggregate Group that has not been downloaded to the probe. 9. Click OK. The group is deleted from the probe.
Modifying NetFlow Aggregate Groups To modify a NetFlow Aggregate Group: 1. From the nGeniusONE Console, launch
Device Configuration.
2. Select the Devices tab. 3. Double-click the probe on which you created the NetFlow Aggregate Group. 4. From the Interfaces tab, click Aggregate NetFlow. The Aggregate NetFlow window displays. 5. Select the group you want to modify and click Modify window displays. 590
. The Aggregate Groups
CONFIGURING AND MANAGING nGeniusONE 6. Modify the group as required. 7. When you finish making your modifications, click OK. The Aggregate Groups window closes and the Aggregate NetFlow window displays. You can select the modified group to view the associated interfaces. 8. Click OK to close the Aggregate NetFlow window. The blue triangle on the Aggregate NetFlow button indicates a change to an Aggregate Group that has not been downloaded to the probe. 9. Click OK to download your modifications to the Collector.
591
nGeniusONE 5.4.1 Online Help Topics
Additional Topics Other Device Configuration Configuring Devices on the nGeniusONE Console — Overview The Device Configuration home page on the nGeniusONE console provides the following functionality: • Devices — to display, add, modify, or delete settings for devices connected to your server. • Upgrade - to install newer InfiniStream or InfiniStream Decode Pack software • Monitored Element Groups — to add, delete, or import monitored element groups or super groups on your server.
Clearing Data Captures In the Network Administrator role, you can clear the data captures from InfiniStream appliance interfaces. 1. From the nGeniusONE Console, open
Device Configuration.
2. Select the Devices tab. 3. Select an InfiniStream with interfaces from which you want to clear data captures. 4. Select one or more interfaces and click
Clear Captures.
5. When prompted to clear a capture, click OK.
Logging in to a Device Remotely If you are a Network Administrator, you can log in to a probe or nGenius InfiniStream remotely. When you remotely log in to a device, the Agent Configuration Utility displays. Included in the menu are options allowing you to modify device settings, for example: • Change the device IP address • Change the Read/Write Communities • Configure firmware options • Add or modify security options To remotely log in to a device: 1. From the nGeniusONE Console, launch
Device Configuration.
2. Select the Devices tab. 3. Select the device and click Remote Login. The Remote Console displays the Agent Configuration Utility. (Login and password may be required.)
592
CONFIGURING AND MANAGING nGeniusONE Note: The number of consoles permitted to be open at any given time is four. Refer to the Agent Administrator Guide regarding your NetScout device for additional details.
Deleting a Device or Interface To delete a device or interface, you must be assigned the Network Administrator role. When you delete a device, the device is removed from the Devices tab and all interfaces removed. When you delete an interface, the interface is removed from the Modify Device screen. All data related to the device remains in the database until it ages out. When you delete a switch, the nGeniusONE Server deletes ether stat entries that the nGeniusONE server created. To delete a device: 1. From the nGeniusONE Console, launch
Device Configuration.
2. Select the Devices tab. 3. Select the device you want to delete and click
Delete.
4. In the confirmation window, click OK to delete the selected device. To delete an interface: 1. From the nGeniusONE Console, launch
Device Configuration.
2. Select the Devices tab. 3. Double-click the device for whose interface you want to delete. 4. Select the interface. 5. Click
Delete.
6. In the confirmation window, click OK to delete the selected interface. 7. Click OK to save your configuration.
Exporting Device Settings You can export device settings from one nGeniusONE Server to a file that you can then import to another Server. Features Exported • Well known Apps • Server-based Applications • Extension Apps • Application Groups • Sites • Host Groups • QoS Groups
593
nGeniusONE 5.4.1 Online Help Topics • APN Groups • SNMP Trap Listeners • KPI Alarm • KPI Error Code Config • KPI Error Codes Exporting Device settings is useful to accomplish the following tasks: • Export the device configuration • Export custom protocols — When you import custom protocols, certain rules are applied to prevent importing duplicate. Export is not supported for protocols provided by default. • Export Application Group associations To export device settings: 1. From the nGeniusONE Console, click
Device Configuration.
2. Click the Devices tab. 3. Click
Export devices.
Important: Saving the file with the same name as a previously-saved file overwrites files contents. 4. Click Save File and OK. You can later import the file to another system.
Device and Interface Alias Overview You can optionally give a device or an interface an alternate name known as an alias. You might want to use aliases when, for example, the Network Administrator has a preferred method for naming devices that is useful in the Administrator role, but which is inconvenient for other users who are accessing views or reports. You can create aliases for devices and for physical and virtual interfaces: • Device — You can create an alias when you add a device to the nGeniusONE Server, or you can add or modify a device alias. • Physical interface — Add or modify aliases for physical interfaces at the Interfaces tab of the device details window. • Virtual interface — Add or modify alias names for virtual interfaces by clicking Virtuals in the device details window. After you define aliases for devices and/or interfaces, you can also choose to have device/interface aliases display for a specific NewsPaper report. Note: If you select aliases to display and no alias is defined for a device or interface, the device or interface name displays.
594
CONFIGURING AND MANAGING nGeniusONE
Preventing Switch Configuration When you add a device to the nGeniusONE Server, the server automatically configures the device by applying Global Settings and templates. For switches only though, the Enable Learn Only option is selected by default. This mode prevents the nGeniusONE Server from applying Global Settings, templates, history, and alarms to the switch. Only switch information is learned. Note: Spanning requires that Enable Learn Only be selected. You can disable or re-enable the Learn Only option using the following procedure: 1. From the nGeniusONE Console, launch
Device Configuration.
2. Click the Devices tab and double-click the switch. 3. Select or deselect the
Enable learn only mode check box as required.
4. Click OK. Note: If you enable the Learn Only option after the switch has operated with the Learn Only flag disabled, Global Settings, templates, alarms, and history settings are retained. However, no further updates to the Global Settings, templates, alarms, or history are written to the switch.
595
nGeniusONE 5.4.1 Online Help Topics
IP Ping IP Ping in nGeniusONE Note: If the Add probe.
button is disabled, verify that Response Time is enabled on the
Column
Description
Target Host (IP Address)
Enter the IP address of the device you want the probe to contact. You can add a maximum of 20 entries.
Ping Interval (seconds)
Enter the interval (in seconds) in which you want the device to be contacted. The default is 60 seconds.
QoS Level
Enter the Quality of Service level. The default is 5.
Using IP Ping to Contact Other Devices You can monitor the path availability and network latency to any device on your network by specifying the IP address of the device you want the nGeniusONE probe to contact. Once IP Ping is configured, you can receive responsiveness and availability Power Alarms as well as view response time for the pinged device. Note: You can enable monitoring of Response Time for the IPPING protocol in Applications. Important: nGenius probes support IP-PING, which requires you to enable monitor support on Interface 1. nGenius InfiniStream appliances do not support this feature. 1. Ensure that you meet all requirements. 2. From the nGeniusONE Console, launch
Device Configuration.
3. Select the Devices tab. 4. Double-click the probe that you want to use to contact another device. 5. Select interface 1, click Select monitoring options, and select IP Ping from the drop-down menu. If the IP Ping button is disabled, review the IP Ping requirements. You may need to enable monitoring for interface 1 on the probe. 6. Click Add
. If the Add button is disabled, review the IP Ping requirements.
7. Enter the IP address (IPv4) of the device or server (Target Host) you want the probe to contact. 8. Enter the Ping Interval (seconds) to specify how frequently the probe pings the device or server. The default is 60 seconds. 9. Enter the QoS Level (default is 5). 10. Click OK.and Apply to save your configuration.
596
CONFIGURING AND MANAGING nGeniusONE Note: If you modify an attribute in the Probe Interfaces dialog box, the icon will appear in the Pending column. The type of configured action made displays by hovering your cursor over the icon. For example: Pending changes: Alarm Policy. IP Ping Requirements You can monitor the path availability and network latency to any device on your network by specifying the IP address of the device you want the probe to contact. Once IP Ping is configured, you can receive responsiveness and availability Power Alarms as well as view response time for the pinged device in any response time view. To use IP Ping, you must meet the following requirements: • nGenius Collector o Agent Options — Monitor ifn 11 set to on (disabled by default) o Software Options — Response Time Monitor set to on (enabled by default) For detailed information on how to enable monitoring on the Collector, see the Monitor Interface 11 and Response Time Monitor topics. Important: nGenius Collectors support IP PING, which requires you to enable monitor support on Interface 11. nGenius InfiniStream appliances do not support this feature. • Applications o Configure IP PING for Response Time monitoring o (Optional) Modify Response Time boundaries, if required Read/Write Community Write Community String in nGeniusONE The Write Community setting defined in the device and in the nGeniusONE Server must match. If the write community string is defined incorrectly in either place, then the nGeniusONE Server will be unable to apply Global Settings and templates. To change the write community string for an individual device: 1. From the nGeniusONE console, click the 2. Select the device and click
Device Configuration icon.
Device Settings.
3. Change the Write Community field to match the setting in the device and click OK. 4. (Optional) Click the is accepted.
Information icon to view whether the write community string
Note: A device with a correct Read Community setting displays as Active in the Status column of the Devices screen even if the Write Community setting fails. In that case, you have read privileges, but you cannot write to the device.
597
nGeniusONE 5.4.1 Online Help Topics
Relearn Automatic Relearn in nGeniusONE — Overview When you add a device to the nGeniusONE server, the server automatically learns all the interfaces and configures the device by applying Global Settings. The server relearns the device whenever the device reboots (for example, when a new physical interface is added or removed or firmware is upgraded). In addition, the server automatically checks devices on an hourly basis to ensure that the device and the server remain synchronized. Certain events, if detected during the hourly check, prompt a full relearn of the device including: • Device interface speed changes on an active interface • Interface type changes on an active interface • A new virtual interface appears on an active interface • A virtual interface on an active interface is no longer present • The virtual interface numbers no longer match (VPI/VCI) • Interface encapsulation changes • Any mismatch in protocol configuration You can also relearn a device on demand. Relearning a Device The nGeniusONE server automatically accesses the nGeniusONE data source on an hourly basis to ensure that it remains synchronized with the server. More about automatic relearn. To quickly perform a manual relearn: 1. From the nGeniusONE Console, click
Device Configuration.
2. Select the Devices tab. 3. Select the device and click
Relearn.
4. Click OK to confirm that you want the device to be relearned. 5. Information about the task performed displays as shown below. Note: if the arrow points up, the Task Progress Report also displays.
598
CONFIGURING AND MANAGING nGeniusONE
Device Details Device Details — Modify Device Screen The Modify Device dialog box allows you to view and, except as noted below, modify information about a specific probe, nGenius InfiniStream, router, or switch. It is accessed by double-clicking the selected device in the Devices tab of Device Configuration. Function availability varies by device. Click the links for more information on device and interface settings. Field
Description
General information Name
The device name. This field accepts spaces and alphanumeric characters. • Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some, all, or none. • The device name must be unique. This field is required.
Alias
(Optional) A user-defined alternate name for the probe. • Spaces and alphanumeric characters are valid. • Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some, all, or none.
Address
The IP address (IPv4, IPv6) or host name of the nGenius Collector, Probe, InfiniStream, Packet Flow Switch, router, or switch. This field is required.
Notes
(Optional) Additional user-supplied information such as the device's location. Maximum length is 128 characters.
Device Template
The template applied to this device chosen from a pulldown menu.
Communication Protocol
The communication protocol type used to exchange information between network devices. Choices: Automatic (default), HTTP, HTTPS, SNMPv1, SNMP (SNMPv2c), or SNMPv3. Protocol choices are dependent on the Device Type. Important: NetScout strongly recommends that
599
nGeniusONE 5.4.1 Online Help Topics
HTTP/HTTPS be selected instead of an SNMP version. HTTPS communications between NetScout appliances is performed such that certificates are verified on both server and client sides of the traffic once you have added the SSLHelper.trustAllCertificates=false property to the serverprivate.properties file. Note: HTTP is automatically detected only on 5.0.x and later InfiniStream devices. HTTPS and SNMPv3 are not automatically detected - you must manually choose these protocols. Important: When adding a device behind a firewall, be aware that nGeniusONE Server uses particular ports for the SNMP, HTTP, and HTTPS communication protocols. Alternatively, you can use optional ports for these protocols. Refer to the Ports Used by nGeniusONE Server Hardware section in the nGeniusONE Administrator Guide for these mandatory and optional port numbers. Read Community
The read community string. The initial default setting is public. This field is required. Note: When SNMPv3 is the selected communication protocol, this field becomes User Name. The Read Community value is used as the default.
Write Community
The write community string. This setting must match the write community string defined in the probe (more). The initial default setting is private. This field is required. Note: When SNMPv3 is the selected communication protocol, this field becomes Authentication Password. The Write Community value is used as the default.
Device Status
Displays the current status of the device. Device status can be Active, Inactive, Down, or Pending. This field cannot be modified.
Description
Displays system information about the device such as vendor, model, and firmware version of the device. This field cannot be modified.
Advanced settings Retries
The number of times you want the nGeniusONE Server to attempt to reach the probe if there is no response. This value must be an integer between 1 and 1000. Default value: 3. This field is required.
Timeout
The interval (in seconds) you want the nGeniusONE Server
600
CONFIGURING AND MANAGING nGeniusONE
to wait before retrying an SNMP request. The value must be an integer between 1 and 1000. Default value: 1. This field is required. Enable deviceunreachable alarm
If enabled, an alarm displays in the Alarm Viewer if the device is unreachable; a subsequent alarm displays if the device comes back up.
Enable learn only mode
Select this check box if this switch is used for spanning purposes only and you do not want to apply Application settings, history, templates, or alarms to the switch. More about the Enable Learn Only option.
(Switch Only) Do not add routers for NetFlow
DLC (Switch Only)
Enable this option if you do not want routers to be discovered. When disabled (default), System Relearn identifies routers discovered by virtual interfaces. It concerns Collectors only. This option is available only when adding the device. Data Link Control check box. A switch setting for monitoring and logging MIB2 data.
SNMPv3 settings (available only when the SNMPv3 communication protocol is chosen) Authentication Protocol
The authentication protocol used with SNMPv3. Choices: MD5 or SHA1.
Privacy Settings
Click the check box to choose a privacy protocol from the drop-down menu and enter a privacy password.
Privacy Protocol
SNMPv3 privacy protocol. Choices: AES, DES, or 3DES. A privacy password is required if the privacy protocol is provided.
Password
Refresh
Enter a privacy password. A concurrent configuration edit will enable the Refresh button so that any changes made by one user can subsequently be displayed by other users clicking the button.
Device Details - Interfaces Screen The Interfaces or Ports section of the Modify Devices screen, as shown below, provides for configuration and display of physical interface information for InfiniStreams, probes, routers, and switches as well as drill-down access to associated virtual interfaces. Be aware that depending on the interface type chosen, some data and functions are not available.
601
nGeniusONE 5.4.1 Online Help Topics
From this screen you can: •
Modify interface properties.
•
Delete an interface.
•
Activate or
Deactivate an interface.
•
Clear Captures to empty buffers of packets collected by previous captures. This function is not available for switches or routers.
•
Monitoring options to configure virtual interface parameters: IPSLA, NetFlow Aggregate, IP Ping, Associate Sites, Associate APN, or Associate VRF Groups and others. This function is not available for switches or routers.
•
Virtuals to view and configure virtual interfaces, as shown below. This function is not available for switches or routers. Also, the Virtuals icon is disabled if the selected physical interface does not have configured virtual interfaces.
Important: Inline editing is not supported. Modify Interface Name, Alias, or Speed To modify a physical interface Name, Alias, or Speed, refer to: • Modifying Device Information • Modifying Physical Interfaces • Modifying FEC Interfaces • Modifying virtual interfaces: APN, BSID, LA-RA, NetFlow, QoS, sFlow, Site, TAC, VLAN, VRF Group, and VRF Site. Important: Depending on the interface type, changing a name or interface speed may not be permitted. Column
Description
Name
The name of the interface. This field is configurable: • Spaces and alphanumeric characters are valid up to a limit of 128 characters. • Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some, all, or none. • The name must be unique for each interface. Note: Interface names are based on if Descriptors or if Names (if entered on the device). If the nGenius Server learned the name of the interface
602
CONFIGURING AND MANAGING nGeniusONE
from the device, you cannot modify the interface name. Alias
(Optional) A user-defined alternate name for the interface. This field is configurable: • Spaces and alphanumeric characters are valid. • Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some, all, or none. • The alias must be unique for each interface.
IP Address (Routers Only)
The IP address of the interface. If an interface has multiple IP addresses, only one address displays. This field does not display for probes or switches.
Number (Probes and Routers Only)
The interface number. This field does not display for switches.
Slot/Port (Switches Only)
The slot and port numbers on the device.
IF Type
The type of network the device is connected to such as Ethernet (ET), Frame Relay (FR), ATM, Token Ring (TR), WAN, GigabitEthernet, or ASI PORTAL (for select voice-supporting InfiniStream models). If the nGenius Server does not recognize the interface type, then the topology is defined as Other.
Speed Override (Routers and Switches Only)
Check box indicating whether or not the original interface speed was overridden.
Speed (Mbps)
The interface speed. By default, the speed is learned when a device is added. In many instances, this value can be overwritten.
Fdx (Routers and Switches Only)
Select this check box if the device supports full duplex. With Fdx (Full duplex) selected, the interface speed is doubled for utilization calculations. This field does not display for probes.
Status
The status of an interface— Active, Inactive, Absent, or Pending. You can deactivate an active interface by selecting the interface and clicking Deactivate, or activate an inactive interface by selecting the interface and clicking
Activate.
Alarm Template
Lists the alarm template (or Default) for each interface.
Locations/Virtualization
Indicates the type of Location Key (virtual interface)
603
nGeniusONE 5.4.1 Online Help Topics
discovered by the InfiniStream appliance such as Site, VLAN, VRF, QoS, Cell Site, Cell Area, Cell ID, HandsetGroup, CMTS, APN, CMTS, TAC, BSID, LA-RA, and PLMN. Multiple and hybrid Location Key types are displayed in this column per physical interface as well as in the Virtuals screen. A list stretching longer than the field can be viewed in its entirety by hovering your cursor over the entry. They are also displayed in the Location Keys pane of the Service Configuration monitor where users can choose to display locations discovered by the InfiniStream (already carrying traffic) or those configured in Global Settings but not yet in operation. Caveats • A delay of between 6 and 10 minutes will occur for Location Keys to display after they are discovered. • Only when asi_mode is set to ASI will the InfiniStream display all supported location keys it discovers from the ASI tables. CDM mode will display virtual interfaces only. • When a virtual interface is changed in ASI mode (from VLAN to Site, for example), the relearn process will take 15 minutes to process the old virtual interface and return the new virtual interface type. • Note: With hybrid mode selected, this column is titled Virtualization. When ASI mode is selected, the column is titled Locations.
604
CONFIGURING AND MANAGING nGeniusONE
Activation/Deactivation Deactivating or Activating Devices and Interfaces Deactivating a device or interface produces the following effects: • nGeniusONE server stops polling the device or interface. • All data related to the device or interface remains in the database. Inactive.
• The Devices tab window displays the device Status as • In the Devices tab window, the
Deactivate,
Relearn,
Device
Settings, Remote Login, and Associated Applications buttons become disabled. They are also disabled when the device is in a Down or Pending state. • The Devices tab window displays the number of Inact(ive) Interfaces by device. • More. Activating a device produces the following effects: • nGeniusONE server starts polling at the next polling interval. • The Devices tab window displays the device Status as
Active.
• The Details tab window displays the number of Act(ive) Interfaces for the device. • In the Devices tab window, buttons become enabled. To stop the nGeniusONE server from polling a device or interface, you can deactivate it. You can subsequently activate the device when appropriate. For example, you might want to deactivate/activate a device when you: • Send a probe in for repairs, but do not have a replacement probe configured with the same IP address. • Temporarily disconnect a port from a switch (deactivate the switch port). You must be granted the Network Administrator role to deactivate or activate a device. Distributed Server Environment In a distributed server environment, you can deactivate and activate a device from either the Global Manager or from the Local Server to which the device belongs. Both Global Manager and Local Server display the current state (active or inactive) of the device. Deactivating a device or interface produces the following effects: • nGeniusONE server stops polling the device or interface. • All data related to the device or interface remains in the database. • The Devices tab window displays the device status as
Inactive.
• The Details tab window displays the number of Inact(ive) Interfaces for the device. • More. Activating a device produces the following effects:
605
nGeniusONE 5.4.1 Online Help Topics • nGeniusONE server starts polling at the next polling interval. • The Devices tab window displays the device Status as
Active.
• The Details tab window displays the number of Inact(ive) interfaces by device. • In the Devices tab window, the Delete, Deactivate, Relearn, and Remote Login buttons are enabled. • More.
Deactivating or Activating a Device If you want to temporarily stop the nGeniusONE server from polling a device, you can deactivate it. You can subsequently activate the device when appropriate. More about deactivating and activating devices. What happens when you deactivate or activate a device To deactivate or reactive a device: 1. From the nGeniusONE Console, click
Device Configuration.
2. Select Devices tab. 3. Do one of the following: • Deactivate — Select an active device, and click Deactivate. Click OK to confirm that you want to deactivate the selected device. • Activate — Select an inactive device and click Activate. Click OK to confirm that you want to activate the selected device. 4. Click Apply. Common Questions About Deactivating or Activating a Device or Interface The following is a list of common questions about deactivating or activating a device or interface: What Happens When a Device or Interface is Deactivated? When you deactivate a device or interface, the nGeniusONE Server stops polling that device or interface for data. The data previously collected in the database for that device or interface remains in the database and is not aged out. After you place the monitored device or interface back online, you can instruct the nGeniusONE Server to begin polling that device or interface at the next polling interval by activating it. What Happens if You Do Not Deactivate a Device or Interface Before Taking the Device or Interface Offline? The nGeniusONE Server marks all devices Inactive or counts interfaces that it cannot locate as Absent. When a device or interface has an absent status, the data in the database begins to age out. When the device or interface is back online, and the nGeniusONE Server relearns the device, it recognizes the device or interface and marks
606
CONFIGURING AND MANAGING nGeniusONE the device or interface as Active. If you reconnect the device or interface, you can delete the Absent device or interface. What Happens When a Device or Interface is Activated? When you activate a device, the nGeniusONE Server relearns the device and automatically verifies the IP address and media type of the device and/or interface. If the IP address and media type both match the deactivated device and/or interface, the nGeniusONE Server uses the same entry in the database and marks the device and/or interface Active. If the IP address and media type do not match the deactivated device and/or interface, the nGeniusONE Server marks the deactivated device and/or interface as Absent and a new entry for that device and/or interface is created in the database.
607
nGeniusONE 5.4.1 Online Help Topics
Absent Interfaces Understanding Absent Interfaces in nGeniusONE An interface displays a status of Absent when one of the following occurs: • A previously Active interface cannot be located on a probe or switch during relearn • The nGeniusONE Server synchronizes with the device For example, if you disconnect a port from a switch without first deactivating it, the port status changes to Absent. During each relearn, the nGeniusONE Server continues to look for the port. If the port is found, the status of the interface changes back to Active. To resolve an absent interface, you can reconnect the interface so that the nGeniusONE Server can find the interface during the next relearn, or you can delete it. The deleted interface ages out of the database. You cannot deactivate an absent interface.
Deleting an Absent Interface in nGeniusONE You can delete an Absent interface from the Interface details window. You can delete only interfaces with a status of Absent; you cannot delete interfaces with a status of Inactive. To delete an Absent interface: 1. From the nGeniusONE Console, click
Device Configuration.
2. Click the Devices tab. 3. Double-click the device containing an absent interface. 4. Select the absent interface and click Delete. 5. In the Confirmation dialog box, click Yes to delete the absent interface, or click No to cancel the deletion process. 6. Click OK. 7. Click Apply.
608
CONFIGURING AND MANAGING nGeniusONE
Supported Devices Other Supported Devices in nGeniusONE You can add devices such as routers, switches, or servers using nGeniusONE Device Configuration to report MIB2 data over SNMP. The device you add must support the SNMP protocol and be MIB2 compliant. Note: Although you can add the switches and routers in Device Configuration, these devices are not displayed in nGeniusONE modules. Instead you can view these devices in legacy applications such as nGenius Performance Manager. Devices with Multiple IP Addresses Interfaces on MIB2 devices can have different IP addresses. To avoid adding the same device twice, all IP addresses on the device are learned and stored in the database. When a new device is added, the nGeniusONE Server searches the database to verify that the IP address does not exist. If the IP address already exists on the standalone nGeniusONE Server or on any Local Server in a distributed server environment, you will be unable to add the device. For example, consider a router with the IP address 10.45.67.8 for interface 1 and an IP address 10.34.56.7 for interface 2. If you add the router using the IP address for interface 1, the nGeniusONE Server also learns the IP address for interface 2 and stores it in the database. If you attempt to add the same device using interface 2, you are unable to add the device because it already exists. Invalid Router Interfaces By default, the nGeniusONE Server learns all interfaces on routers, including those without octets or packets. This can result in illegal interfaces. To filter out invalid interfaces, edit serverprivate.properties as follows: 1. Navigate to /rtm/bin. 2. Using a text editor, open the serverprivate.properties file. Note: NetScout Systems recommends making a backup copy of the file before making any changes. 3. Add the parameter, genericDevice.filterInterfaces.enabled, and set it to true as follows: genericDevice.filterInterfaces.enabled=true 4. Save and close the file. 5. Restart the nGeniusONE Server: /opt/NetScout/rtm/bin/stop /opt/NetScout/rtm/bin/start
609
nGeniusONE 5.4.1 Online Help Topics
MANAGING SERVICES Overview of Service Configuration nGeniusONE provides a centralized Service Configuration feature where Administrators can create services for monitoring and reporting by components such as Service Monitors, Reporting, and the Service Dashboard. Using these service-based tools, IT organizations can detect service issues and degradation before large numbers of users are affected, thereby improving service availability and overall user experience. Services are categorized by type, application or network domain, each of which is composed of one or more service members. • In an application service, a service member consists of one ASI-enabled interface or group of interfaces (network domain), plus one application, application group, or message ID. Optionally, one location key may be added to a service member containing an appropriately configured monitored element. • In a network domain service, service members comprise only ASI physical interfaces defined in Device Configuration and their associated location keys. Users with Service Configuration privileges define services by selecting applications and interfaces configured in nGeniusONE Global Settings. The SYSADMIN and NTWKADMIN roles have this privilege, by default. These administrators can also assign services to specific end-users or to all users. Administrators can organize services and service domains into one or more hierarchies in the Service Editor. By default, at the top level, the Enterprise domain is the parent of all other domains. Service hierarchies are displayed in associated Service Dashboards and can be monitored for performance metrics and alerts.
Understanding Services In nGeniusONE, the term "service" includes the following types of configurations: • Service member — The fundamental unit of a service. A service member may contain one interface or group of interfaces (known as a network domain). Depending on the type of service, the member may also contain one application, application group, or message ID, and one location key. In nGeniusONE, all interfaces must be ASI-enabled. For additional information, refer to Command-Line Object: asi_mode. • Application service — A service that can include interfaces, applications, application groups, message IDs, network domains, and location keys, and is designated by . • Network domain — A service that includes only physical interfaces and location keys, and is designated by . This type also includes a system-defined network domain called "All Locations," described as follows. By default, the Services pane contains a system-defined network domain service called All Locations. This service is not a static grouping, but dynamically obtains all current interfaces so that they can be treated as a single node in other areas of nGeniusONE, such as Reporting. The All Locations service cannot be modified, renamed, duplicated, deleted, or associated with an alert profile. It can be assigned to users. With new installations
610
CONFIGURING AND MANAGING nGeniusONE or upgrades where there are no restricted users, the All Locations service is assigned to the Everyone system user group. For upgrades with restricted users, the service is assigned to specific users who have no restrictions. • Service domain — A grouping of application services, network domains, and other service domains, designated by . • Service hierarchy — An organization of application services, network domains, and service domains in parent-child order. Keep in mind the following considerations for all services and service domains: • In a Distributed Server environment, services and hierarchies are configured only on the Global Manager and pushed to Local Servers. • Only users with Service Configuration privileges can create services; other users must have services assigned to them by an Administrator. • Individuals who are members of user groups can view services that have been assigned to the group as well as services that have been assigned to them directly. In addition, the following considerations apply to network domains: • You can combine multiple network domains in a service domain to mirror a super group. • Network domains are not associated with specific service monitors. They are available to all nGeniusONE monitors and applications.
Creating New Application Services Administrators can create services to enable application and network monitoring in various areas of the nGeniusONE solution, such as Service Monitors, Reports, and the Service Dashboard. Create a new application service by including service members (consisting of applications and monitored elements) as follows: Tip: Read instructions below for quick methods of creating services. 1. Launch Service Configuration
from the nGeniusONE Console.
2. Click the Create service button in the Services pane on the left and select the Application Service type from the dropdown menu. The service type selection filters the list of applications and monitored elements supported as possible service members. Additionally, the service type narrows the number and type of metrics available as triggers for service alert profiles. 3. Enter a name for the service in the Service settings panel on the right. 4. Configure and add service members by clicking Add service member Service Members pane.
in the
The Service Members panel opens. This panel contains sections for Monitored Elements, Location Keys, and Applications. Each defined member must consist only of one ME or network domain, and one Application, Application Group, or Message ID. Optionally, one location key may be added to a service member containing an
611
nGeniusONE 5.4.1 Online Help Topics appropriately configured monitored element. You can use the Service Members panel to configure multiple service members at the same time. a. Select from the list one or more applications, application groups, or message IDs you want included in the service. • If you select multiple applications, groups, or Message IDs, the software separates the selections into single ME-application pairings. Note: Combining messages and the parent application for those messages in the same service is not recommended. For example, do not configure a service that includes both DNS (parent) and DNS:AAAA. • (Optional) Filter the list of applications displayed in the table by clicking and entering text in any of the column heading fields. Your parameters are applied and filtered results are displayed. You can also filter by selecting checkboxes for Applications, Application Groups, or Message IDs. • (Optional) Reduce the list to display just your selected applications in the table by clicking Only show selections. • When adding RTP applications to a service, keep in mind that RTP data is not available for display in the Application Service Dashboard. However, this data is displayed in the Unified Communications Dashboard, with a UC Server license. b.
Select one or more monitored elements or network domains.
• If you select multiple elements, the software separates the selections into single ME-application pairings. • (Optional) Filter the list of monitored elements by clicking and entering text in any of the column heading fields. Your parameters are applied and filtered results are displayed. You can also filter by selecting checkboxes for Monitored Elements or Network Domains. c. (Optional) If available for the selected ME, select one or more location keys from the list. Note: • If you add different types of location keys to this service, data is aggregated separately for each location key. There is no calculation to combine data for specific combinations of location keys. • If you are working in an upgraded nGeniusONE environment, and you previously had services with monitored element groups, the ME groups are converted to network domains and the services are updated to use the new network domains instead of the ME groups. Virtual interfaces from the previous ME Groups are shown as location keys in the service member details for the network domains. d. Click Apply to save the service member definition and continue defining other service members.
612
CONFIGURING AND MANAGING nGeniusONE Click OK to save the service member definition and close the Add Service Member panel. Separate service members are formed and listed in the Service Members list. Each row represents one member consisting of one ME/network domain + one App/App Group and any specified optional values. These entries are in a pending state until you click OK to complete the service. 5. Continue adding service members as needed. 6. (Optional) Select Alerts if you want to enable alerts for this service. Refer to Enabling Alerts for Services for additional information. 7. (Optional) From the Monitor: dropdown menu, select a service monitor to be associated with the new service. This association enables drilldowns from the new service in nGeniusONE applications, such as the Service Dashboard, to its counterpart service monitor. By default, all services are associated for drilldown to the general-use Universal Monitor. Note: • If your environment has been customized for specific business types (in Global Settings), the list of monitors available for service configuration reflects those business types. • The software does not prevent you from associating a monitor that is not applicable for the data in the service. In these cases, after drilldown the specified monitor displays no data for the service. • If the service contains RTP protocols and data, be sure to associate it with the RTP Monitor or the Media Monitor (if available). By default, services are associated with the Universal Monitor/general application view, which does not support RTP protocols and, therefore, displays no data in the monitor. 8. (Optional) Select Server or Client as an orientation preference if the service contains location keys with server and client traffic, such as Sites. This selection determines whether server or client statistics are displayed in nGeniusONE applications such as reports, monitors, and alerts. To display statistics for both client and server, create a separate service for each direction. 9. Click OK to save your service. The application service, designated by to the Services pane.
, is added
To apply restrictions on user access to services in other areas of nGeniusONE, you can assign services to specific users and groups. Refer to Assigning Services to nGeniusONE Users for additional information. You can also quickly create a service in either of the following ways: • Create a new service using the same applications as an existing service by selecting the service in the Services pane and clicking Create service from settings
.
The Service Members panel opens with the applications preselected and your choice of monitored elements to apply to the new service. • Create a service from a predefined template.
613
nGeniusONE 5.4.1 Online Help Topics
Creating a Service from a Template nGeniusONE provides several templates to help you quickly create services for monitoring. When you create a template-based service, the template provides predefined applications and you specify the monitored elements. If required, you can customize template-based services by adding and deleting applications and monitored elements. Service templates have the following characteristics: • All users who have access to the Service Definition Editor can use all templates. • The templates available for selection are filtered according to the selected service type. • After creating a template-based service, you can perform any other tasks associated with ordinary services. • You cannot create your own templates. To create a service based on a template: 1. Click Create a service from a template
in the Service Definition panel.
2. Select the template you want as a basis for the new service from the dropdown menu. The Service Members panel opens showing the default applications provided by the selected template. a. Select one monitored element or network domain for the new service member. b.(Optional) If available, select location keys for the service member. c. Click OK. The Service Definition panel displays the application-monitored element service members for the template-based service. Notice that the corresponding service monitor has been automatically associated. This association enables drilldowns from the new service to its counterpart service monitor. 3. Click OK to complete the template-based service. The service is added to the Services List (on the left). You can perform other tasks as necessary for the new service, such as changing the service name, modifying applications and monitored elements, and changing the default monitor association. Refer to Creating New Application Services for additional details.
Configuring Network Domains Administrators can configure network domains to enable network monitoring in various areas of the nGeniusONE solution, such as Service Monitors, Reports, and the Network Dashboard. 614
CONFIGURING AND MANAGING nGeniusONE Create a new network domain service by including service members (consisting of monitored elements and location keys) as follows: 1. Launch Service Configuration
from the nGeniusONE Console.
2. Click the Create service button in the Services pane on the left and select the Network Domain service type from the dropdown menu. The service type selection filters the list of possible service members to display only monitored elements. Additionally, the service type narrows the number and type of metrics available as triggers for service alert profiles. 3. Enter a name in the Network Domain panel on the right. 4. Add service members by clicking Add service member Members pane.
in the Network Domain
The Service Members panel opens. This panel contains sections for Monitored Elements and Location Keys. You can use the Service Members panel to configure multiple service members at the same time. a.
Select one or more monitored elements.
b. (Optional) Filter the list of monitored elements by clicking and entering text in any of the column heading fields. Your parameters are applied and filtered results are displayed. c. (Optional) If available for the selected ME, select one or more location keys from the list. Note: • If you add different types of location keys to this network domain, data is aggregated separately for each location key. There is no calculation to combine data for specific combinations of location keys. • If you are working in an upgraded nGeniusONE environment, and you previously had services with monitored element groups, the ME groups are converted to network domains and the services are updated to use the new network domains instead of the ME groups. Virtual interfaces from the previous ME Groups are shown as location keys in the service member details for the network domains. d. Click Apply to save the service member definition and continue defining other service members. Click OK to save the service member definition and close the Add Service Member panel. Separate service members are formed and listed in the Service Members list. Each row represents one member consisting of one ME and any specified location keys. These entries are in a pending state
until you click OK to complete the service.
5. Continue adding service members as needed.
615
nGeniusONE 5.4.1 Online Help Topics 6. (Optional) Select Alerts if you want to enable alerts for this network domain. Refer to Enabling Alerts for Services for additional information. 7. (Optional) Select Server or Client as an orientation preference if the service contains location keys with server and client traffic, such as Sites. This selection determines whether server or client statistics are displayed in nGeniusONE applications such as reports, monitors, and alerts. To display statistics for both client and server, create a separate service for each direction. 8. Click OK to save your network domain service. The network domain, designated by , is added to the Services pane. Network domains can be included in application services, added to domains in the service hierarchy, and viewed on the Network Dashboard. You can also configure alerts for excessive bit rate occurring in the network domain. To apply restrictions on user access to network domains in other areas of nGeniusONE, you can assign them to specific users and groups.
Creating Service Domains You can create service domains by selecting previously configured application services and network domains, then organizing the service domains into service hierarchies as follows: Tip: Read instructions below for quick methods of creating service domains. 1. Launch Service Configuration
from the nGeniusONE Console.
2. Select a domain in the Service Hierarchy pane under which you want to create the new domain or sub-domain. 3. Click the Create domain button
in the Service Hierarchy pane on the left.
4. Enter a name for the domain in the Service Domain panel on the right. You cannot enter a name that is already assigned within the selected domain; however, you can use an existing name from a different parent domain. 5. (Optional) Filter the list of entries by clicking and entering text to filter for matching services. If you have multiple pages of services, the filter applies to all entries. 6. (Optional) Select all services on the current page or sort by the column heading (Name, Monitor, Service Type). If you have multiple pages of services, the column sorting applies to all entries. 7. Select one or more services/network domains from the list in the Service Domain panel. 8. Click OK to save the service domain. The domain is added to the selected location in the Service Hierarchy designated by . 9. (Optional) Select the service domain and assign it to other users by clicking Assign Users/Groups . Assigning the domain makes it accessible to these users for monitoring and reporting in other areas of the nGeniusONE product set. Refer to Assigning Services to nGeniusONE Users for additional information.
616
CONFIGURING AND MANAGING nGeniusONE Tips for creating domains • Duplicate an existing service domain by selecting it in the Service Hierarchy pane and clicking Duplicate domain
.
A duplicate copy is added under the same location as the original service; the duplicate has a unique name based on the original name. • Copy an existing service domain by selecting it in the Service Hierarchy pane and clicking Copy
. Then paste it into the preferred hierarchy location
.
Managing Service Hierarchies When you define services and service domains, you can arrange them into custom hierarchies that align with your organization's infrastructure, physical sites, logical workgroups, geographic regions, or business units. The hierarchies created in Service Configuration are displayed in the Service Dashboard so that you and others can visualize how services are delivered to end users and proactively identify and triage performance issues. The top level of the hierarchy tree is the fixed Enterprise Domain and all user-defined hierarchies are added below this top level. Users with the Service Configuration privilege can rename the Enterprise Domain. Using controls in the Service Hierarchy pane, you can work with hierarchies in the following ways: • Create and remove domains • Assign domains to users • Copy and paste service domains to different areas of the hierarchy • Create a duplicate copy of an existing service domain in the same location of the hierarchy • Reorder services and domains by using the reorder buttons to move up or down in the same node • Rearrange services and service domains in the hierarchy by dragging and dropping them within the same node • Import and export the service hierarchy in XML format
Understanding Service Assignments With a new installation of nGeniusONE, the top level of the Service Configuration hierarchy is the Enterprise domain, which is assigned to a system user group called "EVERYONE." This group assignment enables all nGeniusONE users to access the Enterprise domain and any service and subdomains defined under Enterprise. Since new services are not automatically assigned to any users, they must be added to the Enterprise hierarchy to inherit this global user assignment. Users who have services and domains assigned to them can also see and work with these services and domains in other areas of nGeniusONE, including Service Monitors, Reports, and the Service Dashboard.
617
nGeniusONE 5.4.1 Online Help Topics Administrators with Service Configuration privileges can exercise more selective control over user access to services using either of the following methods: • Remove the Enterprise domain's assignment to the Everyone group and assign individual services and domains to specified users In this case, the services and service domains you add to the Enterprise domain are not automatically available to any nGeniusONE users, including yourself. You must explicitly assign your services and domains to users to make them accessible for monitoring and reporting. Assigned service definitions are available only to the specified users. • Retain the Enterprise domain's assignment to the Everyone group and assign selected services and domains to users as required In this case, the services and service domains you add to the Enterprise domain are automatically available to all other nGeniusONE users. But you can explicitly assign a selected service or domain to specific users, making it available only to those users. By default, the Network Administrator (NTWKADMIN) and System Administrator (SYSADMIN) user roles have the Service Configuration privilege and can create and assign services. Users with other roles cannot create services. Keep in mind the following considerations when working with assigned services and service domains: • Administrators can assign a service to users in two ways: Explicit assignment from the Services pane Assign Users/Groups
o .
o Inheritance through an assigned domain. If a domain is assigned to a user, the user inherits assignments to the services and subdomains within the parent domain. • Administrators can assign individual services and service domains without assigning their parent domains (if any). • If a parent domain is assigned to users, and the Administrator separately assigns a nested child domain to a different user, that child domain is no longer available to the parent domain users. The Administrator must explicitly assign the child domain to the other users. • Services assigned to users explicitly or through domain inheritance are available for monitoring in Service Monitors and Reporting. Application services and network domains added to the Service Hierarchy are available for monitoring in Service and Network Domain dashboards. • You can view the users and groups to whom a particular service or domain has been assigned by selecting the node and clicking Assign Users/Groups can be revoked by deselecting user names.
618
. Access
CONFIGURING AND MANAGING nGeniusONE
Assigning Services and Domains to nGeniusONE Users With a new installation of nGeniusONE, the Enterprise domain at the top level of the Service Configuration hierarchy is assigned to a system user group called "EVERYONE." This group assignment enables all nGeniusONE users to access the Enterprise domain and any service and child domains defined under Enterprise. Users who have services and domains assigned to them can also see and work with these services and domains in other areas of nGeniusONE, including Service Monitors, Reports, and the Service Dashboard. Administrators with Service Configuration privileges can exercise more selective control over user access to services by assigning or unassigning currently configured services and domains as follows: 1. Launch Service Configuration
on the nGeniusONE Console.
2. Select one or more services in the Services pane or select a single service domain, including the root-level Enterprise domain, in the Service Hierarchy pane. If you assign a service or domain that is a child of a parent domain, the child assignment has no bearing on the parent. However, when assigning a parent domain to a user, the user inherits assignments for all underlying children. 3. Click Assign users/groups
.
A dialog box opens with lists of users and user groups configured in User Management. Current assignments are indicated with check marks. Note: If you selected multiple services, no users or groups are checked, even if the individual services were assigned to specific users. Assignments you make now for the multiple services will override any pre-existing user assignments. 4. Select one or more users and groups to be assigned the selected services or domain. To unassign a service or domain, deselect users who are currently assigned. Important: If you remove the assignment to the Everyone group, select your own user name for assignment to see this service or domain when using other nGeniusONE features. 5. Click OK after selecting the users and groups. The selected service , network domain to indicate that it has been assigned.
, or domain
is labeled with an icon
After all assignments are complete, only the specified users will see the assigned services in Reports, Service Monitors, and Service Dashboards.
619
nGeniusONE 5.4.1 Online Help Topics
Enabling Alerts for Services When working with nGeniusONE application services and network domains, you can enable alerts for the monitored elements and applications in those services. Service alerts, which are displayed in the Service Dashboard and Alert Browser, are generated by the nGeniusONE Server and provide early awareness of possible problems with applications, links, servers, voice services, or the network. Additionally, for network domains you can enable Real-Time alerts that provide immediate notification about anomalous conditions for specific supported metrics. To enable these alerts, separate configuration steps are required as described in Configuring Real-Time Alerts for Services. To enable alerts for a service: 1. Create the service. 2. Select Alerts on the service settings panel.
3. Accept the default alert profile, select a previously defined alert profile, or create a new alert profile. When you enable alerts, a default alert profile is associated with the application service or network domain. The default profile for application services produces alerts when baselines are exceeded for average response time, failure rate, and transaction rate. The default profile for network domains produces alerts when baselines are exceeded for bit rate. Other metrics are available. You can view and modify the default and other profiles by selecting the profile and opening the settings panel. Refer to Configuring Alert Profiles for Services for additional information. 4. (Optional) Select Actions. This option allows you to specify actions to occur when an alert is triggered, such as executing a script, forwarding an SNMP trap, or sending an email. Refer to Configuring Actions for Service Alerts for additional information. 5. Click OK to apply the alert settings to the service. 6. Add the service or network domain to a service domain in the Service Hierarchy to enable display of alerts in the Alert Browser. If you want to prevent the generation of service alerts during specific periods of time, you can configure service alarm exclusions.
Configuring Alert Profiles for Services and Network Domains When you enable alerts for an application or network domain service, the alerts are managed through the use of alert profiles, either the default profile associated with the service or a user-defined profile. An alert profile consists of one or more metrics with triggers for generating alerts. Using the default profile, an alert is generated when a trigger in the profile is exceeded on any member in the associated service. If preferred,
620
CONFIGURING AND MANAGING nGeniusONE you can configure an alert profile that generates alerts for aggregated service data. This option is described below. To view or modify the triggers in the default or any other profile, click the Modify button to open the settings dialog box. You can create your own profiles with customized triggers as follows: 1. After enabling alerts for a selected application service or network domain, click Create alert profile
(next to the Profile dropdown menu).
The Alert Profile panel opens. Use the settings in this panel to create or modify the triggers in alert profiles. The alert profiles you configure will always be associated with the type of service selected: application service or network domain. 2. (Optional) Select the checkbox to enable Real-Time alerts. These alerts are supported only for services and network domains with qualified elements. Refer to Configuring Real-Time Alerts for Services for additional information. 3. (Optional) Select the checkbox to enable aggregated service alerts. (Not supported when Real-Time alerts are enabled.) This feature allows you to receive alerts on aggregated data for an entire application or network domain service rather than a service's individual members. When enabled, aggregation is included in the alert profile and is applied to every service or network domain with this alert profile assigned. Alerts are generated, as warranted, by comparing the aggregated service data to the configured baselines or thresholds. The generated alerts are labelled with "Aggregated Service" when displayed in the Alert Browser. Considerations: Alarming on aggregated services is restricted to the following supported metrics: For network domains: Bit Rate For application services: Application Service Bit Rate (the sum of traffic to and from the servers for the applications in this service), Failure Rate, Transaction Rate, Timeout Percentage If you enable aggregation in an alert profile with previously created triggers, you receive a warning that the triggers will be converted to apply to an entire service. Triggers that aren't supported for aggregated services will be removed. If preferred, you can keep the existing profile by cancelling this conversion and create a new profile for aggregated services. 4. Click Add trigger
.
5. Configure triggers for the alert profile as required. Click Apply to add as many as 10 triggers. 6. (Optional) Select Action if you want to specify additional operations, such as executing a script, forwarding SNMP traps, and/or sending an email, in response to alerts generated for the selected alert profile.
621
nGeniusONE 5.4.1 Online Help Topics 7. Click OK on the main panel to save the alert profile and triggers. The profile is added to the dropdown menu and can be used for other application services or network domains, depending on the type of service currently selected. For example, if the profile is defined for a network domain, the profile is available only for other network domain type services. If the profile is defined for an application service, it is available only for other application services.
Modifying and Deleting Services and Hierarchies Any user with Service Configuration privileges can modify and delete services, service domains, and hierarchies: • To modify a service, a domain, or a hierarchy: Select the entry in the Services pane or Service Hierarchy pane and make changes using the Service Definition panel. • To modify a service member within a service: Select the entry in the Service Members panel and make changes in the Add Service Member dialog box. • To delete a service or a domain: Select the entry in the Services pane or Service Hierarchy pane and click Delete
.
Exporting/Importing Service Definitions If you want to save your configured service definitions in a transferable form, you can use the Service Configuration tool to export and import them between nGeniusONE servers. You can export and import the following service definition types: • All services and network domains • All domains, services, and network domains with the hierarchy structure preserved The tool allows you to import service definitions that were previously exported using either the Service Configuration tool or the Command Line Administrator utility.
Exporting Service Definitions Note: When exporting services that have associated alert profiles and actions, the tool maintains the associations. However, you must also export the alert profiles and actions themselves. Refer to Exporting/Importing Service Alert Profiles and Actions for additional information. • To export the entire hierarchy of service domains, services, and network domains: 1. Launch Service Configuration 2. Click Export
from the nGeniusONE Console.
in the Service Hierarchy pane.
• To export all services and network domains: 1. Launch Service Configuration 2. Click Export
from the nGeniusONE Console.
in the Services pane.
Note: This action exports all services and network domains even if you have filtered the list to display a subset.
622
CONFIGURING AND MANAGING nGeniusONE The hierarchy or service configurations are exported in XML format. Depending on your browser settings, the XML takes one or more of the following forms: • Saved automatically to a default folder on your system (usually Downloads) • Displayed in a new window • Available for you to run or save manually
Importing Service Definitions Keep in mind the following considerations when importing service definitions: • If the services being imported have associated alert profiles and actions, you must import the alert profiles and actions before importing the service. Refer to Exporting/Importing Service Alert Profiles and Actions for additional information. • When importing services, the destination server must have the same devices and applications configured as the source server. Otherwise, the imported services will have no service members. • Invalid service members are excluded during import. If a service has no valid service members, the service is not imported. To import a hierarchy of domains and services: a. Click Import
in the Service Hierarchy pane.
b. Navigate to a previously exported and saved service hierarchy XML file. c. Click Open. The hierarchy is imported to the current system. If the current system already had domains and services configured, the imported nodes are integrated and, if necessary, service members are added to the current services. To import all services and network domains: a. Click Import
in the Services pane.
b. Navigate to and select a previously exported service definition file. c. Click Open. The services are imported to the current system. If the current system already had services configured, the imported services are integrated and service members are added, as necessary.
623
nGeniusONE 5.4.1 Online Help Topics
User Roles and Privileges in Service Configuration nGeniusONE provides two privileges associated with service configuration. These privileges are assigned, by default, to certain user roles as described in the table below. Privilege name
User roles (assigned by default)
Description
Service Access Control
Network Administrator (NTWKADMIN); System Administrator (SYSADMIN)
Provides the ability to assign services and domains to other users in nGeniusONE Service Configuration.
Service Configuration
Network Administrator (NTWKADMIN); System Administrator (SYSADMIN)
Provides the ability to configure services, including creation, deletion, and modification.
Note: • If users are in a user group, the privileges associated with the group role override those assigned to the individual user. For example, if User1 is assigned the System Administrator role but is added to a group with the Help Desk role, User1 will have service privileges associated with the Help Desk rather than the System Administrator role. • The System Administrator can modify privileges and user role assignments in nGeniusONE Server Management as described in Modifying User Roles. • With a new installation of nGeniusONE, the top level of the Service Configuration hierarchy is the Enterprise domain, which is assigned to a system user group called "EVERYONE." This group assignment enables all nGeniusONE users to access the Enterprise domain and any service and subdomains defined under Enterprise. • Newly configured services are not automatically assigned to any users; the services must be added to the Enterprise hierarchy to inherit the global user assignment. • If a user has been restricted to specified UMC-based Monitored Element Groups and the individual logs in to nGeniusONE, the user is able to view all services and service domains, but cannot create or modify them.
624
CONFIGURING AND MANAGING nGeniusONE
Using CLA Commands for Service Definitions The nGenius Command Line Administrator is a command-line utility for performing a variety of management functions. It is especially useful for streamlining repetitive tasks that would be time-consuming when using the nGeniusONE user interface. There are a number of commands that enable you to create, modify, assign, and delete services, network domains, and service domains. This help topic provides general guidelines and examples for using the CLA. Refer to the command-line help for a complete description of all service definition parameters and usage.
Accessing the nGenius CLA utility 1. Log in to the nGeniusONE Server system and navigate to the /rtm/cla prompt. 2. Execute nGeniusCLA.bat (Windows) or ./nGeniusCLA.sh (UNIX) followed by the appropriate parameters (described below). 3. To view command-line help, enter nGeniusCLA.bat -help or ./nGeniusCLA.sh help. Help for the service definition commands is in the Service Config Parameters section.
Command Syntax Linux: ./nGeniusCLA.sh -ur -pw -act serviceConfig Windows: nGeniusCLA.bat -ur -pw -act serviceConfig
Supported Operation Keys -add_service_member, -assign, -assigned_to, -assoc_profile, -assoc_service, bulk_add_network_domain, -create_domain, -create_service, -del_domain, -del_service, dup_domain, -dup_service, -mod_domain, -mod_service, -unassign, update_network_domain
Examples 1. Create an application service that is named "My Service" and includes an application and a monitored element (IP address and interface number). -act serviceConfig -create_service "My Service" -app http -ipifn 10.20.100.1:4 2. Create a network domain service named "My Network Domain" containing two interfaces. -act serviceConfig -create_service "My Network Domain" -ipifn 10.20.100.1:1 -act serviceConfig -add_service_member "My Network Domain" -ipifn 10.20.100.1:2
625
nGeniusONE 5.4.1 Online Help Topics 3. Assign a service named "My Service" to a user named User1. -act serviceConfig -assign User1 -service "My Service" 4. Assign all services (using wildcard *) to User1. -act serviceConfig -assign User1 -service "*" Note: Use quotation marks to enclose multiple words and any use of the * wildcard. The command-line help describes all service definition parameters with additional examples.
Exporting/Importing Service Definitions Using CLA Commands If you want to transfer an entire or partial set of service definitions from a current nGeniusONE environment to a different server, you can export and save the service definitions, then import the definitions to the other system. Using the CLA commands, you can export and import the following service definition types: • All service domains, application services, and network domains with the hierarchy structure preserved, not including alert profiles or actions (allservdomain) • All application services and network domains, not including alert profiles or actions (allservices) • Only domains with the Enterprise hierarchy structure preserved (domain) • Alert profiles (alarmprofiles) • Alert actions (alertactions)
Accessing the nGenius CLA utility 1. Log in to the nGeniusONE Server system and navigate to the /rtm/cla prompt. 2. Execute nGeniusCLA.bat (Windows) or ./nGeniusCLA.sh (Linux) followed by the appropriate parameters (described below). 3. To view command-line help, enter nGeniusCLA.bat -help or ./nGeniusCLA.sh help. Help for the service definition commands is in the Service Config Parameters section.
Export Command Syntax and Examples Specify your nGeniusONE username, password, the server that contains the current service definitions, the type of export (allservdomain, alarmprofiles, alertactions, or domain), and the output filename. The export output is XML for allservdomain, alarmprofiles, and domain; it is CSV for alertactions. You must export each type separately. Linux: ./nGeniusCLA.sh -ur -pw -sn -act servicedefexport export_type -fn 626
CONFIGURING AND MANAGING nGeniusONE Windows: nGeniusCLA.bat -ur -pw -sn -act servicedefexport export_type -fn When exporting on a Global Manager, add the -bn 1 option: ./nGeniusCLA.sh -ur -pw -sn -act servicedefexport -export_type -bn 1 -fn Examples: Export all service domains, application services, and network domains with the hierarchy structure preserved ./nGeniusCLA.sh -ur admin -pw AdminPassword -sn 10.10.100.11 -act servicedefexport -export_type allservdomain -fn allservdomain.xml Export domains only with the hierarchy structure preserved ./nGeniusCLA.sh -ur admin -pw AdminPassword -sn 10.10.100.11 -act servicedefexport -export_type domain -fn domain.xml Export all application services and network domains ./nGeniusCLA.sh -ur admin -pw AdminPassword -sn 10.10.100.11 -act servicedefexport -export_type allservices -fn allservices.xml Export alert profiles ./nGeniusCLA.sh -ur admin -pw AdminPassword -sn 10.10.100.11 -act servicedefexport -export_type alarmprofiles -fn alarmprofiles.xml Export alert actions ./nGeniusCLA.sh -ur admin -pw AdminPassword -sn 10.10.100.11 -act servicedefexport -export_type alertactions -fn alertactions.csv Export all service domains, services, and network domains with preserved hierarchy for a Global Manager ./nGeniusCLA.sh -ur admin -pw AdminPassword -sn 10.10.100.11 -act servicedefexport -export_type allservdomain -bn 1 -fn allservdomain.xml
Import Command Syntax and Examples 1. Import the output files for alert profiles and actions to Service Configuration on the same or another nGeniusONE server. If profiles and actions are associated with services, import them before importing the service definitions to maintain these associations. Note: When exporting and importing on the same server or Global Manager, omit the -sn parameter. Linux: ./nGeniusCLA.sh -ur -pw -sn -act servicedefimport -fn
627
nGeniusONE 5.4.1 Online Help Topics
Windows: nGeniusCLA.bat -ur -pw -sn -act servicedefimport -fn When importing alert profiles, if a profile by the same name already exists, alarm triggers are added and merged. When importing alert actions, if an action by the same name already exists, they are merged. (New actions are added.) To import to a Global Manager, add the -bn 1 option. ./nGeniusCLA.sh -ur -pw -sn -act servicedefimport -bn 1 -fn 2. Import the output files for service definitions to Service Configuration on the same or another nGeniusONE server: Note: When exporting and importing on the same server or Global Manager, omit the -sn parameter. Linux: ./nGeniusCLA.sh -ur -pw -sn -act servicedefimport -fn
Windows: nGeniusCLA.bat -ur -pw -sn -act servicedefimport -fn When importing to a Global Manager, add the -bn 1 option. ./nGeniusCLA.sh -ur -pw -sn -act servicedefimport -bn 1 -fn Examples: ./nGeniusCLA.sh -ur admin -pw AdminPassword -sn 10.10.100.11 -act servicedefimport -fn allservdomain.xml ./nGeniusCLA.sh -ur admin -pw AdminPassword -sn 10.10.100.11 -act servicedefimport -bn 1 -fn allservdomain.xml After importing, all exported configurations are available in the nGeniusONE Service Configuration module.
628
CONFIGURING AND MANAGING nGeniusONE
Additional Topics Service Members Use the settings in the Service Members dialog box to configure service members. For an Application Service, each individual service member must consist only of one Monitored Element (ME) or network domain (group of interfaces), and one Application, Application Group, or Message ID. For a Network Domain, each service member is a Monitored Element (ME) with no applications. Optionally, one location key may be added to a service member containing a monitored element. When using this dialog box, you are permitted to select multiple MEs, network domains, applications, and location keys, as supported. In the case of multiple selections, the software separates the selections into single ME-application, single ME-location key, or single network domain-application pairings. Note: If you are creating a service based on the applications in an existing service, only those applications are listed for inclusion in the service. You can remove these preselections as necessary. Feature
Description
Applications (Required for an Application Service; not available for Network Domains) — Select one or more applications to be paired with your ME or network domain selection. Show/Hide Filter
Reset Filter Refresh
Show or hide a filter where you can enter search text. The table displays applications matching your filter parameters. Restore the table to full results. Refresh the applications list.
Only show selections
(After selecting applications) Remove unselected items from the table and display your selections only.
Applications Application Groups Message IDs
Select Applications, Application Groups, or Message IDs to display only the specified type.
Monitored Elements (Required for Application Services and Network Domains) — Select one or more MEs and network domains to be paired with your application selections; select one or more MEs for a network domain. Show/Hide Filter
Show or hide a filter where you can enter search text. The table displays monitored elements matching your filter parameters.
629
nGeniusONE 5.4.1 Online Help Topics
Restore the table to full results.
Reset Filter
Refresh the monitored element list.
Refresh Monitored Elements Network Domains
Select Monitored Elements or Network Domain to display only the specified type.
Location Keys (Optional) — If available, select one or more location keys to be associated with your ME-Application or ME-only selections. By default, location keys are listed for appropriately configured monitored elements that have the proper traffic. Optionally, you can also display locations configured by users in Global Settings. If the selected monitored element is a network domain, this pane is titled Members and no further selections are permitted. Show/Hide Filter
Show or hide a filter where you can enter search text or select a type of location key. The table displays location keys matching your filter parameters. Restore the table to full results.
Reset Filter
Refresh the location keys list.
Refresh Include configured locations
Select the checkbox to optionally add locations configured in Global Settings. After making this selection, user-defined locations are available to add to services, even if they have no traffic.
Apply
Saves service member settings without closing the dialog box; you can continue configuring service members. Click the Cancel button to close the dialog box. The Apply button is enabled after you have selected a valid set of MEs and applications.
OK
Saves service member settings and closes the dialog box. The OK button is enabled after you have selected a valid set of MEs and applications.
Cancel
Clears modifications and reverts back to previous saved settings.
Refer to the following topics for additional information: • Creating New Application Services • Configuring Network Domains • Modifying and Deleting Services and Hierarchies
630
CONFIGURING AND MANAGING nGeniusONE
Service Settings The features and options in the Service settings panel enable you to define services, which can then be added to service domains for monitoring and reporting in nGeniusONE. You can also use this panel to view the current members of a service selected in the Services list. Note: In a distributed environment, services are configured on the Global Manager and pushed to Local Servers. In cases where Global Manager services contain service members with monitored elements that are not accessible to a particular Local Server, those service members will not be displayed on the Local Server. Feature
Description
Service Name
Text box where you enter or modify the service name.
Monitor
A list of service monitors that you can associate with your configured services. By default, all services are associated with the general-use Universal Monitor. After associating, the service is available for analysis in the selected monitor. Note: • The software does not prevent you from associating a monitor that is not applicable for the data in the service. In these cases, the specified monitor displays no data for the service. • If the service contains RTP protocols and data, be sure to associate it with the RTP Monitor or the Media Monitor (if available). By default, services are associated with the Universal Monitor, which does not support RTP protocols and, therefore, displays no data.
Orientation preference for Location Keys
For a service containing location keys with server and client traffic (for example, site location keys), select Server or Client as an orientation preference. By default, the service supplies server data to be displayed in nGeniusONE applications such as reports, monitors, and alerts. However, you can display statistics for both client and server traffic by creating a separate service for each direction.
Alerts
Select if you want to receive alerts for this service.
631
nGeniusONE 5.4.1 Online Help Topics
Profile
When you enable alerts, a default alert profile is associated with the service. The default profile for application services generates baseline alerts for failure rate, average response time, and transaction rate. You can perform the following additional tasks: Create an alert profile View and modify the triggers in a selected alert profile Delete a selected alert profile file
Import alert profiles from a previously exported Export all alert profiles Refresh the list of alert profiles
Refer to Configuring Alert Profiles for Services and Exporting/Importing Service Alert Profiles and Actions additional information. Action
When you enable alerts and select a profile, you can specify optional actions to be executed as part of the alert profile. You can perform the following additional tasks: Create an alert action Modify a selected alert action Delete a selected alert action file
Import alert actions from a previously exported Export all alert actions Refresh the list of alert actions
Refer to Configuring Actions for Service Alerts and Exporting/Importing Service Alert Profiles and Actions for additional information.
632
CONFIGURING AND MANAGING nGeniusONE
Service Members pane Note: The right-click menu for a selected service member provides options for adding, modifying, and deleting the service member. Create a service from a template
Select a predefined template as a basis for a new service.
Add service member
Open a dialog box where you can create service members to be added to the current service.
Modify service member
Open a dialog box where you can modify the selected service member.
Delete service member Show/Hide the filter
Reset the filter
Delete the selected service member. Show the filter to enter text corresponding to any of the column headings (for example application short name or application group). The table displays members matching your filter parameters. Restore the table to full results.
OK
Save all service settings. The OK button is enabled when you modify settings.
Cancel
Clear modifications and reverts back to previous saved settings.
Refer to the following topics for additional information: • Creating New Application Services • Creating a Service from a Template
Service Domain Settings Use the settings in the Service Domain panel to view and configure service domains by adding and removing services. Feature
Description
Domain name
Text box where you view or enter the domain name.
Show/Hide Filter
Show (or hide) text boxes where you can enter or select text to filter for matching services. If you have multiple pages of services, the filter applies to
633
nGeniusONE 5.4.1 Online Help Topics
all entries.
Restore the full results.
Reset Filter
Refresh the list of services in the domain.
Refresh Column headings
Select all services on the current page or sort by the column heading (Name, Service Type). If you have multiple pages of services, the column sorting applies to all entries.
Page and row controls
Click through multiple pages of services. Select the number of rows to display in a single page.
OK
Save all service domain settings. The OK button is enabled when you modify settings.
Cancel
Clear modifications and revert back to previous saved settings.
Refer to the following topic for additional information: • Creating Service Domains • Creating New Services
Network Domain Settings A network domain is a service consisting only of physical interfaces and location keys. This type of service does not include any applications, but it can be added as a service member to application-based services. Using the Network Domain settings panel, you can view the contents of the service and apply alert profiles and alert actions. Feature
Description
Service Name
Text box where you enter or modify the network domain name.
Orientation preference for Location Keys
For a service containing location keys with server and client traffic (for example, site location keys), select Server or Client as an orientation preference. By default, the network domain supplies server data to be displayed in nGeniusONE applications such as reports, monitors, and alerts. However, you can display statistics for both client and server traffic by creating a separate network domain for each direction.
634
CONFIGURING AND MANAGING nGeniusONE
Alerts
Select if you want to receive alerts for this network domain.
Profile
When you enable alerts, a default alert profile is associated with the network domain. The default profile for network domains generates baseline alerts for increasing bit rate. You can perform the following additional tasks: Create an alert profile View and modify the triggers in a selected alert profile Delete a selected alert profile file
Import alert profiles from a previously exported Export all alert profiles Refresh the list of alert profiles
Refer to Configuring Alert Profiles for Services and Exporting/Importing Service Alert Profiles and Actions for additional information. Action
When you enable alerts and select a profile, you can specify optional actions to be executed as part of the alert profile. You can perform the following additional tasks: Create an alert action Modify a selected alert action Delete a selected alert action file
Import alert actions from a previously exported Export all alert actions Refresh the list of alert actions
Refer to Configuring Actions for Service Alerts and Exporting/Importing Service Alert Profiles and Actions for additional information.
Network Domain Members pane Note: The right-click menu for a selected service member provides options for adding, modifying, and deleting the service member.
635
nGeniusONE 5.4.1 Online Help Topics
Add service member
Opens a dialog box where you can select MEs to be added to the current service.
Modify service member
Opens a dialog box where you can modify the selected service member. Delete the selected service member.
Delete service member
Show the filter to enter text corresponding to any of the column headings (for example address or alias). The table displays interfaces matching your filter parameters.
Show/Hide the filter
Restore the table to full results.
Reset the filter
OK
Saves all modified settings.
Cancel
Clears modifications and reverts back to previous saved settings.
Refer to the following topic for additional information: • Configuring Network Domains • Understanding Services
All Locations The All Locations service is a system-defined service that dynamically obtains all current physical interfaces in your nGeniusONE environment so that they can be treated as a single node. The All Locations service cannot be modified, renamed, duplicated, deleted, or associated with an alert profile. Since this service cannot be modified, the settings panel provides abilities only for viewing and filtering the available interfaces . All Locations Members pane
Show/Hide the filter
Reset the filter Refresh
636
Show the filter to enter text corresponding to any of the column headings (for example address or alias). The table displays interfaces matching your filter parameters. Restore the table to full results. Refresh the list of configured interfaces.
CONFIGURING AND MANAGING nGeniusONE Refer to the following topics for additional information: • Configuring Network Domains • Understanding Services
Service Hierarchy The Service Hierarchy pane displays the default Enterprise domain at the root level as well as user-defined services and service domains that have been added to the hierarchy. Indicates an assigned service domain Indicates an unassigned service domain Indicates an unassigned service Indicates an assigned service Indicates an unassigned network domain Indicates an assigned network domain Selecting an entry in the Service Hierarchy opens the Domain Settings panel on the right, where you can make modifications. You can perform other actions for service domains using the following controls in the Service Hierarchy pane: Note: The right-click menus for nodes in the hierarchy provide access to most of the same options. Create a new service domain Delete a selected service domain Create a duplicate copy of an existing service domain under the same location; the duplicate has a unique name based on the original name Assign a selected domain to users and groups Show and hide the filter box where you can enter text to find service and domain names Reset filter to restore display of the complete hierarchy Copy a domain, then paste it under a different parent anywhere in the hierarchy Reorder services and domains by selecting one and clicking the highlighted button to move up or down in
637
nGeniusONE 5.4.1 Online Help Topics
the same node Import domains and services that were previously exported Export all domains and services Refresh the service hierarchy In addition, you can rearrange services and service domains in the hierarchy by dragging and dropping them within the same node. Reordering is permitted for child services and service domains that are peers within a single parent domain. If services are assigned to users, the changes you make to the service hierarchy order are reflected in the Service Dashboard (after refresh). Refer to the following topics for additional information: • Creating Service Domains • Creating New Services • Modifying and Deleting Services and Hierarchies • Assigning Services to nGeniusONE Users • Exporting/Importing Service Definitions
Application Services and Network Domains This pane lists all defined application services and network domains. Note: In a Distributed Server environment, services and hierarchies are configured on the Global Manager and pushed to Local Servers. Indicates an unassigned application service Indicates an application service with user assignments (listed in the tooltip for the icon) Indicates a network domain Indicates a network domain with user assignments (listed in the tooltip for the icon) You can perform actions for services using the following controls: Note: The right-click menu for a service name provides access to most of the same options. Create a new service of a specified type Delete one or more selected application services Does not apply to network domains
638
CONFIGURING AND MANAGING nGeniusONE
Create a new service using the same applications as a selected service and adding different monitored elements Does not apply to network domains Assign one or more selected services to users and groups Show or hide a filter where you can enter search text Reset the filter to display the full list Import services and network domains that were previously exported Export all services and network domains Refresh the services list Service type selector
Select the type of service to display filtered results in the list
Refer to the following topics for additional information: • Creating New Application Services • Configuring Network Domains • Assigning Services and Domains to nGeniusONE Users • Modifying and Deleting Services and Hierarchies • Exporting/Importing Service Definitions
Definitions Definition: Application Service An application service is an nGeniusONE service consisting of ASI monitored elements (ME) or ME Groups along with applications, application groups, or message IDs. When supported, location keys may optionally be added to the application service. Definition: Network Domain A network domain is a service consisting only of monitored elements and associated location keys. Administrators create network domains in the Service Configuration module.
639
nGeniusONE 5.4.1 Online Help Topics
USING GLOBAL SETTINGS Overview of nGeniusONE Global Settings This collection of help topics provides guidance for using the Global Settings module to configure and view monitoring settings for your deployment. • Enterprise Tab: Define addresses for focus monitoring • Applications: Enable/disable applications and messages and customize monitoring options • Traffic Discovery: Identify traffic detected on your network that do not have corresponding defined applications • Locations: Create and view virtual interface definitions • Groups: Create and view group definitions for Applications, QoS IDs and CompIDs • SSL Keys: Manage keys when your deployment uses HSM or SSL decryption • Business Types: Configure the nGeniusONE Server to display only relevant applications and modules • Voice/Video: Configure UC-related ASI options for KPIs, thresholds, and processing and endpoint profiles
Global Settings in nGeniusONE — Overview In Global Settings, administrators can configure monitoring and response time options on a protocol-by-protocol basis. You can also configure the following: • Focused monitoring of your network, associated server and client communities, • Applications along business-related lines, • Several types of aggregated virtual interface groups, • Clusters of applications, QoS, and CompIDs, • SSL and TLS decryption, • "Discovered" applications which would otherwise be categorized as IP_OTHER, • Voice/Video parameters, and • A "Read Only" privilege to control what a user can view but not modify in Global Settings displays. Changes you make in Global Settings are applied to all nGenius data sources. If, for example, you enable response time monitoring for the HTTP protocol, this change is applied to the protocol directory in all probes and nGenius InfiniStreams. Global Settings are applied to a data source when the data source is initially added to the nGeniusONE Server, is relearned, or is restarted. For data to be collected for the protocols you enable in Global Settings, the appropriate monitoring options (statistics, hosts, conversations, or response time) must be enabled.
640
CONFIGURING AND MANAGING nGeniusONE In a distributed server environment, configure Global Settings on the Global Manager. The Global Manager broadcasts Global Settings to all Local Servers within its cluster. The Local Server then applies the Global Settings to the data sources. More about Distributed Servers. The Global Settings screen is organized as follows: • Enterprise tab — Optimize monitoring by configuring My Network, Server, Client, and VIP List community individual IP addresses and subnets. o My Network — My Network is designed to filter subnets or specified IP addresses tracked by InfiniStream appliances configured with asi_mode=ASI (not CDM), exclusively focusing on server communities residing inside your enterprise. o Server, Client, and VIP List Communities — The Communities feature supports adding IP addresses, address ranges, and MSISDN/IMSI phone numbers to specify server, client, and VIP List groups that lie within your enterprise and, as such, monitor traffic that you consider to be more important than other traffic. In conjunction with My Network, Server Communities, Client Communities, and VIP List community entries direct the InfiniStream appliance to filter for responsiveness metrics from specific devices or those contained within the specified address range from ASI tables. • Applications tab — This tab lists the protocols that are available for monitoring. You can configure monitoring for custom protocols as well. Including custom protocols, you can monitor a maximum of 2048 active protocols. nGenius data sources ship with a default support for 1024 protocols. You can perform the following functions on applications: o
Add custom protocols
o
Activate or deactivate protocols
o
Modify protocol response time boundaries
o
Configure KPI thresholds
o
Perform error classification
o
Set logging options
o
Enable ASRs
o
Extend ports for well-known applications
o
Associate application groups
o
Set responsiveness for voice and video quality
o
Use default values
o
Customize Market Data Feeds
o
Modify KPI alarms including KPI variables and KPI error codes
o
Configure packet slice size
Note: Only active protocols are monitored. The View drop-down menu lists the following options: o Enterprise — Lists core and enterprise-related protocols related to network operations. o Service Provider — Configure mobile applications including: Mobility Control Plane, Mobility Data Plane, SMS, UMTS/GPRS Mobility and Session Management protocols such as GMM and SM, Radio Access protocols, Handset protocols, GTPvx
641
nGeniusONE 5.4.1 Online Help Topics protocols, Policy protocols, IRAT protocols, CFSB and CFSB/UMTS protocols, CFSB/CDMA protocols. o Service Enablers — Configure applications including: DNS, MS-DNS_U, LDAP2 and LDAP1, LDAPSSL, RADIUS, Diameter, Diameter-SCTP, and DHCP. o Market Data Feed and Trade Order — Configure Market Data Feeds/MSG Platforms and Trade Order applications. o Multimedia — Configure Voice-Video-Data Control applications including: SIP, SIP-TCP, SIPS, MGCP, SCCP, RTCP, H323 RAS, Q931, H323-GAT, H245, MEGACO and MEGACO-S, RSVP3 and 2, Unistm (RUDP), RTSP_U, RSTP, RTP-VideoAudio, CRTP, MPEG2-TS, REALAUD, SKYPE, and MSB. o Messages — Display system-generated, IETF-defined communications from protocols configured on nGeniusONE. Messages derive their context from their parent applications such as DHCP, DNS, ICMP, SIP and others. For a list of current messages related to error codes, refer to the Supported Protocol Error Codes document. o Internet Categories — Display URL group applications such as Astrology, Ads, Blogs, Classified and many other out-of-the-box Web classifications to gauge traffic usage in a more granular fashion than viewing just HTTP or DNS traffic volumes. Familiar Web sites such as google.com and cnn.com would be classified under Search and News domains, respectively. Note: By default, Global Settings display the "Active" protocol directory for nGenius data sources. Alternately, you can un-select the Active Only check box to choose all (active and inactive) protocols. If you are working with only nGenius data sources, you can hide the drop down list by setting the following property in the client.properties file to false: globalsettings.showAllDeviceTypesApplications=false • Traffic Discovery tab — Labels unknown, port-based, TCP or UDP applications that would otherwise be generically lumped into the IP-OTHER category, letting you add these "discovered" protocols to your group of Well Known Applications. These highvolume applications are listed along with the associated total amount of volume, packets, and Monitored Elements and can be viewed in Traffic Monitor. • Locations tab — This tab contains sub-tabs for displaying and configuring locations (formerly virtual interfaces). o Sites — Monitor remote site links by creating virtual interfaces when network traffic matches a site definition. o APN (Access Point Name) — Monitor IP networks to which mobile devices can be connected by creating virtual interfaces when traffic matches an APN definition. o VRF Groups — Monitor remote locations from the WAN aggregation point of view. You can group multiple Route Descriptors (RDs) together, with each group being a virtual interface on the monitoring device. o
Handset — Monitor data logged for handsets in LTE and CDMA2K networks.
o VLAN Services — Monitor VLAN services mapped to VLANs and discrete VLAN levels on your network. You can define traffic in a virtual network by a variety of ways according to the connection ports on the switch, MAC addresses, source IP addresses, or by protocol type where all hosts are grouped using the same protocol on the network.
642
CONFIGURING AND MANAGING nGeniusONE o Cell Sites — Monitor Mobile Cell Site-based information on LA-RA, TAC, and SID-NID (BSID) virtual interfaces. o
PLMN — Add and configure Public Land Mobile Networks.
• Groups tab — Configure and display a variety of application and QoS groups, CompIDs, and SSL settings. o Application — Configure and monitor several default Application Groups. You can create your own groups and associate them with applications of your choice. o QoS tab — Reduce unwanted data by creating QoS interfaces based on groups rather than individual QoS values. o CompID — Identify more simply the devices within your environment which exchange trade orders using the FIX protocol. • SSL Keys tab — Supports decoding of Secure Socket Link (SSL) and Transport Layer Security (TLS) packet data from your InfiniStream to analyze the packet data from encrypted packets. • Business Types tab — Displays only those nGeniusONE applications that are germane to your business needs and preferences. When applied, this procedure automatically activates all protocols associated with the Business Type selected, obviating the need to activate those protocols individually. Conversely, de-selecting a Business Type deactivates all protocols associated with that Business Type selection. • Voice/Video tab — Provides configuration of Thresholds, Endpoint and Processing Profiles in support of RTP, MPEG2-TS or MSB applications.
Applying the Global Settings Read Only Privilege Configuring the Global Settings Read Only privilege in User Management is useful to control what selected users can view but not modify in Global Settings displays. As of the v5.2.1 MR1 release, this privilege is designed for non-administrators or Tier I analysts who need to view the following while monitoring: • the IP address ranges and ports of custom-defined applications • multiple ports if additional ports are entered for an application • URLs or Citrix names for children of HTTP or Citrix applications • special CDM ports for trading, MDF, and other applications The Global Settings Read Only privilege joins the Global Settings Configuration and Device Configuration privileges as choices a System Administrator can use to manage Global Settings security. These conditions prevail: • A user who has Device Configuration and Global Settings Configuration privileges can see and modify any Global Settings definition on nGeniusONE or nGenius Performance Manager servers. • A user who has the Device Configuration privilege but no Global Settings Configuration privilege can modify any device configuration and view the initial Global Settings screen but cannot see details of applications. • Where Global Settings Configuration and Global Settings Read Only privileges are selected for a user, the Global Settings Configuration privilege takes precedence over Global Settings Read Only privilege.
643
nGeniusONE 5.4.1 Online Help Topics The table below shows all possible combinations of supported privileges regarding Device Configuration, Global Settings, and Device Protocol Settings launch points on the nGeniusONE server. nGeniusONE Privileges
Device Configuration Icon
Global Settings Icon
Device Protocol Settings (UMC)
Device Configuration
visible + read/write
hidden
visible + read only
Global Settings Configuration
hidden
visible + read/write
hidden
Global Settings Read Only
hidden
visible + read only
hidden
Device Configuration + Global Settings Configuration
visible + read/write
visible + read/write
visible + read/write
Device Configuration + Global Settings Read Only
visible + read/write
visible + read only
visible + read only
Device Configuration + Global Settings Configuration + Global Settings Read Only
visible + read/write
visible + read/write
visible + read/write
Global Settings Configuration + Global Settings Read Only
hidden
visible + read/write
hidden
The table below shows all possible combinations of privileges regarding Device Configuration, Global Settings and Device Protocol Settings launch points on the nGenius Performance Manager server. nGenius Performance Manager (pre-v5.x) Privileges
Device Configuration Icon
Global Settings Icon
Device Protocol Settings
Device Configuration
visible + read/write
visible + read only
visible + read only
Global Settings Configuration
visible + read only
visible + read/write
visible + read/write
Global Settings Read Only
visible + read only
visible + read only
visible + read only
Device Configuration + Global Settings Configuration
visible + read/write
visible + read/write
visible + read/write
Device Configuration + Global
visible +
visible +
visible + read
644
CONFIGURING AND MANAGING nGeniusONE Settings Read Only
read/write
read only
only
Device Configuration + Global Settings Configuration + Global Settings Read Only
visible + read/write
visible + read/write
visible + read/write
Global Settings Configuration + Global Settings Read Only
visible + read only
visible + read/write
visible + read/write
645
nGeniusONE 5.4.1 Online Help Topics
Enterprise Tab The Enterprise tab in Global Settings provides viewing and configuration screens for My Network and these Community types: • Server Communities • Client Communities • VIP List Server, Client, and VIP List communities support adding IP addresses and address ranges to specify server and client groups that lie within your enterprise and, as such, monitor traffic that you consider to be more important than other traffic. In conjunction with My Network, Server Communities, Client Communities, and VIP List community entries direct ASI-enabled InfiniStream appliances to filter for responsiveness metrics from specific devices or those contained within the specified address range from the same tables My Network accesses. To access the Locations tab: 1. Login to the nGeniusONE console and click
Global Settings.
2. Click the Enterprise tab. 3. Choose one of the sub-tabs.
My Network Overview Configuring My Network Configuring Communities Creating My Network and Communities Import Files More about the asi_mode command line object My Network view is a gateway list that displays network and subnet IP addresses configured to support ASI responsiveness metrics drawn from KSI (Key Server Indicator), KEI (Key Exception Indicator), and KPI (Key Performance Indicator) tables as well as flow data from the KTI (Key Traffic Indicator) table. My Network is designed to focus monitoring on traffic flowing over the enterprise's networks to identify or prevent latency problems. For perspective, My Network is similar to the Analysis Zones feature provided in earlier nGenius releases but provides much more than just network behavior analysis and discovery alerts. The optional My Network feature is designed to filter for ASI-supported subnets or specified IP addresses tracked by InfiniStream devices, exclusively focusing on server communities residing inside your enterprise and disregarding addresses outside your network, except for those multi-tier applications over which you have some control such as Salesforce.com. Technically, My Network is meant to prevent external server IP Addresses from appearing in ASI tables. The default InfiniStream behavior is to collect ASI responsiveness data (the choices are: asi_mode=ASI, asi_mode=CDM or asi_mode=hybrid) but only if My Network entries are added and applications are configured and downloaded or relearned from the nGeniusONE server. For more information about this command and supported configurations, click here.
646
CONFIGURING AND MANAGING nGeniusONE Communities should be added by system administrators who know that the addresses they add are ASI-related since any non-ASI-related community traffic would be dropped. Turning Off ASI Data, Disabling My Network My Network is not well suited for businesses that host an abundance of varied network ranges because manually entering every required IP subnet range can be exhaustive. If an IP range is omitted, critical business applications are not monitored and Service Assurance for that customer can break down. If you want to use the InfiniStream primarily in support of applications such as nGenius Subscriber Intelligence, but you still want to use nGeniusONE management features, note that My Network functionality operates only when the appliance is enabled for ASI data. If the mode is turned off, CDM data and xDRs are collected, but any My Network entries will not be enabled. My Network is disabled by default in new installations. Configuration My Network can be configured either of two ways: • Adding an IP Address entry under the Enterprise > My Network tab, or • Configuring a URL or Child IP application under the Applications tab. Adding an IP Address entry in My Network preserves monitoring and collection of ASI data for an individual IP Address or range while adding and configuring a URL (such as boston.com) or Child IP application preserves ASI monitoring for the specified application. Beginning with the v5.3 release, NetScout filters for only HTTP, HTTPS, and DNS protocols by default (children of these applications are not included). But, configured URL/Child IP applications are preserved even without reference in My Network because their standing supersedes My Network entries. Additionally, you can add applications you want excluded from monitoring and ASI data collection by adding them to a file that will be subjected to a My Network "check". The procedure is described here. Defaults Four standard, well-known subnets are provided to support internal networks across a spectrum of IPv4 Class A, B, and C and IPv6 ranges by clicking the Enable Private Network check box. These subnets are offered as a starting point from which to build your My Network communities. If these subnets do not include your interior networks, you can add others. Their address ranges cover standardized subnets for private networks as defined in RFC 1918 for IPv4 networks, and RFC 4193 for IPv6 networks. These addresses are characterized as private because they are not globally delegated, meaning they are not allocated to any specific organization, and IP packets addressed by them cannot be transmitted onto the public Internet. As shown in the following table, these IPv4 subnets include one Class A network, 16 contiguous Class B networks, and 256 contiguous Class C networks. Additionally, an IPv6 subnet is provided: FC00::/7. Address Classes
Address Ranges
IP Address/Subnet
IP Address Count
Class A Networks
10.0.0.0 10.255.255.255
10.0.0.0/8 (255.0.0.0)
16,777,216
647
nGeniusONE 5.4.1 Online Help Topics
Class B Networks
172.16.0.0 172.31.255.255
172.16.0.0/12 (255.240.0.0)
1,048,576
Class C Networks
192.168.0.0 192.168.255.255
192.168.0.0/16 (255.255.0.0)
65,536
The following default maximum values apply when adding My Network and Community entries: • IP addresses — 50 per entry • Communities — up to 10,000 total for all combined "host"-related groups: My Network, Client/Server Communities, and VIP List; up to 10,000 each for a combined limit of 15,000 MSISDN and IMSI (VIP List) communities. • Community names — 50 characters In addition to adding addresses manually, import and export functions are available to upload multiple addresses and ranges or export multiple addresses, respectively. These additional defaults apply: • If My Network entries already exist upon an upgrade, My Network will remain enabled. • If no My Network entries exist upon an upgrade, the feature will be disabled. My Network, Communities Examples In addition to the interior networks he is responsible for, Acme Widgets network administrator Henry Price wants to keep tabs on third-tier networks that are outside his explicit control but vital to the enterprise. To do this, he creates My Network entries for servers supporting RightNow and Okta to set up monitoring of problem ticketing and cloud services that are vital to the enterprise. Then, to more finely focus monitoring of these third-tier networks, Henry adds a Cloud client community encompassing all users on the company headquarters network. Because the HQ address range lies within the My Network default 192.168.0.0/16 private network range, he does not need to create a new My Network entry. In a second example, Henry wants to monitor traffic load flowing through his Marketing department servers at the Ann Arbor office so he adds a Server Community on the 10.30.201.67/8 subnet. Because the IP address ranges those application servers reside on are situated outside of the three IPv4 default private networks nGeniusONE provides, Henry adds a new My Network entry with an address range of his choice. Henry needs to pay more scrutiny to the company’s phones, which have been bearing a heavier than usual load and providing spotty service lately. So, Henry adds a VIP List community for 192.168.47.39, the IP address of the switch on which phone service is supported. Again, no entry in My Network is required because the phone switch’s interior address lies within the default private network range. Frequent interruption of email service has prompted a deeper examination of the firm’s Email servers and who might be overloading the system with large email attachments. In response to this situation, Henry adds a server community on the appropriate subnet and a wide-ranging client community which includes multiple subnets throughout the company. Because the subnets are all internal, no My Network entries need be added.
648
CONFIGURING AND MANAGING nGeniusONE
Specifying IP Addresses for Focused Monitoring My Network is designed to filter subnets or specified IP addresses monitored by ASIenabled InfiniStream appliances, exclusively focusing on server communities residing inside your enterprise and disregarding addresses outside your network, except for those multi-tier applications over which you have some control such as Salesforce.com. The Server, Client, and VIP List communities feature supports adding IP addresses and address ranges – groups - to specify servers and clients that lie within your enterprise and, as such, monitor traffic that you consider to be more important than other traffic. By design, communities screen out "noise" and provide a sharply focused picture of server and client latency on connections you care the most about. By narrowing your sample of servers or clients based on their commonalities, you greatly reduce the flow entry size of data to only those community datasets of interest, with the added benefit of more easily examining problematic sites and application servers. In especially large deployments, you can now quickly survey hundreds of communities instead of hundreds of thousands of individual users – an orders of magnitude difference. How Communities Can Be Utilized Server communities aggregate both server and client activity specified in subnets and/or IP addresses while Client communities aggregate client activity-specified only. Both communities provide a virtual layer view beneficial for monitoring application-centric services. Additionally, servers within a multi-tier application, as a best practice, can be placed in a server community while non-server clients can be placed in a client community. These community configurations are reflected in the server dependency mapping feature which improves this visibility for servers acting as clients in a multi-tier application. For perspective, the nGeniusONE Server communities feature is roughly similar to Performance Manager's Host Group client aggregation type and the PM Client communities feature is roughly similar to the Host Group's all aggregation type. The VIP List community is a grouping of special entries, an example of which might be "CEO_Monitor", a community which would track a particular device of the chief executive officer. Client, Server, and VIP List communities are applied after checking for My Network entries. Configuration Guidelines for My Network and Communities • When addresses are deleted from My Network, any address that is equal to or contained by that address in Server Communities is also deleted. • Addresses entered in Server Communities must be equal to or contained by addresses in My Network. • If an address is revised in My Network, you must edit the existing Server Community address or add a new Server Community. • You can add only single VIP List community IP addresses, not subnets. After adding an entry, the configured IP address will display with a /32 subnet (255.255.255.255) appended for an IPv4 address and a /128 subnet for an IPv6 address but these subnets signify a unique value matching only one IP address. Additional Configuration Guidelines • Exactly matching server and client community entries are disallowed so that a second, matching IP addressed is not permitted.
649
nGeniusONE 5.4.1 Online Help Topics • NetScout recommends that any community addresses you add be included or contained within the My Network address or address range entries. • VIP List communities accept only single IP addresses, not subnets. The configured IP address will display with a /32 subnet appended for IPv4 address and a /128 subnet for an IPv6 address but these subnets signify a unique value that matches only one IP address. • Clicking the check box adds four default subnets for use as "private" networks. These subnets are available as a starting point from which to build My Network. Their address ranges cover standardized subnets for private networks as defined in RFC 1918 for IPv4 networks, and RFC 4193 for IPv6 networks. These addresses are characterized as private because they are not globally delegated, meaning they are not allocated to any specific organization, and IP packets addressed by them cannot be transmitted onto the public Internet. Configuring My Network 1. From the nGeniusONE console, click the
Global Settings icon.
2. Click the Enterprise and My Network tabs. 3. Click Add a community . You can enter a maximum of 50 alphanumeric characters and/or spaces. With the exception of the forward slash (/), special characters are not allowed. The maximum number of communities allowed across all tabs (including My Network) is 10,000. 4. Enter an IP Address and click OK. You can enter a maximum of 150 addresses/ranges per community. 5. Click Apply. Configuring Server, Client, or VIP List Communities 1. From the nGeniusONE console, click the Enterprise tab.
Global Settings icon and then the
2. Choose a Server, Client, or VIP List community tab and click community. 3. Enter a Name and click
Add a
Add in the IP Address List pane.
4. Enter an IP Address and click OK. 5. Click OK again. 6. Click Apply to save your configuration.
Configuring My Network My Network Overview Configuring Communities My Network can be configured either of two ways: • Adding an IP Address entry under the Enterprise > My Network tab, or
650
CONFIGURING AND MANAGING nGeniusONE • Configuring a URL or Child IP application under the Applications tab. Adding an IP Address entry in My Network preserves monitoring and collection of ASI data for an individual IP Address or range while adding and configuring a URL (such as boston.com) or Child IP application preserves ASI monitoring for the specified application. NetScout filters for only three protocols by default (HTTP, HTTPS, and DNS) whether the My Network feature is disabled or not (children of these applications are not included). But, configured URL/Child IP applications are preserved even without reference in My Network because their standing supersedes My Network entries. Optionally, you can add applications you want excluded from monitoring and ASI data collection by adding them to a file on the InfiniStream appliance that will be subjected to a My Network "check" (procedure described below). Additionally, a v5.4.1 enhancement to the My Network check discards response time and XDR data if the server IP is not a My Network entry. The result is faster, more efficient processing of HTTP traffic (when running in ASI mode only). Note that HTTP child IP or URL applications are not subjected to the My Network check because the intended server IP or server URL was previously configured. The following functions are supported for My Network. Icon/Column
Description Add a My Network definition. Modify a My Network definition. Delete a My Network definition.
/
Show/Hide the filter to order the My Network list. Reset the filter.
/
Import/Export My Network definitions. Refresh the My Network list. Clicking this check box adds default subnets for use as "private" networks. Unclicking the check box removes the subnets.
Addresses
IP Addresses or address ranges of configured My Network entries.
To add an entry to My Network, perform the following procedure. In addition to adding and modifying addresses manually, import and export functions are available to upload multiple addresses and ranges or export multiple addresses, respectively. Configuring My Network 1. Click Global Settings
.
2. Click the Enterprise and My Network tabs.
651
nGeniusONE 5.4.1 Online Help Topics
3. Click Add a community. You can enter a maximum of 50 alphanumeric characters and/or spaces. With the exception of the forward slash (/), special characters are not allowed. The maximum number of communities allowed across all tabs (including My Network) is 10,000. 4. Enter an IP Address and click OK. You can enter a maximum of 50 addresses/ranges per community. 5. Click Apply. 6. Click the Server Communities tab and add names and IP addresses or address ranges as required. Refer to Communities for more information. Note: right-clicking an entry in the list displays a Modify menu item to change settings and Delete menu item to remove the entry. Importing Multiple My Network Entries To import My Network entries in bulk, perform the following procedure: 1. Using a text editor, create a .DAT file using these first three lines: # DO NOT REMOVE THESE COMMENT LINES # version="2.0" # fieldDelimiter=";" 2. Add My Network entries with this syntax: # ;;; For example: # DO NOT REMOVE THESE COMMENT LINES # version="2.0" # fieldDelimiter=";" # Name;Address(es);Group Type;Aggregation Type MyNetwork4;10.171.224.7;IS Host Group;My Network MyNetwork3;172.13.75.0/24;IS Host Group;My Network MyNetwork7;192.168.0.0/16;IS Host Group;My Network MyNetwork5;10.30.201.19;IS Host Group;My Network MyNetwork6;10.44.0.0/8;IS Host Group;My Network MyNetwork60;2001:0db8:1219:0000:0000:0087:0:0/64;IS Host Group;My Network MyNetwork52;10.34.20.0/8;IS Host Group;My Network MyNetwork62;172.22.34.166;IS Host Group;My Network 3. Save the file. 4. In Global Settings > Enterprise > My Network, click network definitions.
Import my
5. A file browser is launched which you use to locate and select the My Network file for import. Note: Click on this link for examples of Client, Server, and VIP List Community import files. Applying My Network Check to Selected Applications
652
CONFIGURING AND MANAGING nGeniusONE To add applications you want excluded from monitoring, perform the following procedure to configure the My Network check. Note: the check is applied to Client-Server applications only. 1. Run the get dump my_network_apps command on the InfiniStream to display all your configured applications that will be subjected to the My Network check. The 7character IDs map to the applications (disregard the 0x prefix), as shown in the sample below. For example: 3010017 = TELNET. % get dump 0x1000800 0x2000006 0x2000011 0x10086dd 0x2000001 0x100c002 0x3020045 0x3010014 0x3027d00 0x1000806 0x1008035 0x2000002 0x280cb20 0x301000b 0x3010016 0x3010017 0x3010019 0x3010031 0x3020004
my_network_apps IP TCP UDP IPV6 ICMP RMON2 TFTP FTP-Data RTP ARP RARP IGMP I_IPPING SYSTAT SSH TELNET SMTP TACACS SKYPE
2. Using a text editor, create a file named my_network_check_apps.cfg in the /opt/NetScout/rtm/config folder on the nGeniusONE server. 3. Add the IDs of applications you want excluded from monitoring and save the file. 4. Run the set my_network_cfg load command. You need not reset the InfiniStream because applications are learned automatically. Configuration Behavior The following behavior applies when configuring My Network and Server Communities: • When addresses are deleted from My Network, any address that is equal to or contained by that address in Server Communities is also deleted.
Understanding Communities Configuring Communities Importing Communities Using the Default Client Community Subnet The Communities feature supports adding IP addresses and address ranges to specify server and client groups that lie within your enterprise and, as such, monitor traffic that you consider to be more important than other traffic. In conjunction with My Network, Server Communities, Client Communities, and VIP List entries ensure that only relevant
653
nGeniusONE 5.4.1 Online Help Topics data is collected. Each community you configure is a smaller grouping within your My Network entries, as illustrated in the graphic below.
How Communities Can Be Utilized Server communities aggregate both server and client activity specified in subnets and/or IP addresses while Client communities aggregate client activity-specified only. Both communities provide a virtual layer view beneficial for monitoring application-centric services. Additionally, servers within a multi-tier application, as a best practice, can be placed in a server community while non-server clients can be placed in a client community. These community configurations are reflected in the Service Dependency mapping feature which improves this visibility for servers acting as clients in a multi-tier application. For perspective, the nGeniusONE Server communities feature is roughly similar to Performance Manager's Host Group client aggregation type and the PM Client communities feature is roughly similar to the Host Group's all aggregation type. The VIP List community is designed as a grouping of special entries. An example of a VIP List entry might be "CEO_Monitor", a community which would track a particular IP Address of the chief executive officer. VIP List entries can also be specified by MSISDN or IMSI phone numbers — as an alternative to identification by IP Address — and are represented in related monitor views as such. VIP List MSISDN/IMSI phone numbers are configured by selecting MSISDN or IMSI from the Type drop-down list then clicking afterward by again selecting MSISDN or IMSI.
Add a VIP List and can be viewed
MSISDN entries are LTE-specific and usually number 12 digits. They typically consist of a 3-digit Country Code, a 3-digit National Destination Code or Number Planning Area number, and the Subscriber Number. IMSI entries are CDMA2K-specific and usually number 15 digits. They typically consist of a 3-digit Mobile Country Code, a 2- or 3-digit Mobile Network Code, and the Mobile Subscription Identification Number.
654
CONFIGURING AND MANAGING nGeniusONE Client, Server, and VIP List communities are applied after checking for My Network entries. Community IDs associated with IMSI/MSISDN phone numbers for both Client and Server Communities are saved in the KSI (Key Session Indicators) table. Following configuration in Global Settings > Enterprise, these communities and their metrics are correlated with selected applications and displayed by service and traffic monitors. By design, communities filter out "noise" and provide a sharply focused picture of server and client latency on connections you care the most about. By narrowing your sample of servers or clients based on their commonalities, you greatly reduce the flow entry size of data to only those community datasets of interest, with the added benefit of more easily examining problematic sites and application servers. In especially large deployments, you can now quickly survey hundreds of communities instead of hundreds of thousands of individual users - an orders of magnitude difference. Turning Off Packet Recording and XDR Generation The ability to disable packet recording and XDR generation by InfiniStream appliances is provided by configuring a VIP List of MSISDN or IMSI phone numbers and issuing commands to associate the VIP List with mobile group IDs. This feature is beneficial for mobile companies who choose not to store ASR data and record packets for all mobile customers. Creating a VIP List to filter for only specified entries preserves the confidentiality and security of other customer phone numbers. Click here for configuration details. Displaying Host (IP Address), GeoIP, or IMSI/MSISDN Values in Community Fields For easier identification and greater visibility, you can customize alternate values for addresses or IDs displayed in Community fields of nGeniusONE monitors and enablers as follows: • Firstly, by configuring Server or Client Communities on the server and the set community_type command on the InfiniStream appliance, you can direct nGeniusONE to display IP Addresses, Host Names, or Host Group Other, by default, in Community fields of NetScout monitors. Important: while VIP List IP addresses are supported by this option, VIP List MSISDN and ISDN phone numbers do not apply when the community_type set is host. • Secondly, support is available to translate IP Addresses into geographical locations (state or country). The GeoIP feature uses internally defined mapping that requires no configuration on the nGeniusONE server — using only the set community_type command. • Thirdly, you can configure IMSI or MSISDN IDs to map to telephone numbers and more easily recognizable names — such as WestfordMarketing — either by configuring a VIP List community or by using the set community_type command. Refer to Customizing Community Types for more information. Community IDs associated with IMSI/MSISDN phone numbers for both Client and Server Communities are saved in the KSI (Key Session Indicators) table. Community Configuration Behavior The following behavior applies when configuring My Network and Server Communities: • When addresses are deleted from My Network, any address that is equal to or contained by that address in Server Communities is also deleted. • Addresses entered in Server, Client and VIP List Communities must be equal to or contained by addresses in My Network.
655
nGeniusONE 5.4.1 Online Help Topics • If an address is revised in My Network, you must edit the existing Server Community address or add a new Server Community. • You can add only single VIP List community IP addresses, not subnets. After adding an entry, the configured IP address will display with a /32 subnet (255.255.255.255) appended for an IPv4 address and a /128 subnet for an IPv6 address but these subnets. • Exactly matching server and client community entries are disallowed so that a second, matching IP addressed is not permitted. • NetScout recommends that any community addresses you add be included or contained within the My Network address or address range entries. • Clicking the check box adds four default subnets for use as "private" networks. These subnets are available as a starting point from which to build My Network. Their address ranges cover standardized subnets for private networks as defined in RFC 1918 for IPv4 networks, and RFC 4193 for IPv6 networks. These addresses are characterized as private because they are not globally delegated, meaning they are not allocated to any specific organization, and IP packets addressed by them cannot be transmitted onto the public Internet. They signify a unique value matching only one IP address.
Community Examples Use the examples below to further your understanding of how Community aggregation is applied. To Which Subnet Does My Community Belong? A given IP address can logically belong to more than one subnet. When this occurs, the IP address is matched to the most specific subnet definition. For example, consider the following list of subnets: • Subnet 1 = 10.20.30.40/8 • Subnet 2 = 10.20.30.40/16 • Subnet 3 = 10.20.30.40/24 The address 10.20.30.15 could be considered a match for all three subnets because it matches the first eight bits of subnet 1, the first 16 bits of subnet 2 and the first 24 bits of subnet 3. However, because subnet 3 has the most specific definition, 10.20.30.15 is considered a match with subnet 3. Using the same logic, the address 10.20.40.40 falls into subnet 2 and 10.50.50.50 falls into subnet 1. Consider the following three Communities: Group A: Server or Client Communities Option = Aggregate Statistics for Specified Servers or Clients 192.168.11.0/26 192.168.12.0/26 192.168.13.0/26 192.168.14.52/26 Group B: VIP List Option = Statistics for Single IP Addresses - No Aggregation or Subnets) 192.168.11.33 192.168.14.54
656
CONFIGURING AND MANAGING nGeniusONE Click here for the procedure to configure Communities.
Configuring Communities Communities Overview Configuring My Network Customizing Community Types Turning Off Packet Recording and XDR Generation by VIP List Using Default Client Community Subnet To add either a Server Community, Client Community, or VIP List, perform the procedure described below. Configuration Requirements When configuring Communities, keep in mind the following: • When adding a Server community, you must first add the subnet or IP address to My Network. • Exactly matching server and client community entries are disallowed so that if you try adding a second, matching Server or Client Community IP address, it is not permitted. • NetScout recommends that any community addresses you add be included or contained within the My Network address or address range entries. • You can add only single VIP List community IP addresses, not subnets. After adding an entry, the configured IP address will display with a /32 subnet (255.255.255.255) appended for an IPv4 address and a /128 subnet for an IPv6 address but these subnets signify a unique value matching only one IP address. • If you created name mappings for Trade Order applications in Global Settings > Groups > CompID, it is unnecessary to create similar mappings through Client or Server Communities. CompID mappings automatically populate corresponding values in the Service Monitors and related nGeniusONE tools. • To render IP addresses or IDs more recognizable, you can customize them to display as Host, GeoIP, or IMSI/IMEI values in the Community fields of nGeniusONE monitors and enablers. To do so you may have to copy files to the nGeniusONE server or InfiniStream appliance. Be aware that you may configure a GeoIP or User Community but not both. Refer to Customizing Community Types for more information. • Keep MSISDN and IMSI entries in separate communities. Configuring Communities 1. Click the
Global Settings icon and Enterprise tab.
2. Choose a community tab (Server/Client/VIP List) and click Add a community. If you select VIP List, next choose either IP Address, MSISDN, or IMSI from the Type drop-down list. Note: Alternatively, you can import phone numbers in bulk.
657
nGeniusONE 5.4.1 Online Help Topics 3. Enter a Name. 4. Click
Add in the IP Address/Phone # pane.
5. Enter an IP Address or MSISDN/IMSI phone number and click OK. Phone numbers must not exceed 15 characters. 6. Click Apply. 7. If you have added MSISDN or IMSI communities, customize how IP Addresses or IDs are displayed in nGeniusONE modules by configuring the set community_type command on the InfiniStream. Click here for instructions. Importing Multiple Client, Server, and VIP List Community Entries Important: The following My Network and VIP List examples are expressed using the Version 2.0 format. Client and Server Community entries however now use the Version 3.0 format where it is not necessary to stipulate Group and Aggregation Types. Version 3.0 further requires Name and IP Addresses be separated using commas and IP Addresses must be enclosed in quotations. To import community entries in bulk, perform the following procedure: 1. Using a text editor, create a phonenames.dat file for My Network and VIP Lists or phonenames.csv file for Client and Server Communities with these first three lines using either of the formats below: a. For My Network and VIP Lists: # DO NOT REMOVE THESE COMMENT LINES # version="2.0" # fieldDelimiter=";" b.For Client and Server Communities: # DO NOT REMOVE THESE COMMENT LINES # version=3.0 # fieldDelimiter="," 2. Add Client, Server, or VIP List (IP Address, MSISDN or IMSI phone number) entries with the following syntax (depending on Community type): • Format 2.0 — # ;;; • Format 3.0 — # ,"
CONFIGURING AND MANAGING nGeniusONE SeanDNS_Server231_Cliententries,"192.168.97.181,192.168.197.26,192.168.1 97.198,192.168.97.227,192.168.38.170" NSIP_Client69_12_136_204,"10.167.114.69,10.167.71.136,10.167.73.12,10.16 7.114.204" Client_IS51_TCPReplay_0,"10.16.171.4,10.177.64.66,10.180.13.7,10.180.13.9, 172.22.32.47,172.22.34.124,172.22.34.216,192.168.0.20" Server Community example: # DO NOT REMOVE THESE COMMENT LINES # version=3.0 # fieldDelimiter="," # Name,"Address(es)" NSIP_Server_17_19_15_20_8,"10.160.19.17,10.160.19.19,10.160.19.15,10.16 0.19.20,10.160.19.8" RadiusServer50,"216.155.165.50" Server_IS51_Traffic_TCPReplay_1,"172.22.34.166" Radius_Server_10,"10.160.15.2" LDAP_Server50,"10.5.6.50" Server_IS51_Traffic_TCPReplay_2,"172.28.249.6" Server_IS51_Traffic_TCPReplay_3,"192.168.100.20" Server_IS51_Traffic_TCPReplay_0,"10.16.61.203,10.160.138.54,10.177.64.178 ,10.180.13.10,10.180.13.4,10.180.13.5,10.180.13.6,10.180.13" LDAPServer180,"192.168.38.180" VIP List Example for IP Addresses # DO NOT REMOVE THESE COMMENT LINES # version="2.0" # fieldDelimiter=";" # Name;Address(es);Group Type;Aggregation Type IPV6_DEFAULTGW;fd49:b785:0906:1001::1;IS Host Group;None SeanINFIN;fd49:b785:906:1001:4337::12;IS Host Group;None Lab_GW;10.20.69.58;IS Host Group;None VIP List Example for MSISDN Numbers # DO NOT REMOVE THESE COMMENT LINES # version="2.0" # fieldDelimiter=";" # Name;Address(es);Group Type;Aggregation Type WestfordSalesWest;19781111111,19782222222,19783333333,19784444444;IS Host Group;MSISDN IpswitchMarketing;18018608161,18018608165,18018608188,18018608192,18 018608189;IS Host Group;MSISDN WestfordSalesEast;12121111111,12123333333,12124444444,12125555555;IS Host Group;MSISDN VIP List Example for IMSI Numbers # DO NOT REMOVE THESE COMMENT LINES # version="2.0" # fieldDelimiter=";" # Name;Address(es);Group Type;Aggregation Type PuneEng;404685505601234,404685609967,404685607833,404685607867;IS Host Group;IMSI
659
nGeniusONE 5.4.1 Online Help Topics WestfordPR;310150978786565,310150836786565,310150836782334;IS Host Group;IMSI 3. Save the phonenames file to the /opt/NetScout/rtm/bin/ folder. 4. Select Global Settings > Enterprise > , and click Import my definitions. 5. A file browser is launched for you to locate and select the community file for import. 6. Restart the nGeniusONE server as follows: /opt/NetScout/rtm/bin/stop /opt/NetScout/rtm/bin/start Additional configuration choices include modifying and deleting the community. Note: right-clicking an entry in the list displays a Modify menu item to change settings and Delete menu item to remove the entry. Configuration choices for this feature are described in the following table. Icon
Description Add a community. The maximum number of communities allowed across all tabs (including My Network) is 10,000. Modify an existing community Delete an existing community
/
/
/
Hide the community filter tool, Show the fields to filter the community list by Name, ID or (IP) Address, or Reset the filter tool. Import or Export community definitions. The maximum number of phone number groups that can be imported for both MSISDN and IMSI is 15,000 with each group comprising a maximum of 50 entries. Refresh the community display Default Client Community Subnet automatically discovers any unconfigured Client Communities.
Column
Description
Name
A unique designation for the community. You can enter a maximum of 50 alphanumeric characters and/or spaces. Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all.
660
CONFIGURING AND MANAGING nGeniusONE
Addresses
The IP addresses and address ranges of devices specified as part of the community. IPv4/v6 addresses can only be added one at a time up to a limit of 50 for VIP List, 150 for Client and 150 for Server Communities. Subnets are not supported for a VIP List.
Importing Communities You can add multiple Server Communities, Client Communities, or VIP Lists more efficiently by creating and importing a file that contains the required information. After you import the communities, download them to the data source. Note that any conflicting entries that fail validation are not imported while any new entries are added. Existing entries which resolve to a given name are overridden with the new entry specified in the file. To import communities: 1. Create a file containing information about each community you want to add. 2. From the nGeniusONE console, click the
Global Settings icon.
3. Click the Enterprise tab. 4. Click either the Server Communities, Client Communities, or VIP List tab. 5. Optional. When importing a VIP List, choose either the IP Address, MSISDN or IMSI phone number format from the Type drop-down menu. 6. Click
Import community definitions.
7. Locate and select the import file. You can create an import file manually or use a file that you previously exported. Ensure that the filename displays in the File Name field. 8. Select a file type. The default format is .CSV. 9. Click Import community definitions. Note: If the format or syntax for any host group import file is incorrect, an error message displays and the file does not import. Correct any format or syntax errors and import the file again. 10. Click OK to download the communities to devices.
Modifying a Community To modify a community in Global Settings > Enterprise > Server Communities/Client Communities /VIP List: 1. From the nGeniusONE console, click the
Global Settings icon.
2. Click the Enterprise tab and click either the Server Communities, Client Communities, or VIP List tab. 3. Select the community you wish to modify. 4. Click
Modify the selected community definition.
661
nGeniusONE 5.4.1 Online Help Topics 5. Make the appropriate modifications. You can: • Modify the community Name Note: Community names can have a maximum of 50 alphanumeric characters and/or spaces. With the exception of the forward slash (/), special characters are not allowed. The name must be unique for each group. • Modify community IP Addresses and/or Subnet Address and mask values 6. When you complete your modifications, click OK and Apply to download the modified community to devices. Modifications take effect immediately in the data source. 7. View Activity Logs to verify that the community modifications were successfully downloaded.
Deleting a Community After you delete a community and apply the deletion to the data source, data collection stops immediately. Information for that community is cleared from the host and conversation tables. However, the nGeniusONE Server retains previously collected information related to the community for 31 days. To delete a community: 1. From the nGeniusONE console, click the
Global Settings icon.
2. Click the Enterprise tab. 3. Click either the Server Communities, Client Communities, or VIP List tab. 4. Select the community you want to delete. 5. Click
Delete the selected community definition.
6. You are prompted to confirm the deletion. Click Yes. 7. Click Apply to download the deletion to the probe.
Exporting Community Groups You can export group definitions from any of the Server or Client Communities or VIP List tabs in one nGeniusONE Server and subsequently import the file to another same-version nGeniusONE Server: 1. From the nGeniusONE console, click the
Global Settings icon.
2. Click the Enterprise tab. 3. Click either the Server Communities, Client Communities, or VIP List tab. 4. Select the community you want to export. 5. Click
Export community definitions.
6. Enter a filename using a *.csv extension.
662
CONFIGURING AND MANAGING nGeniusONE 7. Save the file to your target location.
Using Default Client Community Subnet to Classify Host Group Other The Default Client Community Subnet feature is designed to organize Host Group Other entries by subnet mask. This out-of-the-box functionality automatically discovers any of your Client Communities that have not yet been configured (and would otherwise be lumped into Host Group Other) and conveniently aggregates default Client Community IP Addresses by their subnet mask, based on a subnet range you set, as shown below. For IPv4 addresses, the subnet range allowed is any value between 8 and 24. For IPv6 addresses, the subnet range allowed is 32 to 120. Both IP Address types are enabled by default.
Generally, Client Communities are classified and displayed by this ranking: first by userdefined entries, then by default subnet entries, and lastly by Host Group Other. Default Client Community subnets are correlated with ASI tables and upon discovery are removed from the Host Group Other category. The aggregated IP Addresses encompassed by the default group will display as regular IP Addresses with subnet mask in the Client Community column of various monitors. Display For example, if you enable the default Class B subnet mask of 16 for IPv4 addresses, note the IP addresses 192.168.0.0 and 10.20.0.0 shown in the Client Community column of the DNS Monitor view below. If the default subnet 96 is used for IPv6 addresses, you will see IP address ff80:0:0:0:8:800:200C:417A aggregated as ff80:0:0:0:8:800: with the last 32 bits masked.
663
nGeniusONE 5.4.1 Online Help Topics
Additional support is provided for subnet mask drill downs to Session Analysis where full IP Addresses are displayed and decodes supported. Important: Upon launching for the first time after an upgrade, both IPv4 and IPv6 check boxes are disabled if the server is migrated from a version earlier than v5.4. If the server is upgraded from v5.4, IPv4 retains the existing configuration and IPv6 is disabled by default. Caveats • Support is available on the InfiniStream beginning with v5.4.1 only. • Import or export functions are not allowed on default subnet ranges. • Only KSI and QoS data is supported by this feature; CDM CONV(ersation) and ASI conversation traffic is not. Configuration To configure the Default Client Community Subnet feature, perform the following: Global Settings module, Enterprise and Client Communities
1. Select the tabs.
Default Client Community Subnet icon.
2. Click the
3. In the pop-up dialog box, select either or both of the following choices: •
Enable Default Subnet check box, enter an IPv4 Address subnet value from the range of 8 to 24, and click OK. The IPv4 default subnet is 16. Unclicking the check box disables the feature.
•
Enable IPv6 Default Subnet check box, enter an IPv6 Address subnet value from the range of 32 to 120, and click OK. The IPv6 default subnet is 96. Un-clicking the check box disables the feature.
4. Upon clicking Apply, the Default Client Community Subnet is enabled, IP Addresses are discovered, and entries populated in various modules. 5. Optionally, you can enter the get asi command in the Agent Configuration Utility to verify default client community subnet mask settings, as shown below: % get asi
664
CONFIGURING AND MANAGING nGeniusONE IFN asi_mode current_value 3 kti_peak_type octet 3 kti_peak_interval 1000 3 uc_conv off 3 server_table on 3 disc_table on 3 vital_table on 3 tcp_monitor on 3 conv on 3 conv ports off 3 host_activity on 3 htt off Client community mask V4 16 Client community mask V6 64
Creating My Network and Communities Import Files My Network Overview Communities Overview Configuring Communities You can add multiple My Network, Client, Server, or VIP List communities more efficiently in bulk by creating and importing a file that contains the required information. Using the .CSV Format for Client and Server Communities NetScout supports the Comma-separated values (.CSV) file format to import and export communities for Client and Server Communities only. CSV files are especially useful for opening in an Excel spreadsheet, modifying, then importing back into the server. Be aware that any conflicting entries that fail validation during the import will be dropped. Existing entries which resolve to a given name will be overridden with a new name stipulated in the file. Important: The nGeniusONE server can import Version 2.0-configured .DAT files but employs the Version 3.0 .CSV format for export. The .CSV format includes the following sample header for exported files which must be observed for proper handling: #DO NOT REMOVE THESE COMMENT LINES #Version=3.0 #fieldDelimiter="," #Type: Client Communities #Name,"Address(es)" A sample entry is as follows: DNS_Client345,"192.168.57.48,192.168.57.98" Note that community values are delimited by a comma (,), and multiple IP Addresses are enclosed in quotation marks ("). Configuration To create the import file for My Network, Server, Client, and VIP List communities: 1. Create a new text file using a text editor.
665
nGeniusONE 5.4.1 Online Help Topics 2. Enter one line of information for each device observing the following rules: Syntax: • Community Name,"IP Address" Rules: • Community Name and IP Addresses or subnets are required. • Separate fields using a comma. • Separate multiple subnets and individual IP addresses using commas. • IP Address options: individual addresses and subnets. Subnets are not permitted for VIP List communities. • Aggregation Type and Group Type entries need no longer be configured for Client and Server Communities but are recognized as discreet groupings: o
Group Types: IS Host Group (used for all communities)
o Aggregation Types: My Network, Server, Client, MSISDN (VIP List), IMSI (VIP List), None (VIP List) • Import files should contain only the same Aggregation type; if different aggregation types are mixed per file, some entries will be discarded. • nGeniusONE supports import files with IPv6 addresses. • The file delimiter line (used with a semicolon in Version 2.0): # fieldDelimiter=";" can interpret re-purposed import files that were originally written for nGenius Performance Manager. Examples The following My Network and VIP List examples are expressed using the Version 2.0 format. It is not necessary to stipulate Group and Aggregation Types when writing files for Client and Server Communities using the Version 3.0 format but Name and IP Addresses must be separated using commas and IP Addresses must be enclosed in quotations. This is a My Network example: # Name;Address(es);Group Type;Aggregation Type MyNetwork1;10.0.0.0/8;IS Host Group;My Network MyNetwork2;172.21.0.0/8;IS Host Group;My Network MyNetwork3;192.168.0.0/8;IS Host Group;My Network MyNetwork4;172.25.0.0/8;IS Host Group;My Network This is a Server community example: # Name,"Address(es)" SeanDNS_Server231,"69.78.134.231" RadiusServer50,"216.155.165.50" Radius_Server_10,"10.160.15.2"
666
CONFIGURING AND MANAGING nGeniusONE LDAP_Server50,"10.5.6.50,10.11.12.13" LDAPServer180,"192.168.38.180" This is a VIP List example: # Name;Address(es);Group Type;Aggregation Type Lab_GW;10.20.69.58;IS Host Group;None This is a VIP List example for MSISDN Numbers: # Name;Address(es);Group Type;Aggregation Type WestfordSalesWest;19791111111,19792222222,19793333333,19794444444;IS Host Group;MSISDN IpswitchMarketing;18011111111,18012222222,1801333333,18014444444,180 15555555;IS Host Group;MSISDN WestfordSalesEast;12991111111,12992222222,12993333333,12994444444;IS Host Group;MSISDN This is a VIP List example for IMSI Numbers: # Name;Address(es);Group Type;Aggregation Type PuneEng;404685505601234,404685607867,404685607833,404685607867;IS Host Group;IMSI WestfordPR;310150978786565,310150836786565,310150836782334;IS Host Group;IMSI This is a Client community example: # Name, "Address(es)" dns_client_73,"192.168.134.73" FixClient_6,"192.168.128.6" RADIUS_CLIENT_50,"192.168.13.50,192.168.13.51" SIP_client_20,"192.168.20.6,192.168.20.5" DNS_Server231_Cliententries,"192.168.97.181,192.168.197.26,192.168.197.1 92,168.249.97.227,192.168.38.170" LDAP_Client_9,"10.20.48.9" 3. Save and close the file.
Turning Off Packet Recording and XDR Generation by VIP List Understanding Communities Configuring Communities
667
nGeniusONE 5.4.1 Online Help Topics Disabling packet recording and XDR generation on InfiniStream appliances is provided through configuration of a VIP List for only those MSISDN or IMSI phone numbers you want to monitor by their associated VIP List mobile group IDs. When enabled (the command is disabled by default), this functionality filters out packet recording and ASRgeneration for data only, not control data. This feature is useful for mobile companies who choose not to store ASR data and record packets for all mobile customers. Creating a VIP List to filter for only specified entries preserves the confidentiality and security of other customer phone numbers. An added benefit is the lessened monitoring impact due to fewer ASR and packet recording loads collected. Configuration 1. From the nGeniusONE console, click the
Device Configuration icon.
2. From the device list, select an InfiniStream and click
Remote Login.
3. In the CDM Agent Configuration Utility, configure the mobile_id community type setting, described here. 4. Return to the nGeniusONE Console and click
Global Settings.
5. Successively click the Enterprise and VIP List tabs. 6. Click
Add a VIP List.
7. Click OK to add the VIP List to the nGeniusONE server and click Apply to save your configuration. 8. Click Relearn on the specified InfiniStream appliance in Configuration to update the InfiniStream.
668
Device
CONFIGURING AND MANAGING nGeniusONE
Applications Tab Defining Applications — Overview Using the Applications tab in the Global Settings interface, you can configure monitoring options, response time, and KPI definitions on an application-by-application basis. You can add and configure monitoring for custom applications as well. Including custom applications, you can monitor a maximum of 2048 active applications. nGenius data sources ship with a default support for 1024 applications. To increase the number of applications the data source can support, modify the app_table_size command in the Agent Configuration Utility. To view: get app_table_size To configure: set app_table_size <# of applications> Example: set app_table_size 2048 The settings configured in the Applications tab are applied to each nGeniusONE data source when it is added, relearned or restarted. When you save changes to these settings, your modifications are applied globally to all data sources in the environment. By default, the Applications tab displays all active applications in the enterprise. You can use the View menu to filter by application type (such as Service Provider, Market Data Feed, etc.). Only active applications are monitored. You can perform the following functions: • Add, modify, and delete custom applications • View selected applications • Configure monitoring options • Viewing associated applications • Extend ports for well-known applications • Activate or deactivate applications • Modify response time boundaries • Configure KPI thresholds • Configure KPI error code alarms • Apply error classification • Configure Market Data Feed customization • Set ASRs • Set slice size • Filter the applications tree view
Distributed Server Environment Considerations In a distributed server environment, manage applications on the Global Manager. The Global Manager broadcasts settings to all Local Servers within its cluster. The Local Server then applies the settings to the data sources. 669
nGeniusONE 5.4.1 Online Help Topics
Modifying an Application You can modify certain attributes of most applications, including those included in the product by default. You must be granted Network Administrator privileges to perform this procedure. 1. From the nGeniusONE console, select
Global Settings.
2. Click the Applications tab. 3. From the View drop-down menu, select an applicable area of interest (Enterprise, Trade Order, Service Provider, and so on). 4. Navigate to or search for the application you want to modify and select it. Modify the selected application.
5. Click
6. Modify the appropriate configurable fields for the selected application. Be sure to observe rules regarding special characters. Note: • Depending on the application, not all fields can be configured. • You cannot modify the port number for applications listed by default. • To disassociate an application from an Application Group, select Other from the Application Group drop-down menu. 5. Click OK. 6. Click Apply to save your changes.
Filtering Applications Global Managers installed in large enterprise environments can manage a multitude of applications. To enhance convenience, filter the list of applications by any column heading including Name, Port(s), Group, Logged, Response Time, ASR, and Recording. The Applications tab row filter operations uses the following logic: • For best results, expand the parent nodes of interest (for example, IP, SCTP, TCP, UDP) before filtering. • Filtering operates on leaf nodes only; otherwise, the leaf rows would only be seen at the top level of the tree. For example, filtering on port 88 returns some rows that do not contain the string "88" because they are containers that might contain qualifying leaf rows. Also, note that a filter on 88 may return more than an exact match, such as 288 or 53688. • Parent applications that may, but not necessarily do, contain qualifying children are returned. • Multiple criteria are ANDed. If you want to filter on different criteria, ensure that you reset the original filter or remove irrelevant criteria.
670
CONFIGURING AND MANAGING nGeniusONE
1. From Global Settings, select the Applications tab and click filter.
Show the
2. Do one of the following: • Enter the filter criterion in the appropriate text box. Text entries that contain the text you enter (case-insensitive) are returned. • Select the appropriate option from the drop-down menu (Active/All or Enterprise/Mobile/Financial, etc.). Menu selections that match the filter are returned. 3. To filter again, click
Reset the filter and enter your new criteria.
4. When finished, you can click
Hide the filter.
Applications Tab The Applications tab, accessed from Global Settings, includes categories under which protocols are enabled to monitor hosts, conversations, and response time: Enterprise, Service Provider, Service Enablers, Trade Order, Market Data, and Multimedia, a category to view and configure Messages, and another category to view Internet Categories. If a protocol is not enabled for monitoring in the Applications tab, no data is collected for it. Applications are listed in a hierarchical rather than flat structure with parent/child messages organized in a similar fashion. For example, the SCTP and M3UA protocols display only related child applications and messages. Icon/Menu
Description Add Application. Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all. Parent and child applications are represented in the screen as follows: • An out-of-the-box node is indicated by the
icon.
• An out-of-the-box application you can add a child to is indicated by the icon. • A custom application in the process of being added is indicated by the icon. • A custom application in the process of being deleted is indicated by the icon. • A custom (user-defined) application saved to the database is indicated by the icon. • A URL-based child application is indicated by the icon.
671
nGeniusONE 5.4.1 Online Help Topics
Modify the selected application Delete the selected application
/
/
Show, Hide, and Reset the filter. You can poll the Name, Port, and Group fields and reset the row filter. Wildcard (asterisk) filtering is supported. Clicking the Search icon opens a dialog box. This facility scans the Name, Port, and Group columns for one or more active, or all (active and inactive) protocols based on a term entered in the box. Terms are case-insensitive. The use of a wildcard (asterisk) is supported as follows: • • • •
* = "ends with" search * = "starts with" search ** = "contains" search = exact match
Returns display one-by-one in the Applications screen. For more than one return, use the next and previous buttons to navigate to that match. The previous button is disabled if there were no earlier matches and the next > button enabled if there are subsequent matches. Expand the parent application/message to display all entries Collapse the parent application/message to hide all entries Select monitoring options. Expands a drop-down menu that includes the following options. Also accessible by right-clicking the application/Web entry. • Use Defaults • Reset Default Short Name to rename the application as originally designated • Associate Group • Deactivate/Activate • Responsiveness or Voice and Video Quality (for RTP only) • Days to Expiration (for Certificate only) • KPI Alarm including KPI Variables and KPI Error Codes. • Error Classification • MDF Configuration for customization of Market Data Feeds • Logged • Response Time (Enable/Disable) • ASR (Enable/Disable)
672
CONFIGURING AND MANAGING nGeniusONE • Slice Size (Recording) /
Import or Export applications, KPI settings, and group associations SNMP Trap Listeners Configuration
View menu
Application View drop-down menu options are: • Enterprise — Displays a set of core and enterprise-type protocols required for network operations. • Service Provider — Lists mobile applications. • Mobility Control Plane protocol nodes including CDMA2K, GTP_V0, GTP_V1/V2, MIPV6, Mobile IP, and S102-A21 protocols • Mobility Data Plane protocol nodes including GRE, GTPU_V1, IPIP4, and L2TP • SMS protocols including SMS_CHAT, SMS_Ctrl, SMS_DATA, SMS_File, SMS_SCTP, SMS_TCP, and SMS_UDP • UMTS/GPRS Mobility and Session Management protocols such as GMM and SM • Radio Access protocols • Handovers protocols • Policy protocols • IRAT protocols • CFSB and CFSB/UMTS protocols • CFSB/CDMA protocols • Sigtran protocols including SCTP, IP Flow Info Export, IPFIX over DTLS, ITU-T, IUA protocols, M2PA, M2UA and M3UA protocols, RANAP protocols, RNSAP, TCAP protocols, S1-AP protocols, SBcAP and SGsAP protocols, NBAP, SUA, VSUA app port, and X2AP • ANDRDMKT • Service Enablers — Organizes protocols under the following nodes: o o
DHCP AAA protocols including: • Diameter and Diameter-SCTP — nGeniusONE's Diameter parser supports IPv4/IPv6-based child applications and response times in microsecond granularity. • RADIUS Dyn Auth, RADIUS-Accounting, and RADIUSAuthentication
673
nGeniusONE 5.4.1 Online Help Topics
o o o
DNS MS-DNS_U LDAP1, LDAP2, and LDAPSSL
• Trade Order — Organizes financial trading protocols such as the following: • DirectEdge • FIX • OUCH (4.x, 32, 40, and 41) • TSX STAMP • Market Data Feeds — Organizes these and similar MDFs. • ARCA Equities, Options, and Quotes • BATS BYX, BZX, NEA, and NEX • BM&F GBX Futures and Options • BMD GBX Futures and Options • CBOE • CBOT protocols • CME GBX, CBOT, COMEX, Europe, NYMEX, Globex, and CME Partner Exchange Futures and Options • COMEX GBX Futures and Options • Direct Edge DEGA and DEGX • DME GBX Futures and Options • EUREX EMDI and EOBI • IBM WebSphere • ICE protocols • ISE MDI • KCBT GBX Futures and Options • KRX GBX Futures and Options • LIFFE • LSE GTP and Millennium ITCH • MCA • MexDer GBX Futures and Options • MGEX GBX Futures and Options • MIAX Options • NASDAQ protocols • NSX protocols
674
CONFIGURING AND MANAGING nGeniusONE • NYMEX GBX protocols • NYSE protocols • One Chicago • OPRA-Binary • OSE • PGM • RMDS • SIAC protocols • TAIFEX Market Data • TIBCO • TSE • Previously Configured - custom MDFs added before the v5.3 release. • Multimedia — Displays these and similar Voice-VideoData and Control protocols. Voice-Video-Control: • GENBAND (EGCP) • H245 • H323 RAS and GAT • MEGACO, MEGACO_S, MEGACO_T • MGCP • Q931 • RSVP2 and RSVP3 • RTCP and MBCP • RTSP and RTSP_U • SCCP • SIP, SIP-TCP, SIP_SCTP, and SIPS — nGeniusONE's SIP parser supports IPv4/IPv6based child applications as well as response times in microsecond granularity. • Unistm (RUDP) Voice-Video-Data: • Audio • MPEG2-TS • MSB • REALAUD • RTP
675
nGeniusONE 5.4.1 Online Help Topics • SKYPE • Video Application display options — Select or de-select the box in order to list displayed protocols: o o
check
Active Only (default) or all (active and inactive) applications
• Messages — Filters the view to display only messages and their parent application, from which messages inherit their context. Messages are pre-defined, autogenerated communications derived from protocols such as DHCP, DNS, ICMP, SIP and others. Examples of messages displayed are: ACK (DHCP), DNS-AAAA, Icmp-traceroute, and SIP-I. To view messages for every parent application (both active and inactive), click the All drop-down menu option. Toggle the Expand All or Collapse All (default setting) buttons to manage all nodes at once. You can configure messages for Responsiveness boundaries, KPI Variables, and KPI Error Codes. They can also be Activated/Deactivated. Note: All SIP children defined under UDP/TCP are also available under SCTP. These children are defined under SIP_SCTP. • Internet Categories — Displays URL group applications such as Astrology, Ads, Blogs, Classified and many other out-of-the-box Web classifications or domains to gauge traffic usage in a more granular fashion rather than viewing just HTTP or DNS traffic volumes. This feature is mainly view-only but provides options to: — Modify the Slice Size setting per classification by selecting and right-clicking the category and selecting Slice Size. Default: Full Optimized (AST) — Associate one or more applications to an Application Group Active Only
The Active Only check box (default) displays activated applications. De-selecting it displays both active and inactive protocols. Column Management — Shows or removes columns displayed on the screen by double-clicking on one or more selected column types to move them to the display or hide list. Note: This feature's settings do not persist past the existing session.
676
CONFIGURING AND MANAGING nGeniusONE
Refreshes the display with updated information. Columns
Description
Name
Application Name.
Ports
The application port number(s). Non-configurable for applications provided with nGenius software (factory installed). The Ports column displays: • The port number that the application is using. For example: 2054 for ARP, or • The proxy port number used to represent the range of TCP or UDP ports, and • All user-created Additional Ports. Additional Column Behavior • Internally-assigned CDM ports are no longer displayed by default with the exception of factory-installed applications. Optionally, you can display them by adding a property to the serverprivate.properties file, described here. • For existing TCP/UDP or SCTP protocols lacking a monitoring port such as IP, the cell is left blank. • When adding a custom TCP Well Known App, specifying a port and Additional Ports will cause all ports to appear unless the list is too long. In that case, hover your cursor over the port to display all configured ports.
Group
The application Group to which the application is assigned such as: Routing Protocols, Virtual Private Network, Network Services, Network Management, Mobile Control Protocols, Server, Client Server, Web Applications, Email, Multimedia, Network Services, Directory, Database, Printing, Trade Order, Microsoft Protocols, Security/Authentication Applications, Market Data Feeds, and Undefined Applications. Protocols not assigned to a group are automatically included in Other.
Logged
Represents the kind of data being logged. You can select Client-Server and/or Server, None or Reserved. Logging Servers and Client-Servers Servers
Client-Servers
Logged
X
X
All Conversations
X
—
Server IPs only
—
—
No conversations
677
nGeniusONE 5.4.1 Online Help Topics
—
Response Time
X
Reserved
If the application is supported for Response Time monitoring a check box displays in this column. A check inside the check box indicates that response time monitoring is enabled. A dash in this column indicates no response time support. Configure the per-application setting as required. Note: if monitoring response time metrics is not required at all, you can disable the feature globally to improve performance by setting Response Time Monitor to off in CDM Agent Utility > Software Options. This option reduces traffic processing and is especially beneficial for customers interested mainly in throughput and monitoring related to host searches and host activity. Optionally, you can modify response time boundaries by rightclicking a protocol for which response time is an option and selecting Responsiveness. In-line editing is available.
ASR
For supported protocols, select the ASR check box to monitor Adaptive Session Records. All protocols are disabled by default. HTTP children and most Well Known applications and Server Based Applications in TCP/UDP, SCTP are supported for enabling/disabling ASRs separately from the parent application. If a dash "-" displays in the column rather than a check box, the application is either: • Not supported, or • ASR monitoring is enabled for the application and
cannot be disabled.
Important: You must be licensed for nGenius Subscriber Intelligence (nSI). Refer to the documentation sets for those products for complete information on how to configure the nGenius InfiniStream appliance. Note: ASR is not supported for MDF applications. Note: ASRs in previous release were referred to as "xDRs." The terms are interchangeable – you may see both used in nGenius product interfaces. Note: For child applications under SIP, the ASR flag is effective only if the ASR flag for the parent SIP application is enabled. In-line editing is available. Slice Size (Recording)
678
You can set Slice Size either by either right-clicking the application/Web classification or clicking monitoring options.
Select
CONFIGURING AND MANAGING nGeniusONE Select one of the following options: • • • •
Default — Apply default slice size (128 bytes). Full — Capture the entire packet; no slice size applied. None — Do not capture packets. Full Optimized (AST) — NetScout provides deep parsing of packet headers for select applications. Examining only control data in decodes limits processing, discovers who and where traffic is routed and whether errors ensued in delivery, and dispenses with unnecessary user data storage. These applications are among others with the Full Optimized Slice Size setting as a default value: • Enterprise: AMEX, AS2805, DISCOVER, MasterCard, UNIONPAY, VISA, CITRIX, DICOM, FTP, HTTP, HTTPS, IBM_MQ, NFS_T, NFS_U, Oracle, POP3, SMB, SNTP, SNMP, and TFTP • Multimedia: Audio,Video
• Custom — Enter a specific number of bytes.
Add/Modify Applications The table below describes configuration attributes of different application categories. When adding a Server Based App (SBA), Well-Known App (WKA), or child of a parent application — all of which require IP addresses — you must configure a unique port/IP address combination. For example: • Prohibited: TCP applications with the same port number and IP address pairs • Permitted: TCP and UDP applications with the same port numbers and IP addresses • Permitted: TCP or UDP applications with different port number or IP address pairs Click these related online help links for more information: • IP, TCP, UDP, SCTP, and CORBA_METHOD • Server- and Client-Server-based applications • HTTP (URLs and MMS) • Peer-to-Peer applications • Citrix • Microsoft applications • Extension, Mobile, and Financial applications • Extensions of Well Known Applications • Market Data Feeds • Trade Order
679
nGeniusONE 5.4.1 Online Help Topics Note: Not all fields described below are configurable for every application. Children of IP, TCP, UDP, SCTP, and CORBA_METHOD Field
Description
Parent
The parent application. This field cannot be modified.
Short name
Enter an application name to be displayed in the Applications screen. Up to 32 characters are permitted. Note: Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all. Note: An application edited in nGeniusONE may display with different names in these clients. But, an application you create in either module will display with the same name.
Long name
Enter a more descriptive name for the application. You can enter up to 128 characters. Note: Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all.
Port/ID Note: Nonconfigurable for applications provided with nGenius software Additional Port
Do one of the following: • Enter the port number that the application is using. • Enter the proxy port number used to represent the range of TCP or UDP ports.
Default ports are defined for well-known applications. For example, HTTP traffic is typically captured on port 80, so HTTP is assigned port 80. In the Additional Port field you can add up to 64 additional port numbers or 32 ports if containing a range for wellknown application traffic running on other ports (for example, 8080 or 2039). A range is considered one port towards the maximum number of ports allowed. Separate entries using commas (no spaces). For example: 1, 2, 3, 4, 5, 6-35 counts as 7 entries. Duplicate port numbers are not allowed under the same parent (TCP, UDP, or SCTP). Click here for more information about how monitoring ports are displayed. Citrix — To activate Citrix Session Reliability support, add the additional port 2598. When enabled, port 2598 allows a session to automatically reconnect when network connectivity is lost (Session Reliability). In environments where Session Reliability is enabled, TCP
680
CONFIGURING AND MANAGING nGeniusONE port 2598 replaces port 1494 as the port that the ICA protocol uses. Any clients earlier than Citrix ICA v8 will not use session reliability, and will therefore still connect on port 1494. Therefore you might have some 1494 and some 2598 sessions in mixed client environments. Note: Duplicate port numbers are not allowed under the same parent (TCP, UDP, or SCTP). Application Tag
(Optional) Enter up to a maximum of 1024 characters of string text (special characters are supported). The text you enter is appended to alert evidence.
Group
Select a group from the drop-down list. If the groups do not suit your needs, you can create your own group.
Application Param
CORBA_METHOD only — (Required) Enter the method parameter that you want to monitor. H.323 RAS only — Enter a minimum of 1 and a maximum of 16 comma-separated Gatekeeper IP addresses; no spaces allowed. Important: • You must enter at least 1 valid IP address. You cannot leave this field blank. • DNS names are not supported. • No spaces are allowed in between the commas and IP addresses. • A comma must be followed by an IP address; the entry cannot end with a comma.
Children of Server- and Client-Server-based Applications Field
Description
Application Type
Select one of the following: • Server-based Application • Client-Server-based Application
Parent
The parent application. This field is not configurable.
Short name
Enter an application name, up to 32 characters. Note: Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all.
Long name
Enter a more descriptive name for the application. You can enter up to 128 characters. Note: Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all.
681
nGeniusONE 5.4.1 Online Help Topics
Server port range Note: This field does not display for IP level server-based applications.
Enter multiple ports, a range of ports, or a combination. For example: 80, 8080-8082. Separate each port or port range using a comma. If you do not specify a port range, a port range of 1-65535 is used by default.
Client Port Range
Client-Server-based applications only
Application Tag
(Optional) Enter up to a maximum of 1024 characters of string text (special characters are supported). The text you enter is appended to alert evidence.
Group
Select an Application Group from the drop-down list. If you prefer not to associate your custom application with a group, select Other.
Enter multiple ports, a range of ports, or a combination. For example: 80, 8080-8082. Separate each port or port range using a comma. If you do not specify a port range, a port range of 1-65535 is used by default.
You can create your own Application Groups. Server Parameters
Click Add Address to enter the server-based addresses you want to monitor. In the case of TCP or UDP level server-based applications, traffic is monitored for the specified port range on the specified server. Additional IP addresses are limited to: • Server-based apps — maximum of 63 • Client-server-based apps — maximum of 32 To specify a server mask, enter the network class followed by the subnet mask. For example, if you enter 192.168.0.0/16, all servers with an IP address that begins with 192.168 are monitored for IP level server-based applications. In the case of TCP or UDP level server-based applications, all servers with an IP address that begins with 192.168 are monitored for the specified port range. Note: • Server-based Applications o For IP level server-based applications, enter at least one Host IP Address. o For TCP or UDP level server-based applications only, this field is optional. • Client-Server-based Applications o Enter at least one server and one client IP address (client-side IPv6 addresses not
682
CONFIGURING AND MANAGING nGeniusONE supported) IP addresses are validated against existing user-defined server-based applications. If there is a conflict, an error message displays. Client-Server-based Click Add Address to enter the client-server-based (IP Address addresses, to a maximum of 32, you want to monitor. Parameters) Traffic is monitored for the specified port range on the specified client. To specify a mask, enter the network class followed by the subnet mask. For example, if you enter 192.168.0.0/16, all clients with an IP address that begins with 192.168 are monitored for the specified port range. Note: Enter at least one port or port range. IP addresses are validated against existing user-defined client-server-based applications. If there is a conflict, an error message displays. Important: IPv6 addresses are not supported on the client side of client-server-based applications. Select to import multiple application files. HTTP: URLs and MMS Field
Description
Short name
A short name to display in views (for example, NetScout). You can enter up to 32 characters. Note: Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all.
Address:http(s)://
Web-based application — The URL address you want to monitor. You can enter up to 256 characters (including forward slashes). For example, www.netscout.com/sales uses 22 characters. MMS — Enter the MMS message type. Entries are case insensitive. The following message types are supported: m-send (MMS Send) m-retrieve (MMS Retrieve) m-forward (MMS Forward) Syntax: • MMSC subnet configured
683
nGeniusONE 5.4.1 Online Help Topics m-, MMSC1/Mask1, MMSC2/Mask2, MMSC3, MMSC Server/Mask Example m-retrieve,10.176.33.187/16, 10.184/33/187/16 A flow is categorized as MMS Retrieve only when an HTTP Get request packet that matches the MMSC Server subnet definition is seen. • No MMSC Subnet configured m- Example m-send A flow is categorized as MMS Send when the "M-send-req" PDU is seen on any flow Parameter
Not configurable.
Additional Port
Default ports are defined for well-known applications. For example, HTTP traffic is typically captured on port 80, so HTTP is assigned port 80. In the Additional Port field you can add up to 64 additional port numbers or 32 ports if containing a range (each range counts as two ports) for well-known application traffic running on other ports (for example, 8080 or 2039). A range is considered one port towards the maximum number of ports allowed. Separate entries using commas (no spaces). For example: 1, 2, 3, 4, 5, 6-35 counts as 7 entries. Duplicate port numbers are not allowed under the same parent (TCP, UDP, or SCTP). Click here for more information about how monitoring ports are displayed. Note: Duplicate port numbers are not allowed under the same parent (TCP, UDP, or SCTP).
Application Tag
(Optional) Enter up to a maximum of 1024 characters of string text (special characters are supported). The text you enter is appended to alert evidence.
Group
Select the Application Group you want to associate (default = Web) from the drop-down menu.
Exact Match
684
Check box indicates that traffic will be classified and displayed exactly by the address you specify. With Exact Match disabled, sub-URLs are also monitored. URLs not collected under the search term are collected as HTTP.
CONFIGURING AND MANAGING nGeniusONE
Application Type Server Parameters
Select URL or Server Application. Click Add or Modify Address to enter or edit an existing server IP Address. Click to add HTTP/HTTPS applications using the syntax below: Syntax: Type 0 (URL) or 1 (Server):Short Name:Long Name:Exact_Match:Application Group:Address(es) For example: 0:RED_OA2(CURTIS):mailcurtis02.mail.mil:false:WEB:214.38.196.120 Refer to Creating a File to Import HTTP and HTTPS Children for more information.
Peer-to-Peer Applications Field
Description
Short name
Enter an application name, up to 32 characters. Note: Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all.
Long name
Enter a more descriptive name for the application, up to 128 characters. Note: Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all.
Pattern
Enter a pattern string that is exchanged when this peer-topeer application is in use, up to 64 characters. For example: • user-agent: limewire • bittorrent application • e3
Group
Select a group from the drop-down list.
Application Tag
(Optional) Enter up to a maximum of 1024 characters of string text (special characters are supported). The text you enter is appended to alert evidence.
Citrix Field
Description
Parent
The parent application. This field is not configurable.
685
nGeniusONE 5.4.1 Online Help Topics
Application name
Enter the application name (maximum of 64 characters). Note: Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all.
Short name
Enter a short name to display in views, up to 32 characters. Note: Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all.
Long name
Enter a long name to display in views, up to 128 characters. Note: Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all.
Port/ID
Enter the default port for Citrix (1494).
Additional Port
Enter the port number that the application is using. To activate Citrix Session Reliability support, add additional port number 2598. When enabled, port 2598 allows a session to automatically reconnect when network connectivity is lost (Session Reliability). In environments where Session Reliability is enabled, TCP port 2598 replaces port 1494 as the port that the ICA protocol uses. Any clients earlier than Citrix ICA v8 will not use session reliability, and will therefore still connect on port 1494. Therefore you might have some 1494 and some 2598 sessions in mixed client environments.
Application Tag
(Optional) Enter up to a maximum of 1024 characters of string text (special characters are supported). The text you enter is appended to alert evidence.
Group
Select an Application Group from the drop-down list. If a suitable group does not exist, you can create your own Application Group. If the application is not associated with an Application Group, the application does not display in the Top N Application Groups view on the Performance Manager Console.
Children of Microsoft Applications Field (variable by application)
Description
Parent
The parent application (cannot be modified). For example: MS Active Sync, Microsoft RPC. Also, MS Active Sync is not activated by default. You must do so manually.
Short name
Enter an application name to be displayed in the Applications screen. Up to 32 characters are permitted.
686
CONFIGURING AND MANAGING nGeniusONE Note: Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all. Note: An application edited in nGeniusONE may display with different names in these clients. But, an application you create in either module will display with the same name. Long name
Enter a long name to display in views, up to 128 characters. Note: Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all.
Port ID
Default port number for the application. Not configurable.
Parameter
Click Add or Modify Address to enter or edit an existing server IP Address.
Address
Add a Host IP Address.
Application Tag
(Optional) Enter up to a maximum of 1024 characters of string text (special characters are supported). The text you enter is appended to alert evidence.
Group
Select a group from the drop-down list. If the groups do not suit your needs, you can create your own group. Default: Email or Microsoft Protocols Select to import multiple application files.
Extension Applications, Mobile, and Financial Applications • Extension applications
• Extensions of Multicast applications • Extensions of Well Known Applications • SYNFLOOD
• Mobile applications
• • • •
• Financial applications
• Market Data Feeds • Trade Order
ASR Monitoring NSIP Applications MMS H.323 RAS
687
nGeniusONE 5.4.1 Online Help Topics
Adding Applications and Application Groups The process to add an application involves configuring mandatory and optional parameters on the nGeniusONE server and InfiniStream. Be aware that you must be licensed to use certain nGeniusONE modules and must have Network Administrator privileges to perform some configuration steps. 1. Perform one of the following steps: To add a custom application (importing existing application definitions from another server is described in Importing Applications below): a. From the nGeniusONE console, click the Applications tab.
Global Settings icon and
b.From the View drop-down menu, select the application set of interest: Enterprise, Service Provider, Market Data Feed, Service Enablers, Trade Order, Messages, or Multimedia. c. Select the parent application or node. Click the expansion needed, to display other child applications. 2. Click Add Application. The application will initially display the loaded when it will display the icon.
icon, if
icon until it is
3. Enter one or more of the following parameters including: Short name, Long name, Parameter, Port/ID, Application Tag, Group (from a drop-down menu), Host or Server IP Address, and click OK. Be aware that SBA, WKA, and child applications require unique port/IP Address pairs and observe rules regarding special characters. 4. Configure monitoring options. Click Select monitoring options and select the choice you want to enable or configure as listed below. Note that not every option is supported for all applications. Tip: If you prefer, right-click the application to make selections from the drop-down menu. o Associate Group — Click to include the selected application with an appropriate group such as Email, Market Data Feeds, Microsoft Protocols for easier monitoring. For instance, you may want to add an HTTP child to the Web Applications group. o Logged — Click and select an option to manage the kind of data you want to log: Client-Server and/or Server, None or Reserved. Filtering the Activity Logs describes how to further fine tune logging in the Server Management module. For instance, you can filter only for messages you want to view such as fatal errors that occur within a specified interval.
688
Servers
Client-Servers
Logged
X
X
All Conversations
X
—
Server IPs only
—
—
No conversations
—
X
Reserved
CONFIGURING AND MANAGING nGeniusONE o Response Time — Toggle to Enable/Disable. Application response time measures the time required for application frames to travel from a client to a server, for the server to process the application request, and for the response to travel back to the client. Response time, which helps you detect a host of issues including network latency problems and poor application server performance, is measured in one-minute samples (TCP applications). o ASR — Toggle to Enable/Disable the Adaptive Session Records function which combines statistics for entire sessions such as an HTTP session or Email exchange. This function provides end-to-end transaction metrics including: Source/Destination Identifiers, Session start/end times, Latency metrics, success/failure codes, and error messages, and Application-specific metrics for supported protocols. Note: If a dash "—" displays in the column rather than a check box, the application is either not supported or ASR monitoring is enabled for the application and cannot be disabled. You must also access the Agent Configuration Utility to enable ASR on the InfiniStream. o Responsiveness — Click to configure Response Time boundaries. You configure response time by setting three (ASI)time-sensitive (millisecond) boundaries into which of six buckets (for CDM data) a response is placed including Fast, Expected, Degraded, Server Level, Availability, and Timeout buckets. Range and boundary values vary depending on the type of application being monitored, and fall into the following broad protocol categories: TCP-based protocols, IPPING-based protocols, Server-based applications, Citrix children, and extended applications, URLs, and VoIP-RTP Jitter. For appliances configured to support ASI analysis and more efficient performance monitoring, response time boundaries are specified for buckets 1 (Fast), 3 (Degraded), and 5 (Slow), as shown below. Boundary settings for Buckets 2 and 4 are wrapped into Buckets 3 and 5, respectively. CDM Buckets
ASI Buckets
Bucket 1
Bucket 1
Bucket 2
Bucket 2
Bucket 3 Bucket 4
Bucket 3
Bucket 5 o Days to Expiration (for Certificate only) — Define certificate traits for all child applications under TCP > HTTPS in Global Settings. Once enabled, the Certificate Service Monitor will display traffic for any certificates seen on the network over HTTPS. o KPI Alarm — Click to configure customized KPI monitoring, alarming, and Error Codes. Key Performance Indicators are application-based
689
nGeniusONE 5.4.1 Online Help Topics measures of performance upon which you can configure alarms when problematic conditions occur. KPIs are monitored at both the physical and virtual interface level for any trunk on which virtual interfaces are enabled. Monitoring virtual interfaces is enabled by default. Variables you set to trigger an alarm include: the number of Slow responses and User events, Packet loss/retransmits, the Critical or Warning Severity level, number of Timeouts and Server events. For enhanced notification, you can elect to forward alarms, send emails, or both, and choose a CallBack script from a list. Error Codes are added from an array of pre-defined Critical and/or Warning codes with a Threshold and Minimum transaction count configurable for both code types. Be aware that error codes must be defined on the parent application and are inherited by application children. o Error Classification — Select error codes you want to suppress as Success or Information. Error codes marked as Success will not be logged; those marked as Information will be logged, but will not be treated as Failure; those marked as Failure will be logged and treated as Failure. o MDF Configuration — Configure customized values for Market Data Feed products. o Slice Size — Select Default, Full, None, or a Custom value for decodes. You can also set a Full Optimized (Adaptive Session Trace [AST]) slice size. For select applications, NetScout provides deep parsing of packet headers. Examining only control data in decodes limits processing, discovers who and where traffic is routed and whether errors ensued in delivery, and dispenses with unnecessary user data storage. Limiting slice size also enhances security by allowing users with Help Desk and Network Operator roles to capture and view packet header information, but not see actual packet content. These applications are among others with the Full Optimized Slice Size setting as a default value: • Enterprise: AMEX, AS2805, DISCOVER, MasterCard, UNIONPAY, VISA, CITRIX, DICOM, FTP, HTTP, HTTPS, IBM_MQ, NFS_T, NFS_U, Oracle, POP3, SMB, SNTP, SNMP, and TFTP • Multimedia: Audio, Video 5. Click Activate - if necessary - to initiate the selected application. Note: When you activate a parent node, you can elect to activate all protocols under the parent node or to activate the parent node only. Important: With the introduction of Business Types, those Well Known Apps associated with the Business Type category or sub-category you select are automatically activated, rendering manual activation unnecessary. However, the remaining applications remain in a de-active state. If you choose not to activate certain protocols (and retain your existing configuration), only those applications that are active by default will be shown in the “active” view. Inactivated protocols are still viewable in the “all” view. 6. Optionally, click Listeners table.
to add one or more server IP addresses to the SNMP Trap
7. Click OK and Apply to save your changes.
690
CONFIGURING AND MANAGING nGeniusONE 8. Ensure your InfiniStream appliance is configured to monitor the corresponding traffic type. Importing Applications To import application definitions: 1. First export the applications from another nGeniusONE Server as follows. 2. From the nGeniusONE console, select the tab.
Global Settings icon and Applications
3. Click Export applications, KPI settings, and group associations. KPI settings and group applications are bundled with the selected applications. 4. Save the export file in *.csv format. Important: Saving the file with the same name as a previously-saved file overwrites file contents. 5. Click Export. 6. Log on to the destination system. 7. (Optional) To assign applications to an Application Group, do one of the following: • On the destination system, create Application Groups (described in the following section) using the same names as any Application Groups that exist on the source nGeniusONE server. • Import Application Groups from the source nGeniusONE server (described in a following section). Note: Create matching Application Groups in the destination server before you start the import. Name matching is not case sensitive. For example, MY_GROUP is equivalent to my_group. The import process associates each custom application with the same Application Group with which it was associated on the source nGeniusONE Server, provided that the same group exists on the destination nGeniusONE Server. If no matching group exists, the imported application is associated with "Other". 8. From the nGeniusONE console, click the
Global Settings icon.
9. Click the Groups and Applications tabs. 10. Click Import applications, KPI settings and group associations. KPI settings and group applications are bundled with the selected applications. 11. Navigate to the export file you previously saved. Verify that the filename displays in the File Name field of the File Upload screen. 12. Click Open. The Task Progress Report status column displays. • Success — The import completes with no name modifications required, no duplicate application encountered, and the imported application definitions were successfully applied to the devices. • Warning or Errors — Display when one of the following occurs: o
o
Names were modified Duplicate applications were encountered and not imported
691
nGeniusONE 5.4.1 Online Help Topics o Application definitions were not successfully applied to the devices If Warning or Errors display in the Task Progress Report, click Details and select the Warnings or Errors tab for further information. In the case of name modifications, or duplicate applications not being imported, the Details column displays the directory where you can locate the ImportGlobalSettings.txt file, which provides further information. When you finish viewing the details information, click Close. 14. In the Applications tab, verify that the applications were successfully imported. 15. To verify that Application Group associations were successfully imported, display the Groups > Application tab and select a group to display its members in the Protocols pane. Creating Application Groups Grouping applications is useful for faster, more efficient identification. Some applications are assigned to predefined groups by default. Alternately, you can create your own Application Group and then associate any application with that group. To create an application group: 1. From the nGeniusONE console, click the
Global Settings icon.
2. Click the Groups tab. 3. Click the Application tab. 4. Click
Add an application group.
5. In the Name field, enter a unique identifier of up to ten characters. 6. In the Description field, enter a unique description for the group. 7. Click OK then Apply to save your configuration. Importing Application Groups To define Application Groups efficiently and consistently, you can import and export groups from server to server. After you import the groups, you can import group application associations. To import an Application Group: 1. Create and save the import file: • If importing from a same-version nGeniusONE server, create an import file by exporting Application Groups from the other server (described in the next section) • If importing from a different-version nGeniusONE server, manually create an import file. 2. From the nGeniusONE console, click the
Global Settings icon.
3. Click the Groups > Application tabs and select one or more application groups. 4. Click Import application groups. KPI settings and group applications are bundled with the selected applications.
692
CONFIGURING AND MANAGING nGeniusONE 5. Browse to and select the import file. 6. Verify that the File Name displays correctly. 7. Click Open. Importing the applications directory includes Application Group associations. Exporting Application Groups You can define Application Groups efficiently and consistently by importing and exporting Application Groups from server to server. Use this procedure if you plan to import the file to a same-version nGeniusONE server. To export an Application Group: 1. From the nGeniusONE console, click the
Global Settings icon.
2. Click the Groups > Application tabs. 3. Select one or more applications. 4. Click
Export application groups.
5. Click Save File and OK.
Associating Applications with a Group Associating one or more applications with an Application Group allows you to better understand the types of traffic flowing through your network. For example, you can group all web-related applications to view related data. You can associate each application with only one group. Before you can associate an application with a user-defined Application Group, you must first create the group. To associate applications with an application group: 1. From nGeniusONE console click
Global Settings.
2. Click the Applications tab and select from the View drop-down menu an application area of interest (such as Enterprise or Service Provider). 3. Select one or more applications. Do not include informational nodes such as Well Known Apps in a group selection because informational nodes cannot be added to a group. The Associate Group button is disabled if you include an informational node in your group selection. 4. Click
Select monitoring options and select Associate Group.
5. Select the appropriate group. 6. Click OK then Apply to save your settings.
Associating Protocols with an Application Group Associating one or more protocols with an Application Group allows you to better understand the types of traffic flowing through your network. For example, you can group
693
nGeniusONE 5.4.1 Online Help Topics all web-related protocols and then view data for the group as a whole in the Application > Groups > Application screen. You can associate each protocol with only one group. Before you can associate a protocol with a user-defined application group, you must first create the group. To associate protocols with an application group: 1. From the nGeniusONE console, select
Global Settings.
2. Select the Applications tab and from the View drop-down menu, an area of interest, such as Enterprise. 3. Select a protocol. Shift-click or Ctrl-click to make multiple selections. Note: Do not include informational nodes such as Well Known Apps under TCP and UDP in a group selection. Informational nodes cannot be added to a group. The Associate Group option is disabled if you include an informational node in your group selection. 4. From the
Select monitoring options drop-down menu, click Associate Group.
5. Select the group you want to associate with the selected protocols and click OK. 6. Click Apply to save your configuration. The Task Progress Report displays, and in the Applications tab the group description displays in the Group column for the selected protocol.
Application Groups Groups Tab Application Groups Overview Associating Applications with a Group Icon
Description Add an application group Modify the selected application group Delete the selected application group Import application groups, Export application groups
/ /
/
Show/Reset/Hide the filter Refresh the display
Column
Description
Name
The display name for the group (ten character limit)
Description
A more lengthy group description
694
CONFIGURING AND MANAGING nGeniusONE
Associated Protocols
Group members. Members are added and removed in the Applications tab.
Additionally, right-clicking an entry in the list displays a Modify menu item to change settings and Delete menu item to remove the entry.
Modifying Application Groups You can add or change the description of a user-defined Application Group. The new description is propagated to all member applications. Note: To add or delete group members, modify the associated applications. To modify an Application Group name: 1. From the nGeniusONE console, click the
Global Settings icon.
2. Click the Groups > Applications tabs and select the group you want to modify. 3. Click
Modify the selected application group.
4. Edit the text in the Description field as needed. 5. Click OK. 6. Click Apply.
Add/Modify Application Groups Application groups are added or modified from Global Settings > Groups > Application. The application group Name and a short Descriptionare displayed in the Application screen. Parameter/Icon Name Description
Description Designation for the application group. Be sure to observe rules regarding special characters. More information about the Application Group. For example: Basic Link Services Click to Add an application group. Click to Modify the selected application group. Click to Delete the selected application group.
Application Group Add/Modify dialog box Name
Enter a designation for the application group. Application Group names cannot be modified. Note: Rules governing the use of special characters vary by function. In most cases, the user interface validates
695
nGeniusONE 5.4.1 Online Help Topics characters as you enter them, allowing some or all. Description
Enter a description for the application group.
Creating a File to Import Application Groups in nGeniusONE To define Application Groups efficiently and consistently, you can import Application Groups using two methods: • If importing from a same-version nGeniusONE Server, create an import file by exporting Application Groups from the other server. • If importing from a different-version nGeniusONE Server, use the procedure in this topic to manually create an import file. To create an import file: 1. Create a new file using a text editor. 2. Enter the required information using the following syntax (one entry per line): Syntax and Example Syntax Application_Group_Name: Application_Group_Description • One definition per line • Separate the Group Name and Description using a colon (:) Example Net_Mgmt: Network Management Services 3. Save the file with a .DAT extension. 4. After you import the file, associate it with applications.
Filtering Groups Global Managers installed in large enterprise environments can manage a multitude of applications and groups. To enhance convenience, you can filter the content of groups tabs by any column heading. Filtering is supported for all Groups subtabs. Be aware that when you filter applications, the
Search feature is turned off.
Note: Multiple criteria are ANDed. If you want to filter on different criteria, ensure that you reset the original filter or remove irrelevant criteria.
1. In the appropriate group tab (for example, in the Groups > Handset tab), click Show the filter
.
2. Enter the filter criterion in the appropriate text box. Text entries that contain the text you enter are returned. 3. To filter again, click Reset the filter
4. When you finish, click Hide the filter
696
and enter your new criteria.
.
CONFIGURING AND MANAGING nGeniusONE
Understanding Drilldowns for Parent/Child Protocols For protocols with children: Drilldowns and Packet Capture • To obtain packet data specific to the child, drill down on the child protocol (including Data Capture). • For example, concerning parent = HTTP and registered child = Google.com, if you are particularly interested in Google.com, drill down specifically on Google. • If you drill down on the parent HTTP protocol you will view all HTTP data with the exception of Google. VISA Data • Regarding the VISA protocol, do not drill down on the VISA parent ISO_8583. If you want to view packet data specific to one of the VISA children (for example, ISO_8583_0100) drill down on that child. Data for the other children will then be distributed to ISO_8583_Other. In summary, no packet data is available at the parent level for this protocol. ASR Data For ASR, you must drill down on the parent to view ASR data.
Setting the Slice Size in Global Settings You can specify slice size (recording) per application as follows: 1. From the nGeniusONE console, select the
Global Settings icon.
2. In the Applications tab, select the appropriate application. Shift-click, Ctrl-click, or click and drag to select multiple applications. 3. Right-click the application and select Slice Size. • Default — Apply default recording size (128 bytes). You can modify the default slice size a.
Navigate to each of the following properties files on the server: • client.properties (/rtm/html) • serverprivate.properties (/rtm/bin) • globalmanager.properties (/rtm/bin) — Global Manager and Dedicated Global Server only
b.
Create a backup copy of each file.
c.
Using a text editor, add the following property to each file:
deviceutil.slicesize= d.
Save and close each file.
e.
Restart the server. • Full — Capture the entire packet; no slice size applied
697
nGeniusONE 5.4.1 Online Help Topics • None — Do not capture packets • Full Optimized (AST) — Supported for HTTP, HTTPS, and other applications. NetScout's deep parsing of packet headers captures only control data to limit processing, discover who and where traffic is routed and whether errors ensued in delivery, and dispenses with unnecessary user data storage. These applications are among others with the Full Optimized Slice Size setting as a default value: • • Enterprise: AMEX, AS2805, DISCOVER, MasterCard, UNIONPAY, VISA, CITRIX, DICOM, FTP, HTTP, HTTPS, IBM_MQ, NFS_T, NFS_U, Oracle, POP3, SMB, SNTP, SNMP, and TFTP • Multimedia: Audio, Video • Custom — Enter a specific number and click OK. 4. Click Apply to save your changes. Notes: • NetScout provides deep parsing of packet headers for select applications. Examining only control data in decodes limits processing, discovers who and where traffic is routed and whether errors ensued in delivery, and dispenses with unnecessary data storage. These applications are among others with the Full Optimized Slice Size setting as a default value: • Enterprise: AMEX, AS2805, DISCOVER, MasterCard, UNIONPAY, VISA, CITRIX, DICOM, FTP, HTTP, HTTPS, IBM_MQ, NFS_T, NFS_U, Oracle, POP3, SMB, SNTP, SNMP, and TFTP • Multimedia: Audio, Video • Setting the Agent Utility change capture slice size command overrides the application slice size set in Global Settings. For example, if the interface 3 slice size is set to 128 bytes in InfiniStream and you make the application recording size "Full" in Global Settings, only 128 bytes are captured. • You can limit slice size for specific user accounts. • Mobile customers — For DHCP and DNS, the recording size setting must be set to Full to correctly correlate GSM Mobile sessions in the GPRS/UMTS Intelligence view. • Although you can you can set slice size settings for IuPS and S1AP children, the setting is applied to the parent applications (RANAP and S1AP respectively) only.
Monitoring Network Traffic in nGeniusONE - Overview To effectively monitor traffic flows on a network segment, you must configure Global Settings and templates, and then ensure that these settings are applied either globally or individually to devices and/or device interfaces. In addition, in some cases you must configure the probe directly by logging in to the Agent Configuration Utility. • Global Settings
698
CONFIGURING AND MANAGING nGeniusONE • Templates • Devices Global Settings Global Settings provide you with a central repository of the protocols that you can monitor, supporting system-wide configuration of application attributes such as Application Groups, KPI alarms and variables, error classification, ASRs, and packet Slice Size. For example, you can configure monitoring of hosts, conversations, and response time on an applicationby-application basis. On an Enterprise level, you can limit which subnets merit your attention and aggregate them through Client, Server, and VIP List communities. From the perspective of any undefined or inactive TCP/UDP/IP applications, you can label what would otherwise be generically lumped into the IP-OTHER category. This function lets you add these "discovered" protocols to your group of Well Known Applications judging by their volume on your network. At the MEL level, you can define and configure virtual interfaces - Locations - for host (Site), VLAN, VRF, and telephony (APN, Cell, PLMN) traffic types. Additionally, you can create groups for applications, QoS, and CompID (for financial applications) to more easily identify, classify, and monitor traffic. Lastly, you can choose which types of traffic you wish to display in nGeniusONE views based on your business: Enterprise, Service Provider, Financial, or Card Processing; configure SSL/TLS encryption/decryption; and fine tune thresholds for Voice/Video monitoring. Templates Templates give you the flexibility to define different monitoring, logging and alarm settings for each interface on a device. A default InfiniStream interface template is automatically applied to all interfaces when you add an InfiniStream to the nGeniusONE Server. The default template configures monitoring and logging of statistics for Protocols, Hosts, Conversations, and Response Time. Note that templates are configured in the UMC. Devices Refer to the appropriate hardware and agent administrator guides for details on required configurations. Additional configuration in the Agent Configuration Utility is required when monitoring certain protocols. For example, Global Settings includes a set of peer-to-peer applications. You must perform additional configurations in the InfiniStream to monitor these applications.
Enabling Applications for Monitoring in nGeniusONE To collect and log data about specific protocols flowing through a network segment, after adding them to the nGeniusONE database you can modify them in Global Settings for monitoring. To configure applications for monitoring: 1. From the nGeniusONE console, select the
Global Settings icon.
2. Select the Applications tab.
699
nGeniusONE 5.4.1 Online Help Topics 3. (Optional) Un-click Active only to view a list of all protocols (both active and inactive). By default, only active protocols display. You can return to only viewing active protocols by clicking Active Only. 4. If the protocol you want to enable for monitoring is Inactive, you must activate the protocol before you can continue. Optionally, you can Deactivate an already active application. 5. From the View drop-down menu, select the application suite of your choice: Enterprise, Service Provider, Service Enablers, Trade Order, Market Data Feed, Multimedia or Messages. 6. Select a protocol from the Applications list. To select multiple protocols do one of the following: click and drag, Shift-click or Ctrl-click. 7. Select the appropriate check box for the application or applications you want to monitor. Note that not every protocol is supported for every option. Note: If you prefer, right-click the protocol to make your selections from the dropdown menu and when done, click Apply: • Use Defaults — Allow return to the pre-defined settings for the selected application. The default state (enabled/disabled) for that protocol is restored for Servers, Client-Servers, and Response Time. Settings you modified in Responsiveness, KPI Alarm, and Slice Size are not restored to default settings except in the following case: If Response Time is disabled by default, clicking Use Defaults disables Response Time and restores the default settings in the dialog box. • Reset Default Short Name — Reset the application Short name to its original name if you changed the default value. • Associate Group — View applications associated with an Application Group. • Responsiveness — Set millisecond parameters in response time buckets (Responsiveness KPIs) for all Response Time-enabled applications. • KPI Alarm — Set alarms on Key Performance Indicators for tracking at both the physical and virtual interface level. • Error Classification — Label selected error codes as either Success, Information, or Failure (all error codes are classified as Failure by default) for display in nGeniusONE monitors. • MDF Configuration — Configure Market Data Feeds with customized settings. • Logged — Select the kind of data you want to log: Server, ClientServer, None, or Reserved. Host data can help you determine the type of traffic that is flowing in and out of each discovered host on a network segment; Conversation data helps you determine which host pairs are generating the most traffic on a network segment. Server and Client-Server default log settings Servers X
700
Client-Servers X
Logged All Conversations
CONFIGURING AND MANAGING nGeniusONE
X
—
Server IPs only
—
—
No conversations
—
X
Reserved
Response Time — Check box to Enable/Disable. Response time helps you detect network latency problems and poor application server performance.
•
• ASR (Adaptive Session Records). Check box to Enable/Disable. Note: If a dash "-" displays in the column rather than a check box, the protocol is either: • Not supported, OR • ASR monitoring is enabled for the protocol and cannot be disabled. Important: For nGenius Subscriber Intelligence (nSI), refer to the documentation sets for those products for complete information on how to configure the nGenius InfiniStream appliance. • Slice Size — Select Default, Full, Full Optimized, Custom, or None. Full Optimized is supported for select applications only. These applications are among others with the Full Optimized Slice Size setting as a default value: • Enterprise: AMEX, AS2805, DISCOVER, MasterCard, UNIONPAY, VISA, CITRIX, DICOM, FTP, HTTP, HTTPS, IBM_MQ, NFS_T, NFS_U, Oracle, POP3, SMB, SNTP, SNMP, and TFTP • Multimedia: Audio, Video 8. Click Apply.
Configuring Monitoring Options The Applications tab in Global Settings provides you with a listing of all applications available for monitoring. For each of these applications certain options must be enabled in order to collect useful data. These options can include enabling Response Time monitoring, enabling Adaptive Session Records (ASRs), and setting a Slice Size. Certain options are enabled for each application by default. You can accept the defaults or modify them as you prefer. • Default options are defined for the applications that ship with the product. If you prefer, you can modify the default settings for the provided applications. •
If the application you want to monitor is not listed in the Application tab, you can add it as a custom application.
• Only active applications are monitored. To make the list of applications more convenient to use, some applications ship in a deactivated state. You can activate these as necessary.
701
nGeniusONE 5.4.1 Online Help Topics • In a distributed environment, you manage application definitions on the Global Manager. Any changes you make are downloaded to all monitoring devices in the cluster. You must have Network Administrator privileges to perform this procedure. To enable applications for monitoring: 1. Access
Global Settings.
2. Click the Applications tab and the View menu of interest. The View drop-down menu displays all protocols that are active be default. If you uncheck the Active Only check box, both active and inactive protocols will display. Your choices from the drop-down menus are as follows: • Enterprise — Configure core and enterprise-type protocols related to network operations. • Service Provider — Configure mobile applications including: Mobility Control Plane, Mobility Data Plane, SMS, UMTS/GPRS Mobility and Session Management protocols such as GMM and SM, Radio Access protocols, Handovers protocols, GTPvx protocols, Policy protocols, IRAT protocols, CFSB and CFSB/UMTS protocols, CFSB/CDMA protocols. • Market Data Feed — Configure Market Data Feeds/MSG Platforms. • Trade Order — Configure Trade Order applications. • Service Enablers — Configure applications including: DNS, MSDNS_U, LDAP2 and LDAP1, LDAPSSL, RADIUS, Diameter, DiameterSCTP, and DHCP. • Multimedia — Configure Voice-Video Control applications including: SIP, SIPTCP, SIPS, MGCP, SCCP, RTCP, H323 RAS, Q931, H323-GAT, H245, MEGACO and MEGACO-S, RSVP3 and 2, Unistm (RUDP), RTSP_U, RSTP, RTP-VideoAudio, CRTP, MPEG2-TS, REALAUD, SKYPE, and MSB. • Messages to view pre-defined, auto-generated Messages. To view messages for every parent application (both active and inactive), unclick the Active Only check box. Optionally, you can modify the Short Name (and Reset the Default Short Name), and configure Responsiveness boundaries, KPI Variables, and KPI Error Codes. Messages can also be Activated/Deactivated. • Internet Categories to display URL group applications such as Astrology, Ads, Blogs, Classified and many other out-of-the-box classifications. 3. If the application you want to enable for monitoring is inactive, you must activate it before you can continue. 4. Select an application. Shift-click or Ctrl-click to make multiple selections. 5. Click the Select monitoring options button and select the option you want to enable or configure. Note that not every option is supported for every application. The options are as follows: • Use Defaults — Exercise extreme caution. Select and confirm to return certain settings (refer to following note) in the Applications tab to 702
CONFIGURING AND MANAGING nGeniusONE factory defaults. Important: The default state (enabled/disabled) for that application is restored for Servers, Client-Servers, and Response Time. Settings you modified for Responsiveness, KPI Alarm, and Recording size are not restored to default settings except in the following case: If Response Time is disabled by default, clicking Use Defaults > Apply disables Response Time and restores the default settings in the dialog box. • Reset Default Short Name - If you changed the default short name, this will reset it. • Associate Group — Launches a dialog box that allows you to associate the selected application with an Application Group. • Deactivate/Activate — Toggle to deactivate/activate the selected applications. • Responsiveness — Launches a dialog box that allows you to configure Response Time boundaries. Note: for RTP, this selection is Voice and Video Quality. • Days to Expiration (for Certificate only). Defines certificate traits for all child applications under TCP > HTTPS in Global Settings. Once enabled, the Certificate Service Monitor will display traffic for any certificates seen on the network over HTTPS. • KPI Alarm — Launches a dialog box that allows you to configure KPI monitoring and alarming, including setting Error Code thresholds and classifying error codes. • Error Classification — Selects error codes you want to suppress as Success or Information. Error codes marked as Success will not be logged; those marked as Information will be logged, but will not be treated as Failure; those marked as Failure will be logged and treated as Failure. • MDF Configuration — Configures customized settings for Market Data Feeds. • Logged — Allows you select the kind of data you want to log. You can select Client-Server and/or Server, None or Reserved. Logging Servers and Client-Servers Servers
Client-Servers
Logged
X
X
All Conversations
X
—
Server IPs only
—
—
No conversations
—
X
Reserved
• Response Time — Toggle to Enable/Disable. Response time helps you detect network latency problems and poor application server
703
nGeniusONE 5.4.1 Online Help Topics performance. If a dash "—" displays in the column rather than a check box, the Response Time for the application is not supported. • ASR (Adaptive Session Records) — Toggle to Enable/Disable. All protocols are disabled by default. Note: If a dash "—" displays in the column rather than a check box, ASR for the application is either: o Not supported, OR
o ASR monitoring is enabled for the application and cannot be disabled.
Important: You must be licensed for nGenius Subscriber Intelligence (nSI). Refer to the documentation sets for those products for complete information on how to configure the nGenius InfiniStream appliance. • Slice Size — Allows you to select one of the following: o Default — Apply default slice size (128 bytes). You can modify the default slice size a.
Navigate to each of the following properties files: client.properties (/rtm/html) serverprivate.properties (/rtm/bin) globalmanager.properties (/rtm/bin) — Global Manager and Dedicated Global Server only
b.
Create a backup copy of each file.
c.
Using a text editor, add the following property to each file:
deviceutil.slicesize= d.
Save and close each file.
e.
Restart the server. o
o
Full — Capture the entire packet; no slice size applied. None — Do not capture packets.
o Full Optimized (AST) — NetScout provides deep parsing of packet headers for select applications. Examining only control data in decodes limits processing, discovers who and where traffic is routed and whether errors ensued in delivery, and dispenses with unnecessary user data storage. These applications are among others with the Full Optimized Slice Size setting as a default value: - Enterprise: AMEX, AS2805, DISCOVER, MasterCard, UNIONPAY, VISA, CITRIX, DICOM, FTP, HTTP, HTTPS, IBM_MQ, NFS_T, NFS_U, Oracle, POP3, SMB, SNTP, SNMP, and TFTP - Multimedia: Audio, Video
704
CONFIGURING AND MANAGING nGeniusONE o
Custom — Enter a specific number of bytes.
7. Click OK to close any open dialog boxes. 8. Click Apply to save your configuration.
Response Time Alarms Overview You can track the responsiveness of your network by defining response time alarms. Responses are placed into one of six buckets that you define by identifying the boundaries for these buckets in the Global Settings > Applications tab. The boundaries you set are applied to all devices in a server cluster or on a standalone nGeniusONE Server. Response time alarms are triggered when the number of entries in the fifth bucket exceeds the number of entries defined in the responsiveness alarm template. An alarm is triggered in a single reporting period (15 minutes by default) as soon as this condition is met for up to five server-application pairs. To receive response time alarms, you must define the following: • Define boundaries for each application that you want to monitor for response time. • Define a response time alarm in a template. • Apply the template to individual probe interfaces.
Response Time Boundaries Five boundaries determine into which of six buckets a response is placed. For ASI data, three buckets are polled, for database flows, six buckets are polled. Ranges and boundaries also vary depending on the type of application being monitored, and fall into the following broad categories: • TCP-based protocols • IPPING-based protocols, Server-based applications, Citrix children, and extended applications • URLs • VoIP-RTP Jitter Note: • Boundaries define the high end of the range (for example, for the range 0 to <10 the boundary is 10). • Because a response time greater than that configured for bucket 5 falls into bucket 6, you do not need to define a boundary for bucket 6. • The following table displays default boundaries for several application types. (Default boundaries may vary. Select View > Edit Responsiveness to view defaults for a selected application.) • Note: Although boundaries are entered in milliseconds, they are converted to microseconds in monitor views displaying ASI data.
705
nGeniusONE 5.4.1 Online Help Topics
Bucket
Label*
Default Boundaries (Milliseconds) at Installation
1
Fast
MDF Apps: 0-5 Trading Apps: 0-1 Enterprise Apps: 0-50
2
Expected
MDF Apps: 6-25 Trading Apps: 2-5 Enterprise Apps: 51-200
3
Degraded
MDF Apps: 26-100 Trading Apps: 6-25 Enterprise Apps: 201-1000
4
Service Level
MDF Apps: 101-1000 Trading Apps: 26-100 Enterprise Apps: 1001-2000
5
Availability (High Jitter)
MDF Apps: 1001-10000 Trading Apps: 101-1000 Enterprise Apps: 2001-10000
6
Timeouts (Max Jitter)
Bucket 5 limit + 1ms
*Label displayed in Edit Response Time dialog box. For Voice and Video-RTP, buckets 5 and 6 represent (but are not labeled) High Jitter and Max Jitter. For appliances configured to support ASI analysis, the buckets mentioned above are mapped as follows: CDM Buckets
ASI Buckets
Bucket 1
Bucket 1
Bucket 2 Bucket 3 Bucket 4
Bucket 2
Bucket 3
Bucket 5 Note: Because the boundary represents the highest value for its respective bucket, values that exceed the Service Level boundary fall into bucket 5 (Availability-High Jitter) and those that exceed the Availability boundary fall into bucket 6 (Timeouts-Max Jitter). The boundaries you set for Service Level and Availability define the thresholds for KPI Responsiveness metrics and KPI Responsiveness Alarms.
Response Time Requirements To monitor and alarm on Response Time, you must meet the following requirements:
706
CONFIGURING AND MANAGING nGeniusONE • nGeniusONE Device — In the Agent Configuration utility: Software Options > Response Time Monitor is set to on (enabled by default) For detailed information on how to enable monitoring on the device, refer to the appropriate Agent Administrator Guide for CDM/ASI. • Applications o Enable the Response Time option for specific applications o (Optional) Modify Response Time boundaries, if required • Alarms — Configure Response Time alarms
Activating or Deactivating Applications The nGeniusONE server ships with a host of applications. With the introduction of Business Types, those Well Known Applications associated with the Business Type category or subcategory you select are automatically activated, while the remaining applications remain in a de-active state. Activating applications through Business Types is applied globally to all your InfiniStream appliances. If you choose not to activate protocols (and retain your existing configuration), only those applications that are active by default will be shown in the "Active Only" view. Inactivated protocols are still viewable in the “all” view. Optionally, you can deactivate applications you are no longer interested in monitoring and streamline your display. When an application is deactivated, it is no longer displayed. To view all applications, including those that are deactivated, un-select Active Only. You must be granted Network Administrator privileges to perform this procedure. Manually Activating/Deactivating Applications To activate or deactivate a application: 1. From the nGeniusONE console, select the
Global Settings icon.
2. Click the Applications tab. 3. If activating an application, un-select inactive applications.
Active Only to display both active and
4. Select the appropriate application. Shift-click, Ctrl-click, or click and drag to make multiple selections. The Activate/Deactivate option becomes enabled only when the selected applications are all active or all inactive. 5. Click Select monitoring options and select Activate or Deactivate as appropriate. Changes apply at the next polling interval. Note: If your display is set to show all applications, the deactivated application continues to be displayed but is grayed out. If your display is set to show only active protocols, deactivating an application causes it to disappear from the display. To reactivate the application, un-click Active Only to locate the deactivated application (which will be grayed out). 6. Click Apply to save your change.
707
nGeniusONE 5.4.1 Online Help Topics Note: • Deactivating a parent node deactivates all of the children of that node. • When you activate a parent node, you can elect to activate all protocols under the parent node or to activate the parent node only.
Extending Ports for Well Known Apps Default ports are defined for well-known applications. For example, HTTP is typically defined to run on port 80, so HTTP is assigned port 80. However, your environment may be configured to run HTTP traffic on additional ports, for example on port 8080. nGenius InfiniStream supports up to 64 additional ports or 32 ports if containing a range for all well-known applications. A range is considered one port towards the maximum number of ports allowed. Managing the Display of Monitoring Port Numbers Monitoring port numbers exhibit the following attributes under the Applications lists available from the Applications tab in Global Settings. • To accommodate custom ports in the Port column space, all configured ports will appear when you hover your mouse over them. • Some standard protocols such as IP do not have a monitoring port and as such, will not display a port number in the column. For example, the CDM port 2048 for IP is no longer displayed. • Standard Well Known Apps whose CDM port numbers were previously displayed are no longer shown. Monitoring ports you add will be displayed in the column. For example, the EMAPI CDM port number 55038 will not be displayed. • Internally-assigned CDM ports are no longer displayed by default but, optionally, you can display the port number of your choice by adding one of the following properties to the /rtm/bin/serverprivate.properties file: o Display non-CDM and Additional ports created (default): globalsettings.portType=NonCDM,AdditionalPort o Display non-CDM, CDM, and Additional ports created: globalsettings.portType=all,AdditionalPort o
o
Display both CDM and non-CDM ports: globalsettings.portType=all Display only non-CDM ports: globalsettings.portType=NonCDM
Important: Additional ports are not permitted for applications with URLs, such as HTTP. To add ports for well-known applications: 1. From the nGeniusONE console, select the
Global Settings icon.
2. From the Applications tab, select the application list of interest, such as Enterprise or Service Provider. 3. Locate the set of Well Known Apps, and expand the set. 4. Select the application you would like to modify. 5. Click
708
Modify Application.
CONFIGURING AND MANAGING nGeniusONE 6. In the Additional Port field add up to 64 additional port numbers for well-known application traffic running on other ports (for example, 8080 or 2039). Entries must be separated by commas (no spaces). Duplicate port numbers are not allowed under the same parent (TCP, UDP, or SCTP). 7. Click OK. 8. Click Apply to save your changes.
Using TCP Ping TCP Ping can be configured to measure response times out to and back from a host over TCP port 12777 or any closed TCP port. The metrics received are reported in microseconds. Using TCP Ping, a TCP-oriented alternative to ICMP Ping, is particularly useful in circumstances where a remote host has blocked incoming ICMP traffic. After attempting a TCP connection to the host, even if the link is refused, a reset (RST) message will be returned, thus verifying the host's presence. This feature can be configured on any well-known application using port 12777 plus any other TCP port except for well-known ports. Configuration 1. Add those ports you want to monitor with TCPPING in the tcpping_ports.cfg file in the /opt/NetScout/rtm/config/ directory of the InfiniStream appliance. 2. Use the Agent Configuration Utility on the InfiniStream appliance to configure the set tcpping_ports load command. 3. Click
Global Settings > Applications.
4. Select Enterprise from the View drop-down menu and navigate to the TCP child node of your choice. 5. Click
Add Application.
6. Enter appropriate parameters in the dialog box as shown below, adding any other ports to monitor in the Additional Port field.
709
nGeniusONE 5.4.1 Online Help Topics
7. Click OK and Apply to save your settings.
Forwarding SNMP Traps in nGeniusONE Forwarded SNMP traps gathered by a probe are available to be forwarded directly to devices (and Config Server). Users granted Network Administrator privileges can forward alarm messages to a maximum of four (typically third-party) destination servers in a distributed or stand-alone environment. When an alarm condition occurs, the monitoring device sends an alarm notification message to the Config Server and any additional servers you specified. Support is provided for devices with IPv4 or IPv6 addresses. Forwarding SNMP Traps to a nGeniusONE Global Manager Users can forward all NetScout SNMP traps from InfiniStream appliances, nVVMs, and Local Servers to a Dedicated Global Manager and on to the destination. This feature is not supported for Standalone nGeniusONE servers. This allows for forwarding all traps from a distributed nGeniusONE installation from one source. To forward traps to a Global Manager: Set the following argument in the NetScout\rtm\bin\serverprivate.properties file: alarmForwardService.forwardDeviceAlarms=true alarmForward.trapDestination=xxx.xxx.xxx.xxx where xxx.xxx.xxx.xxx is the IP address of the Global Manager. To forward traps from a Dedicated Global Manager to a third-party management product:
710
CONFIGURING AND MANAGING nGeniusONE Set the following properties in NetScout\rtm\bin\ngeniusnative.properties: AlarmListener.gmListener=true AlarmListener.localServerList=xxxx,yyyy,… where xxxx and yyyy are the list of Local servers AlarmListener.forwardAddress=xxx.xxx.xxx.xxx where xxx.xxx.xxx.xxx is the IP address of the third-party product. To forward traps from a Global Manager that has a local running on the same server: Set the following argument in the NetScout\rtm\bin\serverprivate.properties file: alarmForwardService.forwardDeviceAlarms=true alarmForward.trapDestination=xxx.xxx.xxx.xxx where xxx.xxx.xxx.xxx is the IP address of the third-party product. Set the following properties in NetScout\rtm\bin\ngeniusnative.properties: AlarmListener.gmListener=true AlarmListener.localServerList=xxxx,yyyy,… where xxxx and yyyy are the list of Local servers (not including the local running on the same server) AlarmListener.forwardAddress=xxx.xxx.xxx.xxx where xxx.xxx.xxx.xxx is the IP address of the third-party product. Forwarding Alarms Formatted as SNMPv3 Traps Users can forward alarms formatted as SNMPv3 traps using either MD5 or SHA-1 authorization protocols and DES, 3DES, and AES privacy protocols. Using the snmpv3userconfig.bat or snmpv3userconfig.sh script, you can write to a file the server's authentication protocol and password, and privacy password. The script resides in the NetScout/rtm/tools directory. The script syntax is as follows: snmpv3userconfig.sh | .bat Enable this feature by adding the following property to the /rtm/bin/serverprivate.properties file: serverBasedAlarmSNMPVersion=SNMPv3 Trap Configuration on nGeniusONE Note: If you prefer, you can configure a Local Server to override the defined destinations and send alarms to another server. For example, you might want to configure a local Network Node Manager server to receive alarms from a specific Local Server. (All other Local Servers in the distributed cluster continue to forward alarms to the defined destinations.) In addition to adding or modifying actions, you can also delete one or more IP addresses by selecting them, clicking Delete and OK twice. To add or modify an SNMP Trap in nGeniusONE: 1. From the nGeniusONE console, click
Global Settings.
711
nGeniusONE 5.4.1 Online Help Topics 2. Select the Applications tab. 3. Click
SNMP Trap Listeners Configuration.
4. Click
Add Address.
5. Enter an IPv4 or IPv6 Address and click OK. If you want to enter additional addresses, click Apply and, when finished, OK. The IP address of the device displays in the IP Address field of the dialog box. 6. Click OK again to commit the change. To modify an SNMP Trap: 1. Click
SNMP Trap Listeners Configuration.
2. Select the IP address of an SNMP Trap Listener. 3. Click Modify Address
.
4. Edit the IP Address and click OK. If you want to revise additional addresses, click Apply and, when finished, OK. The revised IP address of the device displays in the IP Address field of the dialog box. 5. Click OK again to commit the change. Note: • If the nGeniusONE Server (Global Manager or standalone nGeniusONE Server) is using two NICs (and therefore contains two IP addresses), you must add the second IP address to ensure that the Alarm Viewer displays Power Alarms.
Configuring the Certificate App The Certificate application defines certificate traits for all child applications under TCP > HTTPS in Global Settings > Applications. Once configured, the application will supply the Certificate Monitor with information about any certificates seen on the network over HTTPS. This automatic tracking of SSL certificates and awareness of their expiration dates well ahead of time is a valuable and efficient tool to avoid expirations and subsequent negative impact on business services. Because Certificate is a special protocol that does not conform to typical application configuration, consider the following attributes. Supported Attributes • Activate/Deactivate. Certificate is enabled by default •
Modify
• Long name (SSL Certificate by default), Application Tag, and Associate Group (Security/Authentication Applications by default) • Messages can be Activated or Deactivated, the Short name modified, and the Reset Default Short Name effected. All other Message options are disabled. • Days to Expiration replaces the Responsiveness option in the drop-down menu. This option uses Response Time buckets 1 and 3 only for uploading to the
712
CONFIGURING AND MANAGING nGeniusONE InfiniStream appliance. The default Critical setting of 30 days and Warning setting of 60 days indicate any interval between 60 and 31 days of expiration displays amber status in the console view and any interval of less than 30 days to expiration reflects red status. Any interval greater than 61 days displays green status. nscertutil Tool to Manage Certificates nGeniusONE provides a tool, nscertutil, to manage certificates on the nGeniusONE server. For more information, click here. Configuring Days to Expiration To configure the Days to Expiration attribute, enable the Certificate application, check My Network addresses/subnets, and view certificate metrics in the Certificate Monitor: 1. Successively click the
Global Settings icon, and Applications tab.
2. Expand TCP > Well Known Apps groups and right-click Certificate. 3. Click the Days to Expiration option, as shown below, from the drop-down menu.
4. Enter Warning and Critical values corresponding to those configured in Response Time buckets 1 and 3, respectively, (or retain the default intervals shown) and click OK. 5. Click Activate from the drop-down menu, and set any other configurable option. 6. Click OK and Apply to save your configuration to the database. 7. Click the My Network tab to ensure the list of configured addresses or subnets includes addresses of servers hosting certificates to be tracked. Add any addresses or subnets as required. Note that private network addresses are supported for certificate classification. 8. Open the Certificate Monitor to display metrics, including Warning and Critical counts, for configured entries, as shown below.
713
nGeniusONE 5.4.1 Online Help Topics
Using Internet Categories Grouping Internet Categories The Internet Categories view in the Applications screen displays URL group applications such as Astrology, Ads, Blogs, Classified and many other out-of-the-box Web classifications to gauge traffic usage in a more granular fashion than viewing just HTTP or DNS traffic volumes. Familiar Web sites such as google.com and cnn.com could be classified under Search and News domains, respectively. These myriad groups comprise an application which is fixed and cannot be modified. Total traffic volume, total number of packets, and utilization percentage statistics are displayed per interface in the Traffic Monitor as well as Traffic Distribution by Location and Application and Link Usage Over Time graphical views. Knowing the type of traffic your employees are generating can be useful proactively for capacity planning or reactively for determining adherence to corporate IT policy. For instance, this functionality can tell you if that new third-party health Website is gaining traction and requires more bandwidth on your network or your employees are inappropriately visiting gambling websites. Collecting anything more than flow data from servers external to your network is beyond your control so responsiveness metrics are not collected. Also, each group constitutes
714
CONFIGURING AND MANAGING nGeniusONE multiple sessions – their corresponding data cannot be tracked per session and are not meaningful in aggregate. The Internet Categories screen displays URL group applications alphabetically and their slice size (Full Optimized). Entries are represented by an icon — — in the Name column. These applications are among others with the Full Optimized Slice Size setting as a default value: • Enterprise: AMEX, AS2805, DISCOVER, MasterCard, UNIONPAY, VISA, CITRIX, DICOM, FTP, HTTP, HTTPS, IBM_MQ, NFS_T, NFS_U, Oracle, POP3, SMB, SNTP, SNMP, and TFTP • Multimedia: Audio, Video This feature is mainly view-only but provides three options. You can: • Activate or deactivate all Internet Categories entries by clicking the Activate/Deactivate All button on the tool bar. Activation/deactivation by individual entry is not supported. • Associate one or more categories with an Application Group. • Modify the Slice Size per classification. Default: Full Optimized (AST). None or Full Optimized slice size options are the two choices most applicable to this feature: either turn the feature off entirely or select the minimal default Full Optimized slice size of 2047 required to most efficiently classify the packet type. When finished revising the slice size, click Apply. •
Filter the category by its Name or Slice Size.
Configuration on the InfiniStream This feature is on by default but can be disabled on the InfiniStream. Also, you can change the lookup database capacity which is set automatically based on the memory capacity of your InfiniStream appliance. Click here for more information.
715
nGeniusONE 5.4.1 Online Help Topics
Monitoring Mobile Protocols Monitoring Mobile Applications — Overview The nGeniusONE software provides you with an extensive list of mobile applications. To optimize convenience, you can view mobile applications by selecting the appropriate choices in the View menu of the Applications tab. Changes made in one view are automatically reflected in the other. Several mobile applications support extension applications. Mobile protocols are available in Service Provider, Service Enablers and Multimedia tabs. You can view mobile application data in the Service Monitors. In addition, you can configure supported nGenius InfiniStream appliances to track mobile data applications on GSM (Gb, Gn, Gi, IuPs), CDMA2000 (R-P, P-H, Pi) and LTE (S1-MME, S1-U, S11, S6a, and SGi) links using ASR call records. For more details, refer to the Service Provider Deployment Essentials document for each link type. You must configure supported nGenius InfiniStream appliances to monitor mobile interfaces and protocols in the CDM/ASI Agent Configuration Utility. Refer to your nGenius Subscriber Intelligence and CDM/ASI documentation for complete information, including supported versions, device configurations required to monitor specific protocols, and drill-down support. Notes: • Most mobile protocols support KPIs at both the physical and virtual level. • Refer to CDM documentation for information on how to configure traffic from mobile links: o
o
Automatically configure traffic from mobile links Configure traffic for individual link types
You can also configure traffic for individual link types: • GPRS interfaces
• LTE interfaces
o LA-RA virtuals on IuPS
o S11 (TAC)
o Gb
o S1-MME
o Gn
o SGi
o Gi • CDMA2K interfaces o R-P (BSID) o P-H o Pi o BSID o
Configuring HTTP Mode (MMS)
• The RTP application setting is used to report and alarm on Voice and Video QoE and Voice and Video quality. RTP data is not explicitly monitored; therefore, you cannot
716
CONFIGURING AND MANAGING nGeniusONE add child applications for it. To detect RTP as an application ensure that Mobile tab > Multimedia > Audio and/or Video are enabled.
Enabling ASR Monitoring in nGeniusONE You can enable Adaptive Session Records (ASR) monitoring in nGeniusONE for all devices by configuring and applying a template in Device Protocol Settings (UMC). If you prefer, you can enable ASR monitoring by specific devices, as described below. Note: ASRs are also referred to as "xDRs." The terms are interchangeable – you may see both used in product interfaces. Configuration To enable ASR monitoring by particular supported devices: 1. From the nGeniusONE console, click the device.
Global Settings icon on the selected
2. Click the Applications tab. 3. Select one or more applications. 4. Display the
Select monitoring options menu and select ASR > Enable.
Note: If a dash "-" displays in the ASR column, the application is either: 1. • Not supported or • The application may be a child of a parent application for which ASR monitoring is supported. Child applications are often part of what is collected for the structure of an ASR, but are not individually collected. Important: When creating a child application, the ASR setting is off by default. 5. Click Apply to save your settings. These settings are propagated to all supported devices known to the server. Note: For custom ASR applications only, you must manually enable ASR. Doing so automatically enables the Response Time check box on nGeniusONE servers. Manually enabling Response Time is still required on devices with pre-5.1.1 patch release software and if you do not enable Response Time on these devices, ASR data will not be retrieved. In general, un-selecting an ASR check box will not automatically un-select Response Time and if both check boxes are selected, un-checking Response Time will not uncheck the ASR. Other information: • New InfiniStream installations support ASR applications automatically and ASR check boxes on nGeniusONE servers are automatically checked. • InfiniStream upgrades provide support for ASR applications. Upgrades on pre-5.1.1 patch release InfiniStreams must still be manually enabled for ASR applications.
717
nGeniusONE 5.4.1 Online Help Topics • Session Analysis drill-downs are supported for ASR applications. • Application imports support the collection of ASR data. • ASR is not supported for MDF applications.
ASR Monitoring in nGeniusONE — Overview Adaptive Session Records (ASRs) store session-level metadata for transactions observed using supported protocols – for example, an HTTP session or an Email exchange. Adaptive Session Records combine statistics for entire sessions, providing end-to-end transaction metrics, including: • Source/Destination Identifiers • Session start/end times • Latency metrics, success/failure codes, and error messages • Application-specific metrics for supported protocols Enhanced ASR Support All TCP/UDP and SCTP parent applications and user-created custom applications with the exception of Active Agent, Peer-to-Peer, and a few other protocols support "ASR applications". This support of deep-parsing ASRs at the child application level for protocols such as HTTP, Oracle, AMEX, VISA, SIP, DNS, DHCP and others provides a more granular collection of session-level metrics. For example, you can monitor a wide array of data for standard card processing, web, and multi-media protocols as well as custom applications. Note: Child ASR applications you create retain the same default ASR setting as their parents. Also, Response Time settings are automatically enabled when ASR is enabled. Manually enabling Response Time is still required on devices with pre-5.1.1 patch release software and if you do not enable Response Time on these devices, ASR data will not be retrieved. In general, un-selecting an ASR check box will not automatically un-select Response Time and if both check boxes are selected, un-checking Response Time will not un-check the ASR. Other changes: • New InfiniStream installations support ASR applications automatically and ASR check boxes on nGenius servers are automatically checked. • InfiniStream upgrades provide support for ASR applications. Upgrades on pre-5.1.1 patch release InfiniStreams must still be manually enabled for ASR applications. • Session Analysis drill downs are supported for ASR applications. • Application imports support the collection of ASR data. • ASRs are not supported for MDF applications. Enabling ASRs For those applications that require manual ASR enabling, configure ASRs for supported applications on the nGeniusONE Server. You must also configure the nGenius InfiniStream appliances monitoring your network as follows:
718
CONFIGURING AND MANAGING nGeniusONE • Toggle enable xDRs • Specify the traffic type Requirements To monitor and view ASRs your system must be licensed for an application that displays session results, such as: • nGenius Subscriber Intelligence (nSI) • nGeniusONE Service Monitors
Monitoring NSIP Applications Network Service over IP (NSIP) is the Network Service used on the Base Station System (BSS) serving the GPRS Support Node (SGSN) Gb interface. NSIP provides network services to the BSSGP (Base Station System GPRS) entity. To monitor NSIP applications, do the following: • Configure monitoring and, optionally, decryption for Gb links on a supported data source • Activate the applications, using the following procedure: 1. From the nGeniusONE Console, click
Global Settings.
2. Click the Applications tab. 3. Select the Service Provider option from the View drop-down menu. 4. Navigate to and expand the NSIP node. 5. By default, when the Service Provider menu is enabled, the NSIP parent and child applications are activated. However, Response Time and ASRs are not enabled for all the child applications. Review the list of child applications and enable these check boxes for NSIP applications in your environment. 6. (Optional) Customize monitoring options such as Responsiveness and KPI Alarms. Refer to Configuring Monitoring options for detailed instructions. 7. (Optional: Configure port ranges). In some cases, your NSIP configuration may require a broad range of ports be configured for NSIP monitoring. The following options for address this: • Recommended: Configure a protocol template and apply it only to the specific InfiniStream appliances that are intended to monitor NSIP. This ensures that the custom port range is only pushed to those appliances and not the others managed by the same nGeniusONE Server. Protocol templates can be created in the Device Protocol Settings feature in Performance Manager (UMC). • Not Recommended: Configure range across all appliances monitored by this server (not optimal as it limits ports available or required for other applications). Select the NSIP parent application and click Modify. In the Additional Ports field, enter a port range (for NSIP, typically the range is 30000 to 65000). You must enter at least one port range in addition to the default port of 52400 and can configure up to a total of five port ranges. If your port range overlaps with applications that utilize these ports, you may
719
nGeniusONE 5.4.1 Online Help Topics have unexpected results when performing a decode. To workaround that, use the Decode As feature to force the decode on the expected application.
Monitoring MMS Multimedia Messaging Service (MMS) is an application used to send multimedia content such as graphics, photos, audio and video clips, or a combination of the above from mobile phones to other mobile phones or email accounts. It extends the SMS (Short Message Service) application, used for text messaging capability. The following MMS message types are supported for monitoring and alarming on Responsiveness and Application Level KPIs (including application error codes): • m-send (MMS Send) • m-retrieve (MMS Retrieve) • m-forward (MMS Forward) Note: Certain applications have a customized means of computing response time. Since this application has unique packet types for the request/response, use the following as a guide for how NetScout computes response time for these messages: • MMS Send — Response time is calculated by matching the transaction-id found in the "M-send-req" with the corresponding "M-send-conf" message PDU. The status field "X-Mms_Response-Status" is used to classify the response as a success for failure for QoE and KPI reporting. • MMS Forward — Response time is calculated by matching the transaction-id found in the "M-forward-req" with the corresponding "M-forward-conf" message PDU. The status field "X-Mms-Response-Status", found in the "M-forward-conf" PDU, is used to classify the response as a success or failure for QoE and KPI reporting. • MMS Retrieve — Response time is calculated as the elapsed time between detection of the HTTP Get request to detection of the HTTP Status packet. The status field "XMms-Retrieve-Status", found in the "M-retrieve-conf" PDU residing in the HTTP status packet, is used to classify the response as success or failure for QoE and KPI reporting. • If a failure occurs at the MMSC server (such as server unavailability), the response for the MMS transaction does not contain the MMS response header. In that case, the transaction is identified as a failure, with an error code set to an applicable HTTP Error (such as 4XX or 5XX errors). For more details on KPIs and KPI Errors, refer to Key Performance Indicators Overview in nGeniusONE. For guidance configuring monitoring of MMS, refer to Configuring MMS Monitoring.
Configuring MMS Monitoring Use this procedure to configure monitoring of Multimedia Messaging Service (MMS) over HTTP. Required steps include switching the HTTP mode on monitoring devices from monitoring URL only to also include MMS, and to add the MMSC (Multimedia Messaging Service Center) servers to Global Settings. 1. Enable appliances to also classify MMS over HTTP.
720
CONFIGURING AND MANAGING nGeniusONE
2. From the nGeniusONE console, select
Global Settings.
3. Click the Applications tab. 4. From the View drop-down menu, select Enterprise and navigate to TCP > Well Known Apps > HTTP. 5. Verify that HTTP is enabled for
Response Time monitoring.
6. Add MMSC servers that will evaluated for URLs as well as MMS: Note: MMS classification is only performed on flows for which the Server IP address matches the MMSC subnet defined here. If no MMSC subnet is defined, flows are considered for URL classification only. a. With the HTTP application selected, click server as a child of HTTP.
Add Application to add the
b. In the Add Application dialog, use the following syntax: Address: , , where is either m-send, m-receive or m-forward, followed by a comma and is an IPv4 or IPv6 address with or without a subnet mask. Up to 5 comma-delimited addresses can be added per message. Short Name: Use a descriptive value that matches the message type, such as MMS Send Application Type: URL Application For example:
c. Click OK. d. Repeat this step for each of the three messages (m-send, m-receive, and mforward).
721
nGeniusONE 5.4.1 Online Help Topics 7. Click Apply to save your changes.
Monitoring H.323 RAS H.323 endpoints use the RAS application to communicate with and among Gatekeepers. H.323 RAS ships in a deactivated state. To monitor the RAS application, you must first activate it and then enter the appropriate GateKeeper IP addresses. You must enter appropriate GateKeeper IP addresses to: • Define RAS child applications for H.323 traffic for which RAS GateKeeper IPs are not defined • Generate Response Time and KPIs for parent RAS traffic To monitor H.323 RAS: Global Settings icon.
1. From the nGeniusONE console, select the
2. Click the Applications tab and select Multimedia from the View drop-down list. 3. Ensure the
Active only check box next to the view menu is unchecked.
4. If not already activated, navigate to H323 RAS and right-click on it, then select the menu option for Activate. 5. Ensure that H.323 RAS is enabled for the appropriate monitoring options. 6. In the Param field, enter a minimum of 1 and a maximum of 16 comma-separated Gatekeeper IP addresses. 7. Click OK and Apply to save your changes. 8. (Optional) Select H323 RAS (parent level) and click configure as a child SBA.
Add Application to
Note: H.323 RAS is supported for KPIs. Because H.323 RAS is a UDP application the KPI dialog box displays Packet Loss rather than Retransmits.
Monitoring S102 Applications in nGeniusONE Monitoring S102 applications is supported for nGenius InfiniStream v5.0 and higher. To monitor S102 applications, perform the following procedure: 1. From the nGeniusONE console, select
Global Settings.
2. Click the Applications tab. 3. Select the Service Provider view drop-down menu. 4. Ensure the Active Only check box is disabled. This will display both active and inactive applications. 5. Expand the Mobility Control Plan node and
search for S102.
6. If not already activated, right-click the application and click Activate from the dropdown menu. 7. Configure monitoring options.
722
CONFIGURING AND MANAGING nGeniusONE 8. (Optional) Modify Responsiveness boundaries and KPI variables for S102 extensions. Responsiveness and Application Level Errors are reported for S102 children. 9. Click OK and Reply to save your configuration.
Creating MSISDN and IMSI Phone Number Files To configure monitoring of MSISDN (International Mobile Subscriber Identity) and IMSI (International Mobile Subscriber Identity) phone numbers, create a text file containing the appropriate numbers and save the file to the /rtm/bin directory. After you configure monitoring, you can view your data in host and conversation views and reports. The 12-digit MSISDN number or 15-digit IMSI numbers display in the Server Monitor drill down to Session Analysis.
Call
To configure the text file: 1. Using a text editor, create a file and enter the appropriate numbers using the following formats. You can enter both MSISDN and IMSI numbers in the same file: MSISDN — ,,+ Definitions • A or I = Active or Inactive Note: Do not remove entries from this file. If an entry is no longer needed, make it inactive by changing the first field to I. • ID = Numbers are sequential, for each entry in the list. • MSISDN — Precede with a plus (+) sign. Example A,1,+491720400305 Note: Incorrectly formatted entries are ignored. IMSI — , Definitions 1. • A or I = Active or Inactive Note: Do not remove entries from this file. If an entry is no longer needed, make it inactive by changing the first field to I. • ID = Numbers are sequential, for each entry in the list. • IMSI — Must be 15 digits (use leading zeroes if your number is not 15 digits). Example A,3,000491720400305 Note: Incorrectly formatted entries are ignored.
723
nGeniusONE 5.4.1 Online Help Topics 2. Save the file: /rtm/bin/msisdn.txt The numbers are downloaded under the following circumstances: • Server startup • Device reboot • During manual relearn of the device when entries in the msisdn.txt file do not match what is on the device • When the device is added Note: To modify the maximum number of MSISDN and IMSI numbers you can download, add the device.msisdnNameEntryLimit property to the serverprivate.properties file (located at /rtm/bin). • Default — 50 • Maximum — 1000 This setting overrides the range of 50-65535 that can be set on the data source. Masking Phone Numbers in Packet Analysis You can mask certain user-identifiable digits of MSISDN/ISMI phone numbers in the Packet Analysis module by disabling the View User Identity privilege in Server Management > Users > Roles. Conversely, you can view all user identifiable information by enabling the View Identity privilege depending on the user role. Click here for more information.
Radio Access Technology (RAT) Type in nGeniusONE Radio Access Technology (RAT) is a component of mobile telecommunications used to implement a Radio Access Network (RAN). NetScout probes monitor Diameter traffic over RANs and display metrics identifying RAT Types serving wireless-connected User Equipment (UE) - hosts - such as mobile phones (handsets), computers or any device remotely connected to the core network. RAT Type Changes which occur to these devices on the network are also monitored and displayed in nGeniusONE monitors. In addition to RAT Type support for Diameter (control plane) traffic, tracking RAT Types for data plane protocols over GTPv1, GTPv2 and PMIPv6 on Gn, S11, S5/S8, and S2a interfaces is also provided. Site_APN virtuals are supported for RAT Type data. NetScout-supported RAT Types which may appear as location keys in the Service Monitors are listed here. • RAT-UNDEFINED (0) • RAT_WLAN (1) — Wireless LAN • RAT_UTRAN (2) — Universal Terrestrial Radio Access Network, the radio technology used between mobile terminals and the base stations of 3GPPTM systems • RAT_GERAN (3) — GSM EDGE Radio Access Network, joins the base stations (the Ater and Abis interfaces) and the base station controllers (A interfaces, etc.) The network represents the core of a GSM network, through which phone calls and packet data are routed from and to the PSTN and Internet to and from subscriber handsets. A mobile phone operator's network comprises one or more GERANs, coupled with UTRANs in the case of a UMTS/GSM network.
724
CONFIGURING AND MANAGING nGeniusONE • RAT_GAN (4) — Generic Access Network, most commonly used to hand over connections between wireless LANs and WANs using a GSM/Wi-Fi dual mode mobile phone • RAT_HSPA_EV (5) — High Speed Packet Access • RAT_EUTRAN (6) — the air interface of 3GPP's Long Term Evolution (LTE) upgrade path for mobile networks • RAT_CDMA2K_1X (7) — Code Division Multiple Access 2000 - a 3G, spread-spectrum technology • RAT_HRPD (8) — High Rate Packet Data, a high-speed CDMA-based wireless data technology • RAT_UMB (9) — Ultra-Mobile Broadband, the brand name for 3GPP2 technology in North America • RAT_EHRPD (10) — a bridge between CDMA and LTE that allows CDMA towers to pass over packets to the LTE network • RAT_VIRTUAL (1) — unknown RAT • RAT_PPP • RAT_8023 • RAT_80211 • RAT_80216 • RAT_RTT Note: RAT Types 0-1 are generic RAT Types that can apply to different IP-CAN types and is not IP-CAN specific, RAT Types 2-6 are 3GPP-specific RAT Types, and RAT Types 7-10 are 3GPP2-specific RAT Types. Configuring RAT Type Views To configure RAT Type views on the nGeniusONE: 1. Click
Remote Login to an InfiniStream appliance.
2. Select: set rat_chg_tracking=on 3. If you want to display handset information, you must enable the virtual interface as SITE or SITE-QOS.
725
nGeniusONE 5.4.1 Online Help Topics
Monitoring Financial Protocols Monitoring Trade Order Applications and Market Data Feeds The nGeniusONE software provides you with an extensive list of Trade Order and Market Data application definitions. The Global Settings menu includes the following lists: • Market Data Feeds — The Market Data Feeds node includes, by default, a list of stack types (for example, NASDAQ ITCH 2.0). Many stacks contain pre-packaged feeds, which are inactive by default. You can selectively activate any number of feeds or add new feeds as required. • Trade Order — Under the Trade Order node you can enable and configure monitoring of DirectEdge, FIX, TSX STAMP, OUCH-32 and 4.x protocols. Messages You can view messages for financial applications such as OUCH and FIX by selecting the Messages drop-down option in the view menu. Also, you can activate/deactivate all new messages and configure Responsiveness and KPI Variables to generate alarms.
Monitoring Market Data Feeds Monitoring Market Data Feeds in nGeniusONE — Overview The Market Data Feeds (MDF) list in the Applications screen displays a clearly defined hierarchy of MDFs, as follows: • Market — such as NYSE. This information node indicates the exchange where the product is available. • Product — such as NYSE BBO. This out-of-the-box configuration node identifies a specific MDF offering and is the new platform to apply customization in Global Settings > Applications. Customization can no longer be set on feeds. • Feed — such as NYSE_BBO_Line_A_SVM_A-C. This node, which consists of an IP Address and port pair), is also known as "the channel". It is configurable as a child of the Product node using the Add Application button. This flexible, three-tiered schema better supports the fast changing, dynamic nature of market exchanges and their need to add and delete feed definitions in support of new products. NetScout's display aligns with how the financial exchanges sell their products and, as such, is more easily understood. Market Data Feed information is displayed in the
MDF Monitor.
Command to Bulk Import MDFs You can use the following command to import multiple MDFs: addMDFfeeds You must run the command in the following directory: /opt/NetScout/rtm/cla
726
CONFIGURING AND MANAGING nGeniusONE Depending on whether the server uses LINUX or Windows, refer to the following examples: Linux PM example: ./addMDFfeeds a netscout1 nsdqfeed81.txt ./addMDFfeeds a netscout1 nysefeed81.txt ./addMDFfeeds a netscout1 siacfeed.txt Windows PM example (DOS console): addMDFfeeds a netscout1 nsdqfeed81.txt addMDFfeeds a netscout1 nysefeed81.txt addMDFfeeds a netscout1 siacfeed.txt Legacy MDFs To accommodate custom MDFs added before the v5.3 release, these MDFs will reside in the Previously Configured category under Market. For migrations to v5.3, only those MDF nodes (and their children) that are active and have defined feeds will be saved. All others will be removed from Global Settings. Note: Legacy MDFs will not reflect the updated hierarchy. Many MDF products — formerly known as stack types (for example, NASDAQ ITCH 2.0) — contain pre-packaged feeds which are inactive by default. You can selectively activate any number of feeds or add new feeds as required. Before you begin monitoring, you must ensure that the Extended FIS option is enabled in the InfiniStream Agent Configuration Utility. (The option is on by default.) After you ensure monitoring is enabled on the data source you can do the following: • Activate and configure pre-packaged feeds • Add a new feed • Add new feeds in bulk with CLA command • Modify an existing feed • View and configure messages Configuring a Market Data Feed in nGeniusONE Use this procedure to configure pre-packaged feeds. You can also add additional feeds to each stack. You can configure monitoring for an extensive list of Market Data Feeds using the Market Data Feed node under the Applications tab. The Market Data Feeds node includes, by default, a list of stack types (for example, NASDAQ ITCH 2.0). Many stacks include prepackaged feeds. 1. From the nGeniusONE console, select the
Global Settings icon.
2. Click the Applications tab. 3. Select Market Data Feed from the View drop-down menu and expand the selected node. 4. Right-click the appropriate feed and click Activate. Note: After you activate a feed, you can modify it if necessary.
727
nGeniusONE 5.4.1 Online Help Topics 5. Enable the monitoring options you want to apply. 6. (Optional) Configure Responsiveness and Packet Loss KPI alarms. 7. Click Apply to save your configuration. 8. Market Data Feed information is displayed in the
MDF Monitor.
Messages You can view and configure Market Data Feed messages. In the Applications screen, choose Messages from the View drop-down menu and expand the particular MDF node. You can activate/deactivate, Reset the Default Short Name entry for the following messages — all of which are shared with every MDF application — and configure Responsiveness and KPI Variables values for Market Data messages only. • Keep alive • Market Data • Retransmission • Retx Request • Retx-req-ack messages • Type A • Type B Type A and B options can be applied to create custom MDF message types. Columnar message metrics derived from the KEI table can be viewed in the MDF Monitor by using the Measure Picker. Adding a Market Data Feed You can configure monitoring for an extensive list of Market Data Feeds (MDF) using the Market Data Feeds node. This node includes, by default, a list of product (stack) types (for example, NASDAQ ITCH 2.0). Use this procedure to add additional feeds to each stack. 1. From the nGeniusONE console, select the
Global Settings icon.
2. Click the Applications tab. 3. From the View drop-down menu, expand the Market Data Feeds node. 4. Choose one of the following: — To add one MDF, select a Product (also called "stack") and click Application. — To add multiple MDFs, perform this procedure. Command to Bulk Import MDFs You can use the following command to import multiple MDFs: addMDFfeeds You must run the command in the following directory:
728
Add
CONFIGURING AND MANAGING nGeniusONE /opt/NetScout/rtm/cla Depending on whether the server uses Linux or Windows, refer to the following examples: Linux PM example: ./addMDFfeeds a netscout1 nsdqfeed81.txt ./addMDFfeeds a netscout1 nysefeed81.txt ./addMDFfeeds a netscout1 siacfeed.txt Windows PM example (DOS console): addMDFfeeds a netscout1 nsdqfeed81.txt addMDFfeeds a netscout1 nysefeed81.txt addMDFfeeds a netscout1 siacfeed.txt 5. In the Add Application dialog box, configure the required information. Be sure to observe rules regarding special characters. 6. Configure the monitoring options you want to apply. 7. (Optional) Configure Responsiveness and Packet Loss KPI alarms. 8. Click Apply and Add. 9. Note: You can delete user-configured Market Data Feeds just as you would any other custom application. 10. Market Data Feed information is displayed in the
MDF Monitor.
Messages You can view and configure Market Data Feed messages. In the Applications screen, choose Messages from the View drop-down menu and expand the particular MDF node. You can activate/deactivate, Reset the Default Short Name entry for the following messages — all of which are shared with every MDF application — and configure Responsiveness and KPI Variables values for Market Data messages only. • Keep Alive • Market Data • Retransmission • Retx Request • Retx-req-ack • Type A • Type B Type A and B options can be applied to create custom MDF message types. Columnar message metrics derived from the KEI table can be viewed in the MDF Monitor by using the Measure Picker. Add/Modify Field
Description
Parent
UDP (non-configurable)
729
nGeniusONE 5.4.1 Online Help Topics
Short name
Enter a short name for the application, up to 32 characters. Special characters are not allowed.
*=+"\?!@#$%^&'`~|<> Long name
Enter a more descriptive name for the application. You can enter up to 128 characters. Special characters are not allowed.
*=+"\?!@#$%^&'`~|<> Application Tag
(Optional) Enter up to a maximum of 1024 characters of string text (special characters are supported). The text you enter is appended to alert evidence.
Group
Select a group from the drop-down list. Default: Market Data Feeds. If the groups do not suit your needs, you can create your own.
Port range
Enter a range of port numbers. You can enter multiple ports or port ranges; for example: 8070, 8080-8082. Separate each port or port range using a comma. If you do not specify a port range, a port range of 1-65535 is used by default.
MDF Configuration (Customization)
Host IP Address
From Select Monitoring options, customize Market Data Feed products: • Input Value Format (Decimal or Hexadecimal) • Sequence Number Settings including Offset, Length, Network byte order, and Encoding (BINARY, ASCII, EBCDIC, or HALF-ASCII) values • Message Type Settings including Message type, Message value, offset and length, and Encoding values • Batch Message settings including Length, Count or Separator based values • Retransmission Request Settings including Range or Discrete based values, Offset to start and end Sequence numbers, Encoding, Offset to and Length of Retx-Requestor ID values, and Offset to Publisher's IP Click Add Address to enter the appropriate Multicast IP address. Multicast IP Addresses distinguish individual extensions. To specify a host mask, enter the network class followed by the subnet mask. For example, if you enter 224.20.30.1/16, all hosts with an IP address that begins with 224.20 are monitored. When finished, click Apply.
Messages
730
CONFIGURING AND MANAGING nGeniusONE You can view and configure Market Data Feed messages. In the Applications screen, choose Messages from the View drop-down menu and expand the MDF node. You can activate/deactivate, Reset the Default Short Name entry for the following messages — all of which are shared with every MDF application — and configure Responsiveness and KPI Variables values for Market Data messages only. • Keep alive • Market Data • Retransmission • Retx Request • Retx-req-ack messages • Type A • Type B Type A and B options can be applied to create custom MDF message types. Columnar message metrics derived from the KEI table can be viewed in the MDF Monitor by using the Measure Picker. Modifying a Market Data Feed in nGeniusONE You can modify pre-configured or user-configured Market Data Feed. 1. From the nGeniusONE console, select the
Global Settings icon.
2. Click the Applications tab. 3. Select Market Data Feed from the View drop-down menu and expand the particular Market Data Feed node. 4. Select the appropriate feed and click
Modify Application.
5. In the Modify Application dialog box, edit the configurable fields as required. Be sure to observe rules regarding special characters. 6. Click OK and Apply to save your configuration. 7. Market Data Feed information is displayed in the
MDF Monitor.
Messages You can view and configure Market Data Feed messages. In the Applications screen, choose Messages from the View drop-down menu and expand the particular MDF node. You can activate/deactivate, Reset the Default Short Name entry for the following messages — all of which are shared with every MDF application — and configure Responsiveness and KPI Variables values for Market Data messages only. • Keep Alive • Market Data • Retransmission • Retx Request • Retx-req-ack messages
731
nGeniusONE 5.4.1 Online Help Topics • Type A • Type B Type A and B options can be applied to create custom MDF message types. Columnar message metrics derived from the KEI table can be viewed in the MDF Monitor by using the Measure Picker. Customization for Market Data Feeds in nGeniusONE You can optionally customize Market Data Feeds by selecting the MDF Configuration option from the > Applications. Field
Select monitoring options drop-down menu in
Global Settings
Description
Input Value Format Format
Set the display format of input values on the form. Options: Decimal or Hexadecimal.
Sequence Number Settings Specify how to extract the sequence information based on the payload format you expect to appear. Offset
Enter the offset (in bytes) from the start of the data payload to the point where extraction of the Sequence Number begins. In UDP/PGM stacks, this point occurs at the end of the transport header. Note: Specify a zero-based value. For example, if the sequence number is the first byte following the UDP/PGM header, enter 0 (zero).
Length Network byte order Encoding
Enter the Sequence Number length (in bytes). • Select the check box to specify big endian byte order. • Deselect the check box to specify little endian byte order. From the drop down list, select one of the following: • • • •
732
Binary ASCII EBCDIC Half-ASCII
CONFIGURING AND MANAGING nGeniusONE
Message Type Settings Specify the message type to differentiate the actual streaming application from any out-of-band messages that are being sent down the same channel. For example, in some implementations of FASTFIX, the multicast message market data is set to M (decimal 77), at offset 3 bytes from the start of the multicast data payload. For PGM, the message type ODATA indicates a multicast message stream; RDATA indicates the payload is a Repair Message, and so on. Message type
From the drop down list, select one of the following Message Types: • • • • • • • • •
Market Data Retransmission Request (NAK) Alternate Multicast Repair Data Retx-Req-Ack (NCF) Keep Alive (HeartBeat) SPM-Stream-Value Type A Type B
Note: Types A and B can be used to create customized MDF message types. They are used primarily for TIBCO child applications but are applicable to all MDFs. These messages type are displayed as such in the MDF Monitor. Sequence Numbers are not processed and Sequence Gap Analysis is not performed for these custom message types. Tips • ODATA and RDATA message types are considered multicast streams. Configure ODATA as Multicast, and RDATA as Repair Data. • Retransmission Requests are considered a separate classification under financial multicast. NAKs are treated as Retransmission Request message types. • NCFs are treated as Retransmission Request ACKs. • Remaining message types are treated as unclassified traffic. Message value
Enter the actual value of the message type as seen in the packet. Convert ASCII values to HEX or decimal. For example, Retransmission Requests in ARCA-BOOK for Options stacks may have a message value of ASCII "P". Convert the value to HEX and enter "50". Note: When Message Type A or B is selected for TIBCO only, the default Message value is 7 and 8, respectively; for other MDFs no default is applied. Note: For stack types in which the messages are compressed,
733
nGeniusONE 5.4.1 Online Help Topics or the message value is otherwise unknown, you can enter a wild card value of "AFFF" to match any undefined record to the designated Message Type (for example, Market Data). If you customize any other Message Type, those customizations override the wildcard. Any other Message Types that you do not customize are matched to the type with the wildcard value. Message offset
Enter the offset (in bytes) from the start of the data payload to the point where extraction of the Message Type begins.
Message length
Enter the length (in bytes) of the Message Type.
Encoding
From the drop down list, select one of the following: • • • •
Binary ASCII EBCDIC Half-ASCII
Batch Message Configure a custom application to handle multicast stacks that pack multiple market data messages in the same multicast packet. Select the appropriate radio button to configure Length-based, Count-based, or Separator-based rules. Length based
Select the Length Based radio button to identify messages using length-based offsets. Offset to message length — Enter the offset (in bytes) from the end of the UDP header to the point where extraction should begin for the message length. Length of message length — Enter the length (in bytes) of the packet field containing the message length. Exclude header length — Select to exclude the header length from consideration.
Count based
Select the Count Based radio button to identify messages using count-based offsets. Offset to message count — Enter the offset (in bytes) from the end of the UDP header to the point where extraction should begin for the count of messages in the batch. Length of message count — Enter the number of messages expected to be batched together. If you do not enter a value, the count is inferred to be 1.
Separator based
Select the Separator Based radio button to identify individual messages using separator character rather than offsets. Start of message — Enter the code value representing the start of a message within the batch. End of message — Enter the code value representing the end of a message within the batch. Message separator — Enter the value of the message separator being used. Convert ASCII values to HEX or
734
CONFIGURING AND MANAGING nGeniusONE decimal. Length of message separator — Enter the length (in bytes) of the packet field that contains the length of the message separator. Encoding
For any Batch Message setting, select one of the following from the drop-down list: • • • •
Binary ASCII EBCDIC Half-ASCII
Retransmission Request Settings Specify which of two methods you want to use to match Retransmission Requests. Range Based
Allows the publisher to resend a range of packets. To match using this method you must enter the following information in the appropriate text boxes: • Offset to Start Sequence Number • Offset to End Sequence Number
Discrete Based
Includes one or more discrete sequence numbers in the payload asking the publisher to resend only the specified sequence numbers. To match using this method, you must provide the following information in the appropriate text box: • Offset to Start Sequence Number
Offset to Start Sequence Number
Enter the number of bytes from the start of the message header to the Start Sequence Number of the data the subscriber wants retransmitted.
Offset to End Sequence Number
Range based only — Enter the number of bytes from the start of the message header to the End Sequence Number of the retransmitted data requested by the receiver.
Encoding
From the drop down list, select one of the following: • • • •
Binary ASCII EBCDIC Half-ASCII
Offset to RetxRequestor ID
Enter the offset (in bytes) from the beginning of the message payload to where extraction should begin for extraction of the ID of the Multicast Receiver that is making the retransmission request.
Length of RetxRequestor ID
Enter the length (in bytes) of the message field that contains the ID associated with the retransmission request.
Offset to
Enter the offset (in bytes) from the beginning of the message
735
nGeniusONE 5.4.1 Online Help Topics
Publisher's IP
736
payload to where extraction should begin for extraction of the IP address of the publisher.
CONFIGURING AND MANAGING nGeniusONE
Monitoring Trade Order Protocols Adding a Trade Order Application Under the Trade Orders node you can enable and customize monitoring of DirectEdge, FIX, TSX_STAMP and OUCH-32, and 4.x applications. Note: Before you can monitor Trade Order applications, you must enable the Extended FIS option in the InfiniStream Agent Configuration Utility. To add a Trade Order application: 1. From the nGeniusONE console, select the
Global Settings icon.
2. Click the Applications tab. By default, the view drop-down menu displays active Enterprise applications. 3. Select the Financial view from the drop-down menu and the Trade Order node. 4. Select one of the following Trade Order groups: • DirectEdge • FIX. Note: the FIX protocol has moved to the Trade Order category in v5.2.1 and has been removed from Enterprise > TCP. • TSX STAMP • OUCH-32, OUCH-40, OUCH-41, or OUCH 4.x 5. Click
Add Application.
6. Configure the required information. Be sure to observe rules regarding special characters. 7. Click Add. 8. Configure monitoring options. 9. (Optional) Configure Responsiveness KPI alarms. 10. Click Apply to save your configuration. Modifying a Trade Order Application Under the Trade Order node you can enable and configure applications such as DirectEdge, FIX, TSX_STAMP, and OUCH for monitoring. Note: Before you can monitor Trade Order applications, you must enable the Extended FIS option in the InfiniStream Agent Configuration Utility. To modify a Trade Order application: 1. From the nGeniusONE console, select
Global Settings.
2. Click the Applications tab. 3. Select Trade Order view from the View drop-down menu. 4. Click
Modify Application.
737
nGeniusONE 5.4.1 Online Help Topics 5. Modify the configurable fields as required. Be sure to observe rules regarding special characters. 6. Click OK and Apply to save your configuration.
Add/Modify Trade Order Field
Description
Parent
The parent application. This field cannot be modified.
Short name
Enter an application name, up to 32 characters. Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all. Child applications included by default FIX-Order Cancel FIX-Order Fill FIX-Order New FIX-Order Replace TSX STAMP-Order Cancel TSX STAMP-Order Fill TSX STAMP-Order New TSX STAMP-Order Replace OUCH 4.x-Order Cancel OUCH 4.x-Order Fill OUCH 4.x-Order New OUCH 4.x-Order Replace
Long name
Enter a more descriptive name for the application. You can enter up to 128 characters. Note: Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all.
Parameter
A value particular to Trade Order applications.
Application Tag
(Optional) Enter up to a maximum of 1024 characters of string text (special characters are supported). The text you enter is appended to alert evidence.
Group
Select a group from the drop-down list. When you associate an application with a group, you can then view the application in the monitors. If the groups do not suit your needs, you can select Other or create your own group.
738
CONFIGURING AND MANAGING nGeniusONE
Port range
Enter a range of port numbers. You can enter multiple ports or port ranges; for example: 8070, 8080-8082. Separate each port or port range using a comma. If you do not specify a port range, a port range of 1-65535 is used by default.
Host IP Address
Click order.
Import
Click Import to upload one or more Trade Order applications.
Add Address to create an IP Address for the trade
Note: Not all of the above parameters display for all Trade Order applications.
739
nGeniusONE 5.4.1 Online Help Topics
Monitoring Custom Protocols Custom Applications in nGeniusONE — Overview The Applications tab includes many commonly-used applications. Network Administrators can modify certain attributes of these applications. In addition you can configure custom applications as children of existing applications or information nodes, including the following: • Adding Custom Applications: Procedure • Configuration Details o
Children of IP, TCP, UDP, or SCTP
o
Children of HTTP
o
o
Server-based and Client-Server-based applications o
Web-based applications
o
MMS
o
Citrix applications
o
Extensions of well known applications
o
Financial applications
Peer-to-Peer applications o
CORBA_METHOD
o
Mobile applications
Note: • nGeniusONE data sources ship with a default support for 1024 protocols. To increase the number of protocols the data source can support, modify the app_table_size command in the Agent Configuration Utility. You can monitor a maximum of 2048 active applications. • To view: get app_table_size • To configure: set app_table_size <# of applications> • Example: set app_table_size 2048 • After you add custom protocols, you can export application definitions so that you can subsequently import them to another nGeniusONE Server.
Adding Custom Protocols in nGeniusONE Global Settings lists many standard protocols that are monitored by nGeniusONE data sources by default. You can also add custom protocols which fall into the following categories: • Children of IP • Children of TCP or UDP • IP Level Server-based Applications
740
CONFIGURING AND MANAGING nGeniusONE • TCP or UDP Level Server-based • Children of HTTP and HTTPS • Client-Server-based Applications • Peer-to-Peer • Citrix Applications • CORBA_METHOD • Mobile Protocols • Financial Protocols • Extension Applications Including custom protocols, you can monitor a maximum of 2048 active protocols. Notes: • Be sure to observe rules regarding special characters. • nGenius data sources ship with default support for 1024 protocols. To increase the number of protocols the data source can support, modify the app_table_size command in the Agent Configuration Utility. • To view: get app_table_size • To configure: set app_table_size <# of applications> • Example: set app_table_size 2048
Adding a Custom Application in nGeniusONE Network Administrators can use the procedure in this topic to add a custom application. 1. From the nGeniusONE console, select the
Global Settings icon.
2. Click the Applications tab. 3. Select the parent application or node. Parent
Select
IP
IP node
TCP, UDP, SCTP
TCP, UDP, or SCTP > Well-Known Apps
Server- and Client-Serverbased Apps
1. IP, TCP, UDP, or SCTP > Server-based Apps 2. Select one of the following: • Server-based Application • Client-Server-based Application
HTTP
IP > TCP > Well Known Apps > HTTP
• Web-based applications • MMS
741
nGeniusONE 5.4.1 Online Help Topics
Peer-to-Peer applications
IP > TCP > Peer-to-Peer Apps
Citrix
IP > TCP > Well Known Apps > Citrix
CORBA_METHOD
IP > TCP > CORBA_METHOD
Extension Apps
Location varies
Mobile Applications
Service Provider tab: • NSIP • MMS • H.323 RAS Note: You can configure mobile applications for ASR monitoring, if your system is licensed for one of the following: • nGenius Subscriber Intelligence (nSI)
Financial Applications
Including: • Market Data Feeds • Trade Order
4. Click
Add Application.
5. Enter the required information for the specific application including the Short Name, Long Name, Port/ID, Application Tag, and Application Group (from a drop-down menu). Be sure to observe rules for special characters. 6. Optionally, you can enter a Short name for the application then click the Import icon to accept the application as previously defined. You will be prompted to search for and save the application to your configuration. 7. Click Add. 8. Enable the monitoring options you want to apply to the new application. Be sure to observe rules regarding special characters. 9. Click Apply to save your changes. The pending icon committed to the database, application added icon
appears. After the change is displays .
Adding Children of IP in nGeniusONE Use the procedure in this topic to add custom protocols as children of IP in Global Settings. More on adding custom protocols in other categories 1. Click
Global Settings from the nGeniusONE Console.
2. Select the Applications tab. 3. From the View drop-down menu, select Enterprise. 4. Navigate to and select the row for IP applications. 5. Click
Add Application. The Add Application window displays.
6. Enter the required information. Be sure to observe rules regarding special characters. 742
CONFIGURING AND MANAGING nGeniusONE
7. Click Add Application to continue adding protocols or OK to save your changes and exit the dialog box. 8. In Applications, enable the monitoring options you want to apply to the new protocol(s) by selecting the appropriate check boxes (hosts, conversations, or response time). 9. Click OK and Apply to save your configuration.
Adding Children of TCP or UDP in nGeniusONE You can add custom protocols as children of IP > TCP or IP > UDP from the Enterprise drop-down menu in Applications, as follows: More on adding custom protocols in other categories To add children of TCP or UDP: 1. From the nGeniusONE console, click the
Global Settings icon.
2. Select the Applications tab, Enterprise list. 3. Navigate to the TCP or UDP node, and select Well Known Apps. Add Application.
4. Click
5. Enter the necessary information in the Add Application dialog box. Be sure to observe rules regarding special characters. 6. Click OK. 7. In Applications, enable monitoring options and click OK when done. 8. Click Apply to save your configuration.
Importing Applications You must be granted Network Administrator privileges to perform this procedure. You can import application definitions previously exported from one same-version nGeniusONE Server to another. Importing application definitions also imports Application Group associations. When you import applications, certain rules are applied to prevent importing duplicates. You do not need to import application definitions in the following circumstances: • Following upgrade — Application definitions are preserved during upgrade. • In a distributed server environment — The Global Manager controls the configuration of all devices, and applies your definitions to each Local Server. To import application definitions: 1. Export the applications from another nGeniusONE Server. 2. Log on to the destination system. 3. (Optional) To assign applications to an Application Group, do one of the following: • On the destination system, create Application Groups using the same names as any Application Groups that exist on the source nGeniusONE Server 743
nGeniusONE 5.4.1 Online Help Topics • Import Application Groups from the source nGeniusONE Server. Note: Create matching Application Groups in the destination server before you start the import. Name matching is not case sensitive. For example, MY_GROUP is equivalent to my_group. The import process associates each custom application with the same Application Group with which it was associated on the source nGeniusONE Server, provided that the same group exists on the destination nGeniusONE Server. If no matching group exists, the imported application is associated with "Other". 4. From the nGeniusONE console, click
Global Settings.
5. Click the Groups and Applications tabs. 6. Click
Import applications, KPI settings and group associations.
7. Navigate to the export file you previously saved. Verify that the filename displays in the File name field of the File Upload screen. 8. Click Open. The
Task Progress Report status column displays.
• Success — The import completes with no name modifications required, no duplicate application encountered, and the imported application definitions were successfully applied to the devices. • Warning or Errors — Display when one of the following occur: o
o
Names were modified Duplicate applications were encountered and not imported
o Application definitions were not successfully applied to the devices If Warning or Errors display in the Task Progress Report, click Details and select the Warnings or Errors tab for further information. In the case of name modifications, or duplicate applications not being imported, the Details column displays the directory where you can locate the ImportGlobalSettings.txt file, which provides further information. When you finish viewing the details information, click Close. 9. In the Applications tab, verify that the applications were successfully imported. 10. To verify that Application Group associations were successfully imported, display the Groups > Application tab and select a group to display its members in the Applications pane.
Exporting Applications You must be granted Network Administrator privileges to perform this procedure. You can export customized applications from one nGeniusONE Server to a file that you can import to another Server. When you import custom protocols, certain rules are applied to prevent importing duplicates. Export is not supported for protocols provided by default. Exporting applications includes the following: • Well Known Apps
744
CONFIGURING AND MANAGING nGeniusONE • Server-based Apps • Extension Apps • Group associations • KPI Configurations • KPI Error Code Configurations • KPI Error Codes To export application definitions: 1. From the nGeniusONE console, select
Global Settings.
2. Select the Applications tab. 3. Click
Export applications, KPI settings, and group associations.
4. Save the export file in *.csv format. Important: Saving the file with the same name as a previously-saved file overwrites file contents. 5. Click Export. You can later import
the file to another system.
Deleting a Custom Application in nGeniusONE You can delete custom applications only; applications provided by default cannot be deleted. You must be granted Network Administrator privileges to perform this procedure. To delete a custom application: 1. From the nGeniusONE console, select
Global Settings.
2. Click the Applications tab. 3. Select from the View drop-down list the group appropriate for the application (such as Service Provider). 4. Locate the application of interest, optionally using the Search tool in the toolbar of the Applications tab. 5. Select the application you want to delete and click Delete . Shift-click, Ctrl-click, or click and drag to make multiple selections. The Confirmation dialog box lists all tabs that contain items slated for deletion. 6. Click OK. The selected application(s) is marked for deletion by the
icon.
7. Click Apply. After a short interval, when changes are committed, all selected items are deleted.
Rules for Importing Custom Applications in nGeniusONE When you import custom applications, certain rules are applied to prevent importing duplicate applications or overlapping ports. The import process does not overwrite existing 745
nGeniusONE 5.4.1 Online Help Topics applications. If an import error occurs, the Task Progress dialog reports the error in the log file /opt/NetScout/tomcat/content/temp/importGlobalSettings.txt on a Standalone server or /opt/NetScout/tomcat/gmcontent/temp/importGlobalSettings.txt on a GM/DGM server, as shown below, which you can examine to determine the underlying issue. Errors regarding duplicates or other issues are logged here. An example of an error follows: The following active protocols were not Imported A_DiameterSQLqry , Probe null , null Optionally, you can add the application manually while correcting the underlying issue that prevented it from being imported.
Using Custom Protocols with Command Line Device Tools in nGeniusONE By default, the Global Settings > Applications tab displays many standard applications but you can also access default applications using the Command Line Device Tools. If you want to use Command Line Device Tools to access custom applications, execute the getProtocolList.sql script. This script updates the data file used by Command Line Device Tools to include any custom applications you have added. Run the script while your database is running. To execute the script: 1. On the nGeniusONE server, navigate to the /rtm/bin folder. 2. Enter one of the following commands: • Windows — nGeniusSQL getProtocolList.sql protocol.dat -H • Linux — ./nGeniusSQL.sh getProtocolList.sql protocol.dat -H 3. If any custom applications were not imported, you can examine the importGlobalSettings.txt file for errors.
Creating a SIP Child App for Emergency Calls Telephone calls placed to emergency numbers such as 911 in the United States and 112 in Ireland can be segregated and Key Performance Indicator (KPI) data computed against them on a dedicated SIP server for clearer identification in the Call Server monitor. Since emergency calls are potentially life impacting, operators want to ensure that they are treated quickly and efficiently so having a special emergency call grouping is important. This feature is made possible by creating a specialized, sibling application to SIP in Global Settings. Specifying a country code in the Parameter field of the Add Application dialog box is provided to reference emergency calls and aggregate them accordingly. Configuration To configure the emergency call server function:
746
CONFIGURING AND MANAGING nGeniusONE
1. From the nGeniusONE Console, click the
Global Settings icon.
2. Click the Applications tab. 3. With Multimedia selected from the View drop-down menu, select SIP or SIP_TCP and click
Add Application.
4. Enter Short and Long name, Additional Port, Application Tag, Group affiliation, and Host IP Address entries as applicable. Click here for more information about required and optional values. 5. In the Parameter field, enter one or more country codes using this syntax: sos_emer=xxx,xxx. For example, sos_emer=911,112 6. Click OK and Apply to save your configuration. 7. SIP emergency calls display in the Application column of the appropriate monitor (for example, Advanced Voice Statistics), as shown below.
747
nGeniusONE 5.4.1 Online Help Topics
Server-based Applications Server-based and Client-Server-based Applications in nGeniusONE Adding a Server-based or Client-Server-based Applications Modifying a Server-based or Client-Server-based Application Deleting a Server-based or Client-Server-based Application Configuring Server-based or Client-Server-based applications allows you to monitor all applications flowing through multiple ports and servers, or client-server pairs. These flows support monitoring functionality that is identical to that supported for any application using static TCP or UDP ports. Real-time data can be monitored and logged to the database for historical and performance reporting. Limitations • Up to 31 server and client addresses • Maximum of 1024 applications Server-based Applications You can monitor server-based applications at the IP level or at the TCP/UDP/SCTP level. Configuring IP level server-based applications allow you to monitor applications that do not fall under the TCP, UDP, or SCTP nodes (for example, IGMP). Real-time data can be monitored and logged to the database for historical and performance reporting. Client-Server-based Applications nGeniusONE extends this functionality to allow you to define monitoring for all applications flowing through multiple client-server pairs. Monitoring Client-Serverbased applications is supported at the TCP/UDP/SCTP level. You can modify or delete Client-Server-based applications exactly the same way you modify or delete Server-based applications. Note: It can appear that applications are double counted. In fact, this is not the case. When counting applications, the software first matches the destination port with ports of well-known applications. If no match is found, the port is matched with ports of serverbased applications. If a packet contains both well-known and server-based applications, it is counted under well-known applications. Adding Server-based or Client-Server-based Applications in nGeniusONE You can add Server-based or Client-Server-based applications one at a time as described in the following procedure, or you can import multiple applications at one time. To add a Server-based or Client-Server-based application: 1. From the nGeniusONE console, select
Global Settings.
2. Display the Applications tab and the appropriate View menu, such as Enterprise. 3. Select one of the following:
748
CONFIGURING AND MANAGING nGeniusONE • (Server-based applications only): IP > Server-based Apps • TCP > Server-based Apps • UDP > Server-based Apps 4. Click
Add Application. • Click one of the following application types: • Server-based Application • Client-Server-based Application
5. Configure the required information. 6. Click OK. 7. Enable the monitoring options you want to apply to the new server-based application. 8. Click OK and Apply. The server-based application is added to Global Settings. Add/Modify Server- and Client-Server-based Applications in nGeniusONE Field
Description
Parent
The parent protocol. This field is not configurable.
Short name
Enter an application name, up to 32 characters. Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all.
Long name
Enter a more descriptive name for the application. You can enter up to 128 characters. Note: Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all.
Server port range
Enter multiple ports, a range of ports, or a combination. For example: 80, 8080-8082. Separate each port or port range using a comma. If you do not specify a port range, a port range of 1-65535 is used by default. Note: This field does not display for IP level server-based applications.
Client port range
This field is not configurable for Server-based applications. Enter multiple ports, a range of ports, or a
749
nGeniusONE 5.4.1 Online Help Topics combination. For example: 80, 8080-8082. Separate each port or port range using a comma. If you do not specify a port range, a port range of 1-65535 is used by default. Application Type
Select one of the following: • Server-based Application • Client-Server-based Application
Group
Select an Application Group from the dropdown list. If you prefer not to associate your custom application with a group, you can select Other. (Optional) You can create your own application group.
Application Tag
Server Parameters
(Optional) Enter up to a maximum of 1024 characters of string text (special characters are supported). The text you enter is appended to alert evidence. Click Add Address to enter the server address(es) you want to monitor. In the case of TCP or UDP level server-based applications, traffic is monitored for the specified port range on the specified server. Note the limit on additional addresses: • Server-based apps — maximum of 63 • Client-server-based apps — maximum of 32 To specify a server mask, enter the network class followed by the subnet mask. For example, if you enter 10.20.0.0/16, all servers with an IP address that begins with 10.20 are monitored for IP level server-based applications. In the case of TCP or UDP level server-based applications, all servers with an IP address that begins with 10.20 are monitored for the specified port range. Note: • Server-based Applications • For IP level server-based applications, enter at least one Host IP Address. • For TCP or UDP level serverbased applications only, this field is optional.
750
CONFIGURING AND MANAGING nGeniusONE • Client-Server-based Applications • Enter at least one server and one client IP address IP addresses are validated against existing user-defined server-based applications. If there is a conflict, an error message displays. Client Parameters
This field is not configurable for Server-based applications. Click Add Address to enter the client address(es) you want to monitor. Traffic is monitored for the specified port range on the specified client. Note the limit for additional is 32. To specify a mask, enter the network class followed by the subnet mask. For example, if you enter 10.20.0.0/16, all clients with an IP address that begins with 10.20 are monitored for the specified port range. Note: Enter at least one port or port range. IP addresses are validated against existing user-defined client-server-based applications. If there is a conflict, an error message displays. Select to import multiple application files.
Importing Server-based and Client-Server-based Applications To import server-based applications, first create an import file. • Server-based Apps • Client-Server-based Apps To import server- and client-server-based applications: 1. From the nGeniusONE console, select
Global Settings.
2. Display the Applications tab. 3. From the View drop-down menu, select an application group of interest, such as Enterprise or Service Provider. 4. Select from IP, TCP, or UDP > Server-based Apps 5. Click 6. Click
Add Application. Import.
751
nGeniusONE 5.4.1 Online Help Topics 7. Navigate to the location of the import file and select it. Ensure that the file name displays in the File name field. 8. You can accept the default file type if you saved the import file as a data file (.dat). Otherwise, click the down arrow for Files of Type and select All Files. 9. Click Open and OK. 10. In the Applications tab, enable the monitoring options you want to apply to the new applications and click OK. 11. Click Apply to save your configuration. Creating a File to Import Server-based Applications in nGeniusONE Creating and importing a .dat file allows you to add multiple server-based or client-serverbased applications at one time. When you import the file, all applications in the file are imported at the same level. Therefore, you must create separate files for IP, TCP, or UDP level server-based applications. To create the file: 1. Create a new text file using a text editor. 2. Enter one line of information for each server-based application, formatted exactly as shown in the Format section below. 3. Save the file with a .dat extension and close the file. Format: Server-based Apps Short Name:Long Name:Port Range:Application Group:IP Addresses:Type Definitions and Rules • Enter one application per line • Enter the colon for all fields whether or not you enter a value for optional fields. • Do not enter a port range value for IP level server-based applications. The Port Range field does not apply to those applications. However, you must enter the colon for the Port Range field. Short name — A brief or abbreviated name for the server-based application. Maximum 32 characters. Long name — (Optional) A more descriptive name for the application. Maximum of 128 characters. Server port range — For IP level server-based applications, enter the colon only. Optional for TCP or UDP applications only. If no port range is specified, a port range of 1-65535 is used by default. You can enter multiple ports or port ranges separated by commas. Application Tag — Enter up to a maximum of 1024 characters of string text (special characters are supported). The text you enter is appended to alert evidence. Group — (Optional) You can associate your server-based application with an Application Group. You can enter the name of a predefined application group or one you have created. Leave the field blank or enter NONE if you do not want to associate the application with a group. IP Addresses — (Optional for TCP or UDP only)
752
CONFIGURING AND MANAGING nGeniusONE Enter a maximum of 63 IP addresses for the servers on which you want to monitor traffic for the specified port range. To specify a server mask, enter the network class followed by the subnet mask. For example, if you enter 10.20.0.0/16, all servers with an IP address that begins with 10.20 are monitored for the specified port range. Separate multiple address entries using commas. Type — (Optional) Enter 0 (zero) or leave this field blank to designate the application as Server-based. (For Client-Server-based applications, enter 1.) If you leave the field blank you do not need to enter the colon following the Addresses field. Examples TCP or UDP Level
ServerApp1:Myfirstserverapplication:100-120,324:NONE:10.160.196.0/24 ServerApp2:::: ServerApp3::12-14,45-50::10.116.27.0/20,10.144.231.120/16:0 IP Level ServerApp1:My first IP server application::EMAIL:10.155.166.70 ServerApp2:::GAMES:10.20.30.40/16 ServerApp3::::10.231.144.133 Format: Client-Server-based Apps Short Name:Long Name:Server Port Range,0,Client Port Range:Application Group:Server IP Addresses,0.0.0.0/0,Client IP Addresses:Type Definitions and Rules • Enter one application per line • Enter the colon for all fields whether or not you enter a value for optional fields. Short name — A brief or abbreviated name for the application. Maximum 20 characters. Long name — (Optional) A more descriptive name for the application. Maximum of 128 characters. Server port range and Client port range — Enter multiple ports or port ranges separated by commas. Separate the server port and client port using 0 (zero) as a delimiter. Example: 100,200-204,0,444,4441 Server ports=100,200-204 Client ports =444,4441 Application Tag — Enter up to a maximum of 1024 characters of string text (special characters are supported). The text you enter is appended to alert evidence. Group — (Optional) You can associate your server-based application with an Application Group. You can enter the name of a predefined application group or one of an application group you created. Leave the field blank or enter NONE if you do not want to associate the application with a group. IP Addresses — Enter at least one server and one client IP address up to a maximum of 31 addresses or subnets.
753
nGeniusONE 5.4.1 Online Help Topics
Separate the server IP addresses and client IP addresses using ,0.0.0.0/0, as a delimiter. Example: 192.168.0.0/16,0.0.0.0/0,10.20.2.2,10.3.3.3 Server Address=192.168.0.0/16 Client addresses=10.20.2.2,10.3.3.3 To specify a subnet mask, enter the network class followed by the subnet mask. For example, if you enter 10.20.0.0/16, all servers with an IP address that begins with 10.20 are monitored for the specified port range. Separate multiple address entries using commas. Type — Enter "1" to designate the application as Client-Server-based. (For Serverbased applications, enter "0" or leave this field blank.) Examples TCPSrvBApp11:TCPServerBasedApp11:1010000,0,200:Email:172.16.0.0/16,0.0.0.0/0,10.2.2.2:1 TCPSrvBApp12:TCPServerBasedApp12:1010000,0,201:Email:172.20.0.0/16,0.0.0.0/0,10.2.2.3:1 TCPSrvBApp13:TCPServerBasedApp13:1010000,0,202:Database:172.30.0.0/16,0.0.0.0/0,10.2.2.4:1 TCPSrvBApp14:TCPServerBasedApp14:1010000,0,203:Database:172.14.0.0/16,0.0.0.0/0,10.2.2.5:1 Creating a File to Import Server-based or Client-Server-based Applications You can create a file to import multiple server-based or client-server-based applications at one time. When you import the file, all applications in the file are imported at the same level. Therefore, you must create separate files for IP, TCP, UDP, or SCTP level applications. To create the file: 1. Create a new text file using a text editor. 2. Enter one line of information for each application, formatted exactly as shown in the Format section below. 3. Save the file with a *.dat extension and close the file. Format: Server-based Apps Short Name:Long Name:Port Range:Application Group:IP Addresses:Type Definitions and Rules • Note: Depending on the application type, not all parameter fields shown below are required. • Enter one application per line • Enter the colon for all fields whether or not you enter a value for optional fields. • Do not enter a port range value for IP level server-based applications. The Port Range field does not apply to those applications. However, you must enter the colon for the Port Range field.
754
CONFIGURING AND MANAGING nGeniusONE Short name — A brief or abbreviated name for the server-based application. Maximum 32 characters. Long name — (Optional) A more descriptive name for the application. Maximum of 128 characters. Server port range — For IP level server-based applications, enter the colon only. Optional for TCP or UDP applications only. If no port range is specified, a port range of 1-65535 is used by default. You can enter multiple ports or port ranges separated by commas. Application Tag — Enter up to a maximum of 1024 characters of string text (special characters are supported). The text you enter is appended to alert evidence. Group — (Optional) You can associate your server-based application with an Application Group to view the new application in the monitors. You can enter the name of a predefined Application Group or the name of an application group you have created. Leave the field blank or enter NONE if you do not want to associate the application with a group. Application Type — Server-based or Client-Server-based Server Parameters — IP Address of the server to be accessed. IP Addresses — (Optional for TCP or UDP only) Enter a maximum of 63 IP addresses for the servers on which you want to monitor traffic for the specified port range. To specify a server mask, enter the network class followed by the subnet mask. For example, if you enter 10.20.0.0/16, all servers with an IP address that begins with 10.20 are monitored for the specified port range. Separate multiple address entries using commas. Type — (Optional) Enter 0 (zero) or leave this field blank to designate the application as Server-based. (For Client-Server-based applications, enter 1.) If you leave the field blank you do not need to enter the colon following the Addresses field. Examples TCP or UDP Level
ServerApp1:Myfirstserverapplication:100-120,324:NONE:172.16.196.0/24 ServerApp2:::: ServerApp3::12-14,45-50::172.40.27.0/20,172.15.231.120/16:0 IP Level ServerApp1:My first IP server application::EMAIL:10.155.166.70 ServerApp2:::GAMES:10.20.30.40/16 ServerApp3::::10.231.144.133 Format: Client-Server-based Apps Short Name:Long Name:Server Port Range,0,Client Port Range:Application Group:Server IP Addresses,0.0.0.0/0,Client IP Addresses:Type Definitions and Rules • Enter one application per line • Enter the colon for all fields whether or not you enter a value for optional fields.
755
nGeniusONE 5.4.1 Online Help Topics Short name — A brief or abbreviated name for the application. Maximum 32 characters. Long name — (Optional) A more descriptive name for the application. Maximum of 128 characters. Server port range and Client port range — Enter multiple ports or port ranges separated by commas. Separate the server port and client port using 0 (zero) as a delimiter. Example: 100,200-204,0,444,4441 Server ports=100,200-204 Client ports =444,4441 Application Tag — Enter up to a maximum of 1024 characters of string text (special characters are supported). The text you enter is appended to alert evidence. Group — (Optional) You can associate your application with an Application Group to view the new application in monitors. You can enter the name of a predefined application group or the name of an application group you have created. Leave the field blank or enter NONE if you do not want to associate the application with a group. IP Addresses — Enter at least one server and one client IP address up to a maximum of 31 addresses or subnets. Separate the server IP addresses and client IP addresses using ,0.0.0.0/0, as a delimiter. Example: 192.168.0.0/16,0.0.0.0/0,10.20.2.2,10.30.3.3 Server Address=192.168.0.0/16 Client addresses=10.20.2.2,10.30.3.3 To specify a subnet mask, enter the network class followed by the subnet mask. For example, if you enter 192.168.0.0/16, all servers with an IP address that begins with 192.168 are monitored for the specified port range. Separate multiple address entries using commas. Type — Enter "1" to designate the application as Client-Server-based. (For Serverbased applications, enter "0" or leave this field blank.) Examples TCPSrvBApp11:TCPServerBasedApp11:1010000,0,200:Email:172.22.0.0/16,0.0.0.0/0,10.20.2.2:1 TCPSrvBApp12:TCPServerBasedApp12:1010000,0,201:Email:172.16.0.0/16,0.0.0.0/0,10.20.2.3:1 TCPSrvBApp13:TCPServerBasedApp13:1010000,0,202:Database:172.25.0.0/16,0.0.0.0/0,10.20.2.4:1 TCPSrvBApp14:TCPServerBasedApp14:1010000,0,203:Database:172.34.0.0/16,0.0.0.0/0,10.20.2.5:1 Modifying Server-based Applications in nGeniusONE If you have added server-based or client-server-based applications, you can modify them in Global Settings.
756
CONFIGURING AND MANAGING nGeniusONE To modify server-based applications: 1. From the nGeniusONE Console access
Global Settings.
2. Select the Applications tab and select from the View drop-down menu, an area of interest, such as Enterprise. 3. Do one of the following to locate the server-based application you want to modify: • Expand the node for IP > Server-based Apps • Under IP, expand the node for TCP > Server-based Apps • Under IP, expand the node for UDP > Server-based Apps 5. Select the server-based application you want to change and click Appllication.
Modify
6. Modify the settings as required. Be sure to observe rules regarding special characters. 7. Click OK. 8. Click Apply to save your configuration. The Global Settings window closes and the Task Progress Report displays. Deleting Server-based Applications in nGeniusONE To delete server-based or client-server-based applications: 1. Click the
Global Settings icon.
2. Select the Applications tab. 3. Do one of the following to locate the server-based application you want to delete: • Expand the node for IP > Server-based Apps • Under IP, expand the node for TCP > Server-based Apps • Under IP, expand the node for UDP > Server-based Apps 4. Select the server-based application you want to delete and click Delete. The selected application is marked with an X for deletion. 5. (Optional) If you change your mind and no longer want to delete the application, click Undo Delete. 6. Click Apply. Server-based applications you marked for deletion are deleted.
757
nGeniusONE 5.4.1 Online Help Topics
Peer-to-peer Applications Adding or Modifying Peer-to-Peer Applications in nGeniusONE Using peer-to-peer (P2P) applications, a group of computer users with the same networking program can connect to each other and directly access files from the hard drives of others in the group. You can add up to thirty custom P2P applications or modify those provided by default. Note: Before you can monitor P2P applications, you must first enable the Pattern Match option in the probe. To add or modify peer-to-peer applications: 1. From the nGeniusONE console, select the
Global Settings icon.
2. Select the Applications tab. 3. Expand the Peer-to-Peer Apps node (located under the TCP Parent node). 4. Do one of the following: • Modify — Select a protocol and click Activate the protocol (if necessary.)
Modify Application.
• Add — Select the Peer-to-peer Apps node and click Application.
Add
5. Enter or modify the following information: Field
Description
Short name
Enter a protocol name, up to 32 characters. Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them.
Long name
Enter a more descriptive name for the protocol, up to 128 characters. Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them.
Pattern
Enter a pattern string that is exchanged when this peer-topeer protocol is in use, up to 64 characters. For example: • user-agent: limewire • bittorrent protocol • e3
Application Tag
758
(Optional) Enter up to a maximum of 1024 characters of string text. The text you enter is appended to alert evidence. Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all.
CONFIGURING AND MANAGING nGeniusONE
Group
Select a group from the drop-down list. When you associate a protocol with a group, you can then view the protocol in the Application Layer Snapshot view. If the groups do not suit your needs, you can create your own group.
6. Enable monitoring.
759
nGeniusONE 5.4.1 Online Help Topics
HTTP and HTTPS Monitoring Children of HTTP and HTTPS in nGeniusONE You can define HTTP and HTTPS children as URLs, or as IP addresses (IPv4 or IPv6): • URL — You can monitor URLs the same way you would monitor any other type of application. Therefore, you can receive real-time data, historical and performance reports for each URL defined. You can also receive response time and availability Power Alarms. • IP Address — You can define HTTP/HTTPS children using IP (IPv4 or IPv6) addresses just as you would any other extension of a Well Known Application. IPv6 addresses can be mixed with IPv4 addresses under the same application. Only the following netmasks are supported with IPv6: 7, 16, 32, 44, 48, 64, 80, 96, and 112-128. • Both — When you define a child application using both URL and IP address you can monitor a specific URL running over a specific server. SNI Support for HTTPS Configuration A server IP Address is no longer required when configuring HTTPS and defining children by URL, IP Address, or both. Server Name Indication (SNI), an extension to the TLS protocol, indicates to what host name the client is attempting to connect at the start of the handshaking process. This allows a server to present multiple certificates on the same IP address and port number thus allowing multiple secure (HTTPS) websites (or any other service over TLS) to be served off the same IP address without requiring all those sites to use the same certificate. So, for clients and servers that support SNI, a single IP address can be used to serve a group of domain names for which it is impractical to get a common certificate. Note: You can also add the mobile application MMS as a child of HTTP Configuration 1. From the nGeniusONE console, select the
Global Settings icon.
2. Select the Applications tab. 3. From IP > TCP, select Well Known Apps > HTTP or HTTPS. 4. Click
Add Application.
5. Select either the URL Application or Server Application radio button. •
URL Application — Define children by URL, IP address, or both
•
Server Application — Define children by IP address only
6. Configure the following depending on which radio button you selected above: Select
Procedure
URL Application
You can define child applications by URLs or IP addresses: 1. Configure URLs: a. Enter the following:
760
CONFIGURING AND MANAGING nGeniusONE
Short name — A short name to display in views (for example, NetScout). You can enter up to 32 characters. Address:http(s):// — The URL address you want to monitor. You can enter up to 256 characters (including forward slashes). For example, www.netscout.com/sales uses 22 characters. This argument is useful if you want to view any URL and accompanying HTTP response codes. IPv6 addresses are registered with HTTP and HTTPS URLs. Important: Optionally, applications travelling over HTTPS can be identified using a label rather than an IP address. Use the format APP#entry to add an HTTPS (HTTP is no longer supported) child application. For example: APP#netscout. To enable the APP# option, you must configure the set dns url_support=yes command on the InfiniStream appliance. Parameter — This field is grayed out. Application Port — This field is grayed out. Application Tag — (Optional) Enter up to a maximum of 1024 characters of string text (special characters are supported). The text you enter is appended to alert evidence. Group — The application group you want to associate (default: Web Applications). Application Type — Select the
URL Application button.
b. (Optional) Select the Exact Match check box to monitor exact matches only. With Exact Match disabled, sub-URLs are also monitored. URLs not collected under the search term are collected as HTTP. Exact Match examples Example: www.netscout.com/support Exact Match ENABLED Included: www.netscout.com/support NOT included: www.netscout.com www.netscout.com/index3.htm www.netscout.com/765.jpg www.netscout.com/support/images/987.jpg Exact Match DISABLED Included: www.netscout.com/index3.htm www.netscout.com/765.jpg www.netscout.com/support/images/987.jpg NOT included: www.netscout.com
761
nGeniusONE 5.4.1 Online Help Topics www.netscout.com/
2. Configure Server Parameters — Click Add Address in the Server Address panel to enter server addresses or subnets on which to monitor traffic. To specify a server mask, enter the network class followed by the subnet mask. For example, if you enter 10.20.0.0/16, all servers with an IP address that begins with 10.20 are monitored. Note: Adding child SBA and Well Known Apps is supported for HTTP/S parents. 3. Click Add to continue defining child applications, or OK then Apply to save your changes. While awaiting acceptance, the pending icon displays. When accepted, depending on the application type, these icons display: URL based , and User Defined . Server Application
You can define child applications using IP addresses. This option is useful to configure any URL on the server and capture associated HTTP response codes. 1. Enter the following: Short name — Enter a protocol name, up to 32 characters. For example, enter HTTP1. Be sure to observe rules regarding special characters. Long name — Enter a more descriptive name for the protocol. You can enter up to 128 characters. Be sure to observe rules regarding special characters. Parameter — A value often left blank or automatically populated. Some applications require a particular value. Additional Port — You can add up to 64 additional port numbers or 32 ports if containing a range for well-known application traffic running on other ports (for example, 8080 or 2039). A range is considered one port towards the maximum number of ports allowed. Application Tag — (Optional) Enter up to a maximum of 1024 characters of string text (special characters are supported). The text you enter is appended to alert evidence. Group — The application group you want to associate (the default is Web Applications). Exact Match — Check box indicates that traffic will be classified and displayed exactly by the address you specify. With Exact Match disabled, sub-URLs are also monitored. URLs not collected under the search term are collected as HTTP. Application Type — Select the
Server Application button.
Server Parameters — Click Add Address in the Server Address panel to enter server IPv4 or IPv6 addresses or subnets on which to monitor traffic. To specify a server mask, enter the network class
762
CONFIGURING AND MANAGING nGeniusONE followed by the subnet mask. For example, if you enter 10.20.0.0/16, all servers with an IP address that begins with 10.20 are monitored. 2. Click Add to continue defining child applications, or OK then Apply to save your changes.
7. Enable monitoring options. 8. Click Apply to save your configuration. Importing HTTP and HTTPS Children in nGeniusONE If you want to monitor HTTP and/or HTTPS child applications, you can save time by creating and importing a file containing the required details. 1. From the nGeniusONE console, select
Global Settings.
2. Select the Applications tab, then select Enterprise from the View drop-down menu. 3. From IP > TCP > Well Known Apps, select HTTP or HTTPS as appropriate. 4. Click Add Application 5. Click
.
Import....
6. Locate and select the file you want to import. Ensure that the filename displays in the File name field. 7. Click Open and OK. 8. Enable monitoring options for each child application. 9. Click Apply to save your configuration. Creating a File to Import HTTP and HTTPS Children You can import HTTP or HTTPS child applications by creating a comma-separated value (CSV) file using following syntax: Type:ShortName:LongName/URL: Exact_match:AppGroup:IP Address 1 (octet format),IP Address 2 (octet format),IP Address N (octet format) Notes: • You can combine types 0/1 in one file. • HTTP and HTTPS children must be imported in separate files. • Save as a text file (not RTF) using a .csv extension. Examples 0:NetScout:www.netscout.com:false:WEB:10.10.10.10,10.2.2.2 (Select URL, configure URL + IP, no exact match) 0:NetScout:www.netscout.com:false:WEB (Select URL, configure URL, no exact match)
763
nGeniusONE 5.4.1 Online Help Topics 0::www.netscout.com:false::10.10.10.10,10.2.2.2 (Select URL, configure URL + IP,no short name, no exact match, no Application group) 1:NetScoutB:NetScoutBoston::WEB:10.10.10.10,10.2.2.2 (Select Server, configure IP, exact match N/A) • Type: Enter 0 (URL) or 1 (Server) • ShortName: Enter a short name (up to 32 characters) to display in response time views. For example: NetScout • LongName: Enter a longer, more descriptive name for the application or, for URLs, enter the URL address (do not enter the leading http://). • Exact_Match: Enter true (exact match selected) or false (exact match not selected). If you leave this field blank, the default is false. • AppGroup: Enter a predefined or user-defined Application Group name. If you leave this field blank, the default application group is Web Applications. • IPAddress: Enter IP addresses, if applicable. Separate multiple addresses using commas. Creating a File to Import Virtual Interfaces or URLs in nGeniusONE You can add multiple virtual interfaces and web-based applications most efficiently by creating a CSV file containing the required details. To create a CSV file: 1. Create a new file using a text editor. 2. Enter information for each interface type or web-based application using one of the URL formats. 3. Save as a text file using a .csv extension. Modifying Web-based Applications in nGeniusONE You can change the parameters of Web-based applications you add for monitoring using the following procedure: 1. Launch
Global Settings tabs.
2. Under IP > TCP, expand the Well-known Apps > HTTP node. 3. Select the URL you want to change and click
Modify Applications.
4. Edit the settings as required: Short name — A short name to display in views (for example, NetScout). You can enter up to 32 characters. Be sure to observe rules regarding special characters. Address — The URL address you want to monitor. You can enter up to 256 characters (including forward slashes). For example, www.netscout.com/sales uses 22 characters. Application Tag — (Optional) Enter up to a maximum of 80 bytes of string text
764
CONFIGURING AND MANAGING nGeniusONE (special characters are supported). The text you enter is appended to alert evidence. Group — (Optional) The application group you want to associate (default = Web Applications). Exact Match — Indicates that traffic will be classified and displayed exactly by the address you specify. With Exact Match disabled, sub-URLs are also monitored. URLs not collected under the search term are collected as HTTP. Application Type: URL Application or Server Application — Choose one. If you are configuring this application to access a server, continue with Server Parameters section below. Server Parameters — IP Address of the server. Click Add Address in the Server Address panel to enter server addresses or subnets on which to monitor traffic. To specify a server mask, enter the network class followed by the subnet mask. For example, if you enter 10.20.0.0/16, all servers with an IP address that begins with 10.20 are monitored. 6. Click OK. 7. Modify the monitoring options, if required, and OK when finished. 8. Click Apply to continue save your configuration. Configuring Monitoring for MMS Importing URLs If you want to monitor several Web-based applications, you can save time by creating and importing a file containing the required details. To import Web-based applications: 1. From the nGeniusONE console, select the
Global Settings icon.
2. Display the Applications tab. 3. From IP > TCP > Well-known Apps, select HTTP. 4. Click
Add Application.
5. Click Import. 6. Locate and select the import file. Ensure that the filename displays in the File name field. 7. In the Files of Type field, select comma separated files (.csv). If that option is not available, click the down arrow and select All Files. 8. Click Open. The URLs display under the HTTP node. 9. Click OK. Note: Ensure you exit the Add URL dialog by clicking OK (not Cancel). If you exit the dialog without clicking OK, the URLs are not successfully added for monitoring even though they display under the HTTP node.
765
nGeniusONE 5.4.1 Online Help Topics 10. Enable monitoring options for each URL. 11. Click Apply to save your configuration. If you enabled Exact Match, a check mark overlays the URL icon. Creating a File to Import URLs in nGeniusONE You can add multiple Web-based applications most efficiently by creating a file containing the required details. To create the file: 1. Create a file using a text editor. 2. Enter information for each web-based application using the following format: URL_Address, Short_Name, Exact_Match, Application_Group Note: Ensure you save as a text file (not .RTF) using a .csv extension. Definitions and Rules Field
Description
URL Address
The URL address for which you want to monitor and log response time data. You can enter up to 256 characters (including forward slashes). For example, the following entry uses 22 characters: www.netscout.com/sales
Short name
Enter a short name (up to 32 characters) to display in response time views. For example: NetScout
Exact Match
Enter true to enable Exact Match; enter false to disable Exact Match. When enabled, Exact Match monitors the exact URL address you enter; when disabled, sub-URLs are monitored as well. If you leave this field blank, the default is false.
Group
Enter a user-defined application group name or one of the following pre-defined application groups such as: Card Processing, Market Data Feeds, Trade Order, Microsoft Protocols, Email, Other, Database, Web Applications, Client Server, Virtual Private Network, Multimedia, Network Management, Network Control Protocols, Network Services, Printing, Routing Protocols, Security/Authentication Protocols, Undefined Applications, and Service Enablers. If you leave this field blank, the default Application Group is Web.
Example www.netscout.com, NetScout, false, WEB
766
CONFIGURING AND MANAGING nGeniusONE www.abc.com, ABC, true, Games www.xyz.com, XYZ, , WEB www.ghi.com, Ghi, , Note: The following apply to the sample file: • For the third entry, Exact Match is disabled. • For the fourth entry, Exact match is disabled and the Application Group is Web. 3. Save as a text file using a .csv or .dat extension.
767
nGeniusONE 5.4.1 Online Help Topics
Citrix Applications Adding Citrix Applications in nGeniusONE You can monitor Citrix applications the same way you monitor any other type of application. You can receive real-time data, historical and performance reports, and set alarms for each Citrix application defined. Adding Children of the Citrix Channel Monitoring Protocol Support is provided for the Citrix Channel Monitoring (CCM) protocol and its numerous virtual channels enabling Citrix Published Applications and Desktops. CCM configuration is similar to other applications with the exception of these additional steps: • Ensure that Citrix channel monitoring is enabled (set citrix channel_monitoring on) for the InfiniStream • Add Port 2598 to the Citrix parent application in the Additional Port field of the Modify Application dialog box. This port is used in XenApp environments (Modern Citrix) with the Common Gateway (CGP) protocol which encapsulates the Citrix Independent Computing Architecture (ICA) protocol. ICA used without CGP runs on Port 1494. • Specify Citrix channel names in each child application added. Important: the Application name must be enclosed by a colon (:). For example: :CITRIXD: Up to 64 Citrix channels can be added. The channels listed here should be added as child applications of Citrix. These channels are discovered automatically by NetScout but to find additional channels, run a dump command on the InfiniStream appliance. o
CTXCAM — Client audio mapping
o
CTXTWI — Seamless Windows screen update data (ThinWire)
o
CTXEUEM — End User Experience Monitoring
o
o
CTXCTL — Citrix Control Virtual Channel CTXFLASH — Citrix Flash Redirection
o
CTXGUSB — USB Redirection
o
CTXSCRD — Smartcard
o CTXSBR — No longer used. Previously known as: Citrix Browser Acceleration o
CTXCLIP — Clipboard
o
CTXPN — Program Neighborhood
o
CTXVFM — Video server video (not ThinWire video)
o
CTXCDM — Client drive mapping
o
CTXCM — Client management (Auto Client Update)
o
o
CTXTW — Remote Windows screen update data (ThinWire)
o
CTXCCM — Client COM port mapping
o
768
CTXLIC — License management
CTXMM — Citrix Windows Multimedia Redirection
CONFIGURING AND MANAGING nGeniusONE o CTXCOM1 — Printer mapping for non-spooling client (Thin client devices) o CTXCOM2 — Printer mapping for non-spooling client (Thin client devices) o
CTXCPM — Printer mapping for spooling clients
o CTXLPT1 — Printer mapping for non-spooling client (Thin client devices) o CTXLPT2 — Printer mapping for non-spooling client (Thin client devices) • Enable discovery of Citrix applications that are not defined in Global Settings. Citrix Configuration To monitor Citrix applications, add the application as follows: 1. From the nGeniusONE console, click
Global Settings.
2. Select the Applications tab. 3. Select Enterprise from the drop-down menu. 4. From IP > TCP, select Well Known Apps > Citrix. 5. Click Add. 6. Enter the following information: Application name — Enter the name of the application you are adding. Specify Citrix channel names in each child application added. It must be enclosed by a colon (:). You can enter up to 128 characters. Short name — Enter a short name to display in real-time or historical views. You can enter up to 32 characters. Application Tag — (Optional) Enter up to a maximum of 1024 characters of string text (special characters are supported). The text you enter is appended to alert evidence. Group — Select an application group from the drop-down list. If a suitable group does not exist, you can create your own application group. Default: Client Server. 7. Click OK. 8. Right-click the child application and enable any monitoring options. 9. Click OK and Apply to save your configuration to the database. Modifying a Citrix Application in nGeniusONE To modify a Citrix application: 1. From the nGeniusONE console, select the
Global Settings icon.
2. Click the Applications tab. 3. From IP > TCP, expand the Well Known Apps > Citrix node.
769
nGeniusONE 5.4.1 Online Help Topics
4. Select the Citrix application you want to change and click
Modify.
5. Modify the necessary settings. 6. Click OK. Deleting Citrix Applications To delete a Citrix application: 1. From the nGeniusONE Console, click the
Global Settings icon.
2. Select the Applications tab and the Enterprise list. 3. From IP > TCP expand the node for Well Known Apps > Citrix. 4. Select the application you want to remove, right-click, and click Delete. 5. You are prompted to confirm the deletion. Click OK and Apply to save your configuration.
770
CONFIGURING AND MANAGING nGeniusONE
CORBA Adding Children of CORBA_METHOD in nGeniusONE You can add custom protocols as children CORBA_METHOD. Note: Before you can monitor CORBA applications, you must first configure the CORBA option in the probe. More on adding custom protocols in other categories. To add children of CORBA_METHOD: 1. From the nGeniusONE console, select the
Global Settings icon.
2. Select the Applications tab. Be sure the Enterprise tab is selected. 3. Select TCP > CORBA_METHOD. 4. Click
Add Application.
5. Enter the required information in the Add Application dialog box. In the Application Param text box, enter the method parameter (specific to your environment) that you want to monitor. Be sure to observe rules regarding special characters. 6. (Optional) Continue to add custom protocols for additional application parameters as required. 7. Click OK to close the Add Protocol dialog box and return to the Enterprise tab. 8. Click Apply to save your configuration. The custom protocol is added.
771
nGeniusONE 5.4.1 Online Help Topics
Extension Applications Extension Applications in nGeniusONE — Overview Configuring extensions of Well Known Applications allows you to focus monitoring on the traffic that is important to you. Certain application extensions are included in the Applications tab by default. IPv6 Support IPv6 addresses are supported and can be mixed with IPv4 addresses under the same application. Only the following netmasks are supported with IPv6: 7, 16, 32, 44, 48, 64, 80, 96, and 112-128. • Service Provider > SCTP > Well Known Apps > M3UA SCTP > Well-Known Apps > M3UA includes the following extensions by default: • ANSI-ISUP • BICC • BSSAP • BSSAPPLUS • CAP • GSAP • GSMA • INAP • INAP+ • ISUP • IUCS • IuPS-GM-MOTHER • IuPS-GMM-ATTACH • IuPS-GMM-AUTH • IuPS-GMM-DETACH • IuPS-GMM-IDENTIFY • IuPS-GMM-PTMSI-REAL • IuPS-GM-RAU • IuPS-GMM-SRV • IuPS-SM • IuPS-SM-ACTIVATE • IuPS-SM-DEACTIVATE • IuPS-SM-MODIFY • MAP • RANAP
772
CONFIGURING AND MANAGING nGeniusONE • TCAP • Service Provider > SCTP > Well Known Apps > S1-AP SCTP > Well-Known Apps > S1-AP includes the following extensions by default: • EMM-ATTACH • EMM-AUTH • EMM-DETACH • EMM-IDENTITY • EMM-SECURITY • EMM-SERVICE • EMM-STATUS • EMM-TAU • ESM-ACT-DED-BEAR • ESM-ACT-DEF-BEAR • ESM-BEAR-RES_ALLOC • ESM-BEAR-RES_MOD • ESM-DEACT-BEAR-CTXT • ESM-ESM-INFO • ESM-MOD-BEAR-CTXT • ESM-PDN-CONNECT • ESM-PDN-DISCONNECT • ESM-STATUS • S1-AP-E-RAB-MOD • S1-AP-E-RAB-REL • S1-AP-E-RAB-SET • S1-AP-HO-CANCEL • S1-AP-HO-PATH_SWITCH • S1-AP-HO-PREP • S1-AP-HO-RAB-SET-EVT • S1-AP-HO-RES-ALLOC • S1-AP-RAB-MOD-EVT • S1-AP-RAB-REL-EVT • S1-AP-RAB-SET-EVT • S1-AP-UE-CXT-MOD • S1-AP-UE-CXT-REL • S1-AP-UE-CXT-SET • Enterprise > TCP > CORBA_MSG 773
nGeniusONE 5.4.1 Online Help Topics TCP > CORBA_MSG supports the following extensions: • corba_cancel_req • corba_close_conn • corba_fragment • corba_locate_reply • corba_locate_req • corba_msg_error • corba_noreply • corba_other • corba_request • Service Provider > Mobility Control Plane > GTP_V1/GTP_V2 • GTP_V2C
• V2_Del_Bear_Cmd_Fail
• V1_Create_PDP
• V2_Delete_IDF_Tun
• V1_Delete_PDP
• V2_Delete_Session
• V1_Forward_Relocation_Not
• V2_Detach
• V1_Forward_Relocation_Req
• V2_Dwnlnk_Data_Failure
• V1_Identification
• V2_Dwnlnk_Data_Notif
• V1_Relocation_Cancel
• V2_Forward_Relocation_Not
• V1_Sgsn_Context
• V2_Forward_Relocation_Req
• V1_Update_PDP
• V2_Identification
• V2_Alert_MME
• V2_Modify_Bearer
• V2_Bear_Res_Cmd_Fail
• V2_Modify_Bearer_Cmd
• V2_Bearer_Res_Cmd
• V2_Mod_Bear_Cmd_Fail
• V2_Context
• V2_Rel_Access_Bear
• V2_Create_Bearer
• V2_Relocation_Cancel
• V2_Create_Forwrd_Tun
• V2_Resume_Notif
• V2_Create_IDF_Tun
• V2_Suspend
• V2_Create_Session
• V2_Suspend_Notif
• V2_Del_PDN_Cnx_Set
• V2_UE_Activity
• V2_Delete_Bearer
• V2_Update_Bearer
• V2_Delete_Bearer_Cmd Note: • All GTPv2 packets that are not classified under any of the GTPv2 children are classified as GTPv2c
774
CONFIGURING AND MANAGING nGeniusONE • All GTPv1 packets that are not classified under any of the GTPv1 children are classified as GTPV1/V2 • Market Data Feeds • Trade Order • Voice-Video-Control > H.323 RAS • ADMISSION • BANDWIDTH • DISCOVERY • DISENGAGE • INFORMATION • LOCATION • REGISTRATION • UN-REGISTRATION • Multimedia > Voice-Video-Control > SIP (children must be activated) You must activate SIP children (Click View All, select the child, click Activate): • ACK
• OPTIONS
• BYE
• PRACK
• CANCEL
• PUBLISH
• INFO
• REFER
• INVITE
• REGISTER
• MESSAGE
• SUBSCRIBE
• NOTIFY
• UPDATE
In addition to monitoring pre-defined extensions, you can: • Add extensions to Enterprise > TCP > CORBA_METHOD • Add extensions for certain Well Known Apps. For example: o
Service Enablers > Diameter, Diameter/site-apn Caveat
When a monitored element is configured for the site-apn virtual interface, the Service Configuration editor displays APN as a location key option for that monitored element. When the associated appliance and Global Settings are configured to track Diameter traffic using Client/Server origin hosts, selecting APN as a key will cause no data to display in the monitor. This happens because the Diameter configurations populate the flow record with Client-Origin-Host and Server-Origin-Host values, not the APN. Also note that the monitor will offer APN as a location attribute for display even though the field is not populated. This issue can be addressed by adding the following setting in the /rtm/bin/admin/serverpublic.properties file for proper Diameter identification:
775
nGeniusONE 5.4.1 Online Help Topics • srvconfig.apn.to.srvorigin = true • srvconfig.apn.to.srvorigin.ip= Note: Diameter and Diameter-SCTP ship with certain child applications that use Param strings in addition to those listed below. By default children are deactivated. Click View All, select one or more children, and click Activate. The Param field is populated automatically. (Required). NetScout supports three-digit command codes ranging from 256 to 400 for monitoring. Additionally, KPIs and Error Code processing is supported for Command Codes ranging between 256-400 only. Enter the 3-digit command code number in the Param field. The command code name is provided for reference only. Command Code/Name • 256
Unassigned
• 257
CER / CEA
• 259
Unassigned
• 260
AMR / AMA
• 261
Unassigned
• 262
HAR / HAA
• 263-264
Unassigned
• 266-267
Unassigned
• 268
DER / DEA
• 269-270 • 271
Unassigned
ACR / ACA
• 273 Unassigned • 274
ASR / ASA
• 275
STR / STA
• 276-279
776
Unassigned
• 280
DWR / DWA
• 281
Unassigned
• 282
DPR / DPA
• 283
UAR / UAA
• 284
SAR / SAA
• 285
LIR / LIA
• 286
MAR / MAA
• 287
RTR / RTA
• 288
PPR / PPA
• 289-299
Unassigned
• 300-313
Allocated for 3GPP
CONFIGURING AND MANAGING nGeniusONE • 314
PDR / PDA
• 315
PIR / PIA
• 316
ULR / ULA
• 317
CLR / CLA
• 318
AIR / AIA
• 319
IDR / IDA
• 320
DSR / DSA
• 321
PUR / PUA
• 322
RSR / RSA
• 323
NOR / NOA
Diameter Error Codes Diameter Experimental Error Codes are handled similarly to Result Codes. Specifically, error codes in the 3xxx and 5xxx ranges are treated as an Error; the remainder of the codes are treated as a Success. All (Diameter) 3GPP Experimental Error Codes are reported with 10000 added to its value. For example, “5001 – User Unknown” is reported as “15001 – 3GPP Error User Unknown”. o
Multimedia > Voice-Video-Control > SIP-TCP
(Required) When adding children of SIP_TCP, enter one of the method extension types (entries are not case sensitive): • ACK • BYE • CANCEL • INFO • INVITE • MESSAGE • NOTIFY • OPTIONS • PRACK • PUBLISH • REFER • REGISTER • S-I • SUBSCRIBE • UPDATE Note: SIP (UDP) children are included by default and the Parameter field is automatically populated. By default children are deactivated. Click View All, select one or more children, and click Activate.
777
nGeniusONE 5.4.1 Online Help Topics o
Service Provider > Mobility Control Plane > GTP
For children of GTP_v0, enter the appropriate control plane protocol type: • PDP Create Request/Response
Enter: create
• PDP Update Request/Response
Enter: update
• PDP Delete Request/Response
Enter: delete
You can distinguish between GTP_V0 and GTP' (GTP prime) by creating GTP' as an extension of GTP_V0: 1. In Global Settings, select one of the following: • UDP > Well Known Apps > GTP_V0. • Mobile tab > Mobility Control Plane > GTP_V0. 2. In the Param field enter: gtp' o
Service Enablers > LDAP
Required For children of LDAP, enter msgstartcode-endcode, where startcode and endcode include the following (case sensitive). • AAA (access, authentication, authorization): Codes 0-2 Note: entering msg:0-2 in the param string supports an LDAP child which contains request message 0 through response message 2. • Selections (search functions): Codes 3-5, and 19 • Change data (change functions such as: modify, add, delete): Codes 6-16 • Extended Request: Code 23 • Extended Response: Code 24 • Intermediate Response: Code 25 Examples: msg:0-2; msg:3-5; msg:6-16 Note: More about supported LDAP codes • You must enter a range (not an individual code). • To monitor Response Time, ensure that request-response codes are in the same group. • The system assigns a port for the Extended Application. o
Service Enablers > DNS
A DNS child application can be defined using a URI, a Param, or both, and IP addresses with subnet masks. Important: When configuring a DNS child application with a Port/IP Address, you must also add the port to the DNS parent or SBA classification will not work properly. Host IP Addresses:
778
CONFIGURING AND MANAGING nGeniusONE Enter a Universal Resource Indicator (URI). A URI is a character string that identifies a resource on the Internet. URIs can be locators (URLs) or names (URNs) or both. Enter information in the following format: .. • Entries are not case sensitive • Maximum 100 characters • Wild cards are not supported Examples: www.netscout.com mydocument.mycompany.org eat.at.joes Params: The Param field can be used to represent either a domain name or a request type. If the value entered is not a supported request type, it will be assumed to be a domain name. If it is a supported request type, the DNS request/response are classified accordingly. Specifying multiple DNS children with the same request type may produce unpredictable results. Optionally, further refine the classification by specifying associated subnets in the Host IP address fields. Following are supported DNS Request values for use in the Param field:A DNS child application can be defined using a URI, a Param, or both, and IP addresses with subnet masks. Request Description String for Param field *
Dump all records
A
Host address
AAAA
IPv6 host address
Request String for Param field
HINFO HIP
IPSECKEY
Description Request Description String for Param field Host Information
OPT
Option
Host Identify Protocol
PTR
Domain name pointer
IPSEC key
AFSDB
AFS database record
IXFR
Incremental zone transfer
APL
Address prefix list
KEY
AXFR
Authoritative zone transfer
KX
RP
Responsible person
RRSIG
DNSSEC signature
Key record
SIG
Signature
Key eXchanger record
SOA
Start of zone authority
779
nGeniusONE 5.4.1 Online Help Topics
CERT
Certificate record
LOC
Location record
SPF
Sender policy framework
CNAME
Canonical Name for alias
MG
Mail group member
SRV
Service locator
DHCID
DHCP Identifier
MX
Mail exchange record
SSHFP
SSH public key fingerprint
Naming authority pointer
TA
DDSSEC trust authorities
DLV
DNSSEC lookaside validation record
NAPTR
DNAME
Delegation name
NS
Authoritative name server
TKEY
Secret key record
DNSKEY
DNS key record
NSEC
Next-Secure record
TSIG
Transaction signature
NSEC3
NSEC record version 3
TSLA
TSLA certificate association
TXT
Text record
DS
Delegation signer
NSEC3PARAM NSEC3 parameters o
Enterprise > TCP > Well Known Apps > NCPDP
o
Multimedia > Voice-Video-Control > Unistim (RUDP)
o Service Provider > SCTP > Well Known Apps > M3UA > RANAP (nonstandard SSNs) o
Enterprise > TCP > Well Known Apps > HTTP and HTTPS
o
New Protocol Support
o Enterprise > TCP > Well Known Apps > IBM_MQ (Important: must be activated) When support for a new protocol is added between releases, enter the parameter provided in the documentation at that time. For example, if support for new protocol XYZ is added between releases, documentation at that time will provide the appropriate information to enter in this field. • Add certain protocols not listed by default as MultiCast Apps or Extension Apps. For example: o Under UDP > Multicast Apps, you can add extensions for the following: MDP, OPRA, CTS, or CQS o Under TCP > Extension Apps, you can add the following extension: SYNFLOOD
780
CONFIGURING AND MANAGING nGeniusONE Adding Extension Applications — Multicast You can configure monitoring for extensions of Multicast protocols by adding them to the Multicast node under UDP (currently supported for OPRA MDP, CTS, and CQS). Note: Configure monitoring for OPRA, MDP, CTS, and CQS under the Market Data Feeds node. To add or modify Multicast extension applications: 1. From the nGeniusONE console, select
Global Settings.
2. Click the Applications tab. 3. From the View menu, select Enterprise. Multicast Apps node.
4. Navigate to UDP and select the 5. Click
Add Application.
6. Enter the required information. Be sure to observe rules regarding special characters. 7. Click Add. 8. Select a Multicast App Type. For example, select MDP. 9. Configure the required information. 10. Click OK. 11. Enable monitoring options. 12. (Optional) For MDP and OPRA, configure Responsiveness and Packet Loss KPI alarms. 13. Click Apply. 14. Optional. Click the
icon to import multiple Multicast applications.
Add/Modify Application (Multicast Apps) Note: You do not need to assign a port. Ports are automatically assigned by the system. Field
Description
Parent
The parent application. This field cannot be modified. For example: UDP
Multicast
Select an application type from the drop-down list. Choices include: CTS, CQS, MDP, and OPRA.
Short name
Enter an application name, up to 32 characters. For example, enter MDP Oil. Note: Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all.
Long name
Enter a more descriptive name for the application. You can
781
nGeniusONE 5.4.1 Online Help Topics
enter up to 128 characters. Note: Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all. Parameter
The Parameter field is automatically populated when you select a Multicast App Type. Note: When support for a new Multicast application is added between releases, you can add and monitor extensions by modifying a property in the client.properties file.
Additional Port
Add additional port numbers or a range of port numbers.
Application Tag
(Optional) Enter up to a maximum of 1024 characters of string text (special characters are supported). The text you enter is appended to alert evidence.
Group
Select a group from the drop-down list. When you associate an application with a group, you can then view the application in the monitors with proper context.
Host IP Address
Click Add Address to enter the appropriate Multicast IP address. The Multicast IP Addresses distinguish individual extensions. When finished, click OK. To specify a server mask, enter the network class followed by the subnet mask. For example, if you enter 224.20.30.1/16, all servers with an IP address that begins with 224.20 are monitored. Select to import multiple application files.
Adding Extension Applications — Well Known Apps Extending application definitions allows you to focus monitoring for children of Well Known Applications so that you can target specific server, subnet, or application information. IPv6 addresses are supported and can be mixed with IPv4 addresses under the same application. Only the following netmasks are supported with IPv6: 7, 16, 32, 44, 48, 64, 80, 96, and 112-128. Currently supported applications To add or modify extensions of Well Known Applications: 1. From the nGeniusONE console, select the
Global Settings icon.
2. Click the Applications tab. 3. From the View drop-down menu, select an area of interest, such as Enterprise. 4. Navigate to TCP, UDP, or SCTP application groups as appropriate. 5. Select the appropriate application under Well Known Apps.
782
CONFIGURING AND MANAGING nGeniusONE
6. Click
Add Application.
7. Enter the required information. Be sure to observe rules regarding special characters. 8. Click OK. 9. Enable the monitoring options you want to apply to the application. 10. Click Apply to save your configuration. Adding Extension Applications — SYNFLOOD You can configure monitoring for extensions of certain applications that are not Well Known Applications by adding them to the Extension App node under TCP, UDP, or SCTP (currently supported for TCP > SYNFLOOD). After configuring the SYNFLOOD application, set up a SYN flood alarm. SYNFLOOD's use against Denial-of-Service attacks Configuring SYNFLOOD and setting up an alarm to warn of unusual traffic spikes is a valuable countermeasure to deal with a SYN flood, a typical Denial-of-Service (DoS) attack which, by swamping a target system with connection requests, causes that device to eventually grow unresponsive to legitimate login requests. A DoS attack works by disrupting the TCP three-way handshake, the basis for every clientserver connection using TCP. Normally, when a client attempts to start a TCP connection to a server, the client and server exchange messages which proceed as follows: 1. The client requests a connection by sending a SYN (synchronize) message to the server. 2. The server acknowledges this request by sending a SYN-ACK message back to the client. 3. The client responds with an ACK (acknowledge) message, and the connection is established. A SYN flood attack works by the client not responding to the server with the expected ACK code. The malicious client can either simply not send the expected ACK, or by spoofing the source IP address in the SYN, cause the server to send the SYN-ACK to a falsified IP address - which will not send an ACK because it "knows" that it never sent a SYN. The server will then await acknowledgement for some time because the missing ACK could simply be due to normal network congestion. But in a DoS attack, increasingly larger numbers of half-open connections will bind resources on the server until no new connections can be made, causing denial of service to legitimate traffic. Some systems may also malfunction badly or even crash if other operating system functions are starved of resources in this way. NetScout's SYNFLOOD application counts the number of packets marked TCP SYN with no ACK on a specified subnet or interface over a particular interval, providing an early warning of unanticipated connection attempts compared to the typical number of connection tries received. Be aware that an anomaly in either direction can be problematic: a severe spike in SYN count can indicate a DoS attack while a large decrease in SYNs could mean a misconfigured firewall is blocking valid requests. Another explanation unrelated to a DoS attack might stem from sudden public interest due to release of a company earnings report.
783
nGeniusONE 5.4.1 Online Help Topics The next step to deal with SYN floods is to configure an alarm to trigger when the packet count or utilization on a vulnerable subnet or single interface reaches a user-defined threshold. Click here for instructions. Notes: • When entering host addresses, enter the addresses of the servers you are monitoring (not the host doing the SYN attack). • You can add multiple SYNFLOOD extensions using different hosts/subnets. For example, if you expend allowable hosts for the SYNFLOOD extension, you can add a second (or more) SYNFLOOD extensions. Example SYNFLOOD1 - 192.168.1.0/24 - 192.168.2.0/24 - 192.168.3.0/24 - 192.168.4.0/24 - 192.168.5.0/24 - 192.168.6.0/24 - 192.168.7.0/24 - 192.168.8.0/24 SYNFLOOD2 - 192.168.10.0/24 - 192.168.20.0/24 - 192.168.30.0/24 - 192.168.40.0/24 - 192.168.50.0/24 - 192.168.60.0/24 - 192.168.70.0/24 To add or modify extension applications: 1. From the nGeniusONE console, select Global Settings. 2. Click the Applications tab. Select the Enterprise View menu. Extension Apps.
3. Navigate to TCP and select 4. Click Add Application
.
5. Enter the name of the application: SYNFLOOD 6. Configure the remaining required information. 7. Click OK. 8. Enable monitoring options. 9. Click Apply.
784
CONFIGURING AND MANAGING nGeniusONE Importing Extension Applications If you want to monitor several Extension applications, you can save time by creating and importing a file containing the required details. To import extension applications: 1. From the nGeniusONE console, select
Global Settings.
2. From the Applications tab, select the application list of interest, such as Enterprise or Service Provider. 3. Navigate to TCP, UDP, or SCTP as appropriate. When you import the file, all applications in the file are imported at the same level. Therefore, you must create separate files to import extension applications as children of TCP, UDP, or SCTP applications or as children of the Multicast Apps or Extension Apps nodes. 4. Select the
Extension Apps node.
5. Click Add Application
.
6. Click Import...
.
7. Locate and select the file you want to import. Ensure that the filename displays in the File name field. 8. In the Files of Type field, select Data files (.dat). Otherwise, click the down arrow for Files of Type and select All Files. 9. Click Open. 10. Click OK. Note: Ensure you exit the dialog by clicking OK (not Cancel). If you exit the dialog without clicking OK, the applications are not successfully added for monitoring even though they display under the Extension App node. 11. If not automatically enabled, right-click the new application and select Activate from the menu. 12. Enable monitoring options for each application. 13. Click Apply. Creating a File to Import Extension Applications in nGeniusONE Creating an import file allows you to import multiple extension applications at one time. When you import the file, all applications in the file are imported at the same level. Therefore, you must create separate files to import extension applications as children of TCP, UDP, or SCTP applications or as children of the Multicast Apps or Extension Apps nodes. To create the file: 1. Create a new text file using a text editor. 2. Enter one line of information for each application, formatted exactly as shown below. 3. Save the file with a .DAT extension and close the file.
785
nGeniusONE 5.4.1 Online Help Topics Format The file must have one line for each extension application being imported in the following format: Short Name:Long Name:Param:Application Group:IP_Address(es) Enter the colon for all fields whether or not you enter a value for optional fields. • Short name — A brief or abbreviated name for the extension application. Maximum of 32 characters. Special characters are not allowed.
*=+"\?!@#$%^&'`~|<> • Long name — (Optional) A more descriptive name for the extension application. Maximum of 128 characters. Special characters are not allowed.
*=+"\?!@#$%^&'`~|<> • Parameter — Enter information in the Param field where required: o
Extensions of Well Known Apps
o
SYNFLOOD
o
Extensions of Multicast Apps
Note: For all other Extended Apps, leave this field blank. • Additional Port — Add up to 64 additional port numbers or 32 ports if containing a range for well-known application traffic running on other ports (for example, 8080 or 2039). A range is considered one port towards the maximum number of ports allowed. • Application Tag — Enter up to a maximum of 1024 characters of string text (special characters are supported). The text you enter is appended to alert evidence. • Group — Associate your Extension App with an Application Group. You can enter the name of a predefined Application Group or the name of an Application Group you have created. Leave the field blank or enter NONE if you do not want to associate the application with a group. • Host IP Address — (Optional) Enter up to eight IP addresses of the servers on which you want to monitor traffic. To specify a server mask, enter the network class followed by the subnet mask. For example, if you enter 10.20.30.1/16, all servers with an IP address that begins with 10.20 are monitored. Use commas to separate multiple addresses. Examples
CDP123:Cisco Discovery application::Web:192.168.196.0/24,10.160.143.0/32 MDP1:MDP_multi192:mdp:MyGroup:224.116.27.0/20 LDAP:LDAP_Access:msg:0-2:MyGroup:10.144.231.120/16 GTP:GTPcreate:create:MyGroup:10.144.231.120/16
786
CONFIGURING AND MANAGING nGeniusONE Add/Modify Application (Extensions of Well Known Apps) in nGeniusONE The following table describes the fields shown when adding or modifying extensions of Well Known Apps. Important: You must configure a unique port/IP Address combination when adding an extension of a Well Known App. For example: • Prohibited: TCP applications with the same port number and IP Address pairs • Permitted: TCP and UDP applications with the same port numbers and IP Addresses • Permitted: TCP or UDP applications with different port number or IP Address pairs Note: Not all fields appear in all Add or Modify dialog boxes. Field
Description
Parent
The parent application. This field cannot be modified.
Application Name
Enter a name for the application.
Short Name
Enter an application name, up to 32 characters. For example, enter SIP_ACT_T (for a SIP_T extension). Optional. If you entered your own name for this application but want to return to the original designation, click Reset Default Short Name in the Select monitoring options list. Note: Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all.
Long Name
Enter a more descriptive name for the application. You can enter up to 128 characters. Note: Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all. For example: • v0PDPCreate (for a GTP_v0 extension) • LDAP_2_Selections (for an LDAP2 extension)
Parameter
In most cases the Parameter field is either left blank or automatically populated. In some cases, the Parameter heading is replaced by other designations, described below. In some cases, the Parameter heading is replaced by other designations, described below. Applications for which the Param field is automatically populated Entered by default: • CORBA_MSG (TCP) • FIX (TCP) • GTP_V1/V2 (UDP) • M3UA (SCTP)
787
nGeniusONE 5.4.1 Online Help Topics • Multicast Apps (UDP) — • o
CQS
Multicast App Type: MDP, OPRA, CTS, or
Corresponding “Param:” entry: mdp, opra, cts, cqs
o
• S1-AP (SCTP) • SIP (UDP) (Child applications must be activated) • Diameter and Diameter-SCTP (Child applications must be activated); in addition to the child applications that ship with the software, you can add children to the Diameter parents. Enter the appropriate command code. Enter information in the Param field in the following cases (the Param field is required except as noted): • Diameter and Diameter-SCTP Note: Diameter and Diameter-SCTP ship with certain child applications that use Param strings in addition to those listed below. By default children are deactivated. Click View All, select one or more children, and click Activate. The Param field is populated automatically. Required Refer to http://www.iana.org/assignments/aaa-parameters for more information about command code definitions. NetScout supports the command codes from 256 to 315 for monitoring. Enter the 3-digit command code number in the Param field. The command code name is provided for reference only. Command Code/Name • 256 — Unassigned
• 275 — STR / STA
• 257 — CER / CEA
• 276-279 — Unassigned
• 259 — Unassigned • 260 — AMR / AMA • 261 — Unassigned • 262 — HAR / HAA • 263-264 — Unassigned • 266-267 — Unassigned • 268 — DER / DEA • 269-270 — Unassigned • 271 — ACR / ACA
788
Command Code/Name
• 280 — DWR / DWA • 281 — Unassigned • 282 — DPR / DPA • 283 — UAR / UAA • 284 — SAR / SAA • 285 — LIR / LIA • 286 — MAR / MAA • 287 — RTR / RTA • 288 — PPR / PPA
CONFIGURING AND MANAGING nGeniusONE
• 273— Unassigned • 274 — ASR / ASA
• 289-299 — Unassigned • 300-313 — Allocated for 3GPP • 314 — PDR / PDA • 315 — PIR / PIA
• DNS A DNS child can specify an IP address/mask, a Param, or both. Enter a Universal Resource Indicator (URI). A URI is a character string that identifies a resource on the Internet. URIs can be locators (URLs) or names (URNs) or both. Enter information in the following format: .. • Entries are not case sensitive • Maximum 100 characters • Wild cards are not supported Examples: www.netscout.com mydocument.mycompany.org eat.at.joes • GTP_v0 For children of GTP_v0, enter the appropriate control plane application type: • PDP Create Request/Response — Enter: create • PDP Update Request/Response — Enter: update • PDP Delete Request/Response — Enter: delete You can distinguish between GTP_V0 and GTP' (GTP prime) by creating GTP' as an extension of GTP_V0: • 1. In the Device Management > Applications tab, select one of the following: • UDP > Well Known Apps > GTP_V0. • Mobile tab > Mobility Control Plane > GTP_V0. 2. In the Param field enter: gtp' • H.323-RAS • LDAP
789
nGeniusONE 5.4.1 Online Help Topics
Required For children of LDAP, enter msg:startcode-endcode, where startcode and endcode include the following (case sensitive): • • AAA (access, authentication, authorization): Codes 0-2 • Selections (search functions): Codes 3-5 • Change data (change functions such as: modify, add, delete): Codes 6-16 Examples: msg:0-2; msg:3-5; msg:6-16 Note: More about supported LDAP codes • This implementation supports codes 0-16 only. • You must enter a range (not an individual code). • To monitor Response Time, ensure that requestresponse codes are in the same group. • The system assigns a port for the Extended Application. • RANAP (non-standard SSNs) For standard SSNs (Sub System Numbers), "ranap" is automatically entered in the param field. To add non-standard SSNs, enter the comma-separated SSNs: ranap,SSN1,SSN2,SSN3,SSN Example: ranap,181,255 • SIP_T (Required) For children of SIP_T, enter one of the method extension (entries are not case sensitive): • ACK
• OPTIONS
• BYE
• PRACK
• CANCEL
• PUBLISH
• INFO
• REFER
• INVITE
• REGISTER
• MESSAGE
• SUBSCRIBE
• NOTIFY
• UPDATE
Note: SIP (UDP) children are included by default and the Param field is automatically populated. By default children
790
CONFIGURING AND MANAGING nGeniusONE are deactivated. Click View All, select one or more children, and click Activate. • SYNFLOOD (Required) Enter: synflood • ORACLE Sibling applications of ORACLE may contain either a database name and an IP Address (no Port) to accommodate multiple databases and separate traffic accordingly or a Port/IP Address pair. Validation disallows unsupported combinations of parameters. Be aware that the value entered in the Database Name field must exactly match the database name. • IBM_MQ When creating a sibling IBM_MQ application, you can enter a value in the Queue Name field to capture all MQ requests associated. For example, specifying Auth_Request is in addition to support provided for IP-bound sibling relationships. Sibling applications of IBM_MQ may contain either a Queue Name or a Port/IP Address pair. Validation disallows unsupported combinations of parameters. Important: use only a colon (:) to separate multiple queue names in the Parameter field. Use of a semicolon (;) for this purpose is not supported. • AMEX, VISA, DISCOVER, UNIONPAY, MasterCard The Issuer ID - The first 6 digits of a credit card number (previously known as the bank identification number) that identify the institution that issued the card to the card holder. Sibling applications of card processing applications may contain either an Issuer ID or a Port/IP Address pair. Validation disallows unsupported combinations of parameters. • New application support When support for a new application is added between releases, enter the parameter provided in the documentation at that time. For example, if support for new application XYZ is added between releases, documentation at that time will provide the appropriate information to enter in this field. Note: • For all other Extended Applications, accept the default entry or leave this field blank if no default displays. • The following are not extensions of Well-Known Apps; however, you can add children for the following: o
o
Multicast Extensions Market Data Feeds
791
nGeniusONE 5.4.1 Online Help Topics
Port/ID
The monitoring port number for the application. Internally-assigned CDM ports are no longer shown by default but you can choose to display them. Click here for information about how monitoring ports are shown and how to add them for display.
Additional Port
Add up to 64 additional port numbers or 32 ports if containing a range for well-known application traffic running on other ports (for example, 8080 or 2039). A range is considered one port towards the maximum number of ports allowed. Separate entries using commas (no spaces). For example: 1, 2, 3, 4, 5, 6-35 counts as 7 entries. Duplicate port numbers are not allowed under the same parent (TCP, UDP, or SCTP).
Application Tag
(Optional) Enter up to a maximum of 1024 characters of string text (special characters are supported). The text you enter is appended to alert evidence.
Group
Select a group from the drop-down list. If the groups do not suit your needs, you can create your own group.
Host IP Address
Click Add Address to enter server IPv4/IPv6 addresses or subnets on which to monitor traffic. To specify a server mask, enter the network class followed by the subnet mask. For example, if you enter 10.225.0.0/16, all servers with an IP address that begins with 10.225 are monitored. When finished, click OK. IPv6 addresses can be mixed with IPv4 addresses under the same application. Only the following netmasks are supported with IPv6: 7, 16, 32, 44, 48, 64, 80, 96, and 112-128. SYNFLOOD — Enter the host addresses of the servers you are monitoring (not the host which is doing the syn attack). You can add multiple SYNFLOOD extensions using different hosts/subnets. For example, if you expend allowable hosts for the SYNFLOOD extension, you can add a second (or more) SYNFLOOD extensions. Example SYNFLOOD1 - 192.168.1.0/24 - 192.168.2.0/24 - 192.168.3.0/24 - 192.168.4.0/24 - 192.168.5.0/24 - 192.168.6.0/24 - 192.168.7.0/24 - 192.168.8.0/24
792
CONFIGURING AND MANAGING nGeniusONE SYNFLOOD2 - 192.168.10.0/24 - 192.168.20.0/24 - 192.168.30.0/24 - 192.168.40.0/24 - 192.168.50.0/24 - 192.168.60.0/24 - 192.168.70.0/24 Select to import multiple application files. Click the following links to import URL, Extension, HTTP, Server-based, and server- or client-server-based applications.
793
nGeniusONE 5.4.1 Online Help Topics
Monitoring Key Performance Indicators (KPIs) Overview of Key Performance Indicators in nGeniusONE Key Performance Indicators (KPIs) are measures of performance that are applicationbased, rather than device- or link-based. The nGeniusONE software, working with supported nGeniusONE devices, monitors KPIs at both the physical and virtual interface level. In nGeniusONE, KPI statistics are displayed in service monitors. Service-based alerts allow triggering on some metrics. To monitor and alarm on KPIs, you must meet all requirements for monitoring Response Time. This topic provides general information about KPI monitoring, metrics, and configuration. Monitoring KPIs The availability of KPIs for each application and the manner in which KPIs are computed varies depending on several criteria, including whether NetScout Systems has developed a specialized parser for that application. With a specialized parser, the unique characteristics and messages for the application are considered, particularly for response time. In the case of UDP applications, response time is not computed unless the application has a specialized parser. Since KPIs are only available when response time is computed, generically processed UDP applications are not supported for KPIs. KPI Metrics KPI metrics are collected when response time is enabled for the monitoring appliance and also for supported applications in Global Settings. Note that, while all applications can be enabled for responsiveness in Global Settings, not all applications are supported for KPIs. For supported applications, different sets of KPI metrics are collected when the InfiniStream appliance is configured in ASI or CDM mode (in hybrid mode, both sets are collected), as follows: • ASI-mode KPIs include the following and are reported in nGeniusONE modules: o
Successful Transactions
o
Response Time
o
Failed Transactions Peak Response Time Average Response Times Response Time "Buckets"
o
Timeouts
o
Error Codes (specialized parser applications only)
o
Request Retries (Application retransmissions)
o Unified Communications (UC) KPIs applicable when monitoring RTP/Audio/Video, MSB, MPEG2-TS: Packet Loss MOS Jitter
794
CONFIGURING AND MANAGING nGeniusONE Additional metrics with UC Server License: IP MOS Degradation Compression Degradation Round trip Delay Low Voice Level High Voice Level Echo Loss SNR • CDM-mode KPIs include the following and are reported in Performance Manager and UMC-based modules (not applicable to nGeniusONE): o
Response Time
o
Retransmission
o
User Events and Server Events
o
Jitter and MOS (Voice/Video Quality) (RTP only)
o
Packet Loss
o
Timeouts
o
Error Codes (specialized parser applications only)
o Unified Communications (UC) KPIs applicable when monitoring RTP/Audio/Video: Packet Loss MOS Jitter Additional metrics with UC Server License: IP MOS Degradation Compression Degradation Round trip Delay Low Voice Level High Voice Level Echo Loss SNR Refer to UC Reference topics for additional information about UC metrics and concepts. KPI Configuration To monitor KPIs for most applications (other than Voice/Video), you configure responsiveness boundaries, as shown below.
795
nGeniusONE 5.4.1 Online Help Topics
For CDM database flows, responses are categorized in five levels or buckets: • Fast • Expected • Degraded • Service Level • Availability • Timeouts (Values exceeding Availability are counted as Timeouts) For ASI data, responses are categorized using three levels: • Fast • > Fast to <= Degraded (corresponds to CDM buckets 2-3) • > Degraded to <= Availability (corresponds to CDM buckets 4-5) • Timeouts (Values exceeding Availability are counted as Timeouts) For more details, refer to Response Time Boundaries. The responsiveness values are applied when you set CDM KPI alarms. For additional information about setting these alarms, refer to Configuring KPI Monitoring and Alarming in nGeniusONE. For additional information about setting alerts based on ASI KPIs for nGeniusONE services, refer to Configuring Service Alert Profiles.
796
CONFIGURING AND MANAGING nGeniusONE KPI Configuration for Voice/Video KPIs for Voice/Video traffic are configured separately from the standard Responsiveness settings. Also note that there are two separate configuration workflows to configure Voice/Video KPIs for CDM versus ASI. Refer to Modifying Voice and Video Quality Boundaries in nGeniusONE for details. For detailed steps about configuring your appliance for Voice and Video Quality, for either CDM or ASI, refer to the Voice and Video Quality Overview topic.
Overview of KPI Alarms in nGenius Server In general, KPI alarms are displayed in Service Delivery Manager (UMC) and the Performance Manager Alarm Viewer. However, you can receive alarms in nGeniusONE for ASI-based KPI error codes by including error codes as triggers in service alert profiles in the Service Configuration Editor. In contrast to device-based or interface-based alarms, KPI alarms are based on application response time. To alarm on KPIs, ensure that you meet all requirements for monitoring Response Time. KPIs are tracked at both the physical and virtual interface level. You can create KPI alarms for the following metrics (supported metrics vary by application): • Responsiveness • Application Level Errors • Packet Loss/Retransmits • Voice and Video Quality • KPI Error Codes Responsiveness To alarm on Responsiveness KPIs, define both of the following: • Response Time threshold (milliseconds) • Number of times the threshold must be exceeded (using the KPI Alarm dialog box) KPI alarms are generated based on the contents of responsiveness bucket 5 and bucket 6 (Availability and Timeouts). Because the Response Time boundary represents the highest value (worst responsiveness) for its respective bucket, values that exceed the Service Level boundary fall into bucket 5 (Slow Responses) and those that exceed the Availability boundary fall into bucket 6 (Timeouts) as shown below.
797
nGeniusONE 5.4.1 Online Help Topics
Application Level Errors • To alarm on Application Level KPIs, define a value for the number of times a User or Server event must be seen on the selected application using the Edit KPI dialog box. • You can also alarm on multiple KPI error codes for supported applications. Note: • Supported codes are listed in the Select Error Codes dialog box. • You can define Critical and Warning alarms separately for parent and child applications. Error codes defined on the parent application are not inherited by the children. Packet Loss/Retransmits To alarm on Packet Loss KPIs, define a Retransmit threshold in the KPI Alarm dialog box using an equation. • Packet Loss — used for TCP and SCTP applications • Retransmits — used for UDP applications
798
CONFIGURING AND MANAGING nGeniusONE Voice and Video Quality To alarm on Voice and Video Quality KPIs you must: • Configure the appropriate nGenius InfiniStream appliance options. • Enable RTP, Audio, and Video for Response Time and ASRs. Enable signaling protocols if integrated with nGenius Voice | Video Manager. • Optionally adjust default quality boundaries. • Optionally configure alarms based on these boundaries. Refer to the Voice and Video Quality Overview for more information. KPI Error Codes To alarm on KPI Error Codes: • Select an application in Global Settings > Applications. • Define Critical and/or Warning severities by: o
o
Entering a threshold and minimum transaction count. Adding the error codes you require.
Refer to Configuring KPI Protocol Error Code Alarms in nGeniusONE for more information.
Configuring KPI Monitoring and Alarming in nGeniusONE You can configure monitoring and alarming on Key Performance Indicators (KPIs) for the following metrics: • Responsiveness • Application level errors • Packet Loss • Voice and Video Quality • Error Classification The instructions in this topic describe how to monitor KPIs (for both ASI and CDM) and how to set KPI alarms (CDM only). CDM KPI alarms are displayed in Service Delivery Manager (UMC) and the Performance Manager Alarm Viewer. To configure KPI monitoring and alarms: 1. From the nGeniusONE console, select the
Global Settings icon.
2. Click the Applications tab. 3. Select an application you want to track. 4. Responsiveness alarms — From the Select monitoring options drop-down menu, select Responsiveness and modify the response time boundaries as required. 5. Voice and Video Quality alarms only—Optionally toggle whether you want the alarms to be based on MOS or Jitter thresholds. This setting only applies to appliances configured with asi_mode=CDM or hybrid, since alarms on ASI metrics are set
799
nGeniusONE 5.4.1 Online Help Topics using service-based Alarm Profiles. To toggle: a. Select RTP. b.From the Select monitoring options drop-down menu, select Voice and Video Quality. c. Select MOS or Jitter and enter parameters. d.Click OK and Apply. 6. Other alarm types — From the Select monitoring options drop-down menu (or right-click button), select KPI Alarm. (The KPI Alarms dialog box allows you to enter thresholds for KPI Variables regardless of whether the application supports KPIs. ) 7. In the KPI Variables tab, enter a count for each variable, as appropriate. Enter zero for a variable if you do not want to generate an alarm. Use this tab to set alarms for metrics collected on CDM flows. The numeric fields indicate the number of times the indicated event must occur before you want an alarm triggered. For example, you might set an alarm to trigger when the Responsiveness threshold for Timeouts has occurred 50 times. You can also designate alarms on the selected application to be Warning or Critical, select a server-side script to run when the alarm is triggered, and specify forwarding for the alarm as an SNMP trap or as an email to designated addresses (set in nGeniusONE Server Management>Servers>Email Settings tab).
8. (Optional) For applications supported for application level KPIs, click the KPI Error Codes tab to configure KPI error code alarms. (The tab does not display for unsupported applications.) 9. Click OK to exit the selected Edit KPI dialog box and Apply to save your configuration.
800
CONFIGURING AND MANAGING nGeniusONE
KPI Variables (nGeniusONE) Use the KPI Variables tab of the Edit KPI dialog box (Global Settings > Applications > Select monitoring options > KPI Alarm) to specify thresholds, severities, and actions to take for the events that trigger KPI alarms (CDM). Note: Although you can open the Edit KPI dialog box for any application or when response time is not enabled for the application, KPIs are collected only for supported applications with response time enabled and with response time enabled on the monitoring appliance. Enter a count to trigger a KPI alarm for each metric. If you enter zero (default), no alarm is generated for that metric. Metric
Description
Slow responses
Number of times in a five minute sample that the response time must exceed the Service Level threshold you defined in Applications> View > Edit Responsiveness. Values that exceed the Service Level threshold fall into the Slow Responses bucket.) For Voice and Video Quality KPIs, use the Slow Responses field to configure alarms for "Nearly All Users Dissatisfied" (MOS) or High Jitter.
User events
Number of times in a five minute sample that an Error code signifying a User Event must occur for the selected application to trigger a KPI User Events alarm.
Packet loss (retransmits)
Determine the KPI packet loss threshold to enter in the Retransmits field by using this equation: Retransmits threshold = Min_percentage x 1000 + Min_retx_count where: • Min_percentage = minimum percentage of Server Retransmissions over Total Responses (range: 065) • Min_retx_count = minimum number of server retransmissions for generating an alarm (range: 0999) For example: • Min_retx_count = 4, Min_percentage = 2 Therefore, the equation to find the Retransmits threshold is: 2 * 1000 + 4 = 2004 Retransmits — TCP and SCTP applications Packet Loss — UDP applications Note: Because H.323 RAS is a UDP application, the KPI Alarm box displays Packet Loss rather than Retransmits.
801
nGeniusONE 5.4.1 Online Help Topics
Timeouts
Number of times in a five minute sample that the response time must exceed the Availability threshold you have defined in Applications > View > Edit Responsiveness in order to trigger a KPI Timeout alarm (for Voice and Video applications, a KPI Maximum Jitter alarm). For Voice and Video Quality KPIs, use the Timeouts field to configure alarms for "Not Recommended" (MOS) or Max Jitter.
Server events
Number of times in a five minute sample that a Server Event or Error Code must occur for the selected application to trigger a KPI Server Events alarm.
Severity
Critical or Warning (default) Note: If your product is licensed for nGenius Service Delivery Manager (UMC), the SDM dashboard displays the application icon in yellow for alarms with a severity of Warning and in red for alarms with a severity of Critical.
CallBack script
Scripts that can be executed as part of the alarm.
Forward alarm
Checkbox to forward alarms to addresses configured in Global Settings.
Send email
Checkbox to send emails to recipients configured in Server Management.
Monitoring KPI Protocol Error Codes Configuring KPI Protocol Error Code Alarms in nGeniusONE Requirements • Response time enabled for the application • Power alarms enabled on the data source (refer to CDM documentation) • KPI application error code tracking enabled on the data source (refer to CDM documentation) Monitoring KPI error codes is disabled by default. You can adjust the table size (default 1,000 entries) and enable or disable monitoring per interface (including aggregated interfaces) in the CDM Agent Configuration Utility command line. (Entering interface 0 configures monitoring on all interfaces.) Refer to CDM documentation for details. Alarming is supported on selected KPI error codes for specific applications. You can prioritize error codes as either Critical or Warning and define alarm thresholds for each category. A maximum of two alarms (one critical, one warning) per application per 5minute interval is reported. Error code alarm settings are applicable to both nGeniusONE (ASI) and nGenius Performance Manager (CDM) data.
802
CONFIGURING AND MANAGING nGeniusONE By default, alarms are not triggered on KPI error codes. To alarm on error codes, first create a definition for Critical and Warning severity levels for the selected application. For example, you may want to define a severity of Warning to mean that errors constituted 2% of transactions within the interval. After you define Critical and Warning severity levels, define the minimum number of transactions that must occur before the alarm is triggered. You can define Critical and Warning alarms separately for parent and child applications. Error codes defined on the parent application are not inherited by the children. When you configure definitions for Warning and Critical, consider the amount of traffic you expect to see for this application and how important the application is to the operation of your enterprise. For example, the threshold and minimum transaction counts defining a Critical alarm would likely differ for SIP (relatively low volume, high importance) and HTTP (high volume, low importance) in a GPRS/UMTS network. In the case of SIP, you might want to set a low Minimum Transaction Count (for example, 1) so that errors are counted immediately. After you configure Critical and Warning definitions, apply those definitions to the error codes for which you want to receive alarms. To receive alarms for ASI-based error codes, define KPI error codes for applications in Global Settings, then include KPI error codes as triggers in service alert profiles in the Service Configuration Editor. These service-based alerts are reported in the nGeniusONE Service Dashboard and the Alert Browser. CDM-based alarms are reported in the UMC Service Delivery Manager (displayed as Power Alarms) and Performance Manager Alarm Viewer (displayed as KPIError Alarms). To configure monitoring and alarming for KPI error codes: 1. On the nGeniusONE console, click the
Global Settings icon.
2. Click the Applications tab. 3. Select an application supported for error codes. Note: The KPI Error Codes tab (used to configure KPI error code alarms) does not display for unsupported applications. 4. Ensure the application is enabled for Response Time monitoring. If it is not enabled, right-click the application and select Response Time > Enable. 5. Right-click the application and select KPI Alarm... . 6. In the Edit KPI dialog box, click the KPI Error Codes tab. 7. Define Critical and/or Warning severities as follows: a. Enter a Threshold and Min. Transaction Count. You are defining what Critical/Warning means in the context of these alarms. Threshold and Min. Transaction Count Note: Increasing the Minimum Transaction Count and/or Threshold decreases sensitivity (makes it less likely that an alarm will be generated) while decreasing the Minimum Transaction Count and/or Threshold increases sensitivity (makes it more likely that an alarm will be generated). 803
nGeniusONE 5.4.1 Online Help Topics Threshold (%) — Enter the percentage of errors (0100.00%) that must be reached before an alarm is generated. Values are supported to two decimal places (for example, 10.55). Errors are counted only after the Minimum Transaction Count is reached. Min. Transaction Count — Enter the total (successful or error) number of transactions that must be reached before the device begins checking for errors. When the percentage of errors equals or exceeds the configured threshold value, an alarm is generated. b.Select the checkbox to enable critical and/or warning alarms for the selected error codes. c. For each severity you want to configure, click Add error codes and select the preferred error codes. You can select a maximum of 40 codes individually for each severity (Warning or Critical) per application. d.Click OK. 8. Select a maximum of 40 for each severity (Warning or Critical) per application. If the code you want to monitor is not listed, click Add user defined error codes. Tips: • You can enable/disable multiple codes at one time: Shift-click or Ctrl-click to multi-select codes, then right-click and select Enable or Disable as appropriate. • A range of codes counts as one entry. For example, entering codes 200, 201, and 203-235 counts as 3 rather than 35 entries. The total of individual codes and ranges of codes cannot exceed 40. Click Add user defined error codes to create a custom entry to enter the appropriate range. 9. Click OK. 10. If you want to configure ASI-based KPI error code alarms in nGeniusONE, you also need to include KPI error codes as triggers in service alert profiles in the Service Configuration Editor. These service-based alerts are reported in the nGeniusONE Service Dashboard and the Alert Browser. View, Select, and Add Error Codes (nGeniusONE) The Select Error Codes dialog box displays out-of-the-box error codes supported for a selected application. You can also add user-defined error codes, as shown in the illustration and accompanying text below. Also refer to Classifying Error Codes for information about reclassifying or overriding error code labels. The Select Error Codes screen provides the following: • Codes — A list of the numerical codes supported for this application. • Description — A brief description for each numerical code. Note that for some applications the description associated with an error code can vary depending on the application RFC version. Consequently the description shown in the dialog box may differ from that which displays in other areas of nGeniusONE.
804
CONFIGURING AND MANAGING nGeniusONE • Format — Protocols generate error codes in various formats for display in the monitors, but to render them more standard, nGeniusONE supplies the default format for these applications: o
Microsoft protocols (SMB, NETBIOS, etc.) — HEX format
o
Trading (FIX, OUCH, STAMP) — HEX format
o Card Processing (AMEX, VISA, DISCOVER, UnionPAY, MasterCard) — HEX format o
All other applications display the decimal format
• Monitoring — You can monitor a maximum of 40 Warning and 40 Critical codes.
Viewing and Handling SIP BYE and SIP CANCEL Error Messages SIP BYE and SIP CANCEL error codes represent a class of messages that NetScout handles in a manner different from other error messages. While SIP BYE/CANCEL messages are fixed and pre-defined like others, they are qualified as "triplets" composed of a protocol, reason code, and descriptive text string that make them unique and require different handling. Configuration to handle these error messages is performed on the InfiniStream appliance and the nGeniusONE server, as follows: • On the InfiniStream, create a .CSV file (sip_reason_codes.cfg) to map triplets to unique NetScout-provided error codes and execute the set sip_db 0 load_reason_code command. For full instructions, click here.
805
nGeniusONE 5.4.1 Online Help Topics • On the nGeniusONE server, add and/or re-classify one or more SIP error messages as desired (described below). • SIP is displayed in the Application column of the Voice Statistics and other monitors.
Call Server, Advanced
• Reason codes are displayed in Call Server and other SIP-based modules' Information and Error Code Distribution bar charts, as shown below.
Configuring User-Defined Error Codes Add User-Defined Error Codes 1. On the nGeniusONE Console, select Global Settings. 2. Click the Applications tab, and select the View menu of interest, such as Enterprise. 3. Locate the application of interest, right-click, and select Error Classification. 4. Click
Add error codes.
5. Enter the code or range of codes you want to add. • A range of codes counts as one entry. For example, a range of 200-205 counts as one entry rather than six. • You can monitor each code only once. For example, you cannot enable a code and also include it in a range, and you cannot monitor one code for both Critical and Warning severities. 6. Enter a Description describing the codes you entered (150 character maximum). 7. Click Apply. 8. Repeat as required. 9. Click OK and OK again. Delete User-Defined Error Codes
806
CONFIGURING AND MANAGING nGeniusONE You can delete user-defined codes only. You cannot delete a predefined error code. To delete a user-defined Error Code: 1. Select the codes you plan to delete. 2. Click
Delete error codes.
3. Click OK. KPI Error Codes (nGeniusONE) Use the KPI Error Codes tab of the Edit KPI dialog box (Global Settings > Applications > Select monitoring options > KPI Alarm) to define the criteria for Critical and Warning error codes for supported applications. Note: • The KPI Error Codes tab is disabled for unsupported applications. • Critical/Warning values set in this tab do not apply to UC-KPI thresholds. When you select Critical or Warning you are defining what Critical/Warning means in the context of these alarms. Additionally, you can classify predefined error codes or add new ones as Successful, Information, or Failure to filter events of varying importance for logging, display or alarm generation. This function is configured in the Error Classification tab of monitoring options.
Select
Refer to the following table for instructions to define KPI error codes. Parameter/Icon
Description
Critical/Warning Threshold
Enter the percentage of errors (0-100.00%) that must be reached before an alarm is generated. Values are supported to two decimal places (for example, 10.55). Errors are counted only after the Minimum Transaction Count is reached. The default threshold for new installations is 10. Thresholds are preserved for upgrades.
Critical/Warning Minimum transaction count
Enter the total (successful or error) number of responses that must be reached before the device begins checking for errors. When the percentage of errors equals or exceeds the configured threshold value, an alarm is generated. The default Minimum transaction count for new installations is 10,000. Thresholds are preserved for upgrades.
Codes/Description
Enable Critical/Warning
Select the codes you want to monitor for this application; the Name column provides a description of each code. Click the checkbox to enable configured error
807
nGeniusONE 5.4.1 Online Help Topics Code
codes and error code alarms.
Add error codes
Click to add one or more critical or warning error codes.
Delete error codes
Click to delete one or more critical or warning error codes.
Select Error Codes Dialog Box Add user-defined error codes Modify the selected userdefined error codes Delete the selected userdefined error codes Show filter
Add an error code if the one you want to monitor does not display. Define custom codes. Edit a user-defined error code.
Delete a user-defined error code.
Show, hide, and reset the filter fields, where you can enter text to search for matching entries.
Hide filter Reset filter Classifying (Overriding) Error Codes Use this feature to classify only those error codes that you want to label as either Success, Information, or Failure (all error codes are classified as Failure by default) for display in nGeniusONE monitors. The nGeniusONE Server reports hundreds of Key Error Indicators compiled from various tables for applications (or Messages) and if they are not filtered — overridden — these counters can quickly reach into the thousands, consuming valuable cycles and filling monitor displays with meaningless data. Error code classification can improve performance and eliminate "noise" by focusing on meaningful service failures rather than protocol messages that merely reflect successful or informational status updates during a transaction flow. This feature lets you edit default existing error codes or add new ones that you want to classify on a per-application basis. For example, if you do not want to poll HTTP 404 Not Found errors because they are not critical failures, they can be marked as Success so that they are not counted in the tables, and subsequently not appear in the App Errors column in relevant Service Monitors. In this way, errors caused by problems that you want to ignore, such as lapsed bookmarks saved in a user profile or poorly composed HTML pages, will not be reported or counted, let alone displayed. Classification works this way: • Error codes marked as Success are not logged in tables • Error codes marked as Information are logged in tables but not handled as a failure • Error codes marked as Failure are logged in tables and processed as a failure
808
CONFIGURING AND MANAGING nGeniusONE Note: The Error Code Classification option is available only if the selected application supports error classification. For example, DNS supports error code classification while ICMP does not and these options are available or grayed out as the case may be. Also, for LDAP1, LDAP2, FIX,and MGCP applications, classification is allowed only at the parent level and all messages inherit the same behavior. One option you can employ is to create a range of error codes — for example, 500-535 — as a convenient way to collectively classify those error codes you want to ignore and thus filter out. You can tag them as "Information" and describe them as "Not Monitored," for example. KPI Alarms/Error Code Classification Interplay Be aware that error codes enabled with the KPI Alarm option will still trigger alarms unless you override them in Error Classification. Error (KEI) Classification and KPI alarm functions are independent of each other although classified error codes will also display in the KPI Error Codes dialog box. Error code classification treats all response codes within a range as errors (Failure). For example, if you configure the error code range 129-233 as MMS error codes, then the override function will generate alarms for all possible error codes in that range including the 200 OK response which is not an error. So, to exclude certain codes, choose and set them as Information or Success. Otherwise, you can selectively set the response codes as errors, rather than setting a range. Classifying Error Codes To classify error codes: 1. On the nGeniusONE console, click the
Global Settings icon.
2. Click the Applications tab. 3. From the View drop-down menu, select Enterprise, Service Provider, Service Enablers, Financial Trading, or Multimedia. If you prefer to see all protocols instead of Active Only ones, deselect the checkbox. 4. Select an application, click Select monitoring options (or right-click), and select Error Classification from the menu. 5. In the Configure Error Classification dialog box, click
Add error codes.
6. Perform one of the following actions: To edit one or multiple existing error codes: a. Select one or more error codes from the display list and click OK. b.If you only want to classify error codes, select the code(s), choose a Classification type from the drop-down list for the error code(s), and click OK twice. You cannot change the code number of an existing error code. c. If you also want to also edit the Description for the error codes, select the code(s), click Modify error codes, enter a new Description, select a Classification type from the drop-down list, and click OK twice. To add one or more new error codes:
809
nGeniusONE 5.4.1 Online Help Topics
a. Click Add error codes again and in the Add User Defined Error codes dialog box, add a Code number for one or a range of error codes. You are not permitted to change the number of an existing error code nor a range of error codes that overlap. b.Add a Description for the entry. c. Select the error code, choose a Classification type from the dropdown list, click Apply, OK, and Apply again. 7. (Optional) Click
810
Delete an error code.
CONFIGURING AND MANAGING nGeniusONE
Monitoring VoIP Quality KPIs Monitoring Voice and Video Quality in nGeniusONE To help organizations ensure quality of service, you can monitor and alarm on Voice and Video Quality by tracking MOS, Jitter and Packet Loss Key Performance Indicators (KPIs) based on unidirectional RTP flows. Supported Devices Voice and Video Quality monitoring and alarming for RTP-Voice and Video Quality MOS or Jitter is supported for nGeniusONE and the nGenius InfiniStream appliance as listed in the table below. Device
RTP (Jitter, MOS, Packet Loss)
RTCP Reports (Jitter, Packet Loss)
IPSLA test reports*
InfiniStream
yes
yes
no
*Voice and Video Quality setting is ignored; it uses IPSLA command line setting only. RTCP-Jitter and Packet Loss are supported for all nGenius devices. Configuration Details For complete configuration instructions, including appropriate options in the monitoring device and Performance Manager configuration, refer to the Voice and Video Quality Overview topic.
Modifying Voice and Video Quality Boundaries in nGeniusONE nGeniusONE provides default boundary parameters for monitoring voice and video quality for both ASI flows (appliances configured with asi_mode=ASI or asi_mode=hybrid) as well as CDM flows (asi_mode=CDM or asi_mode=hybrid). Separate dialog boxes and corresponding procedures are provided for configuring support for either case. To monitor Voice and Video Quality, you must: • Configure the appropriate nGenius InfiniStream appliance options. • Enable RTP, Audio, and Video for Response Time and ASRs. Enable signaling protocols if integrated with nGenius Voice | Video Manager. • Optionally adjust default quality boundaries using procedures described below. • Optionally configure alarms based on these boundaries. For CDM flows, configure these using the KPI Alarms dialog box. For ASI flows, configure these using servicebased Alarm Profiles. Note: For an end-to-end procedure including configuration of appliances, nGenius Voice | Video Manager integration, and enabling specific protocols in Global Settings, refer to the Voice and Video Quality Overview.
811
nGeniusONE 5.4.1 Online Help Topics
Configuration To adjust default boundaries for Voice and Video Quality: 1. On the nGeniusONE console, click
Global Settings.
2. Customize settings as appropriate for InfiniStream appliances configured with asi_mode=ASI, hybrid, or CDM: For asi_mode=ASI or hybrid, follow these steps: a. Select the Voice/Video tab. b.In the Thresholds tab, set Jitter Mode by selecting either Average (average of values over the entire call) or Maximum. c. Click Audio Thresholds and/or Video Thresholds tabs and click the arrows up or down, or enter values directly to adjust settings other than the defaults displayed for satisfaction levels, milliseconds, percentages, and decibels in Acceptable/Warning and Warning/Critical fields for those conditions. • IP MOS (Mean Opinion Score of voice/video quality) • IP MOS Degradation (Mean Opinion Score of voice/video quality loss) • Compression Degradation (voice/video quality loss due to packet compression) • Round Trip Delay in milliseconds • Jitter in milliseconds (voice/video packet transit delay) • Packet Loss % • Low Voice Level in decibels (dBov) • High Voice Level in decibels (dBov) • Echo Loss in decibels (effectively the level of echo heard) • SNR (Signal-to-noise) ratio of voice signal power to noise power in decibels ASI Settings Condition
Defaults Audio Thresholds Acceptable/Warning
Warning/Critical
IP MOS
3.5
> 2.5
IP MOS Degradation
0.5
<1
Compression Degradation
0.5
<1
Round Trip Delay
300 ms
< 500 ms
Jitter
200 ms
< 500 ms
2%
<5%
Packet Loss
812
CONFIGURING AND MANAGING nGeniusONE
Low Voice Level
-35 dBov
< -40 dBov
High Voice Level
-10 dBov
< -5 dBov
Echo Loss
40 dB
< 30 dB
SNR
25 dB
< 15 dB Video Thresholds
Acceptable/Warning
Warning/Critical
IP MOS
3.5
> 2.5
IP MOS Degradation
0.5
<1
Compression Degradation
0.5
<1
Round Trip Delay
300 ms
< 500 ms
Jitter
200 ms
< 500 ms
2%
<5%
Packet Loss
d.
Click OK and Apply to save values to the database.
e. To support appliances configured with asi_mode=hybrid, you can now proceed to customizing settings to support CDM flows. f. Optionally, enable alarms based on ASI Voice and Video Quality thresholds. These alarms are configured using alert profiles in the Service Configuration tool. You do not use the KPI Alarm dialog. For asi_mode=CDM or hybrid, follow these steps: a. Click the Applications tab. b. From the View drop-down menu, select Multimedia. c. Click RTP from the Applications list. d. Right-click to display a contextual menu, and select Voice and Video Quality. e. Select one metric on which to report (MOS or Jitter). Be aware that: •
Boundaries define the upper end of the range. For example, for the MOS range >3.7 to <4.1 (Satisfied), the boundary is 4.1.
•
For MOS, any value greater than 4.1 automatically exceeds the minimum satisfaction level so you do not need to customize bucket 1.
•
For Jitter, any value exceeding the Availability limit automatically is classified as a Timeout so you do not need to customize bucket 6. MOS for CDM flows — To modify boundaries for MOS, enter appropriate boundary values for the selected parameter.
Bucket
Label
Default Range
Default Boundary
1
Very Satisfied
>4.1
N/A
813
nGeniusONE 5.4.1 Online Help Topics
J i t t e r
2
Satisfied
>3.7 to <4.1
4.1
3
Some users satisfied
>3.4 to <3.7
3.7
4
Many users dissatisfied
>2.9 to <3.4
3.4
5
Nearly all users dissatisfied
>2.4 to <2.9
2.9
f 6 Not recommended 1.0 to <2.4 2.4 o r Note: C • When you configure values for MOS, values for Jitter are based on device D defaults and are not configurable. M • KPI alarms are generated based on the contents of bucket 5 and bucket 6. The "Nearly all users dissatisfied" parameter correlates to the "Slow f Responses" and the "Not recommended" parameter correlates to the l "Timeouts" field in the KPI Alarms dialog box. o ws — To modify boundaries for Jitter, enter appropriate boundary values. Bucket
Label
Default Range (ms)
Default Boundary (ms)
1
Fast
0 to <10
10
2
Expected
>25 to <50
50
3
Degraded
>50 to <100
100
4
Service Level
>100 to <250
250
5
Availability (High Jitter)
>250 to <500
500
6
Timeout (Max Jitter)
>500
N/A
Note: When you select Jitter, MOS is not calculated. The boundaries you set for Service Level and Availability (and which control the contents of buckets 5 and 6) define the thresholds for KPI Responsiveness metrics and KPI Responsiveness alarms. Click OK and Apply to save your settings to the database. Configuration for Voice and Video Quality on CDM flows is complete. Optionally, enable alarms based on CDM-based Voice and Video Quality thresholds using the KPI Alarms dialog box.
Modifying Response Time Boundaries in nGeniusONE You can modify the default response time boundary settings for any application that supports response time monitoring. If the Response Time column in Applications displays a
814
CONFIGURING AND MANAGING nGeniusONE check box, the application is supported (if checked, Response Time is enabled by default) You can view response times for locations, clients, servers, applications (or combinations of these) using various response time views in the service monitors. To modify response time boundaries: 1. From the nGeniusONE console, select
Global Settings.
2. Select the Applications tab and from the View drop-down menu, an application set of interest, such as Enterprise or Service Provider. 3. Navigate to and choose a supported application. (If the Edit Responsiveness button is inactive, one or more selected protocols are not supported.) Shift-click, Ctrl-click, or click and drag to make multiple selections. 4. Configure response time boundaries by entering the appropriate boundary value. 5. Click OK. 6. Click Apply to save your changes.
Voice and Video Quality Overview Voice and Video quality metrics (e.g., MOS, Jitter, Packet Loss) are calculated from RTP (media-based) traffic. Use the instructions in this section to configure your InfiniStream appliance for Voice and Video Quality Analysis and optionally associate it with an nGenius Voice | Video Manager server, and to perform required configurations on the nGeniusONE Server. Important: If monitoring Jitter on an nGenius Collector, click here for more information. Step 1: Configure the Appliance To configure your InfiniStream appliance to monitor RTP traffic and calculate corresponding voice and video quality metrics and generate signaling records, perform the following steps: Note: If you are opting to collect RTCP-based metrics in addition to RTP/Audio/Video, ensure that the RTCP traffic is collected on the same interface as the RTP traffic. Also ensure your RTCP traffic occurs on a port number above that used by your RTP traffic. 1. Connect to the InfiniStream appliance through a command shell (Remote login from the nGeniusONE Server is not suitable for all configuration steps as you may need to access the system command line, not just the agent utility). 2. Access Agent Utility (/opt/NetScout/rtm/bin/localconsole). 3. From the main menu, ensure the Config Server Address is set to the address of the nGeniusONE Server from which the appliance will receive Global Settings updates. 4. From the main menu, access the Protocol Options menu. 5. Set the value of the Voice and Video Quality menu option to on. 6. Enter 99 to return to the main menu. 7. Enable Voice and Video Quality monitoring and collection of ASRs:
815
nGeniusONE 5.4.1 Online Help Topics a. From the main menu, enter the option to Select Interface. b. Enter the number for the interface on which you will be monitoring the voice/video traffic. c. In the sub-menu for that interface, ensure that Toggle enable xDR is on. d. Still within that sub-menu, enter the option number for Change interface type. e. From the interface type sub-menu, ensure the type selected is one carrying voice and video packets. f. Enter 99 to return to the menu for selecting individual interfaces. g. Repeat this sequence for each interface on which you’d like to monitor for Voice and Video Quality. 8. Configure additional options via the agent utility command line: a. From the utility main menu, access the command line (option 11). b. Ensure ASI collection is active (required for data to display in the RTP Monitor): get asi_mode - use this to retrieve the current setting set asi_mode ASI or set asi_mode hybrid - use one of these options to enable it c. If the nGeniusONE Server is configured with a UC Server license, also enable the following: set asi uc_conv on (repeat this for every interface monitoring voice and video quality) set vq supplement_asr_data on d. Set optional tuning parameters using: set set set set set
vq vq vq vq vq
flow_table_size flow_timeout max_flows 0 polling_interval payload
Note: Payload is applicable only when the appliance has 8 CPU cores or more, and is associated with an nGeniusONE Server enabled with a UC Server license or the appliance is associated with an nGenius Voice | Video Manager Server. For deployments with a UC Server license, if you would like to process payloads, you must also ensure the Default setting in the Global Settings> Voice / Video > Processing Profiles tab is set to a value other than "No Payload." Note that payload processing is a computationally intensive activity, adjust payload processing priorities accordingly. 9. Exit the Agent Utility 10. To integrate the appliance with an nGenius Voice | Video Manager Server (analyzed Voice and Video Quality metrics and signaling ASRs), also do the following: a. Navigate to the following directory: /opt/NetScout/rtm/config
816
CONFIGURING AND MANAGING nGeniusONE b. Edit the following file in an editor of choice (e.g., vi): nvvm_global.conf c. Locate the following line and change the IP address to that of the nGenius Voice | Video Manager server that will be receiving voice and video quality metrics from this appliance: database.host = 127.0.0.1 d. Locate the following line and change the value from "offline" to "online": database.type = offline e. Save and exit the file. f. If your InfiniStream appliance is configured for multi-nsprobe, you must also create a set of voice and video analysis configuration files for use by the second multi-nsprobe instance: cp nvvm_global.conf nvvm_global1.conf cp nvvm_probe.conf nvvm_probe1.conf 11. Restart the agent: /opt/NetScout/rtm/bin/stopall /opt/NetScout/rtm/bin/start Step 2: Configure the nGeniusONE Server A critical part of this configuration is enabling RTP and configuring associated options from the nGeniusONE Server. Follow the steps as indicated here. 1. Access the Global Settings Business Types tab from the nGeniusONE Server you associated with the appliance in the previous section. The Voice and Video quality protocols are enabled when the Enterprise business type is enabled. If some voice protocols do not appear to be available in Global Settings, try enabling the Service Provider business type. 2. Access the Global Settings Applications tab. 3. From the Multimedia list, enable Response Time for the following: RTP Audio Video (optional) MSB MPEG2-TS Note that the RTP protocol in Global Settings is used only to specify parameters for generating audio and video metrics from the associated media. Setting options for RTP does not cause RTP itself to appear as an application in monitoring UIs; Audio and Video are displayed instead. 4. (Optional) To include RTCP-based metrics as part of the analysis workflow, ensure RTCP is enabled in the Multimedia list. 5. Ensure the ASR check box is enabled for the following: RTP (required)
817
nGeniusONE 5.4.1 Online Help Topics MSB (optional) MPEG2-TS (optional) 6. If your environment includes the separately licensed UC Server features or an nGenius Voice | Video Manager Server, also enable ASRS for signaling and control protocols applicable for your environment. Note that at least one signaling protocol is required for UC Server features to function: SIP Q931 / H.323 SCCP SIP_SCTP SIP_TCP 7. (Optional) Tune the settings for the Voice and Video Quality tables. There are two methods to configure settings, based on the type of data being collected. CDM settings configure thresholds for a different set of tables than the ASI settings. • CDM Settings are applicable for appliances configured with asi_mode=CDM or hybrid (both CDM and ASI), and for appliances prior to 5.2. • ASI Settings are applicable for appliances configured with asi_mode=ASI or hybrid, or for v5.1-5.1.1 appliances configured with asi_2x_mode=on. These settings are not applicable to appliances running earlier versions of the InfiniStream software. To Configure CDM Settings: The CDM settings allow you to specify whether to track MOS or Jitter and to tune the associated thresholds. These are used for distribution parameters in relevant views of Performance Manager and for triggering power alarms from InfiniStream appliances enabled for Voice and Video Quality. Alarms are displayed in Service Delivery Manager. These settings are not used in the nGeniusONE Service Monitors. To support tuning for appliances configured with asi_mode=CDM or asi_mode=hybrid (both CDM and ASI): a. Access the Global Settings > Applications > Multimedia list. b. Select the RTP row and right click to display a contextual menu; select the Voice and Video Quality option. The dialog that opens provides you the option of configuring CDM-based RTP Settings.
818
CONFIGURING AND MANAGING nGeniusONE
c. Click the radio button corresponding to the metric type you want to use for your voice and video quality distributions, either MOS or Jitter, and adjust the bucket parameters, if desired. • If you select MOS, then MOS buckets will be downloaded to the appliance. Jitter average and maximum will still be generated, but will not be bucketized or alarmed on. If your appliances are configured to support both CDM and ASI metrics, and you'd like the MOS buckets to be consistent, consider setting the thresholds as follows: CDM MOS Boundaries
ASI Equivalent
Very satisfied Satisfied Some users satisfied
These values should be less than the ASI setting for the Acceptable / Warning boundary This value should match the ASI setting for the Acceptable / Warning boundary This value should match the ASI setting for the Warning / Critical boundary
Many users dissatisfied Nearly all users dissatisfied Not recommended
These values should be greater than the ASI setting for the Warning / Critical boundary
• If you select Jitter, only bucketized Jitter will be produced, not MOS buckets. MOS and Packet Loss will still be generated and available in the Voice and Video Quality ASRs, along with Jitter, but not bucketized or alarmed on. Also, MOS will not be available in the QoE Views in Performance Manager. If your appliances are configured to support both CDM and ASI metrics, and you'd like the Jitter buckets to be consistent, consider setting the thresholds as follows:
819
nGeniusONE 5.4.1 Online Help Topics
CDM Jitter Boundaries
Fast Expected Degraded Service Level Availability Timeout
ASI Equivalent
These values should be less than the ASI setting for the Acceptable / Warning boundary This value should match the ASI setting for the Acceptable / Warning boundary This value should match the ASI setting for the Warning / Critical boundary These values should be greater than the ASI setting for the Warning / Critical boundary
d. Ensure the bucket type you want is currently displayed in the dialog, then click OK to save your modified parameters. Note that only one of the bucket options (MOS or Jitter) is used. e. If you would like to generate alarms based on CDM Voice and Video Quality metrics, configure the number of times a threshold must be exceeded before an alarm is generated. (This configuration is not applicable for ASI metrics.) • With the RTP row still selected, display the contextual menu again and select the KPI Alarm menu option. • Adjust the bucket values, as desired. Note that Slow responses is the only field in this dialog that is directly mapped to a Voice and Video Quality threshold. Specifically, any time the threshold specified in the last (fifth) MOS / Jitter bucket is reached, the counter for KPI Slow responses is incremented. To trigger an alarm on this, specify the number of times the threshold must be reached before you want an alarm to occur. The KPI Count for Timeouts is automatically incremented any time the threshold for bucket 5 is exceeded. Note: Remember that only MOS or Jitter is monitored, not both, depending on your selection of one or the other in the previous steps. KPI Count of Threshold Event
CDM JitterThreshold Setting
Slow responses Timeouts
Monitors Jitter bucket 5: "Not recommended" Incremented for any event exceeding bucket 5
Packet loss
Packet loss is collected independently of Voice and Video quality settings.
User Events Server events
Not applicable to RTP analysis, which uses client-client connections
f. Click OK to save your KPI edits. g. Click Apply to push the modifications to associated appliances. To Configure ASI Settings: The ASI settings allow you to configure general options as well as fine tune thresholds for metrics displayed in RTP-based Monitors and for triggering associated server-based alarms. If the nGeniusONE Server is licensed for UC Server features, additional tabs are displayed to support tuning Endpoint Profiles and Processing Profiles. To support tuning for appliances configured with asi_mode=ASI or asi_mode=hybrid (both CDM and ASI): a. Access the Global Settings > Voice/Video tab.
820
CONFIGURING AND MANAGING nGeniusONE b. Select the sub-tab for Thresholds. This provides you the option tuning thresholds for Audio and Video. Note that the image below shows the expanded list of settings available when a UC Server license is enabled, including those for Short Call, Long Call, and Gaps (Start, Middle, End). The default settings (without the license) are Jitter mode and three sets of audio and video thresholds: IP MOS, Jitter and Packet Loss.
c. If desired, adjust the default for the following option, applicable to both voice and video: Jitter Mode
Average (default): Jitter value is based on the average of jitter results over the entire call. Maximum: Jitter value reported is the largest of all detected over the duration of the call.
Short Call
Duration in milliseconds for which a call will be considered short. The range is 0 to less than 60,000 (1 minute). The default is 2000 ms (2 seconds). This setting is applicable when UC Server license is installed.
Long Call
Duration in milliseconds after which a call is counted as long. Range is 60,000 to 21,600,000 (6 hours). The default duration is 3,600,000 (1 hour). This setting is applicable when a UC Server license is installed.
Gap Thresholds (Start, Middle, End)
Set to 0 by default, which disables gap detection. Set the thresholds to larger values to report whether gap issues occur in the beginning, middle or end of a call. Values over 0 (in milliseconds), up to 1 hour (3,600,000) indicate the minimum value over which that gap type is reported. This setting is applicable when a UC Server license is installed.
d. Review the following and adjust the default thresholds for the boundaries. Pay careful attention to the dialog indicators which reflect whether the thresholds should be increasing (">") or decreasing ("<").
821
nGeniusONE 5.4.1 Online Help Topics
Setting
IP MOS <
Jitter >
Packet Loss >
Description
Mean opinion score. Representation of perceived quality, reflecting impact of network impairments (e.g. packet loss and jitter) Variation (in ms) in transmission times from packet to packet as affected by network congestion, configuration, et cetera. If packets arrive too early or too late then they may be discarded by the jitter buffer and considered to be lost by the codec. The percentage of lost packets, packet loss occurs when packets fail to reach their destination. Packet loss can be caused by oversaturated networks, faulty hardware and packet prioritization techniques.
Audio Defaults
Video Defaults
Warning
Critical
Warning
Critical
3.5
2.5
3.5
2.5
200
500
200
500
2
5
2
5
The following metrics are applicable when a UC Server license is installed on the nGeniusONE server.
822
IP MOS Degradation > The MOS score as a delta from the optimum MOS score taking into account network impairments (e.g., packet loss and jitter).
0.5
1
0.5
1
Compression Degradation in Degradation > quality due to audio or video compression
0.5
1
0.5
1
CONFIGURING AND MANAGING nGeniusONE (e.g., frame rate or bit rate) Round Trip Delay >
Round-trip delay (in ms) of the IP leg. This is excerpted from RTCP packets, which are automatically collected when the appliance is enabled for Voice and Video Quality. It is not necessary to modify RTCP flags in Global Settings to collect this information.
300
500
300
Low Voice Level <
The minimum acceptable active-speechlevel of voice streams, low voice levels result in reduction in perceived quality as the signal is hard to hear. The maximum acceptable active-speechlevel of voice streams, high voice levels result in a reduction in perceived quality. Very high levels also result in amplitude clipping of the signal, resulting in harmonic distortion and other undesirable effects. Echo return loss of the upstream device. This is a measurement of how loud the echo is compared with the original signal. A smaller value indicates a louder echo. The echo loss value reported is
-35
-40
n/a
-10
-5
n/a
40
30
n/a
High Voice Level >
Echo Loss <
500
823
nGeniusONE 5.4.1 Online Help Topics
SNR <
Out of Sequence rate >
derived from the echo that would have been heard at the destination. The average signal-to-noise ratio of audio streams; a low signal-to-noise ratio indicates a reduction in perceived quality as the signal is hard to distinguish from the background noise The volume of streams where out of sequence packets were detected, indicates route flapping, load sharing or diverse core routing or cases in which an endpoints sends RTP streams with incorrect sequence numbers.
25
15
n/a
2
5
2
e. Click OK to save your modified thresholds. f. In addition to Thresholds and Endpoint Profiles, a Processing Profiles tab is available when the UC Server license is installed. However, modifications to either type of profile are rarely required. If you enable payload processing for deployments with a UC Server license, you must also ensure the Default setting in the Global Settings> Voice / Video > Processing Profiles tab is set to a value other than "No Payload." g. If you are reporting on RTCP-based metrics as part of the analysis workflow, ensure that the Endpoint Profiles settings for Report RTCP Metrics is enabled (on by default). h. Click Apply to push the modifications to associated appliances. i. For the UC Server Call Search tool, create Service Definitions with the following: • Required: RTP and one or both of Audio, Video; Optional: MSB, MPEG2-TS • Signaling (at least one required): SIP, SIP_TCP, SCCP, Q931/H323; note that SIP_SCTP and H.245 can be included in a service definition, but these protocols are not used in Call Search. They are passed through when drilling down to Call Server Monitor. For SIP analysis, select both SIP and SIP_TCP.
824
5
CONFIGURING AND MANAGING nGeniusONE Signaling is not required for use of Media Monitor but is for other UC views and end-to-end workflows. • If you would like to generate alarms based on ASI Voice and Video Quality metrics, you can do so using alert profiles from the Service Configuration tool. You do not use the KPI Alarm dialog. Instead, you enable alerts on existing services or when you create a new service. These alerts are automatically computed as a percentage based on the thresholds you set for the Warning and Critical boundaries above. In the alert profiles, specify the percentage that must occur for the combined instances that the Warning and Critical thresholds are exceeded. Step 3: Configure the nGenius Voice | Video Manager and Data Collector Services If you integrated the InfiniStream appliance with nGenius Voice | Video Manager, it will automatically be detected by that server. If you also configured the appliance for signaling ASRs, additional steps are required to register the InfiniStream appliance with the nGenius Voice | Video Data Collector service. For configuration of nGenius Voice | Video Manager components and guidance performing analysis with that UI, refer to the nGenius Voice | Video Manager Administrator Guide and online help.
825
nGeniusONE 5.4.1 Online Help Topics
Using IP SLA to Monitor Response Time IP SLA Overview IP SLA is the Cisco implementation of active agent technology, which evaluates network and server performance devices by sending data across the network to measure performance between network locations and across network paths. It uses timestamp information to calculate performance metrics, such as jitter, network and server response times, packet loss, and Mean Opinion Score. Response time metrics are measured and reported for a variety of IP SLA Test Types. There are several steps you must take to get started monitoring IP SLA. For more information on configuring your environment to support IP SLA testing, see the nGenius Collector Administrator Guide. Note: You must also meet configuration requirements to obtain and view IP SLA test data.
IP SLA Requirements for nGeniusONE You must meet the following configuration to monitor IP SLA test data: • nGeniusONE • An nGenius Collector with: o IP SLA discovery enabled (disabled by default). For details on configuring the nGenius Collector, refer to the appropriate documentation. o The proper interface number for the nGenius Collector. Refer to the appropriate nGenius Collector administrator guide. • One or more of the IP SLA Operations configured on your SAA device. Refer to your Cisco documentation for details.
Getting Started With IP SLA The nGeniusONE software allows you to monitor and log network application response time based on discovered IP SLA tests. 1. Meet probe and software requirements. 2. Add the nGenius Collector (3300 Series) to the nGeniusONE Server. 3. Activate IP SLA Test Types. 4. Configure the SAA Device IP Address and Read Community string. 5. (Optional) Import multiple SAA Device Configurations. 6. Adding an IP SLA entry.
Activating IP SLA Test Types By default all IP SLA test types and ports are active. Tests that have been deactivated are grayed out in the list. Use the procedure in this topic to activate a previously deactivated test: 1. Click Global Settings
826
.
CONFIGURING AND MANAGING nGeniusONE 2. Select the Applications tab, Enterprise list. 3. Locate and expand the Active Agent node to view the list of IP SLA test types and ports. 4. Select All from the view drop-down list to ensure that all tests display. 5. To activate a test type, from the click Activate.
Select monitoring options drop-down menu,
6. Click Apply.
IP SLA Test Types The interface that is used to poll any specific SAA device is interface 11. By default, the SAA devices are searched every hour for new tests. This discovery interval may be modified to be any number of seconds from one minute to one hour. Discovery may also be done upon demand. Refer to the agent administrator guide for details. The number of SAA devices and IP SLA tests supported depends on whether or not the device is collecting NetFlow or sFlow data. The following table shows the number of tests and devices supported: Supported Devices
Supported Tests
On
500
500
Off
500
500
NetFlow or sFlow
The firmware supports the ability to discover and poll IP SLA tests configured on a Cisco SAA-enabled device running IOS version 12.4 or higher. The following table shows the test types that are supported and the metrics that are measured: Reported Metrics
CDM Port
IP SLA ICMP Echo
A round-trip measuring how long it takes the target device to respond to an ICMP echo. The responder can be any TCP host or any SAAenabled device.
51006
IP SLA DNS
Difference in time between when the client sends a DNS request and when it receives a reply. Supports forward and reverse lookups.
51003
IP SLA TCP Socket Connect
Difference in time between when the client sends the initial SYN and when the client sends the final ACK in the connect sequence. The responder can be any TCP host or SAA-enabled device.
51011
IP SLA UDP Jitter (Voice and Video)
Measures round-trip delay, average jitter, and MOS. Packet loss is also reported. The
51010
Test Type
827
nGeniusONE 5.4.1 Online Help Topics responder must be an SAA-enabled device. IP SLA DHCP
Measures the round-trip time taken to discover a DHCP (Dynamic Host Configuration Protocol) Server and obtain a lease from it.
51002
IP SLA Web Page Retrieval
Measures the amount of time it takes to retrieve the specified Web page. Only base page is retrieved. It also measures the TCP connect time. HTTP specific errors are not reported.
51012
Exporting SAA Device Configurations in nGeniusONE You can export multiple SAA device configurations to a CSV file, and later import the file when configuring IP SLA for another nGenius Collector. More on IP SLA. To export SAA device configurations: 1. Click
Device Configuration.
2. Select the Devices tab. 3. Double-click a supported device (nGenius Collector). 4. Select Interface 11 (if11) for InfiniStream versions 5.0 and higher, and interface 1 for lower versions. 5. From the
Select monitoring options drop-down menu, click IPSLA.
6. Add SAA devices if required. 7. Click Export. Note: if using Chrome, the browser automatically exports the file to your Download folder. 8. Browse to the destination for the export file. 9. Enter a filename and click Export. The file is exported as a .CSV file using the same syntax as a manually-created file.
Importing SAA Device Definitions You can import multiple SAA device definitions to save time when configuring an nGenius Collector for IP SLA. More on IP SLA. To import SAA device definitions: 1. Click
Device Configuration.
2. Select the Devices tab. 3. Double-click an nGenius Collector from the list of devices.
828
CONFIGURING AND MANAGING nGeniusONE 4. Select Interface 11 for InfiniStream versions 5.0 and higher, and interface 1 for lower versions. Select monitoring options drop-down menu, click IPSLA.
5. From the 6. Click
Import.
7. Browse to the configuration file you previously exported or manually created. 8. Click Open. Note: Duplicate entries are not imported. 9. Click OK.
Configuring an SAA Device for IP SLA Configure an SAA Device IP Address and Read Community string on the nGeniusONE server as follows: 1. From the nGeniusONE Console, launch
Device Configuration.
2. Select the Devices tab. 3. Double-click an nGenius Collector from the list of devices. 4. Select Interface 11 (if11) for collectors running versions 5.0 and higher, and interface 1 for lower versions. 5. From the
Select monitoring options drop-down menu, click IPSLA.
By default, the SAA devices are searched every hour for new tests. You can modify the discovery interval to be any number of seconds from one minute to one hour. You can also discover devices on demand. Refer to the agent administrator guide for details. 6. Select one of the following: • Add — To enter the Device IP Address (IPv4) and Read Community (the default is Public) of the routers from which you want the probe to collect test data. This option requires clicking Add again to open the IPSLA dialog box and enter the above values. • Import — To import a previously exported or manually configured .CSV file listing SAA devices. • Export — To export the listed SAA devices for use when configuring another nGenius Collector. Note: You may also Modify
or Delete
an existing SAA device.
7. Click OK and OK again to save your configuration. Note: Attempting to import a currently-listed SAA device generates an error message.
829
nGeniusONE 5.4.1 Online Help Topics
Creating a File to Import SAA Device Configurations in nGeniusONE You can save time when configuring several SAA devices for an nGenius Collector by creating and importing a CSV file. To create the file: 1. Create a new text file using a text editor. 2. Enter the required information using the following syntax (one entry per line): ,Read Community Example 10.20.36.60,public 10.62.1.1,public 1.2.3.4,public 3. Save the file as CSV and close it. 4. Import the file.
830
CONFIGURING AND MANAGING nGeniusONE
Using Messages Understanding Messages Configuring Messages Applications Tab Messages are pre-defined, auto-generated communications derived from protocols such as DHCP, DNS, ICMP, SIP and others. Examples of messages displayed include: ACK (DHCP), DNS-AAAA, Icmp-traceroute, and SIP-I. Clicking the Messages application option, located in the drop-down View menu of the Applications tab in Global Settings, displays only messages and their parent applications, from which messages inherit their context. IP Fragmentation: Reassembly of SIP Messages nGeniusONE supports reassembly of in-order IP fragments for the following: • IPv4 and IPv6 protocols • TCP and UDP transport • All fragments are tagged with a valid ASR ID as long as the Call ID is present in or before the fragment • ASRs are reported only when all SIP message bytes are received. The Start time on ASR will be that of the first fragment. Note: Out-of-sequence fragments are not supported. Modifying Messages You can customize message names to better suit your enterprise networking needs. Messages are: • Represented by an icon - in the Name column of the Messages view under expanded parent applications. • Displayed only when the Messages view option is selected. • Populated with data in the Name and Response Time (checkbox) columns of the Messages view only. • Configurable for Responsiveness boundaries, KPI Variables, and KPI Error Codes. They can also be Activated/Deactivated but not added nor deleted with the exception of Diameter messages. • All active (enabled) by default and will display if the parent application is active by default. To view messages for every parent application, click the All drop-down menu option. • Able to be expanded
or collapsed
for all nodes (parents) at once.
• Alphabetized for convenience Note: Messages are supported for ASI-enabled InfiniStream appliances.
831
nGeniusONE 5.4.1 Online Help Topics
Modifying Message Names Understanding Messages NetScout permits editing of message names to better suit your enterprise networking needs. For instance, you can change the Diameter messages Authentic and ReAuth to AAR and RAR, respectively, to agree with your prevailing corporate naming protocol. To modify message names: 1. From the nGeniusONE Console, click
Global Settings.
2. Click the Applications tab and, from the View drop-down menu, select Messages. 3. Choose the application and the message (its subordinate in the tree) you want to modify. You can use the Search function if necessary to quickly find the message. 4. Right-click the selected message and enter a new value in the Short name field. 5. Click OK and Apply to save your configuration. 6. Optional. If after changing a message name you decide to return to its default name, right-click on the message, select Reset Default Short Name and click Apply.
Interpreting Diameter Message Names Understanding Messages The nGeniusONE server displays default, out-of-the-box messages for many protocols in the Global Settings > Applications screen (with the Messages drop-down option selected in the View menu). Message names for the Diameter protocol, however, may differ for packets monitored over TCP versus SCTP and, in some cases, are abbreviated. Use the table below as a guide to understand the abbreviated message names, if needed. The Short Message Name column below corresponds to the Name designation in the nGeniusONE Messages screen while the Meaning column loosely corresponds to the Long name designation in nGeniusONE. These abbreviated message names are also displayed in the nGenius Performance Manager (UMC). Note: Applications/Messages appear with slightly different syntax in nGenius Performance Manager versus nGeniusONE modules. The values in the Short Message Name column below indicate the nGenius Performance Manager syntax which, for some messages includes a prefix and suffix that indicate the protocol and transport type. Example: Given like D-CapabilityExchg-S, the D- indicates Diameter and -S indicates SCTP). Such prefix/suffix annotations are not present in the messages displayed inGeniusONE.
Diameter Command Code (Parameter in GUI)
Short Message Name (see note above)
Meaning
Parent
257
D-CapabilityExchg-S
CER/A - Capabilities Exchange Procedures
DIA_SCTP
257
D-CapabilityExchg-T
CER/A - Capabilities Exchange Procedures
DIAMETER (TCP)
258
ReAuth
ReAuth
DIA_SCTP
832
CONFIGURING AND MANAGING nGeniusONE
258
D-ReAuth-T
RAR/RAA - Policy
DIAMETER (TCP)
265
D-Authentic-S
AAR/AAA - Authentication Procedures
DIA_SCTP
265
D-Authentic-T
AAR/AAA - Authentication Procedures
DIAMETER (TCP)
268
D-EAP-S
DER/DEA - EAP Procedures
DIA_SCTP
268
D-EAP-T
DER/DEA - EAP Procedures
DIAMETER (TCP)
271
D-Account-S
ACR/A - Accounting Procedures
DIA_SCTP
271
D-Account-T
ACR/A - Accounting Procedures
DIAMETER (TCP)
272
D-CreditCtrl-S
CCR/CCA - Policy
DIA_SCTP
272
D-CreditCtrl-T
CCR/CCA - Policy
DIAMETER (TCP)
274
D-AbortSession-S
ASR/A - Abort Session Procedures
DIA_SCTP
274
D-AbortSession-T
ASR/A - Abort Session Procedures
DIAMETER (TCP)
275
D-SessionTerm-S
STR/STA - Session-Termination Procedures
DIA_SCTP
275
D-SessionTerm-T
STR/STA - Session-Termination Procedures
DIAMETER (TCP)
280
D-Watchdog-S
DWR/A - Device Watchdog Procedures
DIA_SCTP
280
D-Watchdog-T
DWR/A - Device Watchdog Procedures
DIAMETER (TCP)
282
D-DisconnectPeer-S
DPR/A - Disconnect Peer Procedures
DIA_SCTP
282
D-DisconnectPeer-T
DPR/A - Disconnect Peer Procedures
DIAMETER (TCP)
285
LocInfo
Location Info Request/Answer – IETF
DIA_SCTP
285
LocInfo
Location Info Request/Answer – IETF
DIAMETER (TCP)
287
RegTern
Registration Termination Request / Answer - IETF
DIA_SCTP
287
RegTern
Registration Termination Request / Answer - IETF
DIAMETER (TCP)
288
PushProfile
PushProfile Request/Answer - IETF
DIA_SCTP
288
PushProfile
PushProfile Request/Answer - IETF
DIAMETER (TCP)
300
UserAuthorztnAck
User Authorization Request/Answer
DIA_SCTP
300
UA
User Authorization Request/Answer
DIAMETER (TCP)
301
D-SrvcAssign-S
SAR/SAA - Server Assignment
DIA_SCTP
833
nGeniusONE 5.4.1 Online Help Topics
301
D-SrvcAssign-T
SAR/SAA - Server Assignment
DIAMETER (TCP)
302
LocationInfoAck
Location Info Request/Answer (LIR/LRA) – 3GPP
DIA_SCTP
302
LI
Location Info Request/Answer (LIR/LRA) – 3GPP
DIAMETER (TCP)
303
D-MMAuth-S
MAR/MAA - Authenticaion Procedures
DIA_SCTP
303
D-MMAuth-T
MAR/MAA - Authentication Procedures
DIAMETER (TCP)
304
RegTermAck
Registration Termination Request/Answer (RTR/RTA) – 3GPP
DIA_SCTP
304
RT
Registration Termination Request/Answer (RTR/RTA) – 3GPP
DIAMETER (TCP)
305
PushProfileAck
Push Profile Request/Answer (PPR/PPA) – 3GPP
DIA_SCTP
305
PP
Push Profile Request/Answer (PPR/PPA) – 3GPP
DIAMETER (TCP)
306
UserData
User Data (UDR/UDA)
DIA_SCTP
306
D-UserData-T
User Data (UDR/UDA)
DIAMETER (TCP)
307
PrU
Profile Update Request/Answer (PUR/PUA)
DIA_SCTP
307
PrU
Profile Update Request/Answer (PUR/PUA)
DIAMETER (TCP)
308
SN
Subscriber Notification Request/Answer (SNR/SNA)
DIA_SCTP
308
SN
Subscriber Notification Request/Answer (SNR/SNA)
DIAMETER (TCP)
309
PN
Push Notification Request/Answer (PNR/PNA)
DIA_SCTP
309
PN
Push Notification Request/Answer (PNR/PNA)
DIAMETER (TCP)
310
Bootstrapping Info
Bootstrap Info Request/Answer
DIA_SCTP
310
BI
Bootstrap Info Request/Answer
DIAMETER (TCP)
311
Message Process
Message Process Request/Answer
DIA_SCTP
311
MP
Message Process Request/Answer
DIAMETER (TCP)
316
D-UpdateLoc-S
ULR/ULA - Location Mgmt Procedures
DIA_SCTP
316
D-UpatedLoc-T
ULR/ULA - Location Mgmt Procedures
DIAMETER (TCP)
834
CONFIGURING AND MANAGING nGeniusONE
317
D-CancelLoc-S
CLR/CLA - Location Mgmt Procedures
DIA_SCTP
317
D-CancelLoc-T
CLR/CLA - Location Mgmt Procedures
DIAMETER (TCP)
318
D-AuthInfo-S
AIR/AIA - Authentication Procedures
DIA_SCTP
318
D-AuthInfo-T
AIR/AIA - Authentication Procedures
DIAMETER (TCP)
319
D-InSubData-S
IDR/IDA - Subscriber Data Procedures
DIA_SCTP
319
D-InSubData-T
IDR/IDA - Subscriber Data Services
DIAMETER (TCP)
320
D-DelSubData-S
DSR/DSA - Subscriber Data Procedures
DIA_SCTP
320
D-DelSubData-T
DSR/DSA - Subscriber Data Procedures
DIAMETER (TCP)
321
D-PurgeUE-S
PUR/PUA - Location Mgmt Procedures
DIA_SCTP
321
D-PurgeUE-T
PUR/PUA - Location Mgmt Procedures
DIAMETER (TCP)
322
Reset Request/Answer
Reset Request/Answer
DIA_SCTP
322
RS
Reset Request/Answer
DIAMETER (TCP)
323
D-Notify-S
NOR/NOA - Notification Procedures
DIA_SCTP
323
D-Notify-T
NOR/NOA - Notification Procedures
DIAMETER (TCP)
324
D-ME-Id-Check-S
ECR/A - ME-Identity-Check Procedures
DIA_SCTP
324
D-ME-Id-Check-T
ECR/A - ME-Identity-Check Procedures
DIAMETER (TCP)
500
RegAuth
RegAuth
DIA_SCTP
500
RegAuth
RegAuth
DIAMETER (TCP)
501
LocUpdate
LocUpdate
DIA_SCTP
501
LocUpdate
LocUpdate
DIAMETER (TCP)
995
Diameter Session QueryRequest/Answer
Diameter Session Query-Request/Answer
DIA_SCTP
995
SQ
Diameter-Session Query-Request/Answer
DIAMETER (TCP)
998
Route Update Request/Answer
Route Update Request/Answer
DIA_SCTP
998
RU
Route-Update-Request/Answer
DIAMETER (TCP)
999
Diameter Binding Request/Answer
Diameter Binding Request/Answer
DIA_SCTP
999
DB
Diameter-Binding-Request/Answer
DIAMETER (TCP)
835
nGeniusONE 5.4.1 Online Help Topics
8388620
ProvideLocation
Provide Subscriber Location
DIAMETER (TCP)
8388621
LocationReport
Subscriber Location Report
DIAMETER (TCP)
8388635
D-SpendLimit-T
SLR/SLA - Spending Limit Procedures
DIAMETER (TCP)
8388636
D-SpendStatus-T
SNR/SNA - Spending Status Notification Procedures
DIAMETER (TCP)
268$VDR_EAPAUTN
D-EAP-Auth-T
DER/DEA - EAP Authentication Procedure
DIAMETER (TCP)
268$VDR_EAP-IDN
D-EAP-Identity-T
DER/DEA - EAP Identity Procedure
DIAMETER (TCP)
272$AVP_416_INT _1
D-CreditCtl-Init-T
CCR/A - Policy Initiate Procedures
DIAMETER (TCP)
272$AVP_416_INT _2
D-CreditCtl-Upd-T
CCR/A - Policy Update Procedures
DIAMETER (TCP)
272$AVP_416_INT _3
D-CreditCtl-Term-T
CCR/A - Policy Terminate Procedures
DIAMETER (TCP)
836
CONFIGURING AND MANAGING nGeniusONE
Traffic Discovery Tab Understanding Traffic Discovery Configuring Traffic Discovery The Traffic (IP) Discovery feature finds and identifies applications that are being monitored on your network segments for addition to your group of Well Known Applications. These protocols are: • TCP, UDP or IP applications only, • “discovered” based on their port numbers, • undefined or inactive in the nGeniusONE database. These applications, which would otherwise be labeled generically in the IP-OTHER category, are listed by Volume (KB) — from higher to lower — along with associated Short and Long Name, Packets (K), and ME Count metrics under the Traffic Discovery tab in Global Settings as shown below.
Similar to My Network, Traffic Discovery is another valuable tool to clearly define "core visibility" — knowledge of your nGeniusONE environment and how it is being used. Breaking out traffic by port number, connection (MEL), and volume per application allows you to quickly monitor, categorize, and analyze pertinent data — a level of support that was previously unavailable for transport layer applications using non-standard or custom port numbers. The feature also indicates whether your network is experiencing high levels of traffic from well-known applications that you did not expect. Adding discovered applications is functionally beneficial because either: • they are inactive — that is, not previously activated with monitoring capability in the Applications screen. Clicking Apply performs activation automatically. Or,
837
nGeniusONE 5.4.1 Online Help Topics • they are known to the Internet Assigned Numbers Authority (IANA) but unknown to the nGeniusONE server database. Workflow You can designate these discovered protocols for inclusion in the database by selecting one or more check box(es) from the list and clicking Apply. Optionally, if you want to revise the application's default Short or Long name, or link it to an Application Group, double-click any of those entries and perform in-line edits. Depending on your selection, you are prompted to confirm activating a defined application or adding a new application from the selected undefined port. Be aware that modifications to multiple selections must be made one by one. When a given application is defined following its entry in the Discovery Table, the table is refreshed and the application filtered from the display. The application is added to the nGeniusONE server database and downloaded to the InfiniStream for display in the Link screen of Traffic Monitor Applications
(shown below) which includes a Discovered
link to the Application Overview screen. This view provides:
• A tabular list of discovered applications and associated metrics. • A Traffic Distribution by Discovered Application pie chart showing protocols by percent utilization. • A bar chart showing Top 10 Discovered Applications and IP_OTHER Usage Over Time view. • A Packet Decode link
838
.
CONFIGURING AND MANAGING nGeniusONE The information displayed draws from enterprise-wide, IPv4 traffic. It is available with the v5.2.1 release of nGeniusONE and InfiniStream. Functionality More details about how Traffic Discovery operates is described as follows: • The number of rows displayed is capped at 1000 according to the highest volume received. • Short and Long Names, and Port numbers are derived from a pre-loaded file that maps transport layer name and port values to an IANA entry. • Important: Newly created applications apply to Global Settings only — they are not reflected in the UMC's Device Protocol Settings module. To view an updated list including discovered applications in Device Protocol Settings, you must reconfigure those templates in the UMC. • You can change the resolution of application values to Last 24 Hours or Last 7 Days from the default of Last Hour. • Sorts, (based on volume), and searches are supported. • Traffic Discovery interrelates with configuration of Business Types in Global Settings such that applications which do not match the specified Business Type settings are marked inactive and handled accordingly. So, these applications are treated like other inactive applications when discovered. • Traffic Discovery is a heuristic process that learns the identify of the server port as follows: o For packets of TCP applications, the server port is identified by certain flags. Depending on which flags are set, the identified server port is added to the Discovery Table if more than one client is found communicating with the server. For other flags, both source and destination ports are added to the Discovery Table. o For packets of UDP applications, entries are added to the Discovery Table with the combination of source port and destination address, and destination port and source address.
Configuring Traffic Discovery Understanding Traffic Discovery Configuring Traffic Discovery labels undefined or inactive TCP/UDP/IP applications that would otherwise be generically lumped into the IP-OTHER category. This feature lets you add these "discovered" protocols to your group of Well Known Applications. These highvolume applications are listed along with the associated total amount of volume, packets, and Monitored Elements, as shown below, under the Traffic Discovery tab in Settings.
Global
839
nGeniusONE 5.4.1 Online Help Topics
Navigation between fields is available by using the Tab key. Using the key terminates an edit without saving the change. Functionality Traffic Discovery functionality is described in the following table. Column/Icon /
/
Description Show/Hide/Reset the filter for the selected value. You can filter on any of the columnar values. Be aware that filtered Volume and Packets entries are in the 1,000s. For example, entering a 1represents 1,000 bytes. Drop-down menu for the interval to discover applications. Choices: Last Hour, Last 24 Hours, or Last 7 Days. Default: Last Hour. How do I instructions to use the GUI. Use Column Management to display and order the table columns. Refresh the display.
Port
The Transport Layer name-Port number of the application. For example: UDP-456. This value cannot be modified.
Defined
Applications "known" to the Internet Assigned Numbers Authority (IANA) but currently inactive are marked with a check . This value cannot be modified nor can the selected application. If a row is Defined, applying a row activates the corresponding application in Global Settings; if Undefined, applying a row creates a new application in Global Settings.
Short Name
The application name (maximum of 32 characters) displays if the protocol is an inactive application in the Global Settings database. Otherwise, it displays the IANA name that maps to the port. If neither value is available, the field is blank. A maximum of 1,000 names is allowed, determined by greatest volume received. In-line editing is available for undefined
840
CONFIGURING AND MANAGING nGeniusONE applications only. Long Name
The longer version name (maximum of 128 characters) of the application as derived from the IANA description field. In-line editing is available for undefined applications only.
App. Group
The name of the Application Group, chosen from the dropdown menu, to which this entry has been assigned. If left blank, the entry reads "Undefined Applications". Be sure that the entry is fully selected before clicking Apply. In-line editing is available.
Volume (KB) Packets (K) ME Count
The total number of bytes tallied for the application on the selected MEL. The total number of packets (in 1,000s) tallied for the application on the selected MEL. The total number of interfaces that the application is viewed on. Click the down/up caret to sort columnar entries.
Configuration To configure Traffic Discovery: 1. From the nGeniusONE Console select
Global Settings.
2. Click the Traffic Discovery tab. 3. (Optional) Choose Last 24 Hours, or Last 7 Days for the Traffic Discovery duration if you prefer either to the default value of Last Hour. 4. Select one or more applications from the list by clicking the check box(es) or choosing multiple rows. Short names are pre-populated. If the application matches the IANA mapping, a Long Name is also pre-populated. Selecting a different row performs the same save action as clicking the Enter key. 5. (Optional) To revise a protocol's IANA-defined definitions or add an application to an Application Group, double-click the entry and perform in-line editing of Short or Long Names. Port numbers cannot be edited. Note: Modifications to multiple selections must be made one by one. 6. Click Apply. This action adds and activates all checked applications by updating the database and communicating the updates to InfiniStream appliances. The Traffic Discovery table is then refreshed to filter out the newly defined applications. Depending on your choice, you are prompted to confirm — Yes — activating a defined application or adding a new application from the selected undefined port. Note: If a conflict is reported — the particular protocol is already set on the specified port — then the selection is flagged as an error and disallowed. Certain CDMA ports cannot be added to the Applications list unless and until they are
841
nGeniusONE 5.4.1 Online Help Topics defined as a Server-Based Application. Discovered applications can be added to Well Known Applications only, not SBAs. 7. (Optional) Continue discovered application configuration of Response Time, ASR, and Slice Size values in Applications as required. To view discovered applications: 1. From the nGeniusONE Console, click the then the
Traffic Monitor group of monitors and
Link Monitor icon.
2. From the Monitor Elements panel select one or more MELs. From the right panel, select one or more Network Domains and click Apply. 3. Click the Toggle charts to Discovered Applications mode button to view: • A tabular view of all discovered applications listed by each discovered application. • A Traffic Distribution by Discovered Application pie chart showing protocols by percent utilization of the selected discovered application. • A bar chart showing Top 10 Discovered Applications and IP_OTHER Usage Over Time view of the selected discovered application.
842
CONFIGURING AND MANAGING nGeniusONE
Locations Tab The Locations tab in Global Settings provides viewing and configuration screens for these virtual interface types: • Sites • APN • VRF Groups • Handset • VLAN Services • Cell Sites • PLMN Within these traffic categories you can view and add individual or groups of virtual interface definitions and associate them with their configured interface speed, alias, alarm template, or Link Type. For traffic monitored by ASI-enabled InfiniStream appliances, virtuals are designated as location keys and used to correlate with ASI data for enhanced scalability and faster troubleshooting, monitoring, and reporting. To access the Locations tab: 1. Login to the nGeniusONE console, and click the
Global Settings icon.
2. Click the Locations tab. 3. Choose one of the sub-tabs listed above. Refer to the following for viewing and modifying additional virtual information using Device Configuration: • TAC • QoS • RAT • CMTS • BSID • RAI
843
nGeniusONE 5.4.1 Online Help Topics
Site Monitoring Site Monitoring Overview in nGeniusONE Getting Started with Site Monitoring Site monitoring allows you to analyze remote Site links that are enabled with inaccessible topologies. Examples. Examples of inaccessible topologies on remote Site links include: • Channelized Links • Encryption/Compression • IP-Enabled Frame • MultiProtocol Label Switching (MPLS) • Private IP • Virtual Private Networks (VPN) By default, a Site virtual interface is created only when an appropriately configured physical or flow interface detects network traffic that matches a Site definition. Optionally, you can configure your system to create Site interfaces immediately following association with the nGeniusONE device. Using Site virtual interfaces, you can: • Segregate remote inbound and outbound office traffic for monitoring and reporting • Define link speeds to reflect bandwidth allocation for specific remote sites When a probe physical or flow interface detects traffic matching a Site definition, the monitoring device automatically creates a virtual interface on that physical or flow interface to track the following statistics (based on the subnet or subnet list): • Application • Protocol • Host • Conversation • Quality of Service (QoS) Site monitoring supports: • Up to 100,000 Site virtual interfaces per device • Adding up to 256 subnets per Site definition; maximum of 32,000 subnets across the enterprise • One to 31-bit subnet masks Site monitoring does not support duplicate subnets and masks.
844
CONFIGURING AND MANAGING nGeniusONE
Getting Started With Site Monitoring Creating Site virtual interface groups allows you to monitor remote Site links that are enabled with inaccessible topologies. To get started monitoring sites: 1. Configure Site monitoring on the data source 2. Add Site virtual interface definitions: • Add Site virtual interface definitions individually • Import multiple definitions 3. (Optional) Modify Site Speeds • Globally • Individual interfaces 4. Associate the Site virtual interface definitions with a device physical interface
Viewing Site Virtual Interfaces in nGeniusONE When a probe physical or flow interface (configured for Site monitoring) detects network traffic that matches a Site definition, the probe automatically creates a Site virtual interface (set at trunk speed by default) on that probe interface. The virtual interface displays when the device is automatically relearned. To view the virtual interface more quickly, click
Re-Learn in the Devices screen.
To view the Site virtual interfaces associated with a device: Device Configuration.
1. From the nGeniusONE Console, launch 2. Select the Devices tab. 3. Double-click the applicable probe. 4. Select the physical interface and click
Virtuals.
Note: The Virtuals icon is enabled for physical interfaces containing virtual interfaces. If no Site virtuals are configured, the icon is disabled. 5. Configured Site interfaces are displayed with the Name, Alias, ID, and DTE/DCE Speed (Mbps). Note: To sort a column, click the arrow head in the column heading.
Configuring Site Monitoring on the Data Source To enable Site monitoring for a CDM Agent physical or flow interface: 1. From the nGeniusONE Console, click
Device Configuration.
2. Select the Devices tab.
845
nGeniusONE 5.4.1 Online Help Topics
3. Select the applicable probe and click Remote Login required.)
. (Password may be
4. In the Agent Configuration Utility, enter 7 (Select Interface) and press Enter. 5. Enter the applicable physical or flow interface number. 6. In the Interface Options menu, verify that the vifn_enable option is set to on. Note: • Toggle vifn_enable can be on or off by default depending on the probe. If vifn_enable is off, enter 34 (vifn_enable) and press Enter to toggle the option on. Setting vifn_enable to on automatically discovers virtual interfaces. 7. Enter 99 (Go Back to Previous Menu) and press Enter. 8. Press Enter again to verify your changes. 9. Enter 36 (Change vifn_mode) and press Enter. 10. Enter one of the following and press Enter: • 7 (site) • 11 (site-qos) 11. Enter 99 (Go Back to the Previous Menu) and press Enter. 12. Press Enter again to verify your changes. 13. Enter 99 and press Enter until you return to the Main menu. 14. Enter 12 to reset the CDM Agent. 15. Enter y to confirm the reset. 16. Save and close the file. Note: Quality of Service (QoS) monitoring classifies traffic for a user-defined site virtual interface. When you set Change vifn_mode to site-qos, the CDM Agent creates additional virtual interfaces as needed to monitor each detected level of QoS statistics for the site virtual interface.
Sites Tab Sites Monitoring Overview Getting Started with Site Monitoring The following functions and information are displayed when you select the Global Settings > Locations > Sites tab. Icon
Description Add a site monitoring group. Modify the selected site definition Delete the selected site definition
846
CONFIGURING AND MANAGING nGeniusONE
/
/
/
Show, Hide, Reset the filter
Import, Export site definitions Refresh the view
Column
Description
Name
The Site name. No more than 50 alphanumeric characters are permitted.
Total Speed (Kbps)
One of the following: • The speed applied to all Monitored Elements within the enterprise associated with this Site definition. • 0 -- Different speeds are associated with different Monitored Elements in the group. Speeds for the Site virtual interface have been configured in Device Details, or by creating a .csv file to import virtual interface speeds, after the virtual interface definition was added.
Addresses
The IP Addresses associated with the group.
Additionally, right-clicking an entry in the list displays a Modify menu item to change settings and Delete menu item to remove the entry.
847
nGeniusONE 5.4.1 Online Help Topics
Adding Sites Adding Site Virtual Interface Definitions in nGeniusONE You must be granted Network Administrator privileges to perform this procedure. By default, a Site virtual interface is created only when an appropriately configured physical or flow interface detects network traffic that matches a Site definition. Optionally, you can configure your system to create all associated Site interfaces immediately following association with the nGeniusONE device. You must add and configure virtual interface definitions (subnets) for Site monitoring in the Global Settings > Groups tab before downloading the definitions to appropriately configured probe physical and flow interfaces. To add and configure Site virtual interface definitions: 1. From the nGeniusONE console, click the
Global Settings icon.
2. Click the Locations > Sites tab. 3. Click
Add a site group. Maximum allowed is 1,000,000.
4. Enter a unique Site Name (also the virtual interface name). For example: Boston_Site Note: Site names can have a maximum of 50 alphanumeric characters and/or spaces. Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all. 5. Add a Total speed value. Do one of the following: • To apply the same speed to all Monitored Elements within the enterprise associated with this Site definition, enter the speed in the Total speed box. • To associate different speeds with different Monitored Elements, do not enter the speed. Instead, modify the speed for the Site virtual interface in the Devices tab, or by creating a .csv file to import virtual interface speeds, after you add the virtual interface definition. 6. In the IP Address List dialog box, click Add an IP Address to enter the applicable subnet IP Addresses with appended subnet mask values or IPv6 address (any format). Note: • (Optional) You can enter the IP address octets as zeros that the subnet mask does not cover. For example, you can enter 10.40.212.226 as 10.40.0.0 if appending a 16-bit mask, or 10.40.212.0 if appending a 24-bit mask. • You can enter a single IP address in the Site definition with the /32 subnet. This capability is enabled by default. 7. (Optional) To add another address to the Site:
848
CONFIGURING AND MANAGING nGeniusONE
a. Click Add an IP Address
.
b.Enter the next Subnet IP Address with appended subnet mask values. c. (Optional). Repeat this step to add more addresses to the Site. 8. Click OK and Apply to save your configuration. 9. Manually associate the Site definition with each physical interface. Note: The nGeniusONE Server automatically generates a SiteID for internal use when uploading the Site definition to a device. Importing Site Virtual Interface Definitions You can import virtual interface definitions (subnets) for Site monitoring to the Locations > Sites tab on the nGeniusONE server. More on Site Monitoring. To import Site definitions: 1. From the nGeniusONE console, click the
Global Settings icon.
2. Click the Locations > Sites tab. 3. Click Import site definitions
.
4. In your browser dialog box, browse to and select the import file containing the Site definitions, and click Open. 5. Click Import Sites. The Site Monitoring tab displays the imported Names, SiteIDs, Subnet(s), and Speeds. 6. Click OK. 7. Download Site definitions to the appropriate physical interfaces. Note: • If the import file contains a Site name that currently exists in your system, the existing speed and subnet information for that name are updated. • The system automatically generates a SiteID for internal use when downloading the imported Site definitions to a device. Note: You can also do the following per interface in the Device Management > Devices tab: • Import Site speeds and associations • Export Site speeds and associations • Modify Site definitions Creating a File to Import Site Virtual Interface Definitions You can save time when adding several Site virtual interfaces by creating and importing a *.dat file listing the appropriate speeds. It is essential that the syntax of the import file be correct. If the format or syntax for any import file Site definition is incorrect, an error message displays and the file does not import. Correct any errors before attempting to import the file again.
849
nGeniusONE 5.4.1 Online Help Topics To create the file: 1. Create a new text file using a text editor. 2. Enter the required information using the following syntax (one entry per line). For entry of Site or Host Group IP addresses, different scenarios apply depending on whether you are adding IPv6 addresses or not to the import file. The syntax of the .dat file must be modified if it contains any IPv6 addresses, because the default field delimiter has historically been a colon, but the group delimiter within an IPv6 address is also a colon. To prevent ambiguity when one or more IPv6 addresses are present, a special "fieldDelimiter" comment has been introduced in the .dat file syntax. This allows the file to be correctly parsed by the Import software. Consider these possibilities: • For release 5.0.1 and later versions of the Web-based client, the .dat file should read as follows (see the following example): # version="2.0" # fieldDelimiter=";" # Name;Address(es);Total Speed (Kbps) NewSite0;0:0:0:0:0:ffff:172.24.4.1/128;1000 Boston1;::ffff:172.24.4.97/32;1000 IPv6Site14;1234::5678:abcd/124;100000 • For release 5.0.1 or later, to add sites to a .dat file that was created with the Web-based client, regardless of whether or not any of the Sites/Hosts Groups include IPv6 addresses, every line you add must use the semi-colon as a delimiter between Name, Address, and Total Speed values. • To import Sites/Host Groups from a file that was created by a previous Javabased PM’s Export feature, nothing further is required because the assumed default field delimiter is “:”, to which convention the old .dat files comply. • To create a .dat file containing Sites/Host Groups with one or more IPv6 addresses, the file must be created with the # field delimiter=”;” line before any Sites/Host Groups. All Sites/Host Groups in the file, regardless of whether or not any of the Sites/Host Groups have IPv6 addresses, must use the semicolon as a delimiter between Name, Address, and Total Speed values. Additional Site Syntax Rules SiteNameIP Address:SubnetSpeed (Kbps)NewSiteName Note: Do NOT include SiteID in the syntax. • NewSiteName is an optional field that allows the imported Site to be renamed (for example, if a Site using the same name already exists on the destination server). • One Site definition per line • Separate the Site Name from its Address and mask using a delimiter (either a semi-colon or colon) • Separate multiple Subnet Addresses using a comma (,)
850
CONFIGURING AND MANAGING nGeniusONE • Separate Subnet Addresses from the Speed using a delimiter (either a semicolon or colon) • Comment out Site definitions you do not want to import by preceding the Site definition with a pound sign (#) • You can optionally enter the IP address octets as zeros that the subnet mask does not cover. For example, you can enter 102.40.212.226 as 102.40.0.0 if appending a 16-bit mask, or 192.132.105.68 as 192.132.105.0 if appending a 24-bit mask. Examples The following are examples using the legacy colon-delimited syntax: • Boston:10.40.212.226/16,192.168.105.68/24:48000 • #London:10.20.150.65/8,10.36.64.201/16:125000 (does not import) • Boston:10.40.212.226/16,192.168.105.68/24:48000:London (renames the Site named "Boston" to "London") The following are examples using the new semi-colon-delimited syntax: • Boston;10.40.212.226/16,192.168.105.68/24;48000 • #London;10.20.150.65/8,10.36.64.201/16;125000 (does not import) • Boston;10.40.212.226/16,192.168.105.68/24;48000;London (renames the Site named "Boston" to "London") 3. Save the file with a *.dat extension and close the file. 4. Import the file. Notes: • If the name of an imported Site is identical to an existing name, the Site information and speed are updated with the new information. • For full-duplex interfaces, by default, the interface speed is divided by two, with the resulting value being used for both the DTE and DCE speeds. • You can change the name of a Site in the import file by manually appending the new name to the end of the appropriate line in the file: SiteNameSubnetSpeed (Kbps)NewSiteName Exporting Site Virtual Interface Definitions You can export group definitions from the Locations > Sites tab in one nGeniusONE Server and subsequently import the file to another same-version nGenius Server: 1. From the nGeniusONE console, click the
Global Settings icon.
2. Click the Locations > Sites tab. 3. Select the groups you want to export. 4. Click
Export site definitions.
5. Click Save File. 6. Click OK and save the file to your target location.
851
nGeniusONE 5.4.1 Online Help Topics Modifying Site Virtual Interface Definitions in Devices Use this procedure to configure site virtual definitions for individual interfaces. To modify speeds on individual interfaces, the speed set in the Locations > Sites dialog box must be equal to zero. Click here to globally modify site virtual interface definitions To modify site virtual interface definitions for an individual interface: 1. From the nGeniusONE Console, click
Device Configuration.
2. Select the Devices tab. 3. Double-click the appropriate device. 4. Select the physical interface configured for Site Monitoring. Note: If the button is inactive, ensure you have properly configured the selected interface on a supported device. 5. Click
Virtuals.
6. Double-click one Site virtual or select several and click Sites virtuals.
Modify to configure more
7. Enter a new Alias. 8. Click OK to close the Modify dialog box. 9. Click OK and OK again to save your configuration. The new alias is downloaded to the probes. Associating Site Definitions with a Physical Interface After adding or modifying virtual interface definitions (subnets) for Sites monitoring in Global Settings > Locations, you must associate the definitions with an appropriatelyconfigured physical interface on the data source. The data source creates a site virtual interface only when a physical or flow interface configured for Site monitoring detects network traffic that matches a site definition. To download site virtual interface definitions to the probe: 1. From the nGeniusONE Console, launch
Device Configuration.
2. Select the Devices tab and double-click the appropriate device. 3. Select the physical interface configured for Site Monitoring. Note: If the button is inactive, ensure you have properly configured the selected interface on a supported device. 4. From the Site(s).
852
Select monitoring options drop-down menu, click Associate
CONFIGURING AND MANAGING nGeniusONE
5. Select one or more sites and click following: • For one site, click and click OK. The continues.
Modify. In the dialog box, do one of the Modify again, click the Associate check box, Pending commit icon displays while the process
• For all sites, click Associate all. (The display changes to aware that the maximum allowable associations is 1000. • Note: if you make an error, click
.) Be
Remove all associations.
6. Click OK. The Associate Sites window closes. 7. Click OK. The device details window closes and the site definitions download to the selected probe interface(s). 8. (Optional) Repeat for any additional probe physical interfaces that you want to associate with a site definition. Site definitions download and apply only to probe physical and flow interfaces that you configure for Site Monitoring in the InfiniStream appliance. Add/Modify Site Definitions Parameter
Description
Name
Add or modify a unique site Name (also the virtual interface name). The maximum allowed is 100,000. For example: Boston_Marketing Note: Site names can have a maximum of 50 alphanumeric characters and/or spaces. Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all.
Total speed
Do one of the following: • To apply the same speed (Kbps) to all Monitored Elements within the enterprise associated with this Site definition, enter the speed. • To associate different speeds with different Monitored Elements, do not enter the speed (it is 0 by default). Instead, modify the speed for the Site virtual interface, or create a .csv file to import virtual interface speeds, after you add the virtual interface definition.
IP Address List
Click Add an IP Address to enter the applicable IPv4/IPv4 Addresses with appended subnet mask values. Note: • (Optional) You can enter the IP address octets as zeros that the subnet mask does not cover. For example, you can enter 102.40.212.226 as 102.40.0.0 if appending a
853
nGeniusONE 5.4.1 Online Help Topics 16-bit mask, or 102.40.212.0 if appending a 24-bit mask. • Adding IPv6 addresses
Deleting Site Virtual Interface Definitions To delete Site definitions: 1. From the nGeniusONE console, click the
Global Settings icon.
2. Click the Locations > Sites tab. 3. Select the Site definition that you want to delete and click Delete the selected site definition. Shift-click, Ctrl-click, or click and drag to make multiple selections. 4. You are prompted to confirm the deletion. Click OK. All marked items are deleted. 5. Click Apply to save your configuration. Creating Sites Following Association With a Device in nGeniusONE By default, a Site virtual interface is created only when an appropriately configured physical or flow interface detects network traffic that matches a Site definition. Optionally, you can configure your system to create Site interfaces immediately following association with the nGeniusONE device, even if no matching traffic exists. Creating sites immediately following association with the device allows you to: • Include the sites in monitored element groups • Include the sites in reports • Launch views based on the sites in nGeniusONE monitors (if no traffic is present, the views are empty) When you configure your system to create sites immediately following association with the device, the sites are counted as active against your license. To create Site virtual interfaces immediately following association with an nGeniusONE device add the following property to the serverprivate.properties file: createsitesafterassoc=true Note: Disassociated sites are marked as absent in order to retain historical data. If you reassociate previously disassociated sites, they are again active and all views, monitored element groups, and report functionality work as before.
854
CONFIGURING AND MANAGING nGeniusONE
Modifying Site Speeds Globally Modifying the Speed of a Site Virtual Interface When the nGeniusONE server first creates a site virtual interface, the virtual interface speed is automatically set to trunk speed by default. You can modify site virtual interface speed to obtain a more accurate representation of site virtual interface throughput. You can modify the speed of a site virtual interface in the following ways: • Modify speeds globally — You can modify site speeds if you want to associate the same speeds with all probe interfaces. If you want to associate different speeds with different Monitored Elements, do not modify the site speed in Applications. • Modify speeds for individual interfaces — You can modify the speeds for individual interfaces in the following ways: o Modify the speed of one or a few individual site virtual interfaces by configuring the new speed in Devices. o Export a file containing site speeds and associations based on those configured for an individual interface. Subsequently import the file to other selected interfaces. This method is appropriate if you want to configure several interfaces identically. You can import a file exported from a sameversion nGenius Server only. o Manually creating and importing a file to import virtual interface speeds. Modifying Site Virtual Interface Definitions Globally Use this procedure if you want to modify Site virtual interface definitions globally for all appropriately configured probe interfaces. Click here here to modify site definitions on an individual interface. To modify Site definitions: 1. From the nGeniusONE console, click the
Global Settings icon.
2. Click the Locations > Sites tab. 3. Select the Site name and click
Modify the selected site definition.
4. Select and modify the Name, Total speed, and IP Address List, or click Add to add another address and mask. You cannot modify the Site ID. Regarding Total speed (Kbps), for full duplex interfaces, the interface speed is divided by two, and that value is used for both the DTE and DCE speeds. 5. Click OK. The Sites screen displays the Name, Total Speed, and Addresses. 6. Click Apply to save your configuration. 7. Associate site definitions with each probe physical interface.
855
nGeniusONE 5.4.1 Online Help Topics
Modifying Speeds for Individual Interfaces Modifying Site Virtual Interface Definitions in Devices Use this procedure to configure site virtual definitions for individual interfaces. To modify speeds on individual interfaces, the speed set in the Locations > Sites dialog box must be equal to zero. Click here to globally modify site virtual interface definitions To modify site virtual interface definitions for an individual interface: 1. From the nGeniusONE Console, click
Device Configuration.
2. Select the Devices tab. 3. Double-click the appropriate device. 4. Select the physical interface configured for Site Monitoring. Note: If the button is inactive, ensure you have properly configured the selected interface on a supported device. 5. Click
Virtuals.
6. Double-click one Site virtual or select several and click Sites virtuals.
Modify to configure more
7. Enter a new Alias. 8. Click OK to close the Modify dialog box. 9. Click OK and OK again to save your configuration. The new alias is downloaded to the probes. Creating a File to Import Site Virtual Interface Speeds You can save time when modifying speeds for several virtual interfaces by creating and importing a *.dat file listing the appropriate speeds. For full duplex interfaces, by default, the interface speed is divided by two, and that value is used for both the DTE and DCE speeds. To create the file: 1. Create a new text file using a text editor. 2. Enter the required information using the following format (one entry per line): Site_Name:Site_ID:Subnet_List:DTE_Speed:DCE Speed (Kbps) Note: Site_Name, Site_ID, and Subnet_List must match the site virtual interface definitions you created in Applications. You can view your site definitions in Global Settings > Locations > Sites. Site_Name — The Site Name you entered when you added the site in Global Settings.
856
CONFIGURING AND MANAGING nGeniusONE Site_ID — The ID assigned to the site in Global Settings. Subnet_List — The site Address(es) listed in Global Settings. Separate multiple addresses using commas. DTE_Speed — The speed you want to import for DTE (Data Terminal Equipment). DCE_Speed — The speed you want to import for DCE (Data Communication Equipment). Example Sample file entries: LA_Office:1:x.x.x.x/24:48000:52000 Dallas_Office:2:x.x.x.x/24, x.x.x.x/24:55000:45000 Boston_Office:3:x.x.x.x/16:125000:75000 For the following sites in Global Settings > Site Monitoring: Name
Site ID
Address(es)
LA_Router
1
x.x.x.x/24
Dallas_Router
2
x.x.x.x/24, x.x.x.x/24
Boston_Router
3
x.x.x.x/16
3. Save the file with a *.dat extension and close the file. 4. Import the file. Importing Site Virtual Interface Speeds and Associations You can import speeds and associations to efficiently configure multiple site virtual interfaces. More on Site Monitoring. To import site virtual interface speeds and associations, do the following: 1. Do one of the following: • Manually configure an import file. • Export site virtual interface speeds based on an existing interface. You can import a file exported from a same-version nGeniusONE Server only. 2. From the nGeniusONE Console, launch
Device Configuration.
3. Select the Devices tab. 4. Double-click the appropriate device. 5. Select the physical interface configured for Site Monitoring. Note: If the button is inactive, ensure you have properly configured the selected interface on a supported device. 6. From the
Select monitoring options drop-down menu, click Associate Sites.
857
nGeniusONE 5.4.1 Online Help Topics
7. In the Associate Sites dialog box, click
Import Associations.
8. Navigate to the import file and select it. Ensure that the filename appears in the File name field. 9. Import the file. Exporting Site Virtual Interface Speeds and Associations You can modify speeds and associations for multiple site virtual interfaces most efficiently by modifying one site virtual interface, exporting the definition, and then importing the definition to other sites. More on Site monitoring. To export speeds and associations: 1. From the nGeniusONE Console, launch
Device Configuration.
2. Select the Devices tab. 3. Double-click the appropriate device. 4. Select the physical interface configured for Site monitoring. Note: If the button is inactive, ensure you have properly configured the selected interface on a supported device. 5. From the
Select monitoring options drop-down menu, click Associate Sites.
6. Select one or more sites. 7. Click
Export Associations. Export files are supported in .dat format.
8. Browse to your target location and click Export. The file is exported as a *.dat file using the same syntax as a manually-created file.
858
CONFIGURING AND MANAGING nGeniusONE
APN Monitoring Monitoring APN Virtual Interfaces in nGeniusONE — Overview Click here for information on how to Get Started Monitoring APNs An APN (Access Point Name) is a virtual interface representing a packet data network to which a GPRS (General Packet Radio Services) mobile device can be connected. An APN can be public (providing mobile access to the Internet) or private (providing mobile access to a company intranet, for example). When a GPRS mobile phone sets up a PDP context, the access point is selected and an access point name (APN) is determined. Examples mycompany.abcd.gprs internet mymobile zap.cingular.com The access point is then used in a DNS query to a private DNS network. This process, called APN resolution, provides the IP address of the GGSN (Gateway GPRS Support Node) which serves the access point. At this point a PDP context can be activated. You must configure your nGeniusONE device to monitor APNs. nGeniusONE devices allow you to associate APNs with a specific interface. You must configure APN monitoring on supported devices and associate APN definitions with Gn, S11, S5/S8-GTPv2, S2a, Ph, or Pi physical links in Device Configuration > Devices > Device Details. You can view APN statistics in service monitors and drill down from there to nGenius Subscriber Intelligence. • By monitoring APN virtual interfaces, you can: • o Segregate mobile inbound and outbound traffic for monitoring and reporting. For example, Origin-Host and Destination host entries display as Mobility Management Entities (MME) and Home Subscriber Servers (HSS). Examples IMS_HSS1_W1 IMS_MME-I-ec_0 o
Receive alarms triggered on monitored elements
o
Track QoE and KPI Diameter entries
o Define link speeds to reflect bandwidth allocation for specific APN virtual interfaces • When a physical or flow interface detects traffic matching an APN virtual interface definition, it automatically creates a virtual interface to track the application, host, and conversation statistics. (The number of APNs detected, and therefore the number of APN interfaces you see in MEL displays may not equal the number of APN definitions.) • APN virtual interfaces support drill downs into individual DRAs and endpoints for QoE data such as Link, Application, Host and Conversation information based on dbONE flows. Drill down to packet data is not supported. Note: APN Monitoring does not support duplicate names.
859
nGeniusONE 5.4.1 Online Help Topics Site-APN/Diameter Caveat When a monitored element is configured for the site-apn virtual interface, the Service Configuration editor displays APN as a location key option for that monitored element. When the associated appliance and Global Settings are configured to track Diameter traffic using Client/Server origin hosts, selecting APN as a key will cause no data to display in the monitor. This happens because the Diameter configurations populate the flow record with Client-Origin-Host and Server-Origin-Host values, not the APN. Also note that the monitor will offer APN as a location attribute for display even though the field is not populated. This issue can be addressed by adding the following setting in the /rtm/bin/admin/serverpublic.properties file for proper Diameter identification: • srvconfig.apn.to.srvorigin = true • srvconfig.apn.to.srvorigin.ip=
Getting Started With APN Monitoring in nGeniusONE To get started monitoring APNs: 1. Configure APN Monitoring on the device 2. Add APN definitions: • Add APN virtual interface definitions individually • Creating a file to import APN virtual interface definitions • Import multiple definitions 3. (Optional) Modify APN Definitions 4. Associate the APN definition with the device physical interface 5. (Optional) Enable automatic discovery of APNs/DRAs (for those not defined in Global Settings) 6. (Optional) Configure APN interfaces to track QoE and KPI Diameter entries
Viewing APN Virtual Interfaces in nGeniusONE When a physical or flow interface configured for APN Monitoring detects network traffic that matches an APN definition, it automatically creates an APN virtual interface (set at trunk speed by default). On the Devices tab of the Device Configuration window, you must either click displayed.
Re-Learn or wait for an auto-relearn for the virtual interface to be
To view the APN virtual interfaces: 1. From the nGeniusONE Console, click
Device Configuration.
2. Click the Devices tab. 3. Double-click the applicable probe. 4. Select the physical interface and click Virtuals. The Virtuals button is enabled for interfaces containing virtual interfaces.
860
CONFIGURING AND MANAGING nGeniusONE Configured APN interfaces are displayed with these values. Note: To sort a column, click the arrow head in the column heading.
Adding APN Virtual Interface Definitions This procedure describes how to add APN virtual interface definitions to monitor GTP (GPRS Tunneling Protocol). It also details how to enable tracking of QoE and KPI Diameter entries using Client/Server Origin hosts. NetScout also supports automatic discovery of APNs/DRAs for those not configured with the procedure described below. The set apn_dist_opts command captures these APNs/DRAs and enables manual exporting of the collected records to Global Settings and subsequent association with an interface. Click here for more information. You must be granted Network Administrator privileges to perform this procedure. Important: Click here for details about a site-apn/Diameter caveat. To add an APN virtual interface: 1. From the nGeniusONE console, click
Global Settings.
2. Click the Locations > APN tabs. Add an APN group.
3. Click
4. Enter a unique Name for the APN Site. When an interface detects traffic matching the APN definition, the name you enter displays in the list of Monitored Elements in the service monitors. APN Site names are case sensitive and can include a maximum of 32 alphanumeric characters and/or spaces. Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all. Examples (including CMTS) London Boston Internet For CMTS virtuals, APN names must be entered as follows: ; where: • vendor is the first six characters of the MTA manufacturer's name • Model # is the complete MTA model number Important: All characters are case sensitive. The name must appear exactly as shown in the DHCP DISCOVER packet. For example: Motoro;SBV1234 5. Enter the DTE and DCE Speed (Kbps).
861
nGeniusONE 5.4.1 Online Help Topics 6. Enter the APN Address as defined on the GGSN (Gateway GPRS Support Node). Addresses are case sensitive. Examples (including CMTS) wap.o2.co.uk internet.t-mobile.cz internet orangeinternet For CMTS virtuals, APN addresses must be entered as follows: : where: • vendor is the first six characters of the MTA manufacturer's name • Model # is the complete MTA model number Important: All characters are case sensitive. The name must appear exactly as shown in the DHCP DISCOVER packet. For example: Motoro:SBV1234 7. Click OK. The nGeniusONE Server automatically generates an APN ID for internal use when downloading the APN definition to a probe. The new values are displayed. 8. When you finish configuring APN definitions, click Apply to save your changes. Tracking QoE and KPL Diameters entries To configure APN interfaces to support tracking of QoE and KPI Diameter entries using Client/Server Origin hosts: 1. Enable this feature on monitoring InfiniStream appliances. The appropriate diameter_opts option is automatically enabled when mobile_params script for IMS support is used. 2. On the nGeniusONE Server, configure APN settings: a. Click the
Global Settings icon.
b.Click the Locations and APN tabs. c. Click Add an APN group for each DRA to track and enter the APN Name, DTE and DCE Speed values. d.Click Add an APN Address using DIA= as the value. The Origin-Host AVP entry must be entered as it appears in the DRA. e. Click OK. f. To ensure you identify any DRAs that you may have missed, add an entry to track DRAs that you have not defined. Enter an APN name with the Address set DIA=UNKNOWN_APN. g.Click OK and Apply to save your configuration. 3. Click the
862
Device Configuration icon.
CONFIGURING AND MANAGING nGeniusONE 4. Click the Devices tab, select the InfiniStream appliance you configured the APN site on, and click
Relearn.
Deleting an APN Virtual Interface Definition To delete an APN group: 1. From the nGeniusONE console, click the
Global Settings icons.
2. Click the Locations > APN tabs. 3. Select the appropriate APN Group. 4. Click
Delete the selected APN definition.
5. You are prompted to confirm the deletion. Click Yes. 6. Click Apply to save your configuration.
Exporting APN Virtual Interface Definitions You can export APN virtual interface definitions to a file that you can subsequently import to a same-version nGeniusONE Server. To export APN virtual interfaces: 1. From the nGeniusONE console, click the
Global Settings icon.
2. Click the Locations > APN tabs. 3. Click
Export APN definitions.
4. Click Save File. 5. Click OK and save the file to your target location.
Importing APN Virtual Interface Definitions You can import APN virtual interface definitions from a file you create or from a file previously exported from a same-version nGeniusONE Server. To import APN virtual interfaces: 1. From the nGeniusONE console, click the
Global Settings icon.
2. Click the Locations > APN tabs. 3. Click
Import an APN definition.
4. In the Open window, browse to and select the import file containing the APN definitions. 5. Click Import APN. The nGenius Server automatically generates an APN ID for use when downloading APNs to the probe. 6. When you finish importing APN definitions, click Apply to save your changes.
863
nGeniusONE 5.4.1 Online Help Topics
Creating a File to Import APN Virtual Interface Definitions in nGeniusONE You can save time when adding several APN virtual interfaces by creating and importing a *.dat file. It is essential that the syntax of the import file be correct. If the format or syntax for any import file Site definition is incorrect, an error message displays and the file does not import. Correct any errors before attempting to import the file again. To create the file: 1. Create a new text file using a text editor. 2. Enter the required information using the following syntax (one entry per line): Syntax Example Boston:acds.voicemail:48000:48000 NY:ibitsfsb.ibm.com,proxy:125000:125000 #London:internet3,globalm2m.net:125000:125000 (does not import) APNName:Address(es):DTE_Speed (Kbps):DCE_Speed (Kbps) • One definition per line • Separate the APN Name from the Address using a colon (:) • Separate multiple Addresses using a comma (,) • Separate Addresses from Speeds using a colon (:) • Comment out APN definitions you do not want to import by preceding the Site definition with a pound sign (#) Note: For full duplex interfaces, by default, the interface speed is divided by two, with the resulting value being used for both the DTE and DCE speeds. 3. Save the file with a .dat extension and close the file. 4. Import the file.
Modifying an APN Virtual Interface Definition Adding APN Virtual Interface Definitions Configure APN interfaces to track QoE and KPI Diameter entries To modify APN virtual interface definitions: 1. From the nGeniusONE console, click the
Global Settings icon.
2. Click the Locations > APN tabs. 3. Select the APN virtual interface and click 4. Do the following as required: • Modify the APN name.
864
Modify the selected APN definition.
CONFIGURING AND MANAGING nGeniusONE
• In the APN Address List click address.
to add,
to modify, or
to delete an
Note: You cannot modify the APN ID. 5. (Optional) Modify DTE and DCE Speed (Kbps). 6. Click OK and Apply to save your changes.
APN Tab Monitoring APN Virtual Interfaces Overview Getting Started Monitoring APN Interfaces Icon
Description Add an APN group Modify the selected APN definition Delete the selected APN definition
/
/ /
Show, Hide, Reset the filter Import, Export APN definitions Refresh the view
Column
Description
Name
The APN group name.
ID
An auto-generated APN identifier. This column is not always displayed.
DTE Speed (Kbps)
The DTE speed configured when the group was created.
DCE Speed (Kbps)
The DCE speed configured when the group was created.
Addresses
The APN address as defined on the GGSN (Gateway GPRS Support Node). Examples: zap3.cingular.com broadband-44.rtr980.myt.gprs wap.o2.co.uk internet.t-mobile.cz internet orangeinternet Motoro:SBV1234
865
nGeniusONE 5.4.1 Online Help Topics
Show/Hide Task Progress arrow Additionally, right-clicking an entry in the list displays a Modify menu item to change settings and Delete menu item to remove the entry.
Add/Modify APN Groups Getting Started with APN Monitoring Configure APN interfaces to track QoE and KPI Diameter entries Important: Automatic discovery of APNs/DRAs for those not configured under the APN tab is supported using the apn_disc_opts command on the InfiniStream. Discovery enables an administrator to manually export the resulting .csv file for use in importing the records into Global Settings. Important: Click here for details about a site-apn/Diameter caveat. Parameter
Description
Name
Add or modify the APN group name. Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all.
ID
An auto-generated APN identifier. This column is not always displayed.
DTE Speed
Add or modify the DTE speed.
DCE Speed
Add or modify the DCE speed.
APN Address List
Examples:
Add an APN Address as defined on the GGSN. • • • • •
866
zap.cingular.com wap.o2.co.uk internet.t-mobile.cz internet orangeinternet Motoro:SBV1234
CONFIGURING AND MANAGING nGeniusONE
VRF Group Monitoring Getting Started Monitoring VRF Groups in nGeniusONE Configuring Virtual Routing and Forwarding (VRF) groups allows you to retain visibility of remote locations from the WAN aggregation point of view. You can group multiple Route Descriptors (RDs) together, with each group being a virtual interface on the monitoring device. You can configure VRF Groups in Device Configuration > Global Settings > Locations > VRF Groups tab. Monitoring devices create virtual interfaces based on the downloaded definition. Be aware of the following maximums: • Maximum number of VRF Groups =4000 • Maximum number of Route Descriptors across all VRF Groups =128000 (32*4000) Users granted the Network Administrator role can configure VRF Groups. To get started with VRF Groups: 1. Configure VRF Group monitoring on the data source. 2. Add VRF Group definitions: • Add group definitions individually • Import multiple definitions 3. (Optional) Modify VRF Group speeds • Globally • Individual interfaces 4. Associate the VRF Groups with a device physical interface Adding VRF Groups in nGeniusONE Users granted the Network Administrator role can configure VRF Groups. You can add a maximum of 4000 VRF Groups. Before you configure VRF Groups, ensure you configure the monitoring device. To add and configure VRF Groups: 1. From the nGeniusONE console, click the
Global Settings icon.
2. Select the Locations > VRF Groups tabs. 3. Click
Add a VRF group.
4. Configure the options as required. 5. Click OK. The VRF Groups tab displays the new Name, Type, DTE and DCE Speeds (if defined), and Route Descriptors (ASN#, Assigned Number, and Subnet). 6. Click Apply to save your changes. Note: The nGeniusONE Server automatically generates a VRF Group ID for internal use when downloading the group to a probe.
867
nGeniusONE 5.4.1 Online Help Topics VRF Group Configuration Options To configure VRF Groups in Global Settings > Locations > VRF Groups, refer to the following information: • Maximum number of VRF Groups permitted: 4000 • Maximum number of Route Descriptors permitted across all VRF Groups:128000 (32 RDs/Group * 4000 Groups) Parameter
Description
Name
Enter a unique name for the group. For example: Boston_VRF Note: Names can have a maximum of 50 alphanumeric characters and/or spaces. Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all.
DTE/DCE Speed
Enter the DTE and DCE speeds in the appropriate text fields. The default for both speeds is 0. Do one of the following: • To apply the same speed to all monitored elements within the enterprise associated with this group definition, enter the speed in the dialog box. • To associate different speeds with different monitored elements, do not enter the speed. Instead, modify the speed for the group in Device Details, or by creating a *.csv file to import virtual interface speeds, after you add the group.
Type
Select a Route Descriptor type: 0 (default) or 1. See definition below.
Route Descriptors
Enter a maximum of 32 Route Descriptors (RDs) per group. Important: Each RD must be unique across all groups (not just within a group). • Type 0 (large enterprises)— Enter an ASN number, Assigned Number, and Subnet number (optional). • ASN number — Valid entries: 1-65535 • Assigned number — Valid entries: 1-4294967295. If you leave the field blank, it is treated as a mask for the assigned number. • Subnet number — For example: 10.40.0.0/16. You can optionally enter the IP address octets as zeros that the subnet mask does not cover. For example, you can enter 10.40.212.226 as 10.40.0.0 if appending a 16-bit mask, or 10.40.212.0 if appending a 24-bit mask. • Display — Each Route Descriptor for this type displays as ASN#:Assigned# (if a number is entered) or ASN#: (if no number is entered). RDs display in comma-separated format in the VRF Groups tab.
868
CONFIGURING AND MANAGING nGeniusONE Route Descriptors field and in the Associate VRF Groups dialog box. Examples 1234:45,5001:,4502:6000 • Type 1 (small to medium-sized enterprises) — Enter the router IP address, ASN number, and Subnet number. • IP address — For example, 10.11.11.11 • ASN number — Valid entries: 0-65535. If you leave the field blank, it is treated as a mask for the assigned number. • Subnet number — For example: 10.20.0.0/16. You can optionally enter the IP address octets as zeros that the subnet mask does not cover. For example, you can enter 10.40.212.226 as 10.40.0.0 if appending a 16-bit mask, or 10.40.212.0 if appending a 24-bit mask. • Display — Each Route Descriptor for this type displays as IP Address:Assigned# (if a number is entered) or Address#: (if no number is entered). Examples 10.168.45.33/20,10.168.67.45/30:6000 • Click OK and Apply to save your configuration. Importing VRF Group Definitions in nGeniusONE You can import VRF Groups most efficiently by using a file you previously exported from another same-version system. To import group definitions: 1. From the nGeniusONE console, click the
Global Settings icon.
2. Select the Locations > VRF Groups tabs. 3. Select the VRF Group you want to export. 4. Click
Export VRF Groups,
5. On another device, click imported VRF Group is:
Save File, and OK.
Import VRF Groups. The proper format for an
Name:Router Descriptor:DTE Speed (Kbps):DCE Speed (Kbps) For example: boston_vrf:0;0;64901;10;10.0.0.0/8:0:0 6. In the File Upload window, browse to and select the import file containing the group definitions. 7. Click OK. 8. Associate VRF Group definitions to each physical interface.
869
nGeniusONE 5.4.1 Online Help Topics Note: • If the import file contains a group name that currently exists in your system, groups information is updated. • The system automatically generates a VRF Group ID for internal use. Exporting VRF Group Definitions in nGeniusONE You can export group definitions from the VRF Groups tab in one nGeniusONE Server and subsequently import the file to another same-version nGeniusONE Server: 1. From the nGeniusONE console, click the
Global Settings icon.
2. Click Locations > VRF Groups tabs. 3. Select the groups you want to export. 4. Select Export VRF Groups. The proper format to add an imported VRF Group follows with a colon (:) as delimiter: Name:Router Descriptor:DTE Speed (Kbps):DCE Speed (Kbps) For example: Shrewsbury:10.20.160.8/32;3500;10.20.160.0/24:5000:5000 Note: If you read the import file, it lists each VRF Group entry this way: Name:Descriptor_Type _;_;Descriptor_IP_Addr;Assigned #;Subnet:DTE_Speed:DCE_Speed For example: Shrewsbury:1;0;10.20.160.8/32;3500;10.20.160.0/24:5000:5000 5. Click
Save File and OK.
Note: If the name of an imported group is identical to an existing name, the group information is overwritten. Associating VRF Group Definitions with a Device After you configure VRF Groups in Global Settings > Locations > VRF Groups, you must associate the definitions with an appropriately-configured physical interface on the data source. The data source creates a virtual interface for the group only when the physical interface detects network traffic that matches the group definition. To download VRF Group virtual interface definitions to the probe: 1. From the nGeniusONE Console, launch
Device Configuration.
2. Select the Devices tab. 3. Double-click the appropriate device. 4. Select the physical interface configured for VRF Group Monitoring, and from the Select monitoring options drop-down menu, click Associate VRF Groups. Note: If the button is inactive, or does not display, ensure you have properly configured the selected interface on a supported device.
870
CONFIGURING AND MANAGING nGeniusONE 5. Select one or more sites (Shift-click or Ctrl-click for multi-select groups) to associate with the selected interface. 6. Click Modify. You can use the same procedure to disassociate multiple groups if required. 7. Modify the speed of one or more groups by doing one of the following: • Enter a new speed value for the group and click the
Associate check box.
• Modify the speeds for several interfaces. You can save time by importing a file listing the desired speeds. Or, select the interfaces, click new values, and click the Associate check box.
Modify, enter
8. Click OK. The Edit dialog closes. 9. Click OK. The Associate VRF window closes and the group definitions are downloaded to the selected physical interfaces. VRF Groups definitions download and apply only to physical and flow interfaces that you configured for VRF Group monitoring. Modifying VRF Groups in nGeniusONE Use this procedure if you want to modify definitions of VRF Groups. 1. From the nGeniusONE console, click the
Global Settings icon.
2. Click the Locations > VRF Groups tabs. 3. Select the group name and click
Modify the selected VRF Group.
4. Select and modify the appropriate parameters, including speeds, type, and route descriptors. 5. Click OK. 6. Click Apply to save your changes. 7. Associate the group definitions to the appropriate physical interfaces. Deleting VRF Groups in nGeniusONE To delete VRF Group definitions: 1. From the nGeniusONE console, click the
Global Settings icon.
2. Click the Locations > VRF Groups tabs. 3. Select the appropriate group definition and click definition.
Delete the selected VRF
4. Click Yes to confirm the deletion. 5. Click OK. The group is automatically disassociated from all monitored elements, a relearn occurs, and the group definition is deleted.
871
nGeniusONE 5.4.1 Online Help Topics VRF Groups Tab in nGeniusONE Getting Started Monitoring VRF Groups The table below describes functionality displayed in the Global Settings > Locations > VRF Groups tab and add/modify/delete dialog boxes. • Maximum number of VRF Groups=4000 • Maximum number of Route Descriptors across all VRF Groups=128000 (32 RDs/Group * 4000 Groups) Icon
Description Add a VRF group Modify the selected VRF Group Delete the selected VRF Group(s) Export, Import VRF Groups
/ /
/
Show, Hide, Reset the filter Refresh the view
Column
Description
Name
The group name
ID
The system-generated ID assigned to the group
DTE Speed (Kbps)
The DTE speed configured when the group was created.
DCE Speed (Kbps)
The DCE speed configured when the group was created.
Type
The VRF Group version, described below.
Route Descriptors
A maximum of 32 Route Descriptors (RDs) can be displayed per group. Each RD is unique across all groups (not just within a group). • Type 0 (large enterprises)— Includes an ASN number, Assigned Number, and Subnet (optional). Each Route Descriptor for this type displays as ASN#:Assigned# (if a number is entered) or ASN#: (if no number is entered). Examples 1234:45,5001:,4502:6000 • Type 1 (small to medium-sized enterprises) — Includes the router IP Address, Assigned Number, and subnet (optional). Each Route Descriptor for this type displays as IP Address:Assigned# (if a number
872
CONFIGURING AND MANAGING nGeniusONE is entered) or Address#: (if no number is entered). Examples 192.168.45.33/20,192.168.67.45/30:6000 Show/Hide Task Progress Report arrow
Additionally, right-clicking an entry in the list displays a Modify menu item to change settings and Delete menu item to remove the entry. Identifying Traffic by Autonomous System Number in nGeniusONE An Autonomous System (AS) is a group of one or more IP networks operating under a single administrative authority and using a common routing policy. Although an AS can include all networks within a company, university, or service provider, many organizations utilize more than one AS. Where more than one AS exists in an organization, each is independent with respect to routing policies. Each AS is identified by a 16-bit address known as an Autonomous System Number (ASN). ASNs can be public or private. Public ASNs are globally unique, with assignment and management handled by the American Registry for Internet Numbers (ARIN). Private numbers fall into a reserved range (64512-65535) that is not visible on the Internet. The ASN is used by the routing protocols that control traffic flow between the Autonomous Systems on the internet (for example, BGP — the Border Gateway Protocol). For network engineers working in enterprise environments, viewing traffic statistics by ASN can be useful. If the real interest is AS traffic to and from peer Autonomous Systems and the systems beyond, individual internal IP addresses may prove to be unwanted clutter. Additionally mapping IP addresses to Autonomous Systems, particularly external addresses, can be problematic. Flow interfaces can be configured to replace the IP addresses typically seen in RMON host and matrix data with ASNs. Doing so allows you to access the same network and application layer host and conversation statistics normally seen, aggregated by AS. Note: Not all flow export protocols and not all versions of those protocols report ASNs. ASNs are not supported in NetFlow v1. You can configure flow interfaces on NetScout probes to provide statistics by ASN to the nGeniusONE Server using NetFlow. For detailed information on how to configure ASNs on the probe, refer to the flow_options command in the nGenius Agent Administrator Guide for CDM/ASI. Note: If a flow interface on monitoring device is enabled for ASNs, that flow interface does not display IP Addresses. For more in-depth information on Autonomous Systems and Autonomous System Numbers please consult related specifications (RFC1930) and other available resources (ARIN.net). Configuring Flow Interfaces on Routers, InfiniStreams, and Collectors
873
nGeniusONE 5.4.1 Online Help Topics
Modifying VRF Group Speeds Modifying the Speed of VRF Group Virtual Interfaces in nGeniusONE When the nGeniusONE Server first detects a VRF Group, the virtual interface speed is automatically set to trunk speed by default. You can optionally modify the speed to obtain a more accurate representation of virtual interface throughput. You can modify the speed of a VRF Group virtual interface in the following ways: • Modify speeds globally — You can modify VRF Group speeds globally if you want to associate the same speeds with all device interfaces. If you want to associate different speeds with different Monitored Elements, do not modify the site speed in the VRF Groups tab. • Modify speeds for individual interfaces — You can modify the speeds for individual interfaces in the following ways: o Modify the speed of one or a few individual VRF Group virtual interfaces by configuring the new speed in Device Details. o Export a file containing group speeds and associations based on those configured for an individual interface. o Subsequently import the file to other selected interfaces. This method is appropriate if you want to configure several interfaces identically. You can import a file exported from a same-version nGeniusONE Server only. Exporting VRF Group Virtual Interface Speeds and Associations You can modify speeds and associations for multiple VRF Groups most efficiently by modifying one virtual interface, exporting the definition, and then importing the definition to other groups. To export speeds and associations: 1. Click the
Device Configuration icon.
2. Select the Devices tab. 3. Double-click the supported device. 4. Select the physical interface, and from the down menu, click Associate VRF Groups. 5. Select one or more VRF groups and click supported in *.csv format.
Select monitoring options dropExport Associations. Export files are
6. Browse to your target location, click Save File and click OK.
874
CONFIGURING AND MANAGING nGeniusONE Importing VRF Group Interface Speeds and Associations You can modify speeds and associations for multiple VRF Groups most efficiently by modifying one group virtual interface, exporting the definition, and then importing the definition to other groups. To import group speeds and associations: 1. From the nGeniusONE Console, click
Device Configuration.
2. Select the Devices tab. 3. Double-click a supported device. 4. Select the physical interface, and from the Select monitoring options dropdown menu, click Associate VRF and click OK. 5. Select the Locations > VRF Groups tabs. 6. Select a group. 7. Click Import VRF Definitions. Export files are supported in *.csv format. The proper format for imported VFR Groups is: Name:Router Descriptor:DTE Speed (Kbps):DCE Speed (Kbps) 8. Browse to your target location and click Import.
875
nGeniusONE 5.4.1 Online Help Topics
Handset Groups Getting Started Monitoring Handset Groups Users granted the Network Administrator role can configure Handset groups. Handsets not included in a group display as Handset Group Other in views. NetScout Systems provides a list of approximately 900 groups. To get started configuring Handset Groups: 1. Configure handset monitoring on the nGenius InfiniStream appliance. 2. Add Handset Groups: • Add individual groups • Import multiple groups 3. (Optional) Modify Handset Groups
Adding a Handset Group Users granted the Network Administrator role can add Handset groups. To add Handset groups: 1. From the nGeniusONE console, click the
Global Settings icon.
2. Click the Locations > Handset tabs. 3. Click
Add a handset group.
4. Enter a unique Name for the group. For example: CDMA2K_HG1 Names can include a maximum of 50 alphanumeric characters and/or spaces. With the exception of the forward slash (/), special characters are not allowed. The handsets per group limit is 500 and group limit is 65,000. 5. From the drop-down list, select one of the following Network Types: • GSM/GPRS or LTE (default) • CDMA2K 6. Configure options appropriate to the type you selected. You must enter all options in hexadecimal notation. No spaces are allowed. 7. (Optional) Click Add to configure additional options. 8. Click OK. 9. Click Apply to save your configuration.
Add/Modify Handset Groups Name: Enter a unique name for the group, for example: CDMA2K_HG1. Names can have a maximum of 50 alphanumeric characters and/or spaces. Rules governing the use of special
876
CONFIGURING AND MANAGING nGeniusONE characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all. Network Type: From the drop-down list, select one of the following network types: • GSM/GPRS or LTE (default) • CMA2K Options: Configure the following options, depending on the network type you selected: Network type
Options
GSM/GPRS or LTE
Enter the unique Handset ID using hexadecimal notation. No spaces are allowed. You can configure: • 500 handsets per group • 65,000 handset groups
CDMA2K
Mobile devices are identified by an Electronic Serial Number (ESN) or a Mobile Equipment Identifier (MEID). Because the same Manufacturer ID can be assigned to more than one manufacturer, the Start Range and End Range for each group of device serial numbers must also be identified. When gaps exist in the serial number start-end range, enter the Manufacturer ID for each range as required. Example Manufacturer ID
Start Range
End Range
1342af
324d
113e10
1342af
ba7e55
e8455
1342af
1254e51
14444454e
234a
324
555555
Enter the following using hexadecimal notation (no spaces are allowed): • Manufacturer ID • Start Range • End Range You can configure: • 500 ranges per group • 65,000 handset groups Handset
Clicking Add a handset opens a dialog box to permit adding an individual handset to the handset group.
877
nGeniusONE 5.4.1 Online Help Topics
Handset Tab Getting Started Monitoring Handset Groups The Handset tab in and displays. Icon
Global Settings > Locations provides the following functionality Description Add a handset group. Maximum supported: 65,000 handsets. Modify the selected handset definition Delete the selected handset definition
/ /
Export, Import handset definitions /
Show, Hide, Reset the filter Refresh the display
Column
Description
Name
The handset group name
Handsets (GSM/GPRS) LTE
The unique Handset ID expressed in hexadecimal notation The unique Handset ID representing the Manufacturer ID, start range and end range expressed in hexadecimal notation. Because the same Manufacturer ID can be assigned to more than one manufacturer, the Start Range and End Range for each group of device serial numbers is also required. When gaps exist in the serial number start-end range, the Manufacturer ID for each range is included. Example
Handsets (CDMA2K)
878
Manufacturer ID
Start Range
End Range
1342af
324d
113e10
1342af
ba7e55
e8455
1342af
1254e51
14444454e
234a
324
555555
CONFIGURING AND MANAGING nGeniusONE
Additionally, right-clicking an entry in the list displays a Modify menu item to change settings and Delete menu item to remove the entry.
Modifying a Handset Group Users granted the Network Administrator role can modify Handset Groups. To add handset groups: 1. From the nGeniusONE console, click the
Global Settings icon.
2. Click the Locations > Handset tabs. 3. Click
Modify the selected handset definition.
4. Modify entries as required. Click OK if you modified the handset number. 5. Click OK again to close the Modify dialog box. 6. Click Apply to save your configuration. Note: The nGeniusONE Server automatically generates a Handset Group ID for internal use.
Deleting a Handset Group You must be granted the Network Administrator role to perform this procedure. 1. From the nGeniusONE console, click the
Global Settings icon.
2. Click the Locations > Handset tab. 3. Select the appropriate group and click definition.
Delete the selected Handset
4. Click Yes to confirm your action. 5. Click OK.
Exporting Handset Groups You can export group definitions from the Handset tab in one nGeniusONE Server and subsequently import the file to another same-version nGeniusONE Server: 1. From the nGeniusONE console, click the
Global Settings icon.
2. Click the Locations > Handset tabs. 3. Select the groups you want to export. 4. Click
Export handset definitions.
5. Enter a filename using a *.dat extension. 879
nGeniusONE 5.4.1 Online Help Topics 6. Save the file to your target location. Notes: If the name of an imported group is identical to an existing name, the group information is overwritten with the new information.
Importing Handset Groups You can import Handset Groups using a file you previously exported from another system or by creating an import file. Note: • If the import file contains a group name that currently exists in your system, the group information is updated. • The system automatically generates a Handset Group ID for internal use. To import group definitions: 1. From the nGeniusONE console, click the
Global Settings icon.
2. Click the Locations > Handset tabs. 3. Click
Import handset definitions.
4. Browse to and select the import file. You can import a file you previously exported from another system or a file you created manually: • Exporting Handset Groups • Creating a File to Import Handset Groups 5. Click Import handset definitions. 6. Click OK and Apply to save your configuration. The Task Progress Report dialog displays to gauge the import's performance and total number of handset groups imported.
Creating a File to Import Handset Groups You can save time when adding several Handset Groups by creating and importing a *.dat file listing group options. It is essential that the syntax of the import file be correct. If the format or syntax for any group is incorrect, an error message displays and the file does not import. Correct any errors before attempting to import the file again. You can: • Manually create a file by listing handsets in an import file • For GSM/GPRS you can create a file by cutting and pasting handset groups from the GSM.dat file To manually create the file: 1. Create a new text file using a text editor. 2. Enter the required information using the following syntax (one entry per line): Syntax Syntax
880
CONFIGURING AND MANAGING nGeniusONE CDMA2K: GroupType=1 for all members GroupName1:GroupType(which GroupName1:GroupType(which GroupName1:GroupType(which GroupName2:GroupType(which GroupName2:GroupType(which
is is is is is
1);ManufacturerID;StartRange;EndRange 1);ManufacturerID;StartRange;EndRange 1);ManufacturerID;StartRange;EndRange 1);ManufacturerID;StartRange;EndRange 1);ManufacturerID;StartRange;EndRange
Examples: UTSTARCOM-CDM8615PPS:1;4;cc4034;cc6f29 UTSTARCOM-CDM8615PPS:1;4;cc6f44;cc6f44 UTSTARCOM-CDM8615PPS:1;4;cc6f5d;ccdc41 ALLTEL-A_PC5740:1;4;d519d0;d51ca8 ALLTEL-A_PC5740:1;4;d51cb5;d534b5 GSM/GPRS: GroupType=2 for all members GroupName1:Group Type(which is 2);Handset ID GroupName1:Group Type(which is 2);Handset ID GroupName2:Group Type(which is 2);Handset ID Examples: Apple-iPhone Apple-iPhone Apple-iPhone Apple-iPhone Apple-iPhone Apple-iPhone Apple-iPhone Apple-iPhone Apple-iPhone Apple-iPhone
3G (A1324):2;1197600 3G (A1324):2;1197700 3G (A1324):2;1197800 3G (A1324):2;1197900 3G (A1324):2;1198000 4 (A1332):2;1233600 4 (A1332):2;1233700 4 (A1332):2;1233800 4 (A1332):2;1233900 4 (A1332):2;12368005
Important: Do not include Handset Group ID in the syntax. 3. Save the file with a *.dat extension and close the file. 4. Import the file. For GSM/GPRS handsets, NetScout Systems provides the GSM.dat file, which is a list of Handset Groups that includes the entire database of handset entries for GSM/GPRS. You can copy entries from this file to create your own import file. To create an import file using the GSM.dat file: 1. From the nGeniusONE Server, navigate to the /rtm/bin directory and locate the GSM.dat file. 2. Back up the file before proceeding. 3. Open the file using a text editor and locate the groups you want to import. 4. Copy the groups into a new file and save it with a *.dat extension. You can rename the groups if you prefer. 5. Import the file. A Task Progress Report dialog displays to gauge the import's performance and total number of handset groups imported.
881
nGeniusONE 5.4.1 Online Help Topics
VLAN Services Monitoring Configuring VLAN Services Monitoring in nGeniusONE VLAN Services Monitoring Overview If your InfiniStream appliance is monitoring VLAN traffic but you have not configured the appliance and Global Settings as below, then data is reported but the VLAN ID is treated as unknown. Use this procedure to configure VLAN Service monitoring. 1. For each InfiniStream appliance: a. Access the Agent Configuration Utility by one of the following methods: • From the appliance command-line, run: /opt/NetScout/rtm/bin/localconsole • From the nGeniusONE server: Access
Device Configuration;
select the applicable device and click may be required).
Remote Login (password
b. Access the [7] Select Interface> [ifn] > Interface Options menu and set the following: • Toggle vifn_enable=on • Change vifn_mode= where value is VLAN or VLAN-QOS. c. Optionally override the VLAN tag to be used. By default, the outer tag is used. If your traffic has primary and secondary tags, configure the tag to be used with the set vlan_disc_type command. d. Reset the agent to restart with these changes. 2. From the nGeniusONE Console, click
Global Settings.
3. Successively click the Locations and VLAN Services tabs. 4. Optionally, from here, you can click Services by Name or Definition.
Show the filter to order a list of VLAN
5. Choose one of the following methods to add VLAN virtual interfaces: • To add virtual interfaces individually: a. Click
Add a VLAN service.
b. Enter a Name for the VLAN service. c. Click Add VLAN Level and enter a VLAN number or range from 14094. When entering VLAN levels, observe the correct format; for example: 1:3:4:5-24 or 1:3:4-5. The last level should be greater than the initial level. Overlapping levels will elicit an error message. These values will display as they are entered. d. Click OK. Add additional levels as required.
882
CONFIGURING AND MANAGING nGeniusONE e. When finished, click Apply. • To add multiple virtual interfaces: a. Click
Import VLAN services.
b. Locate the data file in the browser dialog box and click Open. c. Click OK. d. Click Apply. 6. (Optional) To modify an existing VLAN Service: a. Select a VLAN Service from the list. b. Click
Modify the selected VLAN service.
c. Edit the Name and/or select Modify VLAN Service. d. Delete or modify one or more VLAN Levels. e. Click OK. f. Click Apply. 7. (Optional) You can click
to delete a VLAN Service.
Understanding VLANs A VLAN is a collection of ports on a switch that an administrator has defined as a virtual LAN. Switches usually collect only mini-RMON data, but you can receive RMON and RMON 2 data by connecting an nGeniusONE data source to an analyzer port or trunk. It is important to know how the nGenius data source is receiving the VLAN information because it determines how you can view the VLANs. An nGeniusONE data source can detect VLANs on a switch by attaching to the: • Analyzer port — Data comes directly from the switch and is sent to the nGenius data source on the analyzer port. If using this configuration, you can view VLANs by selecting Device Configuration, double-clicking the desired device, choosing the interface that contains VLANs, and clicking the
Virtuals button.
• Trunk — When an nGenius data source is connected to a trunk, the nGeniusONE Server learns the VLANs on the switches directly from the data source. You can view VLANs by selecting Device Configuration, double-clicking the desired device, choosing the interface that contains VLANs, and clicking the
Virtuals button.
VLAN Services Monitoring in nGeniusONE VLAN Services Configuration Stacked VLAN Services monitoring supports mapping your VLAN services to VLANs and discrete VLAN levels on your network. You can define traffic in a virtual network by a variety of ways according to the connection ports on the switch, MAC addresses, source IP addresses, or by protocol type where all hosts are grouped using the same protocol on the
883
nGeniusONE 5.4.1 Online Help Topics network. Practically speaking, you can order and monitor traffic by type of VLAN service, company department, subnet, or physical location in a manner reflected in the table below. Because the VLAN ranges required by different users on the network might overlap, assigning a unique range of VLAN IDs to each user would restrict user configurations and could easily exceed the VLAN limit of 4094. But with stacked VLANs, a unique VLAN ID expands the VLAN space for users who have multiple VLANs. From the perspective of a service provider, the primary benefit of stacked VLANs is a reduced number of VLANs supported for the same number of customers. nGeniusONE supports VLAN Services data for VLAN-configured virtual interfaces and are displayed in all QOE views of associated monitors. Also, drill downs to Packet Decode are available since VLAN tags are applied at the packet level. Refer to the table below for sample values. VLAN Service
VLAN Level 1
VLAN Level 2
VLAN Level 3
VLAN Level 4
Broadband DSL
1021
10-20
100
288
Broadband FTTH
100-200
30-40
1
188
Marketing
350
350
350
350
IPTV
444
444
444
444-555
65th Floor Boston
27
57-89
68
32
192.168.55.91/64
36
5
49
45
The range of VLANs supported is 1-4094. The total number of service entries supported is 1024 and the total number of service levels per entry permitted is 32. VLANs are grouped as VLAN tags, organized under four VLAN Levels, which are applied during configuration in Device Management. Following configuration, these VLAN tags are displayed in the Definition column of the VLAN Services screen as a set of VLANs separated by colons, as shown in the following example cited in the above table: 350:350:350:350 The VLAN Services dialog also includes VLAN tag names and their unique auto-generated Group ID. How you group VLANs can indicate their function. For example, the following VLAN tag would indicate VLAN Level 1, 2, and 3 service at the 65th Floor - Boston facility, according to the table above: 27:57-89:68
VLAN Services Tab Configuring VLAN Services Monitoring Functionality to add, modify, delete, filter, import, export and view VLAN Services in Global Settings > Locations is described in the table below.
884
CONFIGURING AND MANAGING nGeniusONE
Icons
Description Adds a VLAN Service. In the dialog box, the icon Adds a VLAN Level listed under Definition. For example: 1:3:4-5 Modifies a VLAN Service Deletes a VLAN Service
/
Shows or hides the filter Resets the filter to the default setting
/
Imports/Exports a VLAN Service Refreshes the table view
Column Name Definition
Description User-defined name of the VLAN Service User-defined values for the VLAN Service. For example: 10-20
Additionally, right-clicking an entry in the list displays a Modify button to change settings and Delete button to remove the entry.
885
nGeniusONE 5.4.1 Online Help Topics
Cell Sites Add/Modify Cell Sites in nGeniusONE Servers managing appliances configured to collect mobile traffic containing cell site data can be configured to display a custom name instead of the Cell Site ID in applicable nGeniusONE modules. Optionally, you can also associate a Cell Site name with a specific LA-RA/BSID name. For example, if the same Cell Site ID is associated with more than one physical or virtual interface, you can differentiate the data by associating each interface with a separate name. Note: Cell Sites are applicable when the InfiniStream appliance is configured to monitor LA-RA, TAC, or BSID virtual interfaces. This tab supports the following actions: • •
• •
Add a Cell Site (see procedure below) Modify the selected Cell Site ID. (The name cannot be modified. To change a name, delete the entry and add it again). Delete the selected Cell Site(s). Click Yes to confirm deletion. Import Cell Site IDs/LA-RA/BSID Names. You can import a previously-exported file or create a new file. Syntax To manually create the import file: 1. Create a new text file using a text editor. 2. Enter the required information using the following syntax (one entry per line): CellName:CellID:Monitored_Element_Name (optional) • Monitored_Element_Name is supported for LA-RA/BSID virtual interface names only • If you do not include a Monitored_Element_Name, you must include the terminal delimiter (:) Example: MyCellName:300290:mytestProbe:if3:LA-RA:20909 MyCellName2:300291: 3. Save the file with a *.dat extension and close the file.
•
Export Cell Sites. You can then import the file into another system.
To add a Cell Site: 1. From the nGeniusONE Console, click the 2. Select the Locations > Cell Sites tabs.
886
Global Settings icon.
CONFIGURING AND MANAGING nGeniusONE
Add a Cell Site.
3. Click
4. In the Add Cell Site dialog box, configure the following: • Name — The designation for the Cell Site expressed in this format: :if number:::. Special characters are not allowed. (Optional) You can enter a LA-RA/BSID name to differentiate data when the same Cell Site ID is running on more than one interface. This applies to LARA/BSID virtual interface names only. • ID — The Cell Site tower identifier. For example: 41324-240:2802 • Monitored Element Name — The designation of a configured monitored element. Clicking this field opens the Monitored Elements dialog box from which you can select one or more monitored elements and, when done, click OK. This screen includes a filter with which you can quickly search for and select monitored elements by Name, Full Name, Alias, IP Address, Speed, Device Category, or Interface Category. 5. Click OK to save your configuration.
Cell Sites Tab The Cell Sites tab, under Global Settings > Locations, supports the functions described in the table below. Icon
Description Add a Cell Site Modify the selected Cell Site Delete the selected Cell Site /
/
/
Show, Hide and Reset the filter
Import/Export Cell Sites Refresh the view
Parameter
Description
Cell Site Name
The designation for the Cell Site.
Cell Site ID
The Cell Site tower identifier.
Monitored Element
Name of the device:interface where the cell site tower is located.
887
nGeniusONE 5.4.1 Online Help Topics Name Show/Hide Task Progress arrow Add Cell Site Dialog Box Name
Enter a designation for the Cell Site. Special characters are not allowed.
ID
Enter a Cell Site ID. For example: 41324
Monitored Element Name
A MEL entry you can choose from the pop-up list that displays when you click on this field.
Additionally, right-clicking an entry in the list displays a Modify menu item to change settings and Delete menu item to remove the entry.
888
CONFIGURING AND MANAGING nGeniusONE
PLMN Configuring the Public Land Mobile Network (PLMN) A Public Land Mobile Network (PLMN) supports wireless telecommunications, interconnecting with other PLMNs and fixed, wired Public Switched Telephone Networks (PSTN). They facilitate telephone communications as well as data and Internet access by Internet Service Providers. PLMN locations are identified in nGeniusONE by their Mobile Country Code (MCC) and Mobile Network Code (MNC). For example, the displayed PLMN ID "311 270" represents USA and Verizon Wireless. Additional support to monitor inbound and outbound roaming is provided by the choice of Home, Visited, or dual PLMN Modes. Monitoring roaming calls is valuable to: • track a subscriber's home PLMN from a visited PLMN, • authenticate a subscriber from the visited PLMN, and • measure shared revenue generated by roaming charges between the visited and home PLMN. Home PLMNs are composed of the combined MCC and MNC of the home network as extracted from the International Mobile Subscriber Identity (IMSI) number while the visited PLMN consists of the combined MCC and MNC of the visited network as extracted from the message, such as LA-RA. nGeniusONE handles PLMNs similar to how Site or Site-APN location keys are managed since PLMN definitions are downloaded to the InfiniStream as a Site. They can be added, modified, deleted, imported, exported, filtered and sorted in Global Settings > Locations > PLMN. Links supported for Home and Visited PLMNs include: • Gp (Gn interface deployment), • S6a (IMS interface deployment), • S11, • S2b, and • S5/S8. The following PLMN modes are provided to support home and visited PLMNs. Configuration of these modes is performed on the appliance using the Agent Configuration Utility. PLMN Type
Virtual If Type
Handling by nGeniusONE
27
HPLMN-APN
Site-APN
Site definition replaced by the Home PLMN ID.
28
VPLMN-APN
Site-APN
Site definition replaced by the Visited PLMN ID.
26
VPLMN-HPLMN
Site
- Client Site replaced by Visited PLMN ID.
PLMN Option #
889
nGeniusONE 5.4.1 Online Help Topics - Server Site replaced by Home PLMN ID. Refer to the table below for supported functionality. Icon/Column
Description Add a PLMN. Maximum allowed: 100,000. Modify PLMN. Delete the selected PLMN.
/
/ /
Show/Hide/Reset the filter of PLMNs. Import/Export PLMN definitions (.DAT file format) for a PLMN. Refresh the screen.
Name PLMNs (Mobile Country Code/ Mobile Network Code)
List of PLMNs you configured. The PLMN MCC and MNC codes. MNCs correspond to mobile operators. Maximum number of PLMN IDs permitted per PLMN definition: 64 Sort the PLMN list in ascending or descending order by clicking the arrow next to the column headings. Go to the Page number of your choice. This feature is useful when choosing from a long list of PLMNs.
Configuring PLMNs To configure a PLMN: 1. From the nGeniusONE Console, access 2. Click Add a PLMN. 3. Enter a Name for the PLMN.
890
Global Settings > Locations > PLMN.
CONFIGURING AND MANAGING nGeniusONE
4. In the PLMN List pane, click codes, and click OK.
Add PLMN, enter the applicable MCC and MNC
5. Click Apply to save your configuration. 6. Once traffic begins flowing over the link, you will be able to observe PLMN metrics in the nGeniusONE monitors. Importing Multiple PLMN IDs To import PLMN definitions in bulk, perform the following procedure: 1. Use a text editor to create a .DAT file using these first three lines: # DO NOT REMOVE THESE COMMENT LINES # version="2.0" # fieldDelimiter=";" 2. Add PLMN IDs with this syntax: ;; For example: # DO NOT REMOVE THESE COMMENT LINES # version="2.0" # fieldDelimiter=";" # Name;MCC MNC; Total Speed (Kbps) Afghanistan-AWCC; 412 01;100 Afghanistan-Roshan; 412 20;100 Belgium-Proximus; 206 01;1000 Belgium-Proximus; 206 02;2000 3. Save the PLMN definition file. 4. In
Global Settings > Locations > PLMN, click
Import PLMN definitions.
5. A file browser is launched which you use to locate and select the PLMN file for import.
891
nGeniusONE 5.4.1 Online Help Topics
Groups Tab Groups Tab Using the Groups tab accessed from Global Settings, Network Administrators can conveniently configure Application and QoS groups, and CompIDs. Group definitions are downloaded to each nGeniusONE data source when it is added, relearned or restarted. When you save changes to these settings, your modifications are applied globally to all data sources in the environment. Tabs The Groups tab includes several sub-tabs that provide you with one convenient location to configure the following types of groups: • Applications — nGeniusONE provides several default Application Groups. If the default groups do not meet your needs, you can create your own groups and associate them with applications of your choice. • QoS — Reduce unwanted data by creating QoS interfaces based on groups rather than individual QoS values. • CompID — Identifies the device within a customer's environment which exchanges trade orders using the FIX protocol. Adding CompIDs simplifies the identification of traffic on the Trading Monitor.
Configuring Interface Groups Configuration of Quality of Service, Sites, APN, VRF Sites, Handset, VLAN Services, and Cell Sites groups is supported for more convenient and efficient monitoring and maintenance under the Locations tab in Global Settings. Included in the Groups tab of Global Settings, aggregation of individual QoS group members is supported with configuration settings for a QoS name, Speed, QoS Levels, and associations. Group definitions are downloaded to each nGenius data source when it is added, relearned or restarted. When you save changes to these settings, your modifications are applied globally to all data sources in the environment. Important: Virtual interface types must be enabled per interface in the InfiniStream Agent Configuration Utility and you must be a Network Administrator to perform this procedure. Important: Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all. The Locations and Groups tabs include several sub-tabs to configure the following group types. Configuring QoS Groups Configuring monitoring for QoS allows network administrators to prioritize network traffic based on different levels of service assurances. Network administrators can assign: • One type of traffic priority over other types of traffic
892
CONFIGURING AND MANAGING nGeniusONE • Actual levels of quality with respect to network bandwidth or end-to-end delay You can monitor individual QoS levels or create QoS groups to monitor several QoS levels at once. Grouping QoS levels allows you to reduce the number of QoS virtual interfaces. QoS provides network administrators with a set of tools they can use to enforce certain assurances that a minimum level of services will be provided to certain traffic. Many protocols and applications are not critically sensitive to network congestion and can be adjusted accordingly. For example, File Transfer Protocol (FTP), has a rather large tolerance for network delay or bandwidth limitation and need not be assigned a high QoS level. To configure a QoS Group on the nGeniusONE Server: Note that configuration of QoS Group support also requires that monitoring devices are configured to monitor QoS and QoS Groups. 1. From the nGeniusONE console, select
Global Settings.
2. Click the Groups > QoS tab. 3. Click
Add a QoS Group.
4. Enter a Name for the group. 5. Enter a Speed (percentage of the parent interface link speed) to be used for interfaces within the group. Note: You can set a speed override for an individual interface in Device Configuration > Devices and clicking the
Virtuals icon..
6. Select at least one level from the list of available QoS levels, and click the arrow to associate the levels with the new group. Click and drag, Ctrl-click, or Shift-click to select multiple levels. Note: Because a level can belong to only one QoS group, any previously-assigned level is removed from the list. 7. Click OK then Apply to save your configuration. Configuring Site Groups Site monitoring allows you to monitor remote Site links that are enabled with inaccessible topologies such as Channelized Links, Encryption/Compression, IP-Enabled Frame, MultiProtocol Label Switching (MPLS), Private IPs, and Virtual Private Networks. (VPN). By default, a Site virtual interface is created only when an appropriately configured physical or flow interface detects network traffic that matches a Site definition. Optionally, you can configure your system to create Site interfaces immediately following association with the nGeniusONE device. By using Site virtual interfaces, you can: • Segregate remote inbound and outbound office traffic for monitoring and reporting • Define link speeds to reflect bandwidth allocation for specific remote sites When a probe physical or flow interface detects traffic matching a Site definition, the monitoring device automatically creates a virtual interface on that physical or flow interface to track application, host, conversation, and QoS statistics. To configure a Site group:
893
nGeniusONE 5.4.1 Online Help Topics Note that configuration of Site group support also requires that monitoring devices are configured to monitor sites. 1. From the nGeniusONE console, select
Global Settings.
2. Click the Locations > Sites tab. Add a site group.
3. Click
4. Enter a unique site Name (also the virtual interface name). For example: Boston_Marketing. Note: Site names can have a maximum of 50 alphanumeric characters and/or spaces. With the exception of the forward slash (/), special characters are not allowed. 5. Do one of the following: • To apply the same speed to all Monitored Elements within the enterprise associated with this Site definition, enter the speed in the Total speed box. • To associate different speeds with different Monitored Elements, do not enter the speed. Instead, modify the speed for the Site virtual interface or create a .csv file to import virtual interface speeds after you add the virtual interface definition. 21. Click Add an IP Address to enter the applicable IPv4/v6 Address(es) with appended subnet mask values. Note: • (Optional) You can enter the IP address octets as zeros that the subnet mask does not cover. For example, you can enter 10.40.212.226 as 10.40.0.0 if appending a 16-bit mask, or 10.40.212.0 if appending a 24-bit mask. 22. (Optional) To add another address to the Site: a. Click Add an IP Address
.
b.Enter the next IP Address with appended subnet mask values. 23. Click OK and Apply to save your configuration. 24. Manually associate the Site definition with each physical interface. Configuring APN Groups An APN (Access Point Name) is a virtual interface representing a packet data network to which a GPRS (General Packet Radio Services) mobile device can be connected. An APN can be public (providing mobile access to the Internet) or private (providing mobile access to a company intranet, for example). When a GPRS mobile phone sets up a PDP context, the access point is selected and an APN is determined. When a physical or flow interface detects traffic matching an APN virtual interface definition, it automatically creates a virtual interface to track the application, host, and conversation statistics. However, to monitor APNs, you must configure your nGeniusONE device to associate APNs with a specific interface - APN interfaces are available for Gn, S11, S5/S8-GTPv2, S2a, Ph, and Pi physical links. By configuring APN virtual interfaces,
894
CONFIGURING AND MANAGING nGeniusONE you can define link speeds to reflect bandwidth allocation for specific APN virtual interfaces. To configure an APN Group: Note that configuration of Site Group support also requires that monitoring devices are configured to monitor APNs. 1. From the nGeniusONE console, click the
Global Settings icon.
2. Click the Locations > APN tabs. Add an APN group
3. Click
4. Enter a unique Name for the APN Site. APN Site names are case sensitive and can include alphanumeric characters and/or spaces. Commas, colons, and periods are not supported. Examples London Boston Internet For CMTS virtuals, APN names must be entered as follows: ; where: • vendor is the first six characters of the MTA manufacturer's name • Model # is the complete MTA model number Important: All characters are case sensitive. The name must appear exactly as shown in the DHCP DISCOVER packet. For example: Motoro;SBV1234 5. Enter the DTE and DCE Speeds (Kbps). 6. Enter the APN Address as defined on the GGSN (Gateway GPRS Support Node). Addresses are case sensitive. Examples wap.o2.co.uk internet.t-mobile.cz internet orangeinternet For CMTS virtuals, APN addresses must be entered as follows: ; where: • vendor is the first six characters of the MTA manufacturer's name • Model # is the complete MTA model number Important: All characters are case sensitive. The name must appear exactly as shown in the DHCP DISCOVER packet. For example:
895
nGeniusONE 5.4.1 Online Help Topics Motoro;SBV1234 7. Click OK. The new Name, APN ID, Addresses, and Speed is displayed. 8. When you finish configuring APN definitions, click Apply to save your changes. Configuring VRF Groups Virtual Routing and Forwarding (VRF) supports monitoring of BGP/MPLS (Border Gateway Protocol/Multi-Protocol Label Switching) VPN tunneled networks. VRF Monitoring allows the nGeniusONE data source to monitor specific traffic in a carrier environment where customers use similar internal IP addresses. The device can monitor the innermost MPLS labels attached by the Provider Edge (PE) routers when traffic enters the carrier network, then use these labels to differentiate the VPN tunnels into which traffic is routed. Note that configuration of VRF Group support also requires that monitoring devices be configured to monitor VRF Sites/VRF Groups. If you configured the device for VRF Sites (UMC), the labels are automatically detected. If you configured the device for VRF Groups (nGeniusONE), you must also add the group names in Global Settings, using the following procedure: 1. From the nGeniusONE console, select
Global Settings.
2. Navigate to the Locations > VRF Groups tab. 3. Click Add a VRF Group. 4. Configure these options as required. 5. Click OK. The VRF Groups tab displays the new Name, DTE and DCE Speeds (if defined), and Route Descriptors. 6. Click OK and Apply to save your changes. 7. To complete the configuration, you must associate the VRF Groups with specific interfaces. Note: You can view VRF groups and sites within nGenius Performance Manager just as you would any virtual interface. nGenius Performance Manager distinguishes these sites by the Route Distinguisher Administrator and Assigned Number sub-fields. Configuring Handset Groups With an InfiniStream appliance configured for monitoring mobile handsets, views are available for displaying data logged for handset groups. Any handset that is not a member of one of the handset groups you create is assigned to the default group "Handset Group Other". Therefore, if you do not create any handset groups, all handset data is included in "Handset Group Other" in handset views. To configure Handset Groups: Note that configuration of Handset Group support also requires that monitoring devices be configured for Handsets. 1. From the nGeniusONE console, click 2. Click the Locations > Handset tabs.
896
Global Settings.
CONFIGURING AND MANAGING nGeniusONE
Add a handset group.
3. Click
4. Enter a unique Name for the group. For example: Apple_A1325 Names can include a maximum of 50 alphanumeric characters and/or spaces. With the exception of the forward slash (/), special characters are not allowed. The limit is 20,000. 5. From the drop-down list, select one of the following Network Types: • GSM/GPRS or LTE (default) • CDMA2K 6. Configure options appropriate to the type you selected such as Handset ID (GSM/GPRS) and Manufacturer ID, Start and End Ranges (CDMA2K). You must enter all options in hexadecimal notation. No spaces are allowed. 7. (Optional) Click Add to configure additional options. 8. Click OK to close the first dialog box, OK again to close the Add Handset Group dialog box, and Apply to save your configuration. Configuring VLAN Services Stacked VLAN Services monitoring supports mapping your VLAN services to VLANs and discrete VLAN levels on your network. You can define traffic in a virtual network in a variety of ways according to the connection ports on the switch, MAC addresses, source IP addresses, or by protocol type where all hosts are grouped using the same protocol on the network. Practically speaking, you can order and monitor traffic by type of VLAN service, company department, subnet, or physical location in a manner reflected in the table below. Because the VLAN ranges required by different users on the network might overlap, assigning a unique range of VLAN IDs to each user would restrict user configurations and could easily exceed the VLAN limit of 4094. But with stacked VLANs, a unique VLAN ID expands the VLAN space for users who have multiple VLANs. From the perspective of a service provider, the primary benefit of stacked VLANs is a reduced number of VLANs supported for the same number of customers. nGeniusONE supports VLAN Services data for VLAN-configured virtual interfaces and are displayed in the Link Analysis module as well as all Quality of Experience real-time and historical views. Also, drill downs to Packet Decode are available since VLAN tags are applied at the packet level. Refer to the table below for sample values. The range of VLANs supported is 1-4094. The total number of service entries supported is 1024 and the total number of service levels per entry permitted is 32. VLANs are grouped as VLAN tags, organized under four VLAN Levels, which are applied during configuration in Device Management. Following configuration, these VLAN tags are displayed in the Definition column of the VLAN Services screen as a set of VLANs separated by colons. For example: 350:350:350:350 The VLAN Services dialog also includes VLAN tag names and their unique auto-generated Group ID. How you group VLANs can indicate their function. For example, the following VLAN tag would indicate VLAN Level 1, 2, and 3 service at the 65th Floor - Boston facility: 27:57-89:68
897
nGeniusONE 5.4.1 Online Help Topics Note that configuration of VLAN Services Group support also requires that monitoring devices be configured for VLANs, as described in the following steps. 1. Access the CDM Agent Utility by either of the methods below: • From the appliance command-line, change directory to: /opt/NetScout/rtm/bin/localconsole Device Configuration; select the
• From the nGeniusONE server: Access applicable probe and click
Remote Login (password may be required).
2. Access the Select Interface > [ifn] > Interface Options > menu and set the following: • Toggle vifn_enable=on
• Change vifn_mode= Where value matches a VLAN type. 3. Access Command-line mode to modify the VLAN monitoring type: set_vlan_disc_type stacked 4. Reset the agent to restart with these changes (navigate back to utility main menu and select the option to Reset). On the nGeniusONE server: 1. Click the
Global Settings icon.
2. Click the Locations and VLAN Services tabs. 3. Choose one of the following methods to add VLAN Service definitions. To add virtual interfaces individually: a. Click Add a VLAN service
.
b.Enter a Name for the VLAN service. There is a 50-character limit. c. Click Add VLAN Level and enter a VLAN number or range from 1-4094. When entering VLAN levels, observe the correct format; for example: 1:3:4:5-24 or 1:3:4-5. The last level should be greater than the initial level. Overlapping levels will elicit an error message. These values will display as they are entered. d.Click OK. Add additional levels as required. e. When finished, click Apply. To add multiple virtual interfaces: a. Click Import VLAN services
.
b.Locate the data file in the browser dialog box and click Open. c. Click OK and Apply.
898
CONFIGURING AND MANAGING nGeniusONE Configuring Cell Site Groups You can monitor mobile Cell Site-based information on LA-RA, TAC, and SID-NID (BSID) virtual interfaces derived from Cell Site IDs. LA-RA virtual interfaces are based on Location Area Codes and Routing Area Codes. TAC virtual interfaces are based on Tracking Area Codes. SID-NID virtual interfaces are based on Base Station ID (BSID) codes. Per mobile industry numbering specifications, the Routing Area Code (RAC) is one of two identifiers that define the Routing Area Identity (RAI). A Routing Area consists of one or more cells within a Location Area. The Routing Area Identity is composed of a Location Area Identity (LAI) and a Routing Area Code which identifies a specific routing area within a Location Area. Per mobile industry numbering specifications, the Location Area Code (LAC) is one of three identifiers that define the international value known as Location Area Identity (LAI). A Location Area is a set of Routing Areas controlled by an SGSN (Serving GRPS Support Node). The Location Area Identity is composed of the Mobile Country Code (MCC) and Mobile Network Code (MNC) of the operator, and the Location Area Code. The Location Area Code identifies a location within the Public Land Mobile Network (PLMN). If you prefer, you can assign names to Cell Sites. Optionally, you can associate a Cell Site name with a specific LA-RA/BSID name. For example, if the same Cell Site ID is associated with more than one physical or virtual interface, you can differentiate the data by associating each interface with a separate name. To configure a Cell Site Group automatically: 1. Log in to the Agent Configuration Utility and do one of the following: To configure LAC (Location Area Code) and RAC (Routing Area Code) as virtual interfaces with Gb links on your nGenius InfiniStream appliance: • Acquire Command-line mode and enter: set mobile_params gb To configure LAC (Location Area Code) and RAC (Routing Area Code) as virtual interfaces with IuPS links on your nGenius InfiniStream appliance: • Acquire Command-line mode and enter: set mobile_params IuPS To configure TAC virtual interfaces with S1-MME links (the icon for S1-MME has "S1") on your nGenius InfiniStream appliance: • Acquire Command-line mode and enter: set mobile_params s1 nas_decrypt on or set mobile_params s1 nas_decrypt off This entry depends on whether or not you want to decipher NAS (NonAccess Stratum) messages. To configure TAC virtual interfaces with S11 links on your nGenius InfiniStream appliance, enter the following. Important: NetScout recommends using the S1u interface on an S11 link (with a TAC virtual) due to S1/deciphering performance limitations. • Acquire Command-line mode and enter: set mobile_params s11 To configure Site and Site-APN virtual interfaces for S2a links on your nGenius InfiniStream appliance, enter the following: • Acquire Command-line mode and enter: set mobile_params s2a
899
nGeniusONE 5.4.1 Online Help Topics To configure SID-NID virtual interfaces for R-P links on your nGenius InfiniStream appliance, enter the following: • Acquire Command-line mode and enter: set mobile_params r-p To configure BSID virtual interfaces for P-H links on your nGenius InfiniStream appliance, enter the following: • Acquire Command-line mode and enter: set mobile_params p-h To configure S5/S8 GTPv2 interfaces on your nGenius InfiniStream appliance, enter the following: • Acquire Command-line mode and enter: set mobile_params s5_8_gtpv2 2. Restart the Agent Configuration Utility. 3. From the nGeniusONE console, click the
Global Settings icon.
4. Select the Locations > Cell Sites tabs. 5. Do one of the following: • Click Add a Cell Site
, (and skip to the following step) or,
• Instead of adding individual cell sites, Import
a file listing names/Cell
Site IDs/LA-RA/BSID Names after you first Export a name/Cell Site ID file locally. You can import a previously-exported file or create a new file. Syntax. To manually create the import file: a. Create a new text file using a text editor. b. Enter the required information using the following syntax (one entry per line): CellName:CellID:Monitored_Element_Name (optional) • Monitored_Element_Name is supported for LA-RA/BSID virtual interface names only • If you do not include a Monitored_Element_Name, you must include the terminal delimiter (:) Example: MyCellName:300290:mytestProbe:if3:LA-RA:20909 MyCellName2:300291: c. Save the file with a *.dat extension and close the file. 6. In the Add Cell Site dialog box, configure the following: • Name — The designation for the Cell Site. Special characters are not allowed. • ID — The Cell Site tower identifier. For example: 41324-240:2802 • (Optional) LA-RA/BSID Name — Enter a LA-RA/BSID name to differentiate data when the same Cell Site ID is running on more than one interface. This field is supported for LA-RA/BSID virtual interface names only.
900
CONFIGURING AND MANAGING nGeniusONE • Monitored Element Name — The designation of a configured monitored element. Clicking this field opens the Monitored Elements dialog box from which you can select one or more monitored elements and, when done, click OK. This screen includes a filter with which you can quickly search for and select monitored elements by Name, Full Name, Alias, Address, Server, Speed (Mbps), Device Category, or Interface Category. 7. Click OK twice then Apply to save your configuration.
Application Groups Application Groups Overview nGeniusONE provides several default Application Groups. If the default groups do not meet your needs, you can create your own groups and associate them with applications of your choice. In a distributed server environment, you must create Application Groups on the Global Manager system. In addition, to define groups efficiently and consistently, you can import and export Application Groups from server to server. • Creating Application Groups • Modifying Application Groups • Importing Application Groups • Exporting Application Groups • Associating applications with a group Predefined and User-defined Application Groups • To view a listing of predefined and user-defined Application Groups, select Global Settings > Groups > Application tab. • Click a group name to view the member applications.
Creating Application Groups in nGeniusONE Application groups associated with one or more applications can promote better understanding of the types of traffic on your network. For instance, you can group all Microsoft-related applications to view related data. While some protocols are assigned to predefined application groups by default, you can create your own Application Group and then associate any application with that group. Note: In a distributed server environment, you must create Application Groups on the Global Manager system. To create an application group: 1. From the nGeniusONE console, click the
Global Settings icon.
2. Click the Groups > Applications tabs. 3. Click
Add an application group.
4. In the Name field, enter a unique identifier of up to ten characters. 5. In the Description field, enter a unique description for the group.
901
nGeniusONE 5.4.1 Online Help Topics 6. Click OK and Apply to save your configuration. 7. Associate applications with your new group.
Importing Application Groups To define Application Groups efficiently and consistently, you can import and export groups from server to server. After you import the groups, you can import group application associations. To import an Application Group: 1. Create and save the import file: • If importing from a same-version nGenius Server, create an import file by exporting Application Groups from the other server. • If importing from a different-version nGenius Server, manually create an import file. 2. From the nGeniusONE console, click the
Global Settings icon.
3. Click the Groups > Application tabs and select one or more application groups. Import an application group.
4. Click
5. Browse to and select the import file. 6. Verify that the File Name displays correctly. 7. Click Open. 8. Import the applications directory to import Application Group associations.
Creating a File to Import Application Groups in nGeniusONE To define Application Groups efficiently and consistently, you can import Application Groups using two methods: • If importing from a same-version nGeniusONE Server, create an import file by exporting Application Groups from the other server. • If importing from a different-version nGeniusONE Server, use the procedure in this topic to manually create an import file. To create an import file: 1. Create a new file using a text editor. 2. Enter the required information using the following syntax (one entry per line): Syntax and Example Syntax Application_Group_Name: Application_Group_Description • One definition per line • Separate the Group Name and Description using a colon (:) Example Net_Mgmt: Network Management Services 902
CONFIGURING AND MANAGING nGeniusONE 3. Save the file with a .DAT extension. 4. After you import the file, associate it with applications.
Exporting Application Groups To define Application Groups efficiently and consistently, you can import and export Application Groups from server to server. Use this procedure if you plan to import the file to a same-version nGeniusONE server. To export an Application Group: 1. From the nGeniusONE console, click the
Global Settings icon.
2. Click the Groups > Applications tabs. 3. Select one or more applications. 4. Click
Export application groups.
5. Click Save File and OK.
Grouping Internet Categories Using Internet Categories Associating an Internet Category with an applications group helps organize your out-ofthe-box Web classifications. For example, adding Blogs, Hacking, and SocialNetwork categories to the Web Application group is sensible. Optionally, you can create a new Application group as necessary. To assign an Internet Category to a group: 1. From the nGeniusONE console, click the
Global Settings icon.
2. Click the Applications tab. 3. From the View drop-down menu, select Internet Categories. 4. Right-click one or more selections from the list. Alternately, you can select one or more categories and click the
Select monitoring options icon.
5. Click Associate Group. 6. Select a ID from the list and click OK. 7. Click Apply. Your configuration is saved and the new group this category is assigned to displays in the screen.
Associating Protocols with an Application Group Associating one or more protocols with an Application Group allows you to better understand the types of traffic flowing through your network. For example, you can group all web-related protocols and then view data for the group as a whole in the Application > Groups > Application screen. You can associate each protocol with only one group. Before you can associate a protocol with a user-defined application group, you must first create the group.
903
nGeniusONE 5.4.1 Online Help Topics To associate protocols with an application group: 1. From the nGeniusONE console, select
Global Settings.
2. Select the Applications tab and from the View drop-down menu, an area of interest, such as Enterprise. 3. Select a protocol. Shift-click or Ctrl-click to make multiple selections. Note: Do not include informational nodes such as Well Known Apps under TCP and UDP in a group selection. Informational nodes cannot be added to a group. The Associate Group option is disabled if you include an informational node in your group selection. 4. From the
Select monitoring options drop-down menu, click Associate Group.
5. Select the group you want to associate with the selected protocols and click OK. 6. Click Apply to save your configuration. The Task Progress Report displays, and in the Applications tab the group description displays in the Group column for the selected protocol.
Deleting Application Groups in nGeniusONE Before you can delete a user-defined Application Group, you must disassociate all applications from the group. To delete an Application Group: 1. From the nGeniusONE console, click the
Global Settings icon.
2. Click the Groups > Application tabs. 3. Select the group to display its members. 4. Click Modify Application for each member application and modify it to remove its association with the group. 5. Click
Delete the selected application group.
6. When prompted to confirm the deletion, click Ok to delete the Application Group. 7. Click Apply to save your changes.
QoS Groups Quality of Service Overview Configuration of Quality of Service (QoS) groups allows network administrators to prioritize network traffic based on different levels of service assurances. Network administrators can assign: • One type of traffic priority over other types of traffic • Actual levels of quality with respect to network bandwidth or end-to-end delay. QoS provides network administrators with a set of tools they can use to enforce certain assurances that a minimum level of services will be provided to certain traffic. Certain 904
CONFIGURING AND MANAGING nGeniusONE protocols are critically sensitive to network congestion but many are not. File Transfer Protocol (FTP), for example, has a rather large tolerance for network delay or bandwidth limitation. To the user, FTP simply takes longer to download a file to the target system. Although annoying to the user, this slowness does not normally impede the operation of the application. On the other hand, voice and video applications are particularly sensitive to network delay. If voice packets take too long to reach their destination, the resulting speech sounds choppy or distorted. QoS can be used to provide assured services to these applications. Differentiated Services Code Points (DSCP) are used to prioritize traffic flows in QoS enabled networks. NetScout Systems uses probes to monitor flows based on DSCP value of the flow. These flows display in real-time views. QoS Class Identifiers Support to enable collection of QoS Class Identifiers on appropriate interfaces is provided. To support use of this feature, data plane traffic must be monitored on these interfaces with the values displaying as Location Keys in Service Monitors. How is QoS Monitoring Helpful QoS can help you answer questions such as the following: • QoS has been implemented to prioritize the traffic and reduce bottlenecks. Are all the routers configured correctly with the priority choices? • QoS categories have been assigned with a set of assumptions and goals. Are the priority choices right to optimize overall network performance? • The QoS group has been in place for a number of months. How will the network be reevaluated for future changes as new applications are added to the network? You can monitor QoS at the interface level, or as a sublevel for VLAN, SITE, or VRF-SITE virtual interfaces.
Configuring QoS Groups QoS Groups Data Collection and Monitoring in nGeniusONE Configuring QoS (Quality of Service) Groups allows you to reduce unwanted data by creating QoS interfaces based on groups rather than individual QoS values. By default, QoS Groups are disabled. The nGeniusONE server manages the QoS Group configuration, and downloads the QoS Group configuration information to the device. The following conditions apply to Quality of Service (QoS) Group data collection and monitoring: • A total of 64 QoS Levels (0-63) is available for QoS Groups. Each QoS Level can be assigned to only one QoS Group. Once assigned, a particular level cannot be used in another QoS Group. For example, if you create a QoS Group named "GOLD," and add QoS Levels 30, 40, and 50 to it, these levels cannot be assigned to any other QoS Group.
905
nGeniusONE 5.4.1 Online Help Topics • Each QoS group is associated with a speed, which can be applied to the probe for utilization calculations. You can override QoS Group speeds for particular probe interfaces through the More dialog in Device Details. • For QoS levels to work properly, you must know the type of traffic you are running (DSCP, IPP, or MPLS). For example, if you set the QoS mode to DSCP on the command line, and your traffic is all IPP, then your QoS levels will be inaccurate. • If the virtual interface mode (change vifn_mode) is set to VRF-SITE, when you enable the QoS Groups option you must disable discovery. • When you add QoS Groups, the same settings are applied to all probes in the enterprise. However, you can apply QoS speed overrides to individual probes and interfaces. Enabling the Device to Monitor QoS Modifying Quality of Service Groups To modify a QoS Group: 1. From the nGeniusONE console, click the
Global Settings icon.
2. Click the Groups > QoS tabs. 3. Select the QoS Group you want to modify. 4. Click
Modify the selected QoS definition.
5. Make the required changes. You can: • Edit the QoS group Name • Modify the Speed percentage of the link • Associate additional QoS Levels with the group • Remove associated QoS Levels from the group 6. Click OK. 7. Click Apply to download the modified QoS Group to devices. You can view the Activity Log to verify that the Host Group modifications were downloaded to the probe. Adding Quality of Service Groups Add QoS Groups in the Device Configuration > Global Settings > Groups tab. You can also import QoS Groups. Before adding QoS Groups refer to QoS Groups Data Collection and Monitoring for a listing of restrictions and limitations. To add QoS Groups: 1. Review the information about QoS Group Data Collection and Monitoring. 2. Configure your probe to monitor QoS data. 3. From the nGeniusONE console, click the 906
Global Settings icon.
CONFIGURING AND MANAGING nGeniusONE 4. Click the Groups > QoS tab. 5. Click Add a
QoS group.
6. Enter a Name for the group. 7. (Optional) Enter a Speed (percentage of the parent interface link speed) to be used for interfaces within the group. If you do not enter a value, the parent interface speed is used by default. Note: You can set a speed override for an individual interface. 8. Select at least one Level from the list of available QoS levels, and click the arrow to associate the levels with the new group. Click and drag, Ctrl-click, or Shift-click to select multiple levels. Note: Because a level can belong to only one QoS group, any previously-assigned level is removed from the list. 9. Click OK. 10. Click Apply. Add/Modify QoS Groups The Add or Modify QoS Group functions are available from Global Settings > Groups > QoS. The parameters described in the following table can be configured. Parameter
Description
Name
Add or modify a name for the QoS group. Note: Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all.
Speed (% of Link)
Add or modify a Speed (percentage of the parent interface link speed) to be used for interfaces within the group. Note: You can set a speed override for an individual interface by clicking the
Levels
Virtuals icon for the specified physical interface.
Select at least one level from the list of available QoS levels, and click the arrow to associate the levels with the new group. Click and drag, Ctrl-click, or Shift-click to select multiple levels. Note: Because a level can belong to only one QoS group, any previously-assigned level is removed from the list.
Deleting Quality of Service Groups When you delete a QoS Group and apply the deletion to the probe, the probe immediately stops collecting data for the QoS Group. All information in the host and conversation tables for the QoS Group is cleared from the probe. However, nGeniusONE retains previously collected information related to the QoS Group for 31 days. To delete a QoS Group:
907
nGeniusONE 5.4.1 Online Help Topics
1. From the nGeniusONE console, click the
Global Settings icon.
2. Click the Groups > QoS tabs. 3. Select the group you want to delete. 4. Click
Delete the selected QoS definition.
5. You are prompted to confirm the deletion. Click Yes. 6. Click OK to download the deletion to the device. Creating a File to Import Quality of Service Groups You can create a file to add multiple QoS Groups to the nGeniusONE Server at once instead of adding each QoS Group separately. To create the file: 1. Create a new text file using a text editor. 2. Enter one line of information for each device, using the following format: QoS Group Name:QoS Level(s):Speed (% of Link) Examples Note: The QoS Group ID is automatically assigned when a QoS Group is added. This is the MIB ID corresponding to the QoS Level(s) associated with the QoS Group. To find the QoS group ID, go either to Global Settings > Groups > QoS Groups or Device Configuration > Devices > and click the Virtuals icon. GOLD137:1,2,3:10 BLUE:1:5 3. Save the file in *.dat, *.txt, or *.csv format and close it.
Importing Quality of Service Groups If you have many QoS Groups to add, you can speed up the process by importing a file that contains the required information. To import QoS Groups in bulk: 1. Create a file containing information about each QoS Group you want to add. 2. From the nGeniusONE console, click the 3. Click the Groups > QoS tabs. 4. Click
908
Import QoS defintions.
Global Settings icon.
CONFIGURING AND MANAGING nGeniusONE 5. In the Open window, locate and select your file. Verify that the filename displays in the File Name field. 6. Select a file type. The default is Data files (*.dat). If you saved your QoS Group Import file with a *.txt or *.csv extension, select All Files from the drop-down menu. 7. Click Import QoS Groups. Note: If the format or syntax for any QoS Group import file is incorrect, an error message displays and the file does not import. You must correct the format or syntax errors before attempting to import the file again. 8. Click Apply to download the QoS Groups to devices. Setting Speed Override, Name and Alias for QoS Interfaces By default, the nGeniusONE software automatically learns device interface speeds, as well as speeds for any QoS interfaces or groups. You can optionally override the learned speed on specific probe interfaces. Because override speeds are used in calculating utilization, it is important that they be accurately configured. Note: To override learned QoS speeds, the probe must be configured in the speed modify only mode. Refer to the appropriate agent administrator guide for details. To set speed override, name, or alias for QoS interfaces or groups: 1. From the nGeniusONE Console, launch
Device Configuration.
2. Select the Devices tab. 3. Double-click the appropriate probe. The probe must contain at least one interface configured for QoS. 4. Select the physical interface containing QoS interfaces. 5. Click
Virtuals.
Note: If the interface is not in download mode, and there are no virtual interfaces associated with the selected physical interface, Virtuals is disabled. 6. Select one or more QoS virtual interfaces. Shift-click or Ctrl-click to select multiple QoS levels. 7. Click Modify or double-click the selected QoS interfaces. For Full Duplex probes, DTE and DCE speed columns display. Note: Inline editing is not supported. 8. Click the Speed Override check box and enter a new Speed in the field provided. Also, enter a name and alias, as necessary. For Half Duplex probes, only one column will display. 9. Click OK. The dialog closes, the new speed, name, or alias displays, and a check mark in the Speed Override column indicates that you have overridden the speed learned when the device(s) was added.
909
nGeniusONE 5.4.1 Online Help Topics Note: To revert to the learned speed, deselect the the interface and click OK.
Speed Override check box for
10. Click OK to save your configuration and close the QoS interfaces dialog. QoS Tab Groups Tab Quality of Service Overview Adding Quality of Service Groups The QoS tab in
Global Settings supports the following functionality:
Icon
Description Add a QoS group Modify the selected QoS definition Delete the selected QoS definition Export, Import QoS definitions
/ /
Show, Hide, or Reset the Filter
/
Refresh the view Column
Description
Name
The group name
Levels
The QoS level associated with the group.
Speed (% of Link)
Percentage of the parent interface link speed used for interfaces within the group. If no value was configured, the parent interface speed is used by default. Show/Hide Task Progress arrow
Additionally, right-clicking an entry in the list displays a settings and
Modify menu item to change
Delete menu item to remove the entry.
Differentiated Service Differentiated service prioritizes the movement of protocols and applications over the network using a set of classification tools and queuing mechanisms.
910
CONFIGURING AND MANAGING nGeniusONE The network tries to deliver a particular kind of service based on the Quality of Service (QoS) specified by the Differentiated Service Code Points (DSCP) in each packet. Priority can be specified in different ways; for example, using the IP Precedence bit settings in IP packets or source or destination addresses. Network devices use the DSCP specification to classify, shape, and police traffic, and to perform intelligent queuing. Differentiated service is used for mission-critical applications to provide end-to-end QoS. Typically, Differentiated service is appropriate for aggregate flows because it performs a relatively coarse level of traffic classification. Differentiated Service Code Points Differentiated Services Code Point (DSCP) is a field in an IP packet that enables different levels of service to be assigned to network traffic. This is achieved by marking each packet on the network with a DSCP code and appropriating to it the corresponding level of service. The DSCP is the combination of IP Precedence and Type of Service fields. In order to work with legacy routers that only support IP Precedence, DSCP values are used because they are compatible with IP Precedence fields. For more information, refer to RFC 2474 at the RFC Editor Web Site. DSCP is a six-bit field carrying the default values displayed in the following table. Service Type
DSCP
IP Precedence
Network control
30
6
Guaranteed
28
5
Controlled load
18
3
All other traffic
0
0
Exporting QoS Groups You can export group definitions from the QoS tab in one nGeniusONE Server and subsequently import the file to another same-version nGeniusONE Server: 1. From the nGeniusONE console, click the
Global Settings icon.
2. Click the Groups > QoS tabs. 3. Select the groups you want to export. 4. Click
Export QoS definitions.
5. Enter a filename using a *.dat extension. 6. Save the file to your target location.
911
nGeniusONE 5.4.1 Online Help Topics
Viewing Quality of Service Interfaces in nGeniusONE You can view Quality of Service (QoS) levels discovered on a probe interface. You can assign the QoS level name, but the level number cannot be changed. Note: To collect QoS data, the vifn_enable option must be enabled in the probe interface. For more information about enabling this option, refer to the appropriate agent administrator guide for the probe. To view QoS interfaces: 1. From the nGeniusONE Console, launch
Device Configuration.
2. Select the Devices tab. 3. Double-click a device that supports QoS. The probe must contain at least one interface configured for QoS. 4. Select the interface enabled for QoS monitoring and click Virtuals
.
Note: If the interface is not in download mode, and there are no virtual interfaces associated with the selected physical interface, the Virtuals button is disabled. 5. Configured QoS interfaces are displayed with the Name, Alias, QoS ID, Speed Override check box, and Speed with a check mark in the Speed Override column indicating that you have overridden the speed learned when the device(s) was added. Note: To revert to the learned speed, deselect the for the interface and click OK.
Speed Override check box
If you configured vifn_mode to qos, QoS levels/groups display at the virtual interface level. Note: To sort a column, click the arrow head in the column heading. • If you configured QoS as a sub-interface (for example, vifn_mode = vlanqos), do one of the following: o In the QOS Levels pane, click Show All to display all QoS levels for the physical interface. o In the Name column, select a virtual interface; and in the QOS Levels pane, click Show Selected to display any QoS levels or groups for the virtual interface.
CompIDs Mapping CompIDs Groups Tab CompID is designed to conveniently and uniquely identify the device involved in exchanging trade orders using the FIX protocol in a customer's environment. This functionality greatly simplifies internal mapping to Sender/TargetCompIDs, replacing the earlier method of having to manually perform this task on all InfiniStreams and nGenius Servers.
912
CONFIGURING AND MANAGING nGeniusONE CompIDs function in nGeniusONE to identify endpoints in Trading Monitor and Session Analysis, which display names you define instead of IP addresses. Configuration includes: • Adding one or more CompIDs and • Enabling Extended FIS functionality on the InfiniStream. Optionally, you can import/export CompID lists instead of adding entries individually. Refer to the following table for details. Icon/Column
Description Add a CompID definition, typically a trading or exchange desk device. This definition must mirror standard CompID designations. For example, NSX, standing for the National Stock Exchange. NetScout monitors SenderCompIDs and TargetCompIDs. Maximum length: 31 characters. A maximum of 5,000 CompIDs are permitted. Important: No double-byte characters (Chinese, Japanese, Korean) are permitted. Modify the selected CompID definition. Delete the selected CompID definition.
/
/ /
Show/Hide/Reset the filter. Import/Export CompID definitions. Refresh the screen display.
CompID Description
Designation for the CompID. (Optional) A user-defined description for the CompID. Maximum length: 128 characters.
Configuring CompID 1. From the nGeniusONE console, click the
Global Settings icon.
2. Click the Groups and CompID tabs. 3. Click Add a CompID
and enter a CompID and Description.
4. Click OK. 5. Configure Extended FIS on the InfiniStream appliance to enable CompID downloads. Click here for the procedure.
913
nGeniusONE 5.4.1 Online Help Topics
SSL Keys Tab Global Settings enables configuration of the following key types:
The SSL Keys tab in • Local • HSM
Additional guidance for configuring SSL is provided in Configuring SSL and TLS Decryption in nGeniusONE.
Adding/Modifying SSL Keys - Local Tab You can add an SSL key for an HSM server from the and Local tabs. The following actions are provided: • Add SSL certificate
Global Settings icon, SSL Keys,
.
• Modify selected SSL certificate
.
• Delete selected SSL certificate
.
• Show /Hide the filter to display or hide the fields for filtering any of the parameters listed below. • Reset the filter • Refresh
to adjust it to the default view.
to refresh data in the table.
Note: right-clicking an entry in the list displays a Modify menu item to change settings and Delete menu item to remove the entry. Enter the following parameters in the Add/Modify SSL Certificate dialog box and click OK when finished. Parameter
Description
Server Label
An alias for the monitored Web server whose packets will be decrypted such as VISA Web Server.
Server IP
The IP Address of the monitored Web server whose packets will be decrypted. IPv4 and IPv6 addresses are supported.
SSL Port
The SSL port on the monitored Web server whose packets will be decrypted.
Application Port Key File
914
The port which will replace the SSL port after decryption.
The private key, .PEM file name and path to upload the key from.
CONFIGURING AND MANAGING nGeniusONE Click Browse to locate where the file was copied to.
Adding/Modifying SSL Keys - HSM Tab You can add an SSL key for an HSM server from the and HSM tabs. The following actions are provided: • Add SSL certificate
Global Settings icon, SSL Keys,
.
• Modify selected SSL certificate
.
• Delete selected SSL certificate
.
• Show /Hide the filter to display or hide the fields for filtering any of the parameters listed below. • Reset the filter • Refresh
to adjust it to the default view.
to refresh data in the table.
Note: right-clicking an entry in the list displays a Modify menu item to change settings and Delete menu item to remove the entry. Enter the following parameters in the Add/Modify SSL Certificate dialog box and click OK when finished. Parameter
Description
Server Label
An alias for the monitored Web server whose packets will be decrypted. Example: VISA Web Server.
Server IP
The IP Address of the monitored Web server whose packets will be decrypted. IPv4 and IPv6 addresses are supported.
SSL Port
The SSL port on the monitored Web server whose packets will be decrypted.
Application Port
The port which will replace the SSL port after decryption.
Key Label
The private key, .PEM file name and path to upload the key from.
ID/Label
The HSM smart card slot number where the private key is stored. ID range: 0-255
Password
The unique password used by the HSM to access this key. This value is shadowed (marked by asterisks) as it is entered.
Confirm
Re-enter the password typed in the Password field.
915
nGeniusONE 5.4.1 Online Help Topics Password
Configuring SSL and TLS Decryption in nGeniusONE The configure SSL Decryption feature supports real-time capture of ASI and ASR traffic flows as well as decoding of Secure Socket Link (SSL) and Transport Layer Security (TLS) packet data from your nGenius InfiniStream appliance. This allows you to analyze the packet data from encrypted packets by providing the decryption key. SSL and TLS are protocols that encrypt certain application data for the transport layer using asymmetric cryptography to exchange keys, symmetric encryption to maintain privacy, and message authentication codes to retain message integrity. Some applications that use SSL include: • HTTP • Applications using SSL encryption and RSA keys NetScout supports two methods of Public/Private key usage for real-time SSL/TLS packet decryption and decoding. The Local option enables storage of Public and Private Keys for this purpose. The Hardware Security Module (HSM) option, on the other hand, provides the means for using a Private Key, which is stored in an HSM device, for this purpose. NetScout provides multiple slots with login credentials for each. Click here for an overview of NetScout's HSM implementation. Without decrypting the SSL packet itself, NetScout collects ASI data as well as SSL error codes on the HTTPS protocol only. Upon successful decryption, NetScout collects ASI data on HTTP and HTTPS protocols only. Scenarios where decryption is supported include: • Resumed SSL sessions • SSL chunking/fragmentation • Certificate fragmentation • Saving decrypted payloads Scenarios where decryption is not supported include: • Encrypted SSL handshakes • Out-of-sequence SSL packets • Retransmitted packets Additionally, SSL decryption is successfully performed for conversations only when: • Handshake packets used to establish the conversation have been mined • Handshake packets include these messages: o
ClientHello
o
ClientKeyExchange
o
ServerHello
o
ChangeCipherSpec
Supported SSL and key exchange protocols, and Bulk Ciphers SSL protocol versions supporting packet analysis and decodes are: 916
CONFIGURING AND MANAGING nGeniusONE • SSL v3.0 • TLS v1.0 • TLS v1.1 Note: TLS v1.2 is supported for nGeniusONE to InfiniStream communications only. Key exchange protocols define how keys are generated and exchanged. Only RSA-type certificates are supported: • RSA — used for key exchange and authentication protocols only Supported bulk ciphers are listed below. These encryption algorithms define how data is encrypted on the wire. • RC4 • DES • 3DES • AES
Configuration Step 1: Setting Privileges and Optional Settings Perform the following tasks: 1. Optional. Locate and extract a private key (in the form of a certificate) from your Tomcat, Apache or Windows llS Web server and download it to your server (Local option only). Click here for instructions. Important: when converting a Local Server to a Global Manager, support for Name-IP Address translations requires you to include the Common Name (CN) - the Fully Qualified Domain Name - of the server in the private key.
Locating Private Key Files This section describes how to locate the private key for several common web servers, including Apache, Tomcat, and Windows IIS. If you are using a server other than these three, consult your server’s documentation for assistance locating the private key. To ensure that certificate requirements for the local .PEM file are met, be aware that the file must not be password protected nor encrypted. Apache Web Server The private key file for an Apache web server is named server.key. The easiest way to find it is simply by performing a search on the server (for example, find / name server.key on a Linux system). Once you’ve located the file, open it in a text editor to verify that it is not encrypted because encrypted keys are not supported by NetScout. An encrypted file will include a line reading Proc-Type: ENCRYPTED in the header and will need to be decrypted before it can be used. You can decrypt an encrypted key file by using the openSSL utility, which is available from www.openssl.org. For example, the following command creates a decrypted copy of server.key name decrypted_server.key:
917
nGeniusONE 5.4.1 Online Help Topics
openssl rsa -in server.key -out decrypted_server.key Enter pass phrase for server.key: [passphrase] Tomcat Web Server The private key for a Tomcat Web Server is stored in a keystore file typically named service-keystore.ks. To get the private key, you must export it from the keystore. Use the following procedure: a. Download and install the free Portecle utility from the following location:
http://portecle.sourceforge.net/ b. Open the service-keystore.ks file in Portecle. c. Locate the server’s key in the keystore, right-click it and choose Export from the context menu that appears. d. Set Key pair export types to Private Key and Certificates and select PEM as the Export Format. e. Enter the password for the private key when prompted. f.
Select the destination and filename for the private key when prompted.
Windows IIS Web Server To obtain the private key for a Windows IIS web server, you must export it from the server's certificate as a .pfx file (PKCS#12) and then convert it to .pem format. Use the following procedure: a. Start by exporting the private key from the server's certificate as a .pfx file. Refer to instructions in the How to back up a server certificate in Internet Information Services 5.0 Knowledge Base article on the Microsoft website at:
http://support.microsoft.com/kb/232136 b. Use the OpenSSL utility to convert the PKCS #12 file to PEM format. For example, the following command converts IIS_Key.pfx to a file named server.key in PEM format:
openssl pkcs12 -nodes -in IIS_Key -out server.key 2. Authorize SSL privileges for decryption and adding certificates/keys, as described below. Privileges can be assigned to different roles reflecting the nature and importance of the task at hand. For example, for decryption, you may want to assign users a SYSADMIN or NTWKADMIN-level role. For adding certificates/keys, you may want to assign a lower-level privilege such as APPROVR. a. From the nGeniusONE Console, click the icon.
Server Management
a. Select the Users and Roles tabs. b.Select the appropriate role. c. In the right-hand pane, match the Packet Analysis — SSL Admin privilege with the selected role by clicking the appropriate checkbox. Repeat the process for the Packet Analysis — SSL/IPSec Decryption
918
CONFIGURING AND MANAGING nGeniusONE privilege. Both checkboxes must be selected. Important: SSL configuration on the nGeniusONE requires that a user in only the SYSADMIN role can select the Packet Analysis-Admin checkbox. Also, in a distributed environment, a user in the SYSADMIN role can enable SSL functionality only on a Global Manager, not a Local Server. Important: When a Local Server is added to a Global Manager where the role for Packet Analysis — Decryption User is defined in SYSADMIN, the Enable Decryption User option will not be present in the Local Server Console and Local trace file decryption cannot be tested even though all configuration settings are pushed down to the Local Server from the Global Manager. d.Click Save.
Configuration Step 2: Enabling HTTPS SSL Decryption and HSM on the InfiniStream • Enable decryption of HTTPS SSL packets on your nGenius InfiniStream appliance. Be sure to restart your probe after configuring this setting. • Optional. For Thales/SafeNet HSM users only, configure software on the nGenius InfiniStream appliance (described here)
Configuration Step 3: Enabling SSL Decryption on the nGeniusONE Server Configure the SSL certificate in the Device Management module using either the Local or HSM option (described here). The Local option pushes down to and stores the private key (.PEM file) in the PM Server, then InfiniStream, then the Local decryption device. In the case of a Global Manager, the .PEM file is pushed down to and stored in the client device, then Global Manager, then all associated Local Servers, then all InfiniStreams. The HSM (Hardware Security Module) option does not distribute PEM files but does distribute the private key in a similar fashion using the PKCS11 protocol. 1. From the nGeniusONE Console, click the Global Settings icon. 2. Click the SSL Keys tab. 3. Click either the Local Decryption or Hardware Security Module (described here) tab in conformance with the type of certificate you have. Local Decryption 1. Select the Local tab and click Add SSL certificate dialog box opens.
. The Add SSL Certificate
2. Enter parameters for the following values. Refer to this Port Parameters table for supported values. Refer to the following table when entering port values in the corresponding Add SSL Private Keys dialog fields. Server Port
Application Port
919
nGeniusONE 5.4.1 Online Help Topics
443 https
80 http (tcp/udp/sctp)
636 ldaps
389 ldap
989 ftps-data
20 ftp-data (tcp/udp/sctp)
990 ftps
21 ftp (tcp/udp/sctp)
992 telnets
23 telnet (tcp/udp)
993 imaps
143 imap (tcp/udp)
994 ircs
194 irc (tcp/udp)
995 pop3s
110 pop3 (tcp/udp)
5061 sips/sip-tls
5060 sip (tcp/udp)
• Server — an alias for the monitored Web server whose packets will be decrypted such as VISA Web Server. • Server IP — the IP Address of the monitored Web server whose packets will be decrypted. • SSL Port — the SSL port on the monitored Web server whose packets will be decrypted. • Application Port — the port which will replace the SSL port after decryption. • Key — the private key, .PEM file name and path to upload the certificate from (system where the PM Client is running). 3. Click OK. 4. If you have more keys to enter, repeat the above steps. 5. If you have Hardware Security Module keys, proceed to the following section. 6. Click OK to close the dialog box.
Configuration Step 4: Setting an HTTPS Child for Decryption on the nGeniusONE Server You must add an HTTPS child application and specify a server IP address in Global Settings to complete decryption configuration on the nGeniusONE server. The HTTPS child should be a URL application. To configure an HTTPS child: 1. In Global Settings
, select the Applications tab.
2. From the View: Enterprise menu, select the HTTPS protocol and click Add Application
.
3. Enter the appropriate values and click the URL Application radio button. Take care that the URL string matches the host name exactly as it appears in the host field. 4. Click OK.
920
CONFIGURING AND MANAGING nGeniusONE
Configuration Step 5: SSL/TLS Workflows Once configured, SSL decryption is available in the following workflows: • Decode workflows launched by selecting Protocol Decode from the Packet Analysis menu. • Decode workflows launched from the nEI and nSI. • Decode workflows launched from the InfiniStream Console software. Click here for more information about performing decodes.
921
nGeniusONE 5.4.1 Online Help Topics
Business Types Tab Configuring Business Types Understanding Business Types Selecting Business Types is useful to display only those nGeniusONE user interface elements such as service monitors, applications, and Global Settings that are germane to your business needs and preferences. When applied, this procedure automatically activates all protocols associated with the Business Type selected, obviating the need to activate those protocols individually. Conversely, de-selecting a Business Type deactivates all protocols associated with that Business Type selection. To select a Business Type category or sub-category: 1. Configuring this feature requires the user to have the Administrator role. Be sure that the Global Settings Configuration and Device Configuration privileges are also applied to the role. Note that some other roles will not be able to access Global Settings unless these privileges are selected. If you want to assign configuration rights to another role, continue below, otherwise jump to Step 3. a. Click
Server Management.
b.Click the Users and Roles tabs. c. Select any user Role except NPVIEWER and click the check box the Business Type Configuration privilege.
of
d.Click Save. 2. From the nGeniusONE console, click
Global Settings.
3. Click the Business Types tab. 4. Click one or more Business Type Business Type.
check boxes. You must choose at least one
Important: applications associated with un-selected business types will be deactivated. 5. Click Apply. 6. A dialog box displays, listing the Business Types you selected. It prompts you to, either: a. Click Yes to confirm the selection and automatically activate all applications. Or, b. Click No to activate only those applications that would be active by default. This choice preserves your existing configuration. Only those applications that are active by default will be shown in the “active” view. Note: Inactivated protocols are still viewable in the “all” view. Important: for Local Server users in a distributed environment, you may need to refresh your browser to view the modified user interface. This condition may occur with standalone servers as well. To view applications based on selected Business Types:
922
CONFIGURING AND MANAGING nGeniusONE
1. From the nGeniusONE console, click
Global Settings.
2. Click the Applications tab. 3. From the View drop-down menu, make a selection. Those applications associated with that selection display. 4. (Optional) You can de-select the Active Only check box if you want to display all applications, not just those that are active. Active is the default option.
Understanding Business Types Configuring Business Types The nGeniusONE feature for selecting Business Types displays only those user interface elements such as service monitors, applications, and Global Settings that align with your business needs and preferences, filtering out those elements that do not. This more streamlined, focused, easier to configure approach toward functional display extends "core visibility" of your network from the Business Types tab in Global Settings. It includes the following support: • a set of core protocols required for network operations. These internally-enabled base applications such as DNS, HTTP and many others are always active and visible to users under the Applications tab regardless of the Business Types selected. • a set of protocol categories (listed below) and associated applications which are optional and are displayed or hidden depending on your Business Type selections. Each category can contain sub-categories. • Applications and Messages can be filtered depending on the Business Type and the application type selected. • The View drop-down menu in the Applications tab conveniently displays only the business type-associated applications you want to see. The choices are also filterable with the exception of Internet Categories. Refer to this matrix of filterable location and group keys by Business Type. Note: Enterprise (My Network, Server/Client/VIP List Communities) and QoS entries are always displayed regardless of the Business Type selected. This table lists interface pages under the Locations and Groups tabs which are filterable by business type. User Interface
Enterprise
Page
Service
Financial
Card Processing
Provider
My Network
*
*
*
*
Server Communities
*
*
*
*
Client Communities
*
*
*
*
VIP List
*
*
*
*
923
nGeniusONE 5.4.1 Online Help Topics
Sites
*
APN VRF
*
*
*
*
*
*
* *
Handset VLAN Services
*
* *
*
Cell Sites
* *
Application
*
*
*
*
QoS
*
*
*
*
Comp ID
*
• representation of Business Type data in these associated nGeniusONE monitors. Examples of monitor association to Business Type are: — Enterprise: Universal, Call Server, Database, RTP, MQ, Advanced Voice Statistics, Web Services — Service Provider: PDN Connection, Network Access, RAN (NBAP/RRC) Monitor — Financial: Trading (trade orders, market data feeds) — Card Processing: (credit card companies including AMEX, Discover, MasterCard, UNIONPAY, VISA, and AS2805) • automatic activation of all protocols associated with the Business Type selected, obviating the need to activate those protocols individually. Conversely, de-selecting a Business Type deactivates all protocols associated with the Business Type selected. • in all upgrade scenarios, all Business Types will be selected by default. • an Administrator-level role (required) for Business Type configuration (selected by default). All other roles (except for NPVIEWER) can also configure the feature but they must be selected in User Management > Roles. The Global Settings Configuration and Device Configuration privileges must also be applied to the Administrator role to configure Business Types. • the Business Type Configuration privilege (under the Roles tab) is required to choose the applications that are viewable by users. This privilege is selected by default for SYSADMIN and APPROVR roles but can be applied to other roles. • the ability to select or deselect Business Types at any time. • Enterprise is the default for nGeniusONE fresh installations. Workflow To configure and view selected Business Types: The Business Types tab in Global Settings offers the following list to choose from by selecting the appropriate check box: • Enterprise
924
CONFIGURING AND MANAGING nGeniusONE • Service Provider • Financial o o
Trade Orders Market Data Feeds
• Card Processing After clicking a protocol check box, you are prompted to activate all protocols within that Business Type category or sub-category. If you choose to activate all protocols by clicking Yes, then all protocols for that Business Type will be activated automatically. If you click No, then only those applications that would be active by default are activated. This choice preserves your existing configuration. Only those applications that are active by default will be shown in the “active” view. Note: Inactivated protocols are still viewable in the All view. The default view is Active. Important: for Local Server users in a distributed environment, you may need to refresh your browser to view the modified user interface. This condition may occur with standalone servers as well.
925
nGeniusONE 5.4.1 Online Help Topics
Voice / Video Tab Voice/Video Settings in the nGeniusONE Server - Overview Voice and Video settings for ASI flows (asi_mode=ASI or asi_mode=hybrid) settings are configured under the Voice/Video tab in the Global Settings module. This features lets users add, modify, copy, and delete threshold and profile settings under three sub-tabs: Note: These are advanced settings and, generally, the defaults need not be modified. • Thresholds — View and adjust boundaries such as acceptable/warning and warning/critical values for MOS, Jitter, and Packet Loss • Endpoint Profiles, consisting of: o defined endpoint values for Report RTCP Metrics, De-multiplex Telepresence, and De-Multiplex SSRC, audio and video codecs, and their associated settings o assigned endpoint profiles to Sites or Communities (default) within the enterprise • Processing Profiles, consisting of: o defined values such as Payload Processing, Payload Priority, and Max Payload Time o
assigned profiles to Communities or Sites.
Note: The Processing Profiles tab is displayed when the nGeniusONE server is configured with a UC Server License.
Voice/Video Settings in the nGeniusONE Server - Overview Voice and Video settings for ASI flows (asi_mode=ASI or asi_mode=hybrid) settings are configured under the Voice/Video tab in the Global Settings module. This features lets users add, modify, copy, and delete threshold and profile settings under three sub-tabs: Note: These are advanced settings and, generally, the defaults need not be modified. • Thresholds — View and adjust boundaries such as acceptable/warning and warning/critical values for MOS, Jitter, and Packet Loss • Endpoint Profiles, consisting of: o defined endpoint values for Report RTCP Metrics, De-multiplex Telepresence, and De-Multiplex SSRC, audio and video codecs, and their associated settings o assigned endpoint profiles to Sites or Communities (default) within the enterprise • Processing Profiles, consisting of: o defined values such as Payload Processing, Payload Priority, and Max Payload Time o
assigned profiles to Communities or Sites.
Note: The Processing Profiles tab is displayed when the nGeniusONE server is configured with a UC Server License.
926
CONFIGURING AND MANAGING nGeniusONE
Configuring Voice/Video Thresholds nGeniusONE provides default boundary parameters (the thresholds between Acceptable to Warning state and Warning to Critical state) for monitoring voice and video quality. For details on the thresholds, defaults, and other configuration options (including configurations for appliances configured with asi_mode=CDM or hybrid) refer to the Voice and Video Overview topic. Configuring To configure Voice/Video thresholds on the nGeniusONE server: 1. From the nGeniusONE console, select
Global Settings.
2. Click the Voice/Video tab and Thresholds sub-tab. 3. Set Jitter Mode by selecting either the Average (average of values over the entire call) or Maximum radio button. 4. Enter Threshold parameters for Short and Long Calls, and Start, Middle, and End Gaps (milliseconds). Default values are shown in the table below.
5. In the Audio and/or Video panes, enter values for IP MOS and IP MOS Degradation, Compression Degradation, Jitter, Packet Loss, Low and High Voice Level, Echo Loss, SNR, and Out of Sequence settings other than the defaults displayed in the table below regarding satisfaction levels, milliseconds, percentages, and decibels in Acceptable/Warning and Warning/Critical fields for those conditions. Audio defaults:
927
nGeniusONE 5.4.1 Online Help Topics
Video defaults:
6. Click Apply to save values to the database. 7. Optionally, enable alarms based on these thresholds. These alarms are configured using alert profiles from the Service Configuration tool. Do not use the KPI Alarm dialog.
Understanding Voice/Video Endpoint Profiles Understanding Voice/Video Endpoint Profiles Configuring Voice/Video Processing Profiles Configuring Voice/Video Thresholds Endpoint profiles control how the nGeniusONE voice and video engine assesses the associated media. You can utilize either of two NetScout-provided endpoint profiles or create new profiles by configuring a definition and then assigning that definition. The IANA (Internet Assigned Numbers Authority) considers a profile the parameters that compose a media stream, including its codec and certain criteria unique to each payload type. Since each payload type has a unique identifier, this can be used to retrieve the associated profile and determine the codec. NetScout extends the concept of a profile to allow for better detection of the type of codec used for streams with dynamic payload types.
928
CONFIGURING AND MANAGING nGeniusONE In order to accurately analyze a voice or video media stream, it is necessary to determine which codec was used to encode the content of that stream. This is done by analyzing the media packets for a specific field, called the payload type. This value, which is either in a fixed (static) number range or a dynamic range, is used to identify the codec associated with that media stream. The codec and type of payload varies depending on the type of traffic being transported. For example, an enterprise with VoIP services, or a fixed-line VoIP service provider is more likely to have traffic with static payload types. In contrast, a mobile network provider is likely to have traffic with static payload types as well as dynamically-assigned payloads associated with adaptive multi-rate codecs, and possibly video codecs. Endpoint Profile functionality on nGeniusONE is described in the table below. Endpoint Profiles Icon/Parameter/Column
Description Add a definition for the endpoint profile. Copy the selected definition of the endpoint profile. Modify the selected definition of the endpoint profile. Delete the selected definition(s) the endpoint profile. Make the selected profile the default definition.
/
/
Show/Hide/Reset the filter for endpoint profile column entries. Refresh the endpoint profile list. Definitions Screen/Dialog Box
Profile Name
Designation for the endpoint profile. Maximum definitions allowed: 10.
Default
A checkmark indicates the selection is the default. Refer to these default values for Generic, Microsoft Lync, and Video Dynamic Payload Type Mappings. Video Dynamic Payload Type Mappings Defaults Codec
Priority
PT Start
PT End
TimeStamp Clock
Resolution
Min Bitrate
Max Bitrate
H.263P (223)
3
96
127
0
CIF (352x288)
0
0
H.264
2
96
127
0
CIF (352x288)
0
0
MPEG4_Visual
4
96
127
0
CIF (352x288)
0
0
H264 (223)
Forced
122
122
0
CIF (352x288)
0
0
MS_RT_Video
Forced
121
121
0
CIF
0
0
929
nGeniusONE 5.4.1 Online Help Topics
(227) H.264 (223)
(352x288) Suppressed
97
97
0
Unknown (0)
0
0
Microsoft Lync Profile Default Values Microsoft Lync profiles share similar entries with the Generic profile excepting a few specific forced/suppressed entries.
• Calbration File: Microsoft Lync • Report RTCP Metrics: Checked • De-multiplex Telepresence: Unchecked • De-multiplex SSRC: Checked Typical values for most Microsoft Lync audio codecs are:
• Priority: 0 • PT Start: 96 • PT End: 127 • TS Clock Frequency: 0 Values for these audio codecs are as follows: Codec
Priority
PT Start
PT End
TS Clock Frequency
G.722 (211)
Forced
117
117
8000
G.722.1 (212)
Forced
112
112
0
G.726-32 (17)
Forced
116
116
0
MS_RT_Audio_Narrowband (106)
Forced
115
115
0
MS_RT_Audio_Wideband (106)
Forced
114
114
0
Redundant_Audio_Date (100)
Forced
97
97
0
Siren_16k (203)
Forced
111
111
0
Typical values for Microsoft Lync video mappings are:
• PT Start: 96 • PT End: 127 • Resolution: CIF (352x288) • TimeStamp Clock: 0 • Min bit-rate: 0 • Max bit-rate: 0 Generic Profile Default Values
• Calibration Files: Generic
930
CONFIGURING AND MANAGING nGeniusONE
• Report RTCP Metrics: Checked • De-multiplex Telepresence: Checked • De-multiplex SSRC: Unchecked Typical values for most audio mappings are:
• Priority: 0 • PT Start: 96 • PT End: 127 • TimeStamp Clock: 0 Typical values for most video mappings are:
• PT Start: 96 • PT End: 127 • Resolution: CIF (352x288) • TimeStamp Clock: 0 • Min bit-rate: 0 • Max bit-rate: 0 Calibration
Select from the drop-down menu: Generic, Microsoft Lync 2010, or Special.
Report RTCP Metrics
Click the modules.
check box to enable reporting of RTCP Metrics and display in nGeniusONE
De-Multiplex Telepresence
Click the
check box to enable this feature.
De-Multiplex SSRC
Click the
check box to enable this feature.
Codec
Available in Audio or Video. Select a Codec type from the drop-down menu.
Priority
Available in Audio or Video. Select a value from the drop-down menu to set a priority for processing the codec, ranging from 0- Default, 1-High, to 10-Low, TBC-Suppressed, and TBC-Forced. Default: 0
PT Start
Available in Audio or Video. PT Start and End steppers range from 96 to 127 and increment by 1. The PT Start stepper must be LTE to the PT End and the PT End stepper must be GTE to the PT Start. Default: 96
PT End
Available in Audio or Video. PT Start and End steppers range from 96 to 127 and increment by 1. The PT Start stepper must be LTE to the PT End and the PT End stepper must be GTE to the PT Start. Default: 127
TimeStamp Clock
Available in Audio or Video. The Timestamp stepper ranges from 0 to 1,000,000 and increments by 1000. Default: 0
Resolution
Available in Video only. Select a value from the drop-down menu. Default: Unknown
Min.(imum) Bitrate
Available in Video only. Minimum Bit Rates range from 0-65536 and increment by 10. The Minimum Bit Rate must be the LTE Maximum Bit Rate unless the maximum rate is 0 and the Maximum Bit Rate must be the GTE Minimum Bit Rate unless the rate is 0. Default: 0
Max.(imum) Bitrate
Available in Video only. Maximum Bit Rates range from 0-65536 and increment by 10. The Minimum Bit Rate must be the LTE Maximum Bit Rate unless the maximum rate is 0 and the Maximum Bit Rate must be the GTE Minimum Bit Rate unless the rate is 0. Default: 0
931
nGeniusONE 5.4.1 Online Help Topics
Assignment Screen/Dialog Box Profile Name
Choose the name of the endpoint profile from the drop-down menu: either Generic or Microsoft Lync. Default: Generic.
Type
Equipment type: Generic, Analog Telephone Adapter, Desktop ohone, Soft phone, Video Conferencing unit, Telepresence room, PSTN Gateway, Analog Gateway, Session Border Controller, NAT Router, Media Bridge, or Voicemail server.
Assignment
The IP Address to which the assignment is made.
IP Address
Correlate the selected endpoint profile with an IP Address. Maximum: 10,000
Configuring Voice/Video Endpoint Profiles Configuring Voice/Video Processing Profiles Understanding Voice/Video Endpoint Profiles Configuring Voice/Video Thresholds Endpoint profiles control the processing of voice/video media. NetScout provides two endpoint profiles or the option to create new profiles. Note: The Unified Communications server license is required to configure this feature. Without the license, this tab does not display. Configuring Endpoint Profiles To configure Voice/Video Endpoint Profiles on the nGeniusONE server: 1. From the nGeniusONE console, select
Global Settings.
2. Click the Applications tab. 3. Select Multimedia from the View drop-down menu. 4. Select the RTP protocol and configure any applicable monitoring options including associating RTP with an Application Group or Error Codes. 5. Click Apply to save your configuration to the database. 6. Click the Voice/Video tab. 7. Click the Endpoint Profiles > Definitions tabs. 8. In the dialog box, click
Add a definition.
9. Enter a Profile Name and Designation for the endpoint profile. Up to 32 alphanumeric characters are permitted including: ( ) _ - { } [ ] : ; , . / special characters. Maximum definitions allowed: 10. 10. Select a Calibration type from the drop-down menu. 11. Click one or more of the Report RTCP Metrics, De-multiplex Telepresence, and De-multiplex SSRC check boxes . 12. In the Audio Codec — Dynamic Payloads pane, click Add a codec and select an audio Codec and Priority type from the drop-down menus.
932
CONFIGURING AND MANAGING nGeniusONE 13. Enter PT Start and PT End, and Timestamp Clock values. Default values are displayed. 14. Click OK. 15. In the Video Codec — Dynamic Payloads pane, click Add a codec and select a video Codec and Priority from the drop-down menus. 16. Enter PT Start and End, Resolution, Timestamp Clock, and Minimum and Maximum Bitrate values. 17. Click OK to enter your choices and Apply to save your configuration. 18. Click the Assignment tab. 19. Click
Add a definition. The maximum allowed is 10,000.
20. In the dialog box, select an assignment Profile Name from the drop-down menu. 21. Select a profile Type from the drop-down list. 22. Enter an IP Address for the profile assignment and click OK. 23. Click Apply to save your configuration to the database.
Configuring Voice/Video Processing Profiles Configuring Voice/Video Endpoint Profiles Configuring Voice/Video Thresholds nGeniusONE supplies three default voice/video processing profiles to configure payload values and assign to a Site or Community. The priorities are: • High Priority Payload • No Payload • Normal Payload Optionally, you can create your own processing profile. Note: The Unified Communications Server license is required to configure this feature. Without the license, this tab does not display. Refer to the table below for functionality descriptions. Processing Profiles Icon/Column
Description Add a definition of a processing profile. Maximum allowed: 10 Modify the selected definition of a processing profile. Double-clicking on a value of an existing profile
933
nGeniusONE 5.4.1 Online Help Topics in the row displays the View Definition dialog box. Copy an existing profile to conveniently create a new one. Delete the selected definition(s) of a processing profile. Make the selected profile default definition. /
Show/Hide/Reset the filter for the processing profile list.
/
Refresh the screen. Sort the Definitions list alphabetically by clicking the up or down arrow in the selected column header. Page through the Profile list to find a selected entry. Definitions Screen Profile Name
Designation for the profile name.
Default
A check mark indicates the profile name selection is the default.
Payload Processing
(Optional) Click the check box to enable payload processing.
Payload Priority
Select a value from the drop-down menu to set a priority for processing the packet payload, ranging from 0- Dynamic, 1-High, to 10-Low. Payload Defaults The following default values apply to the three types of payloads: No Payload • Payload Processing:
934
CONFIGURING AND MANAGING nGeniusONE Unchecked • Payload Priority: 5 • Max Payload Time: 300 seconds Normal Payload • Payload Processing: Checked • Payload Priority: 5 • Max Payload Time: 300 seconds High Priority Payload • Payload Processing: Checked • Payload Priority: 1High • Max Payload Time: 300 seconds Max Payload Time (sec)
Enter a maximum interval in seconds that the payload will be assessed for a stream/flow. If a call lasts longer than 5 minutes then only the first 5 minutes will be used to retrieve payload metrics. Note that setting a longer value will impact performance. Range: 120 14,400 seconds. Default: 300 Assignments Screen Add an assignment for the selected processing profile. Maximum: 10,000 Modify the selected assignment for a particular processing profile. Double-clicking on a value of an existing assignment in the row displays the Modify Assignment (Communities) or (Sites) dialog box with all unassigned communities, their Server,
935
nGeniusONE 5.4.1 Online Help Topics Client, or VIP List Type, and associated IP Addresses. If the IP Address list is long, hovering your cursor over the field will display the list in its entirety. Delete the selected assignment (s) for a selected processing profile. /
/
Show/Hide/Reset the filter for the processing assignments list. Sort the Assignments list alphabetically by clicking the up or down arrow in the selected column header. Page through the Assignments list to find a selected entry. Refresh the screen.
Assignment Type
Select a value from the drop-down menu: Communities or Sites. Default: Communities. The Sites assignment view does not display the Community Type column.
Profile Name
Name of the processing profile type selected from the drop-down menu.
Assignment
The user-defined community name created under the Enterprise tab. Maximum number of assignments permitted: 10,000
Community Type
The Client, Server, or VIP List (IP Addresses only) Community type assigned to this profile. This column displays only when the Communities option is selected from the Assignment Type dropdown menu.
936
CONFIGURING AND MANAGING nGeniusONE Configuring To configure Voice/Video Processing Profiles on the nGeniusONE server: 1. From the nGeniusONE console, select
Global Settings.
2. Click the Applications tab. 3. Select Multimedia from the View drop-down menu. 4. Expand the Voice-Video-Data node, double-click the RTP protocol, and configure any applicable monitoring options including associating RTP with an Application Group, setting KPI Variables or Error Codes, and others. 5. Click OK and Apply to save your configuration to the database. 6. Click the Voice/Video tab. 7. Click the Processing Profiles > Definitions tabs. 8. Click
Add a definition.
9. Enter a Profile Name (maximum of 32 characters). 10. Enter a Payload Priority value from the drop-down menu. This ranges from 0Dynamic to 10-Low. 11. Enter a Max Payload Time in seconds. This ranges from 120 to 14,400 seconds, in increments of 10 seconds. 12. Click the
Payload Processing check box as needed.
13. Click OK. 14. Click the Assignments tab. 15. From the Assignment Type drop-down menu, select Communities or Sites. 16. Click
Add an assignment. Maximum allowed is 10,000.
17. Select a Profile Name from the drop-down menu. 18. Select an unassigned community from the display of Server, Client, VIP Lists or Sites you added previously. Note: Only one community can be selected per profile for viewing but you can add multiple communities to the same profile by repeating the process. 19. Click OK and Apply to save your configuration to the database. The new Profile appears in the Assignments screen. Important: When you delete a site or community, an internal check is performed to learn if it is assigned a processing profile and, if so, prompts you with a message to confirm this deletion.
937
nGeniusONE 5.4.1 Online Help Topics
MANAGING REPORTS Overview of nGeniusONE Reports The nGeniusONE solution provides a reporting tool to assist you in capturing data for troubleshooting and sharing information with others. Reports enable you to present nGeniusONE data in an accessible fashion for a wide range of audiences. The views included in a report help you tell a story or communicate information about conditions in your network. You create and save reports by using the Report Configuration wizard and leveraging predefined templates. Each template contains a set of views designed for a specific purpose and audience. These views can optionally be customized with specified metrics and display preferences. You then select the sources that will provide data for each report, which can include services, service domains, monitored elements (links), network domains (groups of monitored elements), applications, and application groups. In a distributed environment, you can create reports on both the Global Manager and Local Servers. If you define reports on the Global Manager, the GM rolls up data from each Local Server managing a data source used in the report. Reports defined on a Local Server use only the local data sources. After creating reports, you can schedule them for future generation and delivery. A scheduled report is stored on the nGeniusONE Server and can be delivered on a regular basis in one or more forms: a URL link in an email, or a PDF (Portable Document Format), RTF (Rich Text Format), or CSV (Comma Separated Values) email attachment. You also have the option of applying security settings to allow specific users and user groups to edit your report. You and other users view generated reports using the My Reports portal. After reports are generated, you can distribute them as CSV, PDF, or RTF files, or in the form of URLs that can be launched from a recipient's browser or other information portals.
Overview of nGeniusONE Reports The nGeniusONE solution provides a reporting tool to assist you in capturing data for troubleshooting and sharing information with others. Reports enable you to present nGeniusONE data in an accessible fashion for a wide range of audiences. The views included in a report help you tell a story or communicate information about conditions in your network. You create and save reports by using the Report Configuration wizard and leveraging predefined templates. Each template contains a set of views designed for a specific purpose and audience. These views can optionally be customized with specified metrics and display preferences. You then select the sources that will provide data for each report, which can include services, service domains, monitored elements (links), network domains (groups of monitored elements), applications, and application groups. In a distributed environment, you can create reports on both the Global Manager and Local Servers. If you define reports on the Global Manager, the GM rolls up data from each Local Server managing a data source used in the report. Reports defined on a Local Server use only the local data sources. After creating reports, you can schedule them for future generation and delivery. A scheduled report is stored on the nGeniusONE Server and can be delivered on a regular
938
CONFIGURING AND MANAGING nGeniusONE basis in one or more forms: a URL link in an email, or a PDF (Portable Document Format), RTF (Rich Text Format), or CSV (Comma Separated Values) email attachment. You also have the option of applying security settings to allow specific users and user groups to edit your report. You and other users view generated reports using the My Reports portal. After reports are generated, you can distribute them as CSV, PDF, or RTF files, or in the form of URLs that can be launched from a recipient's browser or other information portals.
Using the nGeniusONE Report Configuration Tool The nGeniusONE Report Configuration tool enables you to create reports of application, service, and network conditions that you can share with others. This topic provides an overview of the features available in the Report Configuration tool. After selecting the Reports Configuration icon on the nGeniusONE Console, the Home page opens and displays a collection of previously configured reports in a grid layout. The main page of the Report Configuration tool provides several controls along the top, as shown in the following graphic (additional details provided below):
Control
Description
Filter options #
Opens a dialog box where you can select values, such as template type and report author, to filter the display on the Home page. The number displayed next to the filter icon represents the number of filter selections.
Create Report
Starts the wizard for creating a new report.
939
nGeniusONE 5.4.1 Online Help Topics
Preferences
Opens a dialog box where you can specify preferences, including layout and design settings for your exported PDF reports, content limits, and report purging schedules.
More Actions
Opens a menu where you can perform additional tasks for single or multiple selected reports, including removing, duplicating, scheduling, and security.
In addition, you have the following options within each report tile: • Select the checkbox to enable tasks under "More Actions." • Click the report title to modify the report. • Click the star to mark the report as a favorite (moves to top left position in Home page and My Reports). • Click Generate Instance to immediately create a new report instance. • Click View Editions to open generated versions of daily, weekly, and monthly scheduled reports, as available . • Click Latest Instance URL to view and copy a URL link to the most recent generated instance of the report.
Creating nGeniusONE Reports Create a report using the Report Configuration wizard and one of the preconfigured templates provided by nGeniusONE. Using the wizard, you can also create user-defined reports with your own customized views. 1. Select Report Configuration
on the nGeniusONE Console.
The Report Configuration tool opens and displays any previously configured reports as interactive tiles in a grid (or table) layout. If no reports are available, you are prompted to begin. 2. Click Create Report to start the configuration wizard. (If no reports have been created, click the icon
940
.)
CONFIGURING AND MANAGING nGeniusONE You create a report by adding up to 5 sections. By default, the report is named "New Report," "New Report 1," etc. 3. Rename the report by clicking the default name in the upper-left. Enter a name and optional description in the dialog box and click Rename. The following special characters are not supported: \:*?/”<>| Tip: You can name the report at any point in the wizard or after adding all sections and completing configuration. 4. Select one of the preconfigured templates or select User-Defined Report and continue as appropriate: • For template-based reports, proceed through wizard screens 1-4 to select a template, customize views, specify data sources, and tag the report section. • For user-defined reports, proceed through the wizard screens to specify data sources, create and customize your views, and tag the report section. After the completion page for the report section is displayed, perform additional steps, as required. 1. (Optional) Use the buttons at the upper-right of the completion page to perform the following tasks: • Edit view layout for PDF Export — Modify the size of each view displayed on a page of the exported report. Choices include 1/4, 1/3, 1/2, or full page. • Edit Section — Modify the section by repeating steps 2, 3, and 4 of the wizard. • Duplicate Section — Add a new section with the same contents. You can then modify as necessary. • Delete Section — Remove the current section and start the report over with template selection. 2. (Optional) Use the section list on the left to add another section to the report by
clicking + and repeating the configuration procedure. (Click to display the section list.) Each report can contain up to 5 sections (depending on Preference settings).
3. (Optional) Use controls at the upper-left for the following tasks: • Click the report title to rename it. • Click Not Scheduled to configure scheduling and delivery. • Click Settings to configure security settings, display options, and PDF settings. 4. Save the report section by clicking Save Report in the upper-right. • Click Save and exit to complete the report and return to the Home page. • Click Save and continue to stay on the completion page, where you can repeat any of the previous tasks.
941
nGeniusONE 5.4.1 Online Help Topics
Alternatively, you can save and return to the Home page by clicking the Home button in the lower left. After saving the report, the report definition is added to the collection on the Report Configuration Home page.
Report Creation Wizard (Template-Based) Create a report using the Report Configuration wizard and one of the preconfigured templates provided by nGeniusONE. 1. Select a template for the type of data you want in this report section. a. If you have many templates, enter search terms in the filter box to find matches. After making a selection, the screen is updated with a general description of the template and descriptions for each view in the template. b. Click Next. Note: At any point in the configuration wizard, you can click Discard to cancel the report section and begin again. 2. Select data sources for the views in the report. Depending on the selected template, data sources can be any of the following: application services and network domains configured in the Service Configuration module; monitored elements from Device Configuration; applications, application groups, clients, client communities, locations, servers, and server communities configured in Global Settings. a. For link-based data sources, select a data source type, either Network Domains or Monitored Elements, then select a single network domain or multiple monitored elements. For site-to-site reports, you first select monitored elements and then select sites associated with those interfaces. Sites are defined in Global Settings and associated with interfaces in Device Management. For application-service based data sources, select a single domain or service. Application services, domains, and network domains must first be configured and assigned in the Service Configuration module. Only those services that have been assigned to you are selectable for your reports. Application services are enabled through a property in serverprivate.properties. b. (Optional) If supported, select Add Applications/Application Groups and make the appropriate selections to add these as data sources. You can select from either the Applications or Application Groups lists. c. (Optional) If supported, select Report statistics for individual service members separately to display separate views for each service member instead of aggregated data for all service members. d. Click Next. 3. Customize views for the report section. 942
CONFIGURING AND MANAGING nGeniusONE a. (Optional) Remove views you don't want included in the report by clearing the check boxes. b. (Optional) Modify the default names of the views by clicking the current name and entering the new name. c. (Optional) Click Advanced Options to display additional settings where you can specify options such as metrics, direction, thresholds, and displays for the associated view. For most over-time views, you can select overlays to superimpose additional data in the view, such as comparisons with previous time periods or thresholds for additional metrics. When baseline overlays are supported for a view, you can choose baseline configuration settings. You can choose to display data in chart or table format. For tables containing multiple metrics, you can reorder the columns up (left) and down (right). Some views have the potential to display undefined data when showing the traffic breakdown for a selected location type. For example, a Top Server Sites chart might include undefined data for traffic that doesn't correspond to your site definitions. If you want to exclude this type of data from your report, select the option to Suppress undefined data. d. Click Next. 4. Tag the report section. a. Enter a name for the section or accept the default name. Special characters, \:*?/”<>|, are not supported. b. Add optional tags (search terms) that you and other users can use to locate this report. c. Click Finish. A completion page is displayed, summarizing the contents of the report section. 5. Complete the report section as described in Creating nGeniusONE Reports.
Report Creation Wizard (User-Defined) Define your own report using the Report Configuration wizard. 1. Select User-Defined Report from the list of templates; then click Next. Note: At any point in the configuration wizard, you can click Discard to cancel the report section and begin again. 2. Select data sources for the views in the report. Data sources can be any of the following: application services and network domains configured in the Service Configuration module; monitored elements from Device Configuration; applications and application groups configured in Global Settings. a. Select a data source type. The list is updated to display selections available for the data source type.
943
nGeniusONE 5.4.1 Online Help Topics b. Select a single application service or network domain or multiple monitored elements. Application services and Network domains must first be configured and assigned in the Service Configuration module. Only those services that have been assigned to you are selectable for your reports. c. (Optional) If supported, select Add Applications/Application Groups and make the appropriate selections to add these as data sources. You can select from either the Applications or Application Groups lists. d. (Optional) If supported, select Report statistics for individual service members separately to display separate views for each service member instead of aggregated data for all service members. e. Click Next. 3. Customize views for the report section. a. Click Create View for the first view in the report. The Create View dialog box provides a list of network objects that provide context as supported for the data source you selected earlier. b. Select a network object, then enter a name and optional description for the view. Your network object selection determines the metric types and metrics available for the view. c. Specify metrics, direction, thresholds, and display options as required for the associated view. Note the following considerations:
944
•
For most over-time views, you can select overlays to superimpose additional data in the view, such as comparisons with previous time periods or thresholds for additional metrics.
•
If you select Threshold, select a metric and enter a value for the threshold to be displayed in the view. For example, if you select Total % Utilization and enter a value of 60, a line for 60% utilization will be indicated on the view. Individuals viewing the report can see how traffic compares to the threshold.
•
When baseline overlays are supported for a view, you can choose baseline configuration settings.
•
If your data source is a Network Domain or multiple individual interfaces, you can choose to show the Top N interfaces or All Links. When Show All Links is selected, by default, the data for all interfaces is displayed in a single chart with a separate line for each interface. If you prefer to combine all data for all the interfaces into a single line in one chart, select Aggregate.
•
If your data source is an Application Service, by default, the view in the resulting report displays separate data points for each member of the application service. If you want to see combined data for the entire service, select Aggregate.
•
For some view contexts, such as applications, clients/communities, servers/communities, hosts, and conversations, you can choose to show either the Top N or specific entries, which require you to enter or select the specific names, addresses, or other values.
•
You can choose to display data in chart or table format. For tables containing multiple metrics, you can reorder the columns up (left) and down (right).
CONFIGURING AND MANAGING nGeniusONE •
Some views have the potential to display undefined data when showing the traffic breakdown for a selected location type. For example, a Top Server Sites chart might include undefined data for traffic that doesn't correspond to your site definitions. If you want to exclude this type of data from your report, select the option: Don't display data for undefined locations.
Click Next. 4. Tag the report section. a. Enter a name for the section or accept the default name. Special characters, \:*?/”<>|, are not supported. b. Add optional tags (search terms) that you and other users can use to locate this report. c. Click Finish. A completion page is displayed, summarizing the contents of the report section. 5. Complete the report section as described in Creating nGeniusONE Reports.
Metrics Available for nGeniusONE Report Views Use the Create View dialog box to specify the network object, name, and optional description for the view. The network objects you select provide context for each view. When you configure views based on the network object, the following metrics are available: Selected Network Object/ Data Context
Supported Metric Types
Available Metrics
Link/Location
Throughput
Bit Rate, Byte Rate, Packet Rate, Packets, Volume
Application
Throughput
Bit Rate, Byte Rate, Packet Rate, Packets, Volume
Responsiveness
Active Sessions, Client Dup ACK, Client Resets, Connect Time Client, Connect Time Server, Degraded, Failure %, Failures (Count), Fast, Min Window Client, Min Window Server, New Sessions, Resets, Response Time, Retransmissions, Server Dup ACK, Server Resets, Server Volume, Slow, Success %, Successes (Count), SYN, SYN-ACK, TCP ACK Time Client, TCP ACK Time Server, TCP Client Retransmissions, TCP Retransmissions, TCP Round Trip Time, TCP Server Retransmissions, Time Out, Time Out %, Transactions, Total Requests, Zero Window Client, Zero Window Server
Errors
Errors
945
nGeniusONE 5.4.1 Online Help Topics
Application Message
Application Service
Application Service (Client Views)
946
UC Metrics (if licensed)
QoS Mismatch, Short Calls, Single Direction
Responsiveness
Degraded, Failures, Fast, Responsiveness, Retransmissions, Slow, Successes, Time Out, Transactions
Errors
Errors
Responsiveness
Active Sessions, Client Dup ACK, Client Resets, Connect Time Client, Connect Time Server, Degraded, Failure %, Failures (Count), Fast, Min Window Client, Min Window Server, New Sessions, Resets, Response Time, Retransmissions, Server Dup ACK, Server Resets, Server Volume, Slow, Success %, Successes (Count), SYN, SYN-ACK, TCP ACK Time Client, TCP ACK Time Server, TCP Client Retransmissions, TCP Retransmissions, TCP Round Trip Time, TCP Server Retransmissions, Time Out, Time Out %, Transactions, Total Requests, Zero Window Client, Zero Window Server
Errors
Errors
UC Metrics (if licensed)
QoS Mismatch, Short Calls, Single Direction
Responsiveness
Active Sessions, Client Dup ACK, Client Resets, Connect Time Client, Connect Time Server, Degraded, Failures, Fast, Min Window Client, Min Window Server, New Sessions, Resets, Response Time, Retransmissions, Server Dup ACK, Server Resets, Server Volume, Slow, Success %, Successes, SYN, SYN-ACK, TCP ACK Time Client, TCP ACK Time Server, TCP Client Retransmissions, TCP Retransmissions, TCP Round Trip Time, TCP Server Retransmissions, Time Out, Time Out %, Transactions, Total Requests, Zero Window Client, Zero Window Server
Errors
Errors
CONFIGURING AND MANAGING nGeniusONE
Application Service (Server Views)
Client
Server
Responsiveness
Active Sessions, Client Dup ACK, Client Resets, Connect Time Client, Connect Time Server, Degraded, Failure %, Failures (Count), Fast, Min Window Client, Min Window Server, New Sessions, Resets, Response Time, Retransmissions, Server Dup ACK, Server Resets, Server Volume, Slow, Success %, Successes (Count), SYN, SYNACK, TCP ACK Time Client, TCP ACK Time Server, TCP Client Retransmissions, TCP Retransmissions, TCP Round Trip Time, TCP Server Retransmissions, Time Out, Time Out %, Transactions, Total Requests, Zero Window Client, Zero Window Server
Errors
Errors
Throughput
Bit Rate, Byte Rate, Packet Rate, Packets, Volume
Responsiveness
Active Sessions, Client Dup ACK, Client Resets, Connect Time Client, Connect Time Server, Degraded, Failure %, Failures (Count), Fast, Min Window Client, Min Window Server, New Sessions, Resets, Response Time, Retransmissions, Server Dup ACK, Server Resets, Server Volume, Slow, Success %, Successes (Count), SYN, SYN-ACK, TCP ACK Time Client, TCP ACK Time Server, TCP Client Retransmissions, TCP Retransmissions, TCP Round Trip Time, TCP Server Retransmissions, Time Out, Time Out %, Transactions, Total Requests, Zero Window Client, Zero Window Server
Errors
Errors
Throughput
Bit Rate, Byte Rate, Packet Rate, Packets, Volume
Responsiveness
Active Sessions, Client Dup ACK, Client Resets, Connect Time Client, Connect Time Server, Degraded, Failure %, Failures (Count), Fast, Min Window Client, Min Window Server, New Sessions, Resets, Response Time, Retransmissions, Server Dup ACK, Server Resets, Server Volume, Slow, Success %, Successes (Count), SYN, SYN-ACK, TCP ACK Time Client, TCP ACK Time Server, TCP Client Retransmissions, TCP Retransmissions, TCP Round Trip Time, TCP Server Retransmissions, Time Out, Time Out %, Transactions, Total Requests, Zero Window Client, Zero Window
947
nGeniusONE 5.4.1 Online Help Topics
Server
Errors
Errors
Host
Throughput
Bit Rate, Byte Rate, Packet Rate, Packets, Volume
Conversation
Throughput
Bit Rate, Byte Rate, Packet Rate, Packets, Volume
Baselines in Reports Trending reports enable you to compare recent usage patterns to historical usage baselines. nGeniusONE reports support baselines for throughput metrics as overlays in the following views: • Link Analysis template/Link Usage Over Time view, with the option selected to Report statistics for individual service members. In the report, individual views show baselines. The main view does not show baselines because it is aggregated for all links. • User Defined report/Over-Time views based on a Link Network object for a single physical interface with no locations selected in the filter. Network domains are not supported. • To display baselines for throughput metrics, the supported over-time views must have 1-hour resolution, which you can set when you schedule a report or generate a report on-demand. When selecting baselines, you can choose the time mode and the type of data aggregation. Baseline time mode: • Hour of week — A single baseline is calculated for a specified hour and day of the week, for example 9:00 AM Monday. These baseline calculations include up to 7 weeks of raw 5-minute data samples, if available, not including the most recent 7 days of data. By default, the system retains 14 days of raw data. However, since the statistical accuracy of baselines improves with a larger data set, it is recommended that you set aging to retain 4-8 weeks of data. You can change the aging settings in nGeniusONE Server Management. In the Aging Parameters tab/Main Server pane, enter the preferred number of days for Raw (5 minute) Tables. For example, for 8 weeks, enter 56 days. Refer to Modifying Database Aging Parameters in nGeniusONE for additional information. • Hour of day — A single baseline is calculated for a specified hour every day, for example 9:00 AM. These baseline calculations include 5-minute data samples from the previous 7 days (not including the current day). Aggregation types: • Average Baselines Each average baseline data point provides the average for the selected metric of all corresponding samples taken over the duration of logged raw data.
948
CONFIGURING AND MANAGING nGeniusONE • Peak Baselines For peak baselines, the single highest metric value of all samples obtained at the time of a given data point is displayed. • Percentile Baselines For Percentile Baselines, all samples obtained at the time of a given data point are placed in order from highest to lowest. The data point represents the value that is greater than the selected percentile's samples. For example, using the default of 90P, the value displayed for the data point is the value that 90% of the samples are less than or equal to. You can set the percentile at 90, 95, 99, or 99.9. • Minimum Baselines For minimum baselines, the single lowest metric value of all samples obtained at the time of a given data point is displayed.
Understanding Scheduled Reports Scheduling reports is a useful workflow that provides major conveniences. It saves time and ensures consistency by allowing you to create the report configuration once and then repeatedly deliver the report according to schedule. Scheduling is off, by default. When enabled, you can customize the schedule to generate and deliver reports on a daily, weekly, or monthly basis. When scheduling daily reports, you can prevent unnecessary report generation by excluding days you don't want the report delivered. Keep the following considerations in mind when you schedule reports: • By default, reports are not scheduled. You must provide scheduling and delivery information to determine when the report should be generated and where it should be delivered. If you schedule a report without email delivery information, the report is generated at the scheduled time and the report instance is saved and made available in the My Reports viewer. • To schedule reports, users must have the Reporting-Report and NewsPaper Scheduling privilege. By default, all nGeniusONE users have this privilege. A System Administrator can restrict scheduling privileges by removing the function for selected user roles. • Scheduled reports support historical views only. • You can schedule a report to be automatically generated and delivered on a daily, weekly, or monthly basis. • All reports are generated in the nGeniusONE Server's time zone. For daily reports, you can specify the times for report generation and delivery. Weekly and monthly reports are preset to be generated at 2:00 a.m. on the Server. • When scheduling daily reports, you can exclude days you don't want the report delivered. • You can define start and end date ranges and defer scheduling to start at a later date/time. The default is to start the schedule immediately and never stop. • A scheduled report can be delivered by email in one or more of the following formats: CSV, PDF, or RTF attachment, or URL link to the My Reports viewer. By
949
nGeniusONE 5.4.1 Online Help Topics default, the URL is sent. To email reports, you must provide your SMTP Server in nGeniusONE Email Settings. • When sending a URL link in the email, if the NPViewer user account is not enabled, the recipient must have nGeniusONE login credentials to view the report. If the NPViewer account is enabled, the URL link allows access without logging in. Refer to User Access for nGeniusONE Reports for additional information. • Scheduled reports sent as PDF/RTF/CSV email attachments do not follow nGeniusONE preference settings. This type of report uses default system preferences. Scheduled reports in a distributed environment In a distributed environment, the Global Manager (GM) generates a Global Report by retrieving data every night from each Local Server (LS) and aggregating the data for all servers. If the GM and LSs are in different time zones, the retrieval and generation occur at the designated time in the GM time zone, by default. In this case, each LS provides data available up to the requested time, even if data warehousing is not complete for the requested cycle (daily, weekly, monthly). Alternatively, you can enable report generation on each LS after its data warehousing is complete. In this case, the LSs send the reports based on their own time zones to the GM. When the GM has received all LS reports, it generates and delivers the Global Report. If you select the Local Server time zone option, you can also choose to show individual views of data from each Local Server in the Global Report, along with the aggregated views.
Scheduling an nGeniusONE Report Scheduling an nGeniusONE report saves the entire configuration to be automatically generated at specified times and optionally delivered to specified email addresses. Reports can be delivered as PDF, RTF, and CSV attachments and as URL links (default). If a report is scheduled but delivery information is not provided, the report is generated at the scheduled time and the report instance is saved to disk. By default, reports are not scheduled. To schedule reports, users must have the Reporting-Report and NewsPaper Scheduling privilege. 1. Create your report. 2. Configure scheduling and delivery in either the following ways: • On the report completion page, click Not Scheduled. • On the Home page, select multiple reports and click More Actions > Configure > Scheduling. (This option is not enabled for single reports.) A dialog box for configuring Editions and Sharing opens. 3. Select Editions to specify how often you want the report generated and optionally delivered. a. Select daily, weekly, or monthly delivery as required. b. (For daily scheduled reports only) Specify the following values for report generation: start time, business days, duration of data, and data resolution. By
950
CONFIGURING AND MANAGING nGeniusONE default, daily reports are generated at 1:00 a.m. every day, contain data for "yesterday" with a resolution of one hour; you must select at least one day, otherwise no reports are generated. c. (For weekly scheduled reports only) Select data resolution of one hour or one day. By default, weekly reports are generated at 2:00 a.m. every Sunday, and contain data for the previous week with a resolution of one hour. Monthly reports always contain last month's data with a resolution of one day. d. (Optional) Change the dates when you want the report generation and delivery to start and end. By default, scheduled reports run indefinitely and start generation as follows: o Daily reports: 1:00 a.m. every day and contain data for the previous day (12:00 a.m.-11:59 p.m.) o Weekly reports: 2:00 a.m. every Sunday and contain data for the previous week o Monthly reports: 2:00 a.m. the first day of each month and contain data for the previous month e. (Optional for Global Manager scheduled reports only) Select Global (default) or Local as a preference for report data collection and generation. In a distributed environment, the Global Manager (GM) generates a scheduled report by retrieving data every night at the same time from each Local Server (LS) and aggregating the data for all servers in a Global Report. If the GM and LSs are in different time zones, the retrieval and generation occur at the designated time in the GM time zone, by default. In this case, each LS provides data available up to the requested time, even if data warehousing is not complete for the requested cycle (daily, weekly, monthly). Alternatively, you can select Local Server time zone to enable report generation on each LS after its data warehousing is complete. In this case, the LSs send the reports based on their own time zones to the GM. When the GM has received all LS reports, it creates and delivers the Global Report. If you select the Local Server option, you can also choose to Add views for each local server to the report. This option enables separate views showing data from each Local Server to be included in the Global Report, along with the aggregated views. 4. Select Sharing to specify recipients and message details. a. Select Enable Email Delivery. If this option is not selected, the report is generated and saved to disk, but not delivered. Before you can email reports, you must configure email settings in Server Management. b. Enter the required To and From addresses. Other fields are optional. o
Separate multiple addresses with semicolons and no spaces. For example, [email protected] ;[email protected] .
o
If a sender email is defined in Server Management, that address is used as the default value. You can modify this predefined value.
951
nGeniusONE 5.4.1 Online Help Topics o
To send email outside your own domain, you must provide a valid user name and password in Email Settings to authenticate for the outgoing SMTP server.
c. Enter an optional subject line and message. These will be included every time the report is emailed. d. Select one or more methods for sending the report by email: PDF (Portable Document Format), RTF (Rich Text Format), or CSV (Comma Separated Value) attachment; URL to the generated report stored on the nGeniusONE Server. o
If the WEB URL option is selected, by default, recipients will receive an email with a URL that allows them to open this specific report without logging in (the NPViewer user account must be enabled).
o
Optionally, you can select Prompt for authentication to allow URL access only for users with nGeniusONE login credentials. This is the default setting if the NPViewer user account is not enabled.
5. Click Apply to save the scheduling settings. 6. After the report is generated or emailed, status is shown on the Home page. If email delivery or scheduled report generation fails, alerts are triggered and can be viewed in the Server Health and Alert Browser modules. Refer to Troubleshooting nGeniusONE Reports for additional information.
Settings for Scheduled Reports Configure the following settings to schedule and share reports: • Editions • Sharing Note: The Scheduling control is disabled if the user does not have the ReportingReport and NewsPaper Scheduling privilege.
Configuring Security for nGeniusONE Reports After creating a report, you can configure security by giving other users access to view and modify the report. Keep in mind the following considerations for report security: • When adding content to report sections, services and domains are available to users based on service assignments. These assignments are made in Service Configuration. • When configuring security for a particular report, you can add other users to the report's Access Control List (ACL) to allow them to edit the report. However, when these users view the report, they can see only those sections where they have access to the content. Access is based on the user assignments for application services and network domains. • You can allow other users to access your reports without requiring login to the nGenius Server. This access is available only when the npviewer account is enabled in Server Management.
952
CONFIGURING AND MANAGING nGeniusONE • The "Reporting-Administration" user privilege provides System Administrators with global authority to view, modify, generate, and delete other users' reports. This privilege overrides any security settings configured in individual reports. • You can specify portions of host IP addresses to be concealed when other users are viewing reports. You can mask 8-32 bits for IPv4 addresses; and 16-128 bits for IPv6 addresses. The masking selection is indicated with x's in all views in the report (for example, 10.1.xxx.xxx). To configure report security: 1. Create your report. 2. Configure security in either the following ways: • On the report completion page, click Settings > Security. • On the Home page, select multiple reports and click More Actions > Configure > Security. (This option is not enabled for single reports.) The Security Settings dialog box opens. 3. If the npviewer account has been enabled, the option to Prompt for authentication is displayed and selected, by default. Deselect this option if you prefer to allow npviewer users to access your reports without requiring login to the nGenius Server. 4. (Optional) Select Mask IP Address and choose the number of bits of host IP addresses to mask when other users are viewing the generated report. 5. Select the users who can view, modify, and delete the selected reports. The names listed are nGeniusONE users who have been added in Server Management. 6. Click Apply.
Configuring Report Display Options By default, nGeniusONE reports obtain time zone and view settings from the global nGeniusONE Preferences. However, if preferred, you can modify these settings for your reports: 1. Create your report. 2. On the report section completion page, click Settings. A dialog box opens for configuring Security, Display, and PDF settings. 3. Select Display. 4. Change view options, as preferred: Setting
Option Description
Show a link by its
• • •
Name (default if a hostname is available) (IP) Address (default if no hostname is available) Alias (a configured alternate name)
Show an application
•
Short name (default)
953
nGeniusONE 5.4.1 Online Help Topics
by its
• •
Long name Port (to display the application short name plus the port used)
Show a host by its
• • •
Name with domain (default if a hostname is available) Name only (IP) Address (default if no hostname is available)
5. Select a different time zone for presenting report data. The report data is generated in the nGeniusONE Server time zone, however, users will view the data in the specified time zone. This option does not apply for reports that are generated based on local server time zone. 6. Click Apply. All of the above settings are included in the report definition and are applied each time you generate the report.
Configuring nGeniusONE Report Preferences Each user can apply certain preferences to specific nGeniusONE reports or to all of the user's reports, including: • The number of views and sections per report • Layout, text fields, and banner graphics for exported PDF reports Additional preferences for report purging intervals can be changed only by users who have the Reporting Administration privilege (by default, only the System Administrator role has this privilege assigned). Purging preferences apply globally to all reports on the nGeniusONE Server.
Report-Level Preferences After creating a report, the author can apply preferences to the particular report as follows: 1. Create a report. 2. On the report section completion page, modify the size displayed for each view in the report by clicking the link for Edit view layout for PDF Export, then selecting a view size of 1/4, 1/3, 1/2, or full page. 3. Modify other preferences by clicking Settings, then selecting PDF Settings. 4. Specify PDF settings, as required. 5. Click Apply and save the report.
Global Preferences Each user can set global preferences to customize and standardize features for all of the user's nGeniusONE reports as follows: 1. Select Preferences on the Report Configuration Home page. This selection is available before or after configuring reports.
954
CONFIGURING AND MANAGING nGeniusONE A dialog box opens for setting PDF and Report preferences. 2. Select PDF Configuration. 3. Specify PDF preference settings, as required. 4. Select Report Configuration. 5. Specify Report configuration preference settings, as required. 6. Click Apply. In a distributed environment, each user configures one set of global preferences on the Global Manager, which are applied to the user's reports on all local servers.
Report Purging Preferences Users who have the Reporting Administration privilege can specify time periods for retaining reports before they are purged as follows: 1. Select Preferences on the Report Configuration Home page. This selection is available before or after configuring reports. A dialog box opens for setting PDF and Report preferences. 2. Select Report Preferences. 3. Specify Purging settings, as required. 4. Click Apply.
PDF Settings for nGeniusONE Reports After creating a section for an nGeniusONE report, you can modify settings that are applied when you export the report in PDF format. 1. Create your report. 2. On the report section completion page, click Settings. A dialog box opens for configuring Security, Display, and PDF settings. 3. Select PDF Settings. 4. Change layout options, as preferred: Parameter
Description
Orientation
Select portrait or landscape orientation.
Resolution of image
Select a view resolution for charts. Lower resolutions can reduce export file size; however, a very low resolution can affect image clarity. This setting does not apply to tables.
Left banner
Specify graphics for left, center, and right report banners as described in Customizing Banners for nGeniusONE Reports.
Center banner
955
nGeniusONE 5.4.1 Online Help Topics Right banner
Left header Right header Left footer
Specify macros or enter text for left and right report headers and footers as described in Customizing Text Fields for nGeniusONE Reports.
Right footer To change the sizes of views on the pages of a specific PDF reports, click Edit view layout for PDF Export on the report section's summary page. The above instructions apply to specific report sections. To set PDF preferences globally for all of your nGeniusONE reports, use Preferences on the Report Configuration Home page.
Customizing Banners for nGeniusONE Reports By default, the banner in reports includes three graphics (left.jpg, center.jpg, right.jpg). You can customize these banners by replacing the default graphics with your own images. You can specify a custom banner in two ways: • When setting preferences after creating a particular report • When setting preferences to standardize the banners that apply to all of your reports To customize the banners, you place your graphics in a specified location as follows: 1. Log in to the nGeniusONE Server. 2. Save the graphic files you want to use in the following folder: /rtm/Reporting/images You can use any web-supported graphics format (for example, JPEG, PNG, or GIF). Refer to the following table for recommended graphic sizes: Option
Pixels
left-banner
570x167
right-banner
480x167
center-banner
1500x167
Tip: This image provides the background for the center area of the banner. For best results, use a solid color. 3. Exit from the server. 4. Do one of the following:
• For a specific report: Create a report, click Settings, then select PDF Preferences. • For all reports: Select Preferences on the Report Configuration Home page, then select PDF Preferences.
956
CONFIGURING AND MANAGING nGeniusONE 5. Click the text boxes for left, center, and right banners and select the preferred graphic. 6. Click Apply. Tip: Deleting a graphic file from the images folder returns the banner to the default (you do not need to reenter any graphic name). In addition, any configuration errors result in reversion to the default settings.
Customizing Text Fields for nGeniusONE Reports You can customize the text fields in report headers and footers, either for a specific report, or by standardizing the text fields that apply to all of your reports. By default, reports display the following fields for header and footer text : • Left Header — Source Server Hostname ($$REPORT_SOURCE_SERVER_HOST) • Right Header — Report generation date, time, and time zone ($$REPORT_DATE_MID; $$REPORT_TIME_LONG) • Left Footer — None • Right Footer — None These fields are populated by macros, which can be modified. You can select different macros for each field or you can delete the macro entries and enter your own text or leave the fields blank.
Customizing text fields for a specific report 1. Create a report. 2. Click Settings, then select PDF Preferences. 3. Modify the contents of the left and right headers and footers in the following ways. • Enter text of your choice (25-character limit). Special characters and spaces are allowed. Example: Company Name • Click Choose and select a Text Field Macro. You can combine multiple custom and macro text fields. 4. Click Apply.
Customizing text fields globally for all of your reports 1. Select Preferences on the Report Configuration Home page. A dialog box opens for setting PDF and Report preferences. 2. Select PDF Preferences. 3. Modify the contents of the left and right headers and footers in the following ways. • Enter text of your choice (25-character limit). Special characters and spaces are allowed. Example: Company Name
957
nGeniusONE 5.4.1 Online Help Topics • Click Choose and select a Text Field Macro. 4. You can combine multiple custom and macro text fields. 5. Click Apply.
Report Text Field Macros You can include dynamic content in report layouts by selecting from a variety of predefined macros. Note: • Date and time macros can vary depending on locale. The examples in the table below reflect the U. S. English locale. • Values for report time and date (REPORT_TIME, REPORT_DATE) represent the time when the report is generated. • Values for current time and date (CURRENT_TIME, CURRENT_DATE) represent the time when the report is exported.
Text Field Macros Select Macro
Output Format
Example Output (U. S. English Locale)
$$CUR_TIME_SHORT;
H:MM A
10:31 AM
$$CUR_TIME_MID;
HH:MM A, Z
10:31 AM, EDT
$$CUR_TIME_LONG;
HH:MM:SS A, Z
10:31:00 AM, EDT
$$CUR_DATE_SHORT;
MM/DD/YYYY
04/15/2015
$$CUR_DATE_MID;
MMM D, YYYY
Apr 15, 2015
$$CUR_DATE_LONG;
EEEE, MMMM D, YYYY
Wednesday, April 15, 2015
$$REPORT_SOURCE_SERVER_HOST; Server Name
nGeniusSrv_200
$$REPORT_TIMEZONE_SHORT;
XXX
PST
$$REPORT_TIMEZONE_LONG;
Time Zone
Pacific Standard Time
$$REPORT_TIME_SHORT;
H:MM A
10:31 AM
$$REPORT_TIME_MID;
HH:MM A, Z
10:31 AM, EDT
$$REPORT_TIME_LONG;
HH:MM:SS A, Z
10:31:00 AM, EDT
$$REPORT_DATE_SHORT;
MM/DD/YYYY
04/14/2015
$$REPORT_DATE_MID;
MMM D, YYYY
Apr 14, 2015
$$REPORT_DATE_LONG;
EEEE, MMMM D, YYYY
Tuesday, April 14, 2015
$$REPORT_NAME;
Report Name
Link Analysis Report
958
CONFIGURING AND MANAGING nGeniusONE
Generating nGeniusONE Reports A report can be generated immediately or on a schedule: On-demand 1. Open the Report Configuration tool. 2. On the Home page, locate the report you want to generate and click Generate Instance. 3. (Optional) Modify the duration and resolution of data for the report. By default, the report contains data for today with a resolution of 1 hour. 4. A report instance is created and immediately opened in the Report viewer. The report instance is saved on the nGeniusONE Server file system. Scheduled When you define a report, you can specify scheduling information. At the scheduled time, the report is generated and saved to the file system. If email delivery is specified, the report is sent as an attachment or as a link to the My Reports viewer included in an email. Troubleshooting If email delivery or scheduled report generation fails, alerts are triggered and can be viewed in the Server Health and Alert Browser modules. Refer to Troubleshooting nGeniusONE Reports for additional information. Saved Instances and Report Aging Generated report instances are saved on the nGeniusONE Server file system and aged out (deleted) according to the following schedule: Instances of on-demand reports age out after 100 days; daily editions of a scheduled report age out after 60 days; weekly editions age out after 180 days; monthly editions age out after 360 days.
Viewing nGeniusONE Reports Generated reports can be viewed in the Report Configuration tool as well as in the My Reports tab. • Open Report Configuration from the nGeniusONE Console. Select a report on the Report Configuration Home page and click Snapshots to view previously generated reports. Click Generate a Snapshot to create a new report instance for immediate display in the Report Configuration tab. This on-demand report uses data for the current day (starting at midnight). • Open My Reports by clicking on the nGeniusONE Console. Select from the list of generated reports. You can search for particular instances using the filter controls and entering a search string. • After opening a report in either the Report Configuration or My Reports tab, you can see and select other generated instances of the report by clicking the report date/time heading: In addition, when an individual receives a scheduled report URL through email, it has a special parameter that enables the recipient to open the My Reports tab for the specified generated report.
959
nGeniusONE 5.4.1 Online Help Topics After opening a report, you can use interactive features, including (not all options available for all views): • Full screen display for views • Chart and table options • Metric display • Zoom You can also email and export the report instance. Note: When exporting, ensure that popups are enabled in your browser.
Distributing nGeniusONE Reports You can distribute reports in the following ways: • Email — You have several options for sending reports by email: o When scheduling a report, you can deliver the report as PDF, RTF, and CSV attachments and as a link included in an email, which leads the recipient to the My Reports viewer. Use these methods to regularly send reports of historical views to email recipients. o When viewing a report in My Reports, you can send the current report instance as a PDF, RTF, or CSV attachment or as a URL link in an email. Click the Email button
and enter the required information.
Requirements: o To send reports by email you must configure email settings in Server Management. o To send email outside your own domain you must provide a valid user name and password in Email Settings to authenticate for the outgoing SMTP server. In addition, you must manually add the following property to serverprivate.properties: mail.smtp.auth=true • Copy URL — After a report has been configured and generated, the report tile displayed on the Report Configuration Home page has a link to Latest Instance URL. Click the link, manually copy the URL, and distribute it as preferred.
User Access for nGeniusONE Reports User access to reporting features is managed through the following privileges, which are assigned to the standard nGeniusONE user roles. Note: Some of these privileges also apply to UMC-based Reports, Templates, and NewsPapers. Refer to User Roles for Reports and NewsPapers (UMC) for information about working with the UMC reporting features. • Administration — Provides System Administrators with global authority to view, modify, generate, delete, and schedule their own and other users' reports. This privilege overrides any security settings configured in the reports. • Report and Report Template Configuration — Allows users to create, edit, delete, copy, and generate reports. • Report and NewsPaper Scheduling — Allows users to schedule reports.
960
CONFIGURING AND MANAGING nGeniusONE • Report Access — Allows users to access and view reports; enables the Report Configuration launch point on the nGeniusONE Console. Note: If you want individuals with no nGeniusONE credentials to view reports, you can activate the NPViewer account. In addition, when configuring security for a particular report, you can add other users to the report's Access Control List (ACL) to allow them to edit the report. By default, all nGeniusONE users are able to create, schedule, and view reports. However, when users add content to report sections, services and network domains might be limited based on their service assignments. These assignments are made in Service Configuration. The following table lists all of the nGeniusONE reporting privileges assigned by default to each predefined user role. Note: The System Administrator can modify these default settings as described in Configuring User Roles in nGeniusONE. Reporting Privilege
nGeniusONE User Role includes by default Network System Network Approver Admin Admin Operator
Help Desk
NPViewer
Administration Report Access Report and NewsPaper Scheduling Report and Report Template Configuration NPViewer Account NPViewer is a special system-defined account that enables direct access to reports without logging in to the nGeniusONE Server. This account is disabled, by default. In User Management, the System Administrator can enable the NPViewer user account and specify the servers the account can access. If the NPViewer account is enabled, the author of a report has the option (in the Scheduling tab) to allow access to these users. When the author schedules the report for email delivery with the WEB URL option, by default, recipients will receive an email with a URL that allows them to view the specific report without logging in. When viewing reports, NPViewer users can export them as PDF, RTF, or CSV files. They cannot delete or view other instances. The URL for direct access to reports takes the following form: http://:8080/reporting/data?reportkey=&reportinstance=LATEST
961
nGeniusONE 5.4.1 Online Help Topics
Understanding Your nGeniusONE Report A generated report displays performance data in views specified by the report template. The heading shows the time frame for the data contained in the report and the date the report was generated. The views indicate the data sources providing data during the given time frame. The conventions used for naming devices, interfaces, hosts, and applications, and the time zone shown in the report are determined by your specified report display options. When viewing a report instance in the My Reports portal, you can perform the following tasks: • View and select other generated instances of the report by clicking the report date/time heading: • Refresh data in the views • Export the report instance in various formats popups are enabled in your browser)
(when exporting, ensure that
• Send the report instance in an email You have the following additional options within each view: • Display a view as full screen • Toggle between chart and table views • Remove/restore metrics in charts by clicking them in the legend:
• Zoom into more granular detail by selecting and dragging a data point • See additional data details by hovering over sections of charts Refer to the following topics for additional information: • Creating nGeniusONE Reports • Generating nGeniusONE Reports • Viewing nGeniusONE Reports
Troubleshooting nGeniusONE Reports Use the information in this topic to troubleshoot possible errors with nGeniusONE Reports. Generation and Delivery Failures When failures occur with scheduled report generation or email delivery, alerts are triggered and can be viewed in the Server Health and Alert Browser modules. Note: Alerts are not supported for on-demand reports. Report alerts are generated for the following events :
962
CONFIGURING AND MANAGING nGeniusONE • Scheduled report generation failure: When a scheduled report (daily/weekly/monthly) fails to generate due to a missing data source, a server blackout state, or similar cause, a Warning (yellow) alert is triggered. • Report email delivery failure: When report email is not delivered because the SMTP server is not configured or similar conditions, a Critical (red) alert is generated. • Report over-run: When reports fail to generate within a specified time, a Critical (red) alert is generated. The default value for over-run time is 3600 seconds (1 hour). For example: If an hourly scheduled report fails to generate within the default 3600 seconds and runs over to the next hour, an over-run alert is generated. You can change the default setting by setting the property report.overRunLimit to the preferred value in the serverprivate.properties file. To avoid repeated alerts for the same failure, reporting alerts are generated only under the following conditions: • The failure does not already exist for the given report. • Previous generation/delivery was successful, then was followed by a failure. • A server or process restarted. Reporting alerts are displayed in the Server Health module with drilldown to the Alert Browser. In the Alert Browser, these alerts are categorized as Device-type. No Data in Views When using nGeniusONE Reports, views might contain no data for various reasons. Use the information listed below as a guide for understanding and correcting these issues. No Data in: Service Performance Reports
Possible causes: • Response time is not enabled (or not supported) for a given protocol. • ASI metrics are not available for a given application. • The service selected as a data source for the report is associated with a non-supported monitor. For example, RTP/Audio/Video protocols are supported only by the RTP Monitor. If a service includes these protocols and is associated with a different monitor, reports will show no data.
Additional Topics Preference Settings for nGeniusONE Reports Configure the following preferences for nGeniusONE reports:
963
nGeniusONE 5.4.1 Online Help Topics • PDF Preferences • Report Content Preferences • Purging Preferences PDF Settings — Any user can specify preferences for exporting his or her own reports in PDF format. Parameter
Description
Number of views per page
Modify the layout of views on a page of the exported report by selecting the number of views to be displayed, 1-4.
Orientation
Select portrait or landscape orientation.
Resolution of image
Select a view resolution for charts. Lower resolutions can reduce export file size; however, a very low resolution can affect image clarity. This setting does not apply to tables.
Left banner
Specify graphics for left, center, and right report banners as described in Customizing Banners for nGeniusONE Reports.
Center banner Right banner Left header Right header Left footer
Specify macros or enter text for left and right report headers and footers as described in Customizing Text Fields for nGeniusONE Reports.
Right footer Report Configuration Settings — Any user can specify preferences for sections and views included in his or her own reports. Parameter
Description
Maximum sections per report
Select the maximum number of sections and views to allow in each report.
Maximum views per report
Defaults are: 5 sections; 100 views
Purging Settings — Users with the Report Administration privilege can specify time periods for retaining all reports before they are purged. Parameter Description Snapshot Daily Weekly Monthly
Select the number of days to keep each type of generated report after which they will be purged. Defaults are: Snapshot 100 days; Daily scheduled reports 60 days; Weekly scheduled reports 180 days; Monthly scheduled reports 360 days.
Refer to the following topics for additional information: • Configuring nGeniusONE Report Preferences • Creating nGeniusONE Reports
964
CONFIGURING AND MANAGING nGeniusONE
MANAGING SERVERS AND USERS Welcome to Server Management in nGeniusONE Server Management provides you with a bright, easy-to-use user interface to manage either a standalone nGeniusONE Server or all nGeniusONE Servers included in a distributed cluster. Localization and internationalization language support is provided for Chinese, Japanese, Korean, Hong Kong, and Taiwanese deployments. The installation process automatically creates a user account with System Administrator and Network Administrator roles. The default account allows you to manage the nGeniusONE Servers in your environment, including performing the following tasks: • Configure and maintain servers • Configure Users • Set Up Authentication • Configuring Exclusions • Viewing Deployment Information • Managing a distributed server environment
Launching Server Management Launch the Server Management module by logging into the nGeniusONE console and selecting the module.
Server Management icon to access the most recent HTML-based
Servers Screen in nGeniusONE — Overview The Servers screen in the nGeniusONE Server Management module is an HTML-5, fully web-compliant interface that mirrors the style and design of the Service Dashboard. The screen, as shown below, lists all configured nGeniusONE servers, their status, and related information.
Servers Display The Servers screen, as shown above, displays the following columnar information: • Server — The name and IP Address of the server as well as server status, indicated by (up) or (inoperative) icons. • Type — The server type such as Global, Local, Standalone or Standby. • License Summary — Modules that are currently licensed include nGeniusONE, UC (Unified Communication) licenses include: UC Codec, UC Workgroup, and UC Standby • Serial Number — The model serial number. • Operating System — The name and build number of the operating system. For example: Linux 2.6.18-274.el5 • Time Zone — The time zone and hour offset where the server is installed. For example: EDT US/Eastern (-0400)
965
nGeniusONE 5.4.1 Online Help Topics • Version — The software version and Build numbers. For example: 5.4.0.0 [ Build 908]
Servers Functionality The Servers screen supports the following functionality common to earlier releases but on a revamped, easy-to-read toolbar: •
Add Server — Adds a Local or NewsStand Server to the cluster, or a Standby Server to the selected Local Server as selected from the drop-down list.
•
Server Operations: Start/ Stop, Delete, or Convert to Primary (from a Standby server) from the drop-down list. You can start/stop one or more selected servers; if some are running and others are disabled, the operation is performed only on the down or running servers, respectively. The Delete operation is performed after you confirm the action. The screen is refreshed and the corresponding server card disappears. Details for these actions are displayed in the Progress bar.
•
View Activity Logs — This four-panel display displays user information including counts of sessions, login and logout times, types of activities performed, and message details gathered over various intervals.
•
Upload Software — Uploads system or decode pack software from the drop-down list
•
Upgrade Software — Upgrades system or decode pack software from the dropdown list
•
Column Editor — In addition to the default column shown, you can add or remove columns with this tool. Column choices vary by module.
•
Flat — Displays servers without regard to hierarchy
•
Tree — Displays servers in a tree hierarchy
• •
Refresh — Refreshes items displayed on the screen Search — Queries one or more servers by its name or host name/IP Address.
Note: Refer to the following matrix for server default behavior when single or multiple options are selected. Action
State No Selection
Single Selection
Multi-Selection
Add Local Server
Enable
Enable
Enable
Delete Server
Disable
Disable — If the selected Disable server is a logged in Server Enable — If the selected server is not a logged in server
Add Standby Server
966
Enable
Local Server — Enable Standalone Server —
Disable
CONFIGURING AND MANAGING nGeniusONE Enable GM — Disable Newsstand Server — Disable Standby Server — Add NewsStand Enable Server
Enable
Enable
Start Server
If Server already started — Disable
Enable
Disable
If Server already stopped — Enable Stop Server
Disable
If Server already stopped — Disable
Enable
If Server already started — Enable Convert to Primary
Disable
Local Server — Disable
Disable
GM — Disable NewsStand Server — Disable Standby Server — Enable
Upload
Enable — upload populated with all servers except root server. For example: Global Manager
Server list populated with selected server for upload
Server list populated with multiple servers selected for upload
Upgrade
Enable — upgrade populated with all servers except root server. For example: Global Manager
Server list populated with selected server for upgrade
Server list populated with multiple servers selected for upgrade
Drill-down Screens Clicking on a server name drills down to the following tabs containing more server parameters to view and/or configure: • General Information — Configure Server Name, Server Type, Address/Host name, Status (UP, DOWN ...), Time zone (hour offset and zone name), Version (nGeniusONE release and Build number), Decode Version and build number; and
967
nGeniusONE 5.4.1 Online Help Topics Additional Information including the Web Port number (configurable), Registry Port number, and field to enter a Note • Email Settings — Configure SMTP server authentication and additional, optional settings for alarm notifications • DNS Configuration — Configure a DNS server for nGeniusONE standalone and Local Servers (including the Local Server located on the Global Manager) • Database Backups — Schedule database backup types and times as well as perform a backup now • Aging Parameters — Schedule how long an interval to set for ageing out data stored in Raw, Hourly, Daily, or Monthly tables on your main or backup server Refer to the following links for more details about Server Management functionality. • • • • •
Add a server Delete a server Start a server Stop a server Software Updates
• Upload patch files • Upgrade servers • Convert the selected Standby Server to a primary server • Testing the Standby Server
Changing the nGeniusONE Server IP Address or Hostname If you must change the nGeniusONE Server IP address or hostname, NetScout Systems recommends that you do so with the assistance of customer support, particularly if your environment is configured across a firewall. This procedure runs a script to modify the Server Map Table. In addition to modifying the Server Map Table, you must manually modify the /etc/hosts file in the following circumstances: • You change the hostname. • You need to establish precedence in a multi-host environment when the /etc/hosts file contains multiple IP addresses/hostnames. Changes to the /etc/hosts file are not replicated. If you change a server hostname, you must manually modify the /etc/hosts file on every affected server. Important: • When you perform this procedure on a parent server, the change is pushed to all child servers. If you perform this procedure on a child server, you must also perform it on the parent server. • You do not need to synchronize changes among siblings (for example, Local Server to Local Server or NewsStand Server to NewsStand Server). Special Cases: Converting a Local Server to a Global Manager Case 1 Situation: You change the IP/hostname on a Local Server and later convert the Local Server to a Global Manager. Result: The new Global Manager pushes its new IP/hostname to all child servers in the cluster.
968
CONFIGURING AND MANAGING nGeniusONE Action required: If the new Global Manager is using an IP address, no action is required. If the new Global Manager is using a hostname, manually modify the /etc/hosts file on every affected server. Case 2 Situation: You change the IP/hostname on Local Server. You later convert a different Local Server to Global Manager. Result: Because the new Global Manager was not previously updated with the change to Local Server , it cannot reach that server when updating the cluster with the new Global Manager IP/hostname. Action required: Run the script to update the new Global Manager with Local Server's address.
•
• If the new Global Manager is using a hostname, manually modify the /etc/hosts file on every affected server. Procedure 1. Log in to the server and navigate to the/rtm/bin directory. 2. Modify the Server Map Table: a. Change to user ngenius and execute the following script: su ngenius updateservermaptable.sh/bat 3. Hostname change only — Manually edit the /etc/hosts file: a. Navigate to the /etc/hosts file on your system: Windows — WINNT/System32/drivers/etc/hosts Linux — /etc/hosts b. Back up the file before proceeding. c. Open the file using a text editor and modify the file appropriately. (In a multi-host system, manually edit the /etc/hosts file to place the new IP/hostname at the top of the list.) d.Save and close the file. 4. Restart the server. Global Manager In a distributed environment, when you update the Server Map Table with a new IP address or hostname for the Global Manager, the change is replicated to all child servers. 1. Log in to the Global Manager and perform the procedure specified above, entering the old and new Global Manager IP addresses or hostnames. The change is pushed to all child servers in the cluster, including Local Servers, NewsStand Servers and/or Standby Servers. 2. Hostname change only — Manually edit the /etc/hosts file on all affected servers. Local Server
969
nGeniusONE 5.4.1 Online Help Topics In a distributed environment, when you update the Server Map Table with a new IP address or hostname for a Local Server, you must also modify the Server Map Table for the parent (Global Manager) and all child servers (Standby Servers) associated with the Local Server. 1. Log in to the Local Server and perform the above procedure, entering the old and new IP addresses or hostnames. 2. Stop the Global Manager and perform the above procedure, entering the old and new Local Server IP addresses or hostnames. 3. Stop the Standby Server and perform the above procedure, entering the old and new Local Server IP addresses or hostnames. 4. Hostname change only — Manually modify the /etc/hosts file on all affected servers. NewsStand Server When you update the Server Map Table with a new IP address or hostname for a NewsStand Server, you must also modify the Server Map Table for the parent (Global Manager or standalone) server. 1. Log in to the server and perform the above procedure, entering the old and new IP addresses or hostnames. 2. Stop the parent server and perform the above procedure, entering the old and new IP addresses or hostnames. 3. Hostname change only — Manually modify the /etc/hosts file on all affected servers. Standby Server In a distributed environment, when you update the Server Map Table with a new IP address or hostname for a Standby Server, you must also modify the Server Map Table for all parent (Global Manager, Local Server, standalone) servers. • Standby Server attached to the LocalServer attached to a Global Manager 1. Log in to the server and perform the above procedure, entering the old and new IP addresses or hostnames. 2. Stop the Global Manager and perform the above procedure, entering the old and new IP addresses or hostnames. 3. Hostname change only — Manually modify the /etc/hosts file on all affected servers. • Standby Server attached to a remote Local Server 1. Log in to the server and perform the above procedure, entering the old and new IP addresses or hostnames. 2. Stop the remote Local Server and perform the above procedure, entering the old and new IP addresses or hostnames. 3. Stop the Global Manager and perform the above procedure, entering the old and new IP addresses or hostnames. 4. Hostname change only — Manually modify the /etc/hosts file on all affected servers. • Standby Server attached to a standalone nGeniusONE Server
970
CONFIGURING AND MANAGING nGeniusONE 1. Log in to the server and perform the above procedure, entering the old and new IP addresses or hostnames. 2. Stop the standalone nGeniusONE Server and perform the above procedure, entering the old and new IP addresses or hostnames. 3. Hostname change only — Manually modify the /etc/hosts file on all affected servers. Standalone nGenius Server When you update the Server Map Table with a new IP address or hostname for a standalone nGeniusONE Server, the change is replicated to all child servers (NewsStand/Standby) servers. a. Log in to the server and perform the above procedure, entering the old and new IP addresses or hostnames. The change is pushed to any child (NewsStand and/or Standby) servers. b. Hostname change only — Manually modify the /etc/hosts file on all affected servers.
Using Column Management in Devices and Servers The Column Management/Editor feature in the nGeniusONE Server Management, Device Configuration, and Global Settings modules orders which columns will display from the selected tab. By hiding or adding one or more column headings, you can focus on the displayed information of your choice. Additionally, you can sort the left-to-right sequence in which columns will appear to emphasize those of greater importance. This feature optimizes the view on whatever form factor you display the information. The screen, as shown below, contains a left pane listing currently displayed column headings and a right pane listing column headings currently removed from display. Items are marked with either a dash (—) or plus (+) sign, indicating the action that will result if you select them. Double-clicking an item in either pane toggles the selection to the opposite pane. Additionally, you can elect to Remove All or Add All items.
971
nGeniusONE 5.4.1 Online Help Topics Note: Some column headings in some views are fixed (hard-coded) in place and cannot be removed. To use Column Editor : 1. Click the Column Management or screens) icon.
Column Editor (in Server Management
2. Double-click one or more selected column types to move them to the display or hide pane. 3. (Optional) To move a column heading from its current horizontal screen location, select and hold it in the left pane, then drag and drop the item vertically in the list to where you want it to appear on the screen. 4. Click OK. Note that any column management changes will not persist between sessions.
Licensing and Monitoring Limits in nGeniusONE One license supports 50 Type I and 10,000 Type 2 Monitored Elements. Determine the number of Monitored Elements on a server To determine the number of Type 1 and Type 2 Monitored Elements that you have added to a server: 1. From the nGeniusONE console, successively click the Health
and Server Health
icons. 2. Expand the Servers pane and select a Local or Standalone Server. 3. In the Summary pane, refer to the License column. (This node is not enabled for the Global Manager, which does not directly manage Monitored Elements.) 4. The License Info nodes display as follows: • Total number (Maximum) of Type I and Type II interfaces for which you are licensed • Total number of Type I and Type II interfaces currently added to the server 5. Expand the Type I or Type II node to display additional information about the number of probe, NetFlow, and sFlow interfaces, as well as Switch and Router ports, and virtual interfaces are currently enabled. Type 1 — Physical interfaces and Common Data Model (CDM) adaptors (Link Aggregation, Probe [Gigachannel] Aggregation, or High-Speed Aggregation, NetFlow, sFlow). Type 2 — Any combination of the following: • Virtual interfaces (VLAN, QoS, Site, VLAN-QoS, Site-QoS, VRF-Site, VRF-Site-QoS, Site-APN, LA-RA, VRF-Group, VRF-Group-QoS, TAC, BSID, CMTS • Virtual interfaces of NetFlow and sFlow • Fast EtherChannel (FEC) Important: Counting NetFlow Monitored Elements The nGenius NetFlow Collector and nGenius Collector can be deployed in one or both of two modes:
972
CONFIGURING AND MANAGING nGeniusONE Device Mode — Each Flow Collector supports up to 10 NetFlow-enabled devices with a total of up to 1,000 interfaces. Each device consumes one Type 1 monitored element, regardless of the number of enabled interfaces. Each NetFlow virtual interface also consumes one Type 2 monitored element. Interface Mode — Each Flow Collector supports any number of NetFlow-enabled devices up to a total of 250 interfaces. Five interfaces consume one Type 1 monitored element. Each individual interface also consumes one Type 2 monitored element. Using the extd_vifn_mode command, you can increase the virtual interface support on nGenius Flow Collector and nGenius Collector appliances to 5000. Purchasing Additional Licenses To increase the number of elements you can monitor, you can purchase additional licenses. Do not reinstall the application. Refer to the NetScout Systems Customer Support website at https://my.netscout.com/pages/mcplanding.aspx for details.
973
nGeniusONE 5.4.1 Online Help Topics
Managing Servers Server Management Tasks in nGeniusONE — Overview The tabs under Server Management allow you to perform a host of functions essential to managing both standalone servers and distributed server clusters. The interface consists of the following elements: Navigation tabs • Servers — Perform essential server maintenance and configuration. • Users — Add and modify users, user groups, and user roles, as well as view Activity Logs. • Settings — Perform software updates, join the nGenius Deployment Database, add and modify authentication servers, add and modify exclusions. • Deployment — View session statistics, Activity Logs, and user deployment information. Task Progress You can monitor the progress of any task being currently performed, and optionally remove selected messages, by clicking the task progress arrow located at the bottom of the interface.
Server Management Interface This topic provides a quick introduction to the following components of the Server Management interface in nGeniusONE. • Sections • Tools • Navigation • Task Progress
Sections The interface consists of localization-compliant: • top-level Servers, Users, Settings, and Deployment tabs, • mid-level toolbar tabs, and • a tabular server display screen with drilldowns to sub-tabs and display/configuration screens. Section
Description
Servers
Configure and view the nGeniusONE Servers in your enterprise. When you select a server in the screen, several tabs display, allowing you to view or configure the following:
974
CONFIGURING AND MANAGING nGeniusONE
• • • • • Users
General Information (detailed server information) Email Settings DNS Configuration Database Backups Aging Parameters
Configure and view the nGeniusONE users in your enterprise. When you select a user in the screen, several tabs display, allowing you to view or configure the following: • Users • Groups • Roles
Settings
Configure and view the nGeniusONE settings in your enterprise. You can select from three sub-tabs, allowing you to view or configure the following: • Software Updates & nDD • Authentication Server • Exclusion
Deployment
Manage and view the nGeniusONE deployment information in your enterprise. When you select a server in the screen, several tabs display, allowing you to view or configure the following: • Statistics • Activity Logs • Deployment
Tools The following table lists general purpose tools used throughout Server Management. The function of some tools varies depending on context: Add
Use this tool to add servers, user accounts, groups, and roles. Clicking the Add icon or tab in a navigation pane changes the contents of the right-hand pane to display the configuration interface for the selected function.
Start/Stop/Delete/ Convert to Primary
Start/Stop/Delete or Convert (to Primary Server) the selected server.
View Activity Log
Display all operational and status messages saved to the database.
Upload Software
Upload nGeniusONE Software or Decode Pack Software patch files to the selected server
975
nGeniusONE 5.4.1 Online Help Topics
Upgrade Software
Depending on context: • Upgrade the selected server • Back the database up now
Column Editor
Orders which columns will display from the selection.
Flat list/Tree list view
Display servers in a flat or hierarchical format.
Refresh
Refresh the selected screen.
Search
Enter a server name or address/host to search for.
Active
Active (for example, active user or active authentication server).
Error
Depending on context:
/
Inactive
• Error • Inactive (for example: user, authentication server)
Navigation Navigation icons display in a task bar at the bottom of the page. You can hide or display the icons by toggling Settings > Hide Taskbar/Show Taskbar. • Mouse over each icon to display its destination. • Click the arrow to hide or display the task bar. Task Progress
You can monitor the progress of any task being currently performed, and optionally remove selected messages, by expanding the task progress pane located at the bottom of the interface. Icons — Information — The task contained errors — Part of the task failed — Click the arrow located at the right end of the bar to expand the pane. The task progress report displays step-by-step information about the following: • Operation
976
CONFIGURING AND MANAGING nGeniusONE • Status • Source • Time • Progress Details — Clear all completed tasks / — Show/Hide details. Click these arrows to display or hide the Source, Time, Heading, and Details of the Server Management operation.
Server Security in nGeniusONE — Overview The Server Management module allows you to perform functions essential to configuring the security of your enterprise. Navigation and configuration tab • Users — Manage user accounts • Groups — Manage user groups • Roles — Manage user roles • Authentication Servers — Configure external authentication servers to secure your system Task Progress You can monitor the progress of any task being currently performed, and optionally remove selected messages, by expanding the task progress pane located at the bottom of the interface. The following is displayed: • Name — The task currently being performed. For example: Adding Route • Details — Details for the task that the server is currently performing. When the task completes, the Details column displays "Done". • Status — The status of the task that the server is performing. A progress bar displays for tasks in process. For completed tasks the Status column displays Success, Warnings, or Errors. Viewing Details To view detailed information about a particular task, select the task and click Details. The Details window includes the Progress and Warnings/Information/Errors tabs: Progress Tab When viewing progress details from the Global Manager, select the appropriate Local Server. The Progress tab displays all subtasks that the server performs to complete the task you requested. Icons display with the task or selected device name to indicate the task status: Symbol
Description Completed successfully Partial failure
977
nGeniusONE 5.4.1 Online Help Topics
Failed completely Warnings/Errors Tab The tab label changes based on the current status of the task. A detailed description of the message displays, including the Timestamp, Description, and Details such as the device name, application, port number, and other information. For more information about a specific warning, information, or error, you can view the Activity Log. Clearing a Task To clear a task from the report window, select the task and click Clear. The task is removed from the window but server still performs the task.
Settings Screen in nGeniusONE — Overview The Settings screen in the Server Management module provides configuration and viewing options to set the following functionality: • Software Updates & nDD (nGenius Database Deployment): Schedule automatic software downloads by weekly or monthly intervals with options for setting a day of the week or month to run and view the contents of files following downloads. Also, authorize meta-data transfers of deployment information via your MasterCare Portal account for use by NetScout to aid feature development. • Authentication Servers: nGeniusONE Server uses only one form of authentication at a time, either local or one of the supported external methods, and responds with an error message to invalid login attempts. If a user cannot be authenticated according to the main authentication method and server, nGeniusONE Server rejects the login. By default, nGeniusONE console provides local mechanisms for authenticating and authorizing users. Alternatively, you can use one of the following types of external authentication servers: o
RADIUS
o
Windows Domain (or Windows Active Directory)
o
nGenius (Native; not configurable)SM (SiteMinder)
o
LDAP
o
TACACS+ (Cisco Secure ACS)
• Exclusions: Configure parameter exclusions to have the most accurate data possible when viewing current conditions and forecasting future network needs. The following exclusions are supported: o Service Alarm exclusions allow you to specify periods of time during which ASI service-based alerts are not generated. o Baseline exclusions let you exclude specific periods of time during which data samples are excluded from the calculated baselines that trigger ASI baseline alerts or are displayed in UMC-based reports. o Data Warehouse exclusions allow you to exclude specific periods of time from the averaged data that is used in reports, including Forecast reports.
978
CONFIGURING AND MANAGING nGeniusONE o Analytics exclusions permit you to specify periods of time during which data samples are excluded from statistical models and analysis. You must have installed nGenius Analytics for Flows to benefit from configuring Analytics exclusions.
979
nGeniusONE 5.4.1 Online Help Topics
Server Management Tasks Add and Configure Servers Adding a Server in nGeniusONE The Server Management module allows you to add Local Servers and NewsStand Servers to a distributed cluster. In addition, you can add NewsStand, and Standby Servers to a standalone nGeniusONE Server. Parent/child servers must be at the same version. Users assigned System or Network Administrator roles or possessing equivalent privileges can add servers. Adding a server across a firewall When adding a server across a firewall, (for example, when adding a Local Server located outside a firewall to a Global Manager located inside the firewall) do the following: • Perform the configurations required when accessing the nGeniusONE Server across a firewall. Example: The Global Manager is behind a firewall with respect to the server being added. • Ensure that the server.autoRegister.userHostName property in the serverprivate.properties file (/rtm/bin), is set appropriately. o
o
Inside the firewall = true Outside the firewall = false (default)
• After setting the property, restart the server. Important: • When server.autoRegister.userHostName=true on any system, the /etc/hosts (Linux) or C:\WINDOWS\system32\drivers\etc\host (Windows) file on that system (in this case the Local Server) must list the hostname of the server outside the firewall. The hostname must be completely accurate, including case sensitivity. When adding a server across a firewall, you must specify the server hostname with correct case sensitivity. • Ensure that a web connection to the server inside the firewall can be made from outside the firewall. Configuring DNS Resolution Before you add a child server to a parent server, you must ensure that DNS resolution is properly configured using the following procedure: 1. From the parent server system, navigate to: — Windows: Windows/System32/drivers/etc/hosts — Linux: /etc/hosts Important: • When adding a Standby Server to a remote Local Server, the parent is the Local Server.
980
CONFIGURING AND MANAGING nGeniusONE 2. When adding a Standby Server to the LocalServer located on the Global Manager, the parent is the Global Manager. Using a text editor, open the hosts file and add the IP address and hostname of each child server you intend to add. SYNTAX: 3. Save and close the file. 4. From each child server to be added, navigate to: — Windows: Windows/System32/drivers/etc/hosts — Linux: /etc/hosts 5. Using a text editor, open the hosts file and add the IP address and hostname of the parent server. SYNTAX: 6. Save and close the file. 7. Add the servers using the procedures referenced in the following table. Parent Server
Child Servers
Global Manager
• Local Server • NewsStand Server
Local Server or LocalServer (located on the Global Manager)
• Standby Server
Standalone Server
• Standby Server • NewsStand Server
Add Server in nGeniusONE Select one of the following server types from the
Add Server drop-down list:
• Local Server • Standby Server NewsStand Server Field
Description
Local Server Server Name
Enter a unique name for the server you are adding.
IP Address/Host
Enter the IP address or host name of the server you are adding. If using a host name, entries are case insensitive. • The /etc/host file of the parent server (Global Manager or standalone server) must include the DNS names and IP addresses of its child servers (NewsStand, Standby, and Local Servers). • The /etc/host file of the child servers
981
nGeniusONE 5.4.1 Online Help Topics (NewsStand, Standby, and Local Servers) must include the DNS name and IP address of the parent server. Web Port
Default = 8080
User Name
Enter the user name of the user adding the server. Users assigned System or Network Administrator roles or possessing equivalent privileges can add servers.
Password
Enter the user password
Standby Server Server Name
Enter the name of the server you are adding.
IP Address/Host
Enter the IP address or host name of the server you are adding. If using a host name, entries are case sensitive: • The /etc/host file of the parent server (Global Manager or standalone server) must include the DNS names and IP addresses of its child servers (NewsStand, Standby, and Local Servers). • The /etc/host file of the child servers (NewsStand, Standby, and Local Servers) must include the DNS name and IP address of the parent server.
Web Port
Default = 8080
User Name
Enter the user name of the user adding the server. Users assigned System or Network Administrator roles or possessing equivalent privileges can add servers.
Password
Enter the user password
Alarm Suppression Time
Time in seconds before Standby Alarms are re-issued Default = 3600 (ms)
Backup Check Timeout
Timeout for backup to hear from Primary Default = 3600 (ms)
NewsStand Server Server Name
Enter the name of the server you are adding.
IP Address/Host
Enter the IP address or hostname of the server you are adding. If using a hostname: • The /etc/host file of the parent server (Global Manager or standalone server) must include the DNS names and IP addresses of its child
982
CONFIGURING AND MANAGING nGeniusONE servers (NewsStand, Standby, and Local Servers). • The /etc/host file of the child servers (NewsStand, Standby, and Local Servers) must include the DNS name and IP address of the parent server. Web Port
Default = 8080
User Name
Enter the user name of the user adding the server. Users assigned System or Network Administrator roles or possessing equivalent privileges can add servers.
Password
Enter the user password
Restart server after adding it
Select (default) to automatically restart the server after adding.
Important: If you modify the web port number, additional configurations are required. Adding a NewsStand Server Users assigned System or Network Administrator privileges can add one or more NewsStand Servers to either a Global Manager (in a distributed environment) or to a standalone nGeniusONE Server. You can add a NewsStand Server to only one parent server; however, one parent server can manage more than one NewsStand Server. Note that in a distributed environment, any server within the cluster (Global Manager and Local Servers) can deliver NewsPapers to any NewsStand Server. One NewsStand Server is included with nGenius software. Including NewsStand Servers in your environment can help maintain the security of your enterprise. For example, you can confine viewer access to NewsStand Servers located outside your firewall. Adding a server across a firewall the following:
When adding a NewsStand Server behind a firewall do
• Perform the configurations required when accessing the nGeniusONE Server across a firewall. Example: The Global Manager is behind a firewall with respect to the server being added. • Ensure that the server.autoRegister.userHostName property in the serverprivate.properties file (/rtm/bin) is set appropriately. o
o
Inside the firewall = true Outside the firewall = false (default)
• After setting the property, restart the server. Important: • When server.autoRegister.userHostName=true on any system, the /etc/hosts (Linux) or C:\WINDOWS\system32\drivers\etc\host (Windows) file on that system (in this case the Local Server) must list the hostname of the server outside the firewall. The 983
nGeniusONE 5.4.1 Online Help Topics hostname must be completely accurate, including case sensitivity. When adding a server across a firewall, you must specify the server hostname with correct case sensitivity. Ensure that a web connection to the server inside the firewall can be made from outside the firewall. To add a NewsStand Server: 1. From the Global Manager or standalone server Home page, launch Management.
Server
2. In the Servers pane, select the parent Global Manager or standalone nGeniusONE Server. 3. Click
Add Server.
4. From the drop-down menu, select NewsStand. 5. In the dialog box, enter a Server Name, Address/Host name, Web Port (default: 8080), User Name, and Password. Optionally, unclick the Restart server after adding it check box if you want to wait until starting the server manually. 6. Click OK to add the server. 7. Click OK. 8. In the Task Progress Report, click Details to view progress. This process can take several minutes. 9. The server restarts automatically. Viewing or Modifying General Information on the nGeniusONE Server
The General Information tab drill-down view from the Servers screen in Server Management displays specifics about a selected server. You can modify the: • Server Name • Web Port (default: 8080) • Note — Information you can add that is pertinent to the server. The following information displays but is not configurable: • Server Type — The type of nGeniusONE server. For example: Local • IP Address/Host — The IP Address or Host name of the nGeniusONE server • Status — The operational state of the nGeniusONE server. For example: UP [Synchronized] • Time Zone — The hour offset and time zone of the nGeniusONE server. For example: America/New_York • Version — The version and build numbers of the nGeniusONE server. For example: 5.3.0.0 [ Build 44 ] • Decode Version — The decode version and build numbers of the nGeniusONE server. For example: 14.5 [ Build 117 ]
984
CONFIGURING AND MANAGING nGeniusONE • Registry Port — The assigned registry port of the nGeniusONE server. Default: 1099 Removing a Server from nGeniusONE You can remove any node (Local Server, Standby Server, NewsStand Server) from the distributed cluster with the exception of the LocalServer that is installed on the Global Manager. (Dedicated Global Servers do not include a LocalServer.) You can also use this procedure to remove a Standby Server or a NewsStand Server from a standalone nGeniusONE Server. When you remove a parent node, all its child nodes are removed as well. For example, if you remove a Local Server to which a Standby Server has been added, both are removed. To remove a Local Server: 1. From the nGeniusONE Console, click the
Server Management icon.
2. Under the Servers tab, select the server you want to remove. 3. From the
Server Operations drop-down menu, click Delete.
4. Click Yes to confirm removal.
DNS Configuration Configuring a Domain Name System (DNS) Server in nGeniusONE DNS configuration is supported for Local and Standalone Servers (including the Local Server located on the Global Manager). By default, the nGeniusONE Server uses the first available Domain Name System (DNS) server on the network. Enterprises that experience a high volume of DNS resolution requests can improve performance significantly by enabling the custom DNS resolver feature. You can specify a primary custom DNS server for the Local Server to use. You can also specify a secondary DNS server to be used in the event the primary DNS server is unavailable. If you choose to specify both a primary and a secondary DNS server, you must additionally configure the conditions under which the server will switch from using the primary server to using the secondary server as follows: • Number of consecutive failures of the primary server • Number of seconds since the primary server was last successful If the secondary server is engaged because both of these parameters are met, and subsequently both of these parameters are met on the secondary server, the primary DNS server is re-engaged. You can configure DNS servers for Local Servers only (including the Local Server located on the Global Manager). DNS configuration is not supported for either NewsStand Servers or Standby Servers. To configure a DNS server(s): 1. Go to Server Management. 2. Click the Servers tab and select a local or standalone server from the configured list. Optionally, you can add a local server by clicking Add Server.
985
nGeniusONE 5.4.1 Online Help Topics 3. Go to the DNS Configuration tab and click the Use custom DNS resolver check box to enable configuration. Contact NetScout Customer Support for details on configuration and use. 4. Enter the IP address for the Primary Server. 5. (Optional) Enter an IP address for a Backup Server. 6. If you specify a secondary DNS server, you must additionally configure two parameters that determine the conditions under which the server will switch from using the primary server to using the secondary server: • In the Failover Attempts field, enter the number of consecutive failures required before the backup DNS server is used (default: 100). • In the Failover (seconds) field, enter the number of seconds required before the backup DNS server is used (default: 1800). Both conditions must be met to engage the backup DNS server. 7. Click OK. 8. Restart the server.
General Information Changing the Web Server Port or Host Name on nGeniusONE Modifying the Web server port or host name requires changes to the following: Parameter Web Server Port
Required Configurations • Enter the new port number in the Add Local Server dialog box • Modify the following files: o
pm_env.bat/sh
o
common.properties
o Host Name
httpd.conf
Modify the following files: • pm_env.bat/sh • httpd.conf • httpd-ssl.conff • common.properties • Windows only — Execute the InstallnGeniusService.bat file.
To change the Web Server Port or Host Name: 1. Stop the nGeniusONE Server. 2. Locate the files listed in the table below and back up each file before proceeding. 3. Modify the variables as required, saving and closing each file in turn. 986
CONFIGURING AND MANAGING nGeniusONE
File
Directory
Web Port
Host Name
Important: Search for each variable in the appropriate file. You must modify each occurrence of the noted variables. Windows — pm_env.bat
< nGeniusONE install> \ rtm\bin
Linux — pm_env.sh
< nGeniusONE install> /rtm/bin
httpd.conf
NSAPACHEPORT=
NSHOST=
< nGeniusONE install> /apache/conf
Listen
N/A
httpd-ssl.conf
< nGeniusONE install> /apache/conf/extra
N/A
N/A
common.properties
< nGeniusONE install> /config
webserverport=
N/A
Click here for instructions on how to modify webserverport or servername in common.properties. Note: As specified in the instructions, after modifying common.properties, you must execute the nGConfigSync utility to complete the modification. 4. Windows platforms only — Navigate to the /rtm/bin directory and execute the following file: InstallnGeniusService.bat 5. Restart the server. 6. Clear the Server_Map. 7. Web port, distributed environments only — Modify the Web Port in the Server Management GUI: a. In
Server Management, select the Servers tab.
b.Click the appropriate server. c. In the General Information tab, enter the new Web Port number. 8. Click OK. Specify the new host name and/or port number in the URL when you launch nGeniusONE Server. For example: http://:/
987
nGeniusONE 5.4.1 Online Help Topics
Email Settings Configuring Email Settings in nGeniusONE You can configure Email settings for alarms notification, and Email distribution of reports. Email notification and distribution is supported for standalone nGeniusONE Servers, NewsStand Servers, and Local Servers (including the Local Server located on the Global Manager). To configure Email settings: 1. Go to Server Management. 2. From the Servers tab, click the local server or NewsStand server for which you want to configure email settings. Note: Email configuration is not supported for backup servers or the Global Manager. 3. Click the Email Settings tab. 4. In the Outgoing SMTP Server field, enter your mail server IP Address or Host Name. 5. (Optional) Enter your User Name and Password. You must enter a username and password to enable Email delivery across SMTP domains. In addition, you must add the following property to the serverprivate.properties file: mail.smtp.auth=true Note: User Names and Passwords are mandatory only if the SMTP Server requires authentication, otherwise, these fields are optional. 6. (Optional) For Alarms only. Enter the Sender Email address (default: [email protected] ) 7. (Optional) For Alarms only. Click Enable Email Notification default).
Yes (selected by
Important: • When you create an alarm, you can select an option to have Email notifications sent for the alarm you are creating. However, you must also enable Email Notification in the Email Settings tab to enable Emailing the alarm. • To prevent duplicate Emails and alarms from being sent when alarm thresholds are crossed, do the following: o
Remove port 395 from the trap_port list on the probe
To prevent the server from sending duplicate Emails and alarms remove port 395 from the list of SNMP trap ports. To reset the SNMP trap port list: a. Log in to the Agent Configuration Utility and enter command-line mode. b. Enter option 11 (Enter Command-line mode) and press Enter.
988
CONFIGURING AND MANAGING nGeniusONE c. On the device command line, enter: % set trap_port 162 d. Enter quit to exit command line mode and return to the menu. e. Enter 12 to reset the device. f.
Enter exit to log out of the Remote Console.
o Modify serverprivate.properties file by adding the following property: globalsettings.netscout.trap.port=162 8. (Optional) For Alarm Email notifications only. Select Email Exclusion Start Time and End Time values from the drop-down menu. Configure an Email exclusion if there is a period when you do not want recipients to be notified. For example, you might want to start an exclusion at 8 p.m. and end the exclusion at 7 a.m. 9. (Optional) For Alarm Email notifications only. Enter up to four Email Addresses to which you want alarm notifications sent. 10. Click OK. You can click the Server Management Operations Progress button at the bottom of the screen for more information.
Database Management Understanding Databases (dbONE) Understanding the ASI Dataset in nGeniusONE nGeniusONE monitors utilize the latest update to NetScout’s Adaptive Session Intelligence (ASI) technology that provides data on network and server/application aspects of service delivery. Application protocols are tracked by specific message types and error codes to deliver detailed information on the performance and user experience of service and links. ASI is a coherent dataset that furnishes monitors with a correlated perspective on relevant metrics supporting contextual charts for the visual representation of data. All monitors include fixed key fields that vary based on the monitor, the selected interface, and other factors. For example, a monitored interface may be represented by a virtual interface such as site, VLAN, APN, QoS, VRF, Handset, Cell, and several others. These are location keys. Other fields also function as location keys, including: • Monitored Element • Application or Application: Message-ID • Server and Client Communities Location keys are integral to the data correlation unique to ASI. They provide rapid access to data housed in the ASI tables (described below) that are supported automatically when ASI features are enabled on the monitoring device. Client/Server/Key Performance Metrics Tables These tables provide the underlying data used to populate Discover My Network Monitor, Service Monitors, Network Management Monitors, Service Enablers, and other client/server
989
nGeniusONE 5.4.1 Online Help Topics or application- based monitoring modules. Refer to the Unified Communications documentation for peer-to-peer, media-based tables. • KSI (Key Server Indicators): Measurements of server throughput and related information. This is a collection of metrics for applications that are server based, such as HTTP and FTP (no peer-to-peer applications like RTP). The table collects metrics such as octets/packets to or from a server, number of new sessions, active sessions, connect time, and client connect time. Metrics are tracked over hourly and daily intervals. • KPI (Key Performance Indicators): These performance metrics are based on response times for application servers only; they are not based on application type. Metrics are tracked over hourly and daily intervals. • KEI (Key Error Indicators): This table is a record of exceptions, error codes, cause codes, and many TCP layer metrics when thresholds are exceeded. These exceptions are recorded for associated metrics collected in the ASI KPI table. This table augments the KSI table, providing error code classification of server-based applications over hourly and daily intervals. • Trans (KSI Transport): These data augment the KSI table to provide TCP-based metrics in monitors toggled to TCP Analysis view. On by default, this table includes a count of client and server network latencies, the minimum window size and ACK retransmissions for both client and server, and time and counts for server and client network latencies. Metrics are tracked over hourly and daily intervals. Traffic/Conversation Tables These tables provide the underlying data used to populate Traffic Monitors, support Search & Discover queries, and the Host Analysis Monitor. • KTI (Key Traffic Indicators): These volume metrics are used to monitor application throughput. All applications are tracked regardless of the type (server, client, peerto-peer) over hourly, daily, weekly and monthly intervals. • CONV (Conversation Tables): Provides correlated client/server-based records with general throughput metrics (octets and packets) and location keys for use in the Traffic Monitor Conversation views. Metrics are tracked over hourly and daily intervals. • HST/Host Activity (Host tables): Augments the Conversation table in support of the host search capability of nGeniusONE and the Host Activity module. This table records all addresses detected in five-minute periods, per physical interface, when corresponding packets are accounted for in the Conversation table. Metrics are tracked over hourly and daily intervals. • DISC (Port Discovery): The TCP/UDP/IP traffic occurring on server-based ports that does not match any of the defined and active applications in Global Settings is then classified as IP_Other. It is used to facilitate reduction of traffic classified in the IP_OTHER category. The server port number and a name, if available, are logged with ingress/egress packet and octet statistics in the following manner: o If the port is defined in Global Settings but the application is not enabled, the defined port/application is logged including an indicator that the application is already displayed.If no matching port is found in Global Settings but it matches an IANA application type, the port number and IANA label are logged.If neither of those conditions apply, the application and port number are used as the application name (for example, TCP-2043).
990
CONFIGURING AND MANAGING nGeniusONE
Up to 5,000 entries are maintained for this traffic, and reported in the Link (Traffic) Monitor for each ASI sample; the top 1,000 of these by volume are displayed in the Traffic Discovery tab of Global Settings. The Link Monitor is used only for analysis. To change whether an application is classified as IP_Other traffic, use the Traffic Discovery tab in Global Settings. Note that this table logs a subset of traffic that is categorized as IP_OTHER; heuristics are used to prevent false positive matches, so only server-based ports are matched. Metrics are tracked over hourly and daily intervals. More details are available in the Agent Administrator Guide. • Vital (Vital Signs): This table collects link layer traffic indicators for usage analysis of the monitored network. This logs metrics such as packet types (Unicast, Multicast, or Broadcast); packet size distribution; and physical link layer errors, such as CRCs and fragments. It also accounts for some internal packet processing issues such as drops and duplicate packets intentionally dropped with span duplicate heuristics. Metrics are tracked over hourly and daily intervals. Unified Communication Tables These tables specifically support RTP Monitor, and the UC Server features such as Call Search and Media Monitor. • UC-KPI (Unified Communications KPIs): These performance/quality and throughput metrics are specific to Voice/Video communications, such as stream counts, IP MOS, Packet Loss, and Jitter. This table is populated only when Protocol Options > Voice and Video Quality is enabled. Note, however that additional configuration is required to monitor these metrics which are displayed in the nGeniusONE RTP Monitor. This table is also used by the separately licensed nGeniusONE Media Monitor and Unified Communications Call Search application and associated Conversation View. Thresholds for this table are set in the Voice/Video tab of Global Settings. Metrics are tracked over hourly and daily intervals. • UC-Conv (Unified Communications Conversations): This table captures fully conversational records between communities of ingress and egress traffic and the amount of that traffic identified as problematic according to the network degradation metric in the UC-KPI table. These data are used by the UC Conversation View. Metrics are tracked over hourly and daily intervals. ASI Database Storage dbONE is a columnar-type database which contains contiguous disk blocks for multiple time intervals. dbONE's design incorporates: • flat binary files into date-based directories for easy administration and low-cost purging, • pre-allocation of a large space, providing a greater likelihood of avoiding disk fragmentation on the operating system and slower query performance, • flexible file organization where one file is assigned one InfiniStream interface or one file is assigned for all switches and routers, • reduced I/O wait time for improved system performance, and • smaller disk space requirements.
991
nGeniusONE 5.4.1 Online Help Topics • Additionally, while data is being written, it is compressed and stored; when it is being read, data is simultaneously decompressed. The end result is faster, more efficient compilation, storage, and classification of data. NetScout's NSASI2XLogger process polls and logs data from InfiniStream appliances that support NetScout's ASI MIB. ASI data is first stored in "raw", unorganized form at 5minute intervals then rolled up into "warehouse" tables by hourly and daily intervals within dbONE (KTI data is also saved in weekly and monthly tables). ASI raw flows and warehouse data are logged and organized by table type, IP address and interface of the monitoring device. Warehouse tables are labeled with the roll up period pre-pended to the table type, device IP and interface. For example, kpi-hourly-192.168.45.55-3. A separate Configuration database — PostgreSQL stores message logs, alarms, and configuration data. Table names are structured similar to dbONE as follows: tableType_DeviceIPAddress_InterfaceNumber In previous releases, raw application flows (CDM) at 1-minute resolution were stored in the CDMF Flow database while 15-minute roll up and warehouse data resided in a separate database. • Data resolution is based on 5-minute, hourly, daily, and weekly/monthly (KTI only) intervals depending on the corresponding table, as described below.5-minute resolution — applicable to kti-raw, kei-raw, ksi-app-raw, ksi-app-server, kpi-raw, kpi-app-message, uckpi-raw, portdiscovery-raw, vitalstats-raw, transport-raw, transport-app, transport-app-server, services, topnconv-raw, topnconvhost, and ucconv-raw tables. For example: kpi-raw-10_20_219_70-3 • Hourly resolution — applicable to kti-hourly, kei-hourly, ksi-app-hourly, ksi-appserver-hourly, kpi-hourly, kpi-app-message-hourly, uckpi-hourly, portdiscoveryhourly, vitalstats-hourly, transport-hourly, transport-app-server-hourly, transportapp-hourly, services-hourly, services-hourly, topnconv-hourly, topnconvhosthourly, and uc_conv-hourly tables. For example: kpi-hourly-10_20_219_70-3 • Daily resolution — applicable to kti-daily, kei-daily, ksi-app-daily, ksi-app-serverdaily, kpi-daily, kpi-app-message-daily, uckpi-daily, portdiscovery-daily, vitalstatsdaily, transport-daily, transport-app-daily, transport-app-server-daily, servicesdaily, services-daily, topnconv-daily, topnconvhost-daily, and ucconv-daily tables. For example: kpi-daily-10_20_219_70-3 • Weekly/monthly resolution — applicable to kti-weekly and kti-monthly tables. For example: kti-weekly-10_20_219_70-3 kti-monthly-10_20_219_70-3 Aging and Archiving By default, data ages out of the dbONE database in a specific number of days, which varies by data type. Data that has been aged out is no longer recoverable. You can modify the aging parameters.
992
CONFIGURING AND MANAGING nGeniusONE Note: Backup aging default values vary depending on the interval type you configured. They are described here. Locating Files By default, data is saved to the /rtm/database/dbone directory. Because database files can be large, you may want to save the files to an alternate location. Under the dbone directory, files are formatted as follows: • // For example, for the March 3, 2015 KTI-Daily record on interface 3 of the device at IP Address 10.20.160.113, the path and filename is: 2015-03-03/kti-daily/kti-daily-10_20_160_113-3.db1 Extracting Data The nGeniusOneDB process is available to extract data from dbONE. Refer to the Guide to Exporting ASI Data for more information. Additionally, you can use the nGenius Common Data Export utility to extract data from the CDM Flow database. There is no Data Access Kit support for the CDM Flow data. Backing up the Database You can back up ASI data either by schedule or on demand. If necessary you can restore the files in the database from the backup. Database Overview in nGeniusONE The nGeniusONE Server software utilizes two databases: • dbONE — ASI flows columnar database containing tables such as KEI, KTI, KSI, KPI, and others, that supersedes the CDM Flow database. CDM data is still stored in the Flow Database Server (FDS) which houses the CDM Flow database, used for preASI data • PostgreSQL — Configuration database containing message logs, alarms, and configuration data that replaces the Sybase database Managing Databases You can perform the following functions: • Modify Database Aging parameters • Modify the dbONE database location • Back up your databases • Restore databases from backup files Locating Databases By default, databases are located in the /rtm/database directory. Because database files can be large, you may want to save the files to an alternate location although this operation is not recommended. The database directory contains the following: • dbone directory — Under the dbone directory, data is organized in sub-folders according to date and data type. • postgresql files — Message logs, alarms, and configuration data
993
nGeniusONE 5.4.1 Online Help Topics Modifying Database Aging Parameters in nGeniusONE By default, ASI data ages out of the nGeniusONE databases in a specific number of days, which varies by data type. Data that has been aged out is no longer recoverable. Configuration data does not age out. You might want to age data out earlier if you log large quantities of data and are concerned about storage. You should exercise caution when modifying aging parameters to age data out later, because doing so affects available disk space. Always modify aging parameters with the assistance of customer support, taking into consideration the amount of disk space you have available and the rate of consumption within your environment. Note: Database aging and backup aging are configured globally for all servers in a distributed cluster.Exporting ASI Data If you want to analyze and report on ASI data using third-party tools, you can access the nGeniusOneDB process and PostgreSQL database. These tools provide users the means to read ASI data logged to the dbONE database using SQL statements. Refer to the Guide to Exporting ASI Data for more information. Modifying Database Aging Parameters To modify database aging parameters: 1. Launch Server Management. 2. From the Servers tab, click on the appropriate server and go to the Aging Parameters tab. 3. In the Main Server pane, enter the days for Raw (collected every 5 minutes), Hourly, Daily and Monthly tables. 4. In the Backup Location pane, check Enable Aging at Backup Location. 5. (Optional) To modify backup aging values, deselect Aging parameters on backup location are same as the main server. Modify individual backup aging values as required. 6. Modify aging values as required. 7. Click OK. Changing the dbONE Database Location By default, the dbONE database is saved to the /rtm/database/dbone directory. Because the database can be large, you might want to change the location to which it is saved. You can do so by adding the dbone.database.location parameter to the serverprivate.properties file. To change the location of the dbONE database: 1. Stop the nGeniusONE Server. 2. Navigate to the /rtm/bin directory. 3. Using a text editor, open the serverprivate.properties file. 4. Back up the file before you make any changes. 5. Add the following property: dbone.database.location= ../database
994
CONFIGURING AND MANAGING nGeniusONE By default, the dbone directory is located at /rtm/database/dbone, (hence, the default property of ../database).Modify the value of the property to reflect the absolute path to the location where you want to save the dbONE database. For example: dbone.database.location= ../database 6. Save and close the file. 7. Move the dbone folder from the default location to the new location. Restart the server.Backing Up the Database Database Backup for nGeniusONE — Overview NetScout Systems recommends that you back up your nGeniusONE database on a regular basis to prevent loss due to power outage, abnormal shutdown, disk or system failure, or other unpredictable events. • Writing Data to Disk • Types of Backup • Scheduling vs On Demand • dbONE Backup Location and Cleanup • Distributed Server Environment Writing Data to DiskThe nGeniusONE Server, by default, uploads all table data into a corresponding .dat file daily at 3 a.m. • Types of Backup Configuration backup — A configuration data backup saves configuration information, for example: devices, physical interfaces, Global Settings, , user preferences, custom protocols, and the db.properties file. Logged data is not backed up. By default, the system backs up the current configuration nightly (backups are not cumulative). Files are saved to: /rtm/database/config-backup • Full backup — A full backup saves both configuration information and logged dbONE data, including alarms, dbONE flows, Reports, and the db.properties file. NetScout Systems recommends that you perform a full database backup prior to performing a software upgrade. Scheduling vs On Demand Scheduling backups ensures that the backup occurs at a convenient time and on a regular basis. • Configuration backup — By default, a configuration backup is scheduled daily, starting at 3:00 a.m. with the following target location: /rtm/database/config-backup You can configure additional schedules, or modify the start time or target for the default backup. • Full backup — Scheduling a full backup automates the process of backing up valuable logged data and configurations. NetScout Systems recommends that you perform a full backup (Config and dbONE) of your database at least once a week. 995
nGeniusONE 5.4.1 Online Help Topics You can perform either type of backup on demand whenever the need arises (for example, prior to a software upgrade). Note: In the event of a database failure, the data restore method available to you is based on the type of backup you performed. dbONE Backup Location and Cleanup By default the dbONE database is backed up to the following location: /rtm/database/dbone You can change the default to another location on your system. Path requirements • Path must be accessible from the nGeniusONE Server. • The maximum length is 200 characters. • For UNIX platforms, ensure that the location you enter can be accessed by the nGeniusONE user and that the location you enter is owned by the user ngenius:ngenius with rwx permissions for user and group. • For Windows platforms, ensure that the location you enter can be accessed by the user, ngenius, with Full Control permissions for NTFS partitioning. If you need to purge backup files to conserve disk space, you can determine the oldest files by opening the dbone folder. Under the dbone directory, files are formatted as follows: • // For example, for the March 3, 2015 KTI-Daily record on interface 3 of the device at IP Address 10.20.160.113, the path and filename is: 2015-03-03/kti-daily/kti-daily-10_20_160_113-3.db1 Distributed Server Environment In a distributed server environment, you must back up the database for each Local Server individually (including the LocalServer located on the Global Manager). Database backup is not supported for Backup Servers. Performing Database Backups in nGeniusONE Use the following procedures to manage database backups. (Refer to Database Backup for nGeniusONE - Overview for information on database backups.) Accessing the Database Backup Module To access the Database Backup module, go to the Servers tab in Server Management, click on the appropriate server, and go to the Database Backups tab. Scheduling a Database Backup 1. From the Database Backup tab, click the Schedule Backup button
.
2. In the Add Backup Configuration dialog box, select a backup type (Full or Config) from the drop-down list. A Full backup includes both configuration data and logged data. 3. Configure the backup details. 4. Click OK. The Backup Schedules list displays the newly scheduled backup.
996
CONFIGURING AND MANAGING nGeniusONE Modifying a Database Backup From the Database Backups tab, check the scheduled backup, and click the Edit Scheduled Backup button , modify the backup details as appropriate, and click OK. Deleting a Database Backup From the Database Backups tab, check the scheduled backup, click the delete button
.
Performing a Database Backup on Demand You can back up your database on demand. For example, if you are upgrading to the next software version, you can back up your database prior to the upgrade. • You can perform one on demand backup at a time. You can perform another on demand backup when the first one completes. If a scheduled backup is running at the time you request an on demand backup, the on demand backup begins once the scheduled backup completes. Choosing a backup location To back up your database on demand: 1. From the Database Backups, click Backup Now
.
2. In the On Demand Backup Configuration dialog box, select a Full or Config backup type from the drop-down list. A Full backup includes both configuration data and logged (dbONE) data. 3. Click Specify Path to the backup destination directory. The location you enter must be accessible from the nGeniusONE Server. Path requirements • Path must be accessible from the nGeniusONE Server. • The maximum length is 200 characters. • Linux platforms — Ensure that the location you enter can be accessed by the nGeniusONE user and that the location you enter is owned by the user ngenius:ngenius with rwx permissions for user and group. o Windows platforms Destination folder must be accessible to user with Full Control permissions for NTFS partitioning. o When backing up to a Windows network drive, do NOT use a mapped network drive letter in the path name. You must use the full UNC path name. For example: \\MyServer\myshare\ Note: The double back slashes at the beginning of the path and the trailing backslash at the end are required. 7. Click OK to perform the backup. The message "On demand backup requested" appears at the bottom of the screen. If you open the Server Management > Deployment > Activity Logs screen, you will see the same message logged, as shown in the example below.
Tip: You can also view updated messages about scheduled backups in the Activity Log.Backing Up the nGeniusONE Database to a Network File System (LINUX)
997
nGeniusONE 5.4.1 Online Help Topics To preserve disk space on your nGeniusONE Server system, you can store the backup files on a different system. Use this procedure to back up files on LINUX platforms.To back up files to a network file system: 1. From the destination system, do the following: a. Create an "ngenius" group with the same Group ID (GID) as the ngenius group that resides on the standalone or local nGeniusONE Server. b. Create an "ngenius" user with the same User ID (UID) and GID as the ngenius user that resides on the standalone or local nGeniusONE Server. c. Create a destination directory. This directory will be used to store the database backup files. d. Change ownership to the user ngenius: ngenius. e. Share the destination directory. 2. From the nGeniusONE Server system, do the following: a. Mount the Network File System share. b. Perform the backup. Backup Schedule for nGeniusONE Setting
Action
Backup type
Select Config (default) or Full.
Frequenc Select Weekly or Daily. y Day
For weekly backups, select a day of the week.
Time
Enter or scroll to the time you want the backup to commence using 24-hour clock format. (For example, enter 7 p.m. would be entered as 19:00:00.) Note: The time of the backup is based on the time zone for which the server being backed up is configured. For example, if you are accessing the server from a client in Boston and scheduling a database backup for a server in San Diego, the backup is scheduled based on Pacific Standard Time.
Specify path
Enter the full path to the backup destination directory. The location you enter must be accessible from the nGeniusONE Server. Path requirements. • Path must be accessible from the nGeniusONE Server. • The maximum length is 200 characters. • UNIX platforms — Ensure that the location you enter can be accessed by the nGeniusONE user and that the location you enter is owned by the user ngenius:ngenius with rwx permissions for user and group. o Windows platforms Destination folder must be accessible to user with Full Control permissions for NTFS partitioning. o When backing up to a Windows network drive, do NOT use a mapped network drive letter in the path name. You must use the full UNC path name. For example: \\MyServer\myshare\ Note: The double backslashes at the beginning of the path and the
998
CONFIGURING AND MANAGING nGeniusONE trailing backslash at the end are required.
Aging and Archiving Modifying Database Aging Parameters in nGeniusONE By default, ASI data ages out of the nGeniusONE databases in a specific number of days, which varies by data type. Data that has been aged out is no longer recoverable. Configuration data does not age out. You might want to age data out earlier if you log large quantities of data and are concerned about storage. You should exercise caution when modifying aging parameters to age data out later, because doing so affects available disk space. Always modify aging parameters with the assistance of customer support, taking into consideration the amount of disk space you have available and the rate of consumption within your environment. Note: Database aging and backup aging are configured globally for all servers in a distributed cluster.Exporting ASI Data If you want to analyze and report on ASI data using third-party tools, you can access the nGeniusOneDB process and PostgreSQL database. These tools provide users the means to read ASI data logged to the dbONE database using SQL statements. Refer to the Guide to Exporting ASI Data for more information. Modifying Database Aging Parameters To modify database aging parameters: 1. Launch Server Management. 2. From the Servers tab, click on the appropriate server and go to the Aging Parameters tab. 3. In the Main Server pane, enter the days for Raw (collected every 5 minutes), Hourly, Daily and Monthly tables. 4. In the Backup Location pane, check Enable Aging at Backup Location. 5. (Optional) To modify backup aging values, deselect Aging parameters on backup location are same as the main server. Modify individual backup aging values as required. 6. Modify aging values as required.
999
nGeniusONE 5.4.1 Online Help Topics 7. Click OK. Enabling Database Backup Aging in nGeniusONE Aging out dbONE database backup files is disabled by default. When enabled, backup files age out immediately after dbONE database aging completes. (By default, dbONE database aging begins at 6:05 AM Server time). Default settings for database backup aging properties are identical to those for database aging properties. (If you modify a setting in the Main Server tab, the setting automatically updates in the Backup Location tab.) NetScout Systems recommends that you keep the backup aging parameters identical to the Aging parameters. If you want to change the backup aging parameters (particularly if you choose to extend the interval) you may want to contact NetScout Customer Support for assistance in configuring values that are appropriate for your enterprise. Note: Database aging and backup aging are configured globally for all servers in a distributed cluster. To enable database backup aging parameters: 1. Launch
Server Management.
2. From the Servers tab, double-click the appropriate server. 3. Click Aging Parameters. 4. Click Enable Aging at Backup Location. 5. (Optional) To modify backup aging values, deselect Aging parameters on backup location are same as the main server. Modify individual backup aging values as required. 6. Click OK. CDM Flow Database Archiving — Overview You can enable CDM Flow Database archiving for any flow, for any aggregation type. Archived data is stored in compressed form and can be retrieved and viewed in nGenius Server. Data retrieval may take some additional time while the data is uncompressed. For each data type, there is an associated archiving interval (always shorter than the aging interval.) At a specified time each day (by default, 6:25 a.m.), the archiving service converts each *.cdmf file into a corresponding compressed file (*.cdmf.arch). Default archiving intervals are based on expected database size projections; however, you can modify the CDM Flow Database archiving intervals based on your disk usage and response time requirements. Aging/Backup Aging Defaults in nGeniusONE Understanding the dbONE Database Note: Database aging is on by default.
1000
CONFIGURING AND MANAGING nGeniusONE
Default Aging (Days) Table Name
Raw
Hourly Warehouse
Daily Warehouse
Monthly Warehouse
KTI (Key Traffic Indicator)
14
30
90
180
KPI (Key Performance Indicator)
14
30
90
n/a
KSI (Key Server Indicator)
14
30
90
n/a
KEI (Key Error Indicator)
14
30
UC KPI (Unified Communications KPI)
14
30
PortDiscovery(DISC)
14
UC-Conv(ersation)
14
VitalStats
14
Services
14
Transport
14
Application Services
14
Network Domains
14
UC Services
14
Handset
14
Message Logs
14
NetWorkService
14
SystemAlerts
14
TopNConv(ersation)
14
HostActivity
14
Aging Parameters in nGeniusONE The following aging parameters pertain to nGeniusONE installations. Main Server section
1001
nGeniusONE 5.4.1 Online Help Topics • Aging start daily at 6:05 AM (default). • Default Aging Interval (days) Backup Location section • Enable Aging at Backup Location — Click this check box to enable aging on the backup server. • Aging parameters on backup location are same as the main server — Click this check box to make backup aging parameters identical to main server aging parameters. • Deselect this check box if you want to modify the default values. • The backup aging default value is 10 days, weeks, or months, depending on the interval type you configured. • Default Aging Interval (days) Restoring Databases Recovering and Restoring Data in nGeniusONE In the event that your database abnormally terminates, database recovery automatically begins when the nGeniusONE Server is restarted. This process can take a few minutes or a number of hours depending on the size of your database or database transaction log, and the severity of the abnormal shutdown. If you experience problems with your database, contact Customer Support for assistance in determining whether the database is in recovery and resolving the problem, or whether you need to restore data from backups. Important: Because a database failure can result from disk-related errors, verify that the system disk has no errors prior to restarting the nGeniusONE Server. You can restore: • The data and configuration settings from a full backup Configuration settings from a configuration backup Restoring the dbONE Database in nGeniusONE If necessary, you can restore the files in the dbONE database from backup files. You might need to restore your database from a backup if you want to retrieve data that previously aged out or if the database is corrupted. To restore aged-out data, copy the dbone folder from the backup location to the database location. By default, the database is located at: /rtm/database/ directory. When the copy operations informs you that data already exists, do not opt to overwrite the existing folder. Use the following procedures to restore your database if it becomes corrupted. Windows 1. Perform a database backup to ensure that you can restore the most recently logged data. 2. Stop the Global Manager or standalone nGeniusONE Server if it is running. Ensure that all nGenius processes have stopped.
1002
CONFIGURING AND MANAGING nGeniusONE 3. Navigate to the database location, by default: \rtm\database 4. Copy the dbone folder and contents to a different location. 5. Navigate to the location where you saved your backup of the dbone data. 6. Copy the dbone folder to \rtm\database. 7. Start the nGeniusONE Server. LINUX 1. Perform a database backup to ensure that you can restore the most recently logged data. 2. Stop the Global Manager or standalone nGeniusONE Server if it is running. Ensure that all nGenius processes have stopped. 3. Navigate to the database location, by default: |