Netscout nGenius One Admin Guide

NetScout® Online Help for nGeniusONE v5.4.1 733-0744 Rev. A August 2015

NetScout® Systems, Inc. Westford, MA 01886 Telephone: 978.614.4000 Fax: 978.614.4004 Web: http://www.netscout.com

1

nGeniusONE 5.4.1 Online Help Topics

Use of this product is subject to the NetScout Systems, Inc. (“NetScout”) End User License Agreement that accompanies the product at the time of shipment or, if applicable, the legal agreement executed by and between NetScout and the authorized end user of this product ("Agreement") Government Use and Notice of Restricted Rights: In U.S. government ("Government") contracts or subcontracts, Customer will provide that the Products and Documentation, including any technical data (collectively "Materials"), sold or delivered pursuant to this Agreement for Government use are commercial as defined in Federal Acquisition Regulation ("FAR") 2.101 and any supplement and further is provided with RESTRICTED RIGHTS. All Materials were fully developed at private expense. Use, duplication, release, modification, transfer, or disclosure ("Use") of the Materials is restricted by the terms of this Agreement and further restricted in accordance with FAR 52.227-14 for civilian Government agency purposes and 252.227-7015 of the Defense Federal Acquisition Regulations Supplement ("DFARS") for military Government agency purposes, or the similar acquisition regulations of other applicable Government organizations, as applicable and amended. The Use of Materials is restricted by the terms of this Agreement, and, in accordance with DFARS Section 227.7202 and FAR Section 12.212, is further restricted in accordance with the terms of NetScout's commercial End User License Agreement. All other Use is prohibited, except as described herein. This Product may contain third-party technology. NetScout may license such third-party technology and documentation ("Third-Party Materials") for use with the Product only. In the event the Product contains Third-Party Materials, or in the event you have the option to use the Product in conjunction with Third-Party Materials (as identified by NetScout in the applicable Documentation), then such third-party materials are provided or accessible subject to the applicable third-party terms and conditions contained in the “Read Me” or “About” file located on the Application CD for this Product. To the extent the Product includes Third-Party Materials licensed to NetScout by third parties, those third parties are third-party beneficiaries of, and may enforce, the applicable provisions of such third-party terms and conditions. Open-Source Software Acknowledgement: This product may incorporate open-source components that are governed by the GNU General Public License ("GPL"). In accordance with the terms of the GNU GPL, NetScout will make available a complete, machine-readable copy of the source code components of this product covered by the GNU GPL, if any, upon receipt of a written request. Please identify the product and send a request to: NetScout Systems, Inc. GNU GPL Source Code Request 310 Littleton Road Westford, MA 01886 Attn: Legal Department Trademark and copyright notices: © 2015 NetScout Systems, Inc. All rights reserved. NetScout, nGenius, nGeniusONE, InfiniStream, Psytechnics, Simena, and Sniffer are registered trademarks; and ASI, Fox Replay, Guardians of the Connected World, Hyperlock, the NetScout logo, the Psytechnics logo, and Teststream are trademarks; and MasterCare and ServiceONE are a service mark

2

nGenius Online Help of NetScout Systems, Inc. and/or its affiliates in the United States and/or other countries (“NetScout”). All other brands and product names and registered and unregistered trademarks are the sole property of their respective owners. Dell, the DELL logo, and PowerEdge are trademarks of Dell Inc. Microsoft, Windows, Windows Server, and MS-DOS are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. Red Hat and Enterprise Linux are registered trademarks of Red Hat, Inc. in the United States and other countries. VMware and vSphere are registered trademarks or trademarks (the “Marks”) of VMware, Inc. in the United States and/or other jurisdictions. Citrix and XenServer are trademarks of Citrix Systems, Inc. and/or more of its subsidiaries, and may be registered in the United States Patent and Trademark Office and in other countries. Sun and Solaris are trademarks of Sun Microsystems, Inc. or its subsidiaries in the United States and other countries. NetScout Systems, Inc. disclaims any proprietary interest in trademarks and trade names other than its own. NetScout reserves the right, at its sole discretion, to make changes at any time in its technical information, specifications, service, and support programs.

NetScout Systems Online Help for nGeniusONE 5.4.1 733-0744 Rev. A Copyright 2015 NetScout Systems, Inc. All rights reserved.

3

nGeniusONE 5.4.1 Online Help Topics

About This Guide NetScout software includes a comprehensive collection of online help topics, which you can launch from within the applications. This guide combines the help topics into a single PDF document that can be searched and printed easily. The content includes topics for nGeniusONE applications, instrumentation, and commandline utilities. Information for the following is included: •

Monitoring Performance and Health

•

Troubleshooting

•

Configuring and Managing

•

Using Command Line Utilities

•

Configuring Instrumentation

•

Accessing Information Resources

Note: Internal cross-references between topics within each of the above modules are configured as hyperlinks. In some cases, the hyperlinks in this print version of the help may not function. If needed, enter keywords in the PDF Find box to search the entire document for the required text.

4

GETTING STARTED Using the nGeniusONE Console Overview of the nGeniusONE Console The nGeniusONE Console provides a centralized launch point for NetScout Systems software modules. Numerous navigation features and resources, described below, are available to help you access the software.

Main Window The main window of the nGeniusONE Console is displayed when you click the Console icon . The window is divided into two panels. When first logging in, the initial view displays the customizable upper panel where you can pin icons for frequently used nGeniusONE modules. The lower panel, which you can open and close, contains icons and launch points for all licensed nGeniusONE modules accessible to you based on your user role privileges.

Launch Panels You can launch modules from both the upper and lower panels of the Console. When a module is running inside the main browser window, its icon is displayed and the module can be closed in the upper panel. Additionally, the module with current focus is highlighted. In the example below, the Alert Browser and Service Dashboard are running and the Service

5

nGeniusONE 5.4.1 Online Help Topics Dashboard has focus. If you launch modules outside of the nGeniusONE window, their icons will not be displayed or highlighted in the pane (see below for additional information about external launch).

Modules in the upper panel are "pinned," either by default or by your action in the lower panel. Clicking the pin next to these modules removes them from the upper panel. If the number of module icons exceeds the available space, they are displayed on another page. You can click the paging controls to navigate between multiple pages. Each module is launched in a separate tab in the main window. If the number of module tabs exceeds the space available in the window, a container icon is displayed in the tab bar. Clicking this icon opens a separate pane where you can view icons for all running modules.

The lower panel contains the complete collection of licensed nGeniusONE modules that are available to you based on your user privileges. Modules are grouped into categories for Monitor, Troubleshoot, Configure, and View. Some features are further grouped into components, such as Service Monitors and Health. Expand these components to access their individual entries. You can launch modules directly from the lower panel, and also pin or unpin the modules you want added or removed in the upper panel.

6

GETTING STARTED

Header Controls

The top of the nGeniusONE Console provides controls for global functions. Moving from left to right, the following controls are available: The launch button next to the nGeniusONE logo acts as a toggle between the Console launch panels and other open module windows. Module tabs

Search & Discover

If modules have been opened, their tabs are displayed and you can select or close them. This icon opens a text box where you can search for a server IP address, retrieve interfaces and applications associated with the server, and launch Service Monitors with the corresponding context. Refer to Search & Discover Tool in nGeniusONE for additional details.

7

nGeniusONE 5.4.1 Online Help Topics

Settings menu

This icon opens a dialog box where you can access the following tasks and features: •

External launch — By default nGeniusONE modules open as separate tabs in the main browser window. When the External launch option is selected, modules open in separate browser windows. After enabling external launch, when you select a task, the module opens as a child window with browser controls removed.

•

Note: External launch is not supported with IE9. When you log out from nGeniusONE, all externally launched modules are simultaneously closed.

•

Search modules

•

Preferences — Provides options for setting display preferences, such as time zones and naming conventions.

•

Launch UMC — Opens the nGenius Unified Management Console for access to legacy applications and components.

•

Help — Opens the online help for all nGeniusONE applications and components.

•

About — Displays the version and build number for the connected nGeniusONE Server.

•

Logout — Enables you to exit or log in as an alternate user. Logging out of the nGeniusONE Console closes all module windows that have been opened separately.

Enter text to display all modules with names that match the search text. Close all modules that have been opened.

Close running modules

nGeniusONE Preference Settings Preference settings are available from the Settings menu in the nGeniusONE Console.

12

GETTING STARTED

These settings enable each individual user to specify certain preferences to apply during their use of supported application modules. For example, a user can set a time zone preference and see that time zone in generated reports. Note: The nGeniusONE preferences are not applied to scheduled reports sent as PDF/RTF/CSV email attachments. This type of report uses default system preferences. Individuals must have the Preferences Configuration user privilege to modify these preferences. By default, this privilege is assigned to all predefined user roles. After making a preference change, you might need to wait up to 1 minute, then refresh or relaunch a module to see the updated setting. If you want to reset modified values to factory settings, click the Restore Defaults button. This action resets all values except for the time zone. To undo a time zone selection, select a different time zone. In a distributed environment, specify preferences on the Global Manager server. Your selections are automatically applied to all Local Servers in the cluster. Updating the Global Manager and Local Servers can take up to one minute. The Preferences dialog box enables settings for two parameters: View Settings and Time Zones •

View settings — Each user can set global preferences to be used as defaults for various view options. Select preference options and click OK. Setting Interface/Device Description

Option Description • • •

Name (default if a hostname is available) (IP) Address (default if no hostname is available) Alias (a configured alternate name)

13

nGeniusONE 5.4.1 Online Help Topics

Host Description

• • •

•

Name with domain (default if a hostname is available) (IP) Address (default if no hostname is available) Name (hostname) only

Application Description

• • •

Short name (default) Long name Port (to display the application short name plus the port used)

Cell Site Description (for Service Provider business type)

• •

Name (default) ID

Time zones — Each user can set a preferred time zone to be displayed in all nGeniusONE views. Select one time zone and click OK. When selecting a time zone for a client system, it is generally recommended that you select a specific time zone instead of the "Client Timezone" setting.

Overviews of nGeniusONE Modules Monitoring Modules The modules listed below are available in the MONITOR group in the lower panel of the nGeniusONE Console. Follow the links to access additional information for each module. •

Service Dashboard: Use the nGeniusONE Service Dashboards to monitor current health and conditions of services, service domains, and network domains, and optionally drill into Troubleshooting tools.

•

Alert Browser: View service or device alerts to identify the alert source, originating server, time/date, and other details needed to triage performance anomalies.

•

Health: Use these tools to obtain an at-a-glance view of health within the last 24 hour period for data sources and servers associated with this nGeniusONE server, including status and assorted details.

Related Topics The following topics may also be useful with monitoring efforts:

14

•

Using Search & Discover

•

Monitoring with Dashboard Spaces

•

Overview of Service and Traffic Monitors

GETTING STARTED •

Using the nGenius Unified Communications Server Features

Troubleshooting Modules The modules listed below are available in the TROUBLESHOOT group in the lower panel of the nGeniusONE Console. Follow the links to access additional information for each module. •

Discover My Network: Access an overall view of activity on the network, useful for monitoring load and failures using metrics and charts illustrating for transactions, throughput, TCP windows, and volume/packet counts.

•

Service Enablers / Service Monitors / Network Management Monitors: Use a specific monitor with pre-defined collections of protocols and specialized metrics suited to analyzing the relevant function. Use tools within the monitors to perform further triage, when applicable, including analysis of TCP layer details or drill down to Session Analysis for evaluating correlated session activity. If needed, you can further dive into packets for granular analysis.

•

Traffic Monitors: Use these monitors to view link health, based on specific indicators and identify anomalous conditions affecting network performance such unexpected/unidentified application traffic, behavior of specific applications / application groups, or application behavior in certain network locations. Further analyze conversation activity between source and destination pairs.

•

Packet Analysis: Use these tools (Data Mining and Trace Archive) to perform deepdive, protocol-level analysis and forensic evidence collection using real-time data captures and historical data mining, or by saving trace files for future decode analysis.

•

UC Server (Call Search/Media Monitor): For environments with Unified Communication (UC) tools deployed, use the features of the UC Server solution to troubleshoot issues with audio and video streams and associated signaling for Voice or Video traffic over IP.

Related Topics The following topics may also be useful with troubleshooting efforts: •

Using Search & Discover

Configuration Modules The modules listed below are available in the CONFIGURE group in the lower panel of the nGeniusONE Console. Follow the links to access additional information for each module. •

Devices: Add or modify InfiniStream appliances and other data sources or instrumentation, and manage monitored element groups.

•

Services: Manage definitions for application or network-based services for use in Service Monitors, Reporting, and the Service Dashboard.

•

Global Settings: Configure and view monitoring settings for your deployment including defining communities, configuring applications and messages, and assorted thresholds.

15

nGeniusONE 5.4.1 Online Help Topics •

Reports: Create and manage reports for troubleshooting and sharing information with others on a regular basis.

•

Servers: Perform essential server maintenance and configuration, including adding servers managed by this server and managing users.

Related Topics The following topics may also be useful with configuration efforts: •

User Management

•

Dashboard Spaces Configuration

•

Monitor Requirements

View Modules The module listed below is available in the VIEW group in the lower panel of the nGeniusONE Console. Follow the link to access additional information. •

My Reports

Related Topics Additional details about nGeniusONE reporting features are available in: •

Using the Report Configuration Tool

•

Overview of nGeniusONE Reports

Search & Discover Module Search & Discover is a tool available in the header of all nGeniusONE modules that supports global queries to discover all possible associations for searched context. Follow the links to access additional information about this tool. •

Search & Discover Tool in nGeniusONE - Overview

•

Using Search & Discover

Related Topics The following topics may also be useful when using Search & Discover:

16

•

Overview of Monitors

•

Host Analysis Monitor

GETTING STARTED

Accessing Features and Tools Browsing to an nGenius Server The easiest way to access nGenius features and tools from client machines is by using a web browser to navigate to the server on which the nGenius software is installed. Browsing to Multiple nGenius Servers You can browse to more than one nGenius Server with supported web browser and operating system combinations unless you are using Firefox as your web browser. Browsing to more than one nGenius Server is not supported using Firefox regardless of the operating system you are using. Also, browsing to more than one nGenius Server is only supported when you launch a separate browser instance, and therefore have a separate browser process running for each nGenius Server to which you are browsing. For example, using Internet Explorer on a Windows system, when logged in to an nGenius Console, you can browse to another nGenius Server if you begin by launching a second Internet Explorer instance, either from the Start menu or by clicking the Internet Explorer icon. When you are logged in to an nGenius Server, there is no support for browsing to another nGenius Server by selecting File > New Window from the browser menu, and entering the URL of another nGenius Server. With this method you are browsing to another location with only one browser process running, which is not supported. In Windows, you can determine how many browser processes are running by opening the Task Manager and selecting the Processes tab. The browser process, for example ieexplore.exe, is listed for each browser instance you are running. For nGenius features to function properly, if you are browsing to two nGenius Servers, you must have two browser processes running. Additional information for nGeniusONE users is available in the topic on Browser Considerations. To access an nGenius Server using the nGenius Performance Manager Client, refer to Launching the nGenius Performance Manager Client Application.

Browser Considerations Certain nGenius modules are HTML-driven. To ensure optimal results, keep in mind the following considerations: Clearing the cache Clear your browser cache: •

After the nGenius Server has been upgraded

•

After changing configurations such as user roles/privileges, or business types

Note: In some cases after clearing the cache, icons are not fully displayed in the nGeniusONE Console. To correct this problem, resize the window or log out and log in. Zooming in or out When using a browser's zooming function (Ctrl + or Ctrl -) to enlarge or minimize screens, zooming excessively from the default size can impair the screen layout. For example, table

17

nGeniusONE 5.4.1 Online Help Topics columns, rows, or scroll bars can be cut off, and toolbar or other icons may not be visible. If these problems occur, reset the browser to default resolution. Viewing the online help Occasional problems might occur when using the Firefox or Internet Explorer (IE) browsers to view the nGeniusONE online help. Mozilla Firefox When viewing online help in older versions of Firefox, you may notice that the help pages do not finish loading and that the browser Back, Forward, and Stop buttons do not function correctly. To correct this problem, configure Firefox to open pages in a new window and, after opening the online help, press your keyboard's Esc button to stop the page loading process. For example, to view the online help from the Home page: 1. Click the Help link on the left side of the Home page. 2. Click the Contents link to open the help navigation panes. 3. Press the Esc button to stop page loading. After performing these steps, the navigation buttons function properly. If you continue to experience problems navigating in Firefox, you may use the Internet Explorer browser. Microsoft Internet Explorer When using Internet Explorer (IE), you may receive Javascript and active-content error messages when you attempt to launch the online help. To address these messages, you can do either of the following: •

Temporarily enable Javascript and active content by clicking the IE information bar each time you open the online help, or

•

Permanently set permissions and prevent future security warnings by using the following procedure: 1. In Internet Explorer, click Tools > Internet Options. 2. Click Advanced. 3. Under Security, select Allow active content to run in files on My Computer. 4. Under Browsing, select Disable Script Debugging (Internet Explorer) and Disable Script Debugging (Other). 5. Click OK.

18

GETTING STARTED

Administrator Quick Start Configuration Essentials Administrators can set up the nGeniusONE software by performing the following tasks: Note: This sequence assumes that you have already installed and configured supported data sources (nGenius InfiniStream appliances, nGenius Collectors, switches, routers, and MIB II devices). Refer to the device documentation for additional information. 1. Add and configure devices. 2. Specify addresses or address ranges for focused monitoring (My Network and Communities). 3. Manage users (Users, Roles, Groups and Authentication). 4. Enable applications for monitoring. 5. Create interface groups. 6. Create services for monitoring and reporting. 7. Configure data for specialized and customized monitors. 8. (Optional) Create reports for troubleshooting and sharing information with others on a regular basis. 9. Manage the nGenius Server environment.

Administering the nGeniusONE Server Configure and manage features of your nGeniusONE deployment using the following modules: •

Configure monitoring settings (Global Settings): Configure and view monitoring settings for your deployment including defining communities, configuring applications and messages, and assorted thresholds.

•

Add and manage servers (Server Management): Perform essential server maintenance and configuration, including adding servers (NewsStand, Standby, Associated, Local) managed by this server.

•

Add and manage users (Server Management): Add and modify users, user groups, and user roles and activity.

•

View and configure server settings (Server Management): Perform software updates, join the nGenius Deployment Database, add and modify authentication servers, add and modify exclusions.

•

View deployment details (Server Management): View session statistics, activity logs, and user deployment information.

•

Manage data sources (Device Management): Add or modify InfiniStream appliances and other data sources or instrumentation, and manage monitored element groups.

•

Configure or modify services (Service Configuration): Manage definitions for application or network-based services for use in Service Monitors, Reporting, and the Service Dashboard.

19

nGeniusONE 5.4.1 Online Help Topics •

Create, view, and manage Spaces (Spaces Configuration): Modify Dashboard Spaces to customize the data displayed in the views.

•

Verify requirements for Monitors (Service/Traffic Monitors): In addition to the above configuration of servers, applications, and devices on the nGeniusONE Server, ensure the monitoring data sources are configured appropriately for detecting the required traffic type.

•

Create and view reports (Report Configuration): Manage reports for troubleshooting and sharing information with others on a regular basis.

Enabling a Login Security Message This topic describes how to enable a dialog box to display when users first log in to nGeniusONE version 5.1.1 or later. After enabling this dialog box, users must agree to specified consent terms before they can access the nGeniusONE software. You can use the default dialog box message provided or enter your own text. The dialog content can also be localized. To enable or customize the consent dialog box, modify files as follows: 1. Open /rtm/html/umcclient.properties with any text editor. If you plan to add translations for Japanese, Korean, and Chinese, the text editor must support both the double-byte characters of these languages and the UTF-8 encoding of the properties file itself. 2. The security message is off by default. Enable the consent dialog box by locating the showConfirm= key in umcclient.properties and specifying its value as true. When enabled, the dialog box with default text strings and graphic resembles the screen below. Users can move and resize the box in their browser windows.

3. Customize the title of the dialog box by entering your preferred text for the confirmTitle= key in umcclient.properties. To enable Japanese, Korean, or Chinese versions of the title, modify confirmTitle_ja_JP, confirmTitle_ko_KR, or confirmTitle_zh_CN. 4. Customize the dialog box message by entering your preferred text for the confirmMessage= key in umcclient.properties.

20

GETTING STARTED To enable Japanese, Korean, or Chinese versions of the message, modify confirmMessage_ja_JP, confirmMessage_ko_KR, or confirmMessage_zh_CN. 5. Customize the dialog box button by entering your preferred text for the confirmButton= key in umcclient.properties. To enable Japanese, Korean, or Chinese versions of the button text, modify confirmButton_ja_JP, confirmButton_ko_KR, or confirmButton_zh_CN. 6. Customize the dialog box width by adding the following key and your preferred width (in pixels) in umcclient.properties: confirmDefaultWidth= nnn (The default width is 350 pixels. Users with long security messages may use this key to modify the dialog box dimensions.) 7. Save and close umcclient.properties. 8. (Optional) Replace the background image for the dialog box title with your own graphic as follows: a. Format your graphic as a .PNG file and name it: CompanyLogo.png. b. Size the graphic to be 640x71 pixels for best results. If necessary, you can adjust the graphic size; for example, to accommodate a lengthy login statement. The graphic is anchored at the top left corner of the dialog box. c. Place the file in the following folder (overwriting the default version): /tomcat/content/webapps/common/assets d. Clear your browser cache and refresh the browser. After updates are complete, the nGeniusONE Server does not need to be restarted. However, a browser refresh may be necessary to see the consent dialog box with the specified strings. In a distributed server environment in which all users log in through the Global Manager server, only the Global Manager needs to have the customized umcclient.properties and CompanyLogo.png. If users log in through a local server, that server also needs the customized files.

21

nGeniusONE 5.4.1 Online Help Topics

End-User Quick Start Using nGeniusONE to Monitor Performance and Health Monitor performance and health using the following nGeniusONE modules and features: •

Monitoring Services and Network Domains (Dashboards): Monitor current health and conditions of services, service domains, and network domains, and optionally drill into Troubleshooting tools.

•

Working with Alerts: Use the Alert Browser to view service or device alerts, identify the alert source, and assess other details to triage performance anomalies. Use the Health modules to view server and device hardware alerts.

•

Monitoring Server and Device Health: Use these modules for at-a-glance views of server or data source health within the last 24 hour period.

Related Topics: The following topics may also be useful with monitoring efforts. •

Using Search & Discover

•

Monitoring with Dashboard Spaces

•

Troubleshooting with Monitors: Service, Network Management and Traffic

Using nGeniusONE to Troubleshoot Issues Isolate the root causes of problems and target solutions using the following nGeniusONE modules: •

Discover My Network: Access an overall view of activity on the network, useful for monitoring load and failures using metrics and charts illustrating for transactions, throughput, TCP windows, and volume/packet counts.

•

Isolating Details using Monitors: Use business-specific and protocol-specific monitors, including Traffic Monitors, specialized Service Monitors, Network Management Monitors, and Enablers, to analyze application, server, and network performance affecting the user experience.

•

Performing Forensics using Packet Analysis: Use these modules to perform deepdive, protocol-level analysis and forensic evidence collection using real-time data captures and historical data mining, or by saving trace files for future decode analysis.

•

Isolating Unified Communication Issues (Call Search/Media Monitor): For environments with Unified Communication tools deployed, use the features of the UC Server solution to troubleshoot issues with audio and video streams and associated signaling for Voice or Video traffic over IP.

Related Topics: The following topics may also be useful with troubleshooting efforts. •

22

Using Search & Discover

GETTING STARTED

23

MONITORING PERFORMANCE AND HEALTH Using nGeniusONE to Monitor Performance and Health Monitor performance and health using the following nGeniusONE modules and features: •

Monitoring Services and Network Domains (Dashboards): Monitor current health and conditions of services, service domains, and network domains, and optionally drill into Troubleshooting tools.

•

Working with Alerts: Use the Alert Browser to view service or device alerts, identify the alert source, and assess other details to triage performance anomalies. Use the Health modules to view server and device hardware alerts.

•

Monitoring Server and Device Health: Use these modules for at-a-glance views of server or data source health within the last 24 hour period.

Related Topics: The following topics may also be useful with monitoring efforts. •

Using Search & Discover

•

Monitoring with Dashboard Spaces

•

Troubleshooting with Monitors: Service, Network Management and Traffic

25

nGeniusONE 5.4.1 Online Help Topics

Using nGeniusONE to Monitor Performance and Health Monitor performance and health using the following nGeniusONE modules and features: •

Monitoring Services and Network Domains (Dashboards): Monitor current health and conditions of services, service domains, and network domains, and optionally drill into Troubleshooting tools.

•

Working with Alerts: Use the Alert Browser to view service or device alerts, identify the alert source, and assess other details to triage performance anomalies. Use the Health modules to view server and device hardware alerts.

•

Monitoring Server and Device Health: Use these modules for at-a-glance views of server or data source health within the last 24 hour period.

Related Topics: The following topics may also be useful with monitoring efforts.

26

•

Using Search & Discover

•

Monitoring with Dashboard Spaces

•

Troubleshooting with Monitors: Service, Network Management and Traffic

MONITORING PERFORMANCE AND HEALTH

USING SERVICE DASHBOARDS Overview of Service Dashboards The nGeniusONE Service Dashboards provide consolidated visual overviews of the health of services, service domains, and network domains in your network. The dashboard is divided into tabs for the different dashboard types available. Each dashboard's continuously updated views enable instant recognition of changes in service conditions. In an nGeniusONE deployment, a service consists of applications, application groups, or messages combined with InfiniStream Appliance interfaces that are monitoring the network segment where the specified traffic is present. A network domain service consists of ASI physical interfaces and location keys. A service domain is a grouping of services, network domains, and other service domains. Once defined, services and domains can be organized into one or more hierarchies. Before using dashboards, an Administrator must configure services, domains, and hierarchies in the Service Configuration Editor. After services are configured, each tabbed Service Dashboard displays service health based on specified metrics associated with any of the components of a service. Operators can quickly assess and triage problems with business services using the following key dashboard features: •

Service Hierarchy o Displays a hierarchical view of domains and services configured in your environment o

o

Indicates the number of critical alerts on the domains and services Provides a launch point for viewing service dashboards

o Enables navigation with context to other modules for additional details and views — Service Monitors — Service Dependency — Alert List •

Service Dashboards o Graphically depict the current state of application services in your network o Represent service health with a set of default or user-specified metrics, for example transactions and failure % o Enable drilldown to associated monitors and alert lists for additional troubleshooting

•

Network Domain Dashboard o Graphically depicts the current state of network domains based on specified throughput metrics in your network o Represents network health with a set of default or user-specified metrics, for example utilization o Enables drilldown to the Application (Traffic) Monitor for additional troubleshooting

27

nGeniusONE 5.4.1 Online Help Topics While viewing current service conditions in any of the dashboards, you can toggle to the Spaces mode

to see more granular, over-time data for the services in the dashboard.

To launch the Dashboard module, click the associated icon on the nGeniusONE Console . By default, the initial view is the Application Service/Enterprise domain dashboard displaying all services configured in your environment.

Verifying Dashboard and Service Dependency Prerequisites Before using the nGeniusONE dashboards and Service Dependency features, verify the following requirements are complete: 1. Ensure ASI data is enabled for all relevant interfaces. To do so, open the Remote Console in Device Management of Global Settings (by clicking the Remote Login button), enter command-line mode, and follow the instructions in Command-Line Object: asi_mode. 2. Ensure that set asi server_table is on (default setting). This setting enables server mapping in Service Dependency. 3. Use the Service Configuration Editor to configure services, domains, and hierarchies for display in the dashboards. 4. Set up the Enterprise tab in Global Settings, including My Network, Server Communities, Client Communities, and VIP List. This is necessary to make the display in Service Dependency as meaningful as possible. For example, the client communities shown in Service Dependency are the ones configured in Global Settings. If they are not set up, Service Dependency will show all of the client nodes individually, with separate icons for each. 5. If Sites have been configured in Global Settings, they will be used to group servers in Service Dependency. For more information on site monitoring, refer to Site Monitoring Overview in nGeniusONE. 6. Ensure that Response Time is enabled for all services/applications you wish to analyze by checking the associated Response Time boxes in the Applications tab of Global Settings. This will provide for latency metrics in Service Dependency. 7. Configure KPI error codes for the desired applications, if they are not already set up. You can do this by right-clicking each application in the Applications tab of Global Settings, clicking KPI Alarms, going to the KPI Error Codes tab, and following the KPI Error Codes instructions. If you do not set the Critical error codes, the "Critical Errors" counts in Service Dependency will always be zero.

Understanding nGeniusONE Dashboards The nGeniusONE Dashboards provide visualization of service health using a collection of informational tiles on tabbed screens. The separate tabs reflect data content for the different dashboard types available. These dashboards give you early recognition of areas with reduced performance, providing clear data representation so you can begin the triage process.

28

MONITORING PERFORMANCE AND HEALTH The rest of this topic describes general features you'll see in all of the tabbed dashboards. For additional details about the separate dashboards, refer to the following topics: • Using the Application Service Dashboard •

Using the Network Domain Dashboard

•

Using the All-Services Dashboard

•

Using the Unified Communications Dashboard

Dashboards The dashboard is laid out as a grid of tiles containing primary and secondary metrics (default or user-specified) for each node. The tiles are a fixed size and if you resize your browser window or change screen resolution, the number of tiles visible at any one time will change accordingly. If necessary, you can scroll to see nodes that are out of view. Note: When viewing the dashboard on an iPad, zooming in and out occasionally logs you out.

Tiles are displayed only for the services that have data for the specified time period; data is available when the nGeniusONE Server completes its logging cycles. In most cases, this retrieval and presentation occurs every 5 minutes or less, providing almost real-time views of current conditions. However, if logging cycles are longer because of larger loads, the dashboard will be updated less frequently. Each tile contains the following information: Example: Service Tile

• •

•

Domain Tile

•

•

Name of Service or Domain Critical (red) and Warning (yellow) alert counts (if applicable) Primary metric and severity indicator — Depicts the health of the service based on a default or user-specified primary metric. This value is used to color the equivalent section of the severity indicator. Secondary metrics — Provide values for default or userspecified secondary metrics. Note: If preferred, you can

29

nGeniusONE 5.4.1 Online Help Topics

modify the metrics displayed in the dashboard. Additionally, clicking anywhere inside a service tile opens a menu with links to context-responsive service monitors and alert lists.

Clicking inside a domain tile opens a menu with links to domain expand and alert lists. You can perform actions on the dashboard using the following controls: Open the service hierarchy tree to select domains and services for display on the dashboard. Time setting

Change the time duration of the data displayed in the dashboard. • Last 5 Mins — Displays the most recent five-minute data sample • Last Hour (default) — Displays an aggregate of the last 12 five-minute samples • Last 6 Hours — Displays an aggregate of the last 6 one-hour rollups; updated on the hour (after rollup is available) • Last 12 Hours — Displays an aggregate of the last 12 one-hour rollups • Last 24 Hours — Displays an aggregate of the last 24 one-hour rollups • Last 7 Days — Displays an aggregate of the last 168 one-hour rollups • Last 31 Days — Displays an aggregate of the last 31 daily rollups * If you have a large number of services and the dashboard is not displaying data after auto-refresh, you can change the timing for data retrieval by setting a property to delay the refresh. Modify the following property in /rtm/html/client.properties: sdm.toolbar.refreshdelay=150000 The default setting of 150000 ms specifies an auto-refresh rate of 2.5 minutes after the clock-aligned 5-minute point. To increase the delay, specify a value up to 270,000 ms (4.5 minutes). Refer to Modifying the client.properties File for additional instructions.

30

MONITORING PERFORMANCE AND HEALTH

Order By

Metrics

Change the sorting preference for nodes in the dashboard (your selection is ordered from left to right and top to bottom). Modify the primary and secondary metrics displayed on the dashboard. Pause and resume the regular refresh of the dashboard. By default, data is refreshed every 5 minutes in the dashboard. Manually refresh the dashboard and service hierarchy tree to retrieve the latest data and service definitions. The refresh button forces an update of the dashboard, which might be necessary to reflect recent additions and modifications to configured services. These are not automatically retrieved, but you can manually refresh by selecting the button.

Filter

Service Domain

Tiles Spaces

Enter text to filter nodes displayed on the dashboard. Note: The filter is reset when you toggle between modes and when you switch to another dashboard. Switch between Service and Domain modes. • Domain Mode displays the immediate, first level of children for the selected parent domain • Service Mode displays all the services in the domain to the lowest level without showing subdomains Switch between Tiles and Spaces display. • Tiles displays the current dashboard as a grid providing metrics for the services and domains in a selected domain (default) • Spaces displays the dashboard as a workspace containing charts for a selected domain

Service Hierarchy The service hierarchy tree is a navigation tool in the nGeniusONE Dashboards. By default, the hierarchy tree is hidden and available on demand when you click the corresponding button at the top left of the dashboard. When opened, the tree shows the hierarchy of services and domains that have been configured and assigned to you for viewing. When open, the tree is the area of focus, the dashboard is in the background, and clicking anywhere outside the hierarchy dismisses the panel. Alternatively, you can pin the tree panel so that it remains open. Refer to Using the Service Hierarchy Tree for additional details.

31

nGeniusONE 5.4.1 Online Help Topics

Spaces When using any dashboard, you can view Spaces for selected domains. A Space is a collection of charts containing data for the service members of the domain, providing greater visibility into problematic conditions. You can modify and configure Spaces only in the All Services Dashboard. Refer to Using Dashboard Spaces for additional details.

Using the Application Service Dashboard The nGeniusONE Application Service Dashboard provides visualization on a single screen of the health of services and domains based on percentage of failures and other metrics. The default initial view is a dashboard for the Enterprise domain, which contains all application services and subdomains configured for your environment in Service Configuration. The following example shows an Enterprise dashboard in Service Mode, indicated by in the upper right. Details are provided below the graphic.

The number of services with data and the total number of services in the selected domain are shown at the top-left next to the domain name; for example, Enterprise 4/4. By default, nodes are sorted in the grid by severity of the specified primary metric (by default, % Failures). The grid can also be sorted by other metrics, alert severities, or by service or domain name. Each tile contains the following information: •

Name of Service or Domain — Overly long names (not recommended) are shown with ellipses, if required.

•

Critical (red) and Warning (yellow) alert counts (if applicable).

•

Severity circle — Depicts the health of the service based on the primary metric (by default, percentage of failed transactions). In the example above, the values inside the circles represent failed transactions as a percentage of total transactions. These values are used to color the equivalent section of the circles to depict severity. The primary metric is also displayed in the legend above the tiles.

•

Secondary metrics — Displays additional metrics, default or user-specified. In the above example, Transactions and New Sessions identify the values of each metric during the selected time period.

Note: If preferred, you can modify the metrics displayed in the dashboard. When a service in the dashboard needs further troubleshooting, you can click the service tile to drill down to the specialized monitor associated with the service (as specified in Service

32

MONITORING PERFORMANCE AND HEALTH Configuration). If no monitor is associated with it, the drilldown will go to the generalpurpose Universal Monitor. Domains do not support direct drilldown to service monitors. However, by clicking a domain tile and selecting Expand, you can follow the service degradations down to a level where you can open the correct service monitor. You can also investigate alerts by drilling down from a service or domain tile to an alert list.

Using the Unified Communications Dashboard The nGeniusONE Unified Communications (UC) Dashboard provides visualization of the health of UC services and domains that monitor media and signaling protocols, such as RTP and SIP. This dashboard is available only on servers that have the UC Server license installed. The default initial view is a dashboard for the Enterprise domain, which contains all UC subdomains and services configured for your environment in Service Configuration. The dashboard displays supported UC metrics and alerts for services containing supported media and signaling applications. In cases where a UC-based service is configured to include other non-UC applications, the same service will also be displayed on the Application Service Dashboard, along with different metrics and alerts associated with those other applications. Another consideration for this type of mixed service is that when the service is displayed on the All Services Dashboard, the UC and non-UC service members are separated into two tiles: one with UC data and one with other application data. In the All Services Dashboard, these tiles are always counted as two in the service totals and are displayed when they contain data (as is the case for all dashboards). A representative UC dashboard in Service Mode, indicated by in the upper right, is shown in the following example. Details are provided below the graphic.

The number of services with data and the total number of services in the domain are shown at the top-left next to the domain name; for example Enterprise (4/13). By default, nodes are sorted in the grid by severity of the specified primary metric (by default, % Degraded MOS In). The grid can also be sorted by other metrics, alert severities, or by service or domain name. Each tile contains the following information: •

Name of Service or Domain — Overly long names (not recommended) are shown with ellipses, if required.

•

Critical (red) and Warning (yellow) alert counts (if applicable).

33

nGeniusONE 5.4.1 Online Help Topics •

Severity circle — Depicts the health of the service based on the primary metric (by default, % Degraded MOS In). In the example above, the values inside the circles represent the default metric. These values are used to color the equivalent section of the circles to depict severity. Values below 1% are shown as <1%. The primary metric is also displayed in the legend above the tiles.

•

Secondary metrics — Displays additional metrics, default or user-specified.

Note: If preferred, you can modify the metrics displayed in the dashboard. When a service in the UC dashboard needs further troubleshooting, you can click the service tile to drill down to either the Call Server Monitor or the Media Monitor. Domains do not support direct drilldown to service monitors. However, by clicking a domain tile and selecting Expand, you can follow the service degradations down to a level where you can open the correct service monitor. You can also investigate alerts by drilling down from a service or domain tile to an alert list.

Using the Network Domain Dashboard The nGeniusONE Network Domain Dashboard depicts network domain health based on total utilization and other metrics. This dashboard is especially useful to network managers, operators, and others in network performance management. The default initial view is a dashboard for the Enterprise domain, which contains all network domains configured for your environment in Service Configuration. The following example shows an Enterprise Network Domain dashboard in Service Mode, indicated by in the upper right. Details are provided below the graphic.

The number of network domains with data and the total number of network domains in the selected service domain are shown at the top-left next to the service domain name (for example, Enterprise). By default, nodes are sorted in the grid by severity of the specified primary metric (by default, % Utilization). The grid can also be sorted by other metrics, alert severities, or by service or domain name. Each tile contains the following information:

34

•

Name of Network Domain or Domain — Overly long names (not recommended) are shown with ellipses, if required.

•

Critical (red) and Warning (yellow) alert counts (if applicable).

•

Severity bar — Depicts the health of the network domain based on the primary metric (by default, utilization). In the example above, the values represent In (blue), Out (yellow), or Total (yellow) utilization during the selected time period. This value

MONITORING PERFORMANCE AND HEALTH is used to color the equivalent section of the bar to depict severity. Any utilization value below 1% is shown as <1%. The primary metric is also displayed in the legend above the tiles. •

Secondary metrics — Displays the default or user-specified additional metrics. These can be any one of the following sets: o

In Utilization, Out Utilization and Total Utilization

o

In Packets, Out Packets and Total Packets

o

Packet Rate

o

Highest Utilization

o

In Volume, Out Volume and Total Volume

o

In Bit Rate, Out Bit Rate and Total Bit Rate

o

Utilization

Depending on the type of interfaces included in the network domain, data is displayed as follows: o Network domains with full-duplex interfaces only: Both In (blue arrow) and Out (yellow arrow) are displayed o Network domains with half-duplex interfaces only: Only Out (yellow arrow) is displayed o Network domains with a mix of full and half-duplex interfaces: Both In and Out are displayed. (The Total also accounts for all data from the halfduplex interfaces.) Note: If preferred, you can modify the metrics displayed in the dashboard. •

Physical interface/Location key count — In the example above, the Westford network domain has 14 physical interfaces and 2 location keys. If a network domain includes a location key with client or server orientation, such as SITE and QoS, it is counted as two interfaces (for both directions) in the dashboard. Keep in mind that this type of location key is considered a single interface in Service Configuration.

When a network domain needs further troubleshooting, you can click the tile to drill down to the Application (Traffic) Monitor. Service domains do not support direct drilldown to service monitors. However, by clicking a service domain tile and selecting Expand, you can follow the service degradations down to a level where you can open the Application (Traffic) Monitor. You can also investigate alerts by drilling down from a service or domain tile to an alert list.

Using the All Services Dashboard When using the specialized dashboards for Application Services, Network Domains, or Unified Communications services, you see only those domains and services that match the dashboard type. Tiles for the services or domains are ordered according to a selected metric, alert type, or name. In contrast, the All Services Dashboard portrays all of the domains and services in a selected container node, regardless of type. The Service Hierarchy tree reflects the order

35

nGeniusONE 5.4.1 Online Help Topics you've defined for all domains and services in Service Configuration, and the tiles are arranged on the dashboard according to their positions in the tree. For example, when you view the Enterprise node in the All Services dashboard, you see domains for all application services and network domains displayed together in their hierarchical order. You also have the option of displaying tiles alphabetically by name. The following example shows an All Services dashboard in Domain Mode , with domains for unified communications services, application services, and network domains. Details are provided below the graphic.

The number of domains with data and the total number of domains are shown at the topleft next to the parent domain name; for example Enterprise (4/14). By default, nodes are sorted in the grid according to their order in the hierarchy tree. The grid can also be sorted by service or domain name. The information displayed for the domains and services in the All Services Dashboard is the same as their respective specialized dashboards, including name, alert counts, metric values, and severity. You can modify the metrics displayed for each service type in the dashboard. In the All Services Dashboard: •

Services support drilldowns to a specialized or general-purpose monitor and to a list of alerts for the service.

•

Domains support both the Analysis feature, where you can see a breakdown of underlying domains and services, and also domain-specific alert lists.

Modifying Dashboard Metrics By default, each nGeniusONE Dashboard displays a predefined set of metrics. However, you can select different primary and secondary metrics for display in the dashboards, as described below. 1. Select Metrics

on the active dashboard.

2. Select primary and secondary metrics as applicable: Note: The Metrics menu in the All Services dashboard contains settings for all dashboard types.

36

MONITORING PERFORMANCE AND HEALTH

Primary metric

Select one metric to be used as the primary indicator of health for services on the selected dashboard. The values for this metric determine the severity displayed. Choose one of following metrics for application service dashboards: •

% Failures (default)

•

% Retransmissions

•

% Slow Response Time

•

% Timeouts

Choose one of following metrics for network domain dashboards: •

% Highest Utilization

•

% Utilization (average) & % Highest Utilization

•

% Utilization (default)

•

Volume (Octets)

Choose one of following metrics for UC dashboards: • % Failed Calls •

% Degraded MOS In (default) /Out

•

% Poor Absolute MOS In/Out

37

nGeniusONE 5.4.1 Online Help Topics

Secondary metrics

Select metrics to be used as secondary indicators of health for services on the selected dashboard. Application service dashboards — Choose two of following supplementary metrics: •

Average Response Time

•

Client Connect Time

•

New Sessions (default)

•

Peak Sessions

• •

Server Connect Time Total Transactions (default)

Network domain dashboards — Choose one of following supplementary metrics: •

Bit rate

•

Highest Utilization

•

Packet rate (default)

•

Packets

•

Utilization

•

Volume (Octets)

Note: With any secondary metric for a network domain, the dashboard displays both In (blue) and Out (yellow) when the network domain consists of full-duplex or mixed full- and half-duplex interfaces. The dashboard displays only Out (yellow) for a network domain consisting of all half-duplex interfaces. UC service dashboards — Select two of following metrics to be used as secondary indicators of UC health: • % Answer Seizure Ratio (ASR)

38

•

% CCR/SCR

•

% Failed Calls (default)

•

% SEER

•

Call Disconnect Delay

•

Dropped Calls

•

Post Dial Delay (PDD)

•

(Number of) Registrations

•

% DTMF Streams In/Out

•

% Degraded MOS In/Out

•

% Gap Streams In/Out

•

% Long Streams In/Out

•

% Out-of-sequence In/Out

•

% Poor Absolute MOS In/Out

•

% QoS Mismatch In/Out

•

% Short Streams In/Out

•

Single Direction Streams In/Out

•

Average Active Streams In/Out

MONITORING PERFORMANCE AND HEALTH

•

Completed Streams In (default) /Out

39

nGeniusONE 5.4.1 Online Help Topics

Using the Service Hierarchy Tree The service hierarchy tree provides access to nGeniusONE Dashboards and other tools as shown in the following example: The tree shows the hierarchy of domains services

and

that have been configured and assigned to you for viewing. You can expand each domain to see its service members.

If alerts have been generated for services in the tree, the number of alert occurrences (during the time period specified in the dashboard) is indicated by red (critical) and yellow (warning) icons next to the service. Alert counts are rolled up to the domain node. When you select a domain or subdomain, the Hierarchy tree closes and the dashboard is updated to display the members of the domain. Selecting a service does not update the dashboard. You can choose to "pin" the tree so that it stays open concurrent with the dashboard. Note: When viewing the dashboard on an iPad, select a domain to close the Hierarchy tree. The tree cannot be closed by selecting the open/close button or tapping outside the tree. The tree also enables navigation with context to other modules for additional details and views. Selecting (left-clicking) a service in the tree provides the following options from the context menu: •

Service Monitor — Provides an at-a-glance view of application-server performance metrics based on the service context.

•

Service Dependency — Shows how client communities interact with servers in a selected service and how these servers interact with other dependent servers.

•

Alert List — Shows the alerts triggered on the service, including details describing the nature and severity of the events. (Also available as a right-click drilldown from service domains.)

These tools are launched in separate tabs within the nGeniusONE Console. You can perform additional actions in the hierarchy using the following controls: Feature

Description

+ — Expand/Collapse

Expands or collapses a selected service domain.

40

MONITORING PERFORMANCE AND HEALTH

Filter

Opens a text box where you can enter search terms. The hierarchy displays all services and service domains matching your filter parameters.

Expand/Collapse all

Expands or collapses all service domain folders.

Pin

Docks (or undocks) the hierarchy panel so that it remains open concurrent with the dashboard. Tiles are rearranged on the dashboard to share space with the open hierarchy panel.

Expanding Domains in the Dashboard If a domain in the dashboard needs investigation, the Domain Expand feature gives you a breakdown of underlying domains and services, enabling you to track the service degradations to the source of the problem. This workflow improves your service triage by allowing you to locate a particular service that is experiencing an issue and quickly linking to service monitors for further troubleshooting. When the dashboard is in Expand mode, each successive domain is displayed as a sequence of bread crumbs. In the example below, the expansion starts with a domain that is exhibiting a high percentage of failures on the Application Service Dashboard.

When you click the tile and select Expand, the bread crumbs panel opens with the domain's immediate children displayed in the dashboard below. Expansion mode suspends updates to the dashboard so that no new data is entered while you are troubleshooting an issue in the current data set. The time field is labeled "Paused." As you continue selecting Expand in child domains, the nodes are added to the panel and the dashboard is updated, as shown below.

41

nGeniusONE 5.4.1 Online Help Topics

Once you have located the service trouble spot, you can then drill down to the associated monitor or to alert details. To put the dashboard into expansion mode: 1. Switch to domain mode by clicking

at the top-right of the dashboard.

2. Click a domain tile, indicated by , and select Expand. (Service tiles, indicated by , do not support the Expand feature.) The bread crumbs panel opens and the domain's immediate children are displayed below the panel. The dashboard data refresh is paused and the play/pause button is disabled. 3. Continue clicking Expand in child domain tiles and extending the bread crumbs panel, as appropriate. 4. Navigate through the bread crumb panel to display the immediate children of a selected node. If the panel exceeds the width of the browser window, click the arrow control to scroll right and left. When you click on a preceding domain in the bread crumb panel, that domain becomes the current bread crumb with immediate children displayed. This enables you to back up to any prior domain so that you can explore the service hierarchy along a different path. While viewing the bread crumb panel, you can change dashboard metrics to view different data in the bread crumbs and in displayed children. Other dashboard settings, such as duration and sort order, apply to displayed children but do not affect the bread crumbs. To stop expansion mode, you can do either of the following:

42

•

Click the End Expansion button at the far right of the bread crumb panel

•

Select a new domain in the Hierarchy tree.

.

MONITORING PERFORMANCE AND HEALTH

Using Dashboard Spaces When viewing any of the dashboards, you can toggle to "Spaces mode" to see over-time views of data for the services in the dashboard. This topic provides an overview of the features available when viewing Spaces in dashboards. (To configure and modify Spaces, refer to Configuring Dashboard Spaces.) Clicking the Spaces button mode.

puts the dashboard and service hierarchy tree into Spaces

Note: This toggle is disabled if Spaces data isn't available for the currently selected domain. Domains with Spaces data are marked with > in the Spaces Hierarchy tree. The views and data contained in a Space are defined by an Administrator or other authorized user. User access to the views in Spaces is limited to individuals who have access to the underlying services. The Spaces window provides several controls along the top, as shown in the following graphics:

A second set of controls provides the following capabilities for Spaces:

When using these controls: •

Filter for matches by chart title or view name in the current dashboard

•

The filter is reset when you toggle between modes and when you switch to another dashboard

•

The toggle for live and configuration modes is available only in the All-Services dashboard

43

nGeniusONE 5.4.1 Online Help Topics While in Spaces mode, you can use the Spaces Hierarchy tree to select and view Spaces for different service domains. When viewing Spaces, any user can modify settings using the following controls and menus: •

Duration — Specifies the period of time to be shown in all views in the displayed Space. Duration selections range from last hour (default) to last 31 days.

•

Resolution — Specifies the data polling interval. By default, all views are at a 5minute resolution. Alternatively, you can choose hourly resolution to display hourly roll-up data. The selection for Last 7 days shows data at 1 hour resolution only; Last 31 days shows data at daily resolution only. For Spaces with 5-minute resolution, each chart in the Space is updated every 5 minutes with the most recent data. For hourly resolution, each chart is updated every hour. When a chart is updated with the latest 5-minute or 1-hour polling value, the oldest sample value is removed, providing a sliding window of data points. If data isn't available for a polling cycle, the chart time is incremented to keep it updated and in sync with other charts in the Space, but the data point is blank for that cycle.

•

Export — Enables exporting the current Space as a PDF, RTF, or CSV file. Note: When using an iPad or other supported mobile device, consider the following: o

o

Be sure to disable popup blockers before exporting. RTF and CSV formats are not supported on mobile devices.

o Mobile devices do not have a default download location; therefore, the exported PDF file will be displayed in a separate browser tab.

•

Options — Enables hover-text, metric legends, chart types, and monitor drilldowns to be displayed or concealed in the charts. By default, when you want to remove one or more metrics from a chart, you click the metric names in the legend. You can change this default setting by selecting the option to "display data only for the selected metric." After doing so, when you click a metric name in the legend, all other metrics are removed. This setting is especially useful if you have many metrics in a chart and you want to focus on a single one.

•

Layout — Changes how views are displayed in the Space: o Columns: Arranged in the specified number of columns with scrollbars, if necessary o Fit to window: Arranged in the specified number of columns with no scrollbars

The next graphic shows an example of charts displayed in a Space:

44

MONITORING PERFORMANCE AND HEALTH

Charts in a Space support the following features: •

Change chart type — Click the button to change the chart display from the default stacked bar to another representation.

•

Drilldown — Click the button with the chart service.

to drill down with context to the monitor associated

Note: If the chart is based on a single service member from a network domain (physical interface or location key), drilldown is not supported. •

Details — Hover over a data point to see more details.

•

Zoom — Click and drag along the horizontal axis to zoom into a shorter time frame. Zooming can be helpful when viewing smaller data values.

•

Metric — Click the metric in the legend to hide or display it in the chart. If necessary, click the down and up arrows in the legend to see metric names that have wrapped to other lines.

•

Drag and drop — Click inside a chart, hold the mouse, and move the view to another location in the Space. The re-ordering is maintained after making other changes to the Space display.

Refer to these help topics for additional information: •

Overview of Dashboard Spaces

•

Configuring Dashboard Spaces

45

nGeniusONE 5.4.1 Online Help Topics

Overview of Dashboard Spaces While nGeniusONE Dashboards provide quick visualization of current service conditions, Dashboard Spaces help you troubleshoot problems by providing a more granular, over-time view of data in those services. A Dashboard Space is a grid of up-to-30 automatically updating charts, the context for which comes from services in a selected domain. The number, content, and layout of the views are determined by default settings or can be modified by an Administrator (or any user with the Spaces Configuration user privilege). You can access and view Dashboard Spaces from any dashboard by toggling to Spaces mode . This toggle is disabled if Spaces data isn't available for the current dashboard. Spaces configuration is available only from the All Services Dashboard. After selecting a domain, the initial Spaces view displays charts for the immediate child services in the selected domain. If the selected domain doesn't have child services, the Space contains no data. For troubleshooting purposes, it's best to start with a sub-domain in your service hierarchy so that you can see a focused set of data. If you were to select the top-level Enterprise domain, for example, you will see data only for the child services added directly to Enterprise, and not complete data for the sub-domains and their associated services below Enterprise. By default, each view in a Space displays data for a complete service and contains aggregated data for all members of the service. Authorized users can modify these and other settings in Spaces Configuration. For further troubleshooting, each chart supports drilldown with context to a Service Monitor that is associated with the underlying service. This monitor association is made when the service is configured.

Overview of Dashboard Space Configuration Dashboard Spaces provide over-time charts of data for services in the nGeniusONE Dashboards. Any domain selected for viewing in a dashboard has a default associated Space based on predefined settings, but users with Spaces Configuration privileges can modify these Dashboard Spaces to customize the data displayed in the views. For example, you can modify the views to change metrics or to show data for specified service members rather than the entire service. By default, the SYSADMIN and NTWKADMIN roles have the Spaces Configuration privilege. These users can modify and create Spaces based on any service, regardless of the user assignments for the service itself. However, access to Spaces is limited to users who have been assigned the underlying service domain. In addition, authorized users can configure default and private Spaces, defined as follows: •

46

Default Space — Each domain has one default Space, with preliminary views and metrics based on the domain's services. Any authorized user can modify a domain's default Space and all users who have access to the source service domain can view the default Space. Keep in mind that the single default Space may be modified by multiple authorized users, in which case the changes made by the last user take effect.

MONITORING PERFORMANCE AND HEALTH •

Private Space — Each domain can also have one or more private Spaces. These are separate domain-specific Spaces that may be configured by separate authorized users for their own viewing. It's possible, therefore, for a service domain to have one default Space available to all users and multiple private Spaces available to individual authorized users.

Important: In distributed environments, Dashboard Spaces are configured only on the Global Manager. The data for these Spaces comes from all of the Local Servers in the cluster. Local Servers have their own default and private Spaces, which can be viewed but not modified. After a default or private Space is modified and saved, the service-based views are fixed. The addition or deletion of services in the underlying domain are not reflected in the Space unless an authorized user makes corresponding changes in the Space configuration. Keep in mind that the service domains in the All Services Dashboard might contain a blend of various types of services that are normally displayed in different specialized dashboards. When viewing this type of blended service domain in the specialized dashboards, you see the domain displayed with only those services that correspond to the particular dashboard. Similarly, the Space you created in the All Services Dashboard will be reduced to those views that pertain to the particular services and dashboard. For example, if you create a Space for a Service Domain that contains application services and network domains, you'll see the Service Domain and its Space with only application service data in the Application Service Dashboard. In the Network Domain Dashboard, you'll see the Service Domain and the Space with only network domain data. When using the All Services Dashboard, all service types and Space views for the domain are available.

Configuring Dashboard Spaces Dashboard Spaces provide over-time charts of data for services in the nGeniusONE Dashboards. Any domain selected for viewing in a dashboard has a default associated Space based on predefined settings, but users with Spaces Configuration privileges can modify these Dashboard Spaces to customize the data displayed in the views. Configure a Space as follows: 1. Navigate to the All Services Dashboard. This is the only dashboard that supports Spaces Configuration.

2. Toggle the dashboard to Spaces mode

.

3. Select a domain in the Service Hierarchy tree, click the arrow to open the drilldown menu, then select Default or Private Space. Out-of-the-box, before configurations have been made, these two Space types are identical. When the Default or Private Space opens, it contains separate charts for all services in the selected domain. Each chart shows aggregated data for all of the given service's service members and for the same primary metric that is displayed in

47

nGeniusONE 5.4.1 Online Help Topics the service tile on the current dashboard. For example, if the primary metric for an application service is failures, the chart initially shows failures in the Spaces view. You can add and remove views, change the metrics and data sources, and modify other settings in Spaces.

4. Toggle to Configuration mode

.

While in Configuration mode, updates to views are paused so that you can modify settings. Any configurations you make and save will apply to the current selected Space. 5. Modify settings for the overall Space and for each view, as required. Your changes take effect when you click outside of the dialog boxes. If you want to create your own customized views, click Add Space view in the Space toolbar and select view settings as required. When complete, click Add to add the view and configure additional views, or click Add and Close to add the view and return to the Spaces dashboard. You can click Undo 6. Click Save

to reset to the previously saved settings.

to save the default or private Space with the updated views.

After modifying and saving a default Space, this now becomes the new default Space available to all users. After configuring a private Space, it is available only to you. Refer to these help topics for additional information: •

Overview of Dashboard Space Configuration

•

Overview of Dashboard Spaces

•

Using Dashboard Spaces

User Roles and Privileges in Spaces Configuration nGeniusONE provides one privilege associated with Spaces configuration. This privilege is assigned, by default, to certain user roles as described in the table below.

48

MONITORING PERFORMANCE AND HEALTH

Privilege name

User roles (assigned by default)

Spaces Network Configuration Administrator (NTWKADMIN); System Administrator (SYSADMIN)

Description

Provides the ability to configure default and private Spaces, including creation, deletion, and modification.

Users with this privilege create Spaces with views based on services defined in nGeniusONE Service Configuration. These users can create Spaces based on any service, even if the service is not explicitly assigned to them. However, end-users of the configured Spaces can access views only if the underlying service has been assigned to them.

Service Dependency Overview Service Dependency allows you to see the interdependencies between the servers that deliver a service and how those servers are performing. This is useful for understanding the service structure, usage and choke points. It also helps identify servers that are causing problems or that were not expected in the service delivery chain. Service Dependency provides a map of servers associated with a service, along with the client communities served by those servers and the dependent servers providing an enabling function to them (such as DNS or RADIUS). It includes traffic and performance metrics, allowing users to determine if client communities are being affected by a poorly performing server. For example, Service Dependency may help uncover that a problem with an email server is preventing a certain client community from using email. It can also be useful in determining if a server outside of the service definition is affecting performance. For example, a server within a defined LDAP service may appear to be slow, but Service Dependency may uncover that a DNS server it is querying is actually causing the bottleneck. Service Dependency can also identify unexpected members in the service delivery chain, so that deployment architectures can be updated for optimization purposes. In order to use Service Dependency, you must ensure that it has been properly set up and configured. For information on using Service Dependency, refer to Analyzing Servers and Server Dependencies Associated with Services.

Analyzing Servers and Dependencies Associated with Services Service Dependency allows you to see the interdependencies between the servers that deliver a service and how those servers are performing. This is useful for understanding the service structure, usage and choke points. It also helps identify servers that are causing problems or that were not expected in the service delivery chain. Service Dependency provides a map of servers associated with a service, along with the client communities served by those servers and the dependent servers providing an

49

nGeniusONE 5.4.1 Online Help Topics enabling function to them (such as DNS or RADIUS). It includes traffic and performance metrics, allowing users to determine if client communities are being affected by a poorly performing server. For example, Service Dependency may help uncover that a problem with an email server is preventing a certain client community from using email. It can also be useful in determining if a server outside of the service definition is affecting performance. For example, a server within a defined LDAP service may appear to be slow, but Service Dependency may uncover that a DNS server it is querying is actually causing the bottleneck. Service Dependency can also identify unexpected members in the service delivery chain, so that deployment architectures can be updated for optimization purposes. Note: Before you can use Service Dependency, you must ensure that it has been properly set up and configured.

Accessing Service Dependency Service Dependency is accessed from the service hierarchy tree in Service Dashboard. To launch Service Dependency, click on the desired service (the service for which you want to see associated servers) and choose Service Dependency. This will open a new tab in Service Dependency containing a hierarchical map of client communities (as configured in the Enterprise tab in Global Settings), configured and discovered servers associated with the selected service, and dependent servers. Client communities (denoted by monitor icons) appear in the top layer of the map. Configured and discovered servers specific to the service (denoted by blue server icons) appear in the middle layer, with associated interdependencies displayed. Dependent servers (denoted by green server icons) appear in the bottom layer. Virtual servers are indicated with a virtual server icon. The connections between nodes are represented by lines. The thickness of those lines indicate the relative transaction load on that link. A range of performance metrics is displayed for each node. You can choose to display metrics for errors, activity, or latency using the toolbar buttons. (Refer to "Changing the Metrics Displayed" below.) Also, a Service Dependency icon will appear on the nGeniusONE Console dock, so that you can easily return to Service Dependency from another screen.

Using Service Dependency Moving around the Screen and Altering the View The following are tips for moving around the screen in Service Dependency and altering the view: •

Moving/zooming: o

You can move the map by clicking anywhere in the map and dragging.

o You can zoom in and out using the magnifying lens buttons in the toolbar. o You can zoom in on the selected node using the Focus and Zoom button. o You can zoom to a desired area by holding the [Ctrl] key while using the left mouse button to drag a rectangle around the area you wish to enlarge.

50

MONITORING PERFORMANCE AND HEALTH o You can quickly zoom out and re-center the map using the Re-Center button. o You can home in on a particular area using the Toggle Overview button. (A representation of the map appears in a small box, and you can move and resize the blue rectangle to indicate which section of the map to display.) •

You can find nodes that match a specified criteria using the Find button. Matching nodes will be displayed with a red border. (Note that nodes in groups will be found if the group has been expanded.)

•

Showing/hiding nodes: o You can display or hide labels by toggling the Show/Hide Link Labels button. o You can hide an individual server by selecting the server then rightclicking on it and selecting Hide. You can unhide the server using the Show Client/Server button. o

You can hide multiple nodes using the Filter button.

o You can show or hide dependent servers using the Show/Hide Dependent Servers button. (Nodes with dependent servers are indicated by a "D" in a blue box.)

•

In cases in which multiple links connect nodes (for example, when one is connected to multiple interfaces on another), you can use the Aggregate/Unaggregate Links button to specify whether to display a link for each connection or aggregate them into a single link to minimize the lines shown on the map.

•

You can change the metrics displayed on the nodes. Refer to "Changing the Metrics Displayed" below.

Changing the Time Frame To change the time frame of the data associated with the nodes, use the drop-down menu at the top of the tab to select the duration and the arrows to the right of the menu to go forward or backward by that duration. For example, if you select Last Six Hours, Service Dependency will display data from the last six hours. If you then click the back arrow, it will display data for the previous six hours. Alternatively, you can specify a specific time period by choosing User Defined from the menu. (Note that this works differently than time range selection in Service Monitors.) Changing the Metrics Displayed Service Dependency provides three categories of metrics for servers: failures, server load, and latency. You can change the category being displayed using the buttons at the top of the window. Notes: •

If you select failures as the metric, Service Dependency will display critical errors, failed transactions, and retransmissions for each server. (This data is obtained from the KEI table.) Note that critical errors are defined in global settings. If you have not set critical errors for the application, Service Dependency will display 0s for critical errors.

•

If you select server load, Service Dependency will display total requests, transaction rate (transactions per second), and new sessions for each node. (This data is obtained from the KSI table.)

51

nGeniusONE 5.4.1 Online Help Topics •

If you select latency, Service Dependency will display average response time, slow responses, and timeouts. Note that response time must be enabled for the service for Service Dependency to display this data. (This data is obtained from the KSI, KPI, and KEI tables.)

•

You can view all metrics for a conversation by mousing over the associated line.

Working with Groups Service Dependency groups servers based on sites configured in Global Settings. (Refer to Configuring Service Dependency for more information.) A plus sign (+) on a node indicates a group node. To view the individual nodes within that group, click the plus sign. To collapse the group, use the minus sign (-). Note that metrics for a collapsed group reflect the aggregate data of the nodes within the group. Also note that you cannot drill down from a line attached to a group node, because the line does not represent a conversation between two elements. However, you can drill down from lines to individual nodes within a group, when the group is expanded. You can also create your own custom groups using the User Defined Group button. Note that servers that already belong to a group cannot be added to user-defined groups (and will therefore not appear in the list of servers that can be added to a user-defined group). NOTE: If a group contains a self-looped client-server pair, the group node will link back to itself. Drilling Down for More Information If you want more information on a particular conversation, you can drill down to the bestsuited service monitor by right-clicking the line between two conversing nodes and clicking Service Monitor. Note that, if only one service is associated with a conversation (LDAP, for example), and a service monitor exists and is enabled for that service (such as LDAP Monitor), that service monitor will be launched on drilldown; otherwise the Universal Service Monitor will be launched. The service monitor will display data related to the nodes and service for the time period specified in Service Dependency (or the last hour of the time period in the case of Universal Service Monitor, which only supports an hour of data). From there you can drill down even further to Session Analysis or Packet Analysis, if desired. Note: •

Another way to drill down is to select a link, click the Options button, and then click Service Monitor from the drop-down menu.

•

The following applications are not supported for drilldown: HTTP, HTTPS, ICMP, SNMP, NB_SSN_T.

Printing/Exporting the Map You can print the map using the Print icon. To export to PDF, choose Adobe PDF as the printer.

Sample Use Cases To provide an idea as to how one might use Service Dependency, here are some sample use cases: •

52

A user knows the application protocols and instrumentation interfaces that will see the traffic for a service. However, the specific servers that deliver the service and their interdependencies are not known. This may be because the service is multi-

MONITORING PERFORMANCE AND HEALTH tiered, and the interactions are complex; or, it may be because the servers are virtualized, and their exact location and addressing details are not known. Service Dependency will visualize the servers and their relationships to enable the service delivery architecture to be explored. •

A user may see high failures associated with a service in the Service Dashboard. To narrow down the problem to specific server elements, Service Dependency can be used to show the failed transactions and error counts broken down by server in the context of their relationships to each other. Drilldowns to the service monitors provide a tight context for further examination of failure details. As Service Dependency will also show any servers outside the service definitions that are enablers, errors further up the delivery chain that are causing issues with the application servers can also be identified.

•

The breakdown of client communities interacting with the servers in an application is unknown. Server Dependency shows client communities divided by their connection to the servers, with traffic load by link and server. If there are multiple servers in a particular application layer, the relative loading between them can be seen. Sites can be used to group client communities and servers to align with physical locations such as offices and data centres. Meaningful and actionable service loading information can be used to optimize end-user experience.

Additional Topics Service Hierarchy Tree When opened, the service hierarchy tree is available on the left-hand side of the dashboard. You can use the tree to select domains and services for display on the dashboard. If alerts have been generated for the services or domains in the tree, the critical and warning alert counts are indicated by red and yellow icons. The tree also enables navigation with context to other modules for additional details and views. Selecting a service in the tree provides the following options from the context menu: • Service Monitor •

Service Dependency (Note: In some cases, drilldown to Service Dependency is enabled but the application is not supported for mapping.)

•

Alert List (also available as a right-click drilldown from service domains)

These tools are launched in separate tabs within the nGeniusONE Console. Refer to the following topics for additional information: •

Using the Service Dashboard

•

Using the Service Hierarchy Tree

53

nGeniusONE 5.4.1 Online Help Topics

Spaces Configuration The upper-right of the Spaces Configuration screen provides controls for specifying and saving layout options that apply to the entire Space. Refer to the table below. While viewing Spaces, users can temporarily modify the layout, but cannot save it. Drag and Drop: In addition to the operations described in the table, you can also click inside a view, hold the mouse, and drag and drop the view to another location in the Space.

Space settings and controls Layout

Select a layout to specify how the Space is displayed: • Columns: # — Views in the Space are arranged in a specified number of columns in a single window with scrollbars, if necessary. • Fit to Window — Views in the Space are arranged in a specified number of columns in a single window with no scrollbars. Note: A maximum of 10 columns is permitted; however, depending on display size, a smaller number might produce better results. Open a dialog box where you can add one or more views to the current Space. Undo recent modifications to the Space. Save updates for the Space. Toggle between Tile and Space modes. Toggle between live and configuration modes for Spaces.

When adding or modifying views in the Configuration screen, use the following parameters: Space view settings Title

54

By default, the title for each view in a Space is based on the view's primary metric. To customize the title, select the checkbox, then modify the text.

MONITORING PERFORMANCE AND HEALTH

Primary Metric

Each Space view displays a single metric, the same as the primary metric from the service tile in the dashboard, by default. Change the metric for the view by selecting one metric from the dropdown menu; for example, Successful/Failed Transactions or Response Time Distribution. Note: • Space views offer the same metrics as dashboards but also provide additional selections for chart-compatible metrics, such as Error Code Distribution. • When viewing Response Time Distribution charts for services, the charts show response time data with labels such as Degraded and Slow. However, for individual service members the data is displayed with numerical response time values, such as <=1000 ms.

Expand view to its service members

Clone view

Click to see a list of service members. Use the text boxes to enter values for filtering the list. By default, a Space view contains aggregated data for all members of a service. You can create separate new views in the Space for each service member by selecting members and clicking Apply. Create a duplicate copy of the view in the current Space and modify contents as needed.

Remove the view from the current Space. Remove view

Service:

Select a different service from the selected domain as a data source for the view.

Service member:

Select a single service member from the service as data source for the view. Use the text boxes to enter values for filtering the list. Note: If you are configuring a view for a network domain containing multiple monitored elements (physical interfaces or location keys) and selecting a service member as a data source for the view: • Drilldown from the service member chart to its associated monitor is not supported. • Highest Utilization is not a supported metric for the service member.

55

nGeniusONE 5.4.1 Online Help Topics

WORKING WITH ALERTS Overview of Alerts in nGeniusONE Alerts are an important tool for monitoring performance and health using the nGeniusONE solution. This topic provides an overview of the alerts you can set in nGeniusONE to receive prompt notifications about changing or deteriorating conditions in: •

Application services and network domains

•

The health of devices, data sources, and servers in your nGeniusONE environment

Alerts for the above features are displayed in the nGeniusONE Alert Browser and the Server and Instrumentation Health modules. Further below, you'll find brief information about other alarms that can be configured for nGeniusONE devices, interfaces, and applications. These alarms are displayed in the Performance Manager Alarm Viewer or UMC-based Service Delivery Manager; not in the nGeniusONE Alert Browser.

Service Alerts When configuring nGeniusONE application services and network domains in the Service Configuration module, you can optionally enable alerts for the monitored elements and applications in those services. By default, alerts are not generated. When enabled, service alert counts are displayed in the Service Dashboard and the alerts are displayed in the Alert Browser, providing early awareness of possible problems with applications, links, servers, voice services, or the network. Service-based alerts are managed through the use of alert profiles, either the default alert profile associated with the service or a user-defined profile. An alert profile contains one or more triggers consisting of metrics and settings for generating alerts. Each metric has default settings, which can be modified. The default profile can also be modified, but not deleted. You configure alert profiles using tools in Service Configuration and apply them as needed to your services. An alert is generated when a trigger in the profile is exceeded on any member in the associated service or, alternatively, on aggregated service members. Refer to Enabling Alerts for Services for further details. Additionally, for network domains you can enable Real-Time alerts that provide immediate notification about anomalous conditions for specific supported metrics. Real-time alerts for message packet loss is also supported for application services. To enable these alerts, separate configuration steps are required as described in Configuring Real-Time Alerts for Services.

Instrumentation Health Alarms The Instrumentation Health module provides you with a way to view the status of all InfiniStream appliances and Flow Collectors in your network at a glance. You can view details about hardware, interface, and usage, as well as real-time status polled from the InfiniStream for any Warning or Critical alarm reported. Refer to Instrumentation Health for additional information.

56

MONITORING PERFORMANCE AND HEALTH

Server Health Alarms The Server Health dashboard provides an at-a-glance view of the current state of the nGeniusONE environment. You can survey the current status of all servers for system operations such as free disk space, allocated memory and usage, and processes based on the last 24 hours of operations. In addition to environmental information, health is depicted as OK or generating Warning or Critical Alerts when conditions have worsened. A drilldown to the nGeniusONE Alert Browser is provided for more specific information about all Warning and Critical alerts. Refer to Server Health for additional information.

57

nGeniusONE 5.4.1 Online Help Topics

Configuring Alerts for Services Enabling Alerts for Services When working with nGeniusONE application services and network domains, you can enable alerts for the monitored elements and applications in those services. Service alerts, which are displayed in the Service Dashboard and Alert Browser, are generated by the nGeniusONE Server and provide early awareness of possible problems with applications, links, servers, voice services, or the network. Additionally, for network domains you can enable Real-Time alerts that provide immediate notification about anomalous conditions for specific supported metrics. To enable these alerts, separate configuration steps are required as described in Configuring Real-Time Alerts for Services. To enable alerts for a service: 1. Create the service. 2. Select Alerts on the service settings panel.

3. Accept the default alert profile, select a previously defined alert profile, or create a new alert profile. When you enable alerts, a default alert profile is associated with the application service or network domain. The default profile for application services produces alerts when baselines are exceeded for average response time, failure rate, and transaction rate. The default profile for network domains produces alerts when baselines are exceeded for bit rate. Other metrics are available. You can view and modify the default and other profiles by selecting the profile and opening the settings panel. Refer to Configuring Alert Profiles for Services for additional information. 4. (Optional) Select Actions. This option allows you to specify actions to occur when an alert is triggered, such as executing a script, forwarding an SNMP trap, or sending an email. Refer to Configuring Actions for Service Alerts for additional information. 5. Click OK to apply the alert settings to the service. 6. Add the service or network domain to a service domain in the Service Hierarchy to enable display of alerts in the Alert Browser. If you want to prevent the generation of service alerts during specific periods of time, you can configure service alarm exclusions.

58

MONITORING PERFORMANCE AND HEALTH

Understanding Service Alert Profiles When configuring services, you can enable alerts for the monitored elements and applications in those services. Service alert counts, displayed in the Service Dashboard and Alert Lists, provide early awareness of possible problems with applications, servers, voice services, or the network. Service-based alerts are managed through the use of alert profiles, either the default alert profile associated with the service or a user-defined profile. An alert profile contains one or more triggers, consisting of metrics and settings, for generating alerts. Each metric has default settings, which can be modified. The default profile can also be modified, but not deleted. You configure alert profiles using tools in Service Configuration and apply them as needed to your services. You can create multiple alert profiles and associate different profiles with different services. Each service can be associated with only one alert profile at a time, but the profile can contain multiple triggers for the same or different metrics. For example, if you want to receive alerts when a metric is both increasing and decreasing, you can create two triggers in the same profile. An alert is generated when a trigger in the profile is exceeded on any member in the associated service or, alternatively, on aggregated service members. If you want to prevent generation of alerts during specific periods of time, you can configure service alarm exclusions in Server Management. The following types of alerts can be included, singly or in combination, in alert profiles: •

Baseline alerts o

Signal a metric exceeding statistically-derived baselines.

o Baselines are computed by analyzing each service member and continuously adjusting to current behavior. You can exclude specific periods of time from baseline calculations by configuring baseline exclusions. o Baselines can be based on cyclical data (for example, transaction rates) or noncyclical data (for example, server/client retransmissions). o Alerts are automatically generated when supported metrics rise above the baseline for the period. Refer to Alert Profile Settings for a list of supported metrics in the current release. •

Threshold-based alerts o Signal increasing or decreasing metrics by comparing minimum transaction counts to user-defined thresholds. o

Thresholds can be set for Warning and Critical.

o Alerts are automatically generated when supported metrics rise above or below the threshold for the period. Refer to Alert Profile Settings for a list of supported metrics in the current release. •

Availability alerts o

Signal the non-availability of a server.

o

Thresholds can be set for Warning and Critical.

o Alerts are triggered when a server in an application service member fails to respond to all SYN requests over a specified threshold during a 5minute period. You should configure availability alerts only for services in which the specified servers remain the same and are not changing or going offline on a regular basis.

59

nGeniusONE 5.4.1 Online Help Topics •

Real-Time alerts o Provide almost immediate notification when supported alert conditions are met.

The following considerations apply to service-based alerts: •

Alerts are not generated by default; you must enable them and select or define an alert profile when configuring a service.

•

In a Distributed Server environment, you define alert profiles and apply them to services on the Global Manager.

•

When network domains are analyzed for alerts, by default, they are expanded into separate physical interfaces and location keys (virtual interfaces). As needed, analysis is performed on the primary location key and the server/client orientation selection for the service is applied.

•

If you prefer, you have the option to receive alerts based on aggregated data from all members in a complete service.

•

With a new database, the statistical calculations require data for at least: o o

3 days of data for noncyclical baseline alerts 1 week of data for cyclical baseline alerts

Configuring Alert Profiles for Services and Network Domains When you enable alerts for an application or network domain service, the alerts are managed through the use of alert profiles, either the default profile associated with the service or a user-defined profile. An alert profile consists of one or more metrics with triggers for generating alerts. Using the default profile, an alert is generated when a trigger in the profile is exceeded on any member in the associated service. If preferred, you can configure an alert profile that generates alerts for aggregated service data. This option is described below. To view or modify the triggers in the default or any other profile, click the Modify button to open the settings dialog box. You can create your own profiles with customized triggers as follows: 1. After enabling alerts for a selected application service or network domain, click Create alert profile

(next to the Profile dropdown menu).

The Alert Profile panel opens. Use the settings in this panel to create or modify the triggers in alert profiles. The alert profiles you configure will always be associated with the type of service selected: application service or network domain. 2. (Optional) Select the checkbox to enable Real-Time alerts. These alerts are supported only for services and network domains with qualified elements. Refer to Configuring Real-Time Alerts for Services for additional information. 3. (Optional) Select the checkbox to enable aggregated service alerts. (Not supported when Real-Time alerts are enabled.) This feature allows you to receive alerts on aggregated data for an entire application or network domain service rather than a service's individual members. When

60

MONITORING PERFORMANCE AND HEALTH enabled, aggregation is included in the alert profile and is applied to every service or network domain with this alert profile assigned. Alerts are generated, as warranted, by comparing the aggregated service data to the configured baselines or thresholds. The generated alerts are labelled with "Aggregated Service" when displayed in the Alert Browser. Considerations: Alarming on aggregated services is restricted to the following supported metrics: For network domains: Bit Rate For application services: Application Service Bit Rate (the sum of traffic to and from the servers for the applications in this service), Failure Rate, Transaction Rate, Timeout Percentage If you enable aggregation in an alert profile with previously created triggers, you receive a warning that the triggers will be converted to apply to an entire service. Triggers that aren't supported for aggregated services will be removed. If preferred, you can keep the existing profile by cancelling this conversion and create a new profile for aggregated services. 4. Click Add trigger

.

5. Configure triggers for the alert profile as required. Click Apply to add as many as 10 triggers. 6. (Optional) Select Action if you want to specify additional operations, such as executing a script, forwarding SNMP traps, and/or sending an email, in response to alerts generated for the selected alert profile. 7. Click OK on the main panel to save the alert profile and triggers. The profile is added to the dropdown menu and can be used for other application services or network domains, depending on the type of service currently selected. For example, if the profile is defined for a network domain, the profile is available only for other network domain type services. If the profile is defined for an application service, it is available only for other application services.

Configuring Actions for Service Alerts By default, when service alerts are generated, they are logged and displayed in the nGeniusONE Alert Browser. Optionally, you can specify additional actions to occur in response to alerts generated for the triggers in a selected alert profile. Alert actions consist of operations such as executing a script, forwarding SNMP traps to specific IP addresses, and/or sending an email. You define actions when applying an alert profile to a service. Alert actions are not specific to the type of service selected; they can apply to both service applications and network domains. 1. Create a service. 2. Enable alerts for the service. 3. Select Actions.

61

nGeniusONE 5.4.1 Online Help Topics 4. Select an already configured action or create a new action by clicking Create alert action

.

The Alert Actions dialog box opens. 5. Enter a name for the alert action. 6. Add one or more of the following types of operations to be executed as part of an alert action: •

Scripts — Select a default or custom script. One script can be included in the action definition.

•

Send Email — Enter email addresses for individuals/groups who should receive alert notifications. The email notification includes a URL that recipients can follow to view alert details. To send alert notifications by email, you must configure email settings in Server Management.

•

Forward alerts as SNMP Traps — Enter IP addresses for devices to receive alert notifications as SNMP traps. The forwarded alert includes a URL that recipients can follow to view alert details. To forward alerts to a third-party system, you must add the following two properties to the serverprivate.properties file: AlarmForwarder.destinationPort= AlarmForwarder.communityString=

7. Click OK to save the action. 8. Apply the action to the service by clicking OK in the Service Definition panel.

Configuring Real-Time Alerts for Services When configuring alert profiles for services, you can enable Real-Time alerts for services that include supported interfaces and applications. These alerts are displayed in the nGeniusONE Alert Browser, providing almost immediate notification when alert conditions are met. Real-Time alerts are supported for: •

Network domains with physical interfaces that have been configured for the DLC alert type and utilization or burst utilization metrics.

•

Application services that include Market Data Feeds configured for Message Loss alerts.

At a high level, these alerts require the following configurations in the specified modules: •

Configure utilization or burst utilization alerts for interfaces in Performance Manager Device Configuration.

•

Configure Message Loss (KPI Packet Loss) alerts for Market Data Feeds in nGeniusONE Global Settings.

•

Enable the alerts for services in nGeniusONE Service Configuration.

The configurations may be performed in any order. Detailed procedures are provided below.

62

MONITORING PERFORMANCE AND HEALTH

Device Configurations for Real-Time alerts To collect DLC utilization or burst utilization metrics from the InfiniStream data source, you configure alert settings in a template that is applied to selected interfaces. Note: •

To receive alerts for burst utilization, ensure that the InfiniStream appliance is set for power_alarm_util on.

•

If the InfiniStream appliance is set for power_alarm_util on, utilization alerts are displayed in the Alert Browser with % utilization as the triggering value. If this setting if off, the alerts are displayed with number of bytes as the triggering value. Refer to Toggle power_alarm_util for additional information.

1. Launch Device Management from the Performance Manager Home page. 2. Select a device in the list. 3. Select Device > Templates. 4. In the Template Manager, click the Probe Interface tab. 5. Select the template to which you want to add an alert or create a new template. 6. With the template selected, in the Alarms section do one of the following: •

Click New Alarm.

•

Select an existing alarm to modify.

7. Enter the required information for the alert. 8. Click OK. 9. Apply the template to the interfaces with the traffic for which you want Real-Time alerts. 10. Configure network domains with these interfaces as described below.

Global Settings Configurations for Real-Time alerts Real-Time alerts are supported for message loss on market data feeds (MDFs). To generate these alerts, you configure KPI alarms on the MDFs in nGeniusONE Global Settings. The following procedure assumes that you have already enabled the Financial business type and configured MDFs in your environment. Refer to Configuring Business Types and Monitoring Market Data Feeds in nGeniusONE - Overview for additional information. 1. Launch nGeniusONE Global Settings. 2. Click the Applications tab. 3. Select Market Data Feed in the View drop-down menu. 4. Select a feed for which you want to receive Real-Time alerts. 5. Right-click and select KPI Alarm. (This option is enabled only for configured MDFs.) 6. On the KPI Variables tab, enter a value in the Packet Loss field. This number is the threshold for lost messages during the data sample period. 7. Select a severity level, Warning or Critical, for this MDF alert. The severity is applied to the alert in the Alert Browser and Service Dashboards.

63

nGeniusONE 5.4.1 Online Help Topics 8. Click OK to save the KPI variables. 9. Click Apply on the Applications tab. 10. Configure services with these MDFs as described below.

Service Configurations for Real-Time alerts Real-Time alerts are not generated by default, but you can enable them when configuring alert profiles in Service Configuration. 1. Create a service that supports Real-Time alerts, which can be any of the following: •

A network domain that includes at least one interface configured as described above.

•

An application service that includes MDFs with KPI alert settings as described above.

2. Enable alerts, and click Create alert profile menu).

(next to the Profile dropdown

3. In the Alert Profile panel, provide a name for the profile. 4. Select the checkbox to enable Real-Time alerts. 5. (Optional) If required and supported for the service type, configure additional triggers to be included in the alert profile. 6. Click OK to save the alert profile. 7. Click OK in the service settings panel to associate the alert profile with the service. You can apply this same profile to other services with the required elements. If you want to prevent generation of alerts during specific periods of time, you can configure service alarm exclusions in Server Management. When the Real-Time alerts occur, you can view them in the nGeniusONE Alert Browser.

Template Settings for Real-Time Alerts The alarm template settings described below pertain specifically to Real-Time alerts displayed in the nGeniusONE Alert Browser. You can disregard other fields in the template that are not required for these alerts. Field Alarm Type and Metric

Description 1. Click the Alarm Type field and select DLC. 2. Click the Metric field and select one of the following metrics from the down-down menu: • •

64

Utilization (%) Burst Utilization (%)

MONITORING PERFORMANCE AND HEALTH

Interval

Enter a value and appropriate units where configurable. The interval determines how often the device samples data. Double-click to modify. • DLC — Default = 120 seconds for Utilization (%); 10 milliseconds for Burst Utilization (%).

Thresholds

Double-click to modify the rising or falling (or both) threshold level. Enter thresholds using the following units: •

Utilization and Burst Utilization Thresholds — % (Burst Utilization supports Rising threshold only)

Note: Utilization and Burst-Ending alerts do not display evidence in the Alert Browser. Send Alarms

Select the rising or falling (or both) checkboxes for supported alarm types to generate an alarm when the threshold level is exceeded.

Severity

Double-click to select a severity level (1-5) for the alarm where 1-2 are Critical and 3-5 are Warning severities.

The other fields in the template are not required for Real-Time alerts. You can set values for Callback Script, Forward, and Email separately as alert actions for a service.

Exporting/Importing Service Alert Profiles and Actions If you want to transfer alert profiles and actions associated with service definitions between nGeniusONE servers, you can export and save them, then import the profiles and actions to a different system. Important: You must import alert profiles and actions before importing services that are associated with the profiles and actions. Refer to Exporting/Importing Service Definitions for additional information. The tool allows you to import alert profiles and actions that were previously exported using either the Service Configuration tool or the Command Line Administrator utility.

Exporting Service Alert Profiles 1. Launch Service Configuration

from the nGeniusONE Console.

2. Enable the Alerts configuration area by first selecting a service in the Services pane. 3. Click Export

next to the Profile menu.

Note: This action exports all alert profiles regardless of the type of service selected in step 2. All alert profiles are exported as an .xml file. Depending on your browser settings, the XML takes one or more of the following forms: •

Saved automatically to a default folder on your system (usually Downloads)

65

nGeniusONE 5.4.1 Online Help Topics •

Displayed in a new window

•

Available for you to run or save manually

Importing Service Alert Profiles 1. Launch Service Configuration

from the nGeniusONE Console.

2. Enable the Alerts configuration area by first selecting a service in the Services pane. 3. Click Import before services.

next to the Profile menu. Profiles and actions must be imported

4. Select an exported .xml file and click Open. The imported profiles are added to the Profile drop-down menu. If the current system already had alert profiles configured, the imported profiles are appended and triggers are added, as necessary.

Exporting Service Alert Actions 1. Launch Service Configuration

from the nGeniusONE Console.

2. Enable the Alerts configuration area by first selecting a service in the Services pane. 3. Click Export

next to the Actions menu.

All alert actions are exported as a .csv file, which is saved automatically to a default folder on your system (usually Downloads).

Importing Service Alert Actions 1. Launch Service Configuration

from the nGeniusONE Console.

2. Enable the Alerts configuration area by first selecting a service in the Services pane. 3. Click Import

next to the Actions menu.

4. Select an exported .csv file and click Open. The imported actions are added to the Actions drop-down menu. If the current system already had alert actions defined, the imported actions are appended to the current set.

Forwarding Service-Based Alerts You can forward SNMP traps or send email notifications for service-based alerts to other systems or users. Each forwarded alert or email includes a URL that recipients can follow to view alert details. When entered into a web browser, this URL launches the nGeniusONE Alert Browser with details for the particular alert. In a distributed environment, all alert URLs (including those for alerts triggered on the Local Servers) point to the Global Manager. 66

MONITORING PERFORMANCE AND HEALTH To view alert details through the URL, users must have: •

Login access to the nGeniusONE server where the alert was triggered (or the Global Manager)

•

Assignment of the service or domain that is the source of the alert

To forward alerts or send email to other systems or users, you apply the required action to a service as part of an alert profile.

Configuring Service Alarm Exclusions Service Alarm exclusions allow you to specify periods of time during which ASI servicebased alerts are not generated. Note: You must set your system to adjust automatically for daylight savings changes in order for exclusions to work properly. To configure exclusion periods: 1. Launch Server Management. 2. In the Server Configuration tab, expand the Exclusions pane. 3. Select Service Alarm and click Add an exclusion

.

4. Select the tab that best describes the mode for the exclusion you want to configure (Once, Repeated,Weekends, or Non-Business). 5. Depending on the mode you selected, configure the following (options vary according to mode): •

Duration — Select the date or range of dates you want to exclude. You can exclude a single date in Once mode, or a range of dates in Repeated, Weekends, or Non-Business Hours mode.

•

Time of Day — In Once or Repeated mode, select the time of day during which you want to exclude alerts. You can exclude all day (24 hours) or during specific hours. Deselect All Day to configure hours. Time of Day is not available for Weekends mode.

In Non-Business Hours mode, define your Business Hours. The hours outside your selected range are the non-business hours that are excluded. •

Days of Week — Configure for Repeated or Non-Business Hours modes. o

In Repeated mode, select the days to exclude.

o In Non-Business Hours mode, define the days of the week to include for your selected range of business hours. 6. Click Commit to save your changes. After you configure exclusions, you can view your settings in the Exclusions window.

67

nGeniusONE 5.4.1 Online Help Topics

Configuring a Baseline Exclusion Baseline exclusions allow you to exclude specific periods of time from automated ASI baseline alerts and from baseline calculations used in UMC-based reports, including average, maximum, and a user-defined percentage. Note: •

Set your system to adjust automatically for daylight savings changes in order for exclusions to work properly.

•

Non-Business Hours exclusions are not supported for baselines.

To configure a baseline exclusion: 1. Launch Server Management. 2. In the Server Configuration tab, expand the Exclusions pane. 3. Select Baseline and click Add an exclusion: 4. Select the tab that best describes the mode for the exclusion you want to configure (Once, Repeated,or Weekends). 5. Depending on the mode you selected, configure the following (options vary according to mode): Duration — Select the date or range of dates you want to exclude. You can exclude a single date in Once mode, or a range of dates in Repeated, Weekends, or NonBusiness Hours mode. Time of Day — In Once or Repeated mode, select the time of day during which you want to exclude data analysis. You can exclude data analysis all day (24 hours) or during specific hours. Deselect All Day to configure hours. Time of Day is not available for Weekends mode. Days of Week — Configure for Repeated or Weekends modes. 6. Click Commit to save your changes. The Add Exclusion message box confirms your configuration. After you configure exclusions, you can view your exclusions settings in the Exclusions window.

Additional Topics Alert Profile Settings In the Alert Profile panel you can select alert options and view, configure, and modify triggers associated with an alert profile. Each profile can have a maximum of 10 triggers. The triggers available are determined by the service type associated with the service. Options: •

68

Enable Real-Time alerts — Supported only for services and network domains with qualified elements. Refer to Configuring Real-Time Alerts for Services for additional information.

MONITORING PERFORMANCE AND HEALTH •

Enable alerts on aggregated services — Generates alerts on aggregated data for an entire service rather than a service's individual members. Refer to Configuring Alert Profiles for Services and Network Domains for additional information.

Tools: — Add a trigger. — Modify trigger parameters. — Delete the trigger. Trigger settings: Trigger Setting

Description

Type

Select the type of analysis and alert:

Metric

•

Baseline — Signals a metric exceeding statistically-derived baselines. Baselines can be calculated for data that is considered cyclical (for example, transact noncyclical (for example, server/client retransmissions).

•

Threshold — Signals increasing or decreasing metrics in comparison to user-defined t

•

Availability — Signals an unavailable server that fails to acknowledge all SYN request threshold during a 5-minute period.

Select the metric to be analyzed for anomalies. Available metrics depend on the type of aler •

Baseline metrics for application services include — Average Active Streams, Average Rate2, Failure Rate, KPI Error Code, Retransmission3 Percentage, Timeout Percentage Baseline metrics for aggregated services include — Application Service Bit Rate2, Fail Percentage, Transaction Rate

Baseline metrics for network domains (aggregated and non-aggregated) include — B •

Threshold-based metrics for application services include — Average Active Streams, Time1, Bit Rate2, Failure Rate, KPI Error Code, Percentage of Streams containing DTM Percentage (Ingress/Egress), Problematic MOS Percentage (Ingress/Egress), Problem Percentage (Ingress/Egress), Problematic Packet Loss Percentage (Ingress/Egress), R Percentage, Timeout Percentage, Transaction Rate

Threshold metrics for aggregated services include — Application Service Bit Rate2, Fa Percentage, Transaction Rate Threshold metrics for network domains (aggregated and non-aggregated) include — •

Availability4 metrics include — Server Availability (number of unacknowledged SYN r

1. If a response-time alert is generated for an application (parent) with messages (child

69

nGeniusONE 5.4.1 Online Help Topics

includes response time for all of the messages.

2. The Bit Rate trigger produces alerts for total bit-rate on half-duplex interfaces, and a ingress/egress bit-rate on full-duplex interfaces and aggregated network domains. T Bit Rate trigger produces alerts for total bit-rate. If a service member contains an AP treated as full-duplex and would produce ingress/egress bit-rate alerts.

3. Alerts are triggered by retransmissions, but are classified as server or client retransm applications. Retransmission alerts do not apply to Message IDs included in service m

4. Only one Availability trigger is allowed in each profile. Availability alerts are not trigg service that have Location Keys. Availability metrics are not supported for aggregate Attributes

Enter values for thresholds as applicable for the alert type and metric: •

Increasing or Decreasing — The direction of baseline or threshold-based metrics.

•

Warning alert status — The percentage, rate, or number that indicates a warning ale

•

Critical alert status — The percentage, rate, or number that indicates a critical alert.

•

Delta suppression (applies to baseline alerts only) — A percentage difference betwee sample period and the calculated baseline of the data. If the difference is less than th percentage, no alert is issued. Example:Assume the current calculated baseline f

total transactions, representing typical traffic. If you simply set a Threshold W 5%, an alert would be triggered if timeouts in the data sample increase highe transactions. But if, in addition, you wanted the alert to be triggered 30% ab you would configure a baseline alert with delta suppression. With the two set and delta suppression 30%), a Warning alert is triggered if timeouts in the da higher than 5% and are also 30% above the baseline (4%). In this example, triggered if timeouts increase above 5.2% of total transactions. In all cases, t for timeouts (described below) must also be satisfied.

•

Minimum values (applies to baseline and threshold alerts) — The minimum transactio streams below which an alert will not be generated.

Note: Fields are disabled for certain types of alerts: •

For non-cyclical Baseline and Threshold alerts based on average response tim Critical severity levels are determined by the response time thresholds in nGe Settings for applications in the service. Response times greater than the "Fast generate alerts labelled Warning. Response times greater than the "Degraded generate alerts labelled Critical. Refer to Modifying Response Time Boundaries information.

•

For KPI error code alerts, the Warning and Critical severity levels and the min thresholds are determined by KPI error codes defined for applications in nGen Settings.

Refer to the following topics for additional information:

70

•

Enabling Alerts for Services

•

Configuring Alert Profiles for Services

•

Understanding Service Alert Profiles

MONITORING PERFORMANCE AND HEALTH

Alert Action Settings In the Alert Action panel you can view, configure, and modify operations associated with an alert profile. Feature

Description

Name

Text box where you enter or modify the action name.

Add one or more operations to be executed as part of the alert action: Execute Script Send Email to individuals/groups who should receive alert notifications

Select a default or custom script. One script can be included in the action definition. Add a new email address Modify a selected email address Delete a selected email address

Forward SNMP Traps to devices that should receive alert notifications (for example, third-party management systems)

Add a new IP address Modify a selected IP address Delete a selected IP address Note: To forward alerts to a third-party system, you must add the following two properties to the serverprivate.properties file: AlarmForwarder.destinationPort= AlarmForwarder.communityString=

Refer to the following topics for additional information: •

Enabling Alerts for Services

•

Configuring Alert Profiles for Services

•

Configuring Actions for Service Alerts

Definitions Definition: Alert Action Scripts When adding an action to an alert profile, you can select a script file to run when the alert occurs. Several default scripts are available as well as any custom script files created and saved to the /rtm/scripts directory. • diskemergentscript — Executed when a disk server emergency alarm is generated. • diskwarningscript — Executed when a disk server warning alarm is generated. • memoryemergentscript — Executed when a server memory emergency alarm is generated.

71

nGeniusONE 5.4.1 Online Help Topics • • •

72

memorywarningscript — Executed when a server memory emergency alarm is generated. nsscript — Callback script that can be modified to include any scripting or CLI commands. wdscript — Executed when an abnormal server Java or database engine process is discovered.

MONITORING PERFORMANCE AND HEALTH

Configuring Alarm Templates for Devices Applying Alarm Templates in nGeniusONE — Overview Alarm templates provide flexibility for defining and applying monitoring, logging, and alarm settings for a device and for each interface on the device. Support for configuring device and interface templates are available in the Performance Manager Template Manager. Using these settings, you can configure the following types of templates: •

Device — Allow you to configure alarms for devices based on CPU utilization and memory utilization.

•

Interface— Allow you to define different logging and alarm settings for InfiniStream device interfaces. Also, support is provided for creating a real-time alarm regarding utilization or microburst in nGeniusONE. All other alarms apply to Performance Manager (UMC) only.

Working with Templates When you add a device in nGeniusONE, the Server automatically learns its interfaces and assigns the Default device and interface templates to them. The default InfiniStream interface template enables monitoring and logging for four data sets: protocol statistics, hosts, conversations, and response time. Default templates include no alarm settings. If you want to receive template-based alarms for utilization and other metrics, you can modify the default template or define your own templates. Keep in mind that you define alarm templates only in the Performance Manager Template Manager. After creating templates, they're available in nGeniusONE Device Configuration and you can apply them to the appropriate device or interface. Note also that most alarms generated by template-based settings can be viewed only in the Performance Manager Alarm Viewer or UMC-based Service Delivery Manager. These device and interface alarms are not displayed in the nGeniusONE Alert Browser. The exception to this rule are real-time alerts for nGeniusONE network domains. If enabled properly, as described in Configuring Real-Time Alerts for Services, these template-based alerts are displayed in the nGeniusONE Alert Browser. Additionally, you can enable separate alerts for nGeniusONE application services and network domains. Service-based alerts are enabled in conjunction with service configuration and do not require templates.

Applying an Alarm Template to a Device in nGeniusONE When you add a device in nGeniusONE, the Server automatically assigns the default device template to it. The default template includes no alarm settings. If you want to receive device alarms for CPU utilization or memory utilization, you can modify the default template or define your own templates using the Performance Manager Template Manager. Device alarms generated by template-based settings are displayed in the Performance Manager Alarm Viewer. nGeniusONE also displays these alerts.

73

nGeniusONE 5.4.1 Online Help Topics In a distributed server environment, you can apply an alarm template to a device from either the Global Manager or Local Server systems. To apply a template to a device: 1. Click

Device Configuration on the nGeniusONE Console.

2. Select the Devices tab. 3. Double-click an appliance, switch, or other device to which you want to apply an alarm template. 4. Click the Device Template drop-down menu and select the template you want to use. Note: This menu lets you select and apply an existing template. You cannot create a new template in nGeniusONE. To do so, you must use the functionality in the Performance Manager Template Manager. 5. Click OK to save your changes and exit.

Applying an Alarm Template to an Interface in nGeniusONE When you add a device in nGeniusONE, the Server automatically learns its interfaces and assigns the default interface template to them. By default, interface templates enable monitoring and logging for four data sets: protocol statistics, hosts, conversations, and response time. If you want to create a real-time alarm on utilization or microburst in nGeniusONE, you can modify the default interface template or create a new one. In a distributed server environment, you can apply an alarm template to an interface from either the Global Manager or Local Server systems. To apply an alarm template to an interface: 1. Click

Device Configuration on the nGeniusONE Console.

2. Select the Devices tab. 3. Double-click the InfiniStream with interfaces to which you want to assign an alarm template. 4. Do the following: •

If the selected device is an InfiniStream appliance, go to the interfaces (lower) panel.

Important: The interface panels allow you to select and apply the default or another alarm template. You cannot modify an existing alarm template or create a new one in nGeniusONE. 5. Select one or more interfaces in the lower panel. 6. Click

74

Modify.

MONITORING PERFORMANCE AND HEALTH 7. From the Alarm Template drop-down menu, select an alarm template to apply to the interfaces and click OK. (If you have not created interface templates in Performance Manager, Default is the only selection available.) The assigned template is displayed for the selected interfaces in the Alarm Template column of the interfaces panel. 8. Click OK again to save your configuration changes and exit.

Overriding Alarm Destinations in nGeniusONE You can configure a Local Server to override the alarm destinations defined in the Global Settings module and send alarms to another server. For example, you might want to configure a local Network Node Manager server to receive alarms from a specific Local Server. (All other Local Servers in the server cluster would continue to forward alarms to the defined destinations.) Note: For service-based alerts, alert actions define the alarm destinations. To override the alarm destinations defined in Global Settings, define the new destination in the serverprivate.properties file on the affected Local Server: 1. On the Local nGeniusONE Server, navigate to the /rtm/bin directory and locate the serverprivate.properties file. 2. Back up the file before proceeding. 3. Open the file using a text editor. 4. Add the following property to the file: alarmforward.trapDestination= •

Enter the address in octet format (for example: 10.20.30.40)

•

Multiple addresses are not supported

5. Save and close the file. Restarting the Server is not required.

75

nGeniusONE 5.4.1 Online Help Topics

Configuring KPI Alarms for Applications Overview of KPI Alarms in nGenius Server In general, KPI alarms are displayed in Service Delivery Manager (UMC) and the Performance Manager Alarm Viewer. However, you can receive alarms in nGeniusONE for ASI-based KPI error codes by including error codes as triggers in service alert profiles in the Service Configuration Editor. In contrast to device-based or interface-based alarms, KPI alarms are based on application response time. To alarm on KPIs, ensure that you meet all requirements for monitoring Response Time. KPIs are tracked at both the physical and virtual interface level. You can create KPI alarms for the following metrics (supported metrics vary by application): •

Responsiveness

•

Application Level Errors

•

Packet Loss/Retransmits

•

Voice and Video Quality

•

KPI Error Codes

Responsiveness To alarm on Responsiveness KPIs, define both of the following: •

Response Time threshold (milliseconds)

•

Number of times the threshold must be exceeded (using the KPI Alarm dialog box)

KPI alarms are generated based on the contents of responsiveness bucket 5 and bucket 6 (Availability and Timeouts). Because the Response Time boundary represents the highest value (worst responsiveness) for its respective bucket, values that exceed the Service Level boundary fall into bucket 5 (Slow Responses) and those that exceed the Availability boundary fall into bucket 6 (Timeouts) as shown below.

76

MONITORING PERFORMANCE AND HEALTH

Application Level Errors •

To alarm on Application Level KPIs, define a value for the number of times a User or Server event must be seen on the selected application using the Edit KPI dialog box.

•

You can also alarm on multiple KPI error codes for supported applications. Note: •

Supported codes are listed in the Select Error Codes dialog box.

•

You can define Critical and Warning alarms separately for parent and child applications. Error codes defined on the parent application are not inherited by the children.

Packet Loss/Retransmits To alarm on Packet Loss KPIs, define a Retransmit threshold in the KPI Alarm dialog box using an equation. •

Packet Loss — used for TCP and SCTP applications

•

Retransmits — used for UDP applications

Voice and Video Quality 77

nGeniusONE 5.4.1 Online Help Topics To alarm on Voice and Video Quality KPIs you must: •

Configure the appropriate nGenius InfiniStream appliance options.

•

Enable RTP, Audio, and Video for Response Time and ASRs. Enable signaling protocols if integrated with nGenius Voice | Video Manager.

•

Optionally adjust default quality boundaries.

•

Optionally configure alarms based on these boundaries. Refer to the Voice and Video Quality Overview for more information.

KPI Error Codes To alarm on KPI Error Codes: •

Select an application in Global Settings > Applications.

•

Define Critical and/or Warning severities by: o

o

Entering a threshold and minimum transaction count. Adding the error codes you require.

Refer to Configuring KPI Protocol Error Code Alarms in nGeniusONE for more information.

Configuring KPI Monitoring and Alarming in nGeniusONE You can configure monitoring and alarming on Key Performance Indicators (KPIs) for the following metrics: •

Responsiveness

•

Application level errors

•

Packet Loss

•

Voice and Video Quality

•

Error Classification

The instructions in this topic describe how to monitor KPIs (for both ASI and CDM) and how to set KPI alarms (CDM only). CDM KPI alarms are displayed in Service Delivery Manager (UMC) and the Performance Manager Alarm Viewer. To configure KPI monitoring and alarms: 1. From the nGeniusONE console, select the

Global Settings icon.

2. Click the Applications tab. 3. Select an application you want to track. 4. Responsiveness alarms — From the Select monitoring options drop-down menu, select Responsiveness and modify the response time boundaries as required. 5. Voice and Video Quality alarms only—Optionally toggle whether you want the alarms to be based on MOS or Jitter thresholds. This setting only applies to appliances configured with asi_mode=CDM or hybrid, since alarms on ASI metrics are set using service-based Alarm Profiles.

78

MONITORING PERFORMANCE AND HEALTH

To toggle: a. Select RTP. b. From the Select monitoring options drop-down menu, select Voice and Video Quality. c. Select MOS or Jitter and enter parameters. d. Click OK and Apply. 6. Other alarm types — From the Select monitoring options drop-down menu (or right-click button), select KPI Alarm. (The KPI Alarms dialog box allows you to enter thresholds for KPI Variables regardless of whether the application supports KPIs. ) 7. In the KPI Variables tab, enter a count for each variable, as appropriate. Enter zero for a variable if you do not want to generate an alarm. Use this tab to set alarms for metrics collected on CDM flows. The numeric fields indicate the number of times the indicated event must occur before you want an alarm triggered. For example, you might set an alarm to trigger when the Responsiveness threshold for Timeouts has occurred 50 times. You can also designate alarms on the selected application to be Warning or Critical, select a server-side script to run when the alarm is triggered, and specify forwarding for the alarm as an SNMP trap or as an email to designated addresses (set in nGeniusONE Server Management>Servers>Email Settings tab).

8. (Optional) For applications supported for application level KPIs, click the KPI Error Codes tab to configure KPI error code alarms. (The tab does not display for unsupported applications.) 9. Click OK to exit the selected Edit KPI dialog box and Apply to save your configuration.

79

nGeniusONE 5.4.1 Online Help Topics

Configuring KPI Protocol Error Code Alarms in nGeniusONE Requirements •

Response time enabled for the application

•

Power alarms enabled on the data source (refer to CDM documentation)

•

KPI application error code tracking enabled on the data source (refer to CDM documentation) Monitoring KPI error codes is disabled by default. You can adjust the table size (default 1,000 entries) and enable or disable monitoring per interface (including aggregated interfaces) in the CDM Agent Configuration Utility command line. (Entering interface 0 configures monitoring on all interfaces.) Refer to CDM documentation for details.

Alarming is supported on selected KPI error codes for specific applications. You can prioritize error codes as either Critical or Warning and define alarm thresholds for each category. A maximum of two alarms (one critical, one warning) per application per 5-minute interval is reported. Error code alarm settings are applicable to both nGeniusONE (ASI) and nGenius Performance Manager (CDM) data. By default, alarms are not triggered on KPI error codes. To alarm on error codes, first create a definition for Critical and Warning severity levels for the selected application. For example, you may want to define a severity of Warning to mean that errors constituted 2% of transactions within the interval. After you define Critical and Warning severity levels, define the minimum number of transactions that must occur before the alarm is triggered. You can define Critical and Warning alarms separately for parent and child applications. Error codes defined on the parent application are not inherited by the children. When you configure definitions for Warning and Critical, consider the amount of traffic you expect to see for this application and how important the application is to the operation of your enterprise. For example, the threshold and minimum transaction counts defining a Critical alarm would likely differ for SIP (relatively low volume, high importance) and HTTP (high volume, low importance) in a GPRS/UMTS network. In the case of SIP, you might want to set a low Minimum Transaction Count (for example, 1) so that errors are counted immediately. After you configure Critical and Warning definitions, apply those definitions to the error codes for which you want to receive alarms. To receive alarms for ASI-based error codes, define KPI error codes for applications in Global Settings, then include KPI error codes as triggers in service alert profiles in the Service Configuration Editor. These service-based alerts are reported in the nGeniusONE Service Dashboard and the Alert Browser. CDM-based alarms are reported in the UMC Service Delivery Manager (displayed as Power Alarms) and Performance Manager Alarm Viewer (displayed as KPIError Alarms). To configure monitoring and alarming for KPI error codes: 1. On the nGeniusONE console, click the

Global Settings icon.

2. Click the Applications tab. 3. Select an application supported for error codes.

80

MONITORING PERFORMANCE AND HEALTH Note: The KPI Error Codes tab (used to configure KPI error code alarms) does not display for unsupported applications. 4. Ensure the application is enabled for Response Time monitoring. If it is not enabled, right-click the application and select Response Time > Enable. 5. Right-click the application and select KPI Alarm... . 6. In the Edit KPI dialog box, click the KPI Error Codes tab. 7. Define Critical and/or Warning severities as follows: a. Enter a Threshold and Min. Transaction Count. You are defining what Critical/Warning means in the context of these alarms. Threshold and Min. Transaction Count Note: Increasing the Minimum Transaction Count and/or Threshold decreases sensitivity (makes it less likely that an alarm will be generated) while decreasing the Minimum Transaction Count and/or Threshold increases sensitivity (makes it more likely that an alarm will be generated). Threshold (%) — Enter the percentage of errors (0-100.00%) that must be reached before an alarm is generated. Values are supported to two decimal places (for example, 10.55). Errors are counted only after the Minimum Transaction Count is reached. Min. Transaction Count — Enter the total (successful or error) number of transactions that must be reached before the device begins checking for errors. When the percentage of errors equals or exceeds the configured threshold value, an alarm is generated. b. Select the checkbox to enable critical and/or warning alarms for the selected error codes. c. For each severity you want to configure, click Add error codes and select the preferred error codes. You can select a maximum of 40 codes individually for each severity (Warning or Critical) per application. d. Click OK. 8. Select a maximum of 40 for each severity (Warning or Critical) per application. If the code you want to monitor is not listed, click Add user defined error codes. Tips: •

You can enable/disable multiple codes at one time: Shift-click or Ctrl-click to multi-select codes, then right-click and select Enable or Disable as appropriate.

•

A range of codes counts as one entry. For example, entering codes 200, 201, and 203-235 counts as 3 rather than 35 entries. The total of individual codes and ranges of codes cannot exceed 40. Click Add user defined error codes to create a custom entry to enter the appropriate range.

81

nGeniusONE 5.4.1 Online Help Topics 9. Click OK. 10. If you want to configure ASI-based KPI error code alarms in nGeniusONE, you also need to include KPI error codes as triggers in service alert profiles in the Service Configuration Editor. These service-based alerts are reported in the nGeniusONE Service Dashboard and the Alert Browser.

82

MONITORING PERFORMANCE AND HEALTH

Viewing Alerts in the Alert Browser Using the Alert Browser and Alert Lists The nGeniusONE Alert Browser displays all alerts for services and devices configured in your nGeniusONE deployment. Alert Lists display alerts for a single service or domain selected in the Service Dashboard Hierarchy. In addition, when drilling down from alerts in Server Health, you see details in specialized Alert Browser tabs. The Alert pages contain three sections: •

Alert Summary with general information for all alerts during a specified time frame

•

Alert Details with specific information for a selected alert or alert group

•

Alert Evidence containing a chart, table, or heat map for a selected alert or alert group

General usage notes: •

You can resize the three panels by selecting and dragging the green splitter bars. (Not supported on tablets.)

•

You can maximize the Alert Summary table and the Alert Evidence pane by clicking the yellow Open button in the center of the splitter. Restore to previous views by clicking Close.

•

Services and network domains must first be added to service domains in Service Configuration to enable their alerts to be displayed in the Alert Browser.

•

Alerts are displayed for application services and network domains with alert profiles. Refer to Configuring Alert Profiles for Services and Network Domains for additional information.

•

Users can see service-based alerts for the application services, network domains, and service domains assigned to them. Refer to Assigning Services and Domains to nGeniusONE Users for additional information.

•

To see process and device-based alerts, users must have the privileges for both Device Health and Server Health. Refer to Predefined User Roles in nGeniusONE for additional information about roles, privileges, and modifying them.

•

When drilling down from a service or domain in the Service Dashboard, the Alert List opens as a separate tab in the Alert Browser. This contextual list includes all alerts for the selected service or domain and specified time period. The Alert Browser tab is independent of the contextual Alert List.

Viewing Alert Information Use the nGeniusONE Alert Browser to view all alerts for services and devices configured in your nGeniusONE deployment. Use Alert Lists to view alerts for a single service or domain selected in the Service Dashboard Hierarchy. These pages contain three sections: an Alert Summary section (described below) with general information for all alerts during a specified time frame, Alert Details with specific information for a selected alert or alert group, and an evidence section containing a chart or table for the selection.

83

nGeniusONE 5.4.1 Online Help Topics

Alert Summary The top of the Alert Browser or Alert List tab is a summary showing the currently selected time frame and the total number of occurrences for all critical and warning alerts during the interval. Alerts and associated information are displayed in a table. By default, the most recent alerts are at the top of the table. You can sort most columns in ascending or descending order by clicking the column head. Use the available controls to perform the following tasks: Parameter/ Control

Description Refresh list contents to retrieve the most recent alerts.

Refresh Reset the filter to display the full list.

Display or hide options for filtering the alerts. Filter

84

Filtering is available only in the Alert Browser. Parameter/ Control

Description

Problem Detection Time

Allows you to filter by specified hours or time ranges. When choosing User Defined, enter the starting and ending dates and times in the appropriate fields.

Severity

Allows you to filter by severity level: Critical and/or Warning.

Acknowledge

Allows to you filter for acknowledged and unacknowledged alerts.

Source

Allows you to filter by a complete or partial interface name.

Description

Allows you to filter by a complete or partial alert description.

Type

Allows you to filter by type of alert.

Sort By

Allows you to display the most recently detected alerts or those that are most frequently occurring.

Apply

Applies the current filter settings to the alert list.

MONITORING PERFORMANCE AND HEALTH

Restore Defaults

Search

Resets all filtering options to their original settings.

Open a text box where you can enter a known alert ID number. Click Search to open the Alert Details for the specified alert. Drill down to see alert data in an associated Service Monitor.

Launch Monitor

Launch Traffic Monitor

Acknowledge

Drill down to see data for the current network domain alert in the Traffic Monitor.

Acknowledge all selected alerts. When an alert is acknowledged, it continues to be displayed in the Alert Browser with the acknowledging user's name. Remove acknowledgement from all selected alerts.

Unacknowledge The table contains the following information: Parameter

Description

Alert ID

The Alert ID is a unique number assigned to each alert. All Alert IDs are in the form: X-YYYYY, where X=Server ID. The Server ID is used to identify alerts from different local servers in distributed configurations. In non-distributed environments, the Server ID is 1. If a given alert condition persists, the alert continues updating for 4 hours after which a new alert is triggered. In cases where multiple alerts occur for the same service, the alerts are consolidated in a service group designated by Service Alert: n (# of individual alerts in the group). Expand the service group to view the individual alerts. If multiple alerts occur for the same nGeniusONE process or monitored element, the alerts are grouped and designated by Device Alert: n (# of individual alerts in the group). Expand the service group to view the individual alerts. (Note that Device Alerts are not displayed, by default. You must select the Device type in the Filter Options dialog box.) If the alert group contains a large number of alerts, they are divided into sub-groups that you can expand and collapse. A service might also have multiple alerts for the same metric and event, but occurring at different times and qualifying for different severities (Warning and Critical). In these cases, the alert list displays separate alert IDs and entries.

85

nGeniusONE 5.4.1 Online Help Topics

Severity

The severity assigned to the alert: Warning or Critical. Severities for ASI alerts are predefined but can be modified. Refer to Alert Profile Settings for additional information about modifying alert severities.

Acknowledged

The current acknowledgement status. Select or clear individual check boxes to change the status of a particular alert. Acknowledged alerts include the acknowledging user's name.

Type

The alert category: Availability, Baseline, Threshold, Real-time, or Device.

Source

The name of the interface on which the alert was triggered.

Detected

The time when the alert was triggered.

Occurs

The number of occurrences for the alert during the time frame selected in the filter. For a service grouping, the number of occurrences is a total of counts for the individual service members.

Description

A brief summary of the alert. Additional details are provided in the Alert Details panel.

Viewing Alert Details The nGeniusONE Alert Browser displays all alerts for services configured in your nGeniusONE deployment. Alert Lists display alerts for a single service or domain selected in the Service Dashboard Hierarchy. These pages contain three sections: an Alert Summary with general information for all alerts during a specified time frame, Alert Details with specific information for a selected alert or alert group (described below), and an evidence section containing a chart or table for the selection.

Alert Details When you select an alert or alert group in the Alert Summary section, an Alert Details panel opens at the bottom of the page. Alert Groups An alert group is formed when multiple alerts occur for the same service or for the same nGeniusONE server process. When you select an alert group (designated by Service Alert and Device Alert in the Alert Browser table), the alert details provide summarized information for the alerts in the group, such as: • The first and last time an anomaly was detected in the group •

Counts for critical and warning alerts

•

Counts for baseline and threshold alert types

•

Counts for specific metrics triggering alerts in the group, such as average response time and failure rate

Alerts For a single selected alert, the Alert Details panel provides a full description and all available diagnostic information.

86

MONITORING PERFORMANCE AND HEALTH Use the supplied controls to perform tasks in the Alert Details panel: Control

Description Retrieve the most recent alert details.

Refresh

Launch Monitor

Launch Traffic Monitor

Acknowledge

Drill down to see data for the current application service alert in an associated Service Monitor. Drill down to see data for the current network domain alert in the Traffic Monitor.

Acknowledge all selected alerts. When an alert is acknowledged, it continues to be displayed in the Alert Browser with the acknowledging user's name. Remove acknowledgement from all selected alerts.

Unacknowledge

Add notes

Open a text box where you can add, edit, and save comments applicable to the current alert. The notes are displayed in the alert details pane.

Depending on the type of alert, you can view the following details: Detail

Description

Severity

The severity assigned to the alert: Warning or Critical. Severities for ASI alerts are predefined but can be modified. Refer to Alert Profile Settings for additional information about modifying alert severities.

Type

The alert category: Availability, Baseline, Threshold, Real-Time, or Device.

Description

A statement of the problem, such as: "Average Response Time for Service:Email Infrastructure (App:SMTP ) has exceeded the baseline over a 5 minute period (baseline = 15 ms; last delta = 11.9 ms; numOccurs = 1)" In this example, the service "Email Infrastructure" includes the application SMTP. This application's average response time exceeded its statistical baseline of 15 ms one time during a 5minute period. The "last delta" value is the difference between the maximum value for the sample period and the historical median of the data. The "numOccurs" value is the total number of occurrences for the alert since it was first triggered. Note: If the alert description includes the label "Aggregated Service," the alert details apply to the entire service instead of its individual service members.

87

nGeniusONE 5.4.1 Online Help Topics

Detected

The time when the anomaly was first detected.

Last Detected

The last time the anomaly was detected.

Set Threshold

The configured or default threshold. You can set thresholds for Baseline and Threshold alerts when you configure triggers for alert profiles. You set separate thresholds for real-time alarms.

Triggered Value

The actual value that triggered the alarm.

Interval

The frequency (in minutes) at which the monitoring device samples data.

Acknowledge

The alert's current acknowledgement status, including the acknowledging user's name. Select or clear the check box to change the status.

PM Server

The IP address, name, and port for the nGeniusONE Server that logged the alert.

Monitoring Interface

The address of the interface on which the anomaly was detected.

Monitoring Device IP Address

The address of the monitoring device on which the anomaly was detected.

URL

A URL that can be copied and provided to others for viewing this alert's details. In a distributed environment, the alert URL points to the Global Manager.

Notes

Comments that have been applied to the current alert.

Alert ID

The unique number assigned to the alert.

Viewing Alert Evidence The nGeniusONE Alert Browser displays all alerts for services configured in your nGeniusONE deployment. Alert Lists display alerts for a single service or domain selected in the Service Dashboard Hierarchy. These pages contain three sections: an Alert Summary with general information for all alerts during a specified time frame; Alert Details with specific information for a selected alert or alert group; and an evidence section (described below) containing a chart or table for the selection.

Alert Evidence After selecting an alert or alert group in the Alert Summary section, the evidence section displays different views depending on the selected object: •

88

Alert group — Displays a heat map with yellow and red sections to indicate warning and critical alerts for service members in the group. Example:

MONITORING PERFORMANCE AND HEALTH

•

Aggregated service alert — Displays a heat map with one bar counting all alerts on the aggregated service. Example:

•

Service alert — Displays a chart with an over-time plot line for the metric triggering the alert. The time of alert occurrence is displayed as a yellow bar. If available, the baseline for the metric is also shown. Example:

•

Real-time alert — Displays a table with tabs for Protocol Evidence and Conversation Evidence. Real-time alerts for utilization do not provide evidence. Example:

89

nGeniusONE 5.4.1 Online Help Topics

•

Availability alert — Displays a chart with plot lines for SYN requests and Unacknowledged SYNs above a defined threshold. When an alert occurs, these values are the same. Example:

Definitions Definition: nGeniusONE alerts The following types of alerts are displayed in the nGeniusONE Alert Browser: • Availability alert — Generated by the nGeniusONE server when a server becomes unavailable (based on unacknowledged SYN requests). • Baseline alert — Generated by the nGeniusONE server when supported ASI metrics rise above the statistical baselines for a configured service. Baselines can be calculated for data that is considered cyclical (for example, transaction rates) or noncyclical (for example, server/client retransmissions). • Threshold alert — Generated by nGeniusONE server when metrics go above or below a user-defined threshold. • Real-time alert — Generated by nGenius data sources when a defined threshold has been exceeded in the following types of metrics: utilization, burst utilization, message loss. • Device alert — Generated by the nGeniusONE Server or InfiniStream appliance when an event occurs, such as an unreachable device, or a defined threshold has been exceeded on metrics affecting nGenius instrumentation and other devices, such as CPU and memory utilization. By default, device alerts are not displayed in the Alert Browser; however, you can select the filter option to view them. To see Device alerts, you must have the user privileges for Device Health Viewing and Server Health Viewing.

90

MONITORING PERFORMANCE AND HEALTH

Viewing Health Alerts Overview of Health Alerts in nGeniusONE The nGeniusONE solution provides the Health module with two sub-modules where you can quickly view the status of data sources and servers in your nGeniusONE environment: •

Instrumentation Health

•

Server Health

When using the Instrumentation Health module, you can see warning or critical alarms from InfiniStreams and Flow Collectors. These alarms report on issues with components such as physical disks and RAID controllers during the last 24 hours of operations and provide drilldowns for details about any issues that arise. Refer to Instrumentation Health in nGeniusONE for additional details. When using the Server Health module, you can see warning or critical alarms from nGeniusONE servers. These alarms report on issues with system operations such as disk utilization, database, and processes over the last 24 hours of operations. Refer to Understanding Server Health Alerts in nGeniusONE for additional details.

91

nGeniusONE 5.4.1 Online Help Topics

MONITORING SERVER AND DEVICE HEALTH nGeniusONE Health Overview The following nGeniusONE modules provide an at-a-glance view of health within the last 24 hour period for data sources and servers associated with this nGeniusONE server, including status and assorted details. •

Instrumentation Health

•

Server Health

Viewing Server Health in nGeniusONE The Server Health summary provides an at-a-glance view of the current state of the nGeniusONE environment based on the last 24 hours. From the nGeniusONE Console, go to Health > Server Health to view the current status of all servers for system operations such as free disk space, allocated memory and usage, and processes. In addition to environmental information, health is depicted as OK or generating Warning or Alert Critical Alerts when conditions have worsened. A drill-down to the Alert list in Browser is provided for more specific information about all Warning and Critical alerts. Important: Ensure that you enable the Server Health Viewing privilege for any users using this feature—go to Server Management > Users > Roles. SYSADMIN role user can access the System Health page by default. Tool bar You can use these tools to reorder the list of servers: •

Flat list view — Displays servers on "first-come, first-serve" basis. You can also click a column heading to sort the server list by that heading.

•

Tree list view — Displays servers in a parent-child relationship. You cannot sort the list by column headings.

Refreshing the View •

Refresh Every — Use the drop down list to choose an automatic refresh interval for the server list on this page. Options are: 15, 30, 45, 60 minutes, or Never.

•

Refresh — Click to display on-the-fly changes in any view, especially after acknowledging an alert. For best results, close the standing view, click , and reopen the view.

Click a row in the server list to display the Summary information. The tables below describe Server Health fields and functions: Name

Description/Information

Servers Server

92

Server name

MONITORING PERFORMANCE AND HEALTH

State

Indicator for the health of the server. Either: Ok , or Down .

Type

Standalone, Global, Local, Standby, or NewsStand.

System

Indicator with Warning or Critical drill-down to the Alert Browser alert list and summary details. Click here to view more information about graphical System views.

IPMI

If the DRAC is configured and the interface enabled, the status icons display and report status. Click a status button to view IPMI status details.

(Intelligent Platform Management Interface)

•

Secondary DNS Server

•

Default Gateway

•

VLAN ID

•

VLAN

•

MAC Address

•

Primary DNS Server

•

IP Address

•

Subnet Mask

If the server is not an appliance or the DRAC is not configured, a double-dash (-) is shown. Note: You must enable the Device Health MIB on each device to show IPMI status. Process

Indicators with Warning or Critical drill-down to Alert Browser alert list and summary details, process status, and per process data including Memory Usage, session Up Since time, and counts of Memory Alerts and Watchdog Restarts. See the table below for more details. Click here to view more information about graphical Process views.

Logger

Indicator with Warning or Critical drill-down to Alert Browser alert list and summary 93

nGeniusONE 5.4.1 Online Help Topics details about logger health. Click here to view more information about graphical Logger views. Reporting

Indicator with Warning or Critical drill-down to Alert Browser alert list and summary details for Reporting activities.

User

Indicator with Warning or Critical drill-down to Alert Browser alert list and summary details for User activities.

Database

Indicator with Warning or Critical drill-down to Alert Browser alert list and summary details for Database activities.

License

Type of modules licensed. For example: UC, SDM, PM.

Summary Physical Memory

Installed RAM size. For example 11.7 GB

Authentication Mode

nGenius (Native) or external authentication including RADIUS, LDAP, Windows Domain, or TACACS+.

Timezone

Time zone and offset from Greenwich Mean Time. For example: EDT US/Eastern (400)

Serial Number

Server serial number

Version

Server release and build numbers. For example: 5.3 [Build 136 ]

Operating System

Operating System (Windows or Linux) type and release number. For example: Linux 2.6.18-274.el5

Communication Type

Communication protocol type (HTTP/HTTPS) and port number. For example: HTTP / 8080

94

MONITORING PERFORMANCE AND HEALTH

Decode Version

Decode version and build number. For example: 13.1 [ Build 29 ]

Used Space

Total amount of disk space in use (GBytes)

Disk Capacity

Total amount of disk space (GBytes)

SSL Configured

Whether configured for secure mode or not

License License Info Summary

Type of modules licensed. For example: SDM, nEI

Maximum Type I Interfaces

The maximum number of Type I interfaces allowed based on your license.

Maximum Type II Interfaces

The maximum number of Type II interfaces allowed based on your license.

Type I (Total)

Breakdown of Type I interfaces added to the selected server, total number of a Type I interface category, and total of all Type I interfaces. Type I interfaces include physical interfaces (Ethernet) and Common Data Model (CDM) Adaptors. CDM Adaptors consist of the following: • • • •

Type II (Total)

Link Aggregation Probe (Gigachannel) Aggregation or High-Speed Link Aggregation NetFlow sFlow

Breakdown of the Type II interfaces that have been added to the selected server, the total number of a Type II interface category, and the total of all Type II interfaces. Type II interfaces include any combination of the following: • •

'Other Device' interfaces, Switch ports

95

nGeniusONE 5.4.1 Online Help Topics

• •

• •

Switch FEC and VLAN interfaces Virtual interfaces such as TAC, VLAN, Site, SITE-APN, Site/QOS, RAI, QOS, BSID, TAC, etc. Virtual interfaces of NetFlow and sFlow Fast EtherChannel (FEC)

Viewing Logging Information in Server Health You can use the Health Server module to display logging information in graph and table formats over the last 24 hours. To access the Logger status screen go to Health > Server Health, and click a status button in the Logger column of the server for which you want to view logging information. These aspects of ASI logging in nGeniusONE are displayed: •

Total number of ASI rows (flow records) logged per interval (in thousands) by the logger

•

Interval elapsed to complete the logging cycle

The summary boxes show average and max counters across all intervals over the past 24 hours: Summary Box

Counter Avg

Rows logged across Average number of ASI rows intervals logged into the nGeniusONE database (FDS) across all intervals for the last 24 hours Time to finish logging cycle

Max Maximum number of ASI rows logged in any 5-minute interval over the last 24 hours

Average time taken to finish Maximum time a logging cycle the logging cycle over the last took over the last 24 hours 24 hours

Hourly warehousing Average time taken to finish Maximum time a logging an time across cycle the warehousing logging cycle hourly warehousing cycle took for all the logging intervals over the last 24 hours over the last 24 hours Daily warehousing time across cycle

Average time taken to finish Maximum time a logging the warehousing logging cycle warehousing cycle has taken for all the logging intervals over the last 24 hours over the last 24 hours

Service roll up time Average time taken to finish across cycle the roll up cycle over the last 24 hours

Maximum time a logging roll up cycle has taken over the last 24 hours

The ASI Logging Performance area in the Logger window shows the last 24-hours of summarized ASI information and logging cycle details for these ASI tables: •

96

All Tables

MONITORING PERFORMANCE AND HEALTH •

Key Server Indicator (KSI)

•

Key Performance Indicator (KPI)

•

Key Error Indicator (KEI)

•

Key Throughput Indicator (KTI)

•

Key Throughput Indicator (15 Sec) (KTI-EXT)

•

UC Key Performance Indicator (UC-KPI)

•

UC Conversations (UC-CONV)

•

TOPN Conversations

•

Host Activity Map

•

Server Transport Statistics

The line graph shows actual counters for each interval--showing the time interval on the Xaxis and the row count and logging cycle time on the dual Y-axes. A logging cycle consists of two main elements: polling and logging of various ASI tables. The nGeniusONE server polls and logs tables from multiple interfaces on multiple threads in parallel. Logging to the FDS database is performed after the data is available from the InfiniStream. For every InfiniStream interface, multiple tables are polled one after the other. The time at which the last ASI table is fetched and logged across all ASI interfaces is marked as an interval to finish that particular logging cycle. Average and maximum counters are calculated by applying average and maximum functions on that number across all intervals. These functions are available: •

Use the Table and Interfaces drop down lists to filter the line graph results.

•

Hover your cursor over a node on the graph line to display the ASI Logging Performance at that time.

•

Use the

•

Select Rows Logger Per Interval or Logging Cycle Time options by toggling icons in the box below the graph lines.

•

Drill-down to the Alert list in and Critical alerts.

handle icon to lengthen or shorten the interval displayed.

Alert Browser for more information about Warning

Viewing Process Information in Server Health From the nGeniusONE Console, go to Health > Server Health > Process column status button to display the Process page, which shows: •

A table view of currently running processes for the server row in which you click the status button.

•

Health status of the processes by drill-down-capable, color-coded dots.

•

Information about each process.

You can: •

Click these buttons to access more information for the selected process:

97

nGeniusONE 5.4.1 Online Help Topics

to display the Process details screen (default view, shown below).

• •

to display the Peak Memory Utilization chart, with data for the last 30 days.

•

to display the Memory Utilization chart, with data for the last 24 hours.

•

to display the CPU Utilization chart, with data for the last 24 hours.

•

Drill down to the Alert list in Alert Browser to view more specific information about all Warning and Critical alerts.

•

Hover your cursor over a point on the graph to see the server's utilization percentage for that day of the week, date, and time.

•

Select the handle on the ends of the graph to lengthen or shorten the viewable time frame.

•

Click the options in the box below the graph to select another process.

Viewing System Information in Server Health The nGeniusONE Console Health > Server Health > System column button displays Disk Utilization and Power Utilization bar graphs.

status

The Disk Utilization graph displays the percentage of the nGeniusONE disk utilized over the last 30 days (shown below). You can: •

Hover your cursor over a point on the graph to display the disk utilization percentage of the selected server (shown below).

•

Click the Status

Critical or

Warning button, if displayed, to drill down to the

Alert Browser for more information. •

Click the

Disk or

Power screen buttons to toggle between the views.

The Power Utilization screen displays the percentage of power the nGeniusONE disk utilized over the last 30 days.

Understanding Server Health Alerts in nGeniusONE The Server Health Summary view contains commentary to explain and help you address the alert condition.

System Alerts The following Warning alerts are generated in the System section of Server Health: •

Disk Space Insufficient: A Warning alarm is generated if the disk percent full rises above 75% of total disk space available in the following property: serveralarm.ServerDiskAlarm.DiskPercentFullWarning=75(default)

•

98

RAID Degraded: This hardware alert is related to the PM appliance if any RAID for PM appliance is in a degraded state (a disk fails)

MONITORING PERFORMANCE AND HEALTH The following Critical alerts are generated in the System section of Server Health: •

Disk Space Insufficient: A Critical alarm is generated if the disk percent full rises above the threshold in the following property: serveralarm.ServerDiskAlarm.DiskPercentFullEmergency=90(default)

•

RAID Inoperable: This Hardware alert is related to the PM appliance if any RAID for PM appliance is in an inoperable state.

•

Physical Disk Sector Failure: This is alert is generated if any Disk of the PM appliance fails to start.

You can monitor disk and power utilization in Server Health System screens. Logger Alerts All existing logger alerts are supported for ASIlogger and the ASI2xServiceWarehouse process for which the alert will be generated every 5 minutes if the service roll up overruns the 5-minute boundary. The following Logger Status alerts are generated in Server Health: •

Logger Over Run: If data logging does not occur within the default execution interval of 15 minutes and spills over to the next interval, this alert is generated.

•

Indexing Overrun: If indexing does not occur within the default time of 30 minutes, a warning alert is generated.

•

Roll Up Overrun: If data roll up does not occur within the default time of 15 minutes for most data types, a warning alert is generated.

You can monitor ASI logging in the Server Health Logger screen.

User Alerts The following User alerts are generated in Server Health: •

Maximum Concurrent Users Alert: If the number of user logged in to the server exceeds the threshold, this critical alert is generated (default: 50 users). This is governed by the following hidden property: WebxAuthenticationService.UserMaxLimit=50

•

Maximum Locked Users Alert: If the number of locked users exceeds the defined threshold, this Warning alert is generated (default: 5 users). This is governed by the following default property: sh.lockedusers.threshold = 10 (in %age) This property calculates 10% of WebxAuthenticationService.UserMaxLimit to learn the locked users threshold. The frequency for which this user alert will be checked is one hour governed by this value: propertyserverhealth.usersStatus.schedulableFrequency=60 (default value)

Database Alerts The following Database alerts are generated in Server Health: •

Database Backup Failed: A Critical alert is generated if, when you specify a path for database backup, and the specified folder does not have permissions to copy, the

99

nGeniusONE 5.4.1 Online Help Topics database crashes, or for any other reason such as the server is down for scheduled backup, this alert will be generated. •

Database Not Responding: A Critical alert is generated when the database fails to respond within the time specified in the following hidden property: dbx.connection.queryTimeout=300 seconds (default)

•

Data Base Concurrent Connection Exceeded Limit: A Critical alert is generated if the number of database connections exceed the limit specified in the following property: db.maxConnectionsLimit=150(default)

•

The monitoring database connection is based on the following property and by disabled by default: db.enable.concurrentconnections.check=false Database Not Responding and Database Concurrent Connection alerts are monitored based on the scheduling frequency set in the property: serverhealth.databaseStatus.schedulableFrequency=180 minutes (default) These alerts are updated in the Server Health dashboard once every three hours.

Reporting Alerts The following Warning alerts are generated in the Reporting section of Server Health: •

Scheduled Report Generation Failure Alert: If the scheduled report fails to generate due to a missing ME, a server blackout state, or similar cause, an alert is triggered.

The following Critical alerts are generated in the Reporting section of Server Health: •

Report Email Delivery Failure: If report delivery fails because due to SMTP not being configured and similar conditions, this alert is generated.

•

Report Over Run Condition: If reports failed to generate within the specified time, this alert is generated. For example: If an hourly scheduled report fails to generate within 3,600 seconds, and spills over to the next hour, an over run alert is generated.

Note: To avoid a repetitive alert for the same failure, a reporting alert is generated under the following conditions: •

It does not exist for the given component (E.g. ‘abc’ Report)

•

Previous generation/delivery was successful followed by the failure of that component.

•

A server or process restart.

Process Alerts Alerts are generated for processes. The following Critical alerts are generated and displayed in the Process section of Server Health: •

If any process does not start, a Critical alarm is raised.

•

If any process fails to start and was restarted by the PM watch dog, a Critical Watch dog alert is raised.

100

MONITORING PERFORMANCE AND HEALTH The following Warning alerts are generated and displayed in the Process section of Server Health: •

In v5.4, the OutOfMemory Alarm replaces the Memory Threshold Alarm which was generated if memory utilization for any process rose above the memory threshold. Now, when out-of-memory conditions occur, the Java process on the InfiniStream is stopped and the Watchdog process prompted to restart the Java process. The OutOfMemory Alarm eliminates any glut of alarms generated by processes running abnormally at more than 90% capacity as well as streamlines the watchdog check time for the process from 15 minutes down to 5 minutes.

You can monitor memory issues in the Server Health Process screen.

101

nGeniusONE 5.4.1 Online Help Topics

Instrumentation Health in nGeniusONE From the nGeniusONE Console, go to Health > Instrumentation Health to view health information about nGenius InfiniStream/Collector appliances. This view, and associated drilldown views, displays information for the previous 24 hours. Information is updated at the refresh interval you select, or click to refresh the page at any time. This table describes the Instrumentation Health page and available functions. Button/Field

Description Click to use the drop down list and click any of these options to obtain more information about a selected device:

/

/

•

InfiniStream Details

•

Status > Hardware

•

Status > Interface

•

Status > Usage

•

Status > IPMI

Click to Show/Hide/Reset the filter (drop down lists and text boxes below column headings). Click to export the Summary Table. You are prompted by your browser to save the file. Click to refresh the view. To display on-the-fly changes to this view, especially after acknowledging an alert, it is important to click

. For best results, close the Current Alarm Status view,

click

, and re-open the view.

Refresh Every

Use the drop down list to select a periodic refresh interval for this page.

Column

Description

Status

Displays the present operating state of the InfiniStream, either Up , Pending , or Down .

Device Name

Lists devices associated with the server or distributed cluster. Click the link to launch a view displaying device details. • • • • • •

102

Name - Name of the selected device Address - IP address for the selected device Alias - Alternate name for the selected device Local server - Type and IP Address of the local server managing the selected device Model - Device model number InfiniStream CDM - CDM firmware version and build

MONITORING PERFORMANCE AND HEALTH

• • • • • • • • • • • •

• Hardware

number Decode pack version - If applicable Up since - Day of the week, date, time, and time zone of the last restart IS serial - nGenius InfiniStream serial number ESU1 serial - If the appliance contains RAID arrays, the serial number for the specified External storage Unit. ESU2 serial - If the appliance contains RAID arrays, the serial number for the specified External Storage Unit. Templates - Template applied to the device. For example: Default Device Template Device protocol templates - Device protocol template applied to the device, if any Total disk space - Device total disk space Storage type - Raw (NetScout) or XFS INMC mode - On or Off Gateway Address - The IPv4 or IPv6 address of the default gateway for the selected device NTP Address - The IPv4 or IPv6 address of one or more NTP (Network Time Protocol) servers for the selected device Notes - Notes, if any, included when the device was added

Click the status symbol to launch the Hardware dialog box alarm type display. Alarm status symbols can be: — No unacknowledged alarms or errors. — Any unacknowledged warning alarms and no unacknowledged critical alarms or errors. — Any critical alarm for the category. The Hardware dialog box alarm type display shows: •

•

Alarm Type: •

Physical Disk

•

RAID Controller

•

Power Supply

•

Temperature

•

Voltage

•

Fan

Current Alarm Status - Real-time status for each alarm type (Critical, Warning, OK, or Rebuilding). Click any or to obtain more information about a specific alarm status, which includes information about the Hardware ID, Severity, and Description. Note: The current alarm status of any alarm will always display ‘Not Available’ even on an

103

nGeniusONE 5.4.1 Online Help Topics InfiniStream which has CDM 5.0 code installed until you enable the Device Health MIB on each device. •

Total Critical/Warning - Count of critical and warning alarms for each alarm type. Click any number in either of these columns to produce an Alert ID list page for a device. Click an Alert ID to drill down to a summary view for more information, and place a check in the Acknowledge check box to acknowledge the alarm. When you acknowledge an alarm, the next refresh decrements the total count. Note: The alarm also appears in the PM Alarm Viewer.

Interface

Click the status symbol to launch the link details display. •

Link - List of physical interfaces associated with the selected device

•

Status - Operational state: Active, Inactive, or ABS(ent). Note: inactive interfaces do not display a warning state they display with OK status.

•

IF Type - Interface Type: GigabitEthernet or ethernetCsmacd LR, SR, or SX

•

Light Level - Rx power in dB

•

Media Type - Optical module type: XFP, SFP+, SFP

•

Speed (MB) - Assigned interface speed

•

Duplex - Type: Half or Full

•

Virtualization - Type of virtual interface, if any, configured on the link such as VLAN, Site, VRF, QOS, etc.

•

Number of Virtuals - Count of virtual interfaces configured on the link

Alarm status symbols can be: — No unacknowledged alarms or real time errors. Also, an inactive or absent link displays a green icon. — Warning: Any link is down. — Critical. Usage

104

Click the status symbol to launch the usage status display for the previous 24 hours. •

Global settings updates - Date and time of the most recent updates to global settings within the last 24 hours

•

Total number of messages logged - Count of error, warning, and information messages logged in the previous 24 hours

•

Total number of decode users - Count of active decode users

MONITORING PERFORMANCE AND HEALTH Alarm status symbols can be: — No unacknowledged alarms or real time errors. Also, an inactive or absent link displays a green icon. — Warning: Any link is down. — Critical. IPMI (Intelligent Platform Management Interface)

Note: You must enable the Device Health MIB on each device to show IPMI status. Shows one of these status symbols: •

-- : Indicates that IPMI is not configured on the device.

•

: Indicates that the IPMI is configured (refer to nGenius InfinIStream Administrator Guide) on the device and the interface is enabled; click to show IPMI status details. •

IP Address

•

IP Address Source

•

IP Address Type

•

Subnet Mask

•

Subnet Mask Type

•

MAC Address

•

Ethernet Port Statistics

•

Gateway IP Address

Total number of InfiniStream appliances and status type counts shown at the bottom of the screen (OK, warning, and critical). Show/Hide Task Progress Report arrow.

Viewing IPMI Health Information You can display Intelligent Platform Management Interface (IPMI) health information for certain nGeniusONE servers and for Instrumentation, as shown below. IPMI is a standardized interface used for device monitoring and out-of-band management. All Dellbased platforms use the Dell Remote Access Controller (DRAC) for IPMI. To display IPMI health information for: •

nGeniusONE server, go to nGeniusONE Console > Health > Server Health and click the IPMI column status button ( ) of the server for which you want to view IPMI information. Note: Refer to the server hardware instructions to enable DRAC and ensure the interface is enabled to view IPMI information.

105

nGeniusONE 5.4.1 Online Help Topics

•

Instrumentation, go to nGeniusONE Console > Health > Instrumentation Health, and click the IPMI column information button ( of the device for which you want to view IPMI information. Note: Refer to Device Health MIB for information on which InfiniStream models support IPMI.

IPMI metrics are gathered from the Health-MIB and stored in the nGeniusONE server. Polling is performed on each device regularly; the polling interval varies per usage type.

106

)

TROUBLESHOOTING ISSUES Using nGeniusONE to Troubleshoot Issues Isolate the root causes of problems and target solutions using the following nGeniusONE modules: •

Discover My Network: Access an overall view of activity on the network, useful for monitoring load and failures using metrics and charts illustrating for transactions, throughput, TCP windows, and volume/packet counts.

•

Isolating Details using Monitors: Use business-specific and protocol-specific monitors, including Traffic Monitors, specialized Service Monitors, Network Management Monitors, and Enablers, to analyze application, server, and network performance affecting the user experience.

•

Performing Forensics using Packet Analysis: Use these modules to perform deepdive, protocol-level analysis and forensic evidence collection using real-time data captures and historical data mining, or by saving trace files for future decode analysis.

•

Isolating Unified Communication Issues (Call Search/Media Monitor): For environments with Unified Communication tools deployed, use the features of the UC Server solution to troubleshoot issues with audio and video streams and associated signaling for Voice or Video traffic over IP.

Related Topics: The following topics may also be useful with troubleshooting efforts. •

Using Search & Discover

107

nGeniusONE 5.4.1 Online Help Topics

Using Search & Discover Using Search & Discover Search & Discover Overview Perform the following procedure to use the nGeniusONE Search & Discover tool: Step 1: Entering a Search Parameter Clicking the Search icon displays a panel, as shown below, in which you can enter any supported search entry.

An entry can contain plain text only; + and - operators or wild cards are not supported. For every object type, the text format accepted is either the complete or actual name. For example: Search Object

Sample Input

VLAN

VLAN 199

Client/Server Origin Host

Origin 233

BSID

BSID 22-8

Cell Area

CellArea 41397-122

The advanced search can include a Location key but only one at a time. Any search applies to the last hour of traffic by default. One hour of total duration is supported, by default but you can choose any one-hour interval of the day from the search result page as described further below. You can enter a search string or select search elements by using the auto complete feature, as shown below, which lists search entries by the alphanumeric character entered and their rank by number of transactions or octets. Search objects are matched against cached data compiled during server startup derived from objects configured in Global Settings and Device Configuration. Entering an "b", for example, returns the following objects. Note that the list is truncated. You can click Show more to display additional list items or Show less to display fewer items..

108

TROUBLESHOOTING ISSUES

Selecting an entry and clicking Enter within the panel displays results of the search. Close the panel by clicking X. Search results contain various element types along with the number of discovered entries in parentheses, as shown in the sample below. Note that you can page through the list using the tool at the bottom of the screen to display additional entries. •

Applications — Beneath each interface, a list of applications associated with that server appear, as shown below. Applications are also listed in descending order by transaction count for each application for that server. Only three applications are listed by default.

•

Interfaces — An IP Address:interface pair, or interface name, or alias is displayed for a given server search. They are listed in descending order of octets.

•

Client/Server and Client/Server Communities — including associated community types and Host Group Other

109

nGeniusONE 5.4.1 Online Help Topics •

Discovered Location Keys — including QoS Groups, VLAN Services, VRF (Admins, Assigns), Sites, TACs, BSIDs, APNs, CompID, Cell (Areas, Groups, Ids), CMTS lists, DPCs, OPCs, QCIs, Origins, RAT Types

•

Codecs — including associated individual entries

•

Handset Groups — including associated individual entries

•

Messages — including associated Interfaces, Application Service, and Communities

•

UC Applications — including associated UC applications such as SCCP

•

Application Services, Network Domains — including associated communities, UC entries, Host Group Other, etc. for Application Services; and associated applications for Network Domains

•

Hosts, Servers, Clients — including associated individual entries

•

Internet Categories — including associated IP Addresses and interfaces

Drill-downs from the following Application modules with context are supported: •

Service Monitors

Step 2: Using the Time Duration and Settings Options Optionally, you can adjust the search time duration by selecting any one-hour interval from the previous 24 hours. The first search result is always based on the last one-hour duration from the present. Additionally, once the search result is displayed, the time option menu will be available in the top right corner of the view, as shown below.

110

TROUBLESHOOTING ISSUES The search time is displayed in the client time zone or the time zone configured in Preference. After you choose the time range, it is converted to the server time zone and forwarded to the server with the searched object. Also, choose preferences from the Preference Settings in nGenius Console for how you want your search entries displayed. The following list presents available choices: •

Interface/Device Description — Name, Address, or Alias

•

Host Description — Name with domain, Name, or Address

•

Application Description — Short name, Long name, or Port

•

Cell Site Description — Name or ID

Step 3: Drilling Down to Service Monitors Another feature of this tool is support for launching various service monitors from the IP Addresses/communities/virtual interfaces or applications returned. When you click on any resultant entry hyperlink, the Service Monitor is opened with the context of the selected entry and object being searched. For example, if you search for and find the DAL Sales Office, click on Applications (2), and click on the caret next to CITRIX, the Universal Monitor appears as an entry, as shown below.

Clicking on Universal Monitor returns the module, as shown below.

111

nGeniusONE 5.4.1 Online Help Topics

Note: Some searches have more than one associated Service Monitor. For instance, DNS Monitor and Cable Modem Monitor for DNS. Be aware that the Service Monitors listed are controlled by the Business Type configured. Caveats •

Drill downs to Traffic Monitor are not supported at this time.

•

Because Search & Discovery drill downs to the MDF Monitor are based on the predefined, default MDF Group template, if a custom application group were defined, the functionality is not able to determine that so in this regard the MDF Monitor is not listed as a choice for drill down. As a work around, you can create a service using the MDF template and manually add any custom groups.

Search & Discover Tool — Overview Using Search & Discover Host Analysis Monitor The Search & Discover tool, located prominently at the header level in all nGeniusONE modules, globally queries a host of objects with the ability to discover all possible associations for searched context. For example, if a client address is searched, Search & Discover also looks for the nGeniusONE server, which applications are talking to this client, which location is seeing this client — by querying all ASI tables — and based on all discovered objects, displays these associations along with a total count (first row data only). Search data are ranked by either total transactions or throughput.

112

TROUBLESHOOTING ISSUES The feature also supports drill downs to correlative service monitors. Search & Discover has been greatly enhanced from the Server Search feature in an earlier release to support queries for: •

Applications — search using the application Short name. Searches for Application Groups are not supported.

•

Messages — be aware that the search presents the parent application name as a prefix to the message name. For example, if you search for a particular Message ID for "SIP", it will display messages in auto complete such as SIP:SIP-1. But if you enter "SIP_TCP", "SIP:", or "SIP-1", Message IDs will not display at all.

•

Server and Client Addresses and Communities — search using either the server or client name, server or client name with domain, the client or server IP4/6 Address, and Client or Server Community name. Search results for these objects are for the particular client/server community only and not for individual client/server addresses configured inside them. Be aware that if a client or server address is added to a client or server community, no result is returned. Also, search results for communities do not return individual client/server addresses configured within them.

•

InfiniStream Interfaces — search interfaces (ME) using the actual interface name, alias or ipaddress:ifn. The interface name should be complete; for example, IS123:if3 where IS123 is the device name and if3 the interface name. When searching using an alias, specify the device alias along with either the name of the interface or interface alias. Auto-complete will show either the interface name, actual IP address or alias based on the configured preference.

•

QoS/VLAN/CompID/CellID — search discovered location keys using the Location key name followed by the actual number. For example, QoS 255 can be searched by entering QoS 255. VLAN100 can be searched by entering VLAN 100.

•

Location Keys (Sites, APNs, VRF Groups, Handsets, VLANs, Cell Sites, PLMNs, and others) — search using the actual name of these objects. For all these configured objects in Global Settings, search results are based on the actual configured object and not for individual objects configured inside them. For example, for a QoS group, the search result is for QoS group only and not for individual QoS configured for that QoS group. Typing the complete location key name and actual ID — VLAN 10, for example — will return correct query results. List of supported Location Keys The following list includes the nGeniusONE-designated names of supported Location Keys at this time. Whether keys are Discovered or Configured keys is noted. •

Client_Site (Configured)

•

Server_Site (Configured)

•

RAT (Discovered)

•

APN (Configured)

•

Origin (Discovered)

•

Client_ORIGIN (Configured)

•

Server_ORIGIN (Configured)

•

OCI (Discovered)

•

CMTS (Discovered)

•

HandsetGroup (Configured)

113

nGeniusONE 5.4.1 Online Help Topics •

VLAN (Discovered)

•

vlanservice (Configured)

•

VRFGroup (Configured)

•

BSID (Discovered)

•

CellArea (Discovered and Configured)

•

CellID (Discovered)

•

CellGroup (Discovered)

•

cellsite (Configured)

•

DPC (Discovered)

•

OPC (Discovered)

•

TAC (Discovered)

•

QoSGroup (Configured)

•

QoS (Configured)

•

Application Services — search using the actual service name for drill downs to Service Monitors. Domain is not supported at this time.

•

Network domain — search using the actual domain name. Searches for ME Groups are not supported.

•

Handset groups — search using actual names for drill downs to the Call Server Monitor.

•

Hosts — search using either the host name, host name with domain, or the host IP address. The Host Activity Map Table is copied to the nGeniusONE server every five minutes. Subnet-based host searches are not supported.

Loosely related to the Host search feature in the UMC, Search & Discover is especially valuable as applied in the following scenarios: •

When an IT user seeks a server's identity but does not know which MEL is monitoring that server. Once the MEL is discovered, IT will want to generate a Service Monitor display by providing a filter of an application-plus-IP Address to a service or monitor. In a second example, it is beneficial for IT to learn if a given server is an overlyconsumptive client that is hogging bandwidth or, worse, an interloper that should not be present on the network in the first place.

•

When an application is consuming too much bandwidth and that protocol may not be all that critical to monitor performance for. In this case, IT will want to inform the user of that condition or simply block user access at the firewall. For instance, this situation could be at issue by observing a monitor and noting the Facebook application is devouring bandwidth but the identity of Facebook users is unknown.

Search and Discover Use Cases More specific use cases of this tool are as follows. Be aware that Handset Group, Subscriber, and Host searches presume that data required to perform the search is already cached on the nGeniusONE server. •

114

Sites — In this scenario, multiple users from the remote office in London are dealing with poor response time across multiple services. A user might manually launch multiple Service Monitors and then apply a site filter to London. Or the user could

TROUBLESHOOTING ISSUES perform a search for "London" to return all Applications and Servers accessed from London and all interfaces monitoring the London site. Results are ranked either based on transaction or error count or throughput which quickly pinpoints the most relevant entity by Server/Application/Interface. These objects then serve as context to quickly drill down to the corresponding service monitor view. •

Handset Groups — In a Wireless service provider environment, if a user wants to quickly find which geographic areas (cell sites) have maximum penetration of iPhone 6, he can search for “iPhone 6” and quickly get a list of Cell Sites.

•

Applications — In a case where multiple users are dealing with heavy latency on, say, Oracle, IT suspects that mis-configured routers are causing wrong QoS levels to be assigned to Oracle on multiple segments. In response, a user can search for “Oracle” to return a list of three different QoS groups associated with Oracle as monitored by different interfaces. This alone confirms that the problem really is due to mis-configured routers. Drill downs to a Service Monitor can yield more specific answers.

•

Servers — In a situation where IT needs downtime to perform maintenance on some of its DNS servers, a user needs to learn which locations and client communities are dependent on these servers. By searching for the server or the range of servers (by subnets) the dependency map can be quickly produced and IT decide what to do next.

•

Hosts — Consider a case where a user in the enterprise calls IT complaining that “everything is slow”. IT then searches for the user's IP address to return a list of applications it is accessing as ranked by throughput. When many applications in the list that are ranked fairly high with a corresponding bulk of throughput appear unexpectedly, malware or a virus is suspected and a corrective course taken.

Caveats •

Be aware that complete, up-to-date search results will vary depending on the search object. Global indices for host, application and location data are committed at every five minutes after the logging cycle finishes. So, searches for these entries will be populated at the end of every logging cycle finish event - after five minutes.

•

A 15-30 second search delay may occur for freshly configured objects.

•

Drill downs to Traffic Monitor are not supported at this time.

•

Display results are derived by searching all ASI tables. Service monitors present data from particular ASI tables so be aware that not all Service monitors display metrics that can be queried by Search & Discover.

•

Because Search & Discover drilldowns to the MDF Monitor are based on the predefined, default MDF Group template, the functionality is not able to determine userdefined custom application groups. Therefore, the MDF Monitor is not listed as a choice for drilldown. As a workaround, you can create a service using the MDF template and manually add any custom groups.

Using Search & Discover Search & Discover Overview Perform the following procedure to use the nGeniusONE Search & Discover tool: Step 1: Entering a Search Parameter

115

nGeniusONE 5.4.1 Online Help Topics Clicking the Search icon displays a panel, as shown below, in which you can enter any supported search entry.

An entry can contain plain text only; + and - operators or wild cards are not supported. For every object type, the text format accepted is either the complete or actual name. For example: Search Object

Sample Input

VLAN

VLAN 199

Client/Server Origin Host

Origin 233

BSID

BSID 22-8

Cell Area

CellArea 41397-122

The advanced search can include a Location key but only one at a time. Any search applies to the last hour of traffic by default. One hour of total duration is supported, by default but you can choose any one-hour interval of the day from the search result page as described further below. You can enter a search string or select search elements by using the auto complete feature, as shown below, which lists search entries by the alphanumeric character entered and their rank by number of transactions or octets. Search objects are matched against cached data compiled during server startup derived from objects configured in Global Settings and Device Configuration. Entering an "b", for example, returns the following objects. Note that the list is truncated. You can click Show more to display additional list items or Show less to display fewer items..

116

TROUBLESHOOTING ISSUES

Selecting an entry and clicking Enter within the panel displays results of the search. Close the panel by clicking X. Search results contain various element types along with the number of discovered entries in parentheses, as shown in the sample below. Note that you can page through the list using the tool at the bottom of the screen to display additional entries. •

Applications — Beneath each interface, a list of applications associated with that server appear, as shown below. Applications are also listed in descending order by transaction count for each application for that server. Only three applications are listed by default.

•

Interfaces — An IP Address:interface pair, or interface name, or alias is displayed for a given server search. They are listed in descending order of octets.

•

Client/Server and Client/Server Communities — including associated community types and Host Group Other

117

nGeniusONE 5.4.1 Online Help Topics •

Discovered Location Keys — including QoS Groups, VLAN Services, VRF (Admins, Assigns), Sites, TACs, BSIDs, APNs, CompID, Cell (Areas, Groups, Ids), CMTS lists, DPCs, OPCs, QCIs, Origins, RAT Types

•

Codecs — including associated individual entries

•

Handset Groups — including associated individual entries

•

Messages — including associated Interfaces, Application Service, and Communities

•

UC Applications — including associated UC applications such as SCCP

•

Application Services, Network Domains — including associated communities, UC entries, Host Group Other, etc. for Application Services; and associated applications for Network Domains

•

Hosts, Servers, Clients — including associated individual entries

•

Internet Categories — including associated IP Addresses and interfaces

Drill-downs from the following Application modules with context are supported: •

Service Monitors

Step 2: Using the Time Duration and Settings Options Optionally, you can adjust the search time duration by selecting any one-hour interval from the previous 24 hours. The first search result is always based on the last one-hour duration from the present. Additionally, once the search result is displayed, the time option menu will be available in the top right corner of the view, as shown below.

118

TROUBLESHOOTING ISSUES The search time is displayed in the client time zone or the time zone configured in Preference. After you choose the time range, it is converted to the server time zone and forwarded to the server with the searched object. Also, choose preferences from the Preference Settings in nGenius Console for how you want your search entries displayed. The following list presents available choices: •

Interface/Device Description — Name, Address, or Alias

•

Host Description — Name with domain, Name, or Address

•

Application Description — Short name, Long name, or Port

•

Cell Site Description — Name or ID

Step 3: Drilling Down to Service Monitors Another feature of this tool is support for launching various service monitors from the IP Addresses/communities/virtual interfaces or applications returned. When you click on any resultant entry hyperlink, the Service Monitor is opened with the context of the selected entry and object being searched. For example, if you search for and find the DAL Sales Office, click on Applications (2), and click on the caret next to CITRIX, the Universal Monitor appears as an entry, as shown below.

Clicking on Universal Monitor returns the module, as shown below.

119

nGeniusONE 5.4.1 Online Help Topics

Note: Some searches have more than one associated Service Monitor. For instance, DNS Monitor and Cable Modem Monitor for DNS. Be aware that the Service Monitors listed are controlled by the Business Type configured. Caveats •

Drill downs to Traffic Monitor are not supported at this time.

•

Because Search & Discovery drill downs to the MDF Monitor are based on the predefined, default MDF Group template, if a custom application group were defined, the functionality is not able to determine that so in this regard the MDF Monitor is not listed as a choice for drill down. As a work around, you can create a service using the MDF template and manually add any custom groups.

120

TROUBLESHOOTING ISSUES

ISOLATING SERVICE, NETWORK, AND TRAFFIC ISSUES Overview of nGeniusONE Monitors NetScout Systems provides several business-specific and protocol-specific monitors, including Traffic Monitors and specialized Service Monitors, Network Management Monitors, and Service Enabler Monitors. These monitors allow you to analyze relevant metrics in order to triage application, server, and network performance degradation affecting end user experience. These monitors also provide a correlated view of relevant metrics for a selected interval as well as contextual charts for visual analysis and for further isolation of results. Key metrics are correlated with other critical measures, such as application and link throughput volume, retransmissions, success/fail transactions, and application error codes. Metrics are presented in a single summary panel, allowing you to quickly gain insight into the behavior of multiple applications across multiple segments. You can filter displayed results, allowing you to delve into an application, a physical link, or a service (predefined or user-defined) to display performance-related information, troubleshoot network and application events, and pinpoint probable cause. You can select specific rows for comparative analysis, and you can further isolate results by time using menu options or time-based charts. From the summary panel for most monitors, you can then further display correlated session analysis, from which you can drill into packet details. Users can access monitors from several areas of the nGeniusONE solution. Monitors can be opened directly from the nGeniusONE Console, from the Search & Discover tool, a Dashboard, or from the Alert Browser to quickly reach resolution from the level of an enterprise-wide service down to individual transactions and packets. Note: These tools use the ASI dataset from nGenius InfiniStream appliances, which provides statistics for the network, server, and application aspects of service delivery. Before you begin, it may be helpful to review configuration requirements as this will affect whether data is displayed in the monitors, how it is displayed, and whether session analysis can be performed. Usage Each monitor is presented in a view with different data perspectives presented as separate sub-tabs: Summary, Session Analysis, and Packet Analysis. Traffic Monitor offers a link- or application-based Summary and Packet Analysis, and a Conversation view. For details on usage, get started Working with Service Monitors or Working with Traffic Monitors. Data Note that each monitor relies on particular types of data captured on the monitoring device. Traffic Monitors and Host Analysis use a set of volume and conversation/activity tables. The UC-based monitors (RTP Monitor; Media Monitor) rely solely on a set of KPI and conversation tables designed to handle audio/video traffic particularly from a peer-to-peer perspective. All other monitors (and Service Enablers) leverage a set of tables intended for analyzing applications against which we can generate response time and KPI metrics, including server-based applications. Most monitors leverage the latter set of tables. Types Note that the nGeniusONE Console provides icons for several pre-defined monitors, some of which may be hidden if your environment has optionally been customized to

121

nGeniusONE 5.4.1 Online Help Topics display a subset deemed appropriate for your business needs. Following is a description of the Monitors and Enablers available by default. TRAFFIC MONITORS Link

Analyze anomalous conditions affecting network performance such as unexpected/unidentified application traffic and link health based on specific indicators.

Application

Analyze network performance based on behavior of specific applications / application groups, or application behavior in certain network locations.

SERVICE MONITORS Discover My Network Module Host Analysis Module

This specialized module provides a quick glance at TCP and UDP application activity on your network. A toggle is provided to view media-based application activity. This specialized module provides a quick view of host activity for the selected context.

Business-specific These specialized monitors include pre-defined Monitors collections of protocols associated with a specific business or use-case. They include specialized metrics, unique to that protocol set, along with a toggle to the general application metrics set. Advanced Voice Monitor VoIP signaling for SCCP, SIP, H.323 and Statistics Q.931 protocols using advanced metrics; see also Call Server Monitor

122

Cable Modem

Track metrics for DNS, DHCP, NTP, HTTP/S, LDAP, and TFTP in support of monitoring cable modem firmware updates

Call Server

Monitor VoIP signaling using SCCP, SIP, H.323 and Q.931 protocols; also see Advanced Voice Statistics

Card Processing

Track transaction processing protocols such as AMEX, AS2805, Discover, MasterCard, Union Pay, and VISA

Certificate

Track certificates in use across the enterprise, including which are coming up for expiration and the server to which they are assigned.

TROUBLESHOOTING ISSUES

Database

Monitor service issues relating to Oracle and MySQL traffic

MDF (Market Data Feed)

Monitor the user experience of market data feed activities to ensure the continuous delivery of services satisfactory to all users (see also Trading Monitor)

MQ

Monitor performance characteristics of the IBM message queue client-server API (MQI), including server to server channel communications and XA transactions

Media Monitor

Perform advanced monitoring of voice and video quality for RTP-based streams; requires a UC Server license

Network Access Measure health of Network Access in GPRS, UMTS and LTE deployments, for Network Attach, Authentication, Paging and Service Request Procedures PDN Connection

Measure health of Packet Data Network Connection in GPRS, UMTS, CDMA2K and LTE Networks. Covers Activation of Default (GPRS, UMTS, CDMA2K and LTE) and Dedicated (GPRS, UMTS, and LTE) Connection, and Connection Modification/Update (GPRS, UMTS, CDMA2K and LTE) Procedures

Radio (NBAP/RRC)

Analyze UTRAN (Radio Network) traffic over IuB interfaces

RTP

Monitor quality of voice and video streams using RTP payloads

Trading

Monitor FIX, OUCH, and STAMP protocols associated with Trading traffic (see also MDF Monitor)

Web Services

Track in-depth performance metrics for HTTP and all URL-based and Server-based applications to triage web service related problems

Network Management Monitors

This category of monitors enables analysis of network management protocols.

SNMP

NetFlow

123

nGeniusONE 5.4.1 Online Help Topics

Service Enablers This collection is useful for analyzing protocol-specific details. DNS

LDAP

DHCP

RADIUS

Voice Monitors These specialized monitors support environments integrated with nGenius Subscriber Voice and nGenius InfiniStream voice probe models. Voice Sessions Track voice call service for both wireline and wireless calls CS Mobile Call

Track CS (circuit-switched) wireless voice call control

CS Mobile SMS Track CS wireless SMS (short message service) CS Mobility Management

Track CS wireless mobility

Note: The Voice Monitors are visible and usable when integration with an nGenius Subscriber Voice deployment is performed. Details for configuring and enabling these monitors are provided in the nGenius Subscriber Voice Administrator Guide.

124

TROUBLESHOOTING ISSUES

Verifying Service and Traffic Monitor Prerequisites A few configurations are required before using the Service Monitors and Enablers, the Universal Monitor, and Traffic Monitors. Many of the prerequisites below are already in place to support other nGeniusONE modules, however a review of this list is recommended. Note: Each release offers new or updated features, some of which have a dependency on the monitoring appliance being at the same release level. In cases where a feature is release dependent, you may see No Data, a blank screen, or other unexpected results. NetScout recommends all systems in a deployment be running the same release version to ensure an optimal result. •

Use of the monitors requires browsers with HTML5 support, such as Internet Explorer 9, Firefox 18.x, and Chrome 24.x.

•

In the Server Management> Users> Roles tab, privileges may be configured to allow or deny session analysis drilldown, packet decode drilldown, or viewing of user identity values. Following is a summary of the privileges that affect monitor usage: o Session Analysis Drilldown: Enabled by default for certain roles, this allows drilldown to the session analysis tab when ASRs are available. o View User Identity: Disabled by default for certain roles, this unmasks values that may be used to identify a mobile or voice subscriber (such as phone numbers, IMSI IDs, MSISDN IDs, IMEI addresses, NAI usernames, URIs and URLs). For Service Monitors, masking is done by replacing the left 4 characters with an "x." Note: In cases where the data is within a tunneled Enterprise protocol such as HTTP or POP3, data types such as URLs or email addresses cannot be associated with a user identity. For that reason, this type of data in tunneled enterprise traffic will also be masked. (User data is not visible in Traffic Monitors.) o Packet Analysis - General: This privilege is used to allow or deny drilldown to Packet Decode tabs within the monitors and from the nGeniusONE Console. For environments with restricted access to user identity, this role should be disallowed for users not permitted to View User Identity, as decodes are not masked. o Packet Analysis - User Decryption: For encrypted traffic, decryption will occur automatically upon to this tab if this role is enabled and SSL key configuration has been done. To view the packets without decryption, use the Packet Analysis Data Mining Module.

•

In Global Settings, ensure traffic you want to see is properly identified and visible. These settings, along with the traffic type settings on the appliance, affect the values available for display in the Monitors as well as how they are displayed. o In Global Settings, configure My Network and Communities (ensures Community keys are populated). If you will be using Certificate Monitor, ensure that server addresses / subnets ranges include the servers hosting certificates that you want to monitor. For additional details on configuring Certificates, refer to Adding the Certificate App. o If your environment uses Sites or other virtual configurations, ensure your nGeniusONE server and the associated devices are configured appropriately to map and display associated addresses. Refer to Adding Site

125

nGeniusONE 5.4.1 Online Help Topics Virtual Interface Definitions and Configuring VLAN Services Monitoring for further details. Refer to Configuring Interface Groups for further details. o Ensure the proper business types are enabled for the corresponding traffic type. Note that you will not be able to view monitors or activate the desired applications if they are hidden based on the business type. o

Ensure applications are activated

o

ASR monitoring is enabled (for session-based analysis)

o Response-time monitoring is enabled (required in addition to the appliance Response Time setting on appliances) •

Use the Service Configuration editor to create services and network domains: o Create a service for any applications that do not have a pre-defined monitor or to create a custom definition unique to your environment. For example, to monitor MSS, a service must be defined for IuCS or GSMA traffic monitored on InfiniStream appliances configured with MSS as a link type. To monitor DHCP, though, you can just open the pre-defined monitor directly from the nGeniusONE Console. o When creating network domains based on QoS members that are specifically for use with Application (Traffic) Monitor, be aware that the data table this monitor tracks QoS values from Client to Server, not Server to Client. For these definitions, ensure that the “Orientation preference for Location Keys” set to Client instead of Server. o Note that service definitions with both messages and the parent application for that message yield metrics that include counts for both. For example, DNS (parent) and DNS:AAAA in the same service are counted twice.

•

On the InfiniStream appliance, verify the following settings: o ASI mode is enabled on the InfiniStream appliance — All monitors are based primarily on ASI data from properly configured InfiniStream appliances. This mode is on by default. However, if you do not see monitored elements and data in the monitors, ensure that asi_mode is set to ASI or hybrid (in addition to the other required settings below). o

TCP analysis tables are enabled — For applicable monitors, ensure the

tcp_monitor setting is on to support the TCP Analysis Switch-to

option.

o Conversation tables are enabled — To support the Host Analysis module the Traffic Monitor Conversation tab, these tables must be enabled on the data sources. Conversation tables are available for configuration when ASI mode or hybrid mode is set certain InfiniStream appliances running v5.4. Review guidelines for asi_modes and enabling the tables. o xDR (ASR) generation is enabled on each interface — To use the Session Analysis feature, enable ASR collection on each InfiniStream interface. o Correct traffic type is specified on each interface — These settings are used to define the data to be collected, to determine whether the interface is a supported Monitored Element for a specific monitor or service, and to populate a set of the options in the Monitor's Location Keys button. o

If you are monitoring IPv6 traffic, be sure to enable ipv6_mode.

For Enterprise / Financial traffic:

126

TROUBLESHOOTING ISSUES - Ensure the interface type is set to "Enterprise" - Ensure virtual interfaces are enabled (vifn_enable=on) - Ensure the virtual interface mode matches your traffic type (vifn_mode) - To use the Cable Modem Monitor, review steps in Enable CMTS Classification. - For RTP Monitor, ensure the appliance Protocol Options are enabled for Voice/Video Quality analysis. Also note that in cases when monitoring appliance is configured with vifn_mode set to site, service definitions intended for use with that appliance and RTP Monitor or Media Monitor must have the "Orientation preference for Location Keys" set to Client. - For use of Trading Monitor, ensure Protocol Options are enabled for Extended FIS monitoring - For use of MDF Monitor, ensure Protocol Options on the appliance are enabled for Extended FIS monitoring. Note that on the nGeniusONE Server you must add and activate child applications for the desired stack under Global Settings>Financial Trading>Market Data Feeds / MSG Platforms. Ensure the MDF messages under the Global Settings>Messages list are activated (they are by default); there is no need to modify them as the same set of messages are used for all stacks. Note that if you create a custom service for MDF, you must select the Market Data Feed child applications; not just the MDF messages. Also, if you create a custom application group for Market Data Feeds, that group is not automatically included in the Service Configuration template for MDF. You can create a service definition using the template for MDF, then manually add your custom group. For Mobile traffic: - Use the appropriate mobile_params command to set required configurations, including interface type and vifn_mode. - To monitor Pi traffic, ensure your environment is configured for RADIUS (to obtain mobile IDs). - Optionally, configure handsets and PCF tagging (for PH or Pi), as appropriate for your environment. For Voice Monitors: Refer to the nGenius Subscriber Voice Release Note and nGenius Subscriber Voice Administrator Guide for details on enabling these monitors and ensuring the associated nGenius Subscriber Voice Server and nGenius InfiniStream voice probe models are configured properly to supply data for the monitors. o For all traffic types, the appliance Agent Options must be set with Response Time Monitor on (this is the default setting). Note: Always reset the Agent after making configuration changes. With these configurations complete, monitored elements and applications are available for selection and display in Service Monitors, Service Enablers, and the Traffic Monitors. Access these modules directly from the nGeniusONE Console.

127

nGeniusONE 5.4.1 Online Help Topics

Discover My Network In addition to the Service, Network and Traffic Monitors, this module provides an overall view of activity on your network, useful for ad hoc troubleshooting. You can analyze load and failures using provided metrics for transactions, throughput, TCP windows, and volume/packet counts, which are provided along with charts for visual interpretation. You can also toggle this module to display media traffic with a high level view for ad hoc network impairments analysis. The Discover My Network module is available directly from the nGeniusONE Console and operates similarly to Service Monitors. The Summary tab for this module displays results up to one hour. Use the icon to optionally launch a Service Monitor sub-tab with support for extended durations. If the currently selected row matches a specialized monitor, that monitor type is loaded to the sub-tab, otherwise a standard Service Monitor with Universal metrics is displayed. Use that monitor sub-tab to drill down to Session Analysis and optionally to Packet Decode. Use the icon to toggle the view to Discover My Network -Media. Additional notes for this specific monitor: •

This monitor supports direct drilldown to a decode view for a selected row or chart element, including Messages or Message Attributes. The Decode icon is not supported if any Location key is displayed other than the Messages or Message Attributes. Decode is supported for the default mode as well as the Media view, however Messages are not displayed in the Media view.

•

The Location Keys dialog includes an option to toggle display of Messages and Message Attribute columns. Message Attributes include details such as SIP supplementary services (OIR, TIR, HOLD, RESUME, CW, CDIV, and CB), which are reported as a comma separated list in this field.

For details on usage, get started Working with Service Monitors.

128

TROUBLESHOOTING ISSUES

Note: This module is unrelated to Device Configuration> Global Settings > My Network feature.

129

nGeniusONE 5.4.1 Online Help Topics

Host Analysis In addition to the Service, Network and Traffic Monitors, the Host Analysis module provides utilization and host activity details for a specific host detected on the monitored network. Unlike other monitors, which launch from the nGeniusONE Console or Dashboard, this monitor is accessed by searching a specific host name or IP address in the Search & Discover tool, available at the top of the nGeniusONE Console window. Note: •

Use of this feature requires certain ASI tables be enabled. If needed, review Monitor Prerequisites.

•

For guidance displaying this module, refer to Accessing the Host Analysis Module

130

TROUBLESHOOTING ISSUES

Using Host Analysis The Host Analysis module operates the same as a standard Service Monitor Summary, with a few variations noted in the descriptions below. •

The time duration for this module is one hour, starting with the last 15 minute interval. For example, a query performed at 6:20AM yields a one-hour interval from 5:15AM-6:15AM.

•

The time duration for this module is specific to the drilldown context. As such, it is not applicable to customize the duration or navigate forward/backward in time. If an alternate time is required, return to the Search & Discover tool and adjust the time prior to drilldown. The time slider in Search & Discover navigates in one hour blocks forward or backward from the current time of the search.

•

This monitor does not have a Home tab, since it obtains context by drilldown from the Search & Discover tool.

•

It includes a summary table only.

Toolbar options include: •

Filter results: Narrow the results by filtering on specific values for each displayed field. If needed, click this icon again to display the currently set filter options. Add multiple filter options using the + icon. If desired, you can specify whether the query should match records with all the criteria or match any one of your multiple criteria. Click the Find button when ready to run the query. When a filter is in use, the icon is highlighted with a gold border.

•

Reset filter:

•

Customize displayed columns: Certain columns in this module are fixed. You can, however, customize which Metrics are displayed, using this icon.

•

Export displayed results (CSV, PDF, RTF): in one of three formats.

•

Launch Packet Analysis : To drill into packets from this icon select the row of interest, then click the decode icon. A separate packet (decode) analysis tab displays.

•

Customize displayed keys: Add and remove key columns that can be used identify results based on Location. The Location keys are primarily based on the vifn_mode specified for that interface on the InfiniStream appliance (ME Location). Note that when the vifn_mode is QoS, the key values are not applicable to this view, and the location key dialog is blank.

•

Customize view options: You can use this option to toggle display format of values in the Summary table. Note that, by default, certain fields are formatted as per nGeniusONE User Preferences. You can override these settings, then use the Save Settings option (below) to set your overrides as the new default for this module. Note that toggling these options causes column titles to change accordingly (e.g., ME Name to ME Alias). The options from this menu are:

Clear the filter options.

Export the currently displayed data

131

nGeniusONE 5.4.1 Online Help Topics o Host Description: For Client and Server columns, the values can be toggled between Name, IP Address, or full Name with Domain. If a namebased option is selected and the nGeniusONE server has record of a DNSresolved name for that address, the name is displayed instead of the IP address. If no name is resolved, the IP address is still displayed. o Monitored Element: This toggle correspond to the way the appliance is configured in Device Management. From there, an administrator can provide an Alias and a Name, in addition to the device Address. Selecting Alias, Name or Address in the view options dialog changes the column title and, if the administrator provided a value other than IP address for these, the corresponding value is displayed. o Application Description: Use this toggle to change display of the value in the Application column between values defined in Global Settings (Short Name, Long Name, Port). •

Save / Reset settings: Use this tool to save and reset configurations changes you have made for Metrics, Key options, View Options, and column sort order. Selecting the Save option saves the settings for this module for the current user. To revert the settings to the factory defaults, select the Reset option. There is no need to log out or restart the monitor for the settings to be applied; each new module instance launched from Search & Discover uses the modified settings (Reset does not modify the currently active monitor instance).

•

Show more tools: When the browser is too narrow for display of the full set of icons in the toolbar, this icon displays to indicate that more options are available. Click the icon to display a pick list.

•

Display Help:

•

Resize columns: You can change the width of any column. Hover your mouse cursor over the vertical separator between the column headings until the cursor changes to a gripper icon, then click and drag to adjust.

•

Sort columns: Click the heading of any column to sort the Summary table by that field or metric. The entire table is sorted on that key, not just the currently displayed results. Click a column title multiple times to toggle sort order between ascending and descending.

•

Navigate available results: The table displays up to 50 results at a time. When more than 50 rows match the query, the Page navigation icons on the upper pane’s status bar are enabled with icons to jump to the start or end, or to a specific page number, and to move forward or backward through the results. The status bar indicates which set of 50 is currently displayed,

Open contextual help for this module.

along with the total number of records

132

.

TROUBLESHOOTING ISSUES

Accessing the Host Analysis Module After you have a host name or IP address of interest, use the following steps to access the Host Analysis module: 1. Access the Search and Discover tool and enter the host name or IP address to locate within monitored data (not an ME name or IP). The query will match against instances of that ID appearing as a client, a server, or a host. 2. If the results displayed below the search field indicate only Host matches were found, skip to the next step. If a pick list is present, ensure the list is toggled to Host, as shown here:

3. When the results list is toggled to Host, the drilldown list available from each of the categories changes to include Host Analysis.

133

nGeniusONE 5.4.1 Online Help Topics 4. As illustrated above, select the row of interest. From that row, choose the Host Analysis drilldown option. 5. A new module tab is opened for Host Analysis - Search.

134

TROUBLESHOOTING ISSUES

Working with Service Monitors and Enablers The Service Monitors, Network Management Monitors and Service Enablers have common features that can be described independently of the specific service or protocol being analyzed. Use the information presented here for general guidance on working with monitors. Note that the Traffic Monitors function similarly, however the features are more specifically described in Working with Traffic Monitors. For a summary of all monitors refer to the Overview of nGeniusONE Monitors. Users can access monitors from several areas of the nGeniusONE solution. Monitors can be opened directly from the nGeniusONE Console, from the Search & Discover tool, a Dashboard, or from the Alert Browser to quickly reach resolution from the level of an enterprise-wide service down to individual transactions and packets. Note that the default nGeniusONE configuration provides icons for several pre-defined monitors, some of which may be hidden if your environment has been customized to display a subset deemed appropriate for your business needs. Note: Before you begin, it may be helpful to review configuration requirements as this will affect whether data is displayed in the monitors, how it is displayed, and whether session analysis can be performed. Each Monitor opens with a Home tab. Actions performed here trigger launch of a view for managing several tabs, the first of which is a Summary tab. From the Summary tab, you can launch a Session Analysis tab (for most Monitors). When applicable, the Session Analysis tab supports launch of a Packet Analysis tab. •

Using the Home Tab: This tab provides a list of pre-defined services and custom services defined using the Service Configuration editor, along with a list of monitored elements (or network domains) to select for analysis.

•

Using the Summary Tab: The summary tabs provide an at-a-glance view of application-server performance metrics, such as Load, Responsiveness, Throughput, Server Application Errors and TCP Errors.

•

Using the Session Analysis Tab: From the Summary tab, you can drill down to perform correlated analysis of session results in two different ways. Depending on the appliance configuration, the drilldown option for Session Analysis opens either nGenius Subscriber Voice (when applicable) or a Session Analysis tab. This tab type is not applicable for Traffic Monitor.

•

Using the Packet (Decode) Analysis Tab: From the Session Analysis tab or the Traffic Monitor Summary tab, you can drill down further into this tab for deep-dive packet decode and analysis.

Note: Use of the Monitors requires your environment be configured appropriately.

135

nGeniusONE 5.4.1 Online Help Topics

Navigating Monitor Views When you create a monitor view from the Home tab of a monitor, its summary tab is displayed along with tools to simplify navigating the additional tabs/views you may open while working in the monitor. Each time you Launch a view from a monitor home tab, that view is listed separately in the View navigation menu available by clicking the monitor name at the top left. Each time you launch a sub-tab within a view, a blue button for that sub-tab is added to the tab navigation menu along with a blue icon at the left of the monitor main display area. The example below illustrates this using the Universal Monitor, however the functionality is the same in all monitors, including Traffic Monitors. This topic reviews how to use the View navigation menu to switch between Monitor instances and to use the Tab navigation menu to switch between sub-tabs and to close sub-tabs.

View Navigation •

To display the list of views: Click the title at the upper left of the monitor. To hide the list without changing the active view, click the title again. The example above shows the Universal Monitor with views for individual monitors or services opened from the Universal Monitor Home tab. Since the Universal Monitor

136

TROUBLESHOOTING ISSUES displays all monitors and services other than Traffic Monitor and Discover My Network, the example shows the user has opened a variety of Monitor views: Call Server, RTP, and Advanced Voice Statistics. The active view, in blue, is Call Server. If the user had opted to open an individual monitor, such as Call Server, it would display in a separate tab. In the example below, the user has opened assorted Call Server views based on services created for different geographies:

When the monitor has been opened from drilldown through the nGeniusONE Console Search & Discover tool, the title of the view is the context of that drilldown. In the example below, a search was conducted for DNS, then DNS Monitor was selected for drilldown. The DNS Monitor is opened, with the context of the last hour, and with DNS and the selected interface. The interface is used as the view name.

137

nGeniusONE 5.4.1 Online Help Topics

•

To switch between views: From the view selection menu, click the title of the view you want to display.

•

To close a view: You can either close the entire monitor by clicking the X on the tab in the nGeniusONE Console, or you can close individual monitor views. From the View navigation menu, click the X on the view title. Note that closing the view also closes all its associated sub-tabs (Session Analysis and Packet Analysis, for example). A prompt displays to confirm that you want to close the entire view, including its tabs. To close individual tabs, see below.

•

To create a new view: Click the menu option for Open New View to display the Home tab. Alternatively, click the Home icon tab navigation pane (described below).

at the bottom left of the monitor's

Tab Navigation Each monitor has a collapsible navigation pane to the left side of the main display area. Each time you open a tab or sub-tab within a monitor view, a blue or gray vertical bar is added to the left navigation pane. You can navigate between sub-tabs of the view by clicking the colored bars, or by expanding the navigation pane and clicking the tab label, as illustrated below.

138

TROUBLESHOOTING ISSUES

•

Expand or collapse the tab navigation pane: Click the navigation icon aligned to the top left row of the monitor contents. Click it again to collapse the pane. You can navigate the tabs in either mode.

•

Navigate tabs/sub-tabs: Click the label or colored bar to load the tab into the view.

•

Close a tab / sub-tab: Parent tabs are grey; child tabs (sub-tabs) are shades of blue. Closing a parent tab will also close the child tabs, as described below. You cannot close the Summary tab. To close a tab, expand the navigation pane and click the X to the right of the tab name. In the example above, clicking X on either of the Session tab labels closes the individual Session Analysis tabs. Clicking the X on the Drilldown tab label closes the Drilldown tab (Hourly drilldown from the Summary tab) and the three tabs below it (Sessions, Packet Decode, Packet Decode). There is no confirmation when you close a tab group such as the Drilldown set.

139

nGeniusONE 5.4.1 Online Help Topics

Using a Service Monitor Home Tab (Monitors / Enablers) Service Monitors, Network Management Monitors, and Service Enablers are specialized versions of the Universal Monitor, which supports queries based on multiple applications / services and multiple monitored elements. These monitors are supplied by data from appliances enabled for ASI classification (asi_mode=ASI or hybrid) and for which appropriate additional configurations have been made. For an overview of these tools, and how to access them, refer to the Overview of nGeniusONE Monitors. Following is an overview of the Home tab for application-based monitors. The Home tab for Service Monitors differs from the Home tab for Traffic Monitors, described separately. The Home tab for each monitor is used to define the query criteria for the monitor and to provide help access to a help link for that monitor. Return to the Home tab to perform additional queries (each time you click the Launch button, a separate query is performed and a new Summary tab is opened). Following are guidelines for using the Home tab.

Icons/Buttons Help: If you require help while using the Monitor, navigate to the monitor's Home tab and click the help icon

140

, located at the far right of the tab title bar.

TROUBLESHOOTING ISSUES Refresh Lists: If a monitored element/domain or service definition has recently been added to your nGeniusONE Server, it may not appear in the above lists. Click the Refresh icon

to update the lists.

Return: If you access the Home tab using the home icon from within a monitor view, you can return to that previous view using the Return icon to monitors for which you have already opened a view.

. This icon applies only

Search: You can search within the Monitors, Services, and Elements (Monitored Elements and Network Domains) sub-tabs by typing in the search field above the subtabs. The field is indicated with a text string and icon. . Select the sub-tab in which you want to search (e.g., Services), then click to select the search field and type a search string. Launch: After you have selected a service and one or more elements (described below), click the Launch button to perform the query. A new view opens with a Summary tab to display the results to be analyzed. Note that the Home tab can be used to create multiple views with unique context. You can return to the Home tab from any sub-tab in any view and can also navigate between views. For details, refer to Navigating Monitor Views. View Selection The left hand pane of the Home tab contains two tabs (Services and Monitors) used to specify your query of interest. You must select either a service or a monitor, even if only one is displayed. If you select a monitor, you must also select at least one Element. See below for details. •

Services: User defined services are created in the Service Configuration editor and associated with specific monitors during the definition process. The Services list for all monitors, except the Universal Monitor, displays only services that are the same type as that monitor. In contrast, the Universal Monitor displays all service types and monitor types (excluding Traffic Monitors). When you select a service, the monitored elements are predefined, so you can click Launch immediately after selecting a service name. Multiple services of the same type are grouped under headings, as shown below. You can double-click the heading to expand or collapse the list. If your selected service is within a collapsed heading, a small, blue square appears on the heading to highlight the location of your selection. The example below shows a collection of user-defined services with assorted monitor types that have names matching the search string: "exc." Also note that the definition associated with the selected service is displayed in the right hand pane.

141

nGeniusONE 5.4.1 Online Help Topics

•

Monitors: When you select a Monitor, you must also select at least one Monitored Element or Network Domain, as depicted in the first image above, before clicking Launch.

Elements The content of the right hand pane varies based on the View selection. If you selected a service, this pane displays the service definition. If you selected a monitor, this pane displays an Elements list. In that case, you must select at least one element before clicking Launch. User Defined Service Details: As illustrated above, when you select a pre-defined service the definition for it is listed in the right hand Elements pane. You can click Launch to proceed. Monitored Elements/Network Domains: When you select a Monitor, rather than a Service, you must also select one or more interfaces or Network Domains to query for the selected monitor before you click Launch. You can search within the lists by typing in the field above the active tab. By default, Monitored Elements configured for classification of ASI metrics that are known to the nGeniusONE Server are displayed. Note that the Network Domains are offered as a convenience; the Monitor sub-tabs still display individual interfaces from that domain, not the domain itself. Also note that if a Monitored Element is valid but currently unavailable (upgrade in progress or other temporary condition), the address is annotated with an "(*)." For certain Monitors/Service types, selection triggers an additional configuration validation for the Monitored Element list; limiting the list to ensure the selected combination has applicable data. Specifically, for mobile-related services (PDN Connection, Network Access, Radio Monitors), the Monitored Element list is limited to those for which the interface type is set to a mobile type, such as Gn, IuPS, S11, et cetera). When more than one monitored element or domain is available the following selection methods apply:

142

TROUBLESHOOTING ISSUES •

Filter the displayed elements by entering a string to match in one of the fields: ME Location, IP Address, Alias.

•

Click the column title to sort the list by that field.

•

Click individual rows to highlight and toggle the checkbox for that row to on or off.

•

Click the checkbox above the list of elements to select all elements.

143

nGeniusONE 5.4.1 Online Help Topics

Using Service Monitor Summary Tabs (Monitors & Enablers) This topic provides guidance using the Summary tab from any application-based monitor type. Although these instructions are generally applicable to all monitors, for specifics on Traffic Monitors, refer instead to Working with Traffic Monitors. Each time a query is performed from the Home tab of a Monitor or Enabler, a new Summary tab is displayed, titled with the same Service name. Use the ME Location and the Time duration (see below) to discern the difference between tabs of the same name. In the Universal Monitor, the Home tab allows you to access multiple service types, so multiple summary tabs, session analysis tabs, and packet analysis tabs for each service type can be navigated within one view area when you start with the Universal Monitor. The Summary tab contains two panes, a table in the upper pane and a collection of charts in the lower pane. The contents of the table and charts include parameters and metrics that vary based on the original query criteria and the associated protocol or service. Note: •

If Response Time has not been enabled for the underlying protocols, the Summary tab may display a message: No Data Found. If that occurs, first try changing the duration of time (see below) to an earlier window, then verify configuration requirements.

•

For simplicity, the term "Monitor" is used throughout, although the features described apply to both Monitors and Enablers.

•

In cases where the browser has insufficient resolution to show the Summary table and all four charts, two of the charts are automatically collapsed (hidden). Guidance for expanding/collapsing these is provided in Working with the Charts, below. In addition, the content can be scaled using browser scaling functions, although column alignments are less optimal.

Working with the Table The title bar and status bar of the this table provide several means of analyzing and filtering results in addition to driving the contents displayed in the associated charts. Note that in some cases, the table title (Server and Community Summary, by default) may vary slightly. Here are descriptions of the actions you can perform in Monitor tables. The options on the title bar of the Summary Table pane allow you to perform the following actions: •

144

Customize time: Use the time toolbar to adjust the duration of results you want to display at a time, and to move forward and backward through time, by defined

TROUBLESHOOTING ISSUES increments.

o Duration: To change the overall duration of the chart, which is set to "1 Hour(s)" by default, click the duration menu. For all menu options other than User Defined, the duration is preset and displayed in the time duration pane. To customize the time to a value other than a preset, choose User Defined, then use the Calendar icon to change the Start date and End date, then use the time selectors to specify hour and minutes for both start and end.

Note the following guidelines:

145

nGeniusONE 5.4.1 Online Help Topics The overall duration cannot exceed 31 days (Note that the Discover My Network module is restricted to one hour durations.) The Hour and Minute values are validated against the duration set for Chart Resolution in the View Options menu (described below). In cases where the chart resolution is a day, then User Defined time must be a 24-hour boundary; when it is 1 Hour, the Minutes must be 00. Chart Resolution Setting

Impact on User Defined Time

> 7 Days and <= 31 Days

1 Day

Start and End HH:MM must be on the 24-hour boundary: 12:00AM

>= 3 Days and <= 7 Days

1 Day

Start and End HH:MM must be on the 24-hour boundary: 12:00AM

1 Hour

Start and End HH:MM must be HH:00 (minutes must be 00).

1 Hour

Start and End HH:MM must be HH:00 (minutes must be 00).

5 Min

Required if duration in Time Dialog is in any increment other than 00

> 1 Hour and < 3 Days

o Time Shift: To change the default time shift of 1 Hour, click the "Shift by" menu and select 5, 15, 30 minutes. Click the time stamps on left and right side of the time toolbar to move forward and back by that increment. Note that time shift is not available after drilldown to hourly data (see below). After the table and charts reload, if you selected a menu option that toggles results for more than a one-hour duration, the time drilldown icon

is

enabled on both the table and charts; also, the Session Analysis drilldown is disabled as durations exceeding one hour are unsupported for Session Analysis. The time drilldown icon available from the Summary table opens a new tab for all selected rows limited to that one-hour duration and the nudge menu (see above) is restricted to that specific hour. Session Analysis drilldown is supported from this new tab, since it is limited to one hour. Note that the Time drilldown icon is also available from charts, but the duration corresponds to the chart time or swiped chart time. •

Expand/collapse table: Click these icons to show or hide the Summary table. When the table is hidden, the charts automatically scale to use the additional space.

•

Maximize/restore table: Use these to toggle between display of only the upper pane / Summary Table and a split display of the upper pane Summary table and the lower pane with charts.

146

TROUBLESHOOTING ISSUES The tools on the Summary table allow you to perform the following actions: •

Filter results: Narrow the results by filtering on specific values for each displayed field. If needed, click this icon again to display the currently set filter options. Add multiple filter options using the + icon. If desired, you can specify whether the query should match records with all the criteria or match any one of your multiple criteria. Click the Find button when ready to run the query. When a filter is in use, the icon is highlighted with a gold border. Note: In some cases, the list of filter elements includes options that do not appear to match the table column labels, such as Call Server and Call Server IP. These are provided to simplify the query process - use one for searching on hostname and the other for searching the same field using IP address. A special case is also provided to facilitate filtering for flows detected on multiple interfaces. In this case, the associated rows in the table are tagged with a multi-segment icon indicating that you can filter on "singlesegment" or "multisegment" by selecting the Characteristics filter option.

•

Reset filter:

•

Customize displayed columns: In addition to certain fixed columns (ME Location and Application) and optional Locations (see below), each Monitor has a collection of metrics of which only a subset is displayed by default. Use this icon to customize which metrics are displayed in the Summary table. Note that some are actually groups of messages. Within each grouping (Latency, Requests, Failures, et cetera), an “Others” field may display. This field contains an aggregate of all available, related metrics that are not explicitly listed in the other fields of that grouping. This is done to conserve real estate on the UI. Note that Certificate Monitor uses these columns to display version and certificate expiration status, rather than metrics. Certificate status is based on the status as of 00:00 Hour GMT. Although you can navigate backward and forward in time, certificates that are updated during a 24-hour period retain the same status until the status table is purged and refreshed upon the next 00:00 Hour GMT.

o

Customize message groups: In certain view modes, select monitors support customization of the grouping for messages displayed in the summary table. When present, use this icon to display a dialog to perform the following modify actions:

Clear the filter options.

o

Add or remove messages within a group

o

Change the group name

o

Enable / disable a group from being displayed

Note: This feature supports modification of the existing groups. To "delete" a group, disable its display. Adding groups is not supported. Supported monitors for this option: ActiveSync Monitor, Card Processing Monitor, Database Monitor, DHCP Monitor, DNS Monitor, LDAP Monitor, MQ Monitor, NetFlow Monitor, SNMP Monitor, and Web Services Monitor. This icon is not available in Universal Monitor, or when the Switch-to view mode is set to Universal or TCP Analysis. o

Export displayed results (CSV (Table), CSV (Charts), PDF, RTF): Export the currently displayed data in one of three formats. Exporting charts creates a zip file with a CSV for each separate chart.

147

nGeniusONE 5.4.1 Online Help Topics

o

Compare selected rows: Active when more than one row is selected within the currently displayed table; use this to update charts with comparative results for all rows with check boxes (charts are not automatically updated during row selection). As needed, change the selected rows and click the icon again to update the charts with new comparisons. Hover the mouse cursor over individual elements in the chart to display a tooltip that identifies the source row. The comparison only operates on rows selected from the currently displayed page. Note that use of this feature toggles a metrics icon to be displayed on the charts. Use the icon to display a dialog that allows you to select alternate primary metrics for comparison. In cases where only one metric is listed, selecting that option has no affect on the chart. See Working with the Charts, below, for more guidance.

•

Create Session Analysis for selection: This icon is used to perform correlated analysis of session results in different ways. o Use this option in Certificate Monitor to view details such as Identity, Issuer Name, specific expiration date, and Client IP:Port. Note that for faster results using Session Analysis from Certificate Monitor, reduce the duration to an hour or less. o In cases where the selected rows are standard InfiniStream appliances with ASRs configured, the icon launches a new tab with correlated session results for the selected rows. If ASRs are not configured on that interface, or if the user's role is restricted, an error dialog displays. The rows do not need to be from related protocols or session events; the Session Analysis retrieves all flows related to the selected rows and displays them in a new Session Analysis tab from which you can select flows to display correlated session details. This option is not available from within Traffic Monitors. o Note that when you select this option from certain monitors (e.g., Card Processing, Cable Modem, and Trading Monitor), a pre-filter dialog provides you the option of filtering the session results before the new tab is populated. For Card Processing, you are provided the option of filtering based on PAN, Acceptor ID, and Error Code. If you are performing Session Analysis on a DHCP flow within Cable Modem, you can pre-filter on the specific MAC address for a problematic modem. For Trading Monitor analysis of FIX traffic, you can specify a particular ClOrdID,SenderCompID, TargetCompID, or SenderSubID. o Note that in cases where ASRs are not available for the selected row, but are supported for that protocol type, the Session Analysis tab opens with No Data displayed even though there is data in the Summary tab. This can occur because the Summary tables are based on ASI data, while the Session Analysis mines ASRs directly. In some cases, there may be no ASRs for the time frame or ASRs are not collected for the selected message or related protocol may not be supported for ASRs even though they are for the overall application is supported. For example, ASRs are collected for SNMP but not SNMPTRAP. For details working with the new Session Analysis tab, refer to Using Session Analysis. o In cases where the selected Monitored Element is an appliance configured to support nGenius Subscriber Voice, then selecting this icon opens a browser window to nGenius Subscriber Voice with the analysis

148

TROUBLESHOOTING ISSUES context instead of opening a Session Analysis tab. If the selected rows include a mix of this appliance type and standard InfiniStream appliances, only the standard InfiniStream appliance interfaces are used and a Session Analysis tab is opened. For details enabling and working with nGenius Subscriber Voice, refer to the nGenius Subscriber Voice Administrator Guide. •

Customize displayed keys: Add and remove key columns that can be used identify results based on Location or Community. o Location keys are primarily based on the vifn_mode specified per interface on the InfiniStream appliance (ME Location), such as Site, QoS, VLAN, VRF, or APN or on attributes specific to that monitor, such as Codec or Cell Area. The Location keys settings are not available in Service Views. o Communities keys are based on values defined Global Settings>Enterprise for Client Communities and Server Communities. The context of these keys varies with each monitor type. For example, the key column for source addresses may be displayed as Source Site, Client Community or Sender CompID; and the key column for Destination address may appear as Server Name, Call Server, Server Community, Target CompID, or IP Address. o The Apply To toggle is useful when you have found a row of interest and want to expand the key information on key rows of interest, rather than the whole table. The default setting (All Rows), refreshes the entire table; the Selected Rows setting refreshes the table with only the selected rows, along with the expanded key information. This option is not applicable for Discover My Network and Service Views.

149

nGeniusONE 5.4.1 Online Help Topics

o You can also enable display of Message and/or Message Attribute details. The Message option is only available in the Discover My Network monitor. The Message Attribute option is available the Discover My Network monitor and the Universal View. Message attributes include details such as SIP supplementary services (OIR, TIR, HOLD, RESUME, CW, CDIV, and CB), which are reported as a comma-separated list in these views. For applications other than SIP, or when no data is available, a "-" is displayed. Note that the Advanced Voice Statistics Monitor includes these service types as individual columns that can be added using the Customize Column dialog. Also note that when Message and/or Message Attributes are displayed, those flow records do not include TCP Server/Client Min or Traffic Volume. o Use the reset icon within this dialog to revert these settings to the values present when the table was initially loaded. •

Note the following: o For addresses are grouped using the Client Community Subnet option in Global Settings>Enterprise>Client Communities, that group is displayed in its masked IP Address form rather than with a Community ID. For example, with a subnet mask of /16, the last two octets are displayed as 0.0 (192.168.22.34 and 192.168.35.42 are grouped into 192.168.0.0). This allows you to identify activity by address range rather than hiding the range within a label. Drilldowns to Session Analysis and subsequently to Decodes show underlying client IPs. This is not applicable for RTP Monitor and Media Monitor. o In addition to values populated based on the vifn_mode setting, other flow / key attributes, such as Cell Area, Handset Group, or RAT Type, appear in this options dialog based on Agent settings, particularly those related to mobile configurations. o If more than one interface is selected on drilldown from the Home Tab, the location keys associated with all selected ME Locations are displayed in this dialog. If you enable the key columns for all interface types, a "-" is displayed as the value for any type that is not applicable for a given row. For example, if interfaces configured for VLAN and for Site are present in the table, and you opt to display both VLAN and Site key columns, each row will have a value in either the Site or VLAN column and a "-" in the other column. An exception to this occurs with multi-type modes such as vrf-site, as the row will have data populated for both key types (VRF and Site). Because the location key dialog includes all keys applicable to the summary table contents, it is possible to select display of key type that is not applicable for the currently active row. o If a key column is a type where the value is derived from packet data (such as VLAN) but the value is not found in the packet data, the lack of data is reported as "Unknown." For guidance configuring VLAN deployments, refer to the VLAN Services Monitoring Overview. o If a key column is a type where the value is defined and/or associated using nGeniusONE administrative tools, but this has not been done for the detected traffic, the value is reported as "Not Defined." This can occur for Location Keys such as Site and the Client and Server Community columns. In the latter case, definitions for addresses in the network must be configured using Global Settings>Enterprise>MyNetwork and associated Server

150

TROUBLESHOOTING ISSUES Communities and Client Communities. For more details on these refer to Understanding Communities. For guidance configuring Site deployments, refer to Site Monitoring Overview. o Note that for certain peer-to-peer applications, such as RTP, the source and destination addresses are both displayed in a single Community column since the concept of server is not applicable. Instead, RTP Monitor and Media Monitor offer the option to toggle community between, described in Change view mode, below. o If desired, specific addresses can be displayed for flows with Community-defined key values by hovering over the value to display a tooltip, or by drilling down to Session Analysis and, from there, Packet Decode. If the Community value is undefined, the tooltip displays "0.0.0.0." o In predefined monitors, Location keys are presented for both client and server directions. For monitors based on user-defined services that include Network Domains containing ONLY virtuals, the direction is specified to be either client or server at the time the service is created. Therefore, location keys for a user-defined service are only client or server. •

Switch to: Certain monitors have an option to change the data displayed in the Summary table. The icon function varies per monitor as described here: o Alternate Statistics: Many monitors display a set of specialized metrics, unique to analysis of the application type. When present in the monitor, this icon toggles display of the Summary table from the default mode with metrics specific for that monitor other formats. If more than one alternative mode is available, a pick list is displayed, otherwise the mode is toggled automatically to the format of the Universal Monitor.

Universal: Displays metrics applicable to most protocols in general; this view is not applicable or available for MDF Monitor, RTP Monitor or, when available, Media Monitor. Note that when Business Type Service Provider is enabled, the metrics and charts for Universal view in all monitors are adjusted to include session-relevant details. Advanced Voice Statistics: Displays more detailed statistics for voice signaling protocols; this mode is available in Call Server Monitor.

151

nGeniusONE 5.4.1 Online Help Topics Service View: In cases where the monitor was launched by selecting a Service either in a Dashboard or in the Services sub-tab of a Monitor Home tab, this option is available to display a set of metrics rolled up for the service itself rather than a breakdown by Monitored Element (ME), ME Group or Network Domain. Note that Service View option is not applicable for Certificate Monitor, MDF Monitor, or UC-based monitors (Media Monitor and RTP Monitor). The following features are not supported in this view: 

Error code filtering



Hourly drill down

 View options>Apply to All rows/selected rows  Location keys (Community keys are supported) TCP Analysis: By default, monitors display metrics based on Key Performance Indicators. In some cases, it may be useful to see TCP metrics for the same flows. Use this option to view metrics and charts TCP attributes such as Latency, TCP Window Size, TCP Retransmissions, and Resets. This option is not displayed for UDP-based monitors. Also note that when the view is not applicable for certain protocols (such as SIP or Diameter) TCP metrics are not displayed in the table and charts of this view. Discover My Network / Discover My Network Media: (For Discover My Network module only) In this module, the Switch-to icon allows toggling between the default view of client-server applications and a view with media applications. o Community: (For RTP Monitor / Media Monitor only) This button displays a menu allowing you to toggle display of the Summary table contents between source, destination, source and destination results. Click the icon to select the desired mode (The currently active mode is shown in the table title). The following applies to these view modes: Source: Displays results associated with outbound traffic to the community displayed in the Source Community column. Destination: Displays results based on inbound traffic to the community displayed in the Destination Community column. Source and Destination: Show results based on both directions with the column labeled Community. The source and destination rows appear together initially (Your sort choices can change this ordering; see sort columns, below). Use the values in the Community

152

TROUBLESHOOTING ISSUES column to identify the traffic direction. Source community labels are annotated with :IN; for Destination community labels are annotated with :OUT. •

Drill down to hourly results: If you selected one of the time menu options exceeding a one-hour duration, this time drilldown icon is enabled on both the table and charts. To use this drilldown feature, select rows of interest in the table, then click the icon to open a Drilldown tab containing the data for originally selected rows for the same duration, but the data are now represented in rows of one hour at a time and charts of 5 minute granularity. Note that since this new tab is within the one hour or less duration limit, Session Analysis is enabled (it is disabled on the originating tab of duration exceeding one hour).

•

Customize view options: You can use this option to toggle display format of values in the Summary table. Note that, by default, certain fields are formatted as per nGeniusONE User Preferences. You can override these settings per monitor, in both the Summary tab and Session tab, then save settings if desired. Note that toggling these options causes column titles to change accordingly (e.g., ME Name to ME Alias). The options from this menu are: o Host Description: For Client and Server columns, the values can be toggled between Name, IP Address, or full Name with Domain. If a namebased option is selected and the nGeniusONE server has record of a DNSresolved name for that address, the name is displayed instead of the IP address. If no name is resolved, the IP address is still displayed. o Monitored Element: This toggle correspond to the way the appliance is configured in Device Management. From there, an administrator can provide an Alias and a Name, in addition to the device Address. Selecting Alias, Name or Address in the view options dialog changes the column title and, if the administrator provided a value other than IP address for these, the corresponding value is displayed. o Application Description: Use this toggle to change display of the value in the Application column between values defined in Global Settings (Short Name, Long Name, Port). In views containing Message-based extensions or child applications, the value in the Application column for those rows includes the parent application name prefixed with the message name (e.g., DHCP:Renew). You can opt to display just the message name for those rows (Message), if desired. Note that the column title changes to Message, but the rows that contain only applications still contain the application name. This option is not presented in specialized monitors / monitors toggled to specialized view because messages are only displayed with the default metrics associated with the Universal metrics set. o Response Time Latency: Toggle between displaying results in milliseconds (default) or microseconds. o Chart Resolution: Change units for chart based on the overall duration of the tab. For durations of three to less than seven days, you can toggle the charts to display resolution in units of 1 Day (default) or 1 Hour. If the overall duration is more than one hour but less than three days, you can toggle the charts to display units in 1 Hour (default) or 5 Min(utes). o Show service as (Service View only): In cases where the monitor was launched by selecting a Service either in a Dashboard or in the Services sub-tab of a Monitor Home tab, and is toggled to Service View, the View

153

nGeniusONE 5.4.1 Online Help Topics Options menu includes settings to switch the summary table from Aggregated (default setting, which displays results by service name) to Expanded mode. In the Expanded mode, a row is displayed for each Monitored Element (ME), ME Group, Network Domain, or Application Group. o Limit To (Universal View only): Use this new option to specify a metric against which initial results are pre-sorted before a user specified maximum (Top N) of those results are displayed. A minimum of 1 and maximum of 100K are supported for this setting. These configurable settings (sort and maximum) are preserved when Save Settings is used. Note that this “sort” is unrelated to the sort order of the table itself, which can be changed by clicking table column headings. •

Error Code Match : Use this icon to specify one or more (comma separated) error codes such as 404, 500, 503 upon which to filter displayed results. Upon clicking OK, the current original query is re-run with the new filter and a new column, Filtered Failure Count is available in the Customize Columns selector . Open this selector and add the column to display counts for cases where a row has matching values. A value of "0" indicates no matches; values greater than zero include matches for any of the provided codes. Use the filter reset icon to clear the currently applied error filter. The values in the Filtered Failure Count column are reset to "-."

•

The UC Conversation Launch UC Conversation View (Media Monitor only): view drilldown is active when the Community column is enabled from the Key Options dialog (use the options icon to display the dialog). Select the Conversation View icon to display a UC Server Conversations tab with the context of the row selected in the Summary table. Note that the UC Server features, including Media Monitor, are enabled only when the nGeniusONE Server is configured with a UC Server license.

•

Launch Streams View (Media Monitor only): Streams view drilldown displays a UC Server Streams tab with the context of the row selected in the Summary table. Up to 50,000 streams are queried to match the selection. Note that the UC Server features, including Media Monitor, are enabled only when the nGeniusONE Server is configured with a UC Server license.

•

Launch Related Monitor: Use this icon to open a relevant Service Monitor tab with context of the selected row. An option dialog is first displayed to allow you to select a specific monitor type. For example, if the application is SCCP, the monitors offered are Universal, Call Server Monitor, and Advanced Voice Statistics. For FIX traffic, the offered views are Trading and Universal. From Discover My Network Media view, the offered monitors are RTP Monitor and, if licensed for UC Server, the Media Monitor).

•

Launch nGenius Subscriber Intelligence (nSI): An icon to launch nSI is active and available for drilldown, with context, only when the nGeniusONE server is integrated with nSI and the selected row is applicable traffic.

•

Display Context: Use this icon to display a summary of the context used to generate the displayed results.

154

TROUBLESHOOTING ISSUES

•

Save / Reset settings: Use this tool to save and reset configurations changes you have made for Metrics, View Options, column sort order, and chart legend selections. o Save: This saves settings for this monitor and this tab for the current user. Settings are independent per tab. For example, in Traffic Monitor, the Summary tab settings are independent of the Conversation tab. In Call Server Monitor, the Summary tab settings are independent of the Session Analysis tab settings. o Reset: Use this option to revert the settings to the currently stored system defaults. The next time the monitor is opened, it will use the reset values (Reset does not modify the currently active monitor instance.) o Save for All / Reset for All: These options are displayed in the settings menu when users have the SYSADMIN role. These allow an administrator can configure settings for each monitor once for the entire server, then select the Save for All menu option. Those customizations become the new system default for each user. Users can subsequently create their own customizations. Future Save for All updates by the administrator do not overwrite customizations made by users, rather the internal “default” is updated and applied when non-administrative users select the Reset option. To restore settings to NetScout defaults, the administrator applies Reset for All.

•

Show more tools: When the browser is too narrow for display of the full set of icons in the toolbar, this icon displays to indicate that more options are available. Click the icon to display a pick list.

•

Navigate available results: The table displays up to 50 results at a time. When more than 50 rows match the query, the Page navigation icons on the upper pane’s status bar are enabled with icons to jump to the start or end, or to a specific page number, and to move forward or backward through the results. The status bar indicates which set of 50 is currently displayed, along with the total number of records

.

The columns of the Summary table include Monitored Elements, Application type, Location keys, and a set of metrics relevant to the service/protocol associated with that Monitor. For a detailed list of the metrics for each Monitor, refer to the nGeniusONE Metrics Guide associated with your release version. •

Resize columns: You can change the width of any column. Hover your mouse cursor over the vertical separator between the column headings until the cursor changes to a gripper icon, then click and drag to adjust.

•

Sort columns: Click the heading of any column to sort the Summary table by that field or metric. The entire table is sorted on that key, not just the currently displayed results. Click a column title multiple times to toggle sort order between ascending and descending.

Working with the Charts The types of charts vary based on the service/protocol associated with the specific Monitor. In addition, the contents of the charts vary based on selections made in the Summary table.

155

nGeniusONE 5.4.1 Online Help Topics Use the information below to understand the types of charts available in assorted monitors, how to customize and interpret chart data, and how to drill into more detail. Types of Charts The chart titles below are NetScout defaults. Users are permitted to customize chart titles and metrics so the following may not reflect your current environment. DNS / DHCP / LDAP / RADIUS / Database / Card Processing Monitors

• • • •

Latency Variation Over Time with Application Usage Failure (%) Over Time Total Requests Performance Variation Over Latency

Error Code Distribution | Information Distribution | Error & Information Distribution Call Server

• • • •

Latency Variation Over Time with Application Usage Failure (%) Over Time and Total Calls Performance Variation Over Latency

Error Code Distribution | Information Distribution | Error & Information Distribution Trading Monitor

• • • •

Response Time Over Time with Application Usage Rejects (%) Over Time with Active and Total Transactions Performance Variation over Latency

Error Code Distribution | Information Distribution | Error & Information Distribution MDF Monitor

• •

Message Over Time Message IFG and Message Loss Count

Radio Monitor (NBAP)

• • •

Trend of Dropped NBAP Connections Over Time Node B RTWP Distribution Node B Tx Power Distribution

SNMP Monitor

• • • •

Latency Variation Over Time with Application Usage Failure (%) Over Time Total Requests

• •

Stream Counters Over Time

• •

Absolute MOS Problems Over Time

Packet Loss Network Impairment Problems Over Time Jitter Network Impairment Problems Over Time | Error & Information Distribution

PDN Connection / Network Access Monitors

• • • •

Success and Failure Transactions Over Time Latency Over Time Error Code Distribution | Information Distribution | Error & Information Distribution

Response Time Distribution and Application Latency Over Time Cable Modem Monitor

• • • •

Server Load and Performance Server Response Time and Throughput Errors Errors Error Code Distribution | Information Distribution | Error & Information Distribution

Advanced Voice Statistics

• • • •

Success-Failure Over Time

• • •

Throughput Analysis Over Time

Call Summary Latency Variation over time with Application

Error Code Distribution | BYE Reason Code | CANCEL Reason Code | Failures & Reason Codes Radio Monitor (RRC) CPICH Ec/No Distribution Trend of RRC Dropped Connections and Percentage of Active Size

• CPICH RSCP Distribution NetFlow Monitor • •

Flows Over Time Flows Drops Events Over Time

Performance Variation Over Latency

Error Code Distribution | Information Distribution | Traps | Error & Information Distribution Media Monitor (UC Server license required)

• •

Stream Counters Over Time

• •

Degradation MOS Problems Over Time

156

RTP Monitor

Packet Loss Network Impairment Problems Over Time Level Payload Problems Over Time

Certificate Monitor

• •

Certificate Expiration Distribution Certificate Servers/Counters (table)

TROUBLESHOOTING ISSUES Discover My Network

• • • •

Transactions Over Time Throughput Over Time Response Time Over Time TCP Window Size Over Time

View Mode Chart changes Universal mode

• • • •

Transaction Success vs. Failure Server Response Time and Throughput Error Code Distribution | Information Distribution

TCP Analysis mode

• • • •

Universal mode (Service Provider)

Server Load

• •

Success and Failure Transactions Over Time

•

Error Code Distribution | Information Distribution | TCP Counters

Response Time Distribution and Application Latency Over Time

• Throughput and Response Time Over Time Service View mode

Network and Application Latency Window Size SYN vs SYN-ACK TCP Counters Distribution

• •

Success and Failure Transactions Over Time

•

Error Code Distribution | Information Distribution |Error & Information Distribution

•

Response Time Distribution and Application Latency Over Time

Throughput and Response Time Over Time

Discover My Network - Media

• •

Stream Counters Over Time

• •

Absolute MOS Problems Over Time

Packet Loss Network Impairment Problems Over Time Jitter Network Impairment Problems Over Time

Populating and Manipulating Charts Charts are automatically updated each time a new row is selected in the table. To plot data for multiple rows (up to 5), check the selection boxes for each row, then click the Compare icon

from the Summary table status bar.

In any chart, the source information associated with a data point is available by hovering your cursor over a bar or point on the chart (details provided below). Contents of the tooltip vary with each Monitor but typically include the packet-based timestamp, the source ME Location, the Application, Community label, if present, and the value of the corresponding metric

157

nGeniusONE 5.4.1 Online Help Topics For most charts, the primary metrics from each row are plotted in bars or stacked bars over time on the X-axis, with an overlaid line chart of one or more supplemental metrics (such as Response Time, Error Count, Stream Count). When results from multiple rows are displayed, the lines are differentiated by unique icons at each data point, rather than by color. Note that when the metrics for a single row are charted, the attributes are differentiated by color. When more than one row is selected, the attributes are differentiated by color and pattern (example below). In addition, the metric names in the legend are annotated with "N," where N corresponds to the selected row number in the table. A few options can be used to view charted details more clearly, if needed: - Maximize the chart to view the pattern variations - Disable different metrics (click labels in legend) - Zoom into details (click and drag over time) In the example below, the details are more visible by disabling Order New-3, which allowed the other metrics to scale accordingly, and by zooming into the chart (click and drag).

158

TROUBLESHOOTING ISSUES Note that when the number of entries for a chart legend exceeds the allowed space, a paging control is displayed below the chart legend area. The control includes an up and down arrow and the current page. Click the arrows to move forward and back through the pages of legends.

Following is a description of icons and actions available in all charts, except as noted: •

Expand/collapse charts: When the browser is scaled such that all charts cannot automatically fit, two charts are displayed with a gold down-arrow icon to the left of the chart title. This inactive icon alerts you that a chart is hidden. Toggle display of alternate charts by clicking the right facing white arrow icon or the title of the other chart. If you do not see the title bar of the hidden charts, you must change the browser size or scaling to display the title bars.

•

Create Session Analysis for selection: Use this icon to display correlated session results for the selected rows in a new tab. When a Session Analysis icon is available from the chart, drilldown from the chart passes the same context as from the table, with the exception that you can narrow your query using the chart. To subset information in a time-based chart, click and drag to zoom into a chart area. For pie charts, click a pie piece (click any pie piece to restore the original pie

159

nGeniusONE 5.4.1 Online Help Topics chart). Refer to Using Session Analysis Tabs for more information on using that new tab. •

Maximize / restore chart: For charts, these icons behave slightly differently than for the Summary table. The charts are maximized within the lower pane only. Use these icons to toggle display of a single chart in the entire lower pane area or to restore it and display all charts. These icons are not displayed when the browser is scaled down such that only two charts are visible.

•

Launch a Packet Decode tab: In some cases, such as the MDF Monitor, you can directly open a packet analysis tab (instead of first launching Session Analysis). For monitors that support this, select an individual item from the chart with this icon, and then select the icon to open a decode tab.

•

Customizing displayed details: o For time-based charts, click and drag to zoom into a more detailed view of the data over time. Click the Reset zoom popup to reset the chart. o Analyze Details (Error Distributions Only): Identify which reported error codes occurred the most frequently in the current view. The error codes in the legend of Error Distribution charts are ordered left to right based on the highest overall percentage contribution of that error to the total failures in the current view context. To view the percentage contribution of the errors, click this icon and select either the Top 10-Pie or the Snapshot view. The Snapshot view is a tabular list of all the codes, with sortable columns for Count, Relative % contribution of that error to the total errors for the selected flows, and the Absolute % (contribution of the error to the total transactions for the selected flows). To further analyze the specific error data, select one or more rows in this table, then click the Session Analysis icon on the chart. You can also use this menu to Enable All/Disable All of the codes in the chart, to simplify re-selecting just the codes of interest. (Note that the Snapshot table selections are for use in drilldown to Session Analysis, not to enable/disable codes in the chart itself; also note that selecting all error codes for drilldown here includes Session Status=3 (Failure) in the context rather than the individual error codes.)

o Choose Error Distribution: Use this option to toggle error based distribution charts between assorted views: Error Code Distribution (default) and Information Distribution, or a combination of both Error Code and Information on the same chart. Note that for Advanced Voice Statistics Monitor the combined option is instead Failures & Reason Codes Distribution. Also note that when the chart is in combined mode, the data types (such as errors versus information) are not differentiated in the chart, but are depicted when toggled to Snapshot (see Analyze Details above).

160

TROUBLESHOOTING ISSUES

o Toggle table view: This icon can be used to toggle the chart between graph and tabular form. o

Reduce Time: When overall Time of the view is set to any duration exceeding an hour, a time drilldown icon is enabled on the table and on time-based charts. Click this icon to open a new tab with a table and charts based the selected rows for the first hour duration in the Time menu or, ideally, after first narrowing down the duration of time by swiping a subset in a chart. o Measure Picker: When available on a chart, use this icon to display a dialog for toggling the underlying metrics of the chart to a different option (e.g., In Kbps, Out Kbps, TCP RTT (ms)). o Measure Configuration: This option allows you to customize the chart title and the measures on the left and right Y-axes of the charts. Select the metric and plot type (bar or line) for Y1 (left axis) and Y2 (right axis). The title of the chart can also be modified. The changes made in this dialog are preserved with Save Settings. You can select up to 7 measures in this dialog, however the measure Type for each of the two axes must be of the same type. For example, all of Y1 must be either Rate, Response Time or Count, not a combination. Selected measures are highlighted in blue for easy identification. This feature is not applicable to the Error Distribution charts and related views available within that chart type.

Note: To revert the chart, use the Reset icon in the Save Settings dialog, which resets the monitor to globally stored defaults. o Responsiveness (Universal Monitor only): Charts such as Server Load that are based on Response Time distributions include legends such as Fast, Degraded, and Slow. In Universal Monitor, these charts include an option to display the configured values for those Response Time Buckets, as

161

nGeniusONE 5.4.1 Online Help Topics defined in Global Settings > Responsiveness for the selected application.

o For any chart, click the legend label to disable/enable that item from display in the chart. o In pie charts, click a pie piece to isolate data in corresponding charts. If desired, click the disabled metric labels in the associated chart to view the hidden results for that application.

The following apply to Certificate Monitor charts: The OK, Warning, Critical status indicates whether the server has certificates in a specific expiration range based on configuration of the Certificate Application's Days to Expiration settings. By default, the settings are Critical: Expiration within 30 days; Warning: Expiration greater than 30 but less than 60 days; Ok: expiration greater than 60 days. Note that expiration status is based on the status as of 00:00 Hour GMT. Although you can navigate backward and forward in time, certificates that are updated during a 24-hour period retain the same status until the status table is purged and refreshed upon the next 00:00 Hour GMT. The following apply to Error Code Distribution charts: •

162

Click individual bars to include that error code in the context for Session Analysis drilldown. The code number (not the type of error) can be seen when you click the Session Context icon to display the full query details from the Session Analysis tab.

TROUBLESHOOTING ISSUES

•

Use the icon to toggle the chart display between distribution types: Error Code Distribution (default), and Information Distribution; for SNMP Monitor the options are Error Code Distribution (default), Information Distribution, and Traps. To drill down from the Information Distribution chart to Session Analysis, first select an individual information code.

To export all charts, use the export icon on the main toolbar of the monitor. Select the option for CSV (Charts), which creates a zip file containing a CSV for each separate chart.

163

nGeniusONE 5.4.1 Online Help Topics

Using the Measure Group Dialog (Monitors) As described in Using Service Monitor Summary Tabs, you can use the icon (when present) in a Service Monitor to customize how messages are grouped in application-based monitors.

Using Monitor Session Tabs (Monitors & Enablers) The Session Analysis tab provides a correlated view of flows selected for drilldown from the table or charts in the Summary tab of Monitors or Enablers (Session Analysis drilldown is not supported from Traffic Monitors). All flows related to the selection, within the specified time range, are retrieved and displayed. So, although you may have selected one or two flows, a more substantial number of related flows are typically displayed. For drilldowns

164

TROUBLESHOOTING ISSUES from the Summary tab table, the time range is based on the duration displayed in the table title. Drilldowns from charts support zooming into subsets of that duration before launching Session Analysis (refer to Working with Charts for details). Multiple session tabs may be launched from any Summary tab and multiple Packet Analysis (Decode) tabs can be launched from any Session tab. This topic provides guidance using the Session tab, which contains three panes: •

Session Overview: Summary of criteria for originally selected flows; use this pane to select a session for analysis in the other panes

•

Session Trace: Ladder diagram depicting correlated flows with response times for the selection made in Session Overview pane

•

Session Summary: This pane contains one or more tables summarizing characteristics of the entities associated with the session and flows comprising the session. A small set of performance metrics is included.

Note: •

Session Analysis drilldown is available from application-based Monitors and Enablers. This capability is not applicable for Traffic Monitors.

•

Use of this tab requires ASRs are enabled in Global Settings for the originally selected protocol and that the monitoring appliance is configured to collect ASR/xDR records. If this has not been done, or if ASRs are not available for the selected application, or application message (e.g., SNMP Traps), the monitor displays No Data. If needed, review the overview of prerequisites for using monitors.)

•

As with most panes in the Monitors, you can perform the following actions to change layout: o

Maximize/restore pane: Use these to toggle between display of only that one pane, or sharing the space between all three panes.

o

Expand/collapse pane: In some cases, an individual pane can be expanded or collapsed rather than maximizing it. Click these icons to show or hide a pane. When a pane is hidden, the other panes automatically scale to use the additional space.

o

Resize columns: (Not applicable for Session Trace) You can change the width of any column. Hover your mouse cursor over the vertical separator between the column headings until the cursor changes to a gripper icon, then click and drag to adjust.

o

Sort columns: (Not applicable for Session Trace) Click the heading of any column to sort the table by that field or metric. The entire table is sorted on that key, not just the currently displayed results. Successive sort is not supported. Click a column title to toggle sort order between ascending and descending.

Session Overview Table Use this table to select which session details to analyze in the Session Trace and Session Summary panes. Icons in the status bar of this table provide options for filtering and navigating within the displayed records. Icons also appear in the body of the table, in certain cases, to indicate status or other flow attributes. Refer to the following for guidance:

165

nGeniusONE 5.4.1 Online Help Topics •

Table icons: The following icons may appear in the Session Analysis Overview table. o

Multi-segment: In cases where the flow appears on multiple interfaces, this icon appears with the interface name in the ME column if those different interfaces are selected for drilldown to session analysis. This attribute can also be filtered, as indicated in Filter results below.

o

Status: The state of each displayed flow is either OK/Successful Error/Failed , Critical also filter on Status.

, In Progress

, or Aged out

,

. You can

•

Filter results: Narrow the results by filtering on specific values. If needed, click this icon again to display the currently set filter options. Add multiple filter options using the + icon. If desired, you can specify whether the query should match records with all the criteria or match any one of your multiple criteria. Click the Find button when ready to run the query. When a filter is in use, the icon is highlighted with a gold border. Note: In some cases, the list of filter elements includes options that do not appear to match the table column labels, such as Call Server and Call Server IP. These are provided to simplify the query process - use one for searching on hostname and the other for searching the same field using IP address. In the RTP Monitor and Media Monitor Session Analysis tabs, an additional filter element, Characteristics, is provided to allow you to isolate "single segment" or "multi segment" monitored elements (mixed case and substrings such as "multi" are supported).

•

Reset filter:

•

Customize displayed metrics: In addition to certain fixed columns (ME Location, Application, Server, and Client) the Session Overview table includes a collection of metrics of which only a subset is displayed by default. Use this icon to customize which metrics are displayed. The collection varies slightly based on monitor type and whether the monitor is toggled to TCP Analysis view; certain monitors and views include supplemental metrics (e.g., Card Processing includes PAN Number, Accessor ID, and Error Code). However, if a specialized monitor is toggled to the Universal view, a general set of metrics are available. Similarly, a monitor based on custom service created using the Service Configuration editor will only have specialized metrics if a specialized Monitor is used as the template; when "Universal" is used as the template, generic metrics are provided.

•

Export displayed results (CSV, PDF, RTF): one of three formats.

•

Toggle analysis based on session start: By default, the Sessions tab displays only those sessions that were active in the time duration of the Summary tab when the Session Analysis drilldown was performed. For some protocols, such as DNS, the whole session is likely to be represented in this duration and accordingly displayed in the ladder diagram. For other protocols, such as those for VoIP traffic, the start of the session may have occurred prior to the selected time duration, so only a portion of the needed information is mapped in the ladder diagram. Use this icon to display a dialog allowing you to toggle between displaying the set of session events from the start of the session through the end-time of the originally selected duration and displaying events for the original duration.

166

Clear the filter options.

Save the currently displayed data in

TROUBLESHOOTING ISSUES

•

Customize view options: Similar to the Summary tab, you can use this option to toggle display format of values in the Summary table. Note that, by default, certain fields will be formatted as per nGeniusONE User Preferences. You can override these settings per monitor, in both the Summary tab and Session tab, then save settings if desired. Note that toggling these options causes column titles to change accordingly (e.g., ME Name to ME Alias). The options are: o Host Description: For Client and Server columns, the values can be toggled between Name, IP Address, or full Name with Domain. If a namebased option is selected and the nGeniusONE server has record of a DNSresolved name for that address, the name is displayed instead of the IP address. If no name is resolved, the IP address is still displayed. o Monitored Element: This toggle correspond to the way the appliance is configured in Device Management. From there, an administrator can provide an Alias and a Name, in addition to the device Address. Selecting Alias, Name or Address in the view options dialog changes the column title and, if the administrator provided a value other than IP address for these, the corresponding value is displayed. o Application Description: Use this toggle to change display of the value in the Application column between values defined in Global Settings (Short Name, Long Name, Port). In views containing Message-based extensions or child applications, the value in the Application column for those rows includes the parent application name prefixed with the message name (e.g., DHCP:Renew). You can opt to display just the message name for those rows (Message), if desired. Note that the column title changes to Message, but the rows that contain only applications still contain the application name. Also note that this option is not presented in specialized monitors as messages are only displayed in monitors using the Universal metrics set. o Response Time Latency: Toggle between displaying results in milliseconds (default) or microseconds.

•

Display context: Use this icon to display a summary of the context used to generate this Session tab upon drilldown from the original tab.

•

Launch nGenius Subscriber Intelligence: This icon is present in all Session Analysis tabs, but is relevant for drilldown with context to nGenius Subscriber Intelligence (nSI) only when the nGeniusONE server is integrated with nSI and the selected row is applicable traffic.

•

Save / Reset settings: Use this tool to save and reset configurations changes you have made for Metrics, View Options, column sort order, and chart legend selections. o Save: This saves settings for this monitor and this tab for the current user. Settings are independent per tab. For example, in Traffic Monitor, the Summary tab settings are independent of the Conversation tab. In Call Server Monitor, the Summary tab settings are independent of the Session Analysis tab settings. o Reset: Use this option to revert the settings to the currently stored system defaults. The next time the monitor is opened, it will use the reset values (Reset does not modify the currently active monitor instance.)

167

nGeniusONE 5.4.1 Online Help Topics o Save for All / Reset for All: These options are displayed in the settings menu when users have the SYSADMIN role. These allow an administrator can configure settings for each monitor once for the entire server, then select the Save for All menu option. Those customizations become the new system default for each user. Users can subsequently create their own customizations. Future Save for All updates by the administrator do not overwrite customizations made by users, rather the internal “default” is updated and applied when non-administrative users select the Reset option. To restore settings to NetScout defaults, the administrator applies Reset for All. •

Show more tools: When the browser is too narrow for display of the full set of icons in the toolbar, this icon displays to indicate that more options are available. Click the icon to display a pick list.

•

Navigate available results: The table displays up to 50 results at a time. When more than 50 rows are available, the Page navigation icons on the Session Overview pane's status bar are enabled with icons to jump to the start or end, or to a specific page number, and to move forward or backward through the results. The status bar indicates which set of 50 is currently displayed, along with the total number of records.

Session Trace Diagram The ladder diagram and data in this table are generated based on selections in the Session Overview table. Specific actions you can perform in this table are: •

By default, the values in Relative Time column reflect the earliest timestamp in milliseconds relative to the beginning of the selected session. If the Overview table has been toggled to display results from the Session start, then these values are represented as absolute time. Hover over the values to display the time in traditional notation.

•

Drill into packet details by clicking one of the addresses displayed in the column header of the ladder diagram (depicted below). A new Packet Analysis tab opens, based on the selected context. Note that you can change the context of this chart prior to decode using the Session start time icon open a Decode using the Decode icon

168

described above. You can also

on the title bar of this pane.

TROUBLESHOOTING ISSUES

Session Summary The contents of this pane vary based on the type of monitor, the selections made in the Overview pane, and whether the toggle to display start packets is active. For most monitors, the summary is split into two tables as described below. For the RTP Monitor and Media Monitor, these are merged into a single table, augmented with performance metrics. •

Session Information: This table includes identifying criteria for the specific session. Contents vary based on the type of traffic. For example a DHCP summary includes Host Name, Client and Server IPs, Relay IP, Domain, et cetera. The Call Server summary information table includes contents such as the Calling Party, Called Party , Call Reference Value, Conference ID, and Calling/Called Party Dial Plans. Note that when Session Analysis is launched from a monitor toggled to TCP Analysis view, this table includes additional TCP metrics.

•

Flow Information: This table includes an address:port number pair along general performance metrics (byte and packet counts for both directions between client and server, as well as retries and timeouts) for each monitored element at the Client end points in the Session Trace.

Note: The combined Session and Flow Information table for RTP Monitor and Media Monitor provides the Monitored Element (Interface), Source/Destination addresses, SSRC, Duration of the flow, and associated codec, along with performance metrics (such as IP MOS and Jitter).

Using Packet Decode Tabs From most monitors, you can follow a workflow to drill down to the packet level for forensic analysis after isolating traffic to one hour or less, as follows: •

From the Summary tab of a Service Monitor/Enabler that supports Session Analysis, you can open a Session tab, and from there you can launch a Packet Decode tab. In certain cases, such as in MDF Monitor, it is possible launch decode directly from the Summary tab. When applicable, an icon is displayed on the chart toolbar. Multiple decode tabs can be launched from any Session tab.

•

From the Traffic Monitor charts that display Application statistics you can select a single application and then launch a Packet Decode tab using the icon. You can launch multiple decode tabs. Note that although these monitors provide a variety of perspectives into the data (Applications, Application Groups, Locations, MEs, Network Domains), decode can only be launched on individual applications.

•

From a UC Streams view tab or UC Single-Call view tab.

•

From the Host Analysis module.

•

From the Discover My Network module.

•

For encrypted traffic, decryption will occur automatically upon drilldown from the above modules if the user's role is enabled for Packet Analysis - User Decryption and SSL key configuration has been done. To view the packets without decryption, use the Packet Analysis Data Mining Module.

169

nGeniusONE 5.4.1 Online Help Topics After you isolate packets and select decode, the results are displayed in the new Packet Decode tab in three panes that, together, illustrate the various protocol layers embedded in a frame. Use the following as a guide for the actions you can perform in each of these panes: •

Packet Summary pane

•

Packet Detail pane

•

Packet Hex pane

Packet Summary Pane The Packet Summary pane displays several packets at once, providing a condensed view of the decoded packets’ source and destination addresses, the highest layer protocol in each packet, and various timing information. Although each packet is abbreviated and condensed, you can see at a glance the sequence and context of the frames. You can then examine individual packets in greater detail or skip over them. Usage Scroll through the entries in this pane to identify a row of interest. Select a packet row to update the Packet Detail pane and Packet Hex pane with decode information for the selected frame. Toolbar In addition to using the Summary pane to select packets for display in the other panes, you can perform the following actions using the toolbar located in the Packet Summary pane.

•

Navigate decode sessions: Each time you apply a Quick filter or Custom filter (see below) in the current decode tab, a new entry is added into this navigation list. Click the icon to display a dialog with a list of each decode session for this tab. Within the dialog you can edit and navigate between the original decode results and filtered results. To edit a session name or delete a decode session use the icons to the far right of that session title.

•

Stop Mining:

170

This stops data mining and returns the accumulated results.

TROUBLESHOOTING ISSUES

•

Launch Quick Filter: trace data.

•

Launch/apply a custom filter: Use this icon to open the Filter Builder to access a tool allowing you to create and apply custom, shared or local filters.

•

Launch Bounce Chart: Open a tab illustrating the flow of packets exchanged in the stream to which the selected frame belongs. Guidance for understanding and using the chart is provided in Viewing Data Mining Bounce Charts.

•

Launch Enhanced Decode: Launches the Enhanced Decode view to display additional information on TCP packets.

•

Compare Two Decode Windows Side by Side: Launches the Compare Decode view to allow you to view the contents of two packets side by side.

•

View Display Options: following options:

Apply a Context, Connection, or Application Filter on the

Adjust the granularity of displayed data with the

o

Time: Select seconds to nanoseconds and whether view all layers or just the top layer in the Summary View pane. It also allows you to filter out unresolved packets.

o

Layers: This option affects the value in Interpretation column. Select All Layers to display one line for each protocol level in a frame. Select Top Layers to display only one line (for the highest enabled protocol level).

o

Resolved / Unresolved: Select whether to display of name or IP address in the Source and Destination columns of the decode summary pane.

o

Column Display: Allows you to adjust how columns display on your screen.

o

Relative Mark: Mark a packet as a baseline for timing packets.

•

Save Packets as a Trace: If desired, you can save the selected packets to a trace file. Refer to Using Remote Save for detailed steps.

•

Launch Decode As: Launch the Decode As tool to map port numbers for specific applications in your decode.

•

Apply IP Security Decryption Configuration: on encrypted packets.

Launch IP Security Decryption

171

nGeniusONE 5.4.1 Online Help Topics •

Navigate frames: These tools allow you to navigate through the set of frames associated with the packet.

•

More:

The More button displays a menu with the following options: o

o

Export (Print to File) Column Management

Fields/Columns The Packet Summary pane includes the following fields for each displayed packet (fields marked with * are displayed by default; all fields, except Packet, can be added or removed using the Customize columns option: Field

Description

Packet*

The Summary panel lists frames sequentially in the same order in which they were received. Each frame is assigned a sequential number to simplify navigation. You can move quickly to a particular frame number by entering it in the Go To Frame tool at the top of the pane.

Absolute Time*

The time when the last byte of the packet was received. At that time, nGenius InfiniStream timestamps the packet. All other time displays are based on this value.

Delta Time*

The interval between the current frame’s timestamp and that of the preceding frame.

Size*

The length of the packet, not including the CRC bits.

Source*

The source address for this packet: By default, the Summary pane shows the network layer address, if present. If it is not present, the MAC address is shown.

172

Destination*

The destination address for this packet. Destination addresses are shown in the same way as source addresses.

Interpretation*

An abbreviated description of the packet’s contents. The exact data shown will depend on the packet, but may include destination and source port numbers, ACK numbers, sequence numbers, and so on. The protocol layer information displayed in this column can be adjusted using

TROUBLESHOOTING ISSUES the View Options icon (see above). Status*

Displays a packet status if the packet is one of the following: ACK, PSH, RST, FIN

Capture Size

Displays the amount of packet data captured (this may be less than the actual packet size)

Relative Time

You can select a particular packet in a data trace as a baseline for timing packets (by default, the Relative Mark is set for the first packet). The Relative Time column calculates the time difference (up to the nanosecond) from the marked packet. Packets above the marked packet display negative numbers and packets below the marked packet display positive numbers.

Source Mac

MAC address of the source system

Destination Mac

MAC address of the destination system

Source Port

Port number coming from the source system

Destination Port

Port number going into the destination system

Interface

Interface number from which the data was captured

Cumulative Bytes

Total bytes of the data capture (increments with each subsequent packet)

Custom

Columns created using the Customizing Columns for Data Mining

Packet Detail Pane The Packet Detail pane displays and interprets each protocol layer of the packet currently selected in the Packet Summary pane. The first line in the Detail pane provides some metadata on the decoded packet – the frame number assigned to it in the Packet Summary pane, its length as displayed, and its length as captured. Any difference between the two length values is the result of packet slicing on the capturing nGenius InfiniStream appliance. Following the packet metadata, the layers of the frame are arranged with the lowest protocol layer displayed first (top of the pane) with the remaining frames displayed in sequence down to the highest protocol layers. Initially, each of the layers is shown with a one-line summary. Here are actions you can perform in this pane: •

You can cascade open layers (double-click) to see the full interpretation of each field and parameter in that layer (VLAN tags, TCP header fields, application layer commands, et cetera).

•

As you expand packets in this pane and select different layers or fields (by dragging mouse to highlight), corresponding records update in the Packet Hex pane. Use this to identify which hex code corresponds to which layer or field in the packet.

•

Icons are also provided to Expand / Collapse and to Print the entire detail.

173

nGeniusONE 5.4.1 Online Help Topics

Packet Hex Pane This pane shows both the hexadecimal and ASCII interpretation of the frame selected in the Packet Summary panel. The highlighted area in the Packet Hex panel updates according to selections made in the Packet Detail panel, allowing you to map that code to a specific layer or field. Each byte is displayed as two hex characters, 00 to FF, with a blank between successive bytes. The bytes are arranged 16 to a row in a full-width table. The far left column shows the offset from the beginning of the packet, which allows you to readily calculate each field’s location in the packet. The ASCII portion of the panel shows the translations for the hex codes using either ASCII, Extended ASCII, or EBCDIC transliteration. An icon is also provided to Print the currently displayed Hex data.

174

TROUBLESHOOTING ISSUES

Working with Traffic Monitors The Traffic Monitor category of monitors (Link Monitor and Application Monitor) has common features that can be described independently of the monitor you are using. These topics provide general guidance on working with these monitors, both of which are available from the nGeniusONE Console. Note: The Traffic Monitors are supplied data from InfiniStream appliances enabled for ASI classification (asi_mode=ASI or hybrid) and for which appropriate additional configurations have been made. For an overview of monitors and how to access them, refer to the Overview of nGeniusONE Monitors. Link Monitor: Primarily useful for analyzing anomalous conditions affecting network performance such as unexpected/unidentified application traffic and link health based on specific indicators. Application Monitor: Primarily useful for analyzing network performance based on behavior of specific applications / application groups, or application behavior in certain network locations. Each Monitor opens with a Home tab. Actions performed here trigger launch of a Summary tab, where primary analysis is done. If needed, from certain views, deeper analysis of a selected application can be done by launching a Packet Analysis tab for that context. Conversation tabs are also available for source/destination and host activity analysis. •

Using the Home Tab: Use this tab to select the Monitored Elements or Network Domains of interest, or to launch help for the monitor.

•

Using the Summary Tab: The summary tab provides an at-a-glance view of network performance metrics with options to visualize more detail.

•

Using the Conversation Tab: The Conversation tab provides a quick method of assessing the source/destination conversation and host activity.

•

Using the Packet (Decode) Analysis Tab: From certain chart views in Traffic Monitor, you can drill down further into this tab for deep-dive packet decode and analysis.

Note: Use of the Monitors requires your environment be configured appropriately.

Navigating Monitor Views When you create a monitor view from the Home tab of a monitor, its summary tab is displayed along with tools to simplify navigating the additional tabs/views you may open while working in the monitor. Each time you Launch a view from a monitor home tab, that view is listed separately in the View navigation menu available by clicking the monitor name at the top left. Each time you launch a sub-tab within a view, a blue button for that sub-tab is added to the tab navigation menu along with a blue icon at the left of the monitor main display area. The example below illustrates this using the Universal Monitor, however the functionality is the same in all monitors, including Traffic Monitors. This topic reviews how to use the View navigation menu to switch between Monitor instances and to use the Tab navigation menu to switch between sub-tabs and to close

175

nGeniusONE 5.4.1 Online Help Topics sub-tabs.

View Navigation •

To display the list of views: Click the title at the upper left of the monitor. To hide the list without changing the active view, click the title again. The example above shows the Universal Monitor with views for individual monitors or services opened from the Universal Monitor Home tab. Since the Universal Monitor displays all monitors and services other than Traffic Monitor and Discover My Network, the example shows the user has opened a variety of Monitor views: Call Server, RTP, and Advanced Voice Statistics. The active view, in blue, is Call Server. If the user had opted to open an individual monitor, such as Call Server, it would display in a separate tab. In the example below, the user has opened assorted Call Server views based on services created for different geographies:

176

TROUBLESHOOTING ISSUES

When the monitor has been opened from drilldown through the nGeniusONE Console Search & Discover tool, the title of the view is the context of that drilldown. In the example below, a search was conducted for DNS, then DNS Monitor was selected for drilldown. The DNS Monitor is opened, with the context of the last hour, and with DNS and the selected interface. The interface is used as the view name.

•

To switch between views: From the view selection menu, click the title of the view you want to display.

177

nGeniusONE 5.4.1 Online Help Topics •

To close a view: You can either close the entire monitor by clicking the X on the tab in the nGeniusONE Console, or you can close individual monitor views. From the View navigation menu, click the X on the view title. Note that closing the view also closes all its associated sub-tabs (Session Analysis and Packet Analysis, for example). A prompt displays to confirm that you want to close the entire view, including its tabs. To close individual tabs, see below.

•

To create a new view: Click the menu option for Open New View to display the Home tab. Alternatively, click the Home icon tab navigation pane (described below).

at the bottom left of the monitor's

Tab Navigation Each monitor has a collapsible navigation pane to the left side of the main display area. Each time you open a tab or sub-tab within a monitor view, a blue or gray vertical bar is added to the left navigation pane. You can navigate between sub-tabs of the view by clicking the colored bars, or by expanding the navigation pane and clicking the tab label, as illustrated below.

•

Expand or collapse the tab navigation pane: Click the navigation icon aligned to the top left row of the monitor contents. Click it again to collapse the pane. You can navigate the tabs in either mode.

•

Navigate tabs/sub-tabs: Click the label or colored bar to load the tab into the view.

•

Close a tab / sub-tab: Parent tabs are grey; child tabs (sub-tabs) are shades of blue. Closing a parent tab will also close the child tabs, as described below. You

178

TROUBLESHOOTING ISSUES cannot close the Summary tab. To close a tab, expand the navigation pane and click the X to the right of the tab name. In the example above, clicking X on either of the Session tab labels closes the individual Session Analysis tabs. Clicking the X on the Drilldown tab label closes the Drilldown tab (Hourly drilldown from the Summary tab) and the three tabs below it (Sessions, Packet Decode, Packet Decode). There is no confirmation when you close a tab group such as the Drilldown set.

Using a Traffic Monitor Home Tab Traffic Monitors are used to perform analysis primarily of the overall network, rather than specific applications, although isolation of general application behavior is possible within these monitors. For this reason, the Traffic Monitor Home tab only requires selection of Monitored Elements or Network Domains, rather than a Service or Monitor type. Following is an overview of the Home tab for Traffic Monitors. (The Traffic Monitor Home tab differs from the Service Monitor Home tab, described separately. The Home tab is used to define the query criteria and to provide help access to a help link for that monitor. Return to the Home tab to perform additional queries (each time you click the Launch button, a separate query is performed and a new Summary tab is opened). Following are guidelines for using the Home tab.

179

nGeniusONE 5.4.1 Online Help Topics Icons/Buttons Help: If you require help while using the Monitor, navigate to the monitor's Home tab and click the help icon

, located at the far right of the tab title bar.

Refresh Lists: If a monitored element or network domain has recently been added to your nGeniusONE Server, it may not appear in the above lists. Click the Refresh icon

to update the lists.

Return: If you access the Home tab using the home icon from within monitor view, you can return to that previous view using the Return icon to monitors for which you have already opened a view.

. This icon applies only

Search: You can search within the Monitored Elements and Network Domain tabs by typing in the search field above the tabs, indicated with a text string and icon . Select the tab you want to search, then click to select the search field and type a search string. Launch: After you have selected one or more elements, click the Launch button to perform the query. A new view opens with a Summary tab to display the results to be analyzed. Note that the Home tab can be used to create multiple views with unique context. You can return to the Home tab from any sub-tab in any view and can also navigate between different views. For details, refer to Navigating Monitor Views. Elements Monitored Element list: This list, selected by default, is populated with InfiniStream appliances configured for classification of ASI metrics that are known to the nGeniusONE Server. Select one or more interfaces. Network Domain list: As a convenience, you can opt to select interfaces based on network domain. Note that for domains created with virtual interfaces, the data for the physical interfaces is reported in Traffic Monitors, not data from the virtuals. Also note that if an ME Location is valid but currently unavailable (upgrade in progress or other temporary condition), the address is annotated with an "(*)." When more than one monitored element or domain is available the following selection methods apply: •

Filter the displayed elements by entering a string to match in one of the fields: Name, Address, Alias.

•

Click the column title to sort the list by that field.

•

Click individual rows to highlight and toggle the checkbox for that row to on or off.

•

Click the checkbox above the list of elements to select all elements

Using Traffic Monitor Summary Tabs This topic provides guidance using the Summary tab from either Traffic Monitor (Link or Application). Although some instructions here are applicable to all monitors, for specifics on Service Monitors, refer instead to Working with Service Monitors. The Summary tab contains two panes, a table in the upper pane and a set of charts in the lower pane. Each time a query is performed from the Home tab, a new Summary tab is

180

TROUBLESHOOTING ISSUES displayed, titled with the same monitor name. Use the ME Name and the Time duration (see below) to discern the difference between tabs of the same name. The Summary table for both Traffic Monitors (Link and Application) is the same -- it contains Monitored Elements and throughput metrics. The function of the two monitors varies based on options for displaying data in the charts. Use the section below to understand how to work with the summary table and associate icons to customize the results displayed in the charts.

Working with the Summary Table The title bar and status bar of the this table provide several means of analyzing and filtering results in addition to driving the contents displayed in the associated charts. Here are descriptions of the actions you can perform in Monitor tables. The options on the toolbar of the Summary Table pane allow you to perform the following actions: •

Customize time: Use the time toolbar to adjust the duration of results you want to display at a time, and to move forward and backward through time, by defined increments.

o Duration: To change the overall duration of the chart, which is set to "1 Hour(s)" by default, click the duration menu. For all menu options other than User Defined, the duration is preset and displayed in the time duration pane. To customize the time to a value other than a preset, choose User Defined, then use the Calendar icon to change the Start date and End date, then use the time selectors to specify hour and minutes for both start and end.

181

nGeniusONE 5.4.1 Online Help Topics

Note the following guidelines: The overall duration cannot exceed 31 days (Note that the Discover My Network module is restricted to one hour durations.) The Hour and Minute values are validated against the duration set for Chart Resolution in the View Options menu (described below). In cases where the chart resolution is a day, then User Defined time must be a 24-hour boundary; when it is 1 Hour, the Minutes must be 00. Chart Resolution Setting > 7 Days and <= 31 Days

1 Day

Start and End HH:MM must be on the 24-hour boundary: 12:00AM

>= 3 Days and <= 7 Days

1 Day

Start and End HH:MM must be on the 24-hour boundary: 12:00AM

1 Hour

Start and End HH:MM must be HH:00 (minutes must be 00).

1 Hour

Start and End HH:MM must be HH:00 (minutes must be 00).

5 Min

Required if duration in Time Dialog is in any increment other than 00

> 1 Hour and < 3 Days

182

Impact on User Defined Time

TROUBLESHOOTING ISSUES Time Shift: To change the default time shift of 1 Hour, click the "Shift by" menu and select 5, 15, 30 minutes. Click the time stamps on left and right side of the time toolbar to move forward and back by that increment. Note that time shift is not available after drilldown to hourly data (see below). After the table and charts reload, if you selected a menu option that toggles results for more than a one-hour duration, the time drilldown icon is enabled. The time drilldown icon available from the Summary table opens a new tab for all selected rows limited to a one-hour duration. The new duration of time is indicated in the title of the table, and the nudge menu (see above) is restricted to one hour. •

Expand/collapse table: Click these icons to show or hide the Summary table. When the table is hidden, the charts automatically scale to use the additional space.

•

Maximize/restore table: Use these to toggle between display of only the upper pane / Summary Table and a split display of the upper pane Summary table and the lower pane with charts.

Additional options on the Summary table toolbar allow you to perform the following actions: •

Filter results: Narrow the results by filtering on specific values for each displayed field. If needed, click this icon again to display the currently set filter options. Add multiple filter options using the + icon. If desired, you can specify whether the query should match records with all the criteria or match any one of your multiple criteria. Click the Find button when ready to run the query. When a filter is in use, the icon is highlighted with a gold border.

•

Reset filter:

•

Customize displayed columns: In addition to certain fixed columns, each Monitor has a collection of metrics of which only a subset is displayed by default. Use this icon to customize which metrics are displayed in the Summary table.

•

Export displayed results (CSV, PDF, RTF): data in one of three formats.

•

Drill down to hourly results: If you selected one of the time menu options exceeding a one-hour duration, this icon is enabled. To use this drilldown feature, select rows of interest in the table, then click the icon to open a Drilldown tab containing the data for originally selected rows for the same duration, but the data are now represented in rows of one hour at a time (the specific hour for each row is listed in a new Time column) and charts of 5 minute granularity.

•

Customize view options: You can use this option to toggle display format of values in the Summary table. Note that, by default, certain fields are formatted as per nGeniusONE User Preferences. You can override these settings per monitor, then save settings if desired. Toggling these options causes column titles to change accordingly. The options from this menu are:

Clear the filter options.

Export the currently displayed

Monitored Element: This setting corresponds to the way the appliance is configured in Device Management. From there, an administrator can provide an Alias and a Name, in addition to the device Address. Toggling Alias, Name or Address in the view options dialog changes the column title and, if the administrator 183

nGeniusONE 5.4.1 Online Help Topics provided a value other than IP address for these, the corresponding value is displayed. Chart Resolution: Use this option to change units within charts based on the overall duration of the tab. For durations of three to less than seven days, you can toggle the charts to display resolution in units of 1 Day (default) or 1 Hour. If the overall duration is more than one hour but less than three days, you can toggle the charts to display units in 1 Hour (default) or 5 Min(utes). Network Domain: If the monitor view was opened with a Network Domain rather than Monitored Elements, you can select Expanded in this dialog to reveal monitored elements aggregated in the all the displayed network domains. To change the view back to Network Domains, select the Aggregated option in the View Options dialog. •

Save / Reset settings: Use this tool to save and reset configurations changes you have made for Metrics, View Options, column sort order, and chart legend selections. o Save: This saves settings for this monitor and this tab for the current user. Settings are independent per tab. For example, in Traffic Monitor, the Summary tab settings are independent of the Conversation tab. In Call Server Monitor, the Summary tab settings are independent of the Session Analysis tab settings. o Reset: Use this option to revert the settings to the currently stored system defaults. The next time the monitor is opened, it will use the reset values (Reset does not modify the currently active monitor instance.) o Save for All / Reset for All: These options are displayed in the settings menu when users have the SYSADMIN role. These allow an administrator can configure settings for each monitor once for the entire server, then select the Save for All menu option. Those customizations become the new system default for each user. Users can subsequently create their own customizations. Future Save for All updates by the administrator do not overwrite customizations made by users, rather the internal “default” is updated and applied when non-administrative users select the Reset option. To restore settings to NetScout defaults, the administrator applies Reset for All.

•

Change view modes: Use these icons to change the mode in which the data is presented in the charts: Application Monitor o Application Mode: Data grouped by detected applications for the monitored element row selected in the Summary table. In this mode, when you select a specific application pie slice, the Top 10 Applications and Link Usage Over Time chart updates to Top 10 Locations and Link Usage Over Time for just that specific application. The new chart includes a Location Keys icon that allows you to further isolate details for that application's Link Usage. In cases where multiple keys are present in the data (such as VLAN and QoS), use this icon to select a specific location. Also note that in this mode, IP_OTHER applications are depicted as a category. Drilldown to Packet

184

TROUBLESHOOTING ISSUES Analysis is supported when you select a single application from one of the charts. o Application Group Mode: Data are displayed by application groups. In this mode, drilldown to Packet Analysis is supported after you toggle the right-side chart to Application Mode and select a single application. o Location Mode: The charts present data grouped by detected location keys for the monitored element rows selected in the Summary table. In this mode, a Location Keys icon is displayed on the Traffic Distribution chart, allowing you to select which key types to display (applicable in cases where multiple keys are present in the data, such as VLAN and QoS). In this mode, drilldown to Packet Analysis is supported after you select a single location. Link Monitor o Application Mode: Data grouped by detected applications for the monitored element row selected in the Summary table. Note that in Link Monitor, selecting an application/pie slice does not add a location key toggle to the companion Top 10 Applications and Link Usage Over Time chart as it does in Application Monitor, which is specifically designed for application/location analysis; this monitor is intended for application link usage analysis. In this mode, IP_OTHER applications are depicted as a category. Drilldown to Packet Analysis is supported when you select a single application from one of the charts. o Discovered Applications Mode: Displays TCP/UDP/IP traffic occurring on server-based ports that does not match any of the defined and active applications in Global Settings. The port number and a name, if available, are displayed with ingress/egress packet and octet statistics. If the port is defined in Global Settings, but deactivated, the defined name is displayed. If no matching port is found in Global Settings, but an IANA application type matches the port number, the IANA application type is displayed. If neither of those occurs, the protocol type and port number are used as the application name. To change whether an application is classified as IP_OTHER traffic, use the Global Settings Traffic Discovery tab. Note: This feature relies on an ASI table being enabled. It is on by default, however if no data displays in this tab despite having IP_OTHER traffic, ensure that set asi disc_table is set to on. Also note: Up to 5000 entries are maintained for active traffic and available for display in the Link Monitor; the top 1000 of these by volume are displayed in the Global Settings Traffic Discovery tab. Further, this is a subset of traffic categorized as IP_OTHER; heuristics are used to prevent false positive matches, so only server-based ports are matched. As a result, the total IP_OTHER traffic will be more than the total Discovered Applications table. Drilldown to Packet Analysis is supported when you select a single application from one of the charts. o Vital Signs Mode: Toggles the bottom left chart to a table containing link layer traffic indicators for the selected element in the Summary table. Includes throughput statistics for criteria such as packet types (Unicast, Multicast, Broadcast), packet size distribution, and physical

185

nGeniusONE 5.4.1 Online Help Topics link layer errors, such as CRCs and fragments. It also accounts for some internal packet processing issues as drops and duplicate packets intentionally dropped with span duplicate heuristics. This mode does not support Packet Analysis drilldown. o Granularity Drilldown Mode: Toggles bottom left chart to Link Usage Over Time with next highest granularity based on the current duration, and then step down all the way down to millisecond granularity. In conjunction, the right chart is updated to Traffic Distribution by Application for that same granular time. For example, if the monitor is set to a duration of 1 hour, this toggle changes the chart to Link Usage Over Time at 5 minute granularity. The chart includes an icon to continue increasing granularity as needed. Details for working with charts in this mode are described below. Note that the Discovered Applications Mode and Vital Signs Mode are designed to retrieve link-based statistics. In cases where the selected row is a Network Domain that contains one or more Location Keys in its service definition, the charts display no data since the statistics were not logged by link for that service. See Working with the Charts, below, for more guidance. •

Launch Conversation View: Use this icon to open a Conversation tab with context of the selected row. Note that the Conversation view includes up to 100 conversations based on the In/Out Octets, overall. Optionally, select a specific application from a chart and then use this icon from the companion chart toolbar to limit the Conversation view to only the conversations for that application. If a conversation you are interested in is not displayed in this view, use the Search & Discover tool to query for one of the specific hosts in that conversation.

•

Show more tools: When the browser is too narrow for display of the full set of icons in the toolbar, this icon displays to indicate that more options are available. Click the icon to display a pick list.

•

Navigate available results: The table displays up to 50 results at a time. When more than 50 rows match the query, the Page navigation icons on the upper pane’s status bar are enabled with icons to jump to the start or end, or to a specific page number, and to move forward or backward through the results. The status bar indicates which set of 50 is currently displayed, along with the total number of records

.

•

Resize columns: You can change the width of any column. Hover your mouse cursor over the vertical separator between the column headings until the cursor changes to a gripper icon, then click and drag to adjust.

•

Sort columns: Click the heading of any column to sort the Summary table by that field or metric. The entire table is sorted on that key, not just the currently displayed results. Click a column title multiple times to toggle sort order between ascending and descending.

Working with the Charts The types of charts vary based on the service/protocol associated with the specific Monitor. In addition, the contents of the charts vary based on selections made in the Summary table.

186

TROUBLESHOOTING ISSUES Use the information below to understand the types of charts available in assorted monitors, how to customize and interpret chart data, and how to drill into more detail. Types of Charts Link Monitor

• •

Traffic Distribution by Application

•

Traffic Distribution by Discovered Applications

•

Top 10 Applications and Link Usage Over Time

Top 10 Discovered Applications and IP_OTHER Usage Over Time

• •

Traffic Distribution by Vital Signs

• •

Link Usage Over Time

Application Monitor

• •

Traffic Distribution by Application

• • • •

Traffic Distribution by Application Group

Top 10 Applications and Link Usage Over Time

Top 10 Application Groups and Link Usage Over Time Traffic Distribution by Location Top 10 Locations and Link Usage Over Time

Vital Signs - Metric and Link Usage Over Time Traffic Distribution by Application

Populating and Manipulating Charts Charts are automatically updated each time a new row is selected in the table. In any chart, the source information associated with a data point is available by hovering your cursor over a bar or point on the chart (example below). Contents of the tooltip vary with each Monitor but typically include the packet-based timestamp, the source Monitored Element, the application, and value of the corresponding metric.

187

nGeniusONE 5.4.1 Online Help Topics

For most charts, the primary metrics from each row are plotted in bars or stacked bars over time on the X-axis, with an overlaid line chart of one or more supplemental metrics. Selecting an item in the left-side chart typically updates the right-side chart to a more granular analysis. The following can be used to view charted details more clearly, if needed: •

Measure Picker: When available on a chart, use this icon to display a dialog for toggle the underlying metrics for the chart to a different option (e.g., Volume, Packets, % Utilization).

•

Select Location Keys: This icon, when present, is useful when the chart includes content from more than one Location Key type. Use this dialog to switch the chart to alternate location key types. To disable individual detected values for that key type (e.g., VLAN-243, VLAN-101), use the legend icons on the bottom of the chart. The icon appears when Location Mode is active from within Application Monitor. Note that because the location key dialog includes all keys applicable to the summary table contents, it is possible to select display of key type that is not applicable for the currently active row.

•

188

Launch Decode: This option is displayed from either Traffic Monitor in the Top 10 "Application-based" charts in which you are able to select an individual application (not applicable for Application Groups, Locations, or ME Groups ). To drill into packets from this icon, first ensure the monitor duration does not exceed one hour,

TROUBLESHOOTING ISSUES select a single application from the chart, then click the decode icon. A separate packet (decode) analysis tab displays. For views based on Network Domains, you can perform a decode if you first use the View options dialog to change the view to Expanded mode. •

Toggle Resolution:

This icon is displayed on the lower left chart when the

Toggle Granularity mode icon is selected from the monitor toolbar. In the chart, this icon can be used to incrementally drill down into a selected data point all the way down to millisecond granularity. For views based on Network Domains, you can use this feature if you first use the View options dialog to change the view to Expanded mode. The drilldown granularity start point varies depending on the original duration of time in the monitor. Here are the sequences and actions available in this chart: Starting Durations: When the monitor time is set to a certain duration, the chart starting duration is as indicated here: o

Duration more than 1 Day - chart starts at 1 Day resolution

o

Duration 5 minutes up to 1 Hour - chart starts at 5 minutes

o Duration more than 1 Hour up to 1 Day - chart starts at 1 Hour resolution Drilldown Usage: Select one data point on the chart, either a line, point or bar, then click this icon from the chart toolbar. The chart refreshes at the next higher resolution. The granularity steps in this sequence: Daily, 1 Hour, 5 minutes, 15 seconds, 100 ms, to 1ms. Note: Data for the Utilization metric is available down to 5 minute resolution for nGeniusONE data. When the chart is set to this metric and drilldown is attempted below 5 minute, the chart displays no data. •

Reset Resolution: This icon resets the Link Usage Over Time chart to its original granularity; useful when the Toggle Resolution icon has been used to drill into more granular data views.

•

Launch Conversation View: Use this icon to open a Conversation view tab. Optionally, select a specific application from a chart and then use this icon from the chart toolbar to limit the Conversation view to that context.

•

Toggle chart to table: Available in certain charts for both Traffic Monitors, this icon is used to toggle that chart to a table view and back. In table mode, each row reflects the individual key attribute with its associated throughput metrics (Volume, Packets, and Utilization). The table includes a status bar similar to the Summary table, with options to filter, adjust metrics, and page through data. Note that table mode is the default state for the Vital Signs mode of Link Monitor. That chart is not applicable for graphical display. Following is the Traffic Distribution by Application chart, toggled to table mode:

189

nGeniusONE 5.4.1 Online Help Topics

•

Maximize / restore chart: For charts, these icons behave slightly differently than for the Summary table. The charts are maximized within the lower pane only. Use these icons to toggle display of a single chart in the entire lower pane area or to restore it and display all charts. These icons are not displayed when the browser is scaled down such that only two charts are visible.

•

Additional Chart Actions: o For time-based charts, click and drag to zoom into a more detailed view of the data over time. Click the Reset zoom popup to reset the chart. o For any chart, click the legend label to disable/enable that item from display in the chart.

190

TROUBLESHOOTING ISSUES

o In Traffic Monitor charts, click a pie piece or bar to analyze data for that item in the companion chart. For example, in Application (Traffic) Monitor, selecting one location in the left chart, toggles the right chart from Top 10 Locations and Link Usage to Top 10 Applications and Link Usage for the selected location. In Link Monitor, selecting one bar from the left Link Usage chart to display the Traffic Distribution by Applications for just that moment in time.

Using the Conversation (View) Tab The Conversation tab provides a quick method of assessing the Conversation and Host activity on the monitored network. The data is pre-filtered based on your drilldown method. From within Application Traffic Monitor or Link Traffic Monitor, you can opt to launch the Conversation view on a selected row, or you can select an item from a chart, then use the icon from the companion chart to open a Conversation view with that context. The displayed results include up to 100 conversations based on the In/Out Octets, overall. If a conversation you are interested in is not displayed in this view, use the Search & Discover tool to query for one of the specific hosts in that conversation. Within the Conversation tab, you can then toggle perspectives between Conversation activity (Host A / Host B) and Host activity. Note: Use of this feature requires the data source run v5.4 or later and that certain ASI tables be enabled. If needed, review Monitor Prerequisites.

Working with the Conversation / Host Summary Table The toolbar options operate the same as in the Summary tab of a Traffic monitor. This tab, however, includes a Switch to modes:

icon for toggling the monitor results between different

•

Conversation mode: Summary table of the top conversations detected on the that monitored element. Associated applications and link usage for each conversation are displayed in companion charts.

•

Host mode: Summary table of the top hosts active on that monitored element, with application activity and link usage for the selected host displayed in the companion charts.

191

nGeniusONE 5.4.1 Online Help Topics Additional options on the toolbar of the table allow you to perform the following actions: •

Customize Time: The time toolbar supports the same durations and actions as the Traffic Monitor Summary tab.

•

Filter results: Narrow the results by filtering on specific values for each displayed field. If needed, click this icon again to display the currently set filter options. Add multiple filter options using the + icon. If desired, you can specify whether the query should match records with all the criteria or match any one of your multiple criteria. Click the Find button when ready to run the query. When a filter is in use, the icon is highlighted with a gold border.

•

Reset filter:

•

Customize displayed columns: In addition to certain fixed columns, each Monitor has a collection of metrics of which only a subset is displayed by default. Use this icon to customize which metrics are displayed in the table.

•

Export displayed results (CSV, PDF, RTF): data in one of three formats.

•

Drill down to hourly results: If you selected one of the time menu options exceeding a one-hour duration, this icon is enabled. To use this drilldown feature, select rows of interest in the table, then click the icon to open a Drilldown tab containing the data for originally selected rows for the same duration, but the data are now represented in rows of one hour at a time (the specific hour for each row is listed in a new Time column) and charts of 5 minute granularity.

•

Customize view options: You can use this option to toggle display format of values in the Summary table. Note that, by default, certain fields are formatted as per nGeniusONE User Preferences. You can override these settings per monitor, then save settings if desired. Toggling these options causes column titles to change accordingly. The options from this menu are:

Clear the filter options.

Export the currently displayed

Monitored Element: This setting corresponds to the way the appliance is configured in Device Management. From there, an administrator can provide an Alias and a Name, in addition to the device Address. Toggling Alias, Name or Address in the view options dialog changes the column title and, if the administrator provided a value other than IP address for these, the corresponding value is displayed.

192

TROUBLESHOOTING ISSUES

Chart Resolution: Use this option to change units within charts based on the overall duration of the tab. For durations of three to less than seven days, you can toggle the charts to display resolution in units of 1 Day (default) or 1 Hour. If the overall duration is more than one hour but less than three days, you can toggle the charts to display units in 1 Hour (default) or 5 Min(utes). •

Customize Displayed Keys: This icon allows you to display additional columns (Application, Host A Port, Host B Port) in the summary table. When the chart is switched to Host perspective, only the Application option is available. Note that in cases where the port number is not known or not applicable (such as for peer-topeer applications), the port number is displayed as a '-'.

•

Save / Reset settings: Use this tool to save and reset configurations changes you have made for Metrics, View Options, column sort order, and chart legend selections. o Save: This saves settings for this monitor and this tab for the current user. Settings are independent per tab. For example, in Traffic Monitor, the Summary tab settings are independent of the Conversation tab. In Call Server Monitor, the Summary tab settings are independent of the Session Analysis tab settings. o Reset: Use this option to revert the settings to the currently stored system defaults. The next time the monitor is opened, it will use the reset values (Reset does not modify the currently active monitor instance.) o Save for All / Reset for All: These options are displayed in the settings menu when users have the SYSADMIN role. These allow an administrator can configure settings for each monitor once for the entire server, then select the Save for All menu option. Those customizations become the new system default for each user. Users can subsequently create their own customizations. Future Save for All updates by the administrator do not overwrite customizations made by users, rather the internal “default” is updated and applied when non-administrative users select the Reset option. To restore settings to NetScout defaults, the administrator applies Reset for All.

•

Expand/collapse table: Click these icons to show or hide the Summary table. When the table is hidden, the charts automatically scale to use the additional space.

•

Maximize/restore table: Use these to toggle between display of only the upper pane / Summary Table and a split display of the upper pane Summary table and the lower pane with charts.

•

Navigate available results: The table displays up to 50 results at a time. When more than 50 rows match the query, the Page navigation icons on the upper pane’s status bar are enabled with icons to jump to the start or end, or to a specific page number, and to move forward or backward through the results. The status bar indicates which set of 50 is currently displayed, along with the total number of records

.

193

nGeniusONE 5.4.1 Online Help Topics •

Resize columns: You can change the width of any column. Hover your mouse cursor over the vertical separator between the column headings until the cursor changes to a gripper icon, then click and drag to adjust.

•

Sort columns: Click the heading of any column to sort the table by that field or metric. The entire table is sorted on that key, not just the currently displayed results. Click a column title multiple times to toggle sort order between ascending and descending.

Working with the Charts The following chart types are displayed in the Conversation tab: •

Traffic Distribution by Application | Location

•

Top 10 Applications and Link Usage Over Time

Toolbar options for these charts include the items below. •

Toggle Chart Distribution : This icon, when present, provides the option to toggle the Traffic Distribution chart results between Locations and Applications. When the Location Distribution is active, the chart includes an icon to change the Location key. Note that when the Traffic Distribution chart is in Location mode and the selected interface is configured for QoS, the chart and the Location Keys dialog are blank.

•

Select Location Keys: This icon, present when Traffic Distribution chart is toggled to Location, is useful when the chart includes content from more than one Location Key type. Use this dialog to switch the chart to alternate location key types. To disable individual detected values for that key type (e.g., VLAN-243, VLAN-101), use the legend icons on the bottom of the chart. Note that when the Traffic Distribution chart is in Location mode and the selected interface is configured for QoS, the chart and the Location Keys dialog are blank.

•

Customize chart criteria: Use this icon to display a dialog for changing the underlying metrics for the chart (e.g., Bit Rate, Volume, Packets, % Utilization).

•

Launch Decode: This option is displayed in the "Top 10 Applications and Link Usage Over Time" chart. To drill into packets from this icon, first ensure the duration does not exceed one hour, optimally select a single application from the chart, then click the decode icon. A separate packet (decode) analysis tab displays.

•

Toggle chart to table: This icon is used to toggle that chart to a table view and back. In table mode, each row reflects the individual key attribute with its associated throughput metrics (Volume, Packets, and Utilization). The table includes a status bar similar to the Summary table, with options to filter, adjust metrics, and page through data.

194

TROUBLESHOOTING ISSUES

You can select / deselect chart elements to perform the following tasks: •

Select a pie segment to toggle the companion chart to a more specific context. For example, when the left chart is in application mode, selecting a pie segment changes the right chart to "Application - Link Usage Over Time."

•

Select a bar from the right chart before performing a decode, to limit the decode context to the specific time slice.

•

Click and drag across a bar chart to perform a visual zoom.

Using Packet Decode Tabs From most monitors, you can follow a workflow to drill down to the packet level for forensic analysis after isolating traffic to one hour or less, as follows: •

From the Summary tab of a Service Monitor/Enabler that supports Session Analysis, you can open a Session tab, and from there you can launch a Packet Decode tab. In certain cases, such as in MDF Monitor, it is possible launch decode directly from the Summary tab. When applicable, an icon is displayed on the chart toolbar. Multiple decode tabs can be launched from any Session tab.

•

From the Traffic Monitor charts that display Application statistics you can select a single application and then launch a Packet Decode tab using the icon. You can launch multiple decode tabs. Note that although these monitors provide a variety of perspectives into the data (Applications, Application Groups, Locations, MEs, Network Domains), decode can only be launched on individual applications.

•

From a UC Streams view tab or UC Single-Call view tab.

•

From the Host Analysis module.

•

From the Discover My Network module.

195

nGeniusONE 5.4.1 Online Help Topics For encrypted traffic, decryption will occur automatically upon drilldown from the above modules if the user's role is enabled for Packet Analysis - User Decryption and SSL key configuration has been done. To view the packets without decryption, use the Packet Analysis Data Mining Module.

•

After you isolate packets and select decode, the results are displayed in the new Packet Decode tab in three panes that, together, illustrate the various protocol layers embedded in a frame. Use the following as a guide for the actions you can perform in each of these panes: •

Packet Summary pane

•

Packet Detail pane

•

Packet Hex pane

Packet Summary Pane The Packet Summary pane displays several packets at once, providing a condensed view of the decoded packets’ source and destination addresses, the highest layer protocol in each packet, and various timing information. Although each packet is abbreviated and condensed, you can see at a glance the sequence and context of the frames. You can then examine individual packets in greater detail or skip over them. Usage Scroll through the entries in this pane to identify a row of interest. Select a packet row to update the Packet Detail pane and Packet Hex pane with decode information for the selected frame. Toolbar In addition to using the Summary pane to select packets for display in the other panes, you can perform the following actions using the toolbar located in the Packet Summary pane.

•

196

Navigate decode sessions: Each time you apply a Quick filter or Custom filter (see below) in the current decode tab, a new entry is added into this navigation list. Click the icon to display a dialog with a list of each decode session for this tab. Within the dialog you can edit and navigate between the original decode results and filtered results. To edit a session name or delete a decode session use the icons to the far right of that session title.

TROUBLESHOOTING ISSUES

•

Stop Mining:

•

Launch Quick Filter: trace data.

•

Launch/apply a custom filter: Use this icon to open the Filter Builder to access a tool allowing you to create and apply custom, shared or local filters.

•

Launch Bounce Chart: Open a tab illustrating the flow of packets exchanged in the stream to which the selected frame belongs. Guidance for understanding and using the chart is provided in Viewing Data Mining Bounce Charts.

•

Launch Enhanced Decode: Launches the Enhanced Decode view to display additional information on TCP packets.

•

Compare Two Decode Windows Side by Side: Launches the Compare Decode view to allow you to view the contents of two packets side by side.

•

View Display Options: following options:

•

This stops data mining and returns the accumulated results. Apply a Context, Connection, or Application Filter on the

Adjust the granularity of displayed data with the

o

Time: Select seconds to nanoseconds and whether view all layers or just the top layer in the Summary View pane. It also allows you to filter out unresolved packets.

o

Layers: This option affects the value in Interpretation column. Select All Layers to display one line for each protocol level in a frame. Select Top Layers to display only one line (for the highest enabled protocol level).

o

Resolved / Unresolved: Select whether to display of name or IP address in the Source and Destination columns of the decode summary pane.

o

Column Display: Allows you to adjust how columns display on your screen.

o

Relative Mark: Mark a packet as a baseline for timing packets.

Save Packets as a Trace: If desired, you can save the selected packets to a trace file. Refer to Using Remote Save for detailed steps.

197

nGeniusONE 5.4.1 Online Help Topics

•

Launch Decode As: Launch the Decode As tool to map port numbers for specific applications in your decode.

•

Apply IP Security Decryption Configuration: on encrypted packets.

•

Navigate frames: These tools allow you to navigate through the set of frames associated with the packet.

•

More:

Launch IP Security Decryption

The More button displays a menu with the following options: o

o

Export (Print to File) Column Management

Fields/Columns The Packet Summary pane includes the following fields for each displayed packet (fields marked with * are displayed by default; all fields, except Packet, can be added or removed using the Customize columns option: Field

Description

Packet*

The Summary panel lists frames sequentially in the same order in which they were received. Each frame is assigned a sequential number to simplify navigation. You can move quickly to a particular frame number by entering it in the Go To Frame tool at the top of the pane.

Absolute Time*

The time when the last byte of the packet was received. At that time, nGenius InfiniStream timestamps the packet. All other time displays are based on this value.

Delta Time*

The interval between the current frame’s timestamp and that of the preceding frame.

Size*

The length of the packet, not including the CRC bits.

Source*

The source address for this packet: By default, the Summary pane shows the network layer address, if present. If it is not present, the MAC address is shown.

Destination*

198

The destination address for this packet. Destination

TROUBLESHOOTING ISSUES addresses are shown in the same way as source addresses. Interpretation*

An abbreviated description of the packet’s contents. The exact data shown will depend on the packet, but may include destination and source port numbers, ACK numbers, sequence numbers, and so on. The protocol layer information displayed in this column can be adjusted using the View Options icon (see above).

Status*

Displays a packet status if the packet is one of the following: ACK, PSH, RST, FIN

Capture Size

Displays the amount of packet data captured (this may be less than the actual packet size)

Relative Time

You can select a particular packet in a data trace as a baseline for timing packets (by default, the Relative Mark is set for the first packet). The Relative Time column calculates the time difference (up to the nanosecond) from the marked packet. Packets above the marked packet display negative numbers and packets below the marked packet display positive numbers.

Source Mac

MAC address of the source system

Destination Mac

MAC address of the destination system

Source Port

Port number coming from the source system

Destination Port

Port number going into the destination system

Interface

Interface number from which the data was captured

Cumulative Bytes

Total bytes of the data capture (increments with each subsequent packet)

Custom

Columns created using the Customizing Columns for Data Mining

Packet Detail Pane The Packet Detail pane displays and interprets each protocol layer of the packet currently selected in the Packet Summary pane. The first line in the Detail pane provides some metadata on the decoded packet – the frame number assigned to it in the Packet Summary pane, its length as displayed, and its length as captured. Any difference between the two length values is the result of packet slicing on the capturing nGenius InfiniStream appliance. Following the packet metadata, the layers of the frame are arranged with the lowest protocol layer displayed first (top of the pane) with the remaining frames displayed in sequence down to the highest protocol layers. Initially, each of the layers is shown with a one-line summary. Here are actions you can perform in this pane: •

You can cascade open layers (double-click) to see the full interpretation of each field and parameter in that layer (VLAN tags, TCP header fields, application layer commands, et cetera).

199

nGeniusONE 5.4.1 Online Help Topics •

As you expand packets in this pane and select different layers or fields (by dragging mouse to highlight), corresponding records update in the Packet Hex pane. Use this to identify which hex code corresponds to which layer or field in the packet.

•

Icons are also provided to Expand / Collapse and to Print the entire detail.

Packet Hex Pane This pane shows both the hexadecimal and ASCII interpretation of the frame selected in the Packet Summary panel. The highlighted area in the Packet Hex panel updates according to selections made in the Packet Detail panel, allowing you to map that code to a specific layer or field. Each byte is displayed as two hex characters, 00 to FF, with a blank between successive bytes. The bytes are arranged 16 to a row in a full-width table. The far left column shows the offset from the beginning of the packet, which allows you to readily calculate each field’s location in the packet. The ASCII portion of the panel shows the translations for the hex codes using either ASCII, Extended ASCII, or EBCDIC transliteration. An icon is also provided to Print the currently displayed Hex data.

200

TROUBLESHOOTING ISSUES

PERFORMING DIAGNOSTICS WITH PACKET ANALYSIS Overview of Packet Analysis Three methods of Packet Analysis are available within nGeniusONE to support direct analysis or drilldown. •

Drilldown method: From most Service Monitors and Traffic Monitors you can drill down to the packet level. Details of using the Packet Analysis tab for this workflow are described in Packet Analysis using Service Monitors.

•

Direct decode method: If you know the specific interfaces and time duration you want to decode, you can perform Packet Analysis using the Data Mining module.

•

Viewing Archived Trace Files: You can view archived trace files using the Trace Archive module

201

nGeniusONE 5.4.1 Online Help Topics

Using Packet Decode Tabs From most monitors, you can follow a workflow to drill down to the packet level for forensic analysis after isolating traffic to one hour or less, as follows: From the Summary tab of a Service Monitor/Enabler that supports Session Analysis, you can open a Session tab, and from there you can launch a Packet Decode tab. In certain cases, such as in MDF Monitor, it is possible launch decode directly from the

•

Summary tab. When applicable, an icon is displayed on the chart toolbar. Multiple decode tabs can be launched from any Session tab. From the Traffic Monitor charts that display Application statistics you can select a

•

single application and then launch a Packet Decode tab using the icon. You can launch multiple decode tabs. Note that although these monitors provide a variety of perspectives into the data (Applications, Application Groups, Locations, MEs, Network Domains), decode can only be launched on individual applications. •

From a UC Streams view tab or UC Single-Call view tab.

•

From the Host Analysis module.

•

From the Discover My Network module.

•

For encrypted traffic, decryption will occur automatically upon drilldown from the above modules if the user's role is enabled for Packet Analysis - User Decryption and SSL key configuration has been done. To view the packets without decryption, use the Packet Analysis Data Mining Module.

After you isolate packets and select decode, the results are displayed in the new Packet Decode tab in three panes that, together, illustrate the various protocol layers embedded in a frame. Use the following as a guide for the actions you can perform in each of these panes: •

Packet Summary pane

•

Packet Detail pane

•

Packet Hex pane

Packet Summary Pane The Packet Summary pane displays several packets at once, providing a condensed view of the decoded packets’ source and destination addresses, the highest layer protocol in each packet, and various timing information. Although each packet is abbreviated and condensed, you can see at a glance the sequence and context of the frames. You can then examine individual packets in greater detail or skip over them. Usage Scroll through the entries in this pane to identify a row of interest. Select a packet row to update the Packet Detail pane and Packet Hex pane with decode information for the selected frame. Toolbar In addition to using the Summary pane to select packets for display in the other panes, you can perform the following actions using the toolbar located in the Packet Summary pane. 202

TROUBLESHOOTING ISSUES

•

Navigate decode sessions: Each time you apply a Quick filter or Custom filter (see below) in the current decode tab, a new entry is added into this navigation list. Click the icon to display a dialog with a list of each decode session for this tab. Within the dialog you can edit and navigate between the original decode results and filtered results. To edit a session name or delete a decode session use the icons to the far right of that session title.

•

Stop Mining:

•

Launch Quick Filter: trace data.

•

Launch/apply a custom filter: Use this icon to open the Filter Builder to access a tool allowing you to create and apply custom, shared or local filters.

•

Launch Bounce Chart: Open a tab illustrating the flow of packets exchanged in the stream to which the selected frame belongs. Guidance for understanding and using the chart is provided in Viewing Data Mining Bounce Charts.

•

Launch Enhanced Decode: Launches the Enhanced Decode view to display additional information on TCP packets.

•

Compare Two Decode Windows Side by Side: Launches the Compare Decode view to allow you to view the contents of two packets side by side.

•

View Display Options: following options:

This stops data mining and returns the accumulated results. Apply a Context, Connection, or Application Filter on the

Adjust the granularity of displayed data with the

o

Time: Select seconds to nanoseconds and whether view all layers or just the top layer in the Summary View pane. It also allows you to filter out unresolved packets.

o

Layers: This option affects the value in Interpretation column. Select All Layers to display one line for each protocol level in a frame. Select Top Layers to display only one line (for the highest enabled protocol level).

203

nGeniusONE 5.4.1 Online Help Topics o

Resolved / Unresolved: Select whether to display of name or IP address in the Source and Destination columns of the decode summary pane.

o

Column Display: Allows you to adjust how columns display on your screen.

o

Relative Mark: Mark a packet as a baseline for timing packets.

•

Save Packets as a Trace: If desired, you can save the selected packets to a trace file. Refer to Using Remote Save for detailed steps.

•

Launch Decode As: Launch the Decode As tool to map port numbers for specific applications in your decode.

•

Apply IP Security Decryption Configuration: on encrypted packets.

•

Navigate frames: These tools allow you to navigate through the set of frames associated with the packet.

•

More:

Launch IP Security Decryption

The More button displays a menu with the following options: o

o

Export (Print to File) Column Management

Fields/Columns The Packet Summary pane includes the following fields for each displayed packet (fields marked with * are displayed by default; all fields, except Packet, can be added or removed using the Customize columns option: Field

204

Description

Packet*

The Summary panel lists frames sequentially in the same order in which they were received. Each frame is assigned a sequential number to simplify navigation. You can move quickly to a particular frame number by entering it in the Go To Frame tool at the top of the pane.

Absolute Time*

The time when the last byte of the packet was received. At that time, nGenius InfiniStream timestamps the packet. All other time displays are based on this value.

Delta Time*

The interval between the current frame’s timestamp and

TROUBLESHOOTING ISSUES that of the preceding frame. Size*

The length of the packet, not including the CRC bits.

Source*

The source address for this packet: By default, the Summary pane shows the network layer address, if present. If it is not present, the MAC address is shown.

Destination*

The destination address for this packet. Destination addresses are shown in the same way as source addresses.

Interpretation*

An abbreviated description of the packet’s contents. The exact data shown will depend on the packet, but may include destination and source port numbers, ACK numbers, sequence numbers, and so on. The protocol layer information displayed in this column can be adjusted using the View Options icon (see above).

Status*

Displays a packet status if the packet is one of the following: ACK, PSH, RST, FIN

Capture Size

Displays the amount of packet data captured (this may be less than the actual packet size)

Relative Time

You can select a particular packet in a data trace as a baseline for timing packets (by default, the Relative Mark is set for the first packet). The Relative Time column calculates the time difference (up to the nanosecond) from the marked packet. Packets above the marked packet display negative numbers and packets below the marked packet display positive numbers.

Source Mac

MAC address of the source system

Destination Mac

MAC address of the destination system

Source Port

Port number coming from the source system

Destination Port

Port number going into the destination system

Interface

Interface number from which the data was captured

Cumulative Bytes

Total bytes of the data capture (increments with each subsequent packet)

Custom

Columns created using the Customizing Columns for Data Mining

Packet Detail Pane The Packet Detail pane displays and interprets each protocol layer of the packet currently selected in the Packet Summary pane. The first line in the Detail pane provides some metadata on the decoded packet – the frame number assigned to it in the Packet Summary pane, its length as displayed, and its length as captured. Any difference between the two length values is the result of packet slicing on the capturing nGenius InfiniStream appliance. Following the packet metadata, the layers of 205

nGeniusONE 5.4.1 Online Help Topics the frame are arranged with the lowest protocol layer displayed first (top of the pane) with the remaining frames displayed in sequence down to the highest protocol layers. Initially, each of the layers is shown with a one-line summary. Here are actions you can perform in this pane: •

You can cascade open layers (double-click) to see the full interpretation of each field and parameter in that layer (VLAN tags, TCP header fields, application layer commands, et cetera).

•

As you expand packets in this pane and select different layers or fields (by dragging mouse to highlight), corresponding records update in the Packet Hex pane. Use this to identify which hex code corresponds to which layer or field in the packet.

•

Icons are also provided to Expand / Collapse and to Print the entire detail.

Packet Hex Pane This pane shows both the hexadecimal and ASCII interpretation of the frame selected in the Packet Summary panel. The highlighted area in the Packet Hex panel updates according to selections made in the Packet Detail panel, allowing you to map that code to a specific layer or field. Each byte is displayed as two hex characters, 00 to FF, with a blank between successive bytes. The bytes are arranged 16 to a row in a full-width table. The far left column shows the offset from the beginning of the packet, which allows you to readily calculate each field’s location in the packet. The ASCII portion of the panel shows the translations for the hex codes using either ASCII, Extended ASCII, or EBCDIC transliteration. An icon is also provided to Print the currently displayed Hex data.

206

TROUBLESHOOTING ISSUES

Data Mining Using Packet Analysis Data Mining The Data Mining view is one of the main screens for the nGeniusONE-based Packet Analysis. All of the monitored elements (allowed by your user role) are listed on this screen.

To perform an operation on a monitored element, click the interface and then click one of the following buttons found on the menu bar: Refresh the view Filter Constructor User Settings Navigate to launched decode sessions Navigate to launched Data Capture sessions Access online help Selecting Monitored Elements Selecting Network Domains

207

nGeniusONE 5.4.1 Online Help Topics

How to use the Decode function How to use the Export function How to use the Data Capture function

Selecting Monitored Elements From the list of Monitored Elements, you can select up to four interfaces on which to perform a Decode or Save, or select a single interface on which to perform a Data Capture. To help you locate a particular interface or interfaces, there is a search icon that allows you to locate a particular IP address, element/domain name, or alias. Also, each field in the Monitored Element list has the option to sort a field in ascending or descending order. To sort the list, click the desired field and click the Sort Ascending/Descending button next to the field name.

When you select the interface(s) to perform the Decode/Save/Capture operation, see the following links for more information: •

How to use the Decode function

•

How to use the Export function

•

How to use the Data Capture function

Note: You can perform only one Capture operation at a time. Also, performing Data Capture operations from Network Domains is unsupported.

208

TROUBLESHOOTING ISSUES

Selecting Network Domains From the list of Network Domains, you can select a Network Domain (Packet Analysis derives the Network Domain names from those configured in the Service Domain) on which to perform a Decode or Save. To help you locate a particular interface or interfaces, there is a search icon that allows you to locate a particular IP address, element/domain name, or alias. Also, each field in the Monitored Element list has the option to sort a field in ascending or descending order. To sort the list, click the desired field and click the Sort Ascending/Descending button next to the field name.

Once you select a Network Domain, choose a domain member from the drop-down list next to the ME Name contained in the ME Details section and perform the Decode or Save operation. Note: Performing Data Capture operations from Network Domains is unsupported.

List of Network Domain Member Interfaces

209

nGeniusONE 5.4.1 Online Help Topics

When you select the interface to perform the Decode/Save operation, see the following links for more information: •

How to use the Decode function

•

How to use the Export function

•

Filtering

210

TROUBLESHOOTING ISSUES

Customizing Packet Analysis User Settings You can adjust user settings using this dialog box. This allows you to customize the Decode view.

Colorize Filtered Packets - When you apply a filter, the filtered packets display with a different color. Time Format - Use the radio button to display time in 12- or 24-hour format (for example, 05:26:00 PM [12-hour] or 17:26:00 [24-hour]) Default Save On - When running a trace file export, you can set the default device to display in the drop-down box (nGeniusONE, InfiniStream, Desktop)

211

nGeniusONE 5.4.1 Online Help Topics

Launch Remote Analysis Decode To launch Remote Analysis (Protocol Decode), do the following:

1. Select the interface(s) on which you want to perform the Decode. You can select more than one interface by holding down the or key and clicking on the desired interfaces. You can select more than one interface on a single nGenius InfiniStream appliance. 2. Click the Decode button on the right hand side of the pane. 3. (Optional, unchecked by default) Check the Use previously saved Time and Filter settings box to have the last saved time interval and filter automatically fill in. To reset the time interval and filter settings, clear the check box and change the

212

TROUBLESHOOTING ISSUES appropriate settings. When you click Submit, your settings are saved for the next session. 4. Open the Time Zone drop-down box and select a time zone if you wish to adjust the packet timestamps to a particular time zone. This step is optional. Adjusting the time zone is useful if you have devices in different time zones from the nGeniusONE server and you want to adjust to a local time. You can select either the server time zone, client time zone, or any of the major time zones from the drop-down list. 5. Set the Start Date by clicking the calendar icon on the Start Date line and set the End Date by clicking the calendar icon on the End Date line. 6. Set the Start Time by manually entering or clicking the time box on the Start Date line and set the End Time by manually entering or clicking the time box on the End Date line. Note: After performing steps 5-6, you can set a time (up to one hour) in the Duration box to collect trace data for a particular length of time. If you want to collect the latest trace data, after setting the duration, click the Refresh adjust the start and end time/date to the latest available data.

button to

7. (Optional) If you want to use a predefined or customize a quick filter, see the Filtering section. 8. (Optional) Click Use SSL Decryption to view decrypted SSL encrypted packets if your nGeniusONE user ID is configured to decrypt SSL encrypted packets. Note: When you enable the Use SSL Decryption feature and export a decrypted data trace, the packets are exported in decrypted form. 9. Click Decode to start the Protocol Decode.

Filtering Open the Define Filter accordion by clicking the

button. The Filter dialog displays.

1. Select either a predefined filter (Decode only) by clicking the Choose from predefined filters radio button or click Create your own Quick Filter to create a custom quick filter. Note: Predefined filter selection is only supported in Decode operations. 2. If choosing a predefined filter, click the drop-down box in the drop-down box and select your filter. 3. If entering a custom filter, do the following: a. Select an application on which you wish to filter by clicking the to filter.

drop-down box and select the application you wish

b. (Optional) You can sort on particular protocols, IP addresses, or port numbers. You can select up to four Applications with two IP Address/Port combinations. This means for each protocol, you can sort on two IP addresses, two port numbers, or one of each. Enter a source IP address or port number by entering data in the first IP Address/Port box that follows the application you selected. To enter a destination IP address or

213

nGeniusONE 5.4.1 Online Help Topics port, enter data in the second IP Address/Port box. You can enter data in either or both IP Address/Port boxes. If you enter data in both boxes, the filter selects packets that contain the specified source and destination information you provide. Each IP Address/Port box works as an AND operator to its complement. Important: When entering IPv6 addresses in filters, surround the IPv6 address with brackets []. For example, ipv6==[fda2:7043:e658:e556:0123:4567:89ab:cdef/128] or ipv6==[fda2:7043:e658:e556:0123:4567:89ab:cdef/128]:8080 4. If you want to filter additional applications, click the button to add another application filter. Repeat step 3 for the new application. When using more than one custom filter, each filter is treated independently (each filter works as an OR operator). 5. To remove a custom filter, click the

214

button next to the filter you wish to remove.

TROUBLESHOOTING ISSUES

Launch Trace File Export/Save To export (save) a trace file, do the following:

1. Select the interface(s) on which you want to perform the Save. You can select more than one interface by holding down the or key and clicking on the desired interfaces. You can select more than one interface on a single nGenius InfiniStream appliance. 2. Click the Save button on the right hand side of the pane.

215

nGeniusONE 5.4.1 Online Help Topics 3. (Optional, unchecked by default) Check the Use previously saved Time and Filter settings box to have the last saved time interval and filter automatically fill in. To reset the time interval and filter settings, clear the check box and change the appropriate settings. When you click Save, your settings are saved for the next session. 4. Open the Time Zone drop-down box and select a time zone if you wish to adjust the packet timestamps to a particular time zone. This step is optional. Adjusting the time zone is useful if you have devices in different time zones from the nGeniusONE server and you want to adjust to a local time. You can select either the server time zone, client time zone, or any of the major time zones from the drop-down list. 5. Set the Start Date by clicking the calendar icon on the Start Date line and set the End Date by clicking the calendar icon on the End Date line. 6. Set the Start Time by manually entering or clicking the time box on the Start Date line and set the End Time by manually entering or clicking the time box on the End Date line. Note: After performing steps 5-6, you can set a time (up to one hour) in the Duration box to collect trace data for a particular length of time. If you want to collect the latest trace data, after setting the duration, click the Refresh adjust the start and end time/date to the latest available data.

button to

7. (Optional) If you want to use a predefined or customize a quick filter, see the Filtering section. 8. In the Save On section, select whether to save the file to the nGenius InfiniStream, the nGeniusONE server, or to your system. If saving to an nGenius InfiniStream appliance or the nGeniusONE server, select the folder into which you want to place the file. 9. Enter the file name in the File Name field. You only need to enter the file name. The PCAP extension is added automatically. 10. Check the Overwrite box if overwriting an existing file. This step is optional. 11. Click Export to save the file. If you chose to save the file on your local machine, the file is most often saved to your browser Download folder. 12. The Export Status section of the tab displays the status of the export (such as: Preparing, percentage completed, and Complete). 13. If you want to cancel an export, click the of the tab.

indicator that appears at the bottom

Filtering Open the Define Filter accordion by clicking the

button. The Filter dialog displays.

1. Select either a predefined filter (Decode only) by clicking the Choose from predefined filters radio button or click Create your own Quick Filter to create a custom quick filter. Note: Predefined filter selection is only supported in Decode operations.

216

TROUBLESHOOTING ISSUES

2. If choosing a predefined filter, click the drop-down box in the drop-down box and select your filter. 3. If entering a custom filter, do the following: a. Select an application on which you wish to filter by clicking the to filter.

drop-down box and select the application you wish

b. (Optional) You can sort on particular protocols, IP addresses, or port numbers. You can select up to four Applications with two IP Address/Port combinations. This means for each protocol, you can sort on two IP addresses, two port numbers, or one of each. Enter a source IP address or port number by entering data in the first IP Address/Port box that follows the application you selected. To enter a destination IP address or port, enter data in the second IP Address/Port box. You can enter data in either or both IP Address/Port boxes. If you enter data in both boxes, the filter selects packets that contain the specified source and destination information you provide. Each IP Address/Port box works as an AND operator to its complement. Important: When entering IPv6 addresses in filters, surround the IPv6 address with brackets []. For example, ipv6==[fda2:7043:e658:e556:0123:4567:89ab:cdef/128] or ipv6==[fda2:7043:e658:e556:0123:4567:89ab:cdef/128]:8080 4. If you want to filter additional applications, click the button to add another application filter. Repeat step 3 for the new application. When using more than one custom filter, each filter is treated independently (each filter works as an OR operator). 5. To remove a custom filter, click the

button next to the filter you wish to remove.

217

nGeniusONE 5.4.1 Online Help Topics

Launching Data Capture When you detect a network problem, you might need specific packet level information for your troubleshooting purposes. The Packet Analysis feature contained in nGeniusONE enables you to obtain packet level data by performing a Data Capture. You can then decode the captured data either in real time as the data capture occurs, or save the data capture trace for further analysis. Use the Data Capture function to view real-time data. This is helpful when analyzing a problem that is currently occurring on your network. Note: Data Capture is only supported on one interface from the list of Monitored Elements You can run up to four Data Capture sessions at one time

Procedure Real-time Data Capture is supported on a single nGenius InfiniStream appliance physical interface.

A toolbar is provided at the top of the Summary panel allowing you to perform the following operations, as shown in the image and described in the table below: Refresh the view

Filter Constructor

218

TROUBLESHOOTING ISSUES

User Settings

Navigate to launched decode sessions Navigate to launched capture sessions Access online help

To launch a Data Capture, do the following: 1. Select the interface on which you want to perform the Capture. You can select a single interface on a single nGenius InfiniStream appliance. 2. Select the Slice Size (number of packet bytes displayed) of the packets you wish to capture from the drop-down box. The default is 2048 bytes. 3. Select the Buffer Size of the data capture from the drop-down box. The default is one megabyte. 4. (Optional) Click Use SSL Decryption to decrypt SSL encrypted packets if your nGeniusONE user ID is configured to decrypt SSL encrypted packets. 5. (Optional, unchecked by default) Check the Use previously saved settings box to have the last used filter automatically fill in. To reset the filter settings, clear the check box and change the appropriate settings. When you start the capture, your settings are saved for the next session. 6. (Optional) If you want to customize a quick filter, see the Filtering section. 7. (Optional) In the Save On section, select whether to save the file to the nGenius InfiniStream, the nGeniusONE server, or to your system. If saving to an nGenius InfiniStream appliance or the nGeniusONE server, select the folder into which you want to place the file. a. Enter the file name in the File Name field. You only need to enter the file name. The PCAP extension is added automatically. b. Check the Overwrite box if overwriting an existing file. This step is optional. c. If you wish to save the data capture without viewing, click Save. You can open it later using the Trace Archive. d. If you want to cancel an export, click the at the bottom of the tab.

indicator that appears

8. Click the Start button on the right hand side of the pane to start the Data Capture. 9. The capture progress displays in the Show Capture Statistics section of the Capture

tab.

219

nGeniusONE 5.4.1 Online Help Topics 10. Once complete or when you press the Stop button, you can either Decode or Save the capture trace. To decode the trace, see step 11. To Save the trace, see step 7. 11. Click Decode to view the Data Capture Decode.

Filtering Open the Define Filter accordion by clicking the

button. The Filter dialog displays.

1. Select either a predefined filter (Decode only) by clicking the Choose from predefined filters radio button or click Create your own Quick Filter to create a custom quick filter. Note: Predefined filter selection is only supported in Decode operations. 2. If choosing a predefined filter, click the drop-down box in the drop-down box and select your filter. 3. If entering a custom filter, do the following: a. Select an application on which you wish to filter by clicking the to filter.

drop-down box and select the application you wish

b. (Optional) You can sort on particular protocols, IP addresses, or port numbers. You can select up to four Applications with two IP Address/Port combinations. This means for each protocol, you can sort on two IP addresses, two port numbers, or one of each. Enter a source IP address or port number by entering data in the first IP Address/Port box that follows the application you selected. To enter a destination IP address or port, enter data in the second IP Address/Port box. You can enter data in either or both IP Address/Port boxes. If you enter data in both boxes, the filter selects packets that contain the specified source and destination information you provide. Each IP Address/Port box works as an AND operator to its complement. Important: When entering IPv6 addresses in filters, surround the IPv6 address with brackets []. For example, ipv6==[fda2:7043:e658:e556:0123:4567:89ab:cdef/128] or ipv6==[fda2:7043:e658:e556:0123:4567:89ab:cdef/128]:8080 4. If you want to filter additional applications, click the button to add another application filter. Repeat step 3 for the new application. When using more than one custom filter, each filter is treated independently (each filter works as an OR operator). 5. To remove a custom filter, click the

220

button next to the filter you wish to remove.

TROUBLESHOOTING ISSUES

Create Your Own Quick Filter When performing a Decode, Save, or Data Capture operation, you can filter packets based on predefined (Decode and Save only) or ad-hoc filters. The Define Filter field contains an option for selecting a pre-defined filter or an option to Create your own Quick Filter (adhoc). Using the Create your own Quick Filter feature, you can sort on particular protocols, IP Addresses, or port numbers. You can select up to four four Applications with two IP Address/Port combinations. This means for each protocol, you can sort on two IP addresses, two port numbers, or one of each. When selecting more than one protocol, the search works as an OR operator. When searching on an IP address and/or port pair, the search operates as an AND operator. You can add or remove lines from this type of filter. To use the Create your own Quick Filter feature, do the following (Note: You can perform a maximum of four simultaneous Quick Filters): Open the Define Filter accordion by clicking the

button. The Filter dialog displays.

1. Select either a predefined filter (Decode only) by clicking the Choose from predefined filters radio button or click Create your own Quick Filter to create a custom quick filter. Note: Predefined filter selection is only supported in Decode operations. 2. If choosing a predefined filter, click the drop-down box in the drop-down box and select your filter. 3. If entering a custom filter, do the following: a. Select an application on which you wish to filter by clicking the to filter.

drop-down box and select the application you wish

b. (Optional) You can sort on particular protocols, IP addresses, or port numbers. You can select up to four Applications with two IP Address/Port combinations. This means for each protocol, you can sort on two IP addresses, two port numbers, or one of each. Enter a source IP address or port number by entering data in the first IP Address/Port box that follows the application you selected. To enter a destination IP address or port, enter data in the second IP Address/Port box. You can enter data in either or both IP Address/Port boxes. If you enter data in both boxes, the filter selects packets that contain the specified source and destination information you provide. Each IP Address/Port box works as an AND operator to its complement. Important: When entering IPv6 addresses in filters, surround the IPv6 address with brackets []. For example, ipv6==[fda2:7043:e658:e556:0123:4567:89ab:cdef/128] or ipv6==[fda2:7043:e658:e556:0123:4567:89ab:cdef/128]:8080 4. If you want to filter additional applications, click the button to add another application filter. Repeat step 3 for the new application. When using more than one custom filter, each filter is treated independently (each filter works as an OR operator).

221

nGeniusONE 5.4.1 Online Help Topics

5. To remove a custom filter, click the

222

button next to the filter you wish to remove.

TROUBLESHOOTING ISSUES

Launching Remote Analysis (Protocol Decode/Save/Data Capture) From the Data Mining tab, you can launch a Decode of historical data, save a trace file for future analysis, or perform a real-time data capture. This is useful in forensic analysis of a current or past event. When viewing the Data Mining tab, you see a list of Monitored Elements or Network Domains from which you can select and run your data mining operations. There is a search icon that allows you to locate a particular IP address, element/domain name, or alias. Also, each field in the Monitored Element or Network Domain list has the option to sort a field in ascending or descending order. To sort the list, click the Sort Ascending/Descending button next to the field name on which you want to sort.

A toolbar is provided at the top of the Summary panel allowing you to perform the following operations, as shown in the image and described in the table below: Refresh the view Filter Constructor User Settings Navigate to launched decode sessions Navigate to launched capture sessions Access online help

223

nGeniusONE 5.4.1 Online Help Topics There are also three buttons on the right side of the pane. Select the Decode button for a Protocol Decode, select the Save button to save a trace file, or select the Data Capture button to perform a real-time data capture. Click the question mark icon for online help.

Decode Button To launch Remote Analysis (Protocol Decode), do the following:

224

TROUBLESHOOTING ISSUES 1. Select the interface(s) on which you want to perform the Decode. You can select more than one interface by holding down the or key and clicking on the desired interfaces. You can select more than one interface on a single nGenius InfiniStream appliance. 2. Click the Decode button on the right hand side of the pane. 3. (Optional, unchecked by default) Check the Use previously saved Time and Filter settings box to have the last saved time interval and filter automatically fill in. To reset the time interval and filter settings, clear the check box and change the appropriate settings. When you click Submit, your settings are saved for the next session. 4. Open the Time Zone drop-down box and select a time zone if you wish to adjust the packet timestamps to a particular time zone. This step is optional. Adjusting the time zone is useful if you have devices in different time zones from the nGeniusONE server and you want to adjust to a local time. You can select either the server time zone, client time zone, or any of the major time zones from the drop-down list. 5. Set the Start Date by clicking the calendar icon on the Start Date line and set the End Date by clicking the calendar icon on the End Date line. 6. Set the Start Time by manually entering or clicking the time box on the Start Date line and set the End Time by manually entering or clicking the time box on the End Date line. Note: After performing steps 5-6, you can set a time (up to one hour) in the Duration box to collect trace data for a particular length of time. If you want to collect the latest trace data, after setting the duration, click the Refresh adjust the start and end time/date to the latest available data.

button to

7. (Optional) If you want to use a predefined or customize a quick filter, see the Filtering section. 8. (Optional) Click Use SSL Decryption to view decrypted SSL encrypted packets if your nGeniusONE user ID is configured to decrypt SSL encrypted packets. 9. Click Decode to start the Protocol Decode. 10. The Decode View opens.

225

nGeniusONE 5.4.1 Online Help Topics

Export Button To save a trace file, do the following:

226

TROUBLESHOOTING ISSUES 1. Select the interface(s) on which you want to perform the Save. You can select more than one interface by holding down the or key and clicking on the desired interfaces. You can select more than one interface on a single nGenius InfiniStream appliance. 2. Click the Save button on the right hand side of the pane. 3. (Optional, unchecked by default) Check the Use previously saved Time and Filter settings box to have the last saved time interval and filter automatically fill in. To reset the time interval and filter settings, clear the check box and change the appropriate settings. When you click Save, your settings are saved for the next session. 4. Open the Time Zone drop-down box and select a time zone if you wish to adjust the packet timestamps to a particular time zone. This step is optional. Adjusting the time zone is useful if you have devices in different time zones from the nGeniusONE server and you want to adjust to a local time. You can select either the server time zone, client time zone, or any of the major time zones from the drop-down list. 5. Set the Start Date by clicking the calendar icon on the Start Date line and set the End Date by clicking the calendar icon on the End Date line. 6. Set the Start Time by manually entering or clicking the time box on the Start Date line and set the End Time by manually entering or clicking the time box on the End Date line. Note: After performing steps 5-6, you can set a time in the Duration box to collect trace data for a particular length of time. If you want to collect the latest trace data, after setting the duration, click the Refresh time/date to the latest available data.

button to adjust the start and end

7. (Optional) If you want to use a predefined or customize a quick filter, see the Filtering section. 8. In the Save On section, select whether to save the file to the nGenius InfiniStream, the nGeniusONE server, or to your system. If saving to an nGenius InfiniStream appliance or the nGeniusONE server, select the folder into which you want to place the file. 9. Enter the file name in the File Name field. You only need to enter the file name. The PCAP extension is added automatically. 10. Check the Overwrite box if overwriting an existing file. This step is optional. 11. Click Export to save the file. If you chose to save the file on your local machine, the file is most often saved to your browser Download folder. 12. The Export Status section of the tab displays the status of the export (such as: Preparing, percentage completed, and Complete). 13. If you want to cancel an export, click the of the tab.

indicator that appears at the bottom

Data Capture To launch a Data Capture, do the following:

227

nGeniusONE 5.4.1 Online Help Topics

1. Select the interface on which you want to perform the Capture. You can select a single interface on a single nGenius InfiniStream appliance. 2. Select the Slice Size (number of packet bytes displayed) of the packets you wish to capture from the drop-down box. The default is 2048 bytes. 3. Select the Buffer Size of the data capture from the drop-down box. The default is one megabyte.

228

TROUBLESHOOTING ISSUES 4. (Optional) Click Use SSL Decryption to view decrypted SSL encrypted packets if your nGeniusONE user ID is configured to decrypt SSL encrypted packets. 5. (Optional, unchecked by default) Check the Use previously saved settings box to have the last saved filter automatically fill in. To reset the filter settings, clear the check box and change the appropriate settings. When you start the capture, your settings are saved for the next session. 6. (Optional) If you want to use a quick filter, see the Filtering section. 7. (Optional) In the Save On section, select whether to save the file to the nGenius InfiniStream, the nGeniusONE server, or to your system. If saving to an nGenius InfiniStream appliance or the nGeniusONE server, select the folder into which you want to place the file. a. Enter the file name in the File Name field. You only need to enter the file name. The PCAP extension is added automatically. b. Check the Overwrite box if overwriting an existing file. This step is optional. c. If you wish to save the data capture without viewing, click Save. You can open it later using the Trace Archive. d. If you want to cancel an export, click the at the bottom of the tab.

indicator that appears

8. Click the Start button on the right hand side of the pane to start the Data Capture. 9. The capture progress displays in the Show Capture Statistics section of the Capture tab. 10. Once complete or when you press the Stop button, you can either Decode or Save the capture trace. To decode the trace, see step 11. To Save the trace, see step 7. 11. Click Decode to view the Data Capture Decode.

Filtering Open the Define Filter accordion by clicking the

button. The Filter dialog displays.

1. Select either a predefined filter (Decode only) by clicking the Choose from predefined filters radio button or click Create your own Quick Filter to create a custom quick filter. Note: Predefined filter selection is only supported in Decode operations. 2. If choosing a predefined filter, click the drop-down box in the drop-down box and select your filter. 3. If entering a custom filter, do the following: a. Select an application on which you wish to filter by clicking the to filter.

drop-down box and select the application you wish

b. (Optional) You can sort on particular protocols, IP addresses, or port numbers. You can select up to four Applications with two IP Address/Port combinations. This means for each protocol, you can sort on two IP

229

nGeniusONE 5.4.1 Online Help Topics addresses, two port numbers, or one of each. Enter a source IP address or port number by entering data in the first IP Address/Port box that follows the application you selected. To enter a destination IP address or port, enter data in the second IP Address/Port box. You can enter data in either or both IP Address/Port boxes. If you enter data in both boxes, the filter selects packets that contain the specified source and destination information you provide. Each IP Address/Port box works as an AND operator to its complement. Important: When entering IPv6 addresses in filters, surround the IPv6 address with brackets []. For example, ipv6==[fda2:7043:e658:e556:0123:4567:89ab:cdef/128] or ipv6==[fda2:7043:e658:e556:0123:4567:89ab:cdef/128]:8080 4. If you want to filter additional applications, click the button to add another application filter. Repeat step 3 for the new application. When using more than one custom filter, each filter is treated independently (each filter works as an OR operator). 5. To remove a custom filter, click the

230

button next to the filter you wish to remove.

TROUBLESHOOTING ISSUES

Launch Enhanced Decode The Launch Enhanced Decode feature allows you to narrow your Decode view to TCP frames. A TCP Enhanced Decode displays additional TCP-specific information (such as tcp.window_size, tcp.info_bytes_in_flight, tcp.alarm, etc.). The Enhanced Decode is based on a unique IP address and port pair combination derived by the packet on which you click before launching Enhanced Decode. Enhanced Decode is useful in analyzing and differentiating whether an issue is related to the server or the network. For example, your network has remote clients connecting to servers on high-capacity (10Gb throughput) links. An issue may arise where there is slow or bad processing of client requests. This may cause the entire link to appear slow or unreachable. In a case like this, the TCP Window size may equal zero, which could cause the server to stop sending packets. Enhanced Decode gives you greater insight into TCP stack behavior. This insight saves time by indicating a client/server issue, rather than following the path of diagnosing a network/link problem. To launch an Enhanced Decode, do the following:

1. From the Decode view, select a packet and click the Launch Enhanced Decode button. 2. The TCP Enhanced Decode view displays.

231

nGeniusONE 5.4.1 Online Help Topics

A toolbar is provided at the top of the Summary panel allowing you to perform the following operations, as shown in the image and described in the table below: Return to the Managed Entities (Data Mining or Trace Archive) screen Navigate to launched decode sessions. Stop mining. This stops data mining and returns the results it has accumulated. View Options Save As

IP SEC Decrypt

Decode As

More Options - includes Export (Print to File) Show Graph View

232

TROUBLESHOOTING ISSUES

Click to access online help Close decode. This closes the decode session and returns you to either the Data Mining or Trace Archive main view. Scroll Up one packet Scroll Down one packet Select the packet number you wish to view Go to First packet

Go to Last packet

Go to Marked frame (in Data Capture, this is the first frame in the trace) Expand and Collapse all layers in pane Expand and Collapse pane 3. When you click on a packet and examine the TCP section of the Detail pane, you see a new field named Additional Info. When you expand the Additional Info field, various TCP information derived from the packet displays.

233

nGeniusONE 5.4.1 Online Help Topics

4. To view more detailed information, click the Show Graph View the TCP Graph.

234

button to launch

TROUBLESHOOTING ISSUES

Show Graph View The Show Graph View provides an additional level of visibility into TCP packets by graphically displaying additional TCP information derived from the packets contained in the Enhanced Decode. To launch the TCP Graph: 1. From the Enhanced Decode view, click the Show Graph View

button.

2. The TCP Graph displays in the Summary pane of the Enhanced Decode view. The left-hand Y axis displays the TCP Window size in bytes. The right-hand Y axis displays the TCP Bytes in Flight value in bytes. You can toggle the X axis to display packet times or packet numbers. Any additional TCP information derived by Packet Analysis is displayed in the TCP Graph.

3. You can click the available fields in the view to show or hide them. 4. You can also click the Toggle X axis packet number.

to display the TCP Graph by time or by

235

nGeniusONE 5.4.1 Online Help Topics TCP Graph Displayed over Time

TCP Graph Displayed by Packet 5. To return to the standard Summary view (exit the TCP Graph), click the Show Table View

236

button.

TROUBLESHOOTING ISSUES

Quick Filter From the Summary panel of the Decode View, you can choose the Quick Filter menu option to run a Context, Connection, or Application Filter on your trace data. To use the Quick Filter: 1. Click a packet in the Summary View 2. Click the Quick Filter

button.

3. A dialog box opens with information relevant to the packet you selected; select the type of filter operation you wish to perform (Context, Connection, or Application)

Connection Filter

237

nGeniusONE 5.4.1 Online Help Topics

Application Filter

Context Filter 4. You can automatically run the filter as displayed or you can customize the filter further. See the Filter Constructor topic for more information on filter syntax. 5. Click Apply. The filter automatically runs and the filtered data is displayed.

238

TROUBLESHOOTING ISSUES

Using the Filter Constructor Creating and managing filters is an essential component of successful packet analysis. Filters help you isolate the information you need when you perform a protocol decode or view a trace file. Creating a filter allows you to define parameters that are represented in the filter as specific bit patterns. •

When you apply a Data Mining (pre-capture) filter to a protocol decode, every packet detected on the selected interface is compared to the bit pattern defined by your filter. All packets that match the filter criteria are copied to the capture buffer.

•

When you apply a post-capture filter to a protocol decode, each packet in the file is compared to the filter to further define your focus.

Note: If you use Advanced Terms in a filter, that filter is only supported as a postcapture filter. A message displaying This filter uses Advanced Terms. Advanced Terms are only supported in post-decode filters appears in the Status Bar when using Advanced Terms. Also, post-capture filter files do not appear in views where only Data Mining filters are supported.

Filter Builder Topic Sections The Filter Builder topic is broken into the following sections. Click the link to go to the appropriate section: •

The Filter Constructor Dialog Box

•

Filter Management

•

Filter Operations

•

Filter Operators

•

Filter Terms •

Basic Terms

•

Advanced Terms

•

Filter Syntax

•

Viewing Filtered Packets

•

Saving Filters

Filter Management You can create a filter as a Shared or Private filter. Shared filters are visible by all users of nGeniusONE. Any user can use, edit, rename, or delete shared filters. The Private filters are only available to the user who created them for use, modification, and deletion.

Filter Operations There are three basic filter operations: create, rename, and delete. The table below explains the procedure for each operation.

239

nGeniusONE 5.4.1 Online Help Topics

Operation

Procedure

Create

To create a new filter, click on Shared or Private (in the Filter List section) and click the New button. The Filter Builder automatically adds a filter_ (time in epoch). When you open the Filter Builder, there is a filter_ (which is blank) filter file in the Filter List you can use to create a new filter.

Edit

To edit a filter, click on the filter name in the Filter List. The syntax appears in the Expression area. You can edit directly from there.

Rename

To rename a filter, click on the filter in the Filter List and click Rename. Enter the new name in the dialog box that appears and click OK.

Delete

To delete a filter, click on the filter in the Filter List and click Delete. Click OK in the dialog box to confirm the filter delete.

Filter Operators Use the following operators to create your filter: Operators ()

Optional parentheses you can put around the expression. For example, (ip==10.2.3.4)

==

Equals

!=

Does not equal

&&

And

||

Or

!

Do not include packets that have the specified term - used as ! (filter term) Note: Only one filter term is supported with a NOT operator.

and

And

not

Do not include packets that have the specified term - used as not (filter term) Note: Only one filter term is supported with a NOT operator.

or

Or

Filter Terms There are two types of filter terms - Basic Terms and Advanced Terms.

240

TROUBLESHOOTING ISSUES Basic Terms – There are standard terms provided as part of packet analysis infrastructure without having to decode the packets. These terms offer quicker filter results. Basic Terms can be used in both pre- and post-capture filtering. Basic Terms - used for data mining or post-capture filtering application

Type of application (for example, application==FTP or application!=Telnet. The list of available applications corresponds to the list of active applications in nGeniusONE Global Settings)

eth

Ethernet (MAC) address (aa:bb:cc:dd:ee:ff format, for example eth==08:00:8c:01:02:03)

eth.src

Source Ethernet (MAC) address (aa:bb:cc:dd:ee:ff format, for example - eth.src==08:00:8c:01:02:03)

eth.dst

Destination Ethernet (MAC) address (aa:bb:cc:dd:ee:ff format, for example - eth.dst==08:00:8c:01:02:03)

ethernet

Ethernet address (MAC) information

ip

IP Address in octet form (for example - ip==192.168.200.12)

ip.src

Source IP Address in octet form (for example ip.src==192.168.200.12)

ip.dst

Destination IP Address in octet form (for example ip.dst==192.168.200.12)

ipv6

Internet Protocol version 6 information (for example ipv6==fda2:7043:e658:e556:0123:4567:89ab:cdef)

Advanced Terms – These are standard terms provided as part of packet analysis infrastructure and require packet decode. These terms are slower providing filter results. Advanced terms are restricted to post-capture filtering. Advanced Terms - used for post-capture filtering When entering terms, if you put a period (.) character after the term, a list may appear (if available for that term) with more specific terms to allow you to drill down further into the packet data. 802_1ad

IEEE 802.1 AD information

802_1ah

IEEE 802.1 AH information

802_1q

VLAN 802.1Q information

ansi_map

ANSI Map information

application

Application type - Free text (for example application==http)

bpdu

Bridge Protocol Data Unit information

browser

Browser information

241

nGeniusONE 5.4.1 Online Help Topics

cisco_vntag

Cisco Virtual Network tag information

cpim

Common Profile for Instant Messaging information

disl

Cisco Dynamic Inter-Switch Link information

dsmcc

Digital Storage Media Command and Control information

dssetup

Directory Services Setup information

eps_mm

Evolved Packet System Mobility Management information

eps_sm

Evolved Packet System Session Management information

eth

Ethernet (MAC Address) information

ethernet

Ethernet (MAC Address) information

eurex_emdi

Eurex Enhanced Market Date Interface information

fc

Fibre Channel information

fc_els

Fibre Channel Extended Link Service

fcoe

Fibre Channel over Ethernet information

fip

Fibre Channel over Ethernet (FCoE) Initiation Protocol

iccp_mms

Inter-Control Center Communications Protocol Multimedia Message Service information

ice_impact_m

ICE iMpact information

ima

Independent Management Architecture information

imsi

International Mobile Subscriber Identity

ip

Internet Protocol information

ipars

International Program Airline Reservation System information

ipv4

IP version 4 information

ipv6

Internet Protocol version 6 information

ise_mdi_fast

International Securities Exchange Market Data Interface FAST information

isl

Cisco Inter-Switch Link information

isup

ISDN User Part information

lcc ldap

Lightweight Directory Address Protocol information

llc

Link Layer Control information

lse-gtp

242

TROUBLESHOOTING ISSUES

lse_mitch m3ua

MTP Layer 3 User Adaptation Layer information

map

Mobile Information Part (MAP) information

matip

Mapping of Airline Traffic over Internet Protocol information

mime

Multi-Purpose Internet Mail Extensions information

mpls

Multi-Protocol Label Switching information

ms_oxcrpc

Microsoft Exchange Remote Procedure Call information

msisdn

Mobile Station Integrated Services Digital Network

ospf

Open Shortest Path First information

packet

Packet information

pattern[-]

You can search on the hexadecimal pattern in the Hex pane of the Protocol Decode view. For more information, see the Pattern Filter topic. Note: After the word pattern, enter the beginning and end data offsets (use decimal numbers for the byte numbers) in brackets (for example, pattern[2629]==0a0a000a).

plain_text port

Port Number (integer or range of integers between 1 - 65535; for example - port==1024, port==80-1024)

port.src

Source Port Number (integer or range of integers between 1 65535; for example - port.src==1024, port.src==80-1024)

port.dst

Destination Port Number (integer or range of integers between 1 65535; for example - port.dst==1024, port.dst==80-1024)

ppp

Point-to-Point Protocol information

ptc_c ptc_d rtpevent

RTP Event information

sctp

Stream Control Transmission Protocol information

sctp _data

SCTP data information

sender_compid Value used to identify firm sending packets sgsap

SGs intergace Application Part information

sip

Session Initiation Protocol information

sipfrag

SIP fragment information

243

nGeniusONE 5.4.1 Online Help Topics

sms_im

Short Messaging Service Instant Message information

ssl

Secure Socket Layer information

target_compid Value used to identify firm receiving packets tcp

TCP Information

tcp.port

TCP Port Number (integer or range of integers between 1 - 65535; for example - tcp.port==1024, tcp.port==80-1024)

tcp.src

TCP Source Port Number (integer or range of integers between 1 65535; for example - tcp.src==1024, tcp.src==80-1024)

tcp.dst

TCP Destination Port Number (integer or range of integers between 1 - 65535; for example - tcp.dst==1024, tcp.dst==801024)

text

Text in Detail or Summary panes. To search in the Summary pane use the text.summary=="text" convention. To search in the Detail pane use the text.detail=="text". Note: Enter the text to be searched in double quotes.

tls

Transport Layer Security information

tos

Type of Service (integer [decimal or hexadecimal]; for example tos==12, tos==12b)

udp

UDP Information

udp.port

UDP Port Number (integer or range of integers between 1 65535; for example - udp.port==1024, udp.port==80-1024)

udp.src

UDP Source Port Number (integer or range of integers between 1 65535; for example - udp.src==1024, udp.src==80-1024)

udp.dst

UDP Destination Port Number (integer or range of integers between 1 - 65535; for example - udp.dst==1024, udp.dst==801024)

url

Uniform Resource Locator (web site, for example url==www.netscout.com)

vlan

Virtual LAN information

xml

eXtensible Markup Language information

xre

XML User Interface Language (XUL) Runtime Environment information

Protocol-Specific Advanced Terms When entering terms, if you put a period (.) character after the term, a list may appear (if available for that term) with more specific terms to allow you to drill down further into the packet data.

244

TROUBLESHOOTING ISSUES

alp

Appliance Link Protocol information

amex

American Express credit card information

arp

Address Resolution Protocol information

bfd

Cisco Bidirectional Forwarding Detection information

bgp

Border Gateway Protocol (BGP) information

bittorrent

BitTorrent Protocol information

bssap

BSS Application Part information

bssap+

BSS Application Part Plus information

bssgp

BSSGP (Base Station System GPRS Protocol) information

cdp

Cisco Discovery Protocol information

cgp

Common Gateway Protocol information

citrix

Citrix protocol information

citrix_cgp

Citrix CGP information

citrix_ica

Citrix Independent Computing Architecture (ICA) information

dhcp

Dynamic Host Control Protocol information

dhcpv6

DHCP version 6 information

diameter

Diameter protocol information

discover

Discover credit card information

dns

Domain Name Service information

ftp

FTP (File Transfer Protocol) information

hsrp

Hot Standby Router Protocol information

hsrpv2

Hot Standby Router Protocol version 2 information

http

Hypertext Transmission Protocol information

ibm_mq

IBM Market Query information

genband

GENBAND information

gprs_gmm

General Packet Radio Services (GPRS) GPRS Mobility Management information

gprs_llc

General Packet Radio Services (GPRS) Logical Link Control information

gprs_sm

General Packet Radio Services (GPRS) Session Management information

245

nGeniusONE 5.4.1 Online Help Topics

gprs_sndcp

General Packet Radio Services (GPRS) Sub Network Dependence Convergence Protocol information

gsm_dtap

Global System for Mobile Communications Direct Transfer Application sub-Part information

gsm_rp

Global System for Mobile Communications Relay Protocol information

gsm_sms

Global System for Mobile Communications Short Messaging Service

gtp_prime

GTP (GPRS Tunneling Protocol) information

gtpc_v1

GTP version 1 information

gtpu

GTP version 1 information

gtpv2

GTP version 2 information

hsrp

Hot Standby Router Protocol information

hsrpv2

Hot Standby Router Protocol version 2 information

http

HTTP information

ibm_mq

IBM WebSphere MQ information

ica

Citrix Independent Computing Architecture (ICA) information

ica_sb

Citrix ICA Server Browser Flow information

icmp

ICMP (Internet Control Message Protocol) information

ldap

Lightweight Directory Address Protocol information

loop

Configuration Testing Protocol (Loop) information

maestro_debit Maestro pre-paid MasterCard information master_credit

MasterCard credit card information

mbcp

Media Burst Control Protocol information

mop_rc

Maintenance Operations Protocol Remote Console information

msrp

Message Session Relay Protocol information

mysql

My SQL protocol information

netb

Microsoft NetBIOS information

netflow

NetFlow datagram information

nsip

Network Services over IP information

ntp

Network Time Protocol information

oracle_sql

Oracle SQL information

246

TROUBLESHOOTING ISSUES

oracle_tns

Oracle Transparent Network Substrate information

pim

Protocol Independent Multi-Cast information

ranap

Radio Access Network Application Part protocol information

rtcp

RTP Control Protocol information

rtp

Real-Time Protocol information

rtsp

Real-Time Streaming Protocol information

s1ap

S1 Application Protocol (S1AP) information

sccp

Skinny Client Control Protocol information

sccp_ss7

SCCP Signaling System number 7 information

sdp

Session Description Protocol information

sip

Session Initiation Protocol information

smb

Server Message Block protocol information

smb2

SMB version 2 protocol information

smbmsp

SMB Mail Service Protocol information

smbtcp

SMB on TCP information

snap

Sub-Network Access Protocol information

snmp

Simple Network Management Protocol information

soap

Simple Object Access Protocol information

ssdp

Simple Service Directory Protocol information

ssh

Secure Shell (SSH) information

tcap

Transaction Capabilities Application Part information

tds

Tabular Data System Protocol information

telnet

Telnet protocol information

union_pay

UnionPay credit card processing information

vrrp

Virtual Router Redundancy Protocol information

wins

Windows Internet Naming Service information

xcap

XML Configuration Access Protocol information

xmpp

Extensible Messaging and Presence Protocol information

x2ap

X2 Application Protocol information

To build a filter, enter syntax using the following terms. When you finish entering terms, click Apply to run the filter (without saving) or Save to save the filter:

247

nGeniusONE 5.4.1 Online Help Topics Note: The Apply button is active only in post-capture filters.

The Filter Constructor Dialog Box When you click the Filter Constructor

button, the Filter Constructor dialog box appears.

When the Filter Constructor dialog box is opened, the Expression screen is blank and there are no filters selected. You can choose a variety of operations to perform: •

Enter filter syntax

•

View filtered packets

•

Click on a filter to display its Filter Terms and/or apply the filter

•

Run a Quick Filter

248

TROUBLESHOOTING ISSUES

Filter Syntax

To enter filter syntax, type the terms, operators, and options in the Expression screen. The terms are described in the Filter Terms section. The Expression screen is red when there is incorrect syntax. The Expression screen turns green when correct syntax is entered. For example, you could enter the following in the Expression screen: (ip==10.2.3.4) and (port!=80) if you wanted to get packets that contain the IP address 10.2.3.4 and come on all ports except 80. For most applications listed in the table, you can enter only the application name in the Expression screen and click Save or the Apply button. This automatically saves/executes a filter that just searches for packets matching the selected application. To clear out the information in the Expression screen, click the Clear

button.

If you do not enter any value with a Filter Term and the Expression screen turns green, this means you can filter on packets that contain that particular field. When entering Filter Terms, if you close the Filter Constructor and reopen it before exiting the particular decode session, the information in the Expression Screen is saved for you. Filter Term Granularity When entering terms, if you put a period (.) character after the term, a list may appear (if available for that term) with more specific terms to allow you to drill down further into the packet data. Select the appropriate granulated term from the drop-down list to filter on a

249

nGeniusONE 5.4.1 Online Help Topics more specific attribute of a Filter Term. Some examples of the granulated terms contained in the drop-down boxes are in the following images:

250

TROUBLESHOOTING ISSUES

Viewing Filtered Packets After you build or load a capture filter, the packets that meet the filter conditions are displayed in a new Protocol Decode view. You can return to the previous decode session by clicking the Navigate to Launched Decode Sessions button

. From the previous decode session, you can load or build a different

filter to see other packet data from the original trace. Click the Filter Constructor button and build or load another filter. You can have up to eight filters or Bounce Chart sessions running concurrently. You can also create another filter from the packets that you filtered previously. Click the Filter Constructor button

and build or load another filter.

You can have up to eight filters running, whether they are separate filters or nested filters. Packets that were previously filtered display with different colored lines.

Saving Filters When you apply a filter, the filter terms automatically save into the Private folder with the name last_filter. When you create a filter and want to save it, click the Save the save dialog box:

button and enter a name in

251

nGeniusONE 5.4.1 Online Help Topics

Other ways to save filters are: •

When you click the Add Filter

button in either the Shared or Private folder, add

your filter terms, and click the Save

button, the filter is saved with a system

generated name. You can click the Rename Filter name. •

When you click the Add Filter button in either the Shared or Private folder, add your filter terms, the filter is given with a system generated name. You can click the Rename Filter

•

252

button and change the filter

button, change the filter name, and click the Save

Select the last_filter, click the Rename Filter name.

button.

button, and change the filter

TROUBLESHOOTING ISSUES

Using the Pattern Filter You can search on a particular byte pattern by doing the following: There are two ways to use the Pattern filter term. 1. This method involves using a predetermined pattern and knowing on which bytes you find that pattern. a. Determine the pattern and the byte offset on which you want to search. b. Launch the Filter Constructor. c. Enter the byte offset (in decimal) and the byte pattern (hexadecimal) to search (for example, pattern[26-29]==0a0a000a) in the Expression screen. d. Save or click Apply to filter on the desired pattern. 2. This method involves selecting a particular pattern from the Detail pane of the Decode window. Open a Decode window. a. From a packet that contains the pattern you wish to search, click the desired pattern in the Detail Pane.

b. Click Apply to start the filter operation.

253

nGeniusONE 5.4.1 Online Help Topics c. The filtered results display.

254

TROUBLESHOOTING ISSUES

Exporting a Trace File Click the Save button to export a trace file to your nGeniusONE server, your nGenius InfiniStream appliance, or to your client system.

To launch the trace file export, do the following: 1. Select the interface(s) on which you want to perform the Save. You can select more than one interface by holding down the or key and clicking on the desired interfaces. You can select more than one interface on a single nGenius InfiniStream appliance. 2. Click the Save button on the right hand side of the pane.

255

nGeniusONE 5.4.1 Online Help Topics 3. (Optional, unchecked by default) Check the Use previously saved Time and Filter settings box to have the last saved time interval and filter automatically fill in. To reset the time interval and filter settings, clear the check box and change the appropriate settings. When you click Save, your settings are saved for the next session. 4. Open the Time Zone drop-down box and select a time zone if you wish to adjust the packet timestamps to a particular time zone. This step is optional. Adjusting the time zone is useful if you have devices in different time zones from the nGeniusONE server and you want to adjust to a local time. You can select either the server time zone, client time zone, or any of the major time zones from the drop-down list. 5. Set the Start Date by clicking the calendar icon on the Start Date line. 6. Set the End Date by clicking the calendar icon on the End Date line. 7. Set the Start Time by manually entering or clicking the time box on the Start Date line. 8. Set the End Time by manually entering or clicking the time box on the End Date line. 9. (Optional) If you want to use a predefined or customize a quick filter, see the Filtering section. 10. In the Save On section, select whether to save the file to the nGenius InfiniStream, the nGeniusONE server, or to your system. If saving to an nGenius InfiniStream appliance or the nGeniusONE server, select the folder into which you want to place the file. 11. Enter the file name in the File Name field. You only need to enter the file name. The PCAP extension is added automatically. 12. Check the Overwrite box if overwriting an existing file. This step is optional. 13. Click Save to save the file. If you chose to save the file on your local machine, the file is most often saved to your browser Download folder. During the export, the Export Status field displays the status of the export process (such as Preparing, percentage completed, or Complete). 14. If you want to cancel an export, click the of the tab.

indicator that appears at the bottom

15. To view the trace file, go to the Trace Archive Viewer.

Filtering Open the Define Filter accordion by clicking the

button. The Filter dialog displays.

1. Select either a predefined filter (Decode only) by clicking the Choose from predefined filters radio button or click Create your own Quick Filter to create a custom quick filter. Note: Predefined filter selection is only supported in Decode operations. 2. If choosing a predefined filter, click the drop-down box in the drop-down box and select your filter. 3. If entering a custom filter, do the following:

256

TROUBLESHOOTING ISSUES a. Select an application on which you wish to filter by clicking the to filter.

drop-down box and select the application you wish

b. (Optional) You can sort on particular protocols, IP addresses, or port numbers. You can select up to four Applications with two IP Address/Port combinations. This means for each protocol, you can sort on two IP addresses, two port numbers, or one of each. Enter a source IP address or port number by entering data in the first IP Address/Port box that follows the application you selected. To enter a destination IP address or port, enter data in the second IP Address/Port box. You can enter data in either or both IP Address/Port boxes. If you enter data in both boxes, the filter selects packets that contain the specified source and destination information you provide. Each IP Address/Port box works as an AND operator to its complement. Important: When entering IPv6 addresses in filters, surround the IPv6 address with brackets []. For example, ipv6==[fda2:7043:e658:e556:0123:4567:89ab:cdef/128] or ipv6==[fda2:7043:e658:e556:0123:4567:89ab:cdef/128]:8080 4. If you want to filter additional applications, click the button to add another application filter. Repeat step 3 for the new application. When using more than one custom filter, each filter is treated independently (each filter works as an OR operator). 5. To remove a custom filter, click the

button next to the filter you wish to remove.

257

nGeniusONE 5.4.1 Online Help Topics

Bounce Charts in nGeniusONE From the Summary pane of the Protocol Decode view, you can select an IP (TCP, UDP, or SCTP) packet to launch a Bounce Chart view. The Bounce Chart displays the flow of packets exchanged in the stream to which the selected packet belongs. The Bounce Chart includes time data to enable you to do quicker response time analysis of the stream. The Bounce Chart displays the source and destination IP addresses and ports associated with the session. Note: You must select an IP-based packet (TCP, UDP, or SCTP) to launch a Bounce Chart. Each transaction on the connection is represented by a separate entry in the Bounce Chart that displays the following information: •

Packet number

•

Absolute Time

•

Packet Interpretation - contains the following information: o

Internet Protocol (IP) type

o

Destination Port

o

o

Source Port Packet Length

•

Latency Time

•

Interface name or trace file name

•

Packet direction - when you mouse over the arrow, the following displays:

•

o

Source IP address

o

Source port

o

Destination IP address

o

Destination Port

Application Type (when column is selected using the Customize Columns feature)

Summary Panel Toolbar A toolbar is provided at the top of the Summary panel allowing you to perform the following operations, as shown in the image and described in the table below:

258

TROUBLESHOOTING ISSUES

Return to the Managed Entities (Data Mining or Trace Archive) screen Navigate to launched decode sessions Stop Mining. This stops data mining and returns the results it has accumulated. Launch Quick Filter Direction of packet flow. You can choose left to right only (-->), right to left only (<---), or both directions (<--->) Customize Columns Save As View Options Scroll Up one packet Scroll Down one packet Select the packet number you wish to view Top packet Bottom packet Go to Marked frame Exit the Bounce Chart Session and return to the Protocol Decode The following conditions apply to the Bounce Chart view: •

You can launch (per user) a maximum of eight Bounce Chart views and filter sessions combined.

•

Bounce Chart views must be launched from the Summary pane of the Protocol Decode view; you cannot launch a Bounce Chart view from a Protocol Decode while the decode is in process. If you click the Stop Decode the Bounce Chart feature is available.

button to stop a decode,

259

nGeniusONE 5.4.1 Online Help Topics

Viewing Bounce Charts From the Summary Toolbox of the Protocol Decode view, you can select an IP (TCP, UDP, or SCTP) packet to launch a Bounce Chart view. The Bounce Chart displays the flow of packets exchanged in the stream to which the selected packet belongs. The Bounce Chart includes time data to enable you to do quicker response time analysis of the stream. The Bounce Chart displays the source and destination IP addresses and ports associated with the session. Note: You must select an IP-based packet (TCP, UDP, or SCTP) to launch a Bounce Chart. Click here for information on Enhanced Bounce Charts. Each transaction on the connection is represented by a separate entry in the Bounce Chart that displays the following information: •

Packet number

•

Absolute Time

•

Packet Interpretation - contains the following information: o

Internet Protocol (IP) type

o

Destination Port

o

o

Source Port Packet Length

•

Latency Time

•

Interface name or trace file name

•

Packet direction - when you mouse over the arrow, the following displays:

•

o

Source IP address

o

Source port

o

Destination IP address

o

Destination Port

Application Type (when column is selected using the Customize Columns feature)

The following conditions apply to the Bounce Chart view: •

You can launch (per user) a maximum of eight Bounce Chart views and filter sessions combined.

•

Bounce Chart views must be launched from the Summary pane of the Protocol Decode view; you cannot launch a Bounce Chart view from a Protocol Decode while the decode is in process. If you click the Stop Decode the Bounce Chart feature is available.

button to stop a decode,

To launch a Bounce Chart, click a packet in the Summary Panel of the Protocol Decode view and click the Bounce Chart button. When a Bounce Chart opens, the view splits and the new view looks like the following image:

260

TROUBLESHOOTING ISSUES

Summary Panel Toolbar A toolbar is provided at the top of the Summary panel allowing you to perform the following operations, as shown in the image and described in the table below: Return to the Managed Entities (Data Mining or Trace Archive) screen Navigate to launched decode sessions. Stop Bounce Chart. This stops data mining and returns the results it has accumulated. Launch Quick Filter Direction of packet flow. You can choose left to right only (--->), right to left only (<---), or both directions (<--->) Customize Columns View Options Save As Click to access online help Close decode. This closes the Bounce Chart and returns you to the previous Protocol Decode view. Scroll Up one packet Scroll Down one packet Select the packet number you wish to view Go to First packet

261

nGeniusONE 5.4.1 Online Help Topics

Go to Last packet Go to Marked frame Exit the Bounce Chart Session and return to the Protocol Decode

262

TROUBLESHOOTING ISSUES

Enhanced Bounce Chart Bounce Chart views display the flow of packets exchanged in the stream to which a selected packet belongs. With an nGenius InfiniStream, Enhanced Bounce Chart views are also available. Enhanced Bounce Charts display timestamps in packets exchanged between a pair of hosts through multiple network segments. As packets hop across the network, many factors can delay these packets. Enhanced Bounce Charts help you find where these delays occur. nGeniusONE supports bounce charts with up to seven hops for TCP or UDP streams. On an InfiniStream (or multiple InfiniStream systems), you can launch an Enhanced Bounce Chart view on up to seven physical interfaces. While Bounce Charts are available for TCP-, UDP-, or SCTP-based applications, Enhanced Bounce Charts are supported for TCP- or UDP-based applications only. You can run up to eight Bounce Chart or filter sessions concurrently. To launch an Enhanced Bounce Chart view: 1. From the Packet Analysis -> Data Mining view, select up to seven InfiniStream physical interfaces on which you wish to perform the Enhanced Bounce Chart. To select additional interfaces, press the key and click on all interfaces you wish to have in the Enhanced Bounce Chart. Note: this version of nGeniusONE only supports the Enhanced Bounce Chart on interfaces that reside on a single InfiniStream. 2. Select the Start and End date/time. 3. (Optional) Select a Data Filter from the drop-down list. 4. Click Submit to start the Protocol Decode. 5. From the Protocol Decode view, select a packet on which you want to see the Enhanced Bounce Chart. 6. Click the Bounce Chart button. The Enhanced Bounce Chart displays. You can see the Latency Time, direction of the packet, and on which interface the packet was captured.

263

nGeniusONE 5.4.1 Online Help Topics

Summary Panel Toolbar A toolbar is provided at the top of the Summary panel allowing you to perform the following operations, as shown in the image and described in the table below: Return to the Managed Entities (Data Mining or Trace Archive) screen Navigate to launched decode sessions. Customize Columns View Options Launch Quick Filter Direction of packet flow. You can choose left to right only (--->), right to left only (<---), or both directions (<--->)

264

TROUBLESHOOTING ISSUES

Stop Bounce Chart. This stops data mining and returns the results it has accumulated.

Go Up/Down by one packet Select the packet number you wish to view

Go to First/Last packet Go to Marked frame Exit the Bounce Chart Session and return to the Protocol Decode

265

nGeniusONE 5.4.1 Online Help Topics

Performing Remote Analysis Decode

Viewing Decoded Packets After you specify your analysis criteria and perform a decode, the results are displayed in three panels that work together to show you the various protocol layers embedded in a packet (for more information on each of the panels, click the associated link): •

Summary Panel Toolbar

•

Summary

•

Detail

•

Hex

Note: When using SSL Decryption to decrypt packets, the first HTTP packet captured is 25 bytes less than the actual packet size. For example, if the first HTTP packet is 240 bytes, Packet Analysis only displays 215 bytes in the Hex portion of the Decode pane and shows that only 215 bytes were captured in the Detail pane.

Masking User Identifiable Information nGeniusONE packet decode supports masking certain User Identifiable Information (UII) from data packets. When enabled, the Detail and Hex panes of the decode view display a series of "X" characters where you would normally find the UII. Currently, you can mask the following packet information in the Decode packets: •

SMS user content (from GSM)

•

SMS Instant Message user content

266

TROUBLESHOOTING ISSUES •

IMSI data from: RANAP, GPRS_GMM, EPS_MM, SgSAP, GTPv1, GTPv2, MM, BSSGP, GMM, S1AP

•

IMEI data from: RANAP, GPRS_GMM, EPS_MM, SgSAP, GTPv1, GTPv2, MM, GMM, S1AP

•

MSISDN data from: GTPv1, GTPv2, CC

•

SIP Uniform Resource Indicator (URI)

•

SIP Display Name

•

SIP URI user part

•

HTTP User Resource Indicator

To enable the UII data masking, you must disable the View User Identity user role for any user from which you want to hide this information. When disabling this role, the user does not see UII when exporting the packet data. For more information on User Roles, please see the Predefined User Roles online help topic. Important: The View User Identity user role only applies to the nGeniusONE user interface. Enabling or disabling it has no effect on output derived from the Unified Management Console (UMC).

Summary Panel Toolbar A toolbar is provided at the top of the Summary panel allowing you to perform the following operations, as shown in the image and described in the table below: Return to the Managed Entities (Data Mining or Trace Archive) screen Navigate to launched decode sessions. Stop mining. This stops data mining and returns the results it has accumulated. Quick Filter Filter Constructor Bounce Chart Compare Two Decode Windows Side By Side Launch Enhanced Decode View Options Save As IP SEC Decrypt

267

nGeniusONE 5.4.1 Online Help Topics

Decode As More Options - includes Export (Print to File), Column Management (Customize Columns) Click to access online help Close decode. This closes the decode session and returns you to either the Data Mining or Trace Archive main view. Scroll Up one packet Scroll Down one packet Select the packet number you wish to view Go to First packet Go to Last packet Go to Marked frame Expand and Collapse all layers in pane Expand and Collapse pane

Summary Panel The Summary panel is at the top of each Decode sub-tab. It gives you a condensed view of the decoded packets’ source and destination addresses, the highest layer protocol in each packet, and various timing information. The Summary panel is the only panel that shows several packets at once. Although each packet is abbreviated and condensed, you can see at a glance the sequence and context of the packets. You can then examine individual packets in greater detail or skip over them. Scroll through the Summary panel to see the entries for each of the decoded packets. Selecting a packet causes the Detail and Hex panels to update with decode information for the selected packet. Summary Panel Fields The Summary panel includes the following fields for each displayed packet: Field Packet

268

Description The Summary panel lists packets sequentially in the same order in which they were received. Each packet is assigned a sequential number to make it easy to move around in the Summary panel. You can move quickly to a particular

TROUBLESHOOTING ISSUES packet number by entering it in the Go To packet box at the top of the display. Absolute Time

The time when the last byte of the packet was received. At that time, nGenius InfiniStream timestamps the packet. All other time displays are based on this value.

Relative Time You can select a particular packet in a data trace as a baseline for timing (Optional) packets (by default, the Relative Mark is set for the first packet). The Relative Time column calculates the time difference (up to the nanosecond) from the marked packet. Packets above the marked packet display negative numbers and packets below the marked packet display positive numbers.

Delta Time

The interval between the current packet’s timestamp and that of the preceding packet.

Size

The length of the packet, not including the CRC bits.

Source

The source address for this packet: By default, the Summary panel shows the network layer address, if present. If it is not present, the MAC address is shown.

Destination

The destination address for this packet. Destination addresses are shown in the same way as source addresses.

Interpretation An abbreviated description of the packet’s contents. The exact data shown will depend on the packet, but may include destination and source port

269

nGeniusONE 5.4.1 Online Help Topics numbers, ACK numbers, sequence numbers, and so on. If Show Top Layer is enabled in the Tools menu, only one line (for the highest enabled protocol level) is shown. If Show All Layers is enabled in the Tools menu, the Summary panel shows one line for each protocol level contained in a packet. Status

Displays a packet status if the packet is one of the following: ACK, PSH, RST, FIN

Capture Size Displays the amount of packet data captured (this may be less than the actual packet size) Source MAC

MAC address of the source system

Destination MAC

MAC address of the destination system

Source Port

Port number coming from the source system

Destination Port

Port number going into the destination system

Interface

Interface number from which the data was captured

Cumulative Bytes

Total bytes of the data capture (increments with each subsequent packet)

Detail Panel The Detail panel is in the middle of each Decode sub-tab. It shows the detailed contents of the packet currently selected in the Summary panel. Each protocol layer of the packet is interpreted and displayed. The first line in the Detail panel provides some metadata on the decoded packet – its packet number in the Summary panel, its length as displayed, and its length as captured. Any differences between the two length values is the result of packet slicing on the capturing nGenius InfiniStream appliance. Following the packet metadata, the layers of the packet are arranged with the lowest protocol layer at the top of the panel and then work their way down to the highest protocol layers. Initially, each of the layers is shown with a one-line summary. You can cascade open layers to see the full interpretation of each field and parameter in the layer (VLAN tags, TCP header fields, application layer commands, etc.). If you want to expand all the packet layers at one time, click the Expand All Layers button. To collapse all the packet layers, click the Collapse All Layers To expand the size of the panel window, click the Move Up window, click the Move Down

270

button.

button.

button. To collapse the panel

TROUBLESHOOTING ISSUES Selecting Portions of a Packet in the Detail Panel You can expand a packet in the Detail panel and select different layers or fields using the mouse. When you do so, the highlight in the Hex panel updates according to the line selected in the Detail panel so you can see exactly which hex code corresponds to which layer or field in the packet.

Hex Panel The Hex panel is at the bottom of each Decode sub-tab. It shows both the hexadecimal and ASCII interpretation of the packet selected in the Summary panel. The highlight in the Hex panel updates according to the line selected in the Detail panel so you can see exactly which hex code corresponds to which layer or field in the packet. The hex portion of the panel shows each byte as two hex characters, 00 to FF, with a blank between successive bytes. The bytes are arranged 16 to a row in a full-width table. The far left column shows the offset from the beginning of the packet, which allows you to readily calculate each field’s location in the packet. To expand the size of the panel window, click the Move Up window, click the Move Down

button. To collapse the panel

button.

The ASCII portion of the panel shows the translations for the hex codes using either ASCII, Extended ASCII, or EBCDIC transliteration. To toggle between an ASCII and EBCDIC view, click the ASCII

or EBCDIC

buttons.

You can copy the bytes from the Hex Panel to your clipboard. Select any or all bytes in the Hex or ASCII/EBCDIC portion of the Hex Panel, right-click your mouse, and choose Copy.

271

nGeniusONE 5.4.1 Online Help Topics

Column Management in nGeniusONE Packet Analysis The Column Management feature allows you to customize your decode view by adding or removing columns. The left side of the pane displays the columns you are currently viewing. The right side of the pane displays columns that are available for view. To access Column Management, click the More Management.

icon from the toolbar and select Column

To add a column to your view, click on the column's + sign. You can also click Add All to add all the columns to the view. To add a new profile or select a different profile, either enter the new profile name in the Profile Name dialog box or click the arrow to select an existing profile. To make the select profile a default profile for your user ID, check the box next to Set this as default Column Profile. The default profile always reverts to its original configuration. To remove a column from your view, click the column's - sign. When you are done, click Save to save the changes to the profile or OK to commit changes. You can click Reset to restore the default column view.

Custom Columns There is a Custom Column Builder which you can use to add additional fields to your decode. The available terms include many field level terms found in the Filter Constructor.

272

TROUBLESHOOTING ISSUES To see if a term is available, type the first few letters of the term. A list appears with the available terms from which you can select. For example, you can add a custom field named Application that displays the application name derived from Global Settings. To see sub-fields associated with each term, enter a period (.) after the term and a list of available sub-terms appears (if there are any). To add a custom column to your view, click on the column's + sign. To remove a custom column, click the red "x" in the column field. Note: You can change the column configuration in the default profile after renaming it.

273

nGeniusONE 5.4.1 Online Help Topics

Navigate to Launched Decode Sessions You can change the decode session on the right hand pane by clicking the Navigate to Launched Decode Sessions Decode sessions.

button. A dialog box opens that displays all of the open

This dialog box displays all of the active decode sessions. Filtered decodes are located under the original Packet Decode and have a Filter-x (x being a number) designation. Enhanced Decodes have an (E) designation after the session name. From this dialog box, you can perform one of the following tasks: •

Change the Decode session by double-clicking on another session in the list

•

Rename a Decode session by clicking the rename icon in the dialog box that appears

•

Close a Decode session by clicking the

•

Stop a session mining by clicking the

•

When examining a filtered session, click the For example:

274

and changing the name

button button button to see the filter information.

TROUBLESHOOTING ISSUES

Navigate to Launched Capture Sessions You can change the Data Capture session on the right hand pane by clicking the Navigate to Launched Capture Sessions Data Capture sessions.

button. A dialog box opens that displays all of the open

From this dialog box, you can perform one of the following tasks: •

Change the Decode session by double-clicking on another session in the list

•

Stop a capture session by clicking the

button

275

nGeniusONE 5.4.1 Online Help Topics

Decoding Ports as a Specified Application You can use the Decode As feature to decode ports in a data capture as a certain application. For example, traffic on port 8080 appears in the decode window and decodes as a TCP application. The user can map port 8080 to decode as HTTP.

Procedure 1. From the Protocol Decode tab, click the Decode As

button.

2. Select either Source or Destination from the Location drop-down list. 3. Enter the Port number of the source or destination packet on which you want to perform the operation. If you scroll on a packet, its port number is filled in, based on whether you selected Source or Destination in the Location field. 4. Select (check the box next to IP) if you want to only select packets containing the displayed IP address. 5. Select the application with you wish to decode the data from the Forced Protocol field. Click the

276

button for a list of available protocols.

TROUBLESHOOTING ISSUES 6. (Optional) To view the currently mapped ports, click the Show Mapping button. To delete a port map, click the Delete button. To hide the port mapping, click Hide Mapping.

Note: Port Mappings are derived from previously saved forced protocols from the current or prior Decode As sessions. Port mapping only applies to the outer (tunneled) layer when you use the Decode As feature on tunneled packets. 7. Click Apply. When you apply a forced protocol, it is saved as a protocol mapping in future sessions. You can see these previously configured forced protocols in the Show Mappings link in the Decode As dialog box.

277

nGeniusONE 5.4.1 Online Help Topics

Using Compare Mode in nGeniusONE The Decode display provides a Compare mode that lets you simultaneously view the Summary, Detail, and Hex panel decodes for two packets. The following procedure explains how to use Compare mode. 1. Start by selecting the first packet for comparison by clicking its entry in the Summary panel. This is the "anchor" packet – once you are in Compare mode, you can compare any other packet to it by selecting entries in the Summary panel. 2. Click the Compare button

at the top of the Decode display.

3. Select the second packet for comparison by clicking its entry in the other Summary panel (it appears on the right of the anchor packet Summary panel). The Summary, Detail, and Hex panels show the decodes for the two packets side-by-side with the anchor packet initially on the left. 4. You can change the second packet selected for comparison by clicking another packet in the Summary panel. 5. You can also change the Decode session on the right hand pane. See Comparing Packets from Two Different Decode Sessions for more information. 6. Change the anchor packet using either of the following methods:

278

•

Double-click the Summary panel of the packet to be used as the anchor.

•

Exit Compare mode, select a new packet as an anchor, and then reenter Compare mode.

TROUBLESHOOTING ISSUES

Summary Panel Toolbar A toolbar is provided at the top of the each pane allowing you to perform the following operations, as shown in the image and described in the table below: Return to the Managed Entities (Data Mining or Trace Archive) screen Navigate to launched decode sessions. Customize Columns Scroll Up one packet Scroll Down one packet Select the packet number you wish to view Go to First packet Go to Last packet Expand or collapse window panel Expand or Collapse all layers in Summary window Click to exit the Compare Decode window (right hand pane only)

Comparing Packets from Two Different Decode Sessions You can change the decode session on the right hand pane by clicking the Navigate to Launched Decode Sessions Decode sessions.

button. A dialog box opens that displays all of the open

From this dialog box, you can perform one of the following tasks:

279

nGeniusONE 5.4.1 Online Help Topics •

Change the Decode session by clicking on another session in the list

•

Close a Decode session by clicking the x button

After you select another Decode session, it opens on the right hand pane. Packets that were filtered in other Decode sessions display with different colored highlights around the packet.

280

TROUBLESHOOTING ISSUES

Saving a Trace File Remotely The Remote Save feature allows you to save a trace file to either the nGenius InfiniStream appliance, the nGeniusONE server, or to the user system. If saving an encrypted trace you have decoded, the decoded packets are saved in the new trace file.

To perform the Remote Save, do the following: 1. Enter a file name. 2. Select the file type from the drop-down box. 3. In the Save On section, select whether to save the file to the nGenius InfiniStream, the nGeniusONE server, or to your system. If saving to an nGenius InfiniStream appliance or the nGeniusONE server, select the folder into which you want to place the file. 4. Select either all packets or enter a range of packets to save. 5. Click Save to perform the save operation.

281

nGeniusONE 5.4.1 Online Help Topics

Printing (Export) a Trace File The Print to File (Export) feature allows you to export any or all of the Summary, Detail, and Hex panes from a data trace to a Comma Separated Value (.CSV) file for printing or other file operations. You can print all the packets in a trace or a range of packets. You can export data from a decode session performed in Data Mining or on files in the Trace Archive. Note: Some Enhanced Decode fields are not included when performing a trace file print (export) The Relative Time columns are not included when performing a trace file print (export)

To use the Print to File feature, do the following: 1. Enter a file name (in the text box next to File Name) for the export file. When the file is exported, it is placed in your browser Download folder. 2. Ensure that Comma Separated values (*.csv) is selected in the drop-down box next to File Type. This feature currently only supports export to CSV files. 3. In the Export What section, you can select to export any or all of the following by checking the box next to the name: Summary, Detail, Hex.

282

TROUBLESHOOTING ISSUES 4. In the Packets section select whether you want to export All Frames or a range of frames (Frames Range). If you select a range of frames, you can enter a single packet number or a group of packets. To export a single packet, enter the packet number. To export a group of packets, enter the first packet number, a dash key (-), and the last packet number. If you wish to export more than one single packet or range of packets, separate the values you enter with commas. 5. Click OK to export the packets or Cancel to quit this screen. 6. Depending on your browser, you may be prompted whether you want to save or print the file. 7. Look in your browser Download folder for the export (CSV) file.

283

nGeniusONE 5.4.1 Online Help Topics

Configure IP SEC Decryption The IP SEC Decrypt feature allows you to decode and view the packet contents of IP SEC (IP Security) encrypted packets. IP SEC Decryption – IP SEC (IP Security) is a method of encrypting IP packets for secure transmission over a secure IP tunnel and decrypting the packets on the destination system. nGeniusONE supports IP SEC Decryption for local trace files in addition to remote Protocol Decode sessions. nGeniusONE Packet Analysis performs post-capture decoding of the IP SEC encrypted packet data and allows you so see the unencrypted packet data. You can configure IP SEC Decryption to work with the following options: •

Protocol – IPv4 or IPv6

•

Source and Destination IP addresses of the packets you wish to decrypt

•

The following encryption types are supported: NULL, TripleDES-CBC, AES-CBC, AESCTR, DES-CBC, CASTS-CBC, BLOWFISH-CBC, TWOFISH-CBC

•

User-provided encryption key

•

The following authentication methods are supported: NULL, HMAC-SHA-1-96, HMACSHA-256-96, HMAC-SHA-256-128, HMAC-MD5-96, MAC-RESPEMD-160-96, Any 96/128/192/256 bit authentication

•

User-provided authentication key

284

TROUBLESHOOTING ISSUES To perform IP SEC decryption on an nGenius InfiniStream Protocol Decode or archived trace file, do the following:

Protocol Decode Decryption 1. From Packet Analysis -> Data Mining, select an nGenius InfiniStream interface and execute a Protocol Decode. 2. Click on an ESP packet in the Protocol Decode view. 3. Click the IP SEC Decrypt

button.

4. From the IP Security Configuration dialog box, enter the following information to configure the IP SEC decryption: a. Select the Protocol from the Protocol drop-down box. The available options are IPv4 and IPv6. b. Enter the IP address of the source of the encrypted flow in the Source IP field. c. Enter the IP address of the destination of the encrypted flow in the Destination IP field. d. Leave the SPI (Security Parameter Index) in the SPI field as the default asterisk (*). e. Select your encryption type from the Encryption drop-down box. The available options are: NULL, TripleDES-CBC, AES-CBC, AES-CTR, DESCBC, CASTS-CBC, BLOWFISH-CBC, TWOFISH-CBC f. Enter the encryption key used for the encryption in the previous step in the Encryption Key field. This can be ASCII text or hexadecimal digits. Click the Show/Hide button to display the key (Show) or as a series of dots (Hide). g. Select the authentication type from the Authentication drop-down box. The available options are: NULL, HMAC-SHA-1-96, HMAC-SHA-256-96, HMAC-SHA-256-128, HMAC-MD5-96, MAC-RESPEMD-160-96, ANY 96 bit authentication, ANY 128 bit authentication, ANY 192 bit authentication, ANY 256 bit authentication h. Enter the authentication key used for the authentication algorithm in the previous step in the Authentication Key field. This can be ASCII text or hexadecimal digits. Click the Show/Hide button to display the key (Show) or as a series of dots (Hide). 5. Click Decrypt to decrypt the packet trace.

Decrypting a Local Trace file 1. From Packet Analysis -> Trace Archive, either open the saved trace file or add a trace file. 2. Perform a Protocol Decode of the trace file. Select the trace file and click the Submit button. 3. Click on an ESP packet in the Protocol Decode view. 4. Click the IP SEC Decrypt

button.

285

nGeniusONE 5.4.1 Online Help Topics 5. From the IP Security Configuration dialog box, enter the following information to configure the IP SEC decryption: a. Select the Protocol from the Protocol drop-down box. The available options are IPv4 and IPv6. b. Enter the IP address of the source of the encrypted flow in the Source IP field. c. Enter the IP address of the destination of the encrypted flow in the Destination IP field. d. Leave the SPI (Security Parameter Index) in the SPI field as the default asterisk (*). e. Select your encryption type from the Encryption drop-down box. The available options are: NULL, TripleDES-CBC, AES-CBC, AES-CTR, DESCBC, CASTS-CBC, BLOWFISH-CBC, TWOFISH-CBC f. Enter the encryption key used for the encryption in the previous step in the Encryption Key field. This can be ASCII text or hexadecimal digits. Click the Show/Hide button to display the key (Show) or as a series of dots (Hide). g. Select the authentication type from the Authentication drop-down box. The available options are: NULL, HMAC-SHA-1-96, HMAC-SHA-256-96, HMAC-SHA-256-128, HMAC-MD5-96, MAC-RESPEMD-160-96, ANY 96 bit authentication, ANY 128 bit authentication, ANY 192 bit authentication, ANY 256 bit authentication h. Enter the authentication key used for the authentication algorithm in the previous step in the Authentication Key field. This can be ASCII text or hexadecimal digits. Click the Show/Hide button to display the key (Show) or as a series of dots (Hide). 6. Click Decrypt to decrypt the packet trace.

286

TROUBLESHOOTING ISSUES

Packet View - Before and After IP SEC Decryption The screen captures below display a packet that is IP SEC encrypted and the decrypted version of that packet. See packet number 8 in the trace for the decryption/encryption.

287

nGeniusONE 5.4.1 Online Help Topics

288

TROUBLESHOOTING ISSUES

Quick View The View Options allow you to set the following: •

Time - you can set the granularity of packet data to seconds, milliseconds, microseconds, or nanoseconds.

•

All Layers/Top Layers - you can select to view all layers or just the top layer in the Summary View pane.

•

Resolved/UnResolved - you can select whether to display the resolved name or unresolved MAC and IP addresses in the Source and Destination columns of the decode summary pane. This function supports both the inner and outer IP addresses of tunneled packets.

•

Tunneled IP - you can select whether to display the inner or outer IP address of a tunneled packet in the Summary pane. By default, the outer IP address is displayed.

•

Column Display Option - you can select whether to view all the columns you selected to display in the window (each column compresses to fit) or view as full size columns where you scroll across the window to view columns that run out of the window.

•

Set/Reset Relative Mark - you can select a particular packet in a data trace as a baseline for timing packets (by default, the Relative Mark is set for the first packet). The Relative Time column calculates the time difference (up to the nanosecond) from the marked packet. Packets above the marked packet display negative numbers and packets below the marked packet display positive numbers. Note: When launching an Enhanced Decode, the Relative Mark feature is automatically set to the first packet.

289

nGeniusONE 5.4.1 Online Help Topics

Trace Archive

Using the Packet Analysis Trace Archive The nGeniusONE Trace Archive is one of the main screens for the nGeniusONE-based Packet Analysis. All of the saved trace files are listed on this screen. The nGeniusONE Packet Analysis Trace Archive is a repository that you can keep on an nGeniusONE server and/or nGenius InfiniStream appliance. This repository allows you to save data traces and recall them at a point in the future when you want to perform packetlevel forensic analysis on the saved data. When viewing the tabs, you see a list of Monitored Elements from which you can select and display a list of saved trace files. There is a search icon that allows you to locate a particular IP address, element/domain name, or alias. Also, each field in the Monitored Element or Network Domain list has the option to sort a field in ascending or descending order. To sort the list, click the Sort Ascending/Descending button next to the field name on which you want to sort. When viewing the list of trace files stored on a particular element, you can use the click the Sort Ascending/Descending button to sort the file list by Name, Trace Size, or Date.

Refresh Filter Constructor Save a copy of trace file Change name of trace file Move trace between folders

290

TROUBLESHOOTING ISSUES Save trace on desktop Add file to list Remove trace file from server and list User Settings Navigate to launched decode sessions Click to access online help

To decode a saved trace file, do the following: 1. Select the Monitored Element on which the file resides. When you click the Monitored Element and the appropriate folder (Shared or Private), the list of saved trace files appears on the action box on the right side of the screen. 2. Click on the file you wish to decode. The file name appears in the action box on the right side of the screen. 3. (Optional) Click Use SSL Decryption to decrypt SSL encrypted packets if your nGeniusONE user ID is configured to decrypt SSL encrypted packets. 4. Click Decode. The Decode View opens.

291

nGeniusONE 5.4.1 Online Help Topics

Performing Remote Analysis Decode

Viewing Decoded Packets After you specify your analysis criteria and perform a decode, the results are displayed in three panels that work together to show you the various protocol layers embedded in a packet (for more information on each of the panels, click the associated link): •

Summary Panel Toolbar

•

Summary

•

Detail

•

Hex

Note: When using SSL Decryption to decrypt packets, the first HTTP packet captured is 25 bytes less than the actual packet size. For example, if the first HTTP packet is 240 bytes, Packet Analysis only displays 215 bytes in the Hex portion of the Decode pane and shows that only 215 bytes were captured in the Detail pane.

Masking User Identifiable Information nGeniusONE packet decode supports masking certain User Identifiable Information (UII) from data packets. When enabled, the Detail and Hex panes of the decode view display a series of "X" characters where you would normally find the UII. Currently, you can mask the following packet information in the Decode packets: •

SMS user content (from GSM)

•

SMS Instant Message user content

292

TROUBLESHOOTING ISSUES •

IMSI data from: RANAP, GPRS_GMM, EPS_MM, SgSAP, GTPv1, GTPv2, MM, BSSGP, GMM, S1AP

•

IMEI data from: RANAP, GPRS_GMM, EPS_MM, SgSAP, GTPv1, GTPv2, MM, GMM, S1AP

•

MSISDN data from: GTPv1, GTPv2, CC

•

SIP Uniform Resource Indicator (URI)

•

SIP Display Name

•

SIP URI user part

•

HTTP User Resource Indicator

To enable the UII data masking, you must disable the View User Identity user role for any user from which you want to hide this information. When disabling this role, the user does not see UII when exporting the packet data. For more information on User Roles, please see the Predefined User Roles online help topic. Important: The View User Identity user role only applies to the nGeniusONE user interface. Enabling or disabling it has no effect on output derived from the Unified Management Console (UMC).

Summary Panel Toolbar A toolbar is provided at the top of the Summary panel allowing you to perform the following operations, as shown in the image and described in the table below: Return to the Managed Entities (Data Mining or Trace Archive) screen Navigate to launched decode sessions. Stop mining. This stops data mining and returns the results it has accumulated. Quick Filter Filter Constructor Bounce Chart Compare Two Decode Windows Side By Side Launch Enhanced Decode View Options Save As IP SEC Decrypt

293

nGeniusONE 5.4.1 Online Help Topics

Decode As More Options - includes Export (Print to File), Column Management (Customize Columns) Click to access online help Close decode. This closes the decode session and returns you to either the Data Mining or Trace Archive main view. Scroll Up one packet Scroll Down one packet Select the packet number you wish to view Go to First packet Go to Last packet Go to Marked frame Expand and Collapse all layers in pane Expand and Collapse pane

Summary Panel The Summary panel is at the top of each Decode sub-tab. It gives you a condensed view of the decoded packets’ source and destination addresses, the highest layer protocol in each packet, and various timing information. The Summary panel is the only panel that shows several packets at once. Although each packet is abbreviated and condensed, you can see at a glance the sequence and context of the packets. You can then examine individual packets in greater detail or skip over them. Scroll through the Summary panel to see the entries for each of the decoded packets. Selecting a packet causes the Detail and Hex panels to update with decode information for the selected packet. Summary Panel Fields The Summary panel includes the following fields for each displayed packet: Field Packet

294

Description The Summary panel lists packets sequentially in the same order in which they were received. Each packet is assigned a sequential number to make it easy to move around in the Summary panel. You can move quickly to a particular

TROUBLESHOOTING ISSUES packet number by entering it in the Go To packet box at the top of the display. Absolute Time

The time when the last byte of the packet was received. At that time, nGenius InfiniStream timestamps the packet. All other time displays are based on this value.

Relative Time You can select a particular packet in a data trace as a baseline for timing (Optional) packets (by default, the Relative Mark is set for the first packet). The Relative Time column calculates the time difference (up to the nanosecond) from the marked packet. Packets above the marked packet display negative numbers and packets below the marked packet display positive numbers.

Delta Time

The interval between the current packet’s timestamp and that of the preceding packet.

Size

The length of the packet, not including the CRC bits.

Source

The source address for this packet: By default, the Summary panel shows the network layer address, if present. If it is not present, the MAC address is shown.

Destination

The destination address for this packet. Destination addresses are shown in the same way as source addresses.

Interpretatio An abbreviated description of the packet’s contents. The exact data shown will n depend on the packet, but may include destination and source port numbers, ACK numbers, sequence numbers, and so on.

295

nGeniusONE 5.4.1 Online Help Topics If Show Top Layer is enabled in the Tools menu, only one line (for the highest enabled protocol level) is shown. If Show All Layers is enabled in the Tools menu, the Summary panel shows one line for each protocol level contained in a packet. Status

Displays a packet status if the packet is one of the following: ACK, PSH, RST, FIN

Capture Size Displays the amount of packet data captured (this may be less than the actual packet size) Source MAC

MAC address of the source system

Destination MAC

MAC address of the destination system

Source Port

Port number coming from the source system

Destination Port

Port number going into the destination system

Interface

Interface number from which the data was captured

Cumulative Bytes

Total bytes of the data capture (increments with each subsequent packet)

Detail Panel The Detail panel is in the middle of each Decode sub-tab. It shows the detailed contents of the packet currently selected in the Summary panel. Each protocol layer of the packet is interpreted and displayed. The first line in the Detail panel provides some metadata on the decoded packet – its packet number in the Summary panel, its length as displayed, and its length as captured. Any differences between the two length values is the result of packet slicing on the capturing nGenius InfiniStream appliance. Following the packet metadata, the layers of the packet are arranged with the lowest protocol layer at the top of the panel and then work their way down to the highest protocol layers. Initially, each of the layers is shown with a one-line summary. You can cascade open layers to see the full interpretation of each field and parameter in the layer (VLAN tags, TCP header fields, application layer commands, etc.). If you want to expand all the packet layers at one time, click the Expand All Layers button. To collapse all the packet layers, click the Collapse All Layers To expand the size of the panel window, click the Move Up window, click the Move Down

296

button.

button.

button. To collapse the panel

TROUBLESHOOTING ISSUES Selecting Portions of a Packet in the Detail Panel You can expand a packet in the Detail panel and select different layers or fields using the mouse. When you do so, the highlight in the Hex panel updates according to the line selected in the Detail panel so you can see exactly which hex code corresponds to which layer or field in the packet.

Hex Panel The Hex panel is at the bottom of each Decode sub-tab. It shows both the hexadecimal and ASCII interpretation of the packet selected in the Summary panel. The highlight in the Hex panel updates according to the line selected in the Detail panel so you can see exactly which hex code corresponds to which layer or field in the packet. The hex portion of the panel shows each byte as two hex characters, 00 to FF, with a blank between successive bytes. The bytes are arranged 16 to a row in a full-width table. The far left column shows the offset from the beginning of the packet, which allows you to readily calculate each field’s location in the packet. To expand the size of the panel window, click the Move Up window, click the Move Down

button. To collapse the panel

button.

The ASCII portion of the panel shows the translations for the hex codes using either ASCII, Extended ASCII, or EBCDIC transliteration. To toggle between an ASCII and EBCDIC view, click the ASCII

or EBCDIC

buttons.

You can copy the bytes from the Hex Panel to your clipboard. Select any or all bytes in the Hex or ASCII/EBCDIC portion of the Hex Panel, right-click your mouse, and choose Copy.

297

nGeniusONE 5.4.1 Online Help Topics

Launch Enhanced Decode The Launch Enhanced Decode feature allows you to narrow your Decode view to TCP frames. A TCP Enhanced Decode displays additional TCP-specific information (such as tcp.window_size, tcp.info_bytes_in_flight, tcp.alarm, etc.). The Enhanced Decode is based on a unique IP address and port pair combination derived by the packet on which you click before launching Enhanced Decode. Enhanced Decode is useful in analyzing and differentiating whether an issue is related to the server or the network. For example, your network has remote clients connecting to servers on high-capacity (10Gb throughput) links. An issue may arise where there is slow or bad processing of client requests. This may cause the entire link to appear slow or unreachable. In a case like this, the TCP Window size may equal zero, which could cause the server to stop sending packets. Enhanced Decode gives you greater insight into TCP stack behavior. This insight saves time by indicating a client/server issue, rather than following the path of diagnosing a network/link problem. To launch an Enhanced Decode, do the following:

1. From the Decode view, select a packet and click the Launch Enhanced Decode button. 2. The TCP Enhanced Decode view displays.

298

TROUBLESHOOTING ISSUES

A toolbar is provided at the top of the Summary panel allowing you to perform the following operations, as shown in the image and described in the table below: Return to the Managed Entities (Data Mining or Trace Archive) screen Navigate to launched decode sessions. Stop mining. This stops data mining and returns the results it has accumulated. View Options Save As IP SEC Decrypt Decode As More Options - includes Export (Print to File) Show Graph View Click to access online help Close decode. This closes the decode session and returns you to either the Data Mining or Trace Archive main view. Scroll Up one packet Scroll Down one packet

299

nGeniusONE 5.4.1 Online Help Topics

Select the packet number you wish to view Go to First packet Go to Last packet Go to Marked frame (in Data Capture, this is the first frame in the trace) Expand and Collapse all layers in pane

Expand and Collapse pane 3. When you click on a packet and examine the TCP section of the Detail pane, you see a new field named Additional Info. When you expand the Additional Info field, various TCP information derived from the packet displays.

4. To view more detailed information, click the Show Graph View the TCP Graph.

300

button to launch

TROUBLESHOOTING ISSUES

Show Graph View The Show Graph View provides an additional level of visibility into TCP packets by graphically displaying additional TCP information derived from the packets contained in the Enhanced Decode. To launch the TCP Graph: 1. From the Enhanced Decode view, click the Show Graph View

button.

2. The TCP Graph displays in the Summary pane of the Enhanced Decode view. The left-hand Y axis displays the TCP Window size in bytes. The right-hand Y axis displays the TCP Bytes in Flight value in bytes. You can toggle the X axis to display packet times or packet numbers. Any additional TCP information derived by Packet Analysis is displayed in the TCP Graph.

3. You can click the available fields in the view to show or hide them. 4. You can also click the Toggle X axis packet number.

to display the TCP Graph by time or by

301

nGeniusONE 5.4.1 Online Help Topics TCP Graph Displayed over Time

TCP Graph Displayed by Packet 5. To return to the standard Summary view (exit the TCP Graph), click the Show Table View

302

button.

TROUBLESHOOTING ISSUES

Adding Trace Files The Add Trace Files (importing) feature allows you to import a trace file from your client system and store it on the nGeniusONE server.

To import a file, do the following: 1. Click the Browse button to select the capture file you wish to import. 2. Select whether you want to put it in the Private or Shared folder by using the dropdown box. 3. Click Overwrite if you are replacing an existing trace file. 4. Click Upload to upload the file to the server. 5. Click Close to close this screen.

303

nGeniusONE 5.4.1 Online Help Topics

Moving a Trace File This feature allows you to move a trace file from the Shared folder to the Private folder and also move files from the Private folder to the shared folder. To move a file, do the following: 1. Select the trace file from the list. 2. Click the Move Trace Between Folders button. 3. In the dialog box, select the folder from the drop-down box into which you want to move the trace file. 4. Click OK to move the file.

304

TROUBLESHOOTING ISSUES

Renaming a Trace File This feature allows you to rename an existing trace file. To rename a trace file, do the following: 1. Select the trace file from the list. 2. Click the Rename Trace File button. 3. Enter the new file name. 4. Click OK to change the file name.

305

nGeniusONE 5.4.1 Online Help Topics

Save a Copy of a Trace File This feature allows you to save a copy of a trace file by another name or into a different folder. This may be useful if you want to grant access to the file but maintain the original trace file. To copy a trace file, do the following: 1. Select the trace file from the list. 2. Click the Save a copy of Trace File button. 3. Either keep the original name or enter a new name on the Filename line. 4. Select the folder from the Folder drop-down list. 5. Click OK to save the copy of the trace file.

306

TROUBLESHOOTING ISSUES

Configure IP SEC Decryption The IP SEC Decrypt feature allows you to decode and view the packet contents of IP SEC (IP Security) encrypted packets. IP SEC Decryption – IP SEC (IP Security) is a method of encrypting IP packets for secure transmission over a secure IP tunnel and decrypting the packets on the destination system. nGeniusONE supports IP SEC Decryption for local trace files in addition to remote Protocol Decode sessions. nGeniusONE Packet Analysis performs post-capture decoding of the IP SEC encrypted packet data and allows you so see the unencrypted packet data. You can configure IP SEC Decryption to work with the following options: •

Protocol – IPv4 or IPv6

•

Source and Destination IP addresses of the packets you wish to decrypt

•

The following encryption types are supported: NULL, TripleDES-CBC, AES-CBC, AESCTR, DES-CBC, CASTS-CBC, BLOWFISH-CBC, TWOFISH-CBC

•

User-provided encryption key

•

The following authentication methods are supported: NULL, HMAC-SHA-1-96, HMACSHA-256-96, HMAC-SHA-256-128, HMAC-MD5-96, MAC-RESPEMD-160-96, Any 96/128/192/256 bit authentication

•

User-provided authentication key

307

nGeniusONE 5.4.1 Online Help Topics To perform IP SEC decryption on an nGenius InfiniStream Protocol Decode or archived trace file, do the following:

Protocol Decode Decryption 1. From Packet Analysis -> Data Mining, select an nGenius InfiniStream interface and execute a Protocol Decode. 2. Click on an ESP packet in the Protocol Decode view. 3. Click the IP SEC Decrypt

button.

4. From the IP Security Configuration dialog box, enter the following information to configure the IP SEC decryption: a. Select the Protocol from the Protocol drop-down box. The available options are IPv4 and IPv6. b. Enter the IP address of the source of the encrypted flow in the Source IP field. c. Enter the IP address of the destination of the encrypted flow in the Destination IP field. d. Leave the SPI (Security Parameter Index) in the SPI field as the default asterisk (*). e. Select your encryption type from the Encryption drop-down box. The available options are: NULL, TripleDES-CBC, AES-CBC, AES-CTR, DESCBC, CASTS-CBC, BLOWFISH-CBC, TWOFISH-CBC f. Enter the encryption key used for the encryption in the previous step in the Encryption Key field. This can be ASCII text or hexadecimal digits. Click the Show/Hide button to display the key (Show) or as a series of dots (Hide). g. Select the authentication type from the Authentication drop-down box. The available options are: NULL, HMAC-SHA-1-96, HMAC-SHA-256-96, HMAC-SHA-256-128, HMAC-MD5-96, MAC-RESPEMD-160-96, ANY 96 bit authentication, ANY 128 bit authentication, ANY 192 bit authentication, ANY 256 bit authentication h. Enter the authentication key used for the authentication algorithm in the previous step in the Authentication Key field. This can be ASCII text or hexadecimal digits. Click the Show/Hide button to display the key (Show) or as a series of dots (Hide). 5. Click Decrypt to decrypt the packet trace.

Decrypting a Local Trace file 1. From Packet Analysis -> Trace Archive, either open the saved trace file or add a trace file. 2. Perform a Protocol Decode of the trace file. Select the trace file and click the Submit button. 3. Click on an ESP packet in the Protocol Decode view. 4. Click the IP SEC Decrypt

308

button.

TROUBLESHOOTING ISSUES 5. From the IP Security Configuration dialog box, enter the following information to configure the IP SEC decryption: a. Select the Protocol from the Protocol drop-down box. The available options are IPv4 and IPv6. b. Enter the IP address of the source of the encrypted flow in the Source IP field. c. Enter the IP address of the destination of the encrypted flow in the Destination IP field. d. Leave the SPI (Security Parameter Index) in the SPI field as the default asterisk (*). e. Select your encryption type from the Encryption drop-down box. The available options are: NULL, TripleDES-CBC, AES-CBC, AES-CTR, DESCBC, CASTS-CBC, BLOWFISH-CBC, TWOFISH-CBC f. Enter the encryption key used for the encryption in the previous step in the Encryption Key field. This can be ASCII text or hexadecimal digits. Click the Show/Hide button to display the key (Show) or as a series of dots (Hide). g. Select the authentication type from the Authentication drop-down box. The available options are: NULL, HMAC-SHA-1-96, HMAC-SHA-256-96, HMAC-SHA-256-128, HMAC-MD5-96, MAC-RESPEMD-160-96, ANY 96 bit authentication, ANY 128 bit authentication, ANY 192 bit authentication, ANY 256 bit authentication h. Enter the authentication key used for the authentication algorithm in the previous step in the Authentication Key field. This can be ASCII text or hexadecimal digits. Click the Show/Hide button to display the key (Show) or as a series of dots (Hide). 6. Click Decrypt to decrypt the packet trace.

Packet View - Before and After IP SEC Decryption The screen captures below display a packet that is IP SEC encrypted and the decrypted version of that packet. See packet number 8 in the trace for the decryption/encryption.

309

nGeniusONE 5.4.1 Online Help Topics

310

TROUBLESHOOTING ISSUES

Saving a Trace File Remotely The Remote Save feature allows you to save a trace file to either the nGenius InfiniStream appliance, the nGeniusONE server, or to the user system. If saving an encrypted trace you have decoded, the decoded packets are saved in the new trace file.

To perform the Remote Save, do the following: 1. Enter a file name. 2. Select the file type from the drop-down box. 3. In the Save On section, select whether to save the file to the nGenius InfiniStream, the nGeniusONE server, or to your system. If saving to an nGenius InfiniStream appliance or the nGeniusONE server, select the folder into which you want to place the file. 4. Select either all packets or enter a range of packets to save. 5. Click Save to perform the save operation.

311

nGeniusONE 5.4.1 Online Help Topics

Bounce Charts in nGeniusONE From the Summary pane of the Protocol Decode view, you can select an IP (TCP, UDP, or SCTP) packet to launch a Bounce Chart view. The Bounce Chart displays the flow of packets exchanged in the stream to which the selected packet belongs. The Bounce Chart includes time data to enable you to do quicker response time analysis of the stream. The Bounce Chart displays the source and destination IP addresses and ports associated with the session. Note: You must select an IP-based packet (TCP, UDP, or SCTP) to launch a Bounce Chart. Each transaction on the connection is represented by a separate entry in the Bounce Chart that displays the following information: •

Packet number

•

Absolute Time

•

Packet Interpretation - contains the following information: o

Internet Protocol (IP) type

o

Destination Port

o

o

Source Port Packet Length

•

Latency Time

•

Interface name or trace file name

•

Packet direction - when you mouse over the arrow, the following displays: o

o

Destination IP address

o

Destination Port

o •

Source IP address Source port

Application Type (when column is selected using the Customize Columns feature)

Summary Panel Toolbar A toolbar is provided at the top of the Summary panel allowing you to perform the following operations, as shown in the image and described in the table below:

312

TROUBLESHOOTING ISSUES

Return to the Managed Entities (Data Mining or Trace Archive) screen Navigate to launched decode sessions Stop Mining. This stops data mining and returns the results it has accumulated. Launch Quick Filter Direction of packet flow. You can choose left to right only (--->), right to left only (<---), or both directions (<--->) Customize Columns Save As View Options Scroll Up one packet Scroll Down one packet Select the packet number you wish to view Top packet Bottom packet Go to Marked frame Exit the Bounce Chart Session and return to the Protocol Decode The following conditions apply to the Bounce Chart view: • You can launch (per user) a maximum of eight Bounce Chart views and filter sessions combined. • Bounce Chart views must be launched from the Summary pane of the Protocol Decode view; you cannot launch a Bounce Chart view from a Protocol Decode while the decode is in process. If you click the Stop Decode the Bounce Chart feature is available.

button to stop a decode,

313

nGeniusONE 5.4.1 Online Help Topics

Viewing Bounce Charts From the Summary Toolbox of the Protocol Decode view, you can select an IP (TCP, UDP, or SCTP) packet to launch a Bounce Chart view. The Bounce Chart displays the flow of packets exchanged in the stream to which the selected packet belongs. The Bounce Chart includes time data to enable you to do quicker response time analysis of the stream. The Bounce Chart displays the source and destination IP addresses and ports associated with the session. Note: You must select an IP-based packet (TCP, UDP, or SCTP) to launch a Bounce Chart. Click here for information on Enhanced Bounce Charts. Each transaction on the connection is represented by a separate entry in the Bounce Chart that displays the following information: • Packet number • Absolute Time • Packet Interpretation - contains the following information: o

Internet Protocol (IP) type

o

Destination Port

o

o

Source Port Packet Length

• Latency Time • Interface name or trace file name • Packet direction - when you mouse over the arrow, the following displays: o

Source IP address

o

Source port

o

Destination IP address

o

Destination Port

• Application Type (when column is selected using the Customize Columns feature) The following conditions apply to the Bounce Chart view: • You can launch (per user) a maximum of eight Bounce Chart views and filter sessions combined. • Bounce Chart views must be launched from the Summary pane of the Protocol Decode view; you cannot launch a Bounce Chart view from a Protocol Decode while the decode is in process. If you click the Stop Decode the Bounce Chart feature is available.

button to stop a decode,

To launch a Bounce Chart, click a packet in the Summary Panel of the Protocol Decode view and click the Bounce Chart button. When a Bounce Chart opens, the view splits and the new view looks like the following image:

314

TROUBLESHOOTING ISSUES

Summary Panel Toolbar A toolbar is provided at the top of the Summary panel allowing you to perform the following operations, as shown in the image and described in the table below: Return to the Managed Entities (Data Mining or Trace Archive) screen Navigate to launched decode sessions. Stop Bounce Chart. This stops data mining and returns the results it has accumulated. Launch Quick Filter Direction of packet flow. You can choose left to right only (--->), right to left only (<---), or both directions (<--->) Customize Columns View Options Save As Click to access online help Close decode. This closes the Bounce Chart and returns you to the previous Protocol Decode view. Scroll Up one packet Scroll Down one packet Select the packet number you wish to view

315

nGeniusONE 5.4.1 Online Help Topics

Go to First packet Go to Last packet Go to Marked frame Exit the Bounce Chart Session and return to the Protocol Decode

316

TROUBLESHOOTING ISSUES

Printing (Export) a Trace File The Print to File (Export) feature allows you to export any or all of the Summary, Detail, and Hex panes from a data trace to a Comma Separated Value (.CSV) file for printing or other file operations. You can print all the packets in a trace or a range of packets. You can export data from a decode session performed in Data Mining or on files in the Trace Archive. Note: Some Enhanced Decode fields are not included when performing a trace file print (export) The Relative Time columns are not included when performing a trace file print (export)

To use the Print to File feature, do the following: 1. Enter a file name (in the text box next to File Name) for the export file. When the file is exported, it is placed in your browser Download folder. 2. Ensure that Comma Separated values (*.csv) is selected in the drop-down box next to File Type. This feature currently only supports export to CSV files.

317

nGeniusONE 5.4.1 Online Help Topics 3. In the Export What section, you can select to export any or all of the following by checking the box next to the name: Summary, Detail, Hex. 4. In the Packets section select whether you want to export All Frames or a range of frames (Frames Range). If you select a range of frames, you can enter a single packet number or a group of packets. To export a single packet, enter the packet number. To export a group of packets, enter the first packet number, a dash key (), and the last packet number. If you wish to export more than one single packet or range of packets, separate the values you enter with commas. 5. Click OK to export the packets or Cancel to quit this screen. 6. Depending on your browser, you may be prompted whether you want to save or print the file. 7. Look in your browser Download folder for the export (CSV) file.

318

TROUBLESHOOTING ISSUES

Quick Filter From the Summary panel of the Decode View, you can choose the Quick Filter menu option to run a Context, Connection, or Application Filter on your trace data. To use the Quick Filter: 1. Click a packet in the Summary View 2. Click the Quick Filter

button.

3. A dialog box opens with information relevant to the packet you selected; select the type of filter operation you wish to perform (Context, Connection, or Application)

Connection Filter

319

nGeniusONE 5.4.1 Online Help Topics

Application Filter

Context Filter 4. You can automatically run the filter as displayed or you can customize the filter further. See the Filter Constructor topic for more information on filter syntax. 5. Click Apply. The filter automatically runs and the filtered data is displayed.

320

TROUBLESHOOTING ISSUES

Using the Filter Constructor Creating and managing filters is an essential component of successful packet analysis. Filters help you isolate the information you need when you perform a protocol decode or view a trace file. Creating a filter allows you to define parameters that are represented in the filter as specific bit patterns. • When you apply a Data Mining (pre-capture) filter to a protocol decode, every packet detected on the selected interface is compared to the bit pattern defined by your filter. All packets that match the filter criteria are copied to the capture buffer. • When you apply a post-capture filter to a protocol decode, each packet in the file is compared to the filter to further define your focus. Note: If you use Advanced Terms in a filter, that filter is only supported as a postcapture filter. A message displaying This filter uses Advanced Terms. Advanced Terms are only supported in post-decode filters appears in the Status Bar when using Advanced Terms. Also, post-capture filter files do not appear in views where only Data Mining filters are supported.

Filter Builder Topic Sections The Filter Builder topic is broken into the following sections. Click the link to go to the appropriate section: • The Filter Constructor Dialog Box • Filter Management • Filter Operations • Filter Operators • Filter Terms • Basic Terms • Advanced Terms • Filter Syntax • Viewing Filtered Packets • Saving Filters

Filter Management You can create a filter as a Shared or Private filter. Shared filters are visible by all users of nGeniusONE. Any user can use, edit, rename, or delete shared filters. The Private filters are only available to the user who created them for use, modification, and deletion.

Filter Operations There are three basic filter operations: create, rename, and delete. The table below explains the procedure for each operation.

321

nGeniusONE 5.4.1 Online Help Topics

Operation

Procedure

Create

To create a new filter, click on Shared or Private (in the Filter List section) and click the New button. The Filter Builder automatically adds a filter_ (time in epoch). When you open the Filter Builder, there is a filter_ (which is blank) filter file in the Filter List you can use to create a new filter.

Edit

To edit a filter, click on the filter name in the Filter List. The syntax appears in the Expression area. You can edit directly from there.

Rename

To rename a filter, click on the filter in the Filter List and click Rename. Enter the new name in the dialog box that appears and click OK.

Delete

To delete a filter, click on the filter in the Filter List and click Delete. Click OK in the dialog box to confirm the filter delete.

Filter Operators Use the following operators to create your filter: Operators ()

Optional parentheses you can put around the expression. For example, (ip==10.2.3.4)

==

Equals

!=

Does not equal

&&

And

||

Or

!

Do not include packets that have the specified term - used as ! (filter term) Note: Only one filter term is supported with a NOT operator.

and

And

not

Do not include packets that have the specified term - used as not (filter term) Note: Only one filter term is supported with a NOT operator.

or

Or

Filter Terms There are two types of filter terms - Basic Terms and Advanced Terms.

322

TROUBLESHOOTING ISSUES Basic Terms – There are standard terms provided as part of packet analysis infrastructure without having to decode the packets. These terms offer quicker filter results. Basic Terms can be used in both pre- and post-capture filtering. Basic Terms - used for data mining or post-capture filtering application

Type of application (for example, application==FTP or application!=Telnet. The list of available applications corresponds to the list of active applications in nGeniusONE Global Settings)

eth

Ethernet (MAC) address (aa:bb:cc:dd:ee:ff format, for example eth==08:00:8c:01:02:03)

eth.src

Source Ethernet (MAC) address (aa:bb:cc:dd:ee:ff format, for example - eth.src==08:00:8c:01:02:03)

eth.dst

Destination Ethernet (MAC) address (aa:bb:cc:dd:ee:ff format, for example - eth.dst==08:00:8c:01:02:03)

ethernet

Ethernet address (MAC) information

ip

IP Address in octet form (for example - ip==192.168.200.12)

ip.src

Source IP Address in octet form (for example ip.src==192.168.200.12)

ip.dst

Destination IP Address in octet form (for example ip.dst==192.168.200.12)

ipv6

Internet Protocol version 6 information (for example ipv6==fda2:7043:e658:e556:0123:4567:89ab:cdef)

Advanced Terms – These are standard terms provided as part of packet analysis infrastructure and require packet decode. These terms are slower providing filter results. Advanced terms are restricted to post-capture filtering. Advanced Terms - used for post-capture filtering When entering terms, if you put a period (.) character after the term, a list may appear (if available for that term) with more specific terms to allow you to drill down further into the packet data. 802_1ad

IEEE 802.1 AD information

802_1ah

IEEE 802.1 AH information

802_1q

VLAN 802.1Q information

ansi_map

ANSI Map information

application

Application type - Free text (for example application==http)

bpdu

Bridge Protocol Data Unit information

browser

Browser information

323

nGeniusONE 5.4.1 Online Help Topics

cisco_vntag

Cisco Virtual Network tag information

cpim

Common Profile for Instant Messaging information

disl

Cisco Dynamic Inter-Switch Link information

dsmcc

Digital Storage Media Command and Control information

dssetup

Directory Services Setup information

eps_mm

Evolved Packet System Mobility Management information

eps_sm

Evolved Packet System Session Management information

eth

Ethernet (MAC Address) information

ethernet

Ethernet (MAC Address) information

eurex_emdi

Eurex Enhanced Market Date Interface information

fc

Fibre Channel information

fc_els

Fibre Channel Extended Link Service

fcoe

Fibre Channel over Ethernet information

fip

Fibre Channel over Ethernet (FCoE) Initiation Protocol

iccp_mms

Inter-Control Center Communications Protocol Multimedia Message Service information

ice_impact_m

ICE iMpact information

ima

Independent Management Architecture information

imsi

International Mobile Subscriber Identity

ip

Internet Protocol information

ipars

International Program Airline Reservation System information

ipv4

IP version 4 information

ipv6

Internet Protocol version 6 information

ise_mdi_fast

International Securities Exchange Market Data Interface FAST information

isl

Cisco Inter-Switch Link information

isup

ISDN User Part information

lcc ldap

Lightweight Directory Address Protocol information

llc

Link Layer Control information

lse-gtp

324

TROUBLESHOOTING ISSUES

lse_mitch m3ua

MTP Layer 3 User Adaptation Layer information

map

Mobile Information Part (MAP) information

matip

Mapping of Airline Traffic over Internet Protocol information

mime

Multi-Purpose Internet Mail Extensions information

mpls

Multi-Protocol Label Switching information

ms_oxcrpc

Microsoft Exchange Remote Procedure Call information

msisdn

Mobile Station Integrated Services Digital Network

ospf

Open Shortest Path First information

packet

Packet information

pattern[-]

You can search on the hexadecimal pattern in the Hex pane of the Protocol Decode view. For more information, see the Pattern Filter topic. Note: After the word pattern, enter the beginning and end data offsets (use decimal numbers for the byte numbers) in brackets (for example, pattern[2629]==0a0a000a).

plain_text port

Port Number (integer or range of integers between 1 - 65535; for example - port==1024, port==80-1024)

port.src

Source Port Number (integer or range of integers between 1 65535; for example - port.src==1024, port.src==80-1024)

port.dst

Destination Port Number (integer or range of integers between 1 65535; for example - port.dst==1024, port.dst==80-1024)

ppp

Point-to-Point Protocol information

ptc_c ptc_d rtpevent

RTP Event information

sctp

Stream Control Transmission Protocol information

sctp _data

SCTP data information

sender_compid Value used to identify firm sending packets sgsap

SGs intergace Application Part information

sip

Session Initiation Protocol information

sipfrag

SIP fragment information

325

nGeniusONE 5.4.1 Online Help Topics

sms_im

Short Messaging Service Instant Message information

ssl

Secure Socket Layer information

target_compid Value used to identify firm receiving packets tcp

TCP Information

tcp.port

TCP Port Number (integer or range of integers between 1 - 65535; for example - tcp.port==1024, tcp.port==80-1024)

tcp.src

TCP Source Port Number (integer or range of integers between 1 65535; for example - tcp.src==1024, tcp.src==80-1024)

tcp.dst

TCP Destination Port Number (integer or range of integers between 1 - 65535; for example - tcp.dst==1024, tcp.dst==801024)

text

Text in Detail or Summary panes. To search in the Summary pane use the text.summary=="text" convention. To search in the Detail pane use the text.detail=="text". Note: Enter the text to be searched in double quotes.

tls

Transport Layer Security information

tos

Type of Service (integer [decimal or hexadecimal]; for example tos==12, tos==12b)

udp

UDP Information

udp.port

UDP Port Number (integer or range of integers between 1 65535; for example - udp.port==1024, udp.port==80-1024)

udp.src

UDP Source Port Number (integer or range of integers between 1 65535; for example - udp.src==1024, udp.src==80-1024)

udp.dst

UDP Destination Port Number (integer or range of integers between 1 - 65535; for example - udp.dst==1024, udp.dst==801024)

url

Uniform Resource Locator (web site, for example url==www.netscout.com)

vlan

Virtual LAN information

xml

eXtensible Markup Language information

xre

XML User Interface Language (XUL) Runtime Environment information

Protocol-Specific Advanced Terms When entering terms, if you put a period (.) character after the term, a list may appear (if available for that term) with more specific terms to allow you to drill down further into the packet data.

326

TROUBLESHOOTING ISSUES

alp

Appliance Link Protocol information

amex

American Express credit card information

arp

Address Resolution Protocol information

bfd

Cisco Bidirectional Forwarding Detection information

bgp

Border Gateway Protocol (BGP) information

bittorrent

BitTorrent Protocol information

bssap

BSS Application Part information

bssap+

BSS Application Part Plus information

bssgp

BSSGP (Base Station System GPRS Protocol) information

cdp

Cisco Discovery Protocol information

cgp

Common Gateway Protocol information

citrix

Citrix protocol information

citrix_cgp

Citrix CGP information

citrix_ica

Citrix Independent Computing Architecture (ICA) information

dhcp

Dynamic Host Control Protocol information

dhcpv6

DHCP version 6 information

diameter

Diameter protocol information

discover

Discover credit card information

dns

Domain Name Service information

ftp

FTP (File Transfer Protocol) information

hsrp

Hot Standby Router Protocol information

hsrpv2

Hot Standby Router Protocol version 2 information

http

Hypertext Transmission Protocol information

ibm_mq

IBM Market Query information

genband

GENBAND information

gprs_gmm

General Packet Radio Services (GPRS) GPRS Mobility Management information

gprs_llc

General Packet Radio Services (GPRS) Logical Link Control information

gprs_sm

General Packet Radio Services (GPRS) Session Management information

327

nGeniusONE 5.4.1 Online Help Topics

gprs_sndcp

General Packet Radio Services (GPRS) Sub Network Dependence Convergence Protocol information

gsm_dtap

Global System for Mobile Communications Direct Transfer Application sub-Part information

gsm_rp

Global System for Mobile Communications Relay Protocol information

gsm_sms

Global System for Mobile Communications Short Messaging Service

gtp_prime

GTP (GPRS Tunneling Protocol) information

gtpc_v1

GTP version 1 information

gtpu

GTP version 1 information

gtpv2

GTP version 2 information

hsrp

Hot Standby Router Protocol information

hsrpv2

Hot Standby Router Protocol version 2 information

http

HTTP information

ibm_mq

IBM WebSphere MQ information

ica

Citrix Independent Computing Architecture (ICA) information

ica_sb

Citrix ICA Server Browser Flow information

icmp

ICMP (Internet Control Message Protocol) information

ldap

Lightweight Directory Address Protocol information

loop

Configuration Testing Protocol (Loop) information

maestro_debit Maestro pre-paid MasterCard information master_credit

MasterCard credit card information

mbcp

Media Burst Control Protocol information

mop_rc

Maintenance Operations Protocol Remote Console information

msrp

Message Session Relay Protocol information

mysql

My SQL protocol information

netb

Microsoft NetBIOS information

netflow

NetFlow datagram information

nsip

Network Services over IP information

ntp

Network Time Protocol information

oracle_sql

Oracle SQL information

328

TROUBLESHOOTING ISSUES

oracle_tns

Oracle Transparent Network Substrate information

pim

Protocol Independent Multi-Cast information

ranap

Radio Access Network Application Part protocol information

rtcp

RTP Control Protocol information

rtp

Real-Time Protocol information

rtsp

Real-Time Streaming Protocol information

s1ap

S1 Application Protocol (S1AP) information

sccp

Skinny Client Control Protocol information

sccp_ss7

SCCP Signaling System number 7 information

sdp

Session Description Protocol information

sip

Session Initiation Protocol information

smb

Server Message Block protocol information

smb2

SMB version 2 protocol information

smbmsp

SMB Mail Service Protocol information

smbtcp

SMB on TCP information

snap

Sub-Network Access Protocol information

snmp

Simple Network Management Protocol information

soap

Simple Object Access Protocol information

ssdp

Simple Service Directory Protocol information

ssh

Secure Shell (SSH) information

tcap

Transaction Capabilities Application Part information

tds

Tabular Data System Protocol information

telnet

Telnet protocol information

union_pay

UnionPay credit card processing information

vrrp

Virtual Router Redundancy Protocol information

wins

Windows Internet Naming Service information

xcap

XML Configuration Access Protocol information

xmpp

Extensible Messaging and Presence Protocol information

x2ap

X2 Application Protocol information

To build a filter, enter syntax using the following terms. When you finish entering terms, click Apply to run the filter (without saving) or Save to save the filter:

329

nGeniusONE 5.4.1 Online Help Topics Note: The Apply button is active only in post-capture filters.

The Filter Constructor Dialog Box When you click the Filter Constructor

button, the Filter Constructor dialog box appears.

When the Filter Constructor dialog box is opened, the Expression screen is blank and there are no filters selected. You can choose a variety of operations to perform: • Enter filter syntax • View filtered packets • Click on a filter to display its Filter Terms and/or apply the filter • Run a Quick Filter

330

TROUBLESHOOTING ISSUES

Filter Syntax

To enter filter syntax, type the terms, operators, and options in the Expression screen. The terms are described in the Filter Terms section. The Expression screen is red when there is incorrect syntax. The Expression screen turns green when correct syntax is entered. For example, you could enter the following in the Expression screen: (ip==10.2.3.4) and (port!=80) if you wanted to get packets that contain the IP address 10.2.3.4 and come on all ports except 80. For most applications listed in the table, you can enter only the application name in the Expression screen and click Save or the Apply button. This automatically saves/executes a filter that just searches for packets matching the selected application. To clear out the information in the Expression screen, click the Clear

button.

If you do not enter any value with a Filter Term and the Expression screen turns green, this means you can filter on packets that contain that particular field. When entering Filter Terms, if you close the Filter Constructor and reopen it before exiting the particular decode session, the information in the Expression Screen is saved for you. Filter Term Granularity When entering terms, if you put a period (.) character after the term, a list may appear (if available for that term) with more specific terms to allow you to drill down further into the packet data. Select the appropriate granulated term from the drop-down list to filter on a

331

nGeniusONE 5.4.1 Online Help Topics more specific attribute of a Filter Term. Some examples of the granulated terms contained in the drop-down boxes are in the following images:

332

TROUBLESHOOTING ISSUES

Viewing Filtered Packets After you build or load a capture filter, the packets that meet the filter conditions are displayed in a new Protocol Decode view. You can return to the previous decode session by clicking the Navigate to Launched Decode Sessions button . From the previous decode session, you can load or build a different filter to see other packet data from the original trace. Click the Filter Constructor button and build or load another filter. You can have up to eight filters or Bounce Chart sessions running concurrently. You can also create another filter from the packets that you filtered previously. Click the Filter Constructor button

and build or load another filter.

You can have up to eight filters running, whether they are separate filters or nested filters. Packets that were previously filtered display with different colored lines.

Saving Filters When you apply a filter, the filter terms automatically save into the Private folder with the name last_filter. When you create a filter and want to save it, click the Save in the save dialog box:

button and enter a name

333

nGeniusONE 5.4.1 Online Help Topics

Other ways to save filters are: • When you click the Add Filter

button in either the Shared or Private folder, add

your filter terms, and click the Save

button, the filter is saved with a system

generated name. You can click the Rename Filter name.

button and change the filter

• When you click the Add Filter button in either the Shared or Private folder, add your filter terms, the filter is given with a system generated name. You can click the Rename Filter

button, change the filter name, and click the Save

• Select the last_filter, click the Rename Filter name.

334

button.

button, and change the filter

TROUBLESHOOTING ISSUES

Using the Pattern Filter You can search on a particular byte pattern by doing the following: There are two ways to use the Pattern filter term. 1. This method involves using a predetermined pattern and knowing on which bytes you find that pattern. a. Determine the pattern and the byte offset on which you want to search. b.Launch the Filter Constructor. c. Enter the byte offset (in decimal) and the byte pattern (hexadecimal) to search (for example, pattern[26-29]==0a0a000a) in the Expression screen. d.Save or click Apply to filter on the desired pattern. 2. This method involves selecting a particular pattern from the Detail pane of the Decode window. a. Open a Decode window. b.From a packet that contains the pattern you wish to search, click the desired pattern in the Detail Pane.

c. Click Apply to start the filter operation.

335

nGeniusONE 5.4.1 Online Help Topics d.The filtered results display.

336

TROUBLESHOOTING ISSUES

Using Compare Mode in nGeniusONE The Decode display provides a Compare mode that lets you simultaneously view the Summary, Detail, and Hex panel decodes for two packets. The following procedure explains how to use Compare mode. 1. Start by selecting the first packet for comparison by clicking its entry in the Summary panel. This is the "anchor" packet – once you are in Compare mode, you can compare any other packet to it by selecting entries in the Summary panel. 2. Click the Compare button

at the top of the Decode display.

3. Select the second packet for comparison by clicking its entry in the other Summary panel (it appears on the right of the anchor packet Summary panel). The Summary, Detail, and Hex panels show the decodes for the two packets side-by-side with the anchor packet initially on the left. 4. You can change the second packet selected for comparison by clicking another packet in the Summary panel. 5. You can also change the Decode session on the right hand pane. See Comparing Packets from Two Different Decode Sessions for more information. 6. Change the anchor packet using either of the following methods: • Double-click the Summary panel of the packet to be used as the anchor. • Exit Compare mode, select a new packet as an anchor, and then reenter Compare mode.

337

nGeniusONE 5.4.1 Online Help Topics

Summary Panel Toolbar A toolbar is provided at the top of the each pane allowing you to perform the following operations, as shown in the image and described in the table below: Return to the Managed Entities (Data Mining or Trace Archive) screen Navigate to launched decode sessions. Customize Columns Scroll Up one packet Scroll Down one packet Select the packet number you wish to view Go to First packet Go to Last packet Expand or collapse window panel Expand or Collapse all layers in Summary window Click to exit the Compare Decode window (right hand pane only)

Comparing Packets from Two Different Decode Sessions You can change the decode session on the right hand pane by clicking the Navigate to Launched Decode Sessions Decode sessions.

338

button. A dialog box opens that displays all of the open

TROUBLESHOOTING ISSUES From this dialog box, you can perform one of the following tasks: • Change the Decode session by clicking on another session in the list • Close a Decode session by clicking the x button After you select another Decode session, it opens on the right hand pane. Packets that were filtered in other Decode sessions display with different colored highlights around the packet.

339

nGeniusONE 5.4.1 Online Help Topics

Customizing Packet Analysis User Settings You can adjust user settings using this dialog box. This allows you to customize the Decode view.

Colorize Filtered Packets - When you apply a filter, the filtered packets display with a different color. Time Format - Use the radio button to display time in 12- or 24-hour format (for example, 05:26:00 PM [12-hour] or 17:26:00 [24-hour]) Default Save On - When running a trace file export, you can set the default device to display in the drop-down box (nGeniusONE, InfiniStream, Desktop)

340

TROUBLESHOOTING ISSUES

Quick View The View Options allow you to set the following: • Time - you can set the granularity of packet data to seconds, milliseconds, microseconds, or nanoseconds. • All Layers/Top Layers - you can select to view all layers or just the top layer in the Summary View pane. • Resolved/UnResolved - you can select whether to display the resolved name or unresolved MAC and IP addresses in the Source and Destination columns of the decode summary pane. This function supports both the inner and outer IP addresses of tunneled packets. • Tunneled IP - you can select whether to display the inner or outer IP address of a tunneled packet in the Summary pane. By default, the outer IP address is displayed. • Column Display Option - you can select whether to view all the columns you selected to display in the window (each column compresses to fit) or view as full size columns where you scroll across the window to view columns that run out of the window. • Set/Reset Relative Mark - you can select a particular packet in a data trace as a baseline for timing packets (by default, the Relative Mark is set for the first packet). The Relative Time column calculates the time difference (up to the nanosecond) from the marked packet. Packets above the marked packet display negative numbers and packets below the marked packet display positive numbers. Note: When launching an Enhanced Decode, the Relative Mark feature is automatically set to the first packet.

341

nGeniusONE 5.4.1 Online Help Topics

342

TROUBLESHOOTING ISSUES

Navigate to Launched Decode Sessions You can change the decode session on the right hand pane by clicking the Navigate to Launched Decode Sessions Decode sessions.

button. A dialog box opens that displays all of the open

This dialog box displays all of the active decode sessions. Filtered decodes are located under the original Packet Decode and have a Filter-x (x being a number) designation. Enhanced Decodes have an (E) designation after the session name. From this dialog box, you can perform one of the following tasks: • Change the Decode session by double-clicking on another session in the list • Rename a Decode session by clicking the rename icon in the dialog box that appears • Close a Decode session by clicking the • Stop a session mining by clicking the

and changing the name

button button

• When examining a filtered session, click the For example:

button to see the filter information.

343

nGeniusONE 5.4.1 Online Help Topics

Additional Topics Enhanced Bounce Chart Bounce Chart views display the flow of packets exchanged in the stream to which a selected packet belongs. With an nGenius InfiniStream, Enhanced Bounce Chart views are also available. Enhanced Bounce Charts display timestamps in packets exchanged between a pair of hosts through multiple network segments. As packets hop across the network, many factors can delay these packets. Enhanced Bounce Charts help you find where these delays occur. nGeniusONE supports bounce charts with up to seven hops for TCP or UDP streams. On an InfiniStream (or multiple InfiniStream systems), you can launch an Enhanced Bounce Chart view on up to seven physical interfaces. While Bounce Charts are available for TCP-, UDP-, or SCTP-based applications, Enhanced Bounce Charts are supported for TCP- or UDP-based applications only. You can run up to eight Bounce Chart or filter sessions concurrently. To launch an Enhanced Bounce Chart view: 1. From the Packet Analysis -> Data Mining view, select up to seven InfiniStream physical interfaces on which you wish to perform the Enhanced Bounce Chart. To select additional interfaces, press the key and click on all interfaces you wish to have in the Enhanced Bounce Chart. Note: this version of nGeniusONE only supports the Enhanced Bounce Chart on interfaces that reside on a single InfiniStream. 2. Select the Start and End date/time. 3. (Optional) Select a Data Filter from the drop-down list. 4. Click Submit to start the Protocol Decode. 5. From the Protocol Decode view, select a packet on which you want to see the Enhanced Bounce Chart. 6. Click the Bounce Chart button. The Enhanced Bounce Chart displays. You can see the Latency Time, direction of the packet, and on which interface the packet was captured.

344

TROUBLESHOOTING ISSUES

Summary Panel Toolbar A toolbar is provided at the top of the Summary panel allowing you to perform the following operations, as shown in the image and described in the table below: Return to the Managed Entities (Data Mining or Trace Archive) screen Navigate to launched decode sessions. Customize Columns View Options Launch Quick Filter Direction of packet flow. You can choose left to right only (--->), right to left only (<---), or both directions (<--->) Stop Bounce Chart. This stops data mining and returns the results it has accumulated.

345

nGeniusONE 5.4.1 Online Help Topics

Go Up/Down by one packet Select the packet number you wish to view

Go to First/Last packet Go to Marked frame Exit the Bounce Chart Session and return to the Protocol Decode

Quick Filter From the Summary panel of the Decode View, you can choose the Quick Filter menu option to run a Context, Connection, or Application Filter on your trace data. To use the Quick Filter: 1. Click a packet in the Summary View 2. Click the Quick Filter

button.

3. A dialog box opens with information relevant to the packet you selected; select the type of filter operation you wish to perform (Context, Connection, or Application)

346

TROUBLESHOOTING ISSUES

Connection Filter

Application Filter

347

nGeniusONE 5.4.1 Online Help Topics

Context Filter 4. You can automatically run the filter as displayed or you can customize the filter further. See the Filter Constructor topic for more information on filter syntax. 5. Click Apply. The filter automatically runs and the filtered data is displayed.

Using the Pattern Filter You can search on a particular byte pattern by doing the following: There are two ways to use the Pattern filter term. 1. This method involves using a predetermined pattern and knowing on which bytes you find that pattern. a. Determine the pattern and the byte offset on which you want to search. b.Launch the Filter Constructor. c. Enter the byte offset (in decimal) and the byte pattern (hexadecimal) to search (for example, pattern[26-29]==0a0a000a) in the Expression screen. d.Save or click Apply to filter on the desired pattern. 2. This method involves selecting a particular pattern from the Detail pane of the Decode window. a. Open a Decode window.

348

TROUBLESHOOTING ISSUES b.From a packet that contains the pattern you wish to search, click the desired pattern in the Detail Pane.

c. Click Apply to start the filter operation. d.The filtered results display.

Show Graph View The Show Graph View provides an additional level of visibility into TCP packets by graphically displaying additional TCP information derived from the packets contained in the Enhanced Decode. To launch the TCP Graph: 1. From the Enhanced Decode view, click the Show Graph View

button.

2. The TCP Graph displays in the Summary pane of the Enhanced Decode view. The left-hand Y axis displays the TCP Window size in bytes. The right-hand Y axis

349

nGeniusONE 5.4.1 Online Help Topics

displays the TCP Bytes in Flight value in bytes. You can toggle the X axis to display packet times or packet numbers. Any additional TCP information derived by Packet Analysis is displayed in the TCP Graph.

3. You can click the available fields in the view to show or hide them. 4. You can also click the Toggle X axis packet number.

TCP Graph Displayed over Time

350

to display the TCP Graph by time or by

TROUBLESHOOTING ISSUES TCP Graph Displayed by Packet 5. To return to the standard Summary view (exit the TCP Graph), click the Show Table View

button.

Quick View The View Options allow you to set the following: • Time - you can set the granularity of packet data to seconds, milliseconds, microseconds, or nanoseconds. • All Layers/Top Layers - you can select to view all layers or just the top layer in the Summary View pane. • Resolved/UnResolved - you can select whether to display the resolved name or unresolved MAC and IP addresses in the Source and Destination columns of the decode summary pane. This function supports both the inner and outer IP addresses of tunneled packets. • Tunneled IP - you can select whether to display the inner or outer IP address of a tunneled packet in the Summary pane. By default, the outer IP address is displayed. • Column Display Option - you can select whether to view all the columns you selected to display in the window (each column compresses to fit) or view as full size columns where you scroll across the window to view columns that run out of the window. • Set/Reset Relative Mark - you can select a particular packet in a data trace as a baseline for timing packets (by default, the Relative Mark is set for the first packet). The Relative Time column calculates the time difference (up to the nanosecond) from the marked packet. Packets above the marked packet display negative numbers and packets below the marked packet display positive numbers. Note: When launching an Enhanced Decode, the Relative Mark feature is automatically set to the first packet.

351

nGeniusONE 5.4.1 Online Help Topics

352

TROUBLESHOOTING ISSUES

ISOLATING UC ISSUES Introduction to UC Server The nGenius Unified Communications Server (UC Server) solution is used to troubleshoot issues with audio and video streams and associated signaling for Voice or Video over IP. This licensed product is integrated with the nGeniusONE Server. These topics provide usage information for the UC Server views, along with basic configuration requirements. The following sections provide a brief introduction to key concepts pertaining to this product. • UC Enabled Views • Deployment Overview • Example Workflows

353

nGeniusONE 5.4.1 Online Help Topics

UC Enabled Views and Features When an nGeniusONE Server is licensed for UC Server features, the following views and updates are available from the nGeniusONE Server: • UC Server Views: Access to these analysis views is done either through the Call Search application, available from the nGeniusONE dock, or by drilldown from the Media Monitor, available from the nGeniusONE Service Monitor dock icon. The views are: o Conversation View: available as a drilldown from Call Search or Media Monitor o Streams View: available as a drilldown from Media Monitor or from Conversation View. o Single Call View: available as a drilldown from Call Search or from Streams View • Media Monitor: This Service Monitor provides additional metrics and drilldowns to and from UC Server features. When a license is configured on the nGeniusONE server, this monitor replaces the default RTP Monitor from the Service Monitor dock icon or from drilldowns in the Unified Communications Dashboard and Discover My Network module available from the nGeniusONE Console (RTP Monitor is still available from within the Universal Monitor). • Call Server Monitor integration: The UC Server Call Search application includes an icon to open Call Server Monitor with the selected context, and an icon to open a Call Server Session analysis tab in the Call Search application. Drilldown from Call Server Monitor to UC Server views is not supported. Related Features In addition to the analysis tools above, a UC Server license enables UC-specific features in the following nGeniusONE modules: • Dashboard / Spaces / Spaces Configuration - UC views / UC Dashboard available • Service Monitors - drilldowns are enabled from UC features to certain monitors • Global Settings - additional configuration options and metrics are visible in the Voice/Video tab • Service Configuration - Media is available as a monitor type; additional service templates and alarm profile options are available • Reporting - additional metrics are available. • Server Management - Use this module to enable/disable user privileges related to UC analysis.

354

TROUBLESHOOTING ISSUES

Deployment Overview: UC Server A UC Server deployment is an assessment and analysis architecture that gathers data on voice and video quality from multiple strategic instrumentation points along the call path, from endpoints and optionally call data from Lync Servers and Cisco Call Managers (when a UC Lync Collector is integrated to the deployment). Whether the service is voice or video, desktop or dedicated room, soft client or fixed phone, common analysis algorithms enable data assessments that are derived from RTP packet headers and payloads and signaling traffic. At the head of this architecture is the UC Server-enabled nGeniusONE Server, which collects data from dedicated, passive InfiniStream appliances, or from dedicated UC Lync Collectors that aggregate relevant third-party data. The UC Server specifically analyzes ASRs mined directly from data sources and correlates these with conversation data and with UC-KPI data collected by the nGeniusONE Server from InfiniStream appliances. UC Server features are available on nGeniusONE server deployments. The UC Server software is automatically installed with nGeniusONE Server software, although the features are enabled by a license. The UC Server runs in an independent web server process but is accessed like any other nGeniusONE application, through the nGeniusONE console. For details on setting up server configurations, refer to the nGeniusONE online help and nGeniusONE Administrator Guide. Data Sources The UC Server features are based on UC-KPI, UC conversation and ASR data collected from InfiniStream appliances configured to monitor RTP, SIP /SIP_SCTP / SIP_TCP, SCCP, and Q931/H323 traffic. To support analysis of Microsoft Lync and Cisco CDR records, add a UC Lync Collector to the deployment. InfiniStream Appliances Properly configured InfiniStream appliances enable analysis of voice and video media and signaling in nGeniusONE RTP Monitor, by default. This analysis is provided by the UC-KPI tables and ASR tables. Enabling the UC Conversation table on an InfiniStream appliance enables it to supply additional, required information to support certain UC Server views. InfiniStream appliances must be running v5.3 Patch, or later. UC Lync Collector Analysis of Microsoft Lync audio and video records and Cisco CDR data is available when integrated with a UC Lync Collector to collect and convert records to ASI format. The UC Lync Collector is added as an InfiniStream appliance using the nGeniusONE Server’s Device Configuration utility, although the records are only utilized by certain UC Server views (Conversation data are not available from UC Lync Collectors). Note that this collector is not related to nGenius Voice | Video Manager Data Collectors or nGenius 3300 Collectors and that the nGenius Voice | Video Manager Data Collectors and nGenius Voice | Video Engines do not interoperate with UC Server. Note: The UC Lync Collector is specifically intended to monitor audio and video records. Other record types managed by Microsoft Lync Server are not applicable.

355

nGeniusONE 5.4.1 Online Help Topics Servers This section provides an explanation of server details that are mentioned in the UC Server online help. UC Server The UC Server features are supported by a process that independently collects, computes, and correlates certain metrics and generates views. It performs separate database and mining activities from those for standard nGeniusONE applications. nGeniusONE Server Users access UC Server views using the nGeniusONE Console. The nGeniusONE Server is also used to manage devices and configure the applications, thresholds and profiles for use by the data sources. These are set using the nGeniusONE Device Configuration interface and Global Settings. Following are the nGeniusONE modules that enable or provide access to UC Server functionality: • nGeniusONE Console: Call Search is launched directly from the nGeniusONE Console; Media Monitor is launched from the Service Monitor collection • Service Dashboard: A Unified Communication tab provides drilldown to Media Monitor • Discover My Network: From the Media view in this module, an option is available to launch either RTP Monitor or Media Monitor • Global Settings: The Voice/Video tab includes additional sub-tabs for customizing Thresholds, Device Profiles, and Endpoint profiles. Settings in this tab only apply to UC views • Server Management: Configure user roles and privileges for access to certain features • Device Configuration: Add UC Lync Collector to the nGeniusONE Server • Service Configuration: Media is available as a monitor type; additional service templates and alarm profile options are available • Alarms: The alarms generated for configured alert profiles allow triggers to be created for the following metrics: Problematic MOS % Problematic Jitter % Problematic Packet Loss % Average Active Streams Problematic Out-of-sequence (%) Percentage of Streams with DTMF • Reporting: Services created for use in UC Server views can be used as templates to create scheduled reports • Spaces / Spaces Configuration: UC views are available when configured in the Spaces Configuration tool nGenius Voice | Video Manager Server Existing nGenius Voice | Video Manager deployments integrated with an nGeniusONE Server can be converted to a UC Server deployment. The existing nGenius Voice | Video Manager license can be applied toward a UC Server license. Deployments without an nGeniusONE Server do not require purchase of a new UC Server license, but do require

356

TROUBLESHOOTING ISSUES addition of an nGeniusONE Server. Customers with these configurations who wish to upgrade their deployment should contact support for guidance. Note that InfiniStream appliances configured for integration with nGenius Voice | Video Manager will continue to derive Payload Processing Profile and Endpoint (Device) profiles from that server. The profile configurations set in the nGeniusONE Server’s Global Settings> Voice / Video tab are not used by InfiniStream appliances configured to support nGenius Voice | Video Manager. However, those appliances can still be enabled to collect and route UC Server data to the nGeniusONE server.

357

nGeniusONE 5.4.1 Online Help Topics

Example Workflows Following are examples of how UC Server views can be used for analysis and troubleshooting: • User Complaints: A user has complained about a quality issue experienced on a recent call or about a recent failed call. • UC Dashboard Alarm: An alarm has been raised indicating there is a problem. User Complaints A user complains about a problem he or she has experienced. Such complaints will typically be raised via the IT helpdesk (Tier 1 support). The helpdesk function may perform an initial investigation, or may pass the ticket to a secondary IT team. The complaint may be for a failed call (such as number unobtainable) that will have no media streams. Context information provided by user: • User’s phone number or username (or possibly extension) • Remote phone number/username (optional) • Time and date for the issue experienced (the time window related to a specific user complaint is usually fairly well defined; searches are limited to one hour). Context information provided by operator: • Service Definition(s) to use for the workflow. This is typically configured during the system setup, but the operator will need to know which one applies (if there multiple definitions, say, for assorted regional areas) Procedure 1. Access the Call Search application from the nGeniusONE console and enter the user information and time window to launch detailed views. 2. A list of matching calls is displayed, including a ‘media call-health’ indicator for each call (where available) to highlight which calls are problematic and enable selection of the relevant call or calls. The view also shows the media health of the two communities (Calling Party and Called Party) involved in each call. Note: Failed calls are also shown, without media health, but the error (status) code indicates an issue. 3. If the relevant call is not shown or more records are needed, the previous hour of calls can be retrieved by clicking the button at the bottom of the table, up-to a time limit of 12 hours or the maximum number of calls. 4. If needed, identify problem calls by sorting the columns. The value of certain columns, such as health, is generated dynamically and therefore not keyed for sorting. 5. When a specific call row is of interest, select the row and launch the Conversation view to see the conversations between communities that are causing issues, or launch the Single Call View can be launched to display all related streams and a network view diagram with all monitoring points shown.

358

TROUBLESHOOTING ISSUES UC Dashboard Alarm If an alert profile has been configured for a UC service, triggers manifest in the Unified Communications Dashboard of the nGeniusONE Console. This alarm contains context information used for drilldown to UC views. Context information provided by Dashboard: • Monitored element (InfiniStream/interface) • Metrics used to generate the alarm • Alarm type (application/metric) • Time and date • Service Definition Procedure 1. Drilldown from UC Dashboard to the Media Monitor, which provides more detail on the problem, including which community is manifesting an issue. 2. From within Media Monitor, select the problematic row, then: • Launch a UC Conversation Summary tab. This highlights approximate traffic flows, summarizes metrics for the call, and provides additional drilldown options including a Results Assistant. • Launch a Streams View tab 3. Filter and sort the result set to show only problem streams (e.g., MOS < 2.5) and try to identify patterns. 4. Select a single problem stream and construct a network view to help locate the source of the issue.

359

nGeniusONE 5.4.1 Online Help Topics

Getting Started

Overvew This section provides brief instructions for configurations required to supply data to the UC Server views and how to access the views. For details working with appliances, refer to administrator guides for those systems. For details working with nGeniusONE Device Management/Global Settings, refer to nGeniusONE online help. • Data Source Configuration • Server Configuration • Accessing UC Server Features • Navigation • General Usage

360

TROUBLESHOOTING ISSUES

UC Data Source Configuration Two sources supply data for UC Server views, InfiniStream appliances, and UC Lync Collectors. Following are key configuration changes to make to support the UC Server features: InfiniStream Appliances Note: InfiniStream appliances must be running v5.3 Patch, or later. For detailed instructions setting up an InfiniStream appliance, refer to the nGenius InfiniStream Administrator Guide. Access the Agent Utility from the appliance command line and set the following: • Ensure the Config Server Address is that of the nGeniusONE Server associated with the UC Server configuration. • Access the Protocol Options menu and set Voice and Video Quality to on. This enables collection of UC-KPI metrics for use in RTP Monitor, Media Monitor, and all UC Server views. • Access the Select Interface menu and, for each interface on which you are monitoring UC traffic • Ensure Toggle enable xDR is on. This option is required for Call Search, Session Analysis drilldowns, and for the Streams view in Media Monitor and Single Call view drilldown. • For each interface monitoring UC traffic, ensure Change interface type is set to Enterprise. For Service Provider deployments, review specific considerations for your configuration type. • If the traffic is tunneled, also set Tunnel Parsing on. • Although any virtual types valid for RTP analysis can be used, the following vifn_modes are applicable for use with Media Monitor. It is important to note that UC Server views are peer-to-peer based and therefore virtual keys pertaining to client-server are not relevant. Only certain keys associated with these virtual types are applicable for drilldown workflows to other UC views. • • • • •

vlan qos site vlan-qos site-qos

• Access the utility command line and set the following to enable collection and tracking of UC conversations and advanced data contained in RTP ASRs such as Echo Delay, CQ and LQ MOS: set asi uc_conv on set vq supplement_asr_data on • If payload assessment is desired, also configure the following from the command line: set vq payload on

361

nGeniusONE 5.4.1 Online Help Topics Note that payload processing is a computationally intensive activity. If processing resources are limited, use the Global Settings>Voice/Video tab on the nGeniusONE Server to tune payload processing priorities. • If grouping by geography or area code/prefix is desired, set the command community_type to geo_ip, or to phone_num (additional steps are required). • If applicable to your environment, for use of other nGeniusONE modules, you can enable a-cdm outer_ip to on to use outer IP Addresses in tunneled packets, rather than inner IP addresses. Note that this is not required for UC session data. For example, UC Streams View and Single Call Viewalways show both inner and outer IP addresses. • Note that when Community Health is unavailable, drilldowns to Conversation/Streams Views from Call Search are not available. After above configurations, reset the agent. For detailed instructions on the above, refer to the Agent Administrator Guide. UC Lync Collector This optional appliance can be configured to route MS Lync audio and video records and/or Cisco CDR data to the nGeniusONE server, for display in UC Server views. Note: Details for setup of the UC Lync Collector are provided in the UC Lync Collector Administrator Guide. Subsequent to the UC Lync Collector being installed and networked, ensure the following: • From the UC Lync Collector, ensure the system is configured to point to the nGeniusONE Server that is licensed as a UC Server. Refer to the UC Lync Collector Administrator Guide for details. • Configure the MS Lync and/or Cisco CDR data sources to route to the UC Lync Collector. • From the nGeniusONE Server, access the Device Configuration utility and add the UC Lync Collector to the nGeniusONE Server. Set the Type to nGenius InfiniStream and be sure to provide a Name that indicates the unit is a UC Lync Collector. Note: nGenius Voice | Video Engines and nGenius Voice | Video Data Collectors are not supported for integration with UC Server.

362

TROUBLESHOOTING ISSUES

Configuring nGeniusONE for UC Server Refer to the following as a brief guide to required configurations to support UC Server features. Configurations for this product are managed on the nGeniusONE Server. UC Server The UC Server features are enabled by a license either directly on the nGeniusONE Server or nGeniusONE Standby Server. In any of these cases, no additional software installation or configuration is required to enable the UC features. Note: Before you can use UC Server features, you must enable the license for it. To convert an existing nGenius Voice | Video Manager Server license to a UC Server license, contact your NetScout representative for guidance. User Management The UC Server views support the following privileges set using nGeniusONE Server Management > Users > Roles: • UC Call Search Launch: Display Call Search icon in nGeniusONE Console if user has this privilege. If the user manages to launch the UC Call Search directly (e.g. via the URL) a dialog box with an error message is displayed after the user clicks Launch from the Call Search Home tab. • UC Media Streams: Drilldown to Streams Views and Single Call Views are available when the user has this privilege. • Session Analysis Drilldown: This privilege allows drilldown from UC Views to Call Server Session Analysis. • Packet Analysis - General Access: Enables drilldown to decodes from Single Call View and Streams View. • View User Identity: If the user does not have this privilege, the left four characters of certain user identity fields are masked using an "x" character. Note: The View User Identity privilege is used to toggle display of the identity elements and associated user plane transactions (IMSI IDs, MSISDN IDs, IMEI addresses, NAI usernames, URIs and URLs, and email addresses) in several applications, including the UC Server views. This privilege does not affect the identity values in Packet Decodes. For environments that require it, administrators should also disable the Packet Analysis-General privilege. To configure visibility based on user role: 1. As an Administrative user, access nGeniusONE Server Management > Users. 2. Select the Roles tab. 3. From the left pane, select the role associated with the user group you would like to mask or unmask the identities. If desired, create and select a new user role. 4. With the desired role selected on the left, then, from the right pane, scroll to the privilege (for example: View User Identity). 5. To hide the IDs for the user role, uncheck the associated check box. To enable the IDs to be viewed by that role, check the associated box. 6. Click Save.

363

nGeniusONE 5.4.1 Online Help Topics 7. Users must refresh their login for the changed user roles to take effect. Device Configuration Access the Device Configuration utility and ensure that InfiniStream appliances and UC Lync Collectors are known to the nGeniusONE Server. If not, add them using this utility, selecting the nGenius InfiniStream as the Device Type for both cases. Use the Name field to provide a label to help you differentiate InfiniStream appliances from the InfiniStreambased UC Lync Collectors. Note that these appliances must be running v5.3 or later for compatibility with UC Server features. Global Settings The nGeniusONE Server is used to configure consistent application/protocol options for all data sources in the deployment. Details for working with the tabs below are provided in the nGeniusONE online help. Use the following as a guide, adjusting for your traffic types: • Business Types tab The UC Server features and associated protocols are accessible by default with the Enterprise business type. If some voice protocols do not appear to be available in Global Settings, try also enabling the Service Provider business type. • Applications tab > Multimedia list Ensure the following applications / protocols are enabled, as applicable for your traffic: o Media analysis: For all environments, enable response time for RTP, Audio, Video; ensure ASRs are enabled for RTP. Optionally, enable MSB and MPEG2-TS. These are displayed in Conversation View and supported for pass through context to UC Streams View. o Signaling analysis: SIP / SIP_SCTP / SIP_TCP, SCCP, Q931/H323. For SIP configurations, all three SIP types (SIP, SIP_SCTP, SIP_TCP) should be configured to ensure consistent results for this application when launching Call Server Monitor from Call Search or Call Server Session Analysis tab in Call Search. • Enterprise tab The UC Server applications leverage the Client and Server Communities and VIP List tabs. • Voice/Video tab This tab contains sub-tabs to customize Thresholds, Endpoint Profiles, and Processing profiles. Note that Gap metrics are disabled by default by setting Threshold values to 0; values must be entered for Gap results to appear in the UC Views. In cases where an environment has been migrated from an nGenius Voice | Video Manager deployment, these configurations replace customizations previously done manually on the InfiniStream appliance and on the nGenius Voice | Video Manager Server. Service Configuration The UC Server Call Search application requires an Application Service definition be created; there are none created by default since each environment is unique. The Call Search application recognizes definitions with at least one signaling protocol; it is also

364

TROUBLESHOOTING ISSUES recommended to include RTP and at least one of Audio or Video. Details for using the Service Configuration tool are provided in the nGeniusONE online help; use the following as a guide for creating UC-specific services: Monitor type: For the "Monitor" selection, optimally choose Media, although Call Server and RTP are supported. Advanced Voice Statistics is also supported, however note that use of this service type will yield signaling results only; no media, unless media protocols are added to the service definition (allowed, although media protocols are not used in Advanced Voice Statistics monitor). Location Key orientation preference: This setting is not applicable for peer-to-peer applications. Alert profiles: Optionally create an alert profile to associate with this service, and set the triggers for alarms to support notification/drilldown from the Unified Communications Dashboard of the nGeniusONE Console. Service Members: Select the option to Add Service Members, and then add the mix of protocols that are applicable for your environment. Without this step, the Service Name list is empty in Call Search, although Media Monitor does support selection by Monitor Name and a named Monitored Element. • Required: RTP and one or both of Audio, Video; Optional: MSB, MPEG2-TS • Signaling (at least one required): SIP, SIP_TCP, SCCP, Q931/H323; note that SIP_SCTP and H.245 can be included in a service definition, but these protocols are not used in Call Search. They are passed through when drilling down to Call Server Monitor. For SIP analysis, select both SIP and SIP_TCP. Signaling is not required for use of Media Monitor but is for other UC views and end-to-end workflows. Note: • To use the Media Monitor, no additional configuration is required. When the nGeniusONE Server is enabled with a UC Server license, the Media Monitor is automatically enabled. By default, the RTP Monitor is then accessible only from the Universal Monitor. • Service Definitions can include location keys, however these are not used within Call Search itself. Keys are applicable upon drilldown from Media Monitor. For definitions including location keys, be aware that keys which are applicable in Service Monitors, including Media Monitor, may not be applicable to Call Search and other UC Server views. Relevant keys to use are QoS, Codec ID and VLAN. For example, RAT Type is not applicable to Streams view, and Site is not applicable for drilldown (as from Media Monitor) so the context of the Site key is not forwarded through drilldown workflows. • Note that in cases where the monitoring appliance is configured with vifn_mode set to site, the service definitions intended for use with that appliance and RTP Monitor or Media Monitor must have the "Orientation preference for Location Keys" set to Client.

365

nGeniusONE 5.4.1 Online Help Topics

UC for Service Providers Configuration This topic augments the UC Server configuration topics for Data Sources and the nGeniusONE Server. Service Provider deployments are supported with a variety of configuration options, particularly on data sources, whereas Enterprise deployments have a single interface type and a smaller set of applicable virtual interface modes. For UC Server views, there are particular configuration options applicable for monitoring RTP/SIP over GTP-U tunnels in Service Provider environments. Use this topic as a guide for the configuration options to consider. Data Source Considerations Review the following configuration options to understands how your InfiniStream appliance configurations may affect output in UC Server views. Interface Types: The following interface types are applicable for Service Provider use of UC Server views, use the corresponding set mobile_params command to configure your appliance: • S5/S8-GTPv2 or Gn • S11 (for S1 user plane traffic) • SGi or Gi (for Mg or Mw links, with RTP traffic) • IMS-Access (for deployments monitoring Mb (media) links) • IMS-Auxiliary (for deployments monitoring Mb (media) links) For reference, the following table depicts the expected traffic when a data source is configured with the indicated IMS Interface type. Interface Target Network Node Type Setting

IMS Links

Protocol

IMS-Access* P-CSCF, MGW

Gm, Rx, Rf, Mb*

SIP, Diameter (Rx)

IMSAuxiliary*

MRF-C, MRF-P

Mr, Mp, Mb*, Rf

SIP

BGCF, MGCF

Mi, Mj, Mk, Rf

IBCF, TrGW

Mm, Ix, Ici, Izi*, Rf

ATCF

Mw, Mx, Iq

I-CSCF, S-CSCF

Mw, Mx, I2, Cx, Rf

MGCF

Mg, Mn

HSS/HLR

S6a, MAP, CAP

IMS-Core

IMS-Services AS

ISC, Ma, Sh, MAP, CAP, Rf

SIP

SIP, Diameter (Sh), MAP, CAP

*Media Interface UC Server views are predicated on RTP analysis, which is not applicable when the data source is configured with the following Interface Types: • Gb

366

TROUBLESHOOTING ISSUES • IMS-Core • IMS-Services • • • • • • • • • • •

Iu-PS P-H Pi MSS RNC R-P S1 S102 S2a/PMIPv6 S2b_GTPv2 SGs

vifn_modes: Although any virtual types valid for RTP analysis can be used, it is important to note that UC Server views are peer-to-peer based and therefore virtual keys pertaining to clientserver are not relevant. The following vifn_modes are applicable for use with Media Monitor, note however that certain keys (see service definitions, below) associated with these virtual types are not applicable to drilldown workflows to other UC views. • • • • •

vlan qos site vlan-qos site-qos

nGeniusONE Server Considerations Service Definitions are required for Call Search and are often used to create custom monitor views. For definitions including location keys, be aware that keys which are applicable in Service Monitors, including Media Monitor, may not be applicable to Call Search and other UC Server views. Relevant keys to use are QoS, Codec ID and VLAN. For example, RAT Type is not applicable to Streams view, and Site is not applicable for drilldown (as from Media Monitor) so the context of the Site key is not forwarded through drilldown workflows.

367

nGeniusONE 5.4.1 Online Help Topics

Accessing UC Server Features UC Server features can be accessed from the nGeniusONE Console. From there, the following launch points are available after the configurations and licensing are complete: • Drilldown to Media Monitor from the Unified Communications Dashboard of the nGeniusONE Console • Launch Call Search directly from the nGeniusONE Console. If this icon is not visible, ensure that the nGeniusONE Server was restarted after installation of the UC Server license and verify user privileges. • Launch Media Monitor from the Service Monitors icon; this monitor replaces RTP Monitor in the Service Monitors icon collection when the UC Server license is installed. (RTP Monitor is still available within the Universal Monitor module.) Note that supported minimum browser versions are: • Microsoft Internet Explorer v9 • Firefox v18 • Chrome v24

368

TROUBLESHOOTING ISSUES

UC Launch Points Certain UC Server views can be launched from the Media Monitor. The Call Search application can launch the same views as well as a Call Server Session Analysis tab, the Call Server Monitor, and the Media Monitor. This section describes the launch points for the assorted views when an nGeniusONE Server is enabled with the UC Server license. Note: When the data for a selected row are provided from the UC Lync Collector, drilldown is disabled for features that are not applicable, such as Conversation View. Here are the launch points and navigational workflows: • From nGeniusONE Console launch Call Search application: The following features are accessed using icons on the Call Search toolbar and displayed as tabs within the Call Search application, except where noted. o

Launch Conversation View tab Display Conversation Results Assistant Launch Streams View tab

o



Launch Single Call View tab



Launch Packet Decode tab



Display Streams View Results Assistant

Launch Single Call View tab Launch Packet Decode tab Display Single Call Results Assistant

o Launch Session Analysis tab (Call Server Monitor Session Analysis displayed in Call Search application) o Launch Call Server Monitor separate application tab)

(Contextual drilldown opens as a

o Launch Media Monitor (Contextual drilldown opens as a separate application tab; the views below display in the Media Monitor as separate tabs in Media Monitor) From within Media Monitor, launch Conversation View tab From within Media Monitor, launch Streams View tab • From nGeniusONE Console > Service Monitors launch Media Monitor • From Service Dashboard >Unified Communications tab launch Media Monitor • From Search & Discover, queries applicable to UC applications offer drilldown to Media Monitor

369

nGeniusONE 5.4.1 Online Help Topics

Navigating Call Search When you create a view from the Home tab of the Call Search application, the Call Search Summary tab is displayed along with tools to simplify navigating the additional tabs/views you may open while working in Call Search. Each time you Launch a new view from the Call Search Home tab, that view is listed separately in the View navigation menu available by clicking the menu at the top left of the Call Search display area. Each time you launch a sub-tab within a Call Search view, a blue button for that tab is added to the Tab navigation menu along with blue icon

at the left of the view itself.

This topic reviews how to use the View navigation menu to switch between Call Search instances and to use the Tab navigation menu to switch between sub-tabs and to close sub-tabs. Note: Launching Media Monitor and Call Server Monitor from within Call Search opens a separate main tab in the nGeniusONE Console, rather than a sub-tab in Call Search. For this reason, the monitors do not appear in the View Navigation list. View Navigation • To display the views: Click the title at the upper left of the Call Search module. To hide the list without changing the active view, click the title again. This example shows the Call Search display with individual views for UC Data and Regional Call services, opened from the home tab. The active view, in blue, is Regional Calls.

370

TROUBLESHOOTING ISSUES

• • To switch between views: Display the list of views, then click the title of the view you want to make active. • To close a view: You can either close Call Search by clicking the X on the main tab in the nGeniusONE Console, or you can close individual Call Search views. From the View navigation menu, click the X on the view title. Note that closing a view also closes all its associated sub-tabs (Sessions or Conversations, for example). A prompt displays to confirm that you want to close the entire view, including the tabs. To close individual tabs, see below. • To create a new view: Click the menu option for Open New View to display the Home tab. Alternatively, click the Home icon navigation pane (below).

at the bottom left of the Tab

Tab Navigation Each Call Search view has a collapsible navigation pane at the left side of the display area. Each time you open a tab or sub-tab within the view, a blue or gray vertical bar is added to the left navigation pane. You can navigate within a view by clicking the colored bars, or by expanding the navigation pane and clicking the tab label, as illustrated below.

371

nGeniusONE 5.4.1 Online Help Topics

• Expand or collapse the tab navigation pane: Click the navigation icon aligned to the top left row of the Call Search view contents. Click it again to collapse the pane. You can navigate the tabs in either mode. • Navigate tabs/sub-tabs: Click the label or colored bar to load the tab into the view. • Close a tab / sub-tab: Parent tabs are grey; child tabs (sub-tabs) are shades of blue. Closing a parent tab will also close the child tabs, as described below. You cannot close the Summary tab. To close a tab, expand the navigation pane and click the X to the right of the tab name. In the example above, clicking X on either of the of the Packet Decode tabs closes those individual tabs. Clicking the X on the Sessions List tabs that have a Packet Decode sub-tab also closes those Packet Decode sub-tabs that were created by drilldown from the Sessions list. There is no confirmation when you close a tab group.

372

TROUBLESHOOTING ISSUES

General Usage: UC Server Following are general guidelines for working with UC Server views. For details working with specific views, refer instead to those topics: • Working with the Call Search Application • Working with the Media Monitor • Using the Conversation View • Using the Streams View • Using the Single Call View Drilldown to Call Server Monitor, a standard nGeniusONE monitor, is described in Launch Points. For more details using Service Monitors, refer to Working with Service Monitors. Guidance for using the Service Monitors is provided in the nGeniusONE online help. Understanding Health and Status Indicators: Throughout the UC views, the Green/Amber/Red indicators represent status or health as described below. Community Health: Selected metrics are used for computation of health. In all cases, a problematic condition is indicated when the metric falls in the Warning/Critical bucket as per threshold settings as defined in the nGeniusONE>Global Settings>Voice/Video tab. The following boundaries are represented in these views: Acceptable: No metric was problematic for more than 5% of the total stream time for all streams going to or from that community during the time period. Warning: At least one metric was problematic within 5% and 20% of the total stream time for all streams going to or from that community during the time period. Critical: At least one metric was problematic for more than 20% of the total stream time for all streams going to or from that community during the time period. N/A: Community health not available Media Flags (Call Search): In this view, Green/Amber icons indicate whether one of the following issues was found in the call: Single direction, Gaps, QoS Mismatch. If the icon is Amber, hover the mouse cursor over it for a tooltip indication of which issue contributed to the status. If no media streams are available, a "-" is displayed. Note that Gaps are not reported unless thresholds are customized. Media Health (Single Call View): These status icons indicate the worst metric status for a stream, they are not based on a 5% or 20% limit. If at least one metric falls in the category, the media health is

373

nGeniusONE 5.4.1 Online Help Topics assigned that category. Example: If one metric is in Critical and another in Warning, the Media Health is classified as Critical. Frequently Used Tools • Filter results : Narrow the results by filtering on specific values for each field (fields do not need to be displayed in the tab to match the filter; if the field appears as a selection in the filter dialog it can be used to narrow results). If needed, click this icon again to display the currently set filter options. Add multiple filter options using the + icon. If desired, you can specify whether the query should match records with all the criteria or match any one of multiple criteria. Click the Find button when ready to run the query. • Reset filter : This icon is enabled only when a filter has been set. Use it to clear the filter options. • Customize displayed columns : In addition to certain fixed metrics, panes that have this icon include a collection of metrics that can be displayed or hidden. Use this icon to customize which metrics are displayed in the associated pane. • Export displayed results (All, CSV, PDF, RTF) : Export All records or the currently displayed data (page) in one of three formats. The All option is exported only to CSV, and is limited to the maximum records for the current view (Call Search is 2,000; Streams is 10,000). In cases where all metrics are displayed in the view, the resulting table in output may be compressed; zoom into the document to view the data. Also note that since media data are mined per page, the dynamically generated results in the Call Search screen (Media Health, End Time, Duration) are not included in the export All output. • Save / Reapply / Reset settings : Use this tool to save and reset configurations changes you have made for the current view (Metrics, Chart vs Table display, View mode for charts with multiple modes such as IP Bearer or Summary). Selecting the Save option will save the settings for this view for the current user. To refresh the view with the settings previously saved, use the Reapply option. To revert the settings to the factory defaults, select the Reset option. There is no need to log out or restart the application for the settings to be applied; each new tab uses the modified settings (Reset does not modify the currently active tab). Note that the settings are saved for the logged in user and will be retained and reapplied when that user ID is used to log in each time. • Navigate available results : For certain views, the results table displays up to 50 results at a time. When more than 50 rows match the query, the Page navigation icons on the upper pane’s status bar are enabled with icons to jump to the start or end, or to a specific page number, and to move forward or backward through the results. The status bar indicates which set of 50 is currently displayed, along with the total number of records . Note that each time you navigate to a page, the next set of results is mined at that time. • Toggle table view : In certain graphical views, such as in the Conversation View tab, the presence of this icon indicates the view can be toggled between graphical and tabular form.

374

TROUBLESHOOTING ISSUES You can also perform the following actions in a table-formatted view: • Resize columns: You can change the width of any column. Hover your mouse cursor over the vertical separator between the column headings until the cursor changes to a gripper icon, then click and drag to adjust. • Sort columns: Click the heading of any column to sort a table by that field or metric. The entire table is sorted on that key, not just the currently displayed results. Click a column title multiple times to toggle sort order between ascending and descending. Note that dynamic columns such as computed call duration, start time, end time, community health, and media health cannot be sorted. Note that table columns in the Conversation View cannot be sorted. • Masking: The UC Server supports role-based masking of user identities. If the View User Identity privilege is disabled for the logged in user, data in certain fields (User/Extension, Calling Party, Called Party) are masked in the UC Server views. However, Call Search still supports querying an ID, with or without a wildcard. The matched result itself is displayed with the four right-most values replaced with an "x" character.

375

nGeniusONE 5.4.1 Online Help Topics

Licensing the UC Server After you have set up your UC Server deployment, you may need to obtain and install licenses. A license is required for any nGeniusONE Server that hosts the UC Server. Licenses are not required for data sources. Use the steps in the following sections to understand the types of licenses, how to use the MasterCare portal to register your software and obtain a license, and the options for installing the license. • Understanding License Types and Requirements • Registering a License • Installing Licenses

376

TROUBLESHOOTING ISSUES

Understanding UC License Types and Requirements Use the following to understand the types of licenses you may encounter with your UC Server deployment and what information to use from each for the different license type and licensing method. Note that you may receive multiple Registration Coupons that allow you to license more than one feature on a single component. License Types and Options Following are the license types applicable to UC Server components: • Evaluation: This time-based license requires a generated serial number (based on the software option code) and password, and a date reflecting the duration of the license. When your evaluation is complete, you can remove this key and install a Permanent license. • Permanent: This type of license requires a generated serial number (based on the software option code) and password, and a Host ID based on the MAC address of the component. Since the key is locked to the specific hardware, only install a permanent license when you are ready to deploy in a production environment. • Incremental: This license type supplements a permanent license to increase the number of supported streams or interfaces. The UC Server licenses must match the license configuration of the nGeniusONE Server. If the nGeniusONE Server has incremental licenses, then the UC Server requires matching UC Server incremental licenses. • Options: The following license options are available for UC Server. Review the option notes carefully to understand which are required for your deployment. o 180 (UC Server): Standard license for use when the nGeniusONE server is not enabled using a Workgroup or Standby license. o 185 (UC Workgroup Server): This option is required when the UC Server feature is added to an nGeniusONE Server with a Workgroup licenser. o 181 (UC Standby Server): This option is required when a Standby Server is configured for an nGeniusONE Server directly enabled with a UC Server license (180). o 182 (UC G.729 Codec): License additional features such as support for the G.729 codec. This license option is added along with the main server type (180 181, 185) on the nGeniusONE Server that manages the InfiniStream appliances. o N/A (UC Lync Collector): License for up to 10,000 streams; collection of Microsoft Lync and Cisco CDRs to ASI-based format; see note below under Data sources License Requirements All components of your deployment require a license except for InfiniStream appliances. Use the information in this section to understand when a license is required and when you might need to register or re-reregister to obtain a permanent license. Note that features may be licensed separately, so you may need to install more than one license per component to enable all feature combinations. • Servers: All servers that host the UC Server must be licensed.

377

nGeniusONE 5.4.1 Online Help Topics o Standalone Configuration: When the UC Server resides only on a standalone server, the license is installed directly on that nGeniusONE Server (180) or nGeniusONE Workgroup (185) server. o Standby Server: Standby servers require a separate license from that of the server that hosts the UC Server, since all licenses are locked to the Host ID. The UC Server features on that server have a separate license type (181). • Data sources: o The UC Lync Collector requires purchase of a license, although the license is not installed. In addition, for standard nGeniusONE implementations that include a UC Lync Collector along with probes, note that each UC Lync Collector consumes one Type1 license. o

nGenius InfiniStream appliances do not require licenses.

License Contents The information you use to enable a feature varies based on the method you use for licensing the component. Use the table below to understand the correct format to use for the two methods. License Confirmation via Web Page / Email

What to Enter in license.properties

Evaluation Keys Serial Number: 3116060977 Expiration Date: 08/17/2014 Password: f35e-635d-53d0-c3d3 Today’s Date: 07/17/2014 Software Option: 180

180.SERIAL_NUMBER = 3116060977 180.EXPIRATION_DATE = 08-17-14 180.PASSWORD = f35e-635d-53d0-c3d3

Trial Days: 30 Registration Key: 4671-e055-510e-f72a-060977 Product Name: UC Server Permanent Keys Serial Number: 316067745 Host ID: b932c91e Password: f150-51c5-5461-f4f4 Software Option: 182 Registration Key: 5ab6-8cb5-06d9-d0da-071121 Product Name: G.729 Codec Analysis Support

378

182.SERIAL_NUMBER = 316067745 182.PASSWORD = f150-51c5-5461-f4f4 182.HOSTID = b932c91e

TROUBLESHOOTING ISSUES

Registering a UC License Following are instructions to obtain a key based on new or existing licenses. Registering a Permanent License You will need to use the Registration Coupon from your shipment to generate a license. Use the procedure below for each of the coupons you have received: 1. Locate all Registration Coupons for which you need to generate licenses. 2. Access the NetScout MasterCare portal: https://my.netscout.com/Pages/mcplanding.aspx 3. Log in with your MasterCare user credentials. 4. Navigate to Support & Services and then to Download, Register and License Software. 5. Navigate to the link for UC Server. 6. Click the tab that corresponds to the type of license you are generating (Evaluation or Permanent). For an explanation of these types, refer to Understanding License Types and Requirements. 7. Click the link that corresponds to the component you are licensing. 8. First-time users of the software download pages, or users who have not accessed the page within a year of the last published EULA, need to accept an End User License Agreement (EULA). If the EULA displays, click the "I Agree" button. 9. The Product Registration page that displays allows you to enter the following required information: • Registration Key: Obtain this from the Registration Coupon you received with your product shipment. • Host ID: Although some products permit keying on an IP address, UC Server licenses are locked to the hardware. You must enter the Host ID of the component into this field. Obtain the Host ID by typing: ifconfig eth0 from the command line of the system. The ID is the last four bytes of the HW Address. For example, given output of eth0 Link encap:Ethernet HWaddr 00:25:90:01:24:1A, the Host ID is 9001241A. Note: For Incremental keys, the Host ID must match that for an existing permanent license. 10. Click the Submit button. 11. Your license information is displayed and is emailed to the address on file for the user account used to log into the MasterCare portal. Print the information to archive it and for use when you install the license on your nGeniusONE Server. Re-registering a License To convert an existing nGenius Voice | Video Manager Server license to a UC Server license, contact your NetScout representative for guidance.

379

nGeniusONE 5.4.1 Online Help Topics

Installing UC Licenses After registering the UC Server software and obtaining keys (see Registering a License), use the instructions below to install the license. 1. Initiate the licensing utility: • Linux — From the /rtm/bin directory, execute ./LicenseCL.sh. • Windows — From Start > (All) Programs > NetScout nGenius Server, select Update License 2. Enter the required information, clicking Next or pressing Enter after each entry: • Permanent — Serial number, password, MAC or IP address, and software option number • Incremental — Serial number, password, MAC or IP address, and software option number • Evaluation — Serial number, password, and expiration date 3. (GUI installations) When licensing is complete, click OK. 4. Restart the server.

380

TROUBLESHOOTING ISSUES

Working with the Call Search Application Overview The Call Search application retrieves call signaling and media ASRs from multiple nGenius InfiniStream appliances (monitored elements) deployed on your network and provides correlated quality diagnostics. Supplemental information is provided for each call, including a red/amber/green (RAG) analysis of media health and of the Community endpoints. Further analysis for selected calls is available from here, including a Conversation View and Single Call View. The UC Server Call Search application is accessible from the dock of a UC-licensed nGeniusONE Server. From the Home tab you can select service definitions (combinations of applications and monitored elements) and then query for a User ID, IP Address, or extension for a specific range of time. Service definitions must be created prior to using the Call Search view. Refer to Server Configuration for setup requirements. Details for using Call Search are provided in the following sections: • Using the Call Search Home Tab • Using Call Search Summary Tabs

381

nGeniusONE 5.4.1 Online Help Topics

Using the Call Search Home Tab The Call Search Home tab is the starting point to isolate data for many of the UC Server views. Although you can isolate data in the Media Monitor and then drill down to a UC Server view, if you have a specific ID and start time, the Call Search application offers a more direct path. As with Service and Traffic Monitors, the Home tab for Call Search is used to define the query criteria. Return to the Home tab to perform additional queries (each time you click the Launch button, a separate query is performed and a new Call Search Summary tab is opened). Following are guidelines for using the Call Search Home tab.

Icons/Buttons The following icons are available at the top right of the Call Search Home tab. Refresh Service List: If you have added or modified services after opening Call Search, you may need to refresh the Home Tab to retrieve the updates. Use the refresh icon

at the top right of the tab, as needed.

Return: If you access the Call Search Home tab using the home icon from within a Call Search sub-tab, you can return to that previous view using the Return icon This icon applies only when you have already opened a Call Search workspace. Help: Use the help icon Call Search application.

382

.

, as needed, to access contextual help for this tab of the

TROUBLESHOOTING ISSUES Create a Query To use Call Search, first select a service in the View pane, then specify a Keyword type and value for IP Address or User/Extension in the fields next to the Launch button. Service Name: As with Service Monitors, the left-hand pane of the Call Search Home Tab only displays Application Services that include minimum criteria for this query type. Services are created in the nGeniusONE Service Configuration utility. They must include the following Applications: RTP, one or both of Audio/Video, and at least one of SIP, SCCP, or Q931. Select one service from the displayed list. You can Search within the view pane by typing in the search field, indicated with a text string and icon

. Click to select the search field and then type a search string.

Services of the same type are grouped together under headings as shown above. You can double-click the heading to expand or collapse the list. In the above image, the RTP services are collapsed; the Call Server services are expanded. If your selected service is within a collapsed heading, a small, blue square appears on the heading to highlight the location of your selection. In the image below, the navigation highlight is on RTP, but the currently selected service name is inside the Call Server set.

After you select a service the right pane, User Defined Service Details populates with the details of the service definition. Before you click Launch for the selected service, you must provide either a User ID/Extension or an IP Address in the Show Calls for... keyword input field. Select the type and then enter the value. Keyword Type: Use this menu to specify whether the keyword is a User/Extension or IP Address. Keyword Field: You can enter part or all of the value to query. • User: This is a logon or user ID of a user - it can be characters and numbers, e.g., user123, as well as hyphen, dot, colon, underscores, forward slash, comma, semi-comma, @, #, and space. The user IDs can be user names or numbers as applicable for the signaling protocol in the selected service. At least four characters are required; mixed case is supported (case-insensitive); wildcards are not supported, although values are matched to any ID ending in those characters. Note that calls with the same ID (based on the last 6 digits as shown below) that occur within 10 seconds are potentially merged. For example, with the default of six, the following are merged: 123456 and +123456 855123456 and 123456 (merged value is the larger of the two, 855123456)

383

nGeniusONE 5.4.1 Online Help Topics 123456;abc and 123456 (characters after “;” are not used as part of the match, merged value is 123456;abc) But the following are not merged: 123456 and 456 (second ID is less than 6) 456 and 56 (neither ID is at least 6) The default number of digits can be overridden by setting the following property on the nGeniusONE Server. Add the following line to /opt/NetScout/rtm/bin/vvmserver.properties: callsearch.merge.extension.digits=N Where N is an integer from 4-20 • Extension: This is a phone extension number - This value can contain letters, numbers, underscores, forward slash, hyphen, dot, colon, comma, semi-comma, @, #, and space. The "+" character, also allowed, is primarily intended to support searches on calls with an international prefix of "+" but can be anywhere in the query string. At least four characters are required. Wildcards are not supported, although values are matched to any extension ending in those characters. Note: UC Server features support role-based masking of user identities. If the View User Identity privilege is disabled for the logged in user, certain fields (User/Extension, Calling Party, Called Party) are masked in the UC Server views. However, Call Search still supports querying an ID, even if masking is enabled. The matched result itself is displayed with the four right-most values replaced with an "x" character. For details on configuring user-based masking, refer to topics on customizing User Roles. • IP Address: This queries the Signaling Server and Signaling Client IPs (not the Domain/Media IP addresses). IPv4 and IPv6 addresses are supported; hostnames and wild cards are not valid for this query type. Netmasks are not supported. Valid examples are: 10.20.160.8 2001:0db8:1219:0000:0000:0087:aeb1:2be7 2001:db8:1219:0:0:87:aeb1:2be7 2001:db8:1219::87:aeb1:2be7 To specifically query records provided via UC Lync Collector, use a User ID or Extension since Signaling addresses are not available from these records. Time Selection: The default query duration is set to the Last Hour. As needed, select a different hour start time for your query. To start on an alternate date, select the menu option: Change custom period. A time and date dialog allows you to adjust the starting date and hour. Your custom setting is added to the selection menu for the duration of your current nGeniusONE login session or until you change the date/time again. The image below illustrates how the menu appears after a custom date and time have been set.

384

TROUBLESHOOTING ISSUES

Launch: After selecting criteria, click this button to initiate the query. After deduplication and merging, the oldest calls (up to 2000) are retrieved for display in the Call Search Summary tab.

385

nGeniusONE 5.4.1 Online Help Topics

Using the Call Search Summary Tab Each query from the Call Search Home tab opens a new Call Search Summary tab with a table of matched results. The tab title corresponds to the Service Name selected from the Home tab. Optimally, the initial query from the Home tab is specific enough to yield a focused set of records. However, Call Search can match up to 2,000 calls per query, displaying the results in pages of 50 records at a time. When more than 2,000 calls are matched, a message indicates this, and the first page is displayed. To change the start duration or other search criteria, return to the Home tab and specify the new criteria to create a new view.

For calls with signalling messages, including failed calls, the results displayed then vary based on the data source: • Data derived from InfiniStream appliances includes calls that have started and ended within the specified duration. • Data derived from UC Lync Collectors includes calls that have ended within the specified duration. Note that the oldest calls are matched, with the most recent of those displayed first. Also note that records with incomplete or missing media streams are included but indicated with a '-' in the Community Health column. Calls that are in progress are indicated with an icon in the Media Health column. If both sides of the call are missing media records, drilldown to conversation view is disabled. For calls with both audio and video media, each row includes indicator of both media types as shown here:

386

TROUBLESHOOTING ISSUES

This section describes how to interpret the results of the table and how to how to use the assorted tools to isolate details within the displayed results or perform drilldown and other actions. Interpreting Results The Call Search summary table includes the following columns, some of which are hidden by default. As noted in Customizing Results below, use the columns are displayed.

icon to adjust which

The following are user details displayed for both Calling and Called: • User: This is a logon or user ID of the user. • Extension: This is the phone number or extension used for the call. International calls are prefixed with a "+" symbol. • Domain (optional display): This value is either a hostname (such as a Cisco Call Manager), an IP address, or an actual domain (such as netscout.com) associated with the media. The following are overall call details: • Start Time: This is the start time of the call, based on signaling events in packet data. • Call Duration: Computed dynamically based on the call’s Start and End times. This column displays "In Progress" when appropriate. • Signaling IP Address (Client or Server): IP or hostname of the signaling server closest to the instrumentation point. The following represent attributes relating to the media: • Media Health: For calls with detected media, the overall worst status for each media type (audio alone, video alone, or audio and video may appear together) is displayed based on metrics derived from collected ASRs and the thresholds set in Global Settings> Voice / Video tab. For example, if a call has an OK status audio stream and a warning status video stream, this field will show the audio icon with an Acceptable status and the video icon with a warning status . Calls that are still in progress for the specified duration are indicated with an ongoing icon . Overall media health is not available when information is missing or incomplete, such as occurs when signing is present without media IP addresses or the addresses are present but no media is available. In these cases, the Media Health status is reflected with a broken call icon . Drilldown to a Conversation View is disabled in this case. (Try adjusting the search parameters to a different time range to ensure the start of the call is within the boundaries.) Status:

387

nGeniusONE 5.4.1 Online Help Topics

Acceptable: Indicates that no metric for the call was in the critical or warning category Warning: Indicates that at least one metric was in the warning category but none were in the critical category Critical: At least one metric for the call was in the critical category N/A: Media health not available N/A: Media not available • Media Flags: Displays either a green or amber status icon to indicate whether one of the following issues was found in the call: Single direction, Gaps, QoS Mismatch. When a flag appears you can hover over the icon to display which issue of these affected the call. If needed, drill down to the Streams view or Single Call view to see exactly which streams were affected by these issues. Note that Gaps are not reported unless thresholds are customized. • Media Community: The health for each Media Community’s (Calling or Called ) is based on analysis of several UC-KPI ingress and egress metrics (MOS, network degradation, Loss, Jitter, and so on) for each media type (audio or video) in same duration time period as the call search. These thresholds on which the Status is based (see below) can be adjusted in the nGeniusONE Server, Global Settings> Voice / Video tab. Icons for this column are: Type: : Health is based on Audio media : Health is based on Video media '-' : No media found in signaling for this portion of the call Status: Selected metrics are used for computation of health. In all cases, a problematic condition is indicated when the metric falls in the Warning/Critical bucket as per threshold settings as defined in the nGeniusONE>Global Settings>Voice/Video tab. The following boundaries are represented in these views: Acceptable: No metric was problematic for more than 5% of the total stream time for all streams going to or from that community during the time period. Warning: At least one metric was problematic within 5% and 20% of the total stream time for all streams going to or from that community during the time period. Critical: At least one metric was problematic for more than 20% of the total stream time for all streams going to or from that community during the time period. N/A: Community health not available

388

TROUBLESHOOTING ISSUES To view the specific metric(s) contributing to a Warning or Critical status, open a Conversation view and display the primary metric selector menu. • Audio IP/Port & Video IP/Port (Optional): These columns display the IP address and port for audio/video specific to the originating caller and callee. The supplemental details are displayed at the end of each row: • Status Code or Status Code Description (optional): The Status code column lists the error code, if available, associated with the signaling traffic for the stream. For a text interpretation, hover the mouse over the code or add the Status Code Description column using the column selection icon. Note that the error codes vary for each application type; a value of 1 for SCCP has different meaning than Q.931. • Application: The name of the signaling application associated with that call. Customizing Results There are a few ways to customize the displayed results and drill down to varying details. Adjust Columns: Use column sorting, if needed, to highlight areas of interest. The sort is performed on the entire data set, not just the displayed page. You can adjust column width by hovering your mouse cursor over the vertical separator between the column headings until the cursor changes to a gripper icon, then click and drag to adjust. Add or remove columns from the table, using the columns icon. Note that sorting is not available on columns with dynamically generated values such as media health, call end time, or call duration. Filter Results: If a large number of records are displayed, consider refining the results using the filter icon (described in Using Summary Tab Tools, below), or using the Query toolbar above the table to search within the results. Using Summary Tab Tools This section describes the toolbar options available in the Call Search view. Drilldown Options •

: Select this icon to display a Conversation View tab with the context of that row. This icon is enabled when the selected row includes a complete media stream for at least one party. Depending on the media status for audio and video for each party, different launch options are displayed in a pick list for this item. In this example, Party B’s Audio and Video are present, so it is possible to pick one of those to display a conversation view tab. Alternatively, you drill down to the Conversation View by clicking in the Community Health field of a row with media results (drilldown is disabled if the media is not detected for that community). If the row contains both audio and video media records, then clicking the Community Health field opens the Conversation View with audio results. Note that Conversation views are not applicable when the drilldown data is based on information derived from a UC Lync Collector.

389

nGeniusONE 5.4.1 Online Help Topics

•

: Also enabled when selected row includes media, select this icon to display a Single Call View tab with detailed analysis for that specific call.

•

: Use this icon to open a Session Analysis tab to examine details of the signaling applications associated with the selected row. This tab operates the same as session analysis in the nGeniusONE Call Server Monitor; usage details are not elaborated in this topic. This option is disabled when the selected row is derived from UC Lync Collector reports or when the connected user does not have View User Identity privileges.

•

: To analyze the selected context separately in Call Server Monitor, select this icon. Refer to those nGeniusONE online help topics for usage guidance. This icon is enabled for calls even with incomplete media or incomplete connections, such as failed calls.

•

: To analyze the selected context separately in the Media Monitor, select this icon. This monitor operates generally the same as nGeniusONE Service Monitors; however, it is available only with a UC Server license and includes unique drilldown options.

•

: Use this icon open contextual help for the tab.

Customization Options • Filter results : Narrow the results by filtering on specific values for each field (fields do not need to be displayed in the tab to match the filter; if the field appears as a selection in the filter dialog it can be used to narrow results). If needed, click this icon again to display the currently set filter options. Add multiple filter options using the + icon. If desired, you can specify whether the query should match records with all the criteria or match any one of multiple criteria. Click the Find button when ready to run the query. • Reset filter : This icon is enabled only when a filter has been set. Use it to clear the filter options. • Customize displayed columns : In addition to certain fixed metrics, panes that have this icon include a collection of metrics that can be displayed or hidden. Use this icon to customize which metrics are displayed in the associated pane. • Export displayed results (All, CSV, PDF, RTF) : Export All records or the currently displayed data (page) in one of three formats. The All option is exported only to CSV and is limited to the maximum records for the current view (Call Search is 2,000; Streams is 10,000). In cases where all metrics are displayed in the view, the resulting table in output may be compressed; zoom into the document to view the data. Also note that since media data are mined per page, the dynamically

390

TROUBLESHOOTING ISSUES generated results in the Call Search screen (Media Health, End Time, Duration) are not included in the export All output. •

View Options: You can use this option to toggle display format of values in the view. Note that, by default, certain fields are formatted as per nGeniusONE User Preferences. You can override these settings per view, then save settings if desired. Note that toggling these options causes column titles to change accordingly (e.g., ME Name to ME Alias). The options from this menu are: o Host Description: The values can be toggled between Name, IP Address, or full Name with Domain. If a name-based option is selected and the nGeniusONE server has record of a DNS-resolved name for that address, the name is displayed instead of the IP address. If no name is resolved, the IP address is still displayed. o Monitored Element (Not applicable to Call Search ): This toggle corresponds to the way the appliance is configured in Device Management. From there, an administrator can provide an Alias and a Name, in addition to the device Address. Selecting Alias, Name or Address in the view options dialog changes the column title and, if the administrator provided a value other than IP address for these, the corresponding value is displayed.

• Save / Reapply / Reset settings : Use this tool to save and reset configurations changes you have made for the current view (Metrics, Chart vs Table display, View mode for charts with multiple modes such as IP Bearer or Summary). Selecting the Save option will save the settings for this view for the current user. To refresh the view with the settings previously saved, use the Reapply option. To revert the settings to the factory defaults, select the Reset option. There is no need to log out or restart the application for the settings to be applied; each new tab uses the modified settings. (Reset does not modify the currently active tab.) Note that the settings are saved for the logged in user and will be retained and reapplied when that user ID is used to log in each time. • Retrieve More Data : Use this icon from the Call Search results status bar to retrieve the previous hour of calls and include these with the current collection of results. The total duration displayed at the top of the Call Search Summary tab is updated to include the new start time. Calls are appended to the list in date order; depending on the way you have sorted your table; if you sorted it based on Start time, they will appear at the end or the beginning of the table. This option is disabled when 12 hours or the maximum record limit (2,000) is reached. Also note that the Community Health for these additional records is calculated within that one hour set; the original records in the table are not used in the calculation. There is no option to retrieve the next hour. • Navigate available results : For certain views, the results table displays up to 50 results at a time. When more than 50 rows match the query, the Page navigation icons on the upper pane’s status bar are enabled with icons to jump to the start or end, or to a specific page number, and to move forward or backward through the results. The status bar indicates which set of 50 is currently displayed, along with the total number of records . Note that each time you navigate to a page, the next set of results is mined at that time.

391

nGeniusONE 5.4.1 Online Help Topics

Working with the UC Conversation View The UC Conversation view illustrates media activity based on a selection made at drilldown from Call Search or Media Monitor. This view is displayed as a tab within the drilldown application (Call Search or Media Monitor). Drilldown from Media Monitor requires the Community column be displayed in the Summary tab; similarly, if the Codec column is displayed in Media Monitor, that value is present in the Conversation view. Note: Drilldown to this view from data derived from a UC Lync Collector yields "No Data" as that appliance does not collect conversation metrics.

The illustrated activity is between the selected user community and associated key values (such as Codec, VLAN, or QoS) and any other communities with the same key values. These are represented in the view as the Target (primary) community and its Associated communities in a left and right pane as follows: Active Communities Map: The left pane provides a visual diagram that maps activity between the Target community and its Associated communities. Selections made here trigger dynamic updates in the Details pane, to the right. Details Pane: The right pane includes the following chart with additional details in tabs.

392

TROUBLESHOOTING ISSUES o Conversation Chart: This diagram provides a supplemental visual representation of ingress and egress data for the currently selected conversation in the Active Communities Map. o Additional Statistics tab: Detailed ingress and egress metrics based on conversations streams for currently selected community pair displayed in the Conversation Chart. o Over Time View tab: Visual chart representing underlying traffic and activity over time; these metrics are based on KPIs for all streams to and from the Target:Associated community pair. o Results Assistant tab: Information about metrics and underlying causes for the highest percentage of streams that violated either the warning or critical threshold. Use the details below for guidance working with these assorted panes.

Using the Active Communities Map The Active Communities map (left pane) reflects the most active (maximum of seven) conversations associated with the target community. If there are more than seven active conversations, those are grouped into an eighth community labeled "Other." The Target community is always displayed on the left, with the Associated communities leading out to the right. The set of Associated communities is ordered top to bottom based either on highest Average Activity or highest Average Problems (default). The currently selected Target:Associated pair whose data are reflected in the Details pane is indicated by a blue leader line between the pair that are also highlighted in light blue. The contents of the Details Pane are driven by the changes made in this map pane. Selecting any Associated community icon changes the Target:Associated community pairing, so it also updates the Details pane to match the new conversation pair.

393

nGeniusONE 5.4.1 Online Help Topics

Note: The Other Community is a special case of an associated community. It cannot be selected for analysis or to become Target. Additionally, the percentage of problems indicator on the connector between target and community is not populated. The streams value displayed on the connector reflects all streams in the map, not only the Others. Drilldown to a Streams view is not supported for this special community type. You can perform the following actions in this map: • Change Primary Metric: This menu provides the option of changing the primary metric to a different set based on either Audio or Video. The menu entries include the metric value and type, along with the direction and the target community. Note the following about this menu: o Changes made in this menu affect the Active Communities Map and the Conversation Chart. The details in tabs below the Conversation Chart are displayed independently of this metric selection. o The menu order varies based on the currently active metric type. If Audio is currently displayed, the alternate Audio metrics are displayed above a collapsed list of options for Video. Alternatively, if a Video metric is active,

394

TROUBLESHOOTING ISSUES the top portion of the menu displays video metrics, with Audio metrics in a collapsed list at the bottom. o Two types of metrics are provided, those that impact MOS Degradation, and all other metrics. o For metrics in the top portion, a visual indicator of health is included with the menu label; metrics at 20% or more of a threshold have a critical indicator (see below); those within 5% but less than 20% have a warning indicator.

•

Change Target Community: Select an Associated community icon in the map and then click this icon to change that community to be the Target. If you determine that one of the Associated communities warrants deeper analysis, you can select one to become the Target. Ensure the Associated Community you want to become the target is actively selected in the conversation pair, then click the Change Target Community icon to change it to the Target. The Conversation View refreshes and displays that community as the Target, along with any other communities found to have conversations with it in the specified duration. Note: Any time this icon is enabled, the currently active Associated Community becomes the new Target. To return to your original Target Community, select it and click the icon again.

•

Toggle between map and table: The specific values for the traffic or problems in the conversation map can be viewed by toggling the map between graphical and table format using this icon. In table view, all of the underlying conversations are

395

nGeniusONE 5.4.1 Online Help Topics displayed, in addition to the top seven. Note that columns in this table cannot be sorted. • Change Sort Order: Use this menu to change the direction and priority of the plotted activity from or to the target. In cases where the metric contributes to MOS Degradation, the menu includes Impact as well as the default Activity options. • Launch Streams View: Click on the word "stream" from the connecting leaders between a community pair. This displays a pick list allowing you to select (all) Conversation Streams; Streams from Target; Streams to Target. The Streams view opens in a new tab. Using the Conversation View Toolbar The following additional actions are available from the Conversation View toolbar above both panes. • Time Shift: For queries of an hour or less, you can change the default time shift of 5 min. Click the "Shift by" menu and select 5, 15, 30 minutes, or 1 Hour. Click the time stamps on left and right side of the time toolbar to move forward and back by that increment. The shift interval varies based on the scope of the original drilldown.

396

•

Launch Streams View: Displays a pick list allowing you to select (all) Conversation Streams; Streams from Target; Streams to Target. The Streams view opens in a new tab.

•

Export displayed results (All, CSV, PDF, RTF): Export All records or the currently displayed data (page) in one of three formats. The All option is exported only to CSV.

•

Display the Session context: Open a dialog displaying the drilldown parameters used to open the view. If the view was opened from Media Monitor, additional data such as Codec is displayed.

TROUBLESHOOTING ISSUES

Using the Details Pane The Details Pane includes a Conversation Chart and tabs with non-interactive representations of underlying data for Target Community and Associated Community selected in the Active Communities Map pane. Note: Changes made to the Primary Metric menu in the left pane of the Conversation view affect the Active Communities Map and the Conversation Chart. The details in tabs below the Conversation Chart are displayed independently of the Conversation View primary metric selection. Selected Conversation Chart This diagram provides separate analysis of the flow between the communities, with the primary metric behavior plotted separately for ingress versus egress. This diagram is a visual tool only, with one exception: You can click on the word "stream" to open the streams menu and display a pick list allowing you to select (all) Conversation Streams; Streams from Target; Streams to Target. The Streams view opens in a new tab. Additional Statistics Tab The metrics in this table are average KPIs (ingress and egress) for all activity relating to the selected Target Community and Associated Community. Note that in cases where the Target and Associated Community are the same, only Target Community is displayed. This broader set of metrics identifies health and performance issues independently of the conversation metrics. Note the following: • All values represent percentages except Average Active Streams and Completed Streams. • Percentage values are based on percentage of that metric occurring in active streams. • Metrics of the "Problems" type are based on % of stream seconds in warning and critical status. • Columns in this table cannot be sorted.

397

nGeniusONE 5.4.1 Online Help Topics

Over Time View Tab The chart plots Average Problems and Average Streams over time for both directions of the conversation (to and from Target and Associated Community). In cases where the conversation is within a community (Target and Associated are the same label), the chart plots the totals. Display the metrics supporting the chart by clicking the chart to table toggle icon

398

.

Note that columns in the table view cannot be sorted.

TROUBLESHOOTING ISSUES

Results Assistant Tab Certain UC views include a tool that provides information about metrics and underlying causes. In the Conversation view, the streams between the selected Target and Associated community are analyzed to identify the metrics with the most cases in which a threshold boundary was crossed. The set of streams in which that metric threshold boundary was crossed is then evaluated to identify whether any thresholds for any other metrics were crossed. The resulting set of problematic metrics and associated percentage of streams is reported in the Results Assistant dialog, with one box for each issue. The problematic metric and threshold are listed along with the direction of the streams, percentage of streams, and additional threshold. To use this feature, select an Associated community with problematic results, then select this icon

to display the Results Assistant dialog. Additional information is available by

clicking the information icon provided on the title bar of each explanation box or by accessing the Reference section.

399

nGeniusONE 5.4.1 Online Help Topics

400

TROUBLESHOOTING ISSUES

Using the UC Streams View The UC Streams view is a detailed list of the first 10,000 media streams matching the context at drilldown from a Conversation View in either Call Search or Media Monitor or directly from Media Monitor. This view is displayed as a tab within the drilldown application (Call Search or Media Monitor). Note that the drilldown to this view is based on a duration of one hour or less; the Conversation view automatically complies with this requirement; however, a warning will display in Media Monitor advising the duration be reduced to an hour or less, if applicable. This view presents a variety of metrics for media streams, in table form. To facilitate navigating the volume of metrics, the Streams view includes toggles to display metrics in sets: Summary, Network, Payload, and General. All of the metrics can be added to any of these views, if desired. Use this section to understand the options available for display, analysis, and drilldown from the Streams view.

Working with the Streams Table The table data are informational (non-interactive) but can be sorted and filtered, and the rows can be selected for drilldown. You can also customize any of the sub-views to include more or less of the default key values and metrics using the Customize Columns icon. Note that key values, such as VLAN, appear in all the sub-views. Changes to metrics are applied to just the active view. Use the Save Settings to set new default key values for all the views and save the current metrics. This icon is applicable once for the whole Streams view, not for individual sub-views. Key Values By default, all the sub-views include these columns: • Status • Start Time • Duration • Src. IP Address • Dest. IP Address

401

nGeniusONE 5.4.1 Online Help Topics • ME Name • Codec Summary View By default, this sub-view includes these metrics: • QoS • IP MOS Degradation • Compression Degradation • Packet Loss • Max. Jitter • Round Trip Delay (ms) • Echo Loss • Voice Level Network View By default, this sub-view includes these metrics: • QoS • Packet Loss • Min. Jitter • Max. Jitter • Avg. Jitter • Max. Consecutive Loss • Avg. Consecutive Loss • Mis-sequenced Packets (%) • QoS Mismatch Payload View By default, this sub-view includes these metrics: • Compression Degradation • Bit Rate • Frame Rate • CQ MOS • Echo Delay • Echo Loss • LQ MOS • Voice Level • SNR (db) General View By default, this sub-view includes these metrics by default: 402

TROUBLESHOOTING ISSUES • Single Direction (One-way) • QoS Mismatch • DTMF Present • Short Call / Long Call For this view, the presence of the above conditions is indicated with an icon, rather than a value. If none are found, a dash is displayed, otherwise an icon this field.

is shown in

• Gaps: Gaps are represented as an icon, to indicate where gaps occurred within the stream. (The minimum the gap threshold is set in the Global Settings>Voice/Video tab.) When no gaps are detected, a dash is displayed in this column. Otherwise, the icon has indicators (white circle) of whether the gap occurred in the beginning, middle, end of the call (or a combination of these) as shown below:

Note that Gaps are not reported unless thresholds are customized. Additional Metrics The following columns/metrics are not displayed by default in any view but can be added with the

1

Customize Columns icon: •

End Time

•

Src. Community

•

VLAN

•

Src. Port

•

Dest. Community

•

SSRC

•

Dest. Port

• •

•

Src Extension

•

IP MOS

Src. Outer IP

1

•

Dest. Extension

•

Min. IP MOS

Dest. Outer IP

1

•

Src User ID

•

Max. IP MOS Deg

•

Dest. User ID

•

Round Trip delay

This value is populated when the traffic is tunneled and tunnel parsing is

enabled on the data source.

Using the Streams View Toolbar The following tools are available from the Streams view toolbar. •

Filter results: Use this to narrow the results by filtering on specific values for each field. Click the Find button when ready to run the query.

•

Reset filter: This icon is enabled only when a filter has been set. Use it to clear the filter options.

403

nGeniusONE 5.4.1 Online Help Topics

•

Customize displayed columns: Use this icon to customize which metrics are displayed in each sub-view. To save the customizations (per user), use the save settings icon described below.

•

Export displayed results (All, CSV, PDF, RTF): Export All records or the currently displayed data (page) in one of three formats. The All option is exported only to CSV.

•

Launch Single Call View: Open a tab with detailed analysis for the selected row.

•

Launch Packet Decode: Open a tab with packet analysis for the selected row. This icon is disabled when the selected row is associated with a UC Lync Collector.

•

Display Results Assistant: Open a dialog with more informati about metrics for the highest percentage of streams that violated either the Warning or Critical threshold (see Using the Results Assistant, below).

•

View Options: You can use this option to toggle display format of values in the view. Note that, by default, certain fields are formatted as per nGeniusONE User Preferences. You can override these settings per view, then save settings if desired. Note that toggling these options causes column titles to change accordingly (e.g., ME Name to ME Alias). The options from this menu are: o Host Description: The values can be toggled between Name, IP Address, or full Name with Domain. If a name-based option is selected and the nGeniusONE server has record of a DNS-resolved name for that address, the name is displayed instead of the IP address. If no name is resolved, the IP address is still displayed. o Monitored Element (Not applicable to Call Search ): This toggle corresponds to the way the appliance is configured in Device Management. From there, an administrator can provide an Alias and a Name, in addition to the device Address. Selecting Alias, Name or Address in the view options dialog changes the column title and, if the administrator provided a value other than IP address for these, the corresponding value is displayed.

•

Save / Reapply / Reset settings : Use this tool to save and reset configurations changes you have made for the current view. Selecting the Save option will save the settings for this view for the current user. To refresh the view with the settings previously saved, use the Reapply option. To revert the settings to the factory defaults, select the Reset option. There is no need to log out or restart the application for the settings to be applied; each new tab uses the modified settings (Reset does not modify the currently active tab.)

•

Display the Session context: Open a dialog displaying the drilldown parameters used to open the view. If the view was opened from Media Monitor, additional data such as Codec, are displayed.

You can also navigate results using the navigation icons in the center of the status bar . For certain views, the results table displays up to 50 results at a time. When more than 50 rows match the query, the Page navigation icons on the upper pane’s status bar are enabled with icons to jump to the start or end, or to a specific page number, and to move forward or backward through the results. The status bar indicates

404

TROUBLESHOOTING ISSUES which set of 50 is currently displayed, along with the total number of records . Note that each time you navigate to a page, the next set of results is mined at that time.

Using the Results Assistant Certain UC views include a tool that provides information about metrics and underlying causes. In the Streams view, select a row with problematic results, then select this icon to display the Results Assistant dialog. The dialog includes a box for any metric that approached an upper or lower threshold limit, a recap of the metric and configured threshold settings, and analysis of that issue. Additional information is available by clicking the information icon provided on the title bar of each explanation box. The Results Assistant for this view displays details only in cases where the metrics exceed a threshold boundary (Acceptable/Warning and Warning/Critical).

405

nGeniusONE 5.4.1 Online Help Topics

Using the UC Single Call View The UC Single Call view provides supplemental information for a selected call, including: • Network Map pane: Diagram illustrating the call’s IP endpoints and paths through instrumentation points, annotated with problematic metrics • Related Streams pane: Overview table of all the streams related to the call • Stream Details pane: Tables of available metrics for the stream selected in the Related Streams pane This tri-pane view is available by drilldown from a Streams View tab (in either Call Search or Media Monitor) or directly from Call Search. This view is displayed as a tab within the drilldown application (Call Search or Media Monitor). The duration of this view is the exact duration of the originally selected call. Note that you can maximize the top two panes by clicking the Maximize icon title bar of the pane. To restore the layout, click the

in the

icon. You can also hide or show

the Details pane using the corresponding icons in the pane title bar

.

Working with the Network Map Pane A network map is anchored by the two endpoints of the call, each annotated with its IP Address, Community name, and User ID. The lines on the map represent the part of the network between an endpoint and the points at which the data source (InfiniStream appliance or UC Lync Collector) is monitoring. The map includes certain devices along the

406

TROUBLESHOOTING ISSUES network path: InfiniStream appliances, SBCs, NATs, and Media Gateways. The icons for these clearly identify the type of device (shown below). The InfiniStream appliance icons are annotated with IP address and monitoring interface. Multi-leg conference calls, supported by correlating records reported from a UC Lync Collector, are depicted in here with a diagram for each leg of the call. These maps appear in collapsible sub-panes within Network Map Pane. Use the +/- icons in the title bar of the sub-panes to expand or collapse them. Note that if an InfiniStream appliance is present in the network, it will also appear in the map. In the example below, Loss and Jitter were reported by an InfiniStream appliance. Note that UC Lync Collectors are not depicted since the metrics they report are displayed on the endpoints of the map.

Note: You can maximize the Network Map Pane by clicking the Maximize icon the title bar of the pane. To restore the layout, click the

in

icon.

Map Components Following is a summary of the items that may appear on a network map: • Devices are indicated as follows: Endpoint1

Analog Gateway

PSTN Gateway

Data Source2

Analog Telephone Adapter

Soft Phone

Session Border Controller

Telepresence Room

Video Conference Unit

407

nGeniusONE 5.4.1 Online Help Topics

NAT device

Voicemail Server

Media Gateway / Bridge

Desktop Phone

Outer IP Address/Tunnel

1

Each diagrammed endpoint includes an IP Address, Community name and User ID Monitoring device (InfiniStream appliance); each diagrammed appliance shows the IP address and interface associated with the appliance

2

• Metrics are indicated on each leg, along with their RAG (red, amber, green) status. Note that if any metric is Critical, the entire call is marked as Critical: Acceptable: Indicates that no metric for the call was in the critical or warning category Warning: Indicates that at least one metric was in the warning category but none were in the critical category Critical: At least one metric for the call was in the critical category • Special events are indicated with an informational icon: Indicates a QoS Mismatch was detected or additional data were provided via RTCP records • Network legs are indicated with directional, dashed lines. • If a call includes both Audio and Video data across all points, then the data for both audio and video are plotted on the same map. In cases where certain points have only one or the other, or if a different device is used as an endpoint for the audio and video, then the audio and video for that call are treated as separate streams. To view them as maps, you must drill down to the Single Call View by selecting the individual streams separately from the previous drilldown point. • If a call includes tunneled data, the outer IP address information (IPv4/IPv6) can be toggled on for display. The availability of outer IP information for the map is indicated by a special icon next to the maximize icon of the map’s title bar. Click the icon to show/hide the outer IP address information on the map. The tunnel and outer IP information are reported as detected by the monitoring InfiniStream appliance. In the first example below, the outer IP addresses for the tunnel are node24.dev.netscout.com and 192.168.23.98.

408

TROUBLESHOOTING ISSUES

The example below illustrates a call with two tunnels. The first tunnel occurs over the first appliance, with addresses of 10.0.0.1 and 10.0.0.5. The second tunnel occurs over the second appliance, with outer IP addresses of 10.0.0.201 and 10.0.0.205.

The example below illustrates two tunnels again, with no tunnel reported by the appliance in the middle of the call flows.

Note: Outer IP addresses are not applicable for data provided from a UC Lync Collector. Map Views The chart can be toggled between a set of views that illustrate different perspectives on the call metrics. For all views other than the Summary view, the metrics are predetermined and the values are displayed regardless of status (Acceptable, Warning, Critical). Following is a description of the views you can toggle by clicking the corresponding options in the Network Map title bar:

409

nGeniusONE 5.4.1 Online Help Topics Summary View This general view, shown by default, displays any metrics that cross threshold boundaries; QoS Mismatch, if detected, will also be reported here. IP Bearer View This view layers the map with the following metrics: Absolute IP MOS, IP MOS Degradation, Round-trip delay, Voice IP, Voice Degradation, Video IP, Video Degradation Loss and Jitter View Specific metrics for Voice and Video Packet Loss and Jitter are displayed in this view. Voice Payload View This view provides a snapshot of key metrics for analyzing Voice payload performance: SNR, Voice Level, Echo Loss, Echo Delay, LQ MOS, and CQ MOS. If the call has no voice metrics, the map will be displayed without metric indicators. Video Payload View Similar to the Voice Payload, this view summarizes key performance metrics for Video: Compression Degradation, Bit rate, and Frame Rate. If the call has no video metrics, the map will be displayed without metric indicators. QoS View This view identifies QoS values, QoS Mismatch results, DSCP (Differentiated Services Code Point) values and indicates changes in DSCP values.

Working with the Related Streams Pane This table lists all the streams related to the call displayed in the map, along with relevant metrics. To simplify the display, the table can be toggled between a set of views with different sets of metrics. You can also customize any of the sub-views to include more or less of the default key values and metrics using the Customize Columns icon. Note that key values, such as VLAN, appear in all the sub-views. Changes to metrics are applied to just the active view. Use the Save Settings to set new default key values for all the views and save the current metrics. This icon is applicable once for the whole Single Call view, not for individual sub-views. Note: You can expand the Related Streams pane by clicking the Maximize icon the title bar of the pane. To restore the layout, click the

icon.

Following is a description of the data displayed in the Related Streams sub-panes: Key Values By default, all the views include these columns: • Status • Start Time • Duration • Src. IP • Dest. IP

410

in

TROUBLESHOOTING ISSUES • ME Name • Codec Summary View In addition to the above key values, the Summary view includes these metrics by default: • QoS • IP MOS Degradation • Compression Degradation • Packet Loss • Max Jitter • Round Trip • Echo Loss • Voice Level Network View By default, this view includes these metrics: • VLAN • SSRC • QoS • Packet Loss • Min. Jitter • Max. Jitter • Avg. Jitter • Max. Consecutive Loss • Avg. Consecutive Loss • Mis-Seq. Packets (Out of Sequence) • QoS Mismatch Payload View By default, this view includes these metrics: • Compression Degradation • Bit Rate • Frame Rate • CQ MOS • Echo Delay • Echo Loss • LQ MOS • Voice Level • SNR 411

nGeniusONE 5.4.1 Online Help Topics General View By default, this sub-view includes these metrics by default: • Single Direction (One-way) • QoS Mismatch • DTMF Present • Short Call / Long Call For this view, the presence of the above conditions is indicated with an icon, rather than a value. If none are found, a dash is displayed, otherwise an icon this field.

is shown in

• Gaps: Gaps are represented as an icon, to indicate where gaps occurred within the stream. (The minimum the gap threshold is set in the Global Settings>Voice/Video tab.) When no gaps are detected, a dash is displayed in this column. Otherwise, the icon has indicators (white circle) of whether the gap occurred in the beginning, middle, end of the call (or a combination of these) as shown below:

Note that Gaps are not reported unless thresholds are customized. Additional Metrics The following columns/metrics are not displayed by default in any view but can be added with the

Customize Columns icon: • End Time • Src. Port • Dest. Port • Src. Outer IP 1 • Dest. Outer IP 1

• Src. Communi ty • Dest. Communi ty • Src Extensio n

• IP MOS • Min. IP MOS • Max. IP MOS Deg • Round Trip delay • Leg Number • Branch ID

• Dest. Extensio n • Src User ID • Dest. User ID 1

This value is populated when the traffic is tunneled and tunnel parsing is

enabled on the data source.

412

TROUBLESHOOTING ISSUES

Using the Related Streams Toolbar Options The following tools are available from the Streams Summary toolbar. •

Filter results: Use this to narrow the results by filtering on specific values for each field. Click the Find button when ready to run the query.

•

Reset filter: This icon is enabled only when a filter has been set. Use it to clear the filter options.

•

Customize displayed columns: Use this icon to customize which metrics are displayed in each sub-view. To save the customizations (per user), use the save settings icon, described below.

•

Export displayed results (All, CSV, PDF, RTF): Export All records or the currently displayed data (page) in one of three formats. The All option is exported only to CSV. In this view, the End Time and Duration are included with the Export All option, since the values are not dynamically generated.

•

Launch Packet Decode: Open a tab with packet analysis for the selected row. This icon is disabled when the selected row is associated with a UC Lync Collector.

•

Display Results Assistant: Open a dialog with more information about metrics for the highest percentage of streams that violated either the Warning or Critical threshold. (see Using the Results Assistant, below).

•

Save / Reapply / Reset settings: Use this tool to save and reset configurations changes you have made for the current view. Selecting the Save option will save the settings for this view for the current user. To revert the settings to the factory defaults, select the Reset option. There is no need to log out or restart the application for the settings to be applied; each new tab uses the modified settings (Reset does not modify the currently active tab).

•

Display the Session context: Open a dialog displaying the drilldown parameters used to open the view. If the view was opened from Media Monitor, additional data such as Codec, are displayed.

You can also navigate results using the navigation icons in the center of the status bar . For certain views, the results table displays up to 50 results at a time. When more than 50 rows match the query, the Page navigation icons on the upper pane’s status bar are enabled with icons to jump to the start or end, or to a specific page number, and to move forward or backward through the results. The status bar indicates which set of 50 is currently displayed, along with the total number of records . Note that each time you navigate to a page, the next set of results are mined at that time.

Working with the Stream Details This tri-pane table provided details for the row selected in the Related Streams table. The table is not customizable but, similar to the Related Streams, additional metrics are provided in sub-views, described below. Note that the Stream Detail views provide some

413

nGeniusONE 5.4.1 Online Help Topics data not available in the other UC views. You can also hide or show the Stream Details pane using the corresponding icons in the pane title bar. Summary View • Src. IP Address

• Start Time

• ME Name

• Src. Port

• End Time

• Probe IP Address

• Dest. IP Address

• Duration

• Dest. Port

• Codec

• Interface Number

• Src. Community

• VLAN

• Dest. Community

• QoS

• SSRC • Branch ID • Leg Number

IP Bearer View • IP MOS

• Max. Jitter

• IP MOS Degradation

• Avg. Jitter

• Min. IP MOS • Max. IP MOS Degradation • Max. IP MOS Degradation Time

• Mis-seq. Packets • Packet Loss • Max. Packet Loss Rate • Max. Consecutive Loss

• Degradation Due to • First Root Cause • Second Root Cause • Round Trip Delay • RTCP Jitter • RTCP Packet Loss

Payload View • Comp Degradation

• Voice Level

• Echo Loss

• Bit Rate

• SNR

• Echo Delay

• Frame rate

• Voice Activity

• CQ MOS

• Total Frames

• LQ MOS

• I Frames

Using the Results Assistant This feature is available from the Conversation View, Streams View, and Single Call View. It provides interpretative details for the metrics displayed in the active view. From the Single Call View’s Related Streams table, select a row with problematic results, then select this icon to display the Results Assistant dialog. The dialog includes a box for any metric that approached an upper or lower threshold limit, a recap of the metric and configured threshold settings, and analysis of that issue. Additional information is available by clicking the information icon provided on the title bar of each explanation box. The Results Assistant for this view displays details only in cases where the metrics exceed a threshold boundary (Acceptable/Warning and Warning/Critical). Additional details for guidance offered by the Results Assistant is provided in the Reference section, also available as a link from the information icon displayed next to the metric explanation. 414

TROUBLESHOOTING ISSUES

415

nGeniusONE 5.4.1 Online Help Topics

Working with the UC Media Monitor The Media Monitor automatically replaces the RTP Monitor in the nGeniusONE Service Monitor collection when the nGeniusONE server is configured with a UC Server license. (RTP Monitor is still available in the Universal Monitor, but the default Service Monitor collection is Media Monitor as are the drilldowns from other modules such as the Dashboard.) The Media Monitor adds support for MPEG2-TS and MSB analysis, expands the available metrics, and provides payload analysis details. It is unique from other Service Monitors in the drilldown options which include the UC Streams View and UC Conversation View. These tabs open within the Media Monitor.

The Media Monitor can be accessed from the Service Monitor icon of the nGeniusONE Dock, by drilldown from Call Search, from the Unified Communications Dashboard, from applicable queries in the Search & Discover tool, or from the Discover My Network Media view of the Discover My Network module. Accessing this monitor from the Service Monitor dock icon displays a standard Monitor Home tab that allows users to select a specific Service and a Monitored Element or Network Domain to query. From there, a Summary tab is displayed with a default window of one hour. When the Media Monitor is opened from Call Search or the Dashboard drilldown, the Home tab is bypassed and a Summary tab is opened with the context from the drilldown application. Call Search drilldown duration includes one hour from the start time of the call. Dashboard drilldowns are based on the duration of the dashboard itself.

416

TROUBLESHOOTING ISSUES Other than the UC drilldown options, the monitor functions the same as all other nGeniusONE Service Monitors. General usage for those is described in Working with Service Monitors. The sections below describe the features unique to this monitor.

Metrics The following metrics are available in Media Monitor (bolded items are visible by default): Streams • Average Active (standard in RTP Monitor) • Completed (standard in RTP Monitor) • The following are all based on a percentage of completed streams. o

QoS Mismatch (%)1

o

Single Direction (%) (One-way)1

o

Long Calls (%)

o

DTMF (%)

o

Short Calls (%)

o

Gaps (%)4

The following metrics are all based on the percentage of time spent in the indicated problem state over all active streams. The problematic condition is indicated when the metric falls in the Warning/Critical bucket as per threshold settings as defined in the nGeniusONE>Global Settings>Voice/Video tab. MOS Problems • Degradation (%)2 • Compression (%)1 • Absolute (%) (standard in RTP Monitor)2 Network Impairment Problems • Packet Loss (%) (standard in RTP Monitor) • Jitter (%) (standard in RTP Monitor)3 • IP Delay (%) • OoS (Out of Sequence) Packets (%) Payload Problems • Echo (%)1 • Level (%) • SNR (%) The following apply to the indicated metrics when the selected row is based on UC Lync Collector reports: 1 The UC Lync Collector does not report these metrics. 2 The UC Lync Collector does not report these for video. 3 Note that the Jitter reported in Lync-based data differs from Jitter calculated by NetScout, which can lead to inconsistent measurements for a single call. 4 Note that Gaps are not reported unless thresholds are customized.

417

nGeniusONE 5.4.1 Online Help Topics

Table Toolbar Options In addition to the standard Monitor toolbar options, the Media Monitor includes the following icons: •

Conversation View: This icon is active when the Community column is enabled from the Key Options dialog (use the options icon to display the dialog ). Select the Conversation View icon to display a tab with the context of the row selected in the Summary table. Note that Conversation Views are not supported when the selected row is derived from UC Lync Collector reports.

•

Streams View: Select this icon to display a tab with the context of the row selected in the Summary table. Up to 2,000 streams are queried to match the selection. Note that from Conversation View, drilldown to Streams View offers the option of specifying whether to display all Conversation Streams, Streams to Target, or Streams from Target. Drilldown from Media Monitor instead uses the value of the View Mode toggle

to determine this:

o Community as Source: In the monitor, this displays results associated with outbound traffic to the community displayed in the Source Community column. Drilldown to Streams view matches Streams to Target. o Community as Destination: In the monitor, this displays results based on inbound traffic to the community displayed in the Destination Community column. Drilldown to Streams view matches Streams from Target. o Community as Source and Destination: In the monitor, this displays results based on both directions in a column labeled Community. Drilldown to Streams view matches Conversation streams.

Chart Types and Options These charts operate functionally the same as all Service Monitor charts. However, the chart parameters differ from RTP Monitor, since additional metrics and payload analysis are available. The default charts for Media Monitor are: • Stream Counters Over Time • Packet Loss Network Impairment Problems Over Time: • Degradation MOS Over Time • Level Payload Problems Over Time Chart actions include: •

: Use the metrics icon to toggle the chart to alternate metrics (Stream Counters chart is fixed): o o

418

Degradation MOS Absolute MOS

TROUBLESHOOTING ISSUES o

Compression

o

Jitter IP Bearer

o

Payload Level

o

Payload SNR

o

Packet Loss IP Bearer Problems

o

IP Delay IP Bearer

o

Payload Echo

•

: Toggle the chart to display underlying data by clicking the toggle table view icon.

•

: For time durations exceeding one hour, use this icon to open a drilldown tab to a one hour duration.

•

: Select this icon to display a Conversation View tab with the metric from the table as context. The duration of the overall tab is used, rather than a selected bar, as durations less than an hour are not applicable for Conversation views. Note that Conversation views are not applicable when the drilldown data is based on information derived from a UC Lync Collector.

•

: Select this icon to display Streams view tab with the current context. Optionally, select a bar with problematic results to limit context duration to five minutes. When no bar is selected, the time context is the same as that of the overall tab. When a bar is selected, the metric and five minute period are used as a context for drilldown to the Streams view.

The following conditions apply when the charts are plotted from a row based on UC Lync Collector reports. • Drilldown to Conversation view is not supported. • The following charts are not available, since the data are not present in the reports: o

o

Compression Payload Echo

• The Stream Counters chart does not include the following metrics, since the data are not present in the reports: o

Avg. Active

o

Single Direction

o

QoS Mismatch

419

nGeniusONE 5.4.1 Online Help Topics

REFERENCE: UNIFIED COMMUNICATIONS The topics in this section include an overview of voice and video transmission over IP and, where relevant, troubleshooting tips and additional information. Note that the UC Server Results Assistant, available from the Streams View, Single Call View, and Conversation View, provides links to specific content in this reference to aid with understanding root cause for selected results. • Introduction to Voice and Video over IP o

Voice and Video Over IP Basics

o

Video Transmission Basics

o

Decibels

o

Voice Coding

o

Introduction to MOS

• Voice Quality Metrics o

Voice IP MOS

o

Listening Quality MOS

o

Voice Level

o

Echo Loss

o

Packet Loss

o

Out of Sequence Packets

o

Voice IP MOS Degradation

o

Conversation Quality MOS

o

Signal to Noise Ratio

o

Delay

o

Jitter

• Video Metrics o

Video IP MOS

o

Video Degradation

o

Jitter

o

Video IP MOS Degradation

o

Packet Loss

o

Out of Sequence Packets

• Additional Metrics

420

o

Active Streams (Average)

o

DTMF

o

Long Calls

o

Short Count

o

Completed Streams

o

Gaps

o

QoS Mismatch

o

Single Direction

TROUBLESHOOTING ISSUES • IP Transmission Problems o o

Basic Troubleshooting IP Root-cause Analysis

421

nGeniusONE 5.4.1 Online Help Topics

Introduction to Voice and Video over IP Introduction to Voice and Video over IP The topics in this section provide an introduction to voice and video over IP, basic information on voice and video encoding, an overview of MOS (mean opinion scores) and an overview of the role decibels have in voice and video performance analysis. • Voice and Video Over IP Basics • Voice Coding • Video Transmission Basics • Introduction to MOS • Decibels Voice and Video Over IP Basics A key objective in providing a voice or video communications service is the delivery of excellent quality to the end-user. This includes many considerations such as minimizing any audible or visible distortions introduced by media compression algorithms, managing factors such as voice level, noise level and echo within acceptable limits, and minimizing the delay of conversational services such as voice over IP (VoIP) and audio-visual conferencing. In the following sections, we describe the basics of voice and video over IP transmission and introduce some of the design considerations that go into a successful service. Edge-devices The term "edge-device" is often used to describe IP media clients or gateways at the edge of the IP network. IP media clients are typically either hard-clients or soft-clients. Hard-clients are dedicated hardware devices with an integrated network port; soft-clients are software applications that use the host computer’s network and audio-visual capabilities. In the case of a softclient, the microphone, speakers and camera may be fully integrated into the computer, completely external or use an external all-in-one device such as a USB phone. Gateways provide access to external networks. Where a call needs to continue beyond one IP network to reach its destination, either a Gateway or IP peering point is used. Gateways receive and decode the outgoing packets before passing them on to an external network, typically a non-IP network such as a cellular network or the public switched telephone network (PSTN). Gateways also reencode the signals received from the external network and transmit them over the IP network. IP peering points connect two networks that each carry voice or video over IP traffic. In these situations, decoding and re-encoding may not necessary, provided that both networks support the same codecs. Calls from beyond a peering point are termed "peering calls". In general, edge-devices provide the following functions: • Inbound voice and/or video signal capture • Media encoding (compression) to reduce the bit-rate of the outbound stream

422

TROUBLESHOOTING ISSUES • Packetization of the compressed voice or video signal • Transmission of the outbound packets • Reception of inbound packets • Packet buffering to remove the effects of jitter • Media decoding (decompression) • Playout of the decoded voice and/or video signal These functions are described in one of the following sections, along with aspects of the IP networks over which voice and video IP calls are carried. Packet Transmission Input Signal In a media client, the input signal is most likely to come from a microphone or camera. In a gateway, the input signal typically comes from another network, e.g., a cellular network or the PSTN. Media Encoding Edge-devices encode the input voice or video signal so that it can be transmitted more efficiently over the network. This process is often called compression because it reduces the bandwidth of the signal. The encoded signal will later require decoding, and encoders and decoders come in matched pairs known as codecs (COder - DECoder). There are a variety of media codecs available for use in voice and video over IP systems, all with their own advantages and disadvantages. However, it is important to understand that virtually all voice and video codecs introduce a degree of perceptible distortion and that multiple stages of encoding and decoding can introduce unexpectedly large amounts of distortion. This can be particularly true of lower bit-rate voice codecs such as G.729. In the case of a gateway, the input signal may already be encoded, for example using the G.711 voice codec, and further encoding may not be necessary; however, the signal may be transcoded to a different coding scheme if one of the networks has different bandwidth constraints from the other. Packetization After encoding, the media signal must be placed into packets for transmission over the IP network. This process is known as packetization. The duration of a voice signal that is put into each packet is a trade-off between bandwidth efficiency and transmission delay. Larger packets reduce the overhead of the IP/UDP/RTP and Ethernet headers, but increase the delay before the packet can be sent (the packetization delay). The packet length must be a multiple of the frame length of the voice codec; for example G.729 has a frame length of 10ms whereas G.723.1 has a frame length of 30ms. In practice, voice packets are typically 20 – 30ms in duration, although carrier voice grade networks typically use G.711 encoding with a 10ms packet duration. The components that make up the header of a typical voice packet are shown in the diagram below, illustrating that the IP header is much larger than the 10ms G.729 payload.

423

nGeniusONE 5.4.1 Online Help Topics

For a Gigabit Ethernet link, there is also the Ethernet header (176 bits), Ethernet checksum (32 bits) and Inter-frame gap (96 bits) to consider, which are not included in the above diagram. In the case of video signals, video frames often exceed the maximum transmission unit (MTU) size allowed for an IP packet, which is typically 1500 bytes, and hence the frames are split across multiple packets. This is particularly likely in higher bit-rate video systems. IP Network Considerations Bulk Delay and Jitter Once packetized, media packets must be transmitted over the IP network. In general, packets are sent at a regular interval equal to the frame duration. Ideally, all of the packets corresponding to a particular voice or video frame should arrive at the receiving edge-device after a short, constant delay. In practice, however, media packets are carried over multiple links before they arrive at the far edge-device and encounter a number of network elements, such as routers and switches, which delay their progress across the IP network. The exact delay experienced by a packet at a network element depends on the other traffic passing through the network. The overall transmission delay experienced by media packets may be considered to consist of two parts: the bulk delay and jitter. The bulk delay is the average time that a packet takes to travel from the sending edge-device to the receiving edge-device and can be used to calculate an expected arrival time for each media packet. Jitter is the difference between a packet’s expected arrival time and its actual arrival time. For example, imagine a voice over IP system sending packets every 20ms. The first three packets arrive at the receiving edge device 100, 95 and 105ms after they were sent respectively. The bulk delay is 100ms (the average of the three packet transmission) times and the jitter is +/-5ms (the variation in transmission time). Both bulk delay and jitter contribute to the overall delay of a voice or video over IP service. Minimizing this delay is important in conversational services where very long delays can make natural and effective conversation difficult. Packet Loss Packets loss generally occurs when a packet is discarded because it has arrived at a switch or router that has a full input buffer. The user datagram protocol (UDP) transmission protocol used in most conversational voice and video services does not retransmit lost packets because the delay incurred would be too long. Packets may also be discarded by an edge-device if they arrive too late to be played out. Managing IP Network Performance In order to achieve good voice and video quality, an IP network carrying media packets should exhibit the following characteristics: • Low packet loss

424

TROUBLESHOOTING ISSUES • Low jitter • Low bulk delay Two common strategies for achieving these objectives are to over-provision the network or employ some form of service-based delivery policy. The first of these strategies involves allowing the network to treat all packets as equal priority and ensuring that the network is designed to cope with the peak demand of all types of traffic. Such a network can be very expensive to deploy. The second strategy involves using a network architecture that treats some packets with higher priority than others. Such an approach is often referred to as "enabling QoS" (Quality of Service). A common QoS delivery architecture is DiffServ, or differentiated services, whereby packets are labeled according to the level of service they require and routers prioritize the delivery of packets from services requiring low delay. QoS can be common source of problems in voice and video over IP systems, for example if the QoS labeling is incorrectly configured or if a particular switch or router changes or removes the QoS packet markings. Packet Reception The following diagram shows the architecture of the receive side of a typical edge-device.

Jitter Buffer Edge-devices employ a jitter buffer to enable packets to be played out without interruption. The main purpose of the jitter buffer is to try to ensure that the next packet in sequence is available to be decoded immediately after the preceding packet has been decoded and played out. Jitter buffers are also used to re-order packets that arrive out of sequence. Jitter buffers inherently introduce delay into a media transmission and can be either fixedlength or adaptive. Fixed length jitter buffers essentially apply a fixed delay to the first packet received and thus introduce a fixed amount of additional delay. Adaptive jitter buffers minimize the amount of delay introduced by adapting their length to the prevailing network conditions. For example, the jitter buffer size is small when packets arrive with little jitter, but increases in the presence of greater jitter or out-of-sequence packets. If a packet arrives outside the window of the jitter buffer, it is discarded. While a long jitter buffer allows the edge-device to compensate for a large amount of jitter, it also increases the delay between the talker speaking a word and the listener hearing that word. Increased delay makes it more difficult to have a conversation, which is reflected in the CQ MOS voice metric. Unidirectional video systems can use very large jitter buffers because there is no conversation between the two ends of the link. Decoding and Packet Loss Concealment Once received, media packets are decoded by the decoder part of the codec. Packet loss concealment (PLC) algorithms are designed to minimize the noticeable effects of lost or discarded packets on the decoded media quality. Such algorithms may be an integrated part of the decoder or applied separately on the decoded signal.

425

nGeniusONE 5.4.1 Online Help Topics Finally, the decoded media signal is played out to the receiving party or sent on to another network, depending on whether the edge-device is a media client or gateway. Voice Coding The primary task of a voice codec is to reduce the amount of data transmitted between the encoder and decoder. Voice codecs can vary in a number of ways, including: • The voice quality under ideal transmission conditions • Operating bit-rate range • The delay introduced due to buffering and processing • Error resilience and error concealment capabilities • Processing and memory requirements • Licensing cost Another important factor when considering voice codec performance is the ability of the codec to handle a wide range of input signals. For example, some voice codecs provide good performance in the presence of a low-noise, high quality input signal, but their performance degrades considerably if the input signal is noisy or has been previously compressed by another voice codec. There are many codecs that are suitable for use in voice over IP systems. Most enterprise and carrier-grade systems use a codec that has been standardized by an international standardization organization such as the ITU-T, MPEG or 3GPP/3GGP2; however, there are also a number of voice over IP systems that use proprietary voice codecs. The following table lists the main characteristics of some common codecs.

426

Voice codec

Bit rate Frame (kbit/s) size

Audio Coding bandwidth technology

Linear PCM

128

0.125ms 4 kHz

PCM

G.711

64

0.125ms 4 kHz

Nonuniform PCM

G.726

32

0.125ms 4 kHz

ADPCM

AMR-NB

4-75 12.2

20ms

4 kHz

ACELP

G.729

8

10ms

4 kHz

ACELP

G.723.1

5.3/6.3

30ms

4 kHz

ACELP/MPMLQ

G.722

64

0.125 ms

8 kHz

ADPCM

G.722.1

24 - 32

20ms

8 kHz

MLT

G.722.2/AMR-WB

6.6 – 23.85

20ms

8 kHz

ACELP

TROUBLESHOOTING ISSUES Video Transmission Basics In common with a voice codec, the primary task of a video codec is to reduce the amount of data transmitted between the encoder and decoder. Video codecs can vary in a number of ways, including: • Frame types used (typically I, P and B frames) • The video quality under ideal transmission conditions as a function of bit-rate • Error resilience and error concealment capabilities • Processing requirements • Licensing cost • The following factors have a large impact on the quality of an encoded video: • Frame rate • Frame resolution • Bit rate The quality resulting from many codecs is also highly dependent on the degree of motion – some codecs are much better at coding high speed action scenes whereas others are more suited to talking-head applications. Some of the main factors relating to video coding are described in more detail in the following sections. Some of the most popular video codecs are then listed. Frame Rate Video clips are made up of many images, which, when played very quickly one after another, give the impression of continuous motion. Each of these images is referred to as a frame, and the term "frame rate" describes how frequently the picture is updated. Television signals broadcast in the USA and in Japan using NTSC have a frame rate of 29.97 frames per second. Broadcasts in Europe using PAL have 25 frames per second. These frame rates allow most motion to appear relatively uninterrupted. In order to save bandwidth, video conferencing systems may use a lower frame rate (such as 15 frames per second) and therefore when there is motion, the viewer may see significant changes from one frame to the next and the video may appear as a series of snapshots rather than looking smooth and continuous. Frame Resolution The frame resolution refers to the number of pixels in each image. The following table shows the resolution of a number of popular video formats. Format

Width x Height in pixels

HDTV 1080

1920 x 1080

HDTV 720

1280 x 720

NTSC

720 x 486 or 720 x 480

PAL

720 x 576

427

nGeniusONE 5.4.1 Online Help Topics

SIF

352 x 240 or 352 x 288

VGA

640 x 480

CIF

352 x 288 or 352 x 243

QVGA

320 x 240

QCIF

176 x 144

For the last two formats, the leading "Q" in their names indicates that the frame resolution is one quarter of the corresponding non-Q format. Many video players allow videos in one format to be shown on a display with a different format. If the display resolution is higher than that of the video signal, this can lead to pixilation whereby the viewer can see that the picture is made up of a number of squares, as demonstrated by these images: QCIF image

428

TROUBLESHOOTING ISSUES QCIF image expanded to sixteen times its original size

I, P and B Frames As many consecutive frames in a video stream are often very similar, codecs make use of this redundancy by not always transmitting frames independently. Coded video streams typically consist of the following different frame types: • Intra-coded frames (I frames) • Predictive-coded frames (P frames) • Bidirectionally-predictive-coded frames (B frames) I frames are coded as single frames and are not dependent on any other frames. P frames are coded with reference to past frames. B frames are coded with reference to past and/or future frames. Transmission errors affecting I frames are likely to have a greater effect on the video quality than those affecting P or B frames because I frames contain information on which the other types of frames are dependent.

429

nGeniusONE 5.4.1 Online Help Topics Degradations Seen in Videos A number of degradations can be observed in video sequences. These can be due to encoding or transmission problems. This section describes some commonly observed degradation. Blockiness Blockiness (also known as block distortion or blocking) is characterized by the appearance of an underlying block structure in the image. Blockiness generally appears when a high data compression ratio is used to transmit a video signal over a low bandwidth. It can be especially pronounced for signals with a high level of motion. Images containing blockiness are shown below. Original

Blocky

Blurriness Blurriness is also mainly caused when a high data compression ratio is used. Some video encoders intentionally blur contents prior to encoding, while some video decoders smooth the image during playback if transmission problems have been encountered. Images containing blurriness are shown below.

430

TROUBLESHOOTING ISSUES

Original

Blurry

Distortions Due to Transmission Errors The perceptual impact of transmission impairments such as packet loss or bit errors depends on a number of factors. The visual impact of the transmission error depends on the type of frame that is corrupted, i.e., I, P or B and the effectiveness of the error concealment, which in turn depends on the codec implementation. The video content also affects the extent of the degradation and how visible the degradation is. Below are snapshots taken from the same video sequence, i.e., same content encoded with same codec, same frame rate and bit rate. The first snapshot shows a video that did not suffer from transmission errors, only coding impairments (resulting in blockiness and blurriness). The second and third videos have both suffered from 1% packet loss, but with different burst characteristics. As can be seen, the same average level of packet loss can cause quite different types of visual degradations. The second snapshot shows the effect of transmission errors that hardly had any further impact on the video quality. On the other hand, the third snapshot shows transmission errors that have caused heavy image distortions. This example shows that similar levels of transmission error can result in different quality. This phenomenon is taken into account by the edge-device calibration used in UC Server software.

431

nGeniusONE 5.4.1 Online Help Topics

No packet loss

1% packet loss (pattern A)

1% packet loss (pattern B)

Jerkiness Jerkiness (or jerky motion) is motion perceived as a series of distinct "snapshots", rather than smooth and continuous motion. It is commonly observed in video-telephony or videoconferencing applications and other low-bit rate video systems. When transmitting video data over low-bandwidth networks, encoding bit rates must be lowered by reducing the amount of information to transmit. As a consequence, the frame rate of the delivered video may be reduced. Jerkiness is the result of skipping video frames to reduce the amount of video information that the system is required to transmit or process per unit of time. Lack of motion smoothness can be due to frames dropped by the encoder or decoder, and repeated frames. Video Codecs There are a number of codecs that have been standardized by organizations such as the International Telecommunications Union (ITU) and the ISO/IEC Moving Pictures Expert Group (MPEG), and there are also some video systems that use proprietary codecs. The following table lists a number of popular video codecs and provides some information about their applications and relative quality.

432

Codec

Information

ITU-T H.261

Primarily used in older video conferencing systems

ITU-T H.263

Primarily used in older video conferencing systems

ITU-T H.263+ and H.263++

Used in 3G mobile video communication

ITU-T H.264 / MPEG-4 Part 10 AVC

Primarily used in newer systems for various applications including video conferencing, HD video or mobile transmissions

MPEG-1 Video

Mainly used to digitize VHS

ITU-T H.262 / MPEG-2 Video

Digital television

TROUBLESHOOTING ISSUES

MPEG-4 Part 2 Visual

Used in 3G mobile video communication

VC-1

Based on Microsoft's WMV9

WMV

Microsoft's family of video codecs

RealVideo

A popular codec for web and mobile video streaming

Introduction to MOS A mean opinion score (MOS) is used to give a numerical indication of the perceived quality of a voice or video signal. All of the MOS values reported by UC Server software are reported on the following scale: MOS

Quality

5

Excellent

4

Good

3

Fair

2

Poor

1

Bad

Mean Opinion Scores can be divided into two categories: • Subjective MOS - these are derived from the opinions of people • Objective MOS - these are produced by mathematical models of human perception Both of these categories can be further divided into another two categories: • Listening / viewing quality • Conversational quality Subjective MOS A subjective listening / viewing quality MOS value is generated by averaging the opinions given by a number of people when they are asked to rate the quality of a number of degraded media clips produced by transmitting an undegraded media clip through a transmission system. There are many methods for running subjective tests. The most commonly used involve asking a directed question, such as "What was the quality of the voice signal?" and providing a limited set of possible responses for the user to choose from (e.g., Excellent, Good, Fair, Poor or Bad). In the case of voice experiments, such listening quality tests are called Absolute Category Rating Listening Quality (ACR-LQ) tests. The opinions of a given

433

nGeniusONE 5.4.1 Online Help Topics condition from the different people are then translated into a numeric value (Excellent = 5, Bad = 1) and averaged to generate a mean opinion score, or MOS. Subjective conversational quality MOS values are generated by asking a number of pairs of people to converse over a single communications medium. As with listening / viewing quality tests, there are many methods for running conversational quality tests. Again, the most commonly used involve asking a directed question, such as "What is your opinion of the connection you have just been using?" and providing a limited set of possible responses for the user to choose from. These produce results on the "Conversation opinion scale". The votes from the people at one end of the communications medium are translated into numeric values and averaged to produce a single Conversational MOS for that end of the connection. One important factor that affects people's subjective opinion when asked about quality is the context in which they are asked. For example, if a user normally converses over a narrowband telephone system, and is asked to rate the quality of a noise-free narrowband (300-3400Hz) signal that has been encoded and decoded using a good codec, without introducing any transmission errors, he or she is likely to rate it as either good or excellent. However, if the user normally uses a wideband (50-7000Hz) telephone system, and is asked to rate the quality of the same signal, his or her opinion is likely to be lower; perhaps only fair. For this reason, prior to conducting a subjective experiment, subjects are presented with a number of preliminary conditions that demonstrate the range of conditions that they will hear / view during the experiment. The results from these preliminary conditions are discarded for data analysis. The following table shows three different experiment scenarios and the context of the resulting MOS values in the case of a voice quality assessment experiment. Conditions

MOS context

Narrowband only

Narrowband (300-3400Hz)

Wideband only

Wideband (50-7000Hz)

Narrowband and wideband

Wideband (50-7000Hz)

Similarly for a video quality assessment experiment, participants are shown a few preliminary conditions with video clips at the same resolution as the ones used in the main part of the experiment and exhibiting the range of visual distortions that can be expected during the experiment. In addition to the time and cost required to run a subjective experiment, another problem with subjective experiments is that the absolute MOS values obtained for any given condition is influenced by a number of factors other than the condition itself. The effect of bandwidth context has already been described above, but there are many other factors that can influence absolute MOS values. These include the overall content of the experiment, i.e., does the experiment mainly include high-quality conditions or poorquality conditions, cultural differences between subjects, and the exposure of the subjects to different technologies in everyday life. This means that it is not generally possible to directly compare MOS values from different subjective experiments. The problems of time, cost and repeatability are addressed by objective models. 434

TROUBLESHOOTING ISSUES Objective MOS Objective models aim to accurately predict these subjective Mean Opinion Scores, and it is these models that are used within UC Server software. The models that are used to generate the Video IP MOS, Voice IP MOS and LQ MOS use mathematical models of human perception to predict the results of ACR-LQ tests. The model that is used to generate the CQ MOS predicts the results on the "Conversation opinion scale." Many of these models have context switches so that they can produce MOS values in the appropriate context. By default the MOS values shown match the context of the codec (e.g. narrowband for G.729 and wideband for G.722). However, where a wideband MOS has been generated for a narrowband codec the "WB" is appended to the MOS value. Decibels There are many variants of the decibel (dB), which can make it difficult to understand. In general, the decibel is a logarithmic unit that expresses the magnitude of one quantity relative to another quantity, typically a reference. This section describes the variants of decibel used in UC Server software. The formula used to represent a power measurement, Pm, relative to a reference power, Pr, in dB is: PdB = 10 log10(Pm / Pr) When expressing amplitude in dB it is normal to square the amplitude measurement first because the power of a signal is typically related to the square of its amplitude. Hence the level of a signal with measured amplitude Am relative to a reference level Ar is: PdB = 10 log10(Am2 / Ar2) or PdB = 20 log10(Am2 / Ar2) Voice and Noise Levels in dB In UC Server software, the digital overload point is used as the reference level, to which all other levels are related. This is a variant of the decibel known as dBov. The "ov" stands for overload. The digital overload point is the maximum absolute value a sample can take, so the loudest possible signal would have Am and Ar equal in the above formula, which would mean that the dBov value would equal 20 log(1), which is zero. Any quieter signal would have a lower, i.e., negative level. An algorithm inside UC Server software categorizes the samples of the signal as voice or noise and calculates the average level over the voice samples. This is reported as the voice level. Similarly, the average level over all the noise samples is reported as the noise level. The following diagram shows how the overload point, signal peak, voice level and noise level relate to the amplitude of the top half of the signal.

435

nGeniusONE 5.4.1 Online Help Topics

Traditionally -26dBov was regarded as the ideal voice level because it is almost guaranteed to avoid amplitude clipping of the voice signal. In many situations, however, higher levels have been found to provide better performance, particularly in cellular (mobile), and voice levels above -20dBov are now commonplace. When using decibels for level measurements, a 6dBov drop equates to the volume halving. You may be familiar with dBm0, which is defined relative to relative to 1mW in a 600Ω network instead of relative to the digital overload point. You can convert between the two using the formula: dBov = ( dBm0 – 6.15 ). Echo Loss and Signal to Noise Ratio in dB Echo Loss and Signal to Noise Ratio relate one signal with another, rather than with a fixed reference point (such as that used in dBov). In these cases, the original reference point is irrelevant and the result is therefore reported as a dB value. If the two levels have already been calculated in the form of decibel (i.e., a logarithmic unit), one level is simply subtracted from another to give the ratio. The Echo Loss is the ratio of the level of the echo to the level of the original voice that caused it, i.e., it indicates the loss of the echo path - the smaller the Echo loss figure, the louder the echo. If the original voice is at -20dBov and the echo is at -55dBov, the echo loss is -20dBov minus -55dBov, i.e., 35dB. The Signal to Noise Ratio (SNR) reported in UC Server software is the ratio of the Voice Level to the Noise Level. If the voice is at -25dBov and the noise is at -65dBov, the SNR is -25dBov - -65dBov, i.e., 40dB.

436

TROUBLESHOOTING ISSUES

Voice Quality Metrics Use the information in these topics to better understand the key metrics used to determine voice performance. • Voice IP MOS • Voice IP MOS Degradation • Listening Quality MOS • Conversation Quality MOS • Voice Level • Signal to Noise Ratio • Echo Loss • Delay • Packet Loss • Jitter • Out of Sequence Voice IP MOS Voice IP MOS (Mean Opinion Score) is a measure of voice quality and reflects distortions due to voice coding and IP transmission errors up to the monitoring point. The IP payload is not taken into account, but instead a well-conditioned voice signal is assumed when determining the impact of IP impairments on the listening quality perceived by the enduser. Codec, packet loss, jitter, edge-devices and payload size are considered when measuring Voice IP MOS. Troubleshooting Tips Possible reasons for low Voice IP MOS include • Multiple users with very high concurrent data consumption • High data network usage such as streaming audio or video • Mis-configuration of network elements reducing throughput and causing links to intermittently disconnect • Mis-configuration of routers causing voice packets to be de-prioritized and packet loss due to high volume of traffic • Route flapping, load sharing or diverse core routing • Low bandwidth connection at network extremities • Mis-configuration of port settings See the section on "IP Transmission Problems" for further information. More Information In order to use the Voice IP MOS, it is important that you understand some background information.

437

nGeniusONE 5.4.1 Online Help Topics If you are not already familiar with voice signals, audio bandwidth, sample rates, encoding, packetization, transmission, reception, jitter buffers, decoding and gateways and how these terms relate to voice over IP, review the sections on "Voice and Video Over IP Basics" and "Voice Coding". If you are not already familiar with Mean Opinion Score (MOS) terminology, the difference between subjective and Objective MOS values and the difference between listening-quality and conversational-quality MOS values, read the "Introduction to MOS". The Voice IP MOS takes the following factors into account: • Voice codec being used (e.g., on a "perfect network" a stream using the G.711 codec provides a higher quality than a stream using the G.729 codec) • Detailed packet loss characteristics • Detailed jitter (packet delay variation) characteristics • Characteristics of the edge-device and its behavior in the presence of IP impairments • Payload size (e.g., 20ms) However, the following factors are not taken into account: • The state of the voice payload (e.g., whether there is distortion, noise or echo present prior to encoding) • One-way or round-trip delay • Any IP impairments occurring after the monitoring point Voice payload and delay impairments can be taken into account by other measurements: • LQ MOS is a measure of the payload quality • CQ MOS is a measure of conversational impairments (e.g., echo, delay and levels) The software that generates the Voice IP MOS correlates distortions measured on a packet network, such as packet loss and jitter, with the subjective annoyance of that distortion. It does this by having been previously "calibrated" for the receiving edge-device (e.g., a particular VoIP phone, or gateway) by measuring the quality produced over a very large number of test calls. As the Voice IP MOS is purely concerned with one way listening quality and as it is generated by an objective algorithm, rather than people providing their subjective opinion, it is more completely described as a MOS-LQO. Factors that affect the Voice IP MOS are described below. Packet Loss Packet loss occurs when packets fail to reach their destination. Packet loss can be caused by oversaturated networks, faulty hardware and packet prioritization techniques. Many edge-devices use concealment techniques to conceal the effects of packet loss. The effect of packet loss on the Voice IP MOS depends on the edge-device and its configuration. In general, if packet loss concealment is in place, packet loss of less than 1% is barely audible. With good packet loss concealment and depending on the pattern of the lost packets, it can still be possible to understand what is being said over a network with more than 25% packet loss. However, in this situation, the voice is badly distorted and understanding may take considerable effort. Jitter Jitter is caused by variations in the delay experienced by packets passing through the network. If packets arrive too early or too late then they may be discarded by the jitter

438

TROUBLESHOOTING ISSUES buffer and considered to be lost by the codec. Many different types of jitter metric exist, but the values reported by UC Server software use packet-to-packet delay variation where a positive jitter value indicates the packet was later than expected, a negative jitter value indicates the packet was earlier than expected, and a value of zero is the ideal case of no delay variation between packets. The maximum and minimum jitter values are reported along with the mean absolute jitter. The effect of jitter on the Voice IP MOS is dependent on the edge-device and its configuration, in particular the behavior of the jitter buffer. Edge-devices As described previously, different edge-devices employ different codecs and different techniques for error concealment. The algorithm that is used to generate the Voice IP MOS measures the effects of network impairments in terms of the jitter and packet loss. In order to predict how this affects the voice quality the algorithm uses knowledge of how the receiving edge-device in the configuration in use will respond to the measured jitter and packet loss. Payload Sizes The payload size only affects Voice IP MOS when transmission problems occur. Although most modern edge-devices have sophisticated error concealment technology, it is always easier to conceal the loss of a shorter packet than the loss of a longer packet; however, it is not always desirable to use smaller packets because as the payload size decreases, the proportion of the overall packet size taken up by the packet header increases. Voice IP MOS Degradation Voice IP MOS, as described above, provides a measure of the voice quality taking account of voice coding and IP transmission errors. Because it takes the voice coding into account this can vary even when the IP transmission is perfect, due to different voice codecs being used (e.g. G.711 and G.729 provide different quality levels). In some cases it is useful to understand the impact of the IP network on quality and ignore the impact of the voice codec, and this is where the IP MOS degradation can be used. This metric shows the reduction in MOS due to only IP transmission errors and ignores the effect of the codec. Note that this is a MOS degradation, so a value of zero indicates that there are no problems and higher values indicate increasing degradations due to IP transmission problems. Listening Quality MOS The Listening Quality Mean Opinion Score (LQ MOS) reflects the quality of the voice signal. The following factors affect the LQ MOS: • Voice codec being used (e.g., on a "perfect network" a stream using the G.711 codec provides a higher quality than a stream using the G.729 codec) • Packet loss • Packet size (in the presence of packet loss) • Background noise in the voice signal However, the following factors do not influence the LQ MOS: • Jitter in the VoIP packets being assessed

439

nGeniusONE 5.4.1 Online Help Topics • Receive edge-device (e.g., IP phone, VoIP gateway or video streaming client on a PC) • One-way or round-trip delay Jitter, edge-device and delay can be taken into account by other measurements: • Speech IP MOS takes into account jitter and the receive edge-device • CQ MOS is a measure of conversational impairments (e.g., echo, delay and levels) Troubleshooting Tips As described above, many factors can cause low LQ MOS, many of which are beyond the control of the administrator of the VoIP network. It is therefore important to understand how frequently problems occur before starting to investigate low LQ MOS. If the problem is persistent and regular, follow the steps in the following flow chart.

More Information Voice codecs are one of the fundamental components of telephony networks. If you are not already familiar with the various codecs in use and the difference between narrowband and wideband codecs, read the section on "Voice Coding". If you are not already familiar with mean opinion score (MOS) terminology, the difference between subjective and Objective MOS values, and the difference between listening-quality and conversational-quality MOS values, read the "Introduction to MOS". There are a number of factors that contribute to the perceived listening quality of the voice signal. The following sections describe some of the most important ones. Coding Distortion

440

TROUBLESHOOTING ISSUES Nearly all sub-16kbit/s voice codecs show some degree of signal dependency in their performance. Hence the analysis of a large number of calls from a number of different talkers is particularly important when assessing the performance of systems including such codecs. Other factors that can affect the transmission quality of a voice codec include the input level of the voice signal and the input level and characteristics of the acoustic background noise. Indeed, many codecs perform much better for clean voice (voice with a very low noise floor) than signals with more realistic levels of noise. Signals from handsets in wireless systems are particularly prone to high levels of background noise because wireless calls are often made from noisy locations such as in vehicles or public places. Another important consideration is the effect of multiple concatenated coding stages, which can be highly non-linear, such that two or more stages often produce significantly more perceptible distortion than a single coding stage. A common example of this situation is a call between two cellular phone users. If a call is within a single VoIP system, there should be only one coding stage. Transmission Errors VoIP systems may discard whole packets of voice information due to buffer overflow or routing problems while bit errors are almost inevitable in second and third generation digital wireless systems. Although measures can be taken to mitigate the effects of transmission errors, for example the use of packet loss concealment techniques in VoIP systems, all but the very lowest packet loss or error rates result in some degree of audible degradation. Noise Level and SNR We have already noted that the presence of noise reduces the performance of voice compression algorithms. However, high levels of acoustic background noise in the signal, producing a low acoustic signal-to-noise ratio (SNR), also result in a more direct reduction of perceived quality because the noise interferes with the voice signal, making it less intelligible. Conversation Quality MOS The Conversation Quality Mean Opinion Score (CQ MOS) reflects the quality of each party involved in a two-way conversation. The following factors are taken into account from each side of the conversation: • Echo loss • Delay • Voice level • Noise level The following factors are not taken into account: • Distortion of the voice payload due to coding and packets discarded due to IP transmission errors • Factors in the voice signal that reduce the perceived quality, e.g., poor quality microphones, muting, coding distortion These impairments can be taken into account by other measurements:

441

nGeniusONE 5.4.1 Online Help Topics • Voice IP MOS reflects distortions due to codecs and transmission errors within the VoIP network • LQ MOS reflects distortions to the voice signal both prior to and since entering the VoIP network and the quality of the original signal Troubleshooting Tips It is expected that some variation in CQ MOS is always seen because people often make calls from environments that are not conducive to good conversational quality. Therefore, before taking action to try to identify a potential conversational quality problem, it is important to understand whether or not it is a systematic problem. Click on the Stream details tab for the stream and see if any of the following parameters are marked as red or amber: • CQ echo delay • CQ echo loss • LQ low voice level • LQ high voice level • SNR If none of these parameters are flagged as problematic, it is likely that two or more of them are close to the amber thresholds. Check their values and compare with the thresholds to find the parameters that are combining to cause the conversational problem. Note that you should also look at the Payload quality section of the Stream details tab, which shows you the parameter values for the return leg of the stream in case a problem is being reported for the reverse link. When you have identified the cause of the low CQ MOS, use the main Troubleshoot view to see if this is a systematic problem. More Information In order to use the CQ MOS, it is important that you understand some background information. If you are not already familiar with Mean Opinion Score (MOS) terminology, the difference between subjective and Objective MOS values and the difference between listening-quality and conversational-quality MOS values, read the"Introduction to MOS". As mentioned in the introduction, when calculating the CQ MOS, the following factors are taken into account from each side of the conversation: • Echo Loss • Delay • Voice Level • Noise Level On their own, these measurements do not have a simple relationship with a user’s perception of quality; however, when combined the resultant CQ MOS provides a good prediction of perceived conversational quality. The CQ MOS provides a single figure that relates directly to the perceived quality and can help to identify more subtle problems in the underlying factors. For example, the figure

442

TROUBLESHOOTING ISSUES below shows acceptable calls with a tick and unacceptable calls with a cross as a function of echo and delay.

It can be seen that setting simple thresholds on echo and delay can result in a significant proportion of calls being misclassified. For example, a call with very low echo might be of acceptable clarity even if the delay is above the delay threshold; similarly, a call with echo and delay just below the respective thresholds might still be unacceptable. In reality these interactions are more complex, and the CQ MOS takes into account the interaction between the echo, delay, voice level and noise level from both directions to estimate the conversational quality experienced by each party. By setting a threshold on the CQ MOS, those calls with poor conversational quality can be identified, and then the underlying metrics analyzed to determine main problem. The following guidelines can be useful in diagnosing low CQ MOS values: • Echo Loss – a low echo loss figure at one end of a link causes low conversational quality for the party at the other end of the link • Delay – the CQ MOS for both parties decreases as the total delay of the link increases • Voice Level – a high or low voice level from one end causes a low conversational quality for the other party • Noise Level – a high noise level from one end results in a low conversational quality for both parties Voice Level Extreme voice levels result in a reduction in perceived quality, and very high levels also result in amplitude clipping of the signal, resulting in harmonic distortion and other undesirable effects. The voice level heard by a user can be determined by a combination of: • The level at which the person talking speaks • The sensitivity of the microphone in the send terminal • Any level adjustments made within the network by pads or automatic gain control (AGC) systems

443

nGeniusONE 5.4.1 Online Help Topics • How the terminal device presents the signal to the listener's ear UC Server software takes the first two of these factors into account and any level adjustments made before the measurement point. The LQ Voice Level is calculated by the algorithm that calculates the listening LQ MOS metrics, hence the "LQ" designation. The LQ Voice Level is measured in dBov and is therefore always a negative number; the more negative the value, the quieter the voice will be. See the section on "Decibels" for further details. Voice levels that are consistently outside the range -10dBov to -30dBov are a cause for concern. Troubleshooting Tips It is expected that variations exist in the voice level between streams. However, if there are a significant number of calls outside of the optimal range, use the following tips. Gateways and IP peering points are described in the "Introduction to Voice and Video over IP" section. Voice level too high (> -15dBov)? • Check the gain settings at the gateway or IP peering point. These may be too low. Are all the streams too loud, or only those from the external network or peering network? • There may be high voice levels on the external network or peering network. Voice level too low (< -35dBov)? • Check the gain settings at the gateway or peering point. These may be too high. Are all the streams too quiet, or only those from the external network or peering network? • There may be low voice levels on the external network or peering network. More Information In order to use the LQ Voice Level measurement, it is important that you understand the use of decibels (dB) for measuring levels in audio signals. If you are not familiar with this topic, review the section on "Decibels". Components of telephone networks are designed to operate best when the voice is at a particular level. This level is often around -26dBov. Input voice significantly louder or quieter may result in poorer performance of elements such as "Voice Coding". Moreover, higher levels can result in the signal becoming amplitude clipped, while very quiet levels lead to loss of resolution in the signal. Both of these effects can be heard as audible distortions. The following graphs show a voice sample with two sentences at difference levels. Signal with voice level of -26dBov

444

TROUBLESHOOTING ISSUES

Signal with voice level of -16dBov

Signal with voice level of -5dBov

The signal shown in the second graph has been amplified to the point where amplitude clipping is just about audible - some of the sample values have reached the point at which they can no longer be amplified in the same proportion as the other samples. In the third graph, many of the samples have saturated and the effect of the amplitude clipping is clearly audible.

445

nGeniusONE 5.4.1 Online Help Topics Signal to Noise Ratio The SNR is the Signal to Noise Ratio. In this context, the signal is the incoming voice. The signal to noise ratio shows how much louder the voice is than the noise present in the signal. Poor SNR makes it more difficult to understand what is being said, as more effort is required to distinguish the voice from the noise. The SNR is calculated by the algorithm that calculates the listening quality mean opinion score (LQ MOS). The SNR is measured in decibels (dB), and is normally a positive number. See the section on "Decibels" for further details. The larger the SNR value, the better the signal quality. In general, SNRs exceeding 40dB are very good, and values between 30 and 40dB are more typical for calls made in office environments using good quality telephones. As the SNR reduces below 30dB, it becomes more and more difficult for the listener to understand what is being said by the other party. Troubleshooting Tips It is expected that variation exists in the SNR between streams. However, if there are a significant number of calls outside of the optimal range, use the following tips. Gateways and IP peering points are described in the "Introduction to Voice and Video over IP" section. Low SNR is expected when calls are made using cellular handsets in noisy environments. The following checks should be made across many streams and action taken if persistent problems are identified. Is the Voice level < -35 dBov? • Check the gain settings at the voice gateway or peering point. These may be too high. Are all the streams too quiet, or only those from the peering network? • There may be low voice levels on the external network or peering network. Is the noise level > -55 dBov? • There may be a circuit noise problem in gateway line cards. • Calls may come from an area with high background noise - calls from cellular networks are particularly likely to be affected. More Information In order to use the LQ SNR measurement it is important that you understand the use of decibels (dB) for measuring levels in audio signals. If you are not familiar with this topic, review the section on "Decibels". It is also necessary to have some understanding of "Voice Coding". There are many sources of noise in telephone networks. The most common that are likely to affect the measured SNR are: • Acoustic background noise • Circuit noise

446

TROUBLESHOOTING ISSUES There are also many parts of telephone networks that can influence the voice level (see the section on "Voice Level"). The combination of these and the sources of noise produce the SNR. The following sections describe the different types of noise in more detail. Acoustic Background Noise This term is used to describe the environmental noise that the microphone picks up along with the voice signal. It is inevitable that some background noise is present in all calls, because very quiet environments are rare, and this is the most likely source of poor SNR. The levels of background noise that are captured by the microphone depends on the levels of noise in the environment and the design of the terminal. Cellular handsets are more likely to capture voice with a lower SNR than their traditional telephone equivalents because the microphone is further away from the mouth and therefore picks up less of the voice signal than a microphone positioned directly in front of the mouth. In addition to this, calls made with cellular handsets are more likely to be made in noisy environments (e.g., on streets, in vehicles, at stations, in airports) than those made with traditional, or desktop handsets, which are typically situated in offices. Microphones used with soft-clients that are integrated into web cameras and laptops often produce a poor SNR because they are positioned some distance from the talker and can easily pick up noise from computer fans, disk drives, etc. Circuit Noise In analogue telephony systems circuit noise was a common problem. It was caused by interference between adjacent wires and other electrical components. Now that most analogue links are restricted to the copper access network in the PSTN, this is less of a problem. However, the problem of circuit noise has resurfaced in recent years as the copper access network is also used to carry broadband internet signals. Circuit noise can also be a problem for soft-clients that use external microphones or microphones integrated into a laptop because such microphones can be prone to pickingup electrical interference from the host computer and other nearby electrical equipment. Echo Loss Echo is experienced when one party in a conversation hears their own voice return after a delay of around 40 milliseconds (ms) or more. The louder and more delayed the echo becomes, the more disturbing it will be. Echo Loss is a measurement of how loud the echo is compared with the original signal. A smaller value indicates a louder echo. The echo loss value reported is derived from the echo that would have been heard at the destination. In general, where there is an echo problem, the echo is most likely to have been reflected at the source end of the network. The Echo loss figure that UC Server software associates with a stream is the Echo loss at the source location of the stream. At first sight, this may seem counterintuitive; but it is the source location that generates any echo heard at the stream’s destination. Echo loss is reported in "Decibels" (dB). An Echo loss figure lower than 40dB combined with a delay of more than 40ms is likely to be disturbing to the user. Troubleshooting Tips Situations where echo is not controlled properly, and is therefore audible, are becoming increasingly common due to the widespread use of cellular phones and voice over IP,

447

nGeniusONE 5.4.1 Online Help Topics which can introduce long delays, non-linear echo paths and acoustic echo. Reasons for echo being audible include: • Echo cancellers being incorrectly configured, e.g., insufficient tail-length • Echo cancellers been under-provisioned • Unanticipated sources of the echo such as acoustic echo from a handset with a poor TCLw figure These possibilities should be investigated when low Echo Loss is a persistent problem. The two most common sources of echo in a telephony system are electrical reflections and acoustical coupling. The main source of electrical reflections are the hybrid circuits in traditional telephony systems that are used to interconnect the two-wire transmission system used between the local exchange and the customer premises with the four-wire transmission system used in the core network and telephone handsets. Acoustical coupling occurs in the remote party's telephone equipment when sound leaks from the earpiece or speaker into the microphone. Types of equipment that are likely to return high levels of acoustic echo include: • Cellular phones • Speaker-phones • Voice conferencing equipment • PC telephony without a headset In cellular phones, the microphone is often much closer to the speaker than in traditional telephones. The shorter distance means that more sound from the speaker leaks into the microphone. In the other three types of equipment, the volume played out by the speakers is generally considerably louder than that which would be played out by either a handset or a headset and the microphone is generally further away from the talker(s), so must be more sensitive than in a telephone handset. Each of these two factors result in more echo being returned. In all four of these types of equipment echo-cancelling software should generally used, but this may not be present or fully effective. More Information In order to use the Echo loss measurement, it is important that you understand the use of decibels (dB) for measuring levels in audio signals. If you are not familiar with this topic, review the section on "Decibels". Traditional telephones are designed with a short delay echo path in the handset which returns the speaker's voice into his or her ear after just a few milliseconds. This signal, known as sidetone, reassures the user that the telephone is working and can help control the level of the user's voice. Echo is experienced when one party in a conversation hears his or her own voice return after a delay of around 40 milliseconds (ms) or more. The louder and more delayed the echo becomes, the more disturbing it will be. Echo is usually analyzed using the concept of an echo path, which describes the route taken by a talker's outbound voice to the point where it passes into the return path and is heard as echo. The echo path can be characterized in terms of its delay and echo loss. The delay is the time taken for a talker's voice to transit the echo path. The echo loss is essentially the ratio of the level of the inbound echo with the level of the outbound voice that caused it - the smaller the figure, the louder the echo. These measurements are illustrated in the following diagram.

448

TROUBLESHOOTING ISSUES

Echo generally becomes a problem when the Echo loss of the echo path is 45 decibels (dB) or less and the path delay exceeds about 40 milliseconds (ms). When the delay is less than 40ms people cannot generally distinguish echo from their own voice. Many telephone calls are made over relatively short distances with a round-trip delay of 40ms or less, thus rendering any echo inaudible. However, for trans-continental connections, international connections and systems employing significant processing, such as cellular (mobile) and VoIP networks, the signal propagation delay can result in very much longer round-trip delays. The most common source of echo in the public switched telephone network (PSTN) is electrical echo from hybrid circuits in local telephone exchanges. These hybrid circuits are used to convert between the 4-wire transmission system used in the core of the telephone network and the 2-wire transmission system used between the local exchange and the customer premises. Hybrid circuits typically result in Echo Loss figures in the order of 20dB. This combination of long delay and low echo return loss means that echo control equipment is installed in almost all international and long-haul switching centers and cellular networks. If such equipment were not installed, these routes would suffer from audible echo. Echo cancellers should be placed as close to the echo source as possible, as it is easiest to cancel echo before the echo is distorted by encoding or transmission errors. Cellular telephone networks typically introduce a round-trip delay of 200ms and voice over IP systems can introduce delays of 40ms upwards. This means that echo cancellers should now be deployed at the interfaces between such systems and the PSTN by default. Such cancellers are configured to cancel any network echo from the local part of the PSTN, for example with a delay of less than 128ms. And it is assumed that, if a call is routed to a more distant location, cancellers are deployed at the far end. It is recommended that echo cancellers are used wherever the round-trip delay will exceed 50ms, however, it may be beneficial to use echo cancellers even when the round-trip delay is between 40 and 50ms, as customers appear to begin to notice and complain about echo when the delay is 40ms. Acoustic echo is the result of sound leaking from the handset speaker into its microphone. A commonly used measure of this leakage is terminal coupling loss (TCL), which is often calculated using a frequency weighting (TCLw). The TCLw exhibited by a plain old

449

nGeniusONE 5.4.1 Online Help Topics telephony system (POTS) handset tends to be fairly good, and typically exceeds 45dB. The same should be true of IP phones that are designed to look and feel like a POTS phone. However, cellular handsets tend to have much poorer TCLw figures because they are substantially smaller, and hence the speaker and microphone are closer together, and the designers have many more factors to balance against acoustic considerations. Hands-free telephony causes particular problems because sound from the speaker almost inevitably leaks into the microphone. An increasing number of cellular and hands-free terminals therefore have some form of acoustic echo control built-in, but there are still many handsets that do not. One of the problems associated with acoustic echo is that the echo path may be rapidly varying due to changes in the primary sources of reflection. In the case of a handset, this is due to interactions with the head. In the case of a hands-free system, this may be due to movement of people and objects in the vicinity of the terminal. Echo control equipment should also be present in VoIP and loudspeaker-based conferencing systems. It is recommended that the echo loss should exceed 40dB for any call with a round-trip delay exceeding 40ms. Delay Large delays in a conversational interaction can lead to both parties talking at the same time, resulting in a more difficult conversation. In addition, the greater the delay, the more impact any echo that is present has on the quality of a conversation. In addition, the UC Server software produces two types of delay estimate: Echo Delay and IP delay. These are both reported as "round-trip delays", which means the time taken for a signal or packet to travel from a reference point to edge-devices and back again. IP Delay The IP delay value is calculated from information in RTCP packets that are exchanged between the two edge-devices, and is an estimate of time taken for a packet to travel from one edge-device to the other and back again. This is a useful diagnostic value because it isolates the contribution of the IP network from the overall delay. However, it must be noted that this delay does not include the various sources of delay introduced by the edgedevices and does not include the delay of the external network if one of the edge-device is a gateway. Also note that not all VoIP systems generate RTCP packets. Echo Delay UC Server software primarily provides results for a single stream. However, in order to measure conversational metrics such as echo and delay, IP engines monitor the packet stream in both directions. IP engines generally monitor at a mid-network point, i.e., somewhere between the source and destination of the stream. The Echo Delay associated with a particular stream refers to the delay of the echo path from the monitoring point to the source location and back to the monitoring point again. At first sight, this may seem counterintuitive; but it is the source location that generates echo heard at the stream’s destination. Most people are now familiar with connections with a 400ms round-trip delay due to making calls between cellular phones; however, round-trip delays greatly in excess of 400ms start to cause conversational difficulties. Voice over IP systems virtually always introduce a round-trip delay of more than 40ms and therefore exposes any echo that may be present. Troubleshooting Tips 450

TROUBLESHOOTING ISSUES The network map pane in the Single Call view of the user interface enables you to see payload measurements from both directions of a call. If Echo delay values are reported in both directions, these can be added together to produce the round-trip delay from one terminal, to the far end of the network and back to the original terminal. This is the total time for the tasks shown in the following table to be completed for a call between a person at end A and another at end B. When investigating a call with high delay it is first important to understand if the call is within the VoIP network, or if it goes via a Gateway or peering point to an external network. If it goes via a Gateway, then in the extreme case it may be connecting to a mobile handset and the signal could be traveling via a satellite link. This would add many hundreds of milliseconds to the delay and while this delay has a significant effect on the conversational quality, it may be preferable to have a connection than not. Therefore, when considering calls with long delay, it is important to understand whether many calls are affected, or just a few before undertaking any troubleshooting. Calls Traveling via External Network Cellular (mobile) networks typically add 200ms to the round-trip delay. International networks can introduce delays of many hundreds of milliseconds. There may be little you can do to reduce this. Calls Remaining within the VoIP Network As described below, every element of the VoIP system introduces delay. Many of these elements are configurable and changing the configuration options may change the amount of delay that they introduce. One element that can be responsible for significant amounts of delay is the jitter buffer. Fixed length jitter buffers with long delays are one possible source of large amounts of delay. Adaptive jitter buffers that are experiencing large amounts of jitter can also introduce long delays. Check the jitter buffer configuration of the VoIP device in question as well as RTCP round-trip delay statistics (a.k.a. IP Delay) in the UC Server Streams View (if available) to see if this could be the case. More Information If you are not already familiar with input voice signals, encoding, packetization, transmission, reception, jitter buffers and decoding and how these terms relate to voice over IP, review the section on "Introduction to Voice and Video over IP". You should also read the information about "Echo Loss". The following table shows some of the sources of delay in a call made from a notional end A to a notional end B.

Location

Task

Send side of phone at end A

Capture voice signal Encode and packetize encoded signal

IP Network

Transport packets from end A to end B or gateway (equal to the round-trip RTCP delay divided by two)

Receive side of phone at end B or Receive packets and remove jitter gateway Decode packets and conceal any transmission errors

451

nGeniusONE 5.4.1 Online Help Topics

External network (if present)

The one-way delay of the external network from end A to end B

Hybrid between 4-wire and 2wire circuit / Acoustic coupling at end B

Reflect signal at the far end (generate echo)

External network (if present)

The one-way delay of the external network from end B to end A

Send side of phone at end B or gateway

Capture voice signal

IP Network

Transport packets from end B or gateway to end A (equal to the round-trip RTCP delay divided by two)

Receive side of phone at end A

Receive packets and remove jitter

Encode and packetize encoded signal

Decode packets and conceal any transmission errors Halving this time gives a good approximation of the one-way delay, i.e., the time it takes from the speaker saying a word for the receiver to hear that word. Typical one-way delays for some of these sources are shown in the following table.

Delay source

Typical total one-way delay introduced

Encoding, packetization, decoding G.711, 10ms packets

10ms

G.711, 30ms packets

30ms

G.729, 10ms packets

25ms

G.729, 30ms packets

45ms

G.723.1, 30ms packets

67.5ms

Transmission cable

5μs/km

satellite @ 400km altitude

12ms

satellite @ 36,000km altitude

260ms

Echo canceller

0.5ms - 2ms

Encoding, transmission via cellular network, decoding and error concealment

100ms

The following sources of delay are not included in the above table: • Jitter buffers - these should be designed to account for the maximum delay variation that packets are likely to encounter and can add a commensurate amount of delay • Network elements - every router, switch and repeater adds delay - the amount of delay depends on the design of the element and the network loading

452

TROUBLESHOOTING ISSUES Note that the one-way delay may be different in each direction of transmission, particularly in VoIP networks. Packet Loss Packet loss occurs when packets fail to reach their destination. Packet loss can be caused by oversaturated networks, faulty hardware and packet prioritization techniques. Many edge-devices use concealment techniques to conceal the effects of packet loss. The effect of packet loss on the Voice IP MOS depends on the edge-device and its configuration. In general, if packet loss concealment is in place, packet loss of less than 1% is barely audible.With good packet loss concealment and depending on the pattern of the lost packets, it can still be possible to understand what is being said over a network with more than 25% packet loss. However, in this situation, the voice is badly distorted and understanding may take considerable effort. Jitter Jitter is caused by variations in the delay experienced by packets passing through the network. If packets arrive too early or too late then they may be discarded by the jitter buffer and considered to be lost by the codec. Many different types of jitter metrics exist, but the values reported by UC Server software use packet-to-packet delay variation where a positive jitter value indicates the packet was later than expected, a negative jitter value indicates the packet was earlier than expected, and a value of zero indicates the ideal case of no delay variation between packets. The maximum and minimum jitter values are reported along with the mean absolute jitter. The effect of jitter on the Voice IP MOS is dependent on the edge-device and its configuration, in particular the behavior of the jitter buffer. Out of Sequence Out of Sequence indicates the volume of streams where out of sequence packets were detected. This is calculated in the same way as active streams. Possible reasons for out of sequence packets include: • Route flapping, load sharing or diverse core routing. • Endpoints which send RTP streams with incorrect sequence numbers.

453

nGeniusONE 5.4.1 Online Help Topics

Video Metrics These topics provide a brief overview of the video MOS, video degradation and troubleshooting suggestions when degradation is suspected. • Video IP MOS • Video IP MOS Degradation • Video Degradation • Packet Loss • Jitter • Out of Sequence Video IP MOS The Video MOS (Mean Opinion Score) reflects the quality of the video at the monitoring point and reflects distortions due to voice coding and IP transmission errors up to the monitoring point. The IP payload is not taken into account, but instead a well-conditioned video signal is assumed when determining the impact of IP impairments on the viewing quality perceived by the end-user. The following factors are taken into account: • Codec being used • Detailed packet loss characteristics • Detailed jitter (packet delay variation) characteristics • Characteristics of the edge-device and its behavior in the presence of IP impairments • Bit-rate • Frame-rate When a video application reduces the bit-rate or frame-rate of the video codec, it is increasing the amount of compression being applied to the video signal. Higher compression generally means lower video quality at the receiver. The Video IP MOS value metric is the Video MOS prediction with the effects of compression removed, i.e., it is a prediction of what the video quality would be if the video application were applying minimum compression. Video IP MOS is therefore a useful means of separating the effect of IP impairments from the behavior of the video application. Video IP MOS Degradation Video IP MOS, as described above, provides a measure of the video quality taking account of video coding and IP transmission errors. Because it takes the video coding into account this can vary even when the IP transmission is perfect, due to different video codecs being used (e.g. H.264 and H.264 provide different quality levels). In some cases it is useful to understand the impact of the IP network on quality and ignore the impact of the video codec, and this is where the IP MOS degradation can be used. This metric shows the reduction in MOS due to only IP transmission errors and ignores the effect of the codec. Note that this is a MOS degradation, so a value of zero indicates that there are no

454

TROUBLESHOOTING ISSUES problems and higher values indicate increasing degradations due to IP transmission problems. Video Degradation Often video degradation can be useful to separate the effects of video compression (e.g., lower bit-rate or frame-rate) from the effects of IP network performance. The video degradation metric provides an indication of the MOS degradation that is due to compression alone (without the effect of the IP network). Note that this is a MOS degradation, so a value of zero indicates that there are no problems and higher values indicate increasing degradations due to compression. The following table provides a summary of the three video MOS-based values. Whether factor is taken into account Factor

Video IP MOS

Video IP Video MOS degradation Degradation

Characteristics of the edge-device and its behavior in the presence of IP impairments

Yes

Yes

Yes

Codec being used

Yes

Yes1

Yes

Bit-rate

Yes

Frame-rate

Yes

Detailed packet loss characteristics

Yes

Yes

Detailed jitter (packet delay variation) characteristics

Yes

Yes

1

The absolute maximum quality of the codec is not taken into account, but the reaction of the codec to packet loss and jitter is accounted for, for different codecs.

Troubleshooting Tips When troubleshooting a low Video MOS, it is recommended that the Video IP MOS investigated first. Possible reasons for low Video IP MOS include: • Multiple users with very high concurrent data consumption • High data network usage such as streaming audio or video • Mis-configuration of network elements reducing throughput and causing links to intermittently disconnect • Mis-configuration of routers causing voice packets to be de-prioritized and packet loss due to high volume of traffic • Route flapping, load sharing or diverse core routing • Low bandwidth connection at network extremities • Mis-configuration of port settings 455

nGeniusONE 5.4.1 Online Help Topics Further information on troubleshooting "IP Transmission Problems" can be found below. If the Video IP MOS is acceptable, i.e., there are no problems with the IP network, but the Video MOS is still low, then the problem is the amount of compression being introduced by the video application. This is generally the result of a low video bit rate, which can occur in the following situations: • Presentation streams - when sending a presentation stream at the same time as the main video, devices allocate a limited bandwidth for this stream and lower the bit rate • Network capacity - endpoints try to adjust the video bit rate depending on the network capacity • Network impairments - depending on the network impairments (jitter, packet loss), the video application may choose to lower the bit rate • No video source - when no video source is connected, devices may choose to send blank video frames at a very low bit rate • Video content - videos with very low complexity and low motion may use a lower bit rate • Mis-configured settings in the video application More Information In order to use the Video MOS Video IP MOS and Video degradation, it is important that you understand some background information. If you are not already familiar with input video signals, frame rates, frame resolutions, encoding, bit rates, packetization, transmission, reception, jitter buffers and decoding and how these terms relate to video calls, review the section on "Introduction to Voice and Video over IP". If you are not already familiar with Mean Opinion Score (MOS) terminology, the difference between subjective and Objective MOS values, review the "Introduction to MOS". The software that generates the Video MOS and Video IP MOS correlates distortions measured on a packet network, such as packet loss and jitter, with the subjective annoyance of that distortion. It does this by having been previously "calibrated" for the receiving edge-device (e.g., a Video conferencing terminal, or soft-client on a PC) by measuring the quality over a very large number of test calls. The performance of video systems can be dependent on the nature of the content, e.g., a low frame rate may result in poorer viewing quality for sports footage than for a news program. The Video MOS, Video IP MOS and Video degradation represent the MOS that would be obtained by averaging the effects of the observed IP impairments over a range of common content classes, including videoconferencing, sports footage and a mixture of film and television material. Factors that influence the viewing quality and that affect the Video MOS and Video IP MOS are described below. Video Resolution The resolution of a video sequence has a very strong impact on the perceived quality, e.g., the perceived quality of a 720x480 digital television picture is much greater than that of a 176x144 QCIF picture. If the effect of picture resolution were to be included in the MOS score prediction, it could easily mask more subtle effects such as the impact of IP packet loss; hence the Video MOS and Video IP MOS values are normalized so that they take the

456

TROUBLESHOOTING ISSUES picture resolution into account; e.g., a very high quality QCIF picture would receive a similar score to a very high quality television picture. Edge-Device and Codec Different edge-devices employ different codec implementations and techniques for error concealment. The algorithm that is used to generate the Video MOS and Video IP MOS measures the effects of network impairments in terms of the jitter and packet loss. In order to predict how this affects the video quality the algorithm uses knowledge of how the receiving edge-device in the configuration in use will respond to the measured jitter and packet loss. Most standard codecs, e.g. H.263 or H.264, do not guarantee a specific level of quality across different codec manufacturers. Only the bit stream syntax and the decoder are standardized to ensure interoperability. This enables codec manufacturers to use proprietary encoding techniques and know-how to produce a compliant bit stream. Quality can therefore vary across codec manufacturers even if the codec is specified by an international standard. Video coding standards also include a lot of optional modes of operation that typically improve picture quality at the cost of other factors, such as increased computation or delay. The choice of when to use such optional modes is often left to manufacturers. Packet Loss Packet loss can be caused by oversaturated networks, faulty hardware and packet prioritization techniques. Most edge-devices use concealment techniques to conceal the effects of packet loss, but the exact effect of packet loss on the Video IP MOS depends on the edge-device and its configuration. In some cases 1% packet loss results in bad viewing quality, while in other cases 5-10% packet loss can still result in fair video quality. Jitter Jitter is caused by variations in the delay experienced by packets passing through the network. If packets arrive too early or too late then they may be discarded by the jitter buffer and considered as lost by the codec. Many different types of jitter metric exist, but the values reported by UC Server software use packet-to-packet delay variation where a positive jitter value indicates the packet was later than expected, a negative jitter value indicates the packet was earlier than expected and a value of zero is the ideal case of no delay variation between packets. The maximum and minimum jitter values are reported along with the mean absolute jitter. The effect of jitter on the video quality is dependent on the edge-device and its configuration, in particular the behavior of the jitter buffer. Bit Rate and Frame Rate Many systems allow the user to specify the desired bit rate and then attempt to adapt the frame rate and frame resolution accordingly to achieve the best possible quality, trading off bits-per-frame against frame rate and frame resolution. The effects of bit-rate and frame-rate are excluded from the Video IP MOS metric so that IP problems can be more easily identified. The impact of purely bit-rate and frame-rate on the quality is shown by the Video degradation metric. Audio The Video MOS and Video IP MOS reported are designed to be independent of the audio quality. Checking the value of the Voice IP MOS, LQ MOS and CQ MOS (where available) allow you to assess the quality of the associated voice.

457

nGeniusONE 5.4.1 Online Help Topics Packet Loss Packet loss can be caused by oversaturated networks, faulty hardware and packet prioritization techniques. Most edge-devices use concealment techniques to conceal the effects of packet loss, but the exact effect of packet loss on the Video IP MOS depends on the edge-device and its configuration. In some cases 1% packet loss results in bad viewing quality, while in other cases 5-10% packet loss can still result in fair video quality. Jitter Jitter is caused by variations in the delay experienced by packets passing through the network. If packets arrive too early or too late then they may be discarded by the jitter buffer and considered as lost by the codec. Many different types of jitter metrics exist, but the values reported by UC Server software use packet-to-packet delay variation where a positive jitter value indicates the packet was later than expected, a negative jitter value indicates the packet was earlier than expected and a value of zero indicates the ideal case of no delay variation between packets. The maximum and minimum jitter values are reported along with the mean absolute jitter. The effect of jitter on the video quality is dependent on the edge-device and its configuration, in particular the behavior of the jitter buffer. Out of Sequence Out of Sequence indicates the volume of streams where out of sequence packets were detected. This is calculated in the same way as active streams. Possible reasons for out of sequence packets include: • Route flapping, load sharing or diverse core routing. • Endpoints which send RTP streams with incorrect sequence numbers.

458

TROUBLESHOOTING ISSUES

Additional Metrics Following are descriptions of additional results that are displayed in UC Server views. Active Streams (Average) This is an indication of the average active streams over the time period. For example, over a five-minute period if one stream was active for the whole of the five minutes this metric would be 1.0. If the stream was active for only half this period, then this metric would be 0.5, and so on. Note that calls imported into the system from MS Lync reports do not contribute to this indication. Completed Streams This is the number of streams that have ended during the time period. DTMF This value is an indication of number of completed streams where DTMF (Dual-tone multifrequency signaling) has been detected and that have ended during the time period. Note that this only applies to out-of-band DTMF digits encoded as RFC2833/4733 RTP packets and not DTMF tones in the voice payload. Possible reasons for DTMF include: • Users accessing voice mail or other systems which are controlled by DTMF. Gaps This value is an indication of the number of completed streams which contain gaps and that have ended during the time period. Gaps are periods of time where no RTP packets were detected and can be at the start, middle or end of the call. For start and end gaps packets must be detected in the other direction of the call to be considered as gaps. Thresholds for the minimum durations to be considered a gap are configurable in the Global Settings>Voice/Video tab. Long Calls Long Calls is an indication of the number of completed streams which have a duration greater than the long call threshold and that have ended during the time period. Possible reasons for long calls include: • Constantly active streams • Conference calls QoS Mismatch This is an indication of the number of streams that have that have ended during the time period where the monitoring appliance has seen a mismatch between the QoS values used

459

nGeniusONE 5.4.1 Online Help Topics in the two directions of a bi-directional call. Here the QoS value is taken from the IP header. Note that calls imported into the system from MS Lync reports do not contribute to this count. Possible reasons for QoS mismatches include: • Mis-configuration of network equipment to set precedence incorrectly for one direction. Short Calls This is an indication of the number of completed streams which have a duration less than the short call threshold and that have ended during the time period. The threshold is configurable in Global Settings. In the Streams and Single Call view tables there is an indicator to identify short streams. Possible reasons for short streams include: •

Call quality problems causing users to hang-up early.

•

New streams being set-up once the call has been fully connected.

Single Direction This is an indication of the volume of single-direction streams that have ended during the time period. A single-direction stream is identified when no stream is detected in the opposite direction. In the Streams and Single Call view tables there is an indicator to identify single-direction streams. Standard voice calls comprise two separate streams on the IP network, sent between the same IP addresses and UDP ports but in opposite directions (e.g. A to B and B to A). If the monitoring agent is unable to detect a stream in the opposite direction then the stream is counted as a single-direction stream. Note that calls imported into the system from MS Lync reports do not contribute to this count. Possible reasons for single direction streams include:

460

•

Users listening to voice-mail (i.e., not a problem).

•

Endpoint configuration issues such as codec compatibility.

•

Mis-configuration of firewalls.

•

Load sharing or diverse core routing

TROUBLESHOOTING ISSUES

IP Transmission Problems Isolating IP network problems to determine whether the network is affecting voice or video performance is a crucial part of the diagnostic process. The topics in this section provide a general overview of the role IP transmission errors play in voice and video performance analysis. • Basic Troubleshooting • IP Root-cause Analysis Basic Troubleshooting Possible reasons for low Voice IP MOS, Video IP MOS and Video MOS include: • Multiple users with very high concurrent data consumption • High data network usage such as streaming audio or video • Mis-configuration of network elements reducing throughput and causing links to intermittently disconnect • Mis-configuration of routers causing voice packets to be de-prioritized and packet loss due to high volume of traffic • Route flapping, load sharing or diverse core routing • Low bandwidth connection at network extremities • Mis-configuration of port settings The following flow chart shows the steps to take when investigating low IP MOS.

461

nGeniusONE 5.4.1 Online Help Topics If most calls have low IP MOS, access the UC Streams view to find the streams with low IP MOS, check the "1st cause" and "2nd cause" values and look up these categories in the table in the following section. IP Root-cause Analysis This section provides an explanation of the "1st cause" and "2nd cause" values generated by UC Server software when the voice or video IP MOS is low. The causes are separated into the categories shown in the table below. Possible causes are then described in the following sections.

Category

Description

Characterized by

LAN Congestion

End-devices competing to access the network via hubs and switches

Excessive jitter

Router Congestion

Routers processing packets and managing queues

Excessive jitter and packet loss

Access Link Congestion

Large data packets being transmitted over slow access links disrupting the flow of media packets and causing them to be queued

A long delay followed by several very short delays between media packets

Diverse Routing

Packets being transmitted via different routes, each with slightly different delay profiles

Packets appearing at the receiver out-ofsequence

Unreliable Link

A network link that is causing high levels of packet corruption or that has failed

Low levels of jitter but high levels of packet loss

LAN Congestion • Symptom: Packet congestion in Hub / Switch • Results in: Difficulty for packets getting onto the wire • Maybe similar to router congestion but low packet loss • Possible causes: o

Using a Hub instead of a Switch

o

Under-specified link capacities

o

Multiple users with very high concurrent data consumption

Router Congestion • Symptom: High data rate through router • Results in: Difficulty for packets passing through router • Possible causes: o

o o

462

Multiple ports may be using high data rates Misconfigured QoS on router Under specified router for amount of traffic

TROUBLESHOOTING ISSUES • Diagram showing scenario that could result in router congestion:

Access Link Congestion • Symptom: Bottleneck in link throughput • Results in: Difficulty for voice packets passing across links • Possible causes: o

o

o

o

Low bandwidth connection at network extremities Slow link overloaded with high data rates Misconfigured network elements reducing throughput Badly configured QoS causing voice/video packets to be de-prioritized

Diverse Routing • Symptom: Mis-sequenced packets detected • Results in: Voice packets using different routes with different latency • Possible causes: o

Load sharing or diverse core routing

o

Problems in the core network

o o

Load sharing containing a problem link Route flapping

• Diagram showing diverse routing scenario:

463

nGeniusONE 5.4.1 Online Help Topics Unreliable Link • Symptom: Intermittent connectivity problems • Results in: Intermittent complete drop out for voice packets • Possible causes: o

Faulty physical connection on particular link

o

Port setting problems e.g., Duplex, Full, 10, 100, Auto

o

464

Element configuration could cause links to intermittently disconnect

CONFIGURING AND MANAGING nGeniusONE Administering the nGeniusONE Server Configure and manage features of your nGeniusONE deployment using the following modules: • Configure monitoring settings (Global Settings): Configure and view monitoring settings for your deployment including defining communities, configuring applications and messages, and assorted thresholds. • Add and manage servers (Server Management): Perform essential server maintenance and configuration, including adding servers (NewsStand, Standby, Associated, Local) managed by this server. • Add and manage users (Server Management): Add and modify users, user groups, and user roles and activity. • View and configure server settings (Server Management): Perform software updates, join the nGenius Deployment Database, add and modify authentication servers, add and modify exclusions. • View deployment details (Server Management): View session statistics, activity logs, and user deployment information. • Manage data sources (Device Management): Add or modify InfiniStream appliances and other data sources or instrumentation, and manage monitored element groups. • Configure or modify services (Service Configuration): Manage definitions for application or network-based services for use in Service Monitors, Reporting, and the Service Dashboard. • Create, view, and manage Spaces (Spaces Configuration): Modify Dashboard Spaces to customize the data displayed in the views. • Verify requirements for Monitors (Service/Traffic Monitors): In addition to the above configuration of servers, applications, and devices on the nGeniusONE Server, ensure the monitoring data sources are configured appropriately for detecting the required traffic type. • Create and view reports (Report Configuration): Manage reports for troubleshooting and sharing information with others on a regular basis.

465

nGeniusONE 5.4.1 Online Help Topics

MANAGING DEVICES Welcome to Device Configuration Device Configuration provides you with an easy-to-use interface that allows you to manage the monitoring devices in your enterprise. The installation process automatically creates a user account with System Administrator and Network Administrator roles. The default account allows you to configure devices and application monitoring including performing the following tasks: • Add or import devices • Upload and upgrade InfiniStream or Decode Pack software • Add or modify Monitored Element Groups or SuperGroups

Device Configuration in nGeniusONE — Overview The Device Configuration module in nGeniusONE supports the functionality under these tabs: • Devices - add or modify functionality of InfiniStream appliances. For complete details, click here. • Upgrade - InfiniStream or InfiniStream Decode Pack software • Monitored Element Groups - add or modify Monitored Element Groups or SuperGroups Note: • You can add a Cisco Catalyst 5000 or 6000 Network Analysis Module (NAM) in the same manner as other devices. • To prevent more than one user from updating the same device simultaneously, the device is automatically locked while being modified. Therefore, you may receive a message stating that the display has changed. Refresh the display to view the latest settings. Section 508 Compliance nGeniusONE supports industry-recognized user-interface accessibility standards implemented in compliance with Section 508 of the U.S. Rehabilitation Act. This Act requires that Federal Departments/Agencies’ Electronic and Information Technology (EIT) be accessible to people with disabilities.

466

CONFIGURING AND MANAGING nGeniusONE

Navigating the Interface Refreshing the Display in nGeniusONE To view the latest changes in a window, click the Refresh icon. Clicking the refresh icon refreshes the parent window and any child windows that may be open. If the information you are currently viewing is changed by another user at a different location, a message displays prompting you to refresh the display.

Device Configuration Interface This topic provides a quick introduction to the following components of the Device Configuration user interface. • Tabs • Tools • Task Progress • Controls

Tabs The Device Configuration interface consists of a series of tabs containing major device configuration functions. Tab

Description

Devices

Configure and manage data sources

Upgrade

Update InfiniStreams and InfiniStream Decode Packs

Monitored Element Groups

Display and configure monitored element groups, super groups, and their constituent parts

Tools The following table lists general purpose tools used throughout Device Configuration. The location and function of some tools varies depending on context: Add

Add devices, applications, and groups

Modify

Modify any attribute of the selected object: device configurations, application monitoring options

467

nGeniusONE 5.4.1 Online Help Topics

/ /

/

Delete

Delete a device, application, or group

Show/Hide/Reset Filter

Show, hide, or clear the filter. Whether the list shown has been filtered or not is indicated by the appropriate filter icon and accompanying tool tip displayed at the bottom of the screen.

Activate/Deactivate

Enable or disable the selected object

Relearn

Update device details

Device Settings

Set device read and write community values, and Config Server IP Address

Information

Display physical and virtual device parameters

Remote Login

Access the nGenius Command Line Administrator of the device This screen displays the protocols and their correlated settings you applied either to all InfiniStream appliances from the nGeniusONE server or to this InfiniStream device from Device Protocol Settings

Associated Applications

you configured in Performance Manager (UMC). The Protocol Settings Type is displayed in parentheses at the top of the screen as either Global or Local. Information displayed includes settings for application Name and Parent, Response Time, Responsiveness intervals, ASR, and Slice Size.

/

468

Import/Export

Import or export devices, software, or application definitions

Column Management

Show or remove columns displayed on the screen

Refresh

Update the Device Configuration display

CONFIGURING AND MANAGING nGeniusONE

Task Progress The Task Progress Report displays the progress of tasks. In a distributed server environment, the Global Manager aggregates the progress from all Local Servers and displays the overall progress. You can hide/show the Task Progress Report by using the up/down arrow at the bottom of the screen (on the left). You can view the details for a task by selecting the task and clicking the Details button. Also, a message similar to the one below displays after you perform a configuration action.

• Name — The task currently being performed. • Details — More information on the task that the server performs. When the task completes, the Details column displays "Done". • Status — The status of the task that the server is performing. A progress bar displays for tasks in process. For completed tasks the Status column displays Information, Warning, or Errors.

Controls In addition to the tools listed above, you can organize the interface using the following controls: Sort

Display a list of entries in caseinsensitive, alpha-numeric order by toggling up and down arrows next to column names

Page View

The Page fields let you select one or more pages from a larger, dropdown number of devices for viewing.

469

nGeniusONE 5.4.1 Online Help Topics

Devices Tab in nGeniusONE The Devices tab in Device Configuration displays a list of devices that have been added to the nGeniusONE server along with their associated characteristics. Click the Column Management

icon to add or remove columns from view.

Configuring Devices You can perform the following actions on this page: • Add a device by clicking the Add button . The Add Device sliding screen appears. Complete the fields and click OK when finished. • Modify a device by selecting the device and clicking the Modify button . The Modify Device screen appears, showing information about the device and its interfaces, including general information and settings, physical and virtual interface details. Make your changes and click OK. • Delete a configured device by selecting the device and clicking the Delete button . • Show/Hide column filters by using the Show/Hide Filter buttons • Clear all filters using the Reset the Filter button • Deactivate

or Activate

/

.

.

a configured device.

• Relearn settings on a rebooted or modified device. The nGenius Server automatically relearns the device whenever the device reboots (for example, when a new physical interface is added or removed or firmware is upgraded). • View and configure Device Settings and Config Server IP Address. • View Information

including the Read and Write Community

about a device including:

o

Status of Ping, Read and Write Community tests.

o

CDM Level type. For example: Advanced.

o

Hardware/Software model names, CDM and build numbers.

o Device Up time including the day of the week, date, time, and time zone. o Hardware, InfiniStream and InfiniStream Extended Support serial numbers. o

Total, Free, and Used Memory totals (MB).

• Remotely log in

470

to a device using the Agent Configuration Utility.

CONFIGURING AND MANAGING nGeniusONE

• Display Associated Applications . Clicking the icon displays a sliding screen "template" of applications and correlated settings you selected in the Device Protocol Settings finished viewing, click • Import

and Export

module of the Unified Management Console. When Back to withdraw the screen. device settings.

• Perform Column Management by removing or adding one or more columns for display in the Devices screen. Double-click a selection in the Column Management screen to move it to the display (left) or hide (right) pane and click OK to execute the action. Optionally, you can Remove All or Add All columns, and rearrange a column's horizontal placement on the screen by selecting an item in the display pane, dragging and dropping it higher or lower in the list. Refer to the "Columns" section below for a list of the columns and associated descriptions. • Click the Task Progress arrow at the bottom of the screen to display the details and status of operations. You can select an operation and click Details to display additional information. A message similar to the one below displays after you perform a configuration action.

• Refresh

the display.

Columns Field

Description

Status

The current operational status of a device. Down Pending , or Active .

, Inactive

,

An active device is online and operating normally. The pending state is an initial stage of a device that has not yet been added to the system. The device is unreachable until it is completely learned. Similar to an inactive device, a pending device's interfaces do not count against the license limit. The device is in a sleep-like mode where it is no longer performs logging or relearns. Interfaces on inactive devices do not count against the license limit. A Down device is considered unreachable first by unsuccessful IMCP then SNMP pings. When both pings fail, the device is marked down. Name

The name of a device. The device name is defined when you add a device to the nGenius Server.

Address

The IP address (IPv4, IPv6, or host name) of a device.

471

nGeniusONE 5.4.1 Online Help Topics

Alias

An optional alternate name for a device.

Type

The operational type of device including: nGenius InfiniStream, InfiniStream Virtual Appliance, nGenius Probe, NetScout Packet Flow Switch , NetScout FlowCollector, Router, Server, Switch, Router Network Analysis Module, or Unknown.

Device Protocol Settings

Protocol settings type describing whether application settings were applied to all InfiniStreams by the nGeniusONE server (Global) or to this InfiniStream through the UMC (Local).

Interfaces (Act)

The number of interfaces enabled and operational (active) for monitoring on a device.

Interfaces (Inact)

The number of interfaces disabled (inactive) for monitoring on a device.

Decode Pack

The file name of the installed Decode Pack containing the code release version and build number. For example: 15.1 Build 185

Description

Device system information including the model name, firmware version, and build number. This field cannot be modified. Thirdparty devices may include Technical Support sites, copyright information, and a date-stamp when last compiled and by whom.

Notes

(Optional) Additional user-supplied information about a device such as its physical location.

Sorting devices Click a column header to sort

alphabetically by that column.

Device Details - Interfaces Screen The Interfaces or Ports section of the Modify Devices screen, as shown below, provides for configuration and display of physical interface information for InfiniStreams, probes, routers, and switches as well as drill-down access to associated virtual interfaces. Be aware that depending on the interface type chosen, some data and functions are not available.

From this screen you can: •

472

Modify interface properties.

CONFIGURING AND MANAGING nGeniusONE

•

Delete an interface.

•

Activate or

Deactivate an interface.

•

Clear Captures to empty buffers of packets collected by previous captures. This function is not available for switches or routers.

•

Monitoring options to configure virtual interface parameters: IPSLA, NetFlow Aggregate, IP Ping, Associate Sites, Associate APN, or Associate VRF Groups and others. This function is not available for switches or routers.

•

Virtuals to view and configure virtual interfaces, as shown below. This function is not available for switches or routers. Also, the Virtuals icon is disabled if the selected physical interface does not have configured virtual interfaces.

Important: Inline editing is not supported. Modify Interface Name, Alias, or Speed To modify a physical interface Name, Alias, or Speed, refer to: • Modifying Device Information • Modifying Physical Interfaces • Modifying FEC Interfaces • Modifying virtual interfaces: APN, BSID, LA-RA, NetFlow, QoS, sFlow, Site, TAC, VLAN, VRF Group, and VRF Site. Important: Depending on the interface type, changing a name or interface speed may not be permitted. Column

Description

Name

The name of the interface. This field is configurable: • Spaces and alphanumeric characters are valid up to a limit of 128 characters. • Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some, all, or none. • The name must be unique for each interface. Note: Interface names are based on if Descriptors or if Names (if entered on the device). If the nGenius Server learned the name of the interface from the device, you cannot modify the interface name.

Alias

(Optional) A user-defined alternate name for the interface. This field is configurable: • Spaces and alphanumeric characters are valid. • Rules governing the use of special characters vary by function. In most cases, the user

473

nGeniusONE 5.4.1 Online Help Topics

interface validates characters as you enter them, allowing some, all, or none. • The alias must be unique for each interface. IP Address (Routers Only)

The IP address of the interface. If an interface has multiple IP addresses, only one address displays. This field does not display for probes or switches.

Number (Probes and Routers Only)

The interface number. This field does not display for switches.

Slot/Port (Switches Only)

The slot and port numbers on the device.

IF Type

The type of network the device is connected to such as Ethernet (ET), Frame Relay (FR), ATM, Token Ring (TR), WAN, GigabitEthernet, or ASI PORTAL (for select voice-supporting InfiniStream models). If the nGenius Server does not recognize the interface type, then the topology is defined as Other.

Speed Override (Routers and Switches Only)

Check box indicating whether or not the original interface speed was overridden.

Speed (Mbps)

The interface speed. By default, the speed is learned when a device is added. In many instances, this value can be overwritten.

Fdx (Routers and Switches Only)

Select this check box if the device supports full duplex. With Fdx (Full duplex) selected, the interface speed is doubled for utilization calculations. This field does not display for probes.

Status

The status of an interface— Active, Inactive, Absent, or Pending. You can deactivate an active interface by selecting the interface and clicking Deactivate, or activate an inactive interface by selecting the interface and clicking

Activate.

Alarm Template

Lists the alarm template (or Default) for each interface.

Locations/Virtualization

Indicates the type of Location Key (virtual interface) discovered by the InfiniStream appliance such as Site, VLAN, VRF, QoS, Cell Site, Cell Area, Cell ID, HandsetGroup, CMTS, APN, CMTS, TAC, BSID, LA-RA, and PLMN. Multiple and hybrid Location Key types are displayed in this column per physical interface as well as in the Virtuals screen. A list stretching longer than the field can be viewed in its entirety by hovering your cursor over the entry.

474

CONFIGURING AND MANAGING nGeniusONE

They are also displayed in the Location Keys pane of the Service Configuration monitor where users can choose to display locations discovered by the InfiniStream (already carrying traffic) or those configured in Global Settings but not yet in operation. Caveats • A delay of between 6 and 10 minutes will occur for Location Keys to display after they are discovered. • Only when asi_mode is set to ASI will the InfiniStream display all supported location keys it discovers from the ASI tables. CDM mode will display virtual interfaces only. • When a virtual interface is changed in ASI mode (from VLAN to Site, for example), the relearn process will take 15 minutes to process the old virtual interface and return the new virtual interface type. • Note: With hybrid mode selected, this column is titled Virtualization. When ASI mode is selected, the column is titled Locations.

Upgrade Tab The Upgrade tab in the Device Configuration module provides system administrators with convenient configuration options for software updates to InfiniStream software and InfiniStream Decode Packs. Tabs The Upgrade tab includes two sub-tabs that provide one convenient location to configure the following types of remote upgrades: • InfiniStream software remote upgrades. Important: When upgrading a NetScout Lync Collector, be aware that a remote upgrade is not supported. You must manually upgrade this type of NetScout device. Refer to the nGenius InfiniStream Administrator Guide for instructions. • Decode Pack remote upgrades The functionality and upgrade details available for both InfiniStream software and Decode Pack tabs are described below. Icon/Column

Description Upgrades the InfiniStream/Decode pack software.

/

/

Displays, Hides, or Resets the fields to filter for any of the decode pack details listed below. Reset reverts the filter to the default view.

475

nGeniusONE 5.4.1 Online Help Topics

Refreshes data in the table. Status

Current status of the upgrade displayed in three states: • Green

- the InfiniStream or Decode Pack is up to date.

• Red - upgrades are available for either InfiniStream software or Decode packs. • Empty - no files were copied to the appropriate directories. Name

User-supplied name of the InfiniStream.

Address

IP address of the InfiniStream appliance.

Model Version

Description

Model number of the InfiniStream appliance. For example: 6980B Current installed decode major/minor version and build numbers. Decode example: 12.3.52. InfiniStream example: 5.00.405 Decode major/minor version and build numbers. InfiniStream upgrades include the CDM release and build numbers. Decode example: 12.3 Build 55. InfiniStream example: IS Model 6980 CDM 5.0.0 (Build 415)

Monitored Element Groups Tab in Device Configuration Monitored Element Groups Overview The Monitored Element Groups tab in Device Configuration displays a list of configured monitored elements, groups, super groups and their associated characteristics, described in the table below. Important: When upgrading, monitored element groups containing one or more ASI physical or virtual interfaces are automatically converted to network domains in nGeniusONE. If you previously had services with monitored element groups, the services are updated to use the new network domains instead of ME Groups. Virtual interfaces from the previous ME Groups are shown as location keys in the service member details for the network domains. Functionality Monitored Element Groups can contain: • Physical or virtual interfaces • Switches and routers • A combination of the above The screen also provides buttons to perform the following functions. Click the hyperlink for step-by-step instructions.

476

CONFIGURING AND MANAGING nGeniusONE

• Add

a monitored element group or Super Group.

• Delete

a monitored element group or Super Group.

• Show or Hide Filter to display or hide the filter field. When displayed, the filter field lists one or more specified ME Groups or Super Groups in the ME Groups pane. A more selective filter is provided in the Group Details pane where you can arrange the list by Name, Full Name, Alias, IP Address, Speed, Device Category, or Interface Category. • Reset Filter

displays or hides the filter field.

• Import

Super Groups in bulk.

• Refresh

the ME Group display.

• Clicking the Task Progress Report arrow screen displays a report with the Name of the particular ME Group, Details and Status of the operation. You can click Details to display additional information about the task. Field

Description Monitored Element Groups Pane

or Name

Type of group (Monitored Element Group or Monitored Element Super Group) Name of the group Group Details Pane

Name

For adding/editing the group name. Becomes available when Add a monitored element group

is clicked.

Group Type filter options:

Check the Super Group check box to display members of the super group selected in the left pane.

• Super Group

Check the Show Members Only check box to display members of the group selected in the left pane. Uncheck the box to display all configured ME members.

• Show Members Only Column function/name

Description

Check box to select/deselect devices

477

nGeniusONE 5.4.1 Online Help Topics

Name

The name of an ME member, defined when you add a device to the nGenius Server.

Full Name

Descriptive name for an ME member which can include the associated device name, physical and virtual interface names, and QoS group level. For example: john234:if5:VRFGROUP_Other:QOS

Alias

User-supplied, optional, alternate name for an ME member.

Address

The IP address of an ME member.

Speed (Mbps)

Speed of the interface in bits per second. The speed is detected by the nGenius Server.

Device Category

Type of device associated with the ME member. For example: InfiniStream

Interface Category

Type of interface: either Physical, Virtual, or User Defined ME.

Task Progress Report in nGeniusONE The Task Progress Report displays the progress of each task you are currently performing. In a distributed server environment, the Global Manager aggregates the progress from all Local Servers and displays the overall progress. You can view the progress for each individual local server by clicking the Details button. You can also view details of other tasks by clicking the down arrow at the bottom of the screen. • Name — The task currently being performed. For example: Adding Route • Details — Details for the task that the server is currently performing. When the task completes, the Details column displays "Done". • Status — The status of the task that the server is performing. A progress bar displays for tasks in process. For completed tasks the Status column displays Success, Warnings, or Errors. • The dialog opens automatically when a new task is received if you click the box, as shown below, at the top of the dialog.

478

check

CONFIGURING AND MANAGING nGeniusONE Viewing Details To view detailed information about a particular task, select the task and click Details. The Details window includes the Progress and Warnings/Information/Errors tabs, as shown below. Progress Tab When viewing progress details from the Global Manager, select the appropriate Local Server. The Progress tab displays all subtasks that the server performs to complete the task you requested.

Icons display with the task or selected device name to indicate the task status: Symbol

Description Completed successfully Partial failure Failed completely

Warnings/Errors Tab The tab label changes based on the current status of the task. A detailed description of the message displays, including the Timestamp, Description, and Details such as the device name, application, port number, and other information. For more information about a specific warning, information, or error, you can view the Activity Log.

479

nGeniusONE 5.4.1 Online Help Topics Clearing a Task To clear a task from the report window, select the task and click Clear. The task is removed from the window but server still performs the task.

Viewing the Status of a Device or Interface in nGeniusONE You can view the status of a device or interface in the Devices tab window of Configuration. Interface status is also displayed in the Modify device screen.

Device

The following table explains the four status assignments that can apply to a device or interface. Status Down

Pending Inactive Active Absent

480

Assigned By

Description

nGeniusONE Server

Assigns Down status to a device if SNMP and ICMP Pings from the nGeniusONE server are unable to return it to an Active state.

nGeniusONE Server

Assigns Pending status to a device if the device you added failed to configure.

User

Assigns Inactive status to a device or interface that the user wants to deactivate.

nGeniusONE Server

Assigns Active status to all devices and interfaces that are successfully learned or relearned.

nGeniusONE Server

Assigns Absent status to any interface that cannot be located during a relearn.

CONFIGURING AND MANAGING nGeniusONE

Adding/Modifying Devices Adding a Device in nGeniusONE Users assigned the Network Administrator role can add devices. When you add a device, monitoring and logging is enabled by default. The nGeniusONE Server automatically learns all the interfaces and you can configure the device by selecting the Devices tab. You can modify these settings after adding the device. Important: when adding a device behind a firewall, be aware that nGeniusONE Server uses particular ports for the SNMP, HTTP, and HTTPS communications protocols. Alternatively, you can use optional ports for these protocols. Refer to the Ports Used by nGeniusONE Server Hardware section in the nGeniusONE Administrator Guide for these mandatory and optional port numbers. In a distributed server environment, Applications settings must be modified through the Global Manager. More about adding devices. • Information Specific to Adding Switches • Adding a UC Lync Collector • Adding Other Supported Devices • Importing Multiple Devices • Licensing and Monitoring Limits Important: If you configuring a device using the SNMPv3 communication protocol, refer to Add/Modify Device for more information. Configuration To add a device to the nGeniusONE Server: 1. From the nGeniusONE console, click the

Device Configuration icon.

2. Select the Devices tab. 3. Click

Add.

4. In the Add Device dialog box, enter information in the required fields. Be sure to observe rules regarding special characters. 5. (Optional) Click Advanced to enter values for Retries, Timeouts, and SNMPv3 Settings as well as Enable Device Unreachable Alarm, Enable learn only mode, DLC, and Do not add routers for NetFlow check boxes if applicable. 6. Click Apply to save your configuration. Tip: If the Add dialog box moves to the background, press ALT+Tab to bring it to the foreground. Note: If you specify an incorrect switch type, you can correct the error by deleting the switch and re-adding it to the nGeniusONE Server using the correct switch type.

481

nGeniusONE 5.4.1 Online Help Topics

Viewing Device Information in nGeniusONE Device Information lists specific details about a selected device, switch, or other device. To view device Information: 1. From the nGeniusONE console, click the

Device Configuration icon.

2. Select the Devices tab. 3. Select a device and click

482

Information. The following information displays.

Field

Description

Ping Test

The results of a ping request. OK indicates that the device was successfully contacted.

Read Community

OK indicates a correct setting

Write Community

OK indicates a correct setting (more).

Hardware/Software

Probe type, model number, firmware version, and build number.

Device Up Since

The day of the week, date, time, and time zone when the probe was last started or rebooted.

CDM Level

Not applicable

Hardware Serial Number

The device hardware serial number, if applicable and available; otherwise the field is populated with zeroes.

Total Memory

Displays the total installed memory (in Megabytes).

Free Memory

Displays the amount of available memory (in Megabytes) on the device.

Used Memory

Displays the amount of used memory (in Megabytes) on the device.

IS Serial Number

Serial identification for the InfiniStream and Extended Storage Unit (ESU1 and ESU2).

CONFIGURING AND MANAGING nGeniusONE

Adding a Device in nGeniusONE Users assigned the Network Administrator role can add devices. When you add a device, monitoring and logging is enabled by default. The nGeniusONE Server automatically learns all the interfaces and you can configure the device by selecting the Devices tab. You can modify these settings after adding the device. Important: when adding a device behind a firewall, be aware that nGeniusONE Server uses particular ports for the SNMP, HTTP, and HTTPS communications protocols. Alternatively, you can use optional ports for these protocols. Refer to the Ports Used by nGeniusONE Server Hardware section in the nGeniusONE Administrator Guide for these mandatory and optional port numbers. In a distributed server environment, Applications settings must be modified through the Global Manager. More about adding devices. • Information Specific to Adding Switches • Adding a UC Lync Collector • Adding Other Supported Devices • Importing Multiple Devices • Licensing and Monitoring Limits Important: If you configuring a device using the SNMPv3 communication protocol, refer to Add/Modify Device for more information. Configuration To add a device to the nGeniusONE Server: 1. From the nGeniusONE console, click the

Device Configuration icon.

2. Select the Devices tab. 3. Click

Add.

4. In the Add Device dialog box, enter information in the required fields. Be sure to observe rules regarding special characters. 5. (Optional) Click Advanced to enter values for Retries, Timeouts, and SNMPv3 Settings as well as Enable Device Unreachable Alarm, Enable learn only mode, DLC, and Do not add routers for NetFlow check boxes if applicable. 6. Click Apply to save your configuration. Tip: If the Add dialog box moves to the background, press ALT+Tab to bring it to the foreground. Note: If you specify an incorrect switch type, you can correct the error by deleting the switch and re-adding it to the nGeniusONE Server using the correct switch type.

483

nGeniusONE 5.4.1 Online Help Topics

Adding Devices in nGeniusONE Server — Overview The nGeniusONE software supports a variety of InfiniStreams, other NetScout devices, routers, and switches that you can add to the nGeniusONE server to collect data. The number of devices you can add to the nGeniusONE Server is controlled by your software license. Click here for information on UC Lync Collector licenses. When you add a device, the nGeniusONE Server automatically learns all the interfaces and configures the device by applying settings in Devices and a default Alarm Template (or one you configure - UMC only). You can modify these settings prior to or after adding the device. In a distributed server environment, Devices settings can only be modified through the Global Manager. To add devices, you must be assigned the Network Administrator role. Distributed Server Environment In a distributed server environment, the Global Manager cannot own devices; therefore, all devices must be associated with a Local Server. You can add devices using the Global Manager but you must assign the device to a Local Server. All devices within the server cluster must have a unique IP address. Methods of Adding Devices Network Administrators can add devices to the nGeniusONE Server using the following methods: • Add devices one at a time — Use this method if you want to add one or only a few new devices to the nGeniusONE Server. • Import multiple devices simultaneously — Use this method if you want to add several devices to the nGeniusONE Server simultaneously. Adding Switches and Other Device Types Refer to the following topics when adding switches and other MIB2 devices: • Information Specific to Adding Switches • Other Supported Devices

484

CONFIGURING AND MANAGING nGeniusONE

Adding and Configuring Devices The nGeniusONE software supports a variety of InfiniStreams, switches, and other devices that you can add to the nGeniusONE server to collect data. The number of devices you can add to the nGeniusONE server is controlled by your software license. When you add a device, the nGeniusONE server automatically learns all the interfaces and configures the device by applying global settings and a default template. Be aware that to add devices, you must be assigned the Network Administrator role. The main tasks to perform for adding and configuring devices include: • Adding a device • Creating a Monitored Element Group or SuperGroup • Configuring Monitored Element Groups • Using Alarm Templates • Also click here for more information regarding device configuration. Adding a Device Network Administrators can add devices to the nGeniusONE server one at a time (for one or a few new devices) or import multiple devices in bulk if you want to add several devices to the nGeniusONE server simultaneously. Switches are added in the same manner as other device but for additional information, refer to the Information Specific to Adding Switches section. To add a device individually: 1. Open

Device Configuration > Devices tab.

2. Click

Add.

3. In the Add Device dialog box, General tab, enter information in the required fields including a Name, Alias (optional), IP Address, Server, Description, Device Type, Communication Protocol, Read and Write Community, and Device Template. 4. (Optional) Click the Advanced tab to enter values for Retries, Timeouts, and SNMP Settings as well as Enable Device Unreachable Alarm, Enable learn only mode, DLC, and Do not add routers for NetFlow check boxes if applicable. NetScout highly recommends that you select HTTP as the communication protocol. 5. Click Apply then OK. To export the contents of one device's configuration on another device: 1. Successively click

Device Configuration and the Devices tab.

2. On the device you want to copy the device configuration from, click devices, Save File, and OK. 3. On the device you want to copy the device configuration to, click devices, browse for the file, and click Open.

Export Import

485

nGeniusONE 5.4.1 Online Help Topics To add devices in bulk by creating a CSV file to import devices (the following requirements apply to the CSV file): • Enter information for each device on a separate line. • Device type, device name, and IP address (IPv4 or IPv6) are required. • In a distributed nGeniusONE server environment, include the name of the Local Server Name to which the device is to be added. The Local Server name supplied must match the name used for the Local Server configuration. When adding devices, you can enter the device type as AUTOMATIC. This allows the nGeniusONE server to determine the device type and display the information in the Device Type column in the Device Configuration window. Manually Creating the CSV File To create the CSV file manually: 1. Create a new text file using a text editor: 2. Enter one line of information for each device using the following format: Device type, Device Name, Device IP Address, Read Community String, Write Community String, Retries, Timeout, Learn Only, Local Server Name, Device Alias, Notes, Web Server Port, Server Address, nFR Server Name, Workspace Name, Device Unreachable Alarm, MIB2Mode, Status, System Description, Physical Address, Communication Protocol, Authentication Protocol, Privacy Protocol, Privacy Password Click here for information on these parameters. Note: • Enter AUTOMATIC in upper case. (nGenius InfiniStream is added as device type AUTOMATIC). For example, to specify a probe device type, enter PROBE. The CSV file is case-sensitive on Linux systems. • To accept defaults for all fields that follow required fields, you can leave the fields blank. Refer to the example below. • You can use the default value for a parameter by entering a comma for that field. Defaults are accepted for all fields between Local Server Name and MIB2Mode. 3. Save the file with a .csv extension and close the file. 4. You can add all of the devices in your CSV file using the Import Devices feature. Example: Adding an nGenius InfiniStream AUTOMATIC,My InfiniStream,10.44.55.66,,,3 In this example, the defaults are accepted for Read and Write communities and for all fields following Retries. Creating a Monitored Element Group or SuperGroup Creating Monitored Element (ME) groups allows you to group probe interfaces, router interfaces, and switch ports in a way that is most useful to your organization. For example, you can group monitored elements according to topology, type of link, region, or business

486

CONFIGURING AND MANAGING nGeniusONE unit. You could also aggregate ME groups to make it possible to restrict access to data for certain users. In a distributed server environment, you can create ME Groups from the Global Manager as well as from the Local Server. The advantage of creating ME Groups from the Global Manager is that you can include device interfaces and switch ports that reside on different Local Servers in one group. You can also see other ME Groups that are created on each Local Server. From a Local Server, you can view all ME Groups, but within each group, you can view only those device interfaces and switch ports that exist on that Local Server. ME Groups display in the Monitored Element Groups tab in Device Configuration. ME Group attributes include: • Network Administrators and Approvers can create, edit, rename, or delete ME Groups in the nGeniusONE Server. • You can further group ME Groups into SuperGroups. • System Administrators can restrict access to groups for certain users. • All users can view ME Groups and contents. ME Groups are supported for both physical and virtual interfaces but the following monitored elements cannot belong to a group: • Top-level device groups such as Ethernet, WAN, or Enterprise • Probes (at the device level) To configure a Monitored Element Group: You can select either physical/virtual interfaces, a switch or router to add all of the switch or router interfaces to the group at once, or a combination of these choices. Note: You cannot select a probe to add all of the probe interfaces in this manner. To create a Monitored Element Group or Super Group individually: 1. Open

Device Configuration and then the Monitored Element Groups tab.

2. Select Add monitored element group. Clicking this button activates the Name field in the Group Details pane. 3. Enter a group name. Note: Monitored Element Group names can have a maximum of 128 alphanumeric characters and/or spaces. With the exception of the forward slash (/), special characters are not allowed. The name must be unique for each group. Do not use "Enterprise" as a group name. 4. To create an ME Group, continue with the next step but to create a Super Group, click the Super Group check box. Tips: - This procedure describes how to create an individual Super Group. See below to import Super Groups in bulk. You can do so more conveniently by creating and importing a properly configured text file. - You cannot add Super Groups to another Super Group; but, you can expand an existing Super Group and add its members to another Super Group.

487

nGeniusONE 5.4.1 Online Help Topics - Monitored elements cannot be added to a Super Group, only Monitored Element Groups. 5. Click the check box of one or more monitored elements or groups from the list and click Apply to save the group. Note: Un-clicking the checked Show Members Only check box displays all configured monitored elements, groups, and Super Groups in the nGeniusONE server. After the group is created and displays in the list, the name remains in the Name field but is grayed out until you add another group or select a group to display. To import Super Groups in bulk: 1. Open a text editor and create an import file using the following format: ,megroup1 ,megroup2 ,megroup Notes: • Enter each Monitored Element Group on a separate line. • Group and Super Group names support alphanumeric characters and spaces. With the exception of the forward slash (/) special characters are not supported. • Entries are case sensitive. Example To import Super1 enter: Super1,ME1 Super1,ME2 Super1,ME3 To import Super2 enter: Super2,ME3 Super2,ME2 To import Super3, the following formats are invalid for ME1 and ME2 Super3,ME2,ME1 [list each ME group on a separate line] Super3,me1 [case sensitive] Super3,me2 [case sensitive] 2. Save the file in CSV format. 3. Click the

Device Configuration icon.

4. Select the Monitored Element Groups tab. 5. If you have not previously configured the appropriate Monitored Element Groups, do so now. 6. Click Import super groups and navigate to the location where you saved your import file. (Select All Files if you saved the file in other than *.csv format.) 488

CONFIGURING AND MANAGING nGeniusONE 7. Select the file, making sure it displays in the File name field and click Open. Using Alarm Templates Alarm Templates allow you to define logging and alarm settings for each interface on a data source. A default probe interface template is automatically applied to all interfaces when you add a probe to the nGeniusONE Server. The default template configures monitoring and logging of statistics for protocols, hosts, conversations, and response time.

489

nGeniusONE 5.4.1 Online Help Topics

Add/Modify Device More on Adding a Device Click the Add button to enter information or the Modify button to modify information. The Add Device or Modify Device sliding screen appears. Displayed fields vary depending on the type of device you are adding or modifying. All fields are required unless otherwise noted. When finished, click Apply and OK. Field

Description General tab

Name

The device name. • The name must be unique for each device. • Up to 128 alphanumeric characters are valid. • Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all. • Do not include commas or spaces in the name. Be advised that if you use non-approved characters or spaces, you may encounter problems generating alarms with user-defined protocols and using certain CLA commands. • The underscore _ and dash — are not considered special characters.

Alias

(Optional) An alternate name for the device. • Up to 128 alphanumeric characters are valid. • Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all. • The alias must be unique for each device.

Address

The device IP address or host name. If an IP Address, enter either an IPv4 or IPv6 address. For convenience inputting IPv6 addresses, we recommend using the "standard shortened" method although the long form is permitted. Refer to IP Addresses in nGenius Products for more information on permitted IPv6 Address forms. Any IPv4/IPv6 address entered is displayed as entered but expansion of IPv6 addresses to the full format is not performed. Note: Before configuring Sites with IPv6 addresses, be sure that the InfiniStream supports IPv6 monitoring. Important: If a device with an IPv6 address is added using the nGeniusONE (HTML) client, it will appear in the Performance Manager console with a pseudo IPv4 address which is mapped to the actual IPv6 address in the database. Important: Embedded IPv4 addresses are not supported. For example, the following address cannot be entered —

490

CONFIGURING AND MANAGING nGeniusONE

::10.45.75.219 Host name rules When inputting a host name, each segment separated by a dot must observe these rules. •

A to Z upper case characters are allowed

•

a to z lower case characters are allowed

•

0 to 9 numeric characters are allowed

•

(–) dash is allowed

•

A host name (segment/label) can start or end with a letter or a number

•

A host name (segment/label) must not start or end with a '–' (dash)

•

A host name (segment/label) must not consist of all numeric values

•

A host name (segment/label) can number no more than 63 characters

•

The entire host name cannot exceed 255 characters

Server

Distributed server environment only. If you are adding a device from a Global Manager system, select a Local Server to which the device is added.

Description

Viewable in the Modify screen only. Depending on the device type, the device model, model number, firmware release and build numbers are displayed automatically.

Device Status

Viewable in the Modify screen only. The current operational status of the device. Down , Inactive , Pending , or Active . Note: icons do not display in the Modify screen. An Active device is online and operating normally. The Pending state is an initial stage of a device that has not yet been added to the system. The device is unreachable until it is completely learned. Similar to an inactive device, a pending device's interfaces do not count against the license limit. The device is in a sleep-like mode where it is no longer performs logging or relearns. Interfaces on Inactive devices do not count against the license limit. A Down device is considered unreachable first by unsuccessful IMCP then SNMP pings. When both pings fail, the device is marked down.

Device Type

Viewable in the Add Device screen only. Select one of the following from the drop-down list: • Automatic — (Default) The server first attempts to

491

nGeniusONE 5.4.1 Online Help Topics

add the device as a probe, then (if this fails) as a router. If you select Automatic, switches are added as routers. Note: Selecting this device type disables any other choice of communication protocol. When the device is added, the actual protocol detected - either SNMP or HTTP - will display in the Details (modify) screen. It is preferable to select one of the following types when adding a device: • NetScout Flow Collector — 3100, 3200, and 3300 Flow Collectors • NetScout InfiniStream — Any InfiniStream device. • nGenius Packet Flow Switch — NetScout's 1500 or 3900 Series Packet Flow Switch • NetScout Probe — Any NetScout appliance • Router — Any third-party router • Switch — Any third-party switch • Router Network Analysis Module — Displays only if you enable the rnams.display=true property in serverprivate.properties. Notes

(Optional) Additional information you can enter about the device such as its vendor and physical location.

Communication Protocol

Choose a communication protocol from the drop-down list: Automatic, HTTP, HTTPS, SNMPv1, SNMP (SNMPv2c), or SNMPv3. Default: Automatic. If set to automatic, the only available communication protocol is automatic and the control will be disabled. When automatic is added, the protocol that is detected - SNMP or HTTP - will be set as the communication protocol in the Details screen. Protocol choices are dependent on the Device Type. Important: NetScout strongly recommends that HTTP/HTTPS be selected instead of an SNMP version. HTTPS communications between NetScout appliances is performed such that certificates are verified on both server and client sides of the traffic once you have added the SSLHelper.trustAllCertificates=false property to the serverprivate.properties file. Important: When adding a device behind a firewall, be aware that nGeniusONE Server uses particular ports for the SNMP, HTTP, and HTTPS communication protocols. Alternatively, you can use optional ports for these protocols. Refer to the Ports Used by nGeniusONE Server Hardware section in the nGeniusONE Administrator Guide for these mandatory and optional port numbers.

Read Community

The SNMP read community string. The initial default setting is public. Limit: 32 characters. Important: If you chose the SNMPv3 communication

492

CONFIGURING AND MANAGING nGeniusONE

protocol, this field changes, prompting for the User Name. Write Community

The SNMP write community string. This setting must match the write community string defined in the device (more). The initial default setting is private. Limit: 32 characters. Important: If you chose the SNMPv3 communication protocol, this field prompts for the Authentication Password.

Device Template

Viewable in the Modify screen only. The device alarm template applied to this device from the drop-down menu. Advanced tab

Retries

The number of times you want the nGenius Server to attempt to reach the device if there is no response. This value must be an integer between 1 and 1000. Default = 3. Note: When modifying the communication protocol, if HTTP or HTTPS is selected, be aware the default retry value applied is 1 which does not display in the Details screen if you initially added the device with a protocol other than HTTP/HTTPS. You can manually enter this recommended value in the field however.

Timeout

The interval (seconds) you want the nGenius Server to wait before retrying an SNMP request. The value must be an integer between 1 and 1000. Default: 1. Note: When modifying the communication protocol, if HTTP or HTTPS is selected, be aware the default timeout value applied is 5 which does not display in the Details screen if you initially added the device with a protocol other than HTTP/HTTPS. You can manually enter this recommended value in the field however.

Enable deviceunreachable alarm

If selected, an alarm displays in the Alarm Viewer if the device is unreachable; a subsequent alarm displays if the device comes back up. This option is selected by default.

Enable learn only mode

Selected by default for switches. Enable Learn Only if you want to detect switch configuration, but do not want to apply Global Settings, history, templates, or alarms. More about the Learn Only option. nGenius PFS only — Checked by default and disabled. Option cannot be edited.

DLC

Switches only — Select to enable mini-RMON. nGenius PFS only — Unchecked by default. RMON1 alarms are not displayed in PM with DLC mode selected

Do not add routers for NetFlow

Enable this option if you do not want routers to be discovered. When disabled (default), system relearn identifies routers discovered by virtual interfaces.

493

nGeniusONE 5.4.1 Online Help Topics

Netflow Collectors only— This option is available only when adding the device. Note: If you enable this option (so that routers are not discovered) previously added routers are not automatically removed. They must be removed manually. SNMPv3 Settings Important: The property files snmpversion.dat and snmpv3deviceconfig.txt as well as the snmp3config.bat executable are no longer supported. Settings you configured in earlier releases, especially those contained in the snmp3config.bat file, are not migrated but must now be added or modified using the nGeniusONE console only because the snmp3config.bat file contains encrypted data which cannot be migrated. SNMPv3 devices must now be upgraded manually using this GUI. Authentication Protocol

Choose one of the following from the drop-down menu: MD5 or SHA

Privacy Settings

Click the check box to enable. Not supported for InfiniStream, Probe, or FlowCollector.

Privacy Protocol

Choose one of the following from the drop-down menu: AES, DES, or 3DES. Note: the PFS supports only AES and DES.

Password

494

If you have chosen a Privacy protocol, enter a Privacy password of no more than 128 bytes.

CONFIGURING AND MANAGING nGeniusONE

Modifying Device Information in nGeniusONE The Devices screen displays information about each device and configured interfaces added to the nGeniusONE Server. Information displaying in the Status, System Description, and Switch Family (switches only) fields are retrieved from the device and cannot be modified. All other fields are defined by the Network Administrator when the device is added to the nGeniusONE Server and can be modified when required. If you modify settings in device information, click Relearn to update the device immediately with the new information or wait until the nGeniusONE Server synchronizes with the devices. To modify device information: 1. From the nGeniusONE console, click the

Device Configuration icon.

2. Select the Devices tab. 3. Double-click the device you want to modify. Alternately, you can click

Modify.

4. Click the General and Advanced tabs to modify particular settings as required. • More on Switch fields Note: • To discard changes you make, click the Cancel button before continuing. • Switches only — In the Details window, at Log/Monitor, you can choose to configure the switch for monitoring and/or logging MIB2 (default) or DLC. More on changing between MIB2 and DLC. 5. Click OK and Apply to save your changes. 6. (Optional) Click Relearn from the Devices window to immediately apply the changes to the device, or wait until the nGeniusONE Server synchronizes devices.

495

nGeniusONE 5.4.1 Online Help Topics

Modifying Device Settings — Config Server and Read/Write Communities You can modify the read and write communities or the configuration server addresses of one or more devices you have added to the nGeniusONE server. To modify device settings: 1. From the nGeniusONE console, click the

Device Configuration icon.

2. Select the Devices tab. 3. Choose a device. Select multiple devices only if you want to apply the same modification to all devices in the group. 4. Click

Device Settings.

5. In the Read Community, Write Community, and Config Server IP Address fields, enter new values as required. IPv4 and IPv6 addresses are supported for the Config Server IP Address although you must configure an IPv6 management port to enter an address for the IPv6 Config Server. The name of one or more devices being modified is displayed in the dialog box. Note: Certain special characters are not allowed in nGeniusONE as follows: ' < > & " Important: Enter only settings for Read Community, Write Community, and Config Server IP Address you want to modify. Leave blank those fields you do not want to change. 6. When finished, click OK. When your changes to the device and database are successfully completed, the Progress Report status displays "Success".

Task

Note: NetScout Device Settings are automatically updated by this process. For nonNetScout devices, such as switches and routers, only the database is modified. On any non-NetScout device you must make the same changes to the read and, if applicable, write community on the actual device. Note: If the probe that you are trying to apply Device Settings to does not have a write community string that matches on the device and the database, then the Device Settings will not be applied to the device.

496

CONFIGURING AND MANAGING nGeniusONE

Device Details The Modify Device dialog box in Device Configuration > Devices allows you to view and, except as noted below, modify information about a specific probe, InfiniStream, router, or switch. It is accessed by double-clicking a device in the Devices tab. Note that, depending on the device type, not all parameters display. Field

Description

General information Name

The probe name. This field accepts spaces and alphanumeric characters. • Up to 128 alphanumeric characters are valid. • The device name must be unique. • Do not include commas or spaces in the name. Be advised that if you use non-approved characters or spaces, you may encounter problems generating alarms with user-defined protocols and using certain CLA commands. • The underscore _ and dash — are not considered special characters. • Rules governing the use of special char acters vary by function. In most cases, the user interface validates characters as you enter them, allowing some, all, or none.

Alias

(Optional) A user-defined alternate name for the probe.

Address

The IP address or host name of the probe, InfiniStream, router, or switch.

Notes

(Optional) Additional user-supplied information such as the device's location.

Device Template

The template applied to this device chosen from a pulldown menu. Default: Default Device Template

Communication Protocol

The communication protocol type used to exchange information between network devices. Choices: Automatic (default), HTTP, HTTPS, SNMPv1, SNMP (SNMPv2c), or SNMPv3. If set to automatic, the only available communication protocol is automatic and the control will be

• • • •

Up to 128 alphanumeric characters are valid. The alias must be unique for each device. Spaces and alphanumeric characters are valid. Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some, all, or none.

497

nGeniusONE 5.4.1 Online Help Topics

disabled. When automatic is added, the protocol that is detected - SNMP or HTTP - will be set as the communication protocol in the Details screen. Protocol choices are dependent on the Device Type. Note: HTTP is automatically detected only on 5.0.x and later InfiniStream devices. HTTPS and SNMPv3 are not automatically detected - you must manually choose these protocols. Important: NetScout strongly recommends that HTTP/HTTPS be selected instead of an SNMP version. HTTPS communications between NetScout appliances is performed such that certificates are verified on both server and client sides of the traffic once you have added the SSLHelper.trustAllCertificates=false property to the serverprivate.properties file. Important: When adding a device behind a firewall, be aware that nGeniusONE Server uses particular ports for the SNMP, HTTP, and HTTPS communication protocols. Alternatively, you can use optional ports for these protocols. Refer to the Ports Used by nGeniusONE Server Hardware section in the nGeniusONE Administrator Guide for these mandatory and optional port numbers. Read Community

The read community string. The initial default setting is public. Important: If you selected SNMPv3 as the communication protocol, this field changes, prompting for the authentication User Name.

Write Community

The write community string. This setting must match the write community string defined in the probe (more). The initial default setting is private. Important: If you selected SNMPv3 as the communication protocol, this field changes, prompting for the authentication Password.

Device Status

Displays the current status of the device. Device status can be active, inactive, or pending. This field cannot be modified.

Description

Displays system information about the device such as vendor, model, and firmware version of the device. This field cannot be modified.

Advanced Retries

The number of times you want the nGeniusONE Server to attempt to reach the probe if there is no response. This value must be an integer between 1 and 1000. Default value: 3 Note: When modifying the communication protocol, if HTTP or HTTPS is selected, be aware the default retry value

498

CONFIGURING AND MANAGING nGeniusONE

applied is 1 which does not display in the Details screen if you initially added the device with a protocol other than HTTP/HTTPS. You can manually enter this recommended value in the field however. Timeout

The interval (in seconds) you want the nGeniusONE Server to wait before retrying an SNMP request. The value must be an integer between 1 and 1000. Default value: 1 Note: When modifying the communication protocol, if HTTP or HTTPS is selected, be aware the default timeout value applied is 5 which does not display in the Details screen if you initially added the device with a protocol other than HTTP/HTTPS. You can manually enter this recommended value in the field however.

Enable deviceunreachable alarm

If enabled, an alarm displays in the Alarm Viewer if the device is unreachable; a subsequent alarm displays if the device comes back up.

Enable learn only mode (switch only)

Select this check box if this switch is used for spanning purposes only and you do not want to apply Application settings, history, templates, or alarms to the switch. More about the Enable Learn Only option. This field can be modified. This option is selected by default. nGenius PFS only — Checked by default and disabled. Option cannot be edited.

DLC (switch only)

Data Link Control check box. A switch setting for monitoring and logging MIB2 data. This field can be modified. Switches only — Select to enable mini-RMON. nGenius PFS only — Unchecked by default and disabled. Option cannot be edited. RMON1 alarms are not displayed in PM with DLC mode selected

Do not add routers for NetFlow

Enable this option if you do not want routers to be discovered. When disabled (default), system relearn identifies routers discovered by virtual interfaces. Netflow Collectors only — This option is available only when adding the device. Note: If you enable this option (so that routers are not discovered) previously added routers are not automatically removed. They must be removed manually.

SNMP V3 Settings (available only when the SNMPv3 communication protocol is chosen)

Authentication Protocol drop-down menu: MD5 or SHA Privacy Settings: Click this check box to choose a privacy protocol from the drop-down menu and enter a privacy password. Privacy Protocol drop-down menu: AES, DES, or 3DES Password: A privacy password is required if the privacy protocol is provided.

499

nGeniusONE 5.4.1 Online Help Topics

500

CONFIGURING AND MANAGING nGeniusONE

Device Details — Switches Note: The VLANs and FECs tabs are either disabled or do not appear if VLAN or FEC interfaces are not discovered on the switch. Also some of the following parameters may not appear in the screen display depending on the switch type. Field

Description

General settings Name

The switch name. This field can be modified and accepts spaces and alphanumeric characters.

Alias

(Optional) A user-defined alternate name for the switch • Spaces and alphanumeric characters are valid. • With the exception of the forward slash (/), special characters are not allowed in alias names. • The alias must be unique for each device.

Address

The switch IP address. This field can be modified.

Notes

Additional information about a switch such as the physical location. This field can be modified.

Device Template

The alarms template applied to this device. Templates can be added from the UMC only.

Communication Protocol

The communication protocol type used to exchange information between network devices. Choices: Automatic (default), HTTP, HTTPS, SNMPv1, SNMP (SNMPv2c), or SNMPv3.

Read Community

The read community string. The initial default setting is public. This field can be modified.

Write Community

The write community string. This setting must match the write community string defined in the switch (more). The initial default setting is public. This field can be modified.

Device Status

Identifies the current status of the switch. The switch status can be Active, Pending, Inactive, or Absent. This field cannot be modified.

Description

Displays system information such as vendor name, model, and software version.

Advanced settings Enable device unreachable alarm

If enabled, an alarm displays in the Alarm Viewer if the device is unreachable; a subsequent alarm displays if the device comes back up.

Retries

The number of times you want the nGenius Server to attempt to reach the switch if there is no response. This value must be an integer between 1 and 1000. This field can be modified.

501

nGeniusONE 5.4.1 Online Help Topics

Timeouts

The amount of time (in seconds) you want the nGenius Server to wait before retrying an SNMP request. The value must be an integer between 1 and 1000. This field can be modified.

Enable device unreachable alarm

If enabled, an alarm displays in the Alarm Viewer if the device is unreachable; a subsequent alarm displays if the device comes back up.

Enable learn only mode

Select this check box if this switch is used for spanning purposes only and you do not want to apply Global Settings, history, templates, or alarms to the switch. More about the Enable Learn Only option. This field can be modified.

DLC SNMP v3 Settings

502

Select this option to log and monitor Data Link Control (DLC) data for this switch. More on the DLC option. This setting is not supported.

CONFIGURING AND MANAGING nGeniusONE

Device and Interface Alias Overview You can optionally give a device or an interface an alternate name known as an alias. You might want to use aliases when, for example, the Network Administrator has a preferred method for naming devices that is useful in the Administrator role, but which is inconvenient for other users who are accessing views or reports. You can create aliases for devices and for physical and virtual interfaces: • Device — You can create an alias when you add a device to the nGeniusONE Server, or you can add or modify a device alias. • Physical interface — Add or modify aliases for physical interfaces at the Interfaces tab of the device details window. • Virtual interface — Add or modify alias names for virtual interfaces by clicking Virtuals in the device details window. After you define aliases for devices and/or interfaces, you can also choose to have device/interface aliases display for a specific NewsPaper report. Note: If you select aliases to display and no alias is defined for a device or interface, the device or interface name displays.

503

nGeniusONE 5.4.1 Online Help Topics

Viewing Associated Applications Devices Tab Application policy is rendered as an easy-to-read, tabular display when you click the Associated Applications icon. This screen displays the protocols and their correlated settings you applied either to all InfiniStream appliances from the nGeniusONE server or to this InfiniStream device from Device Protocol Settings you configured in Performance Manager (UMC). The Protocol Settings Type is displayed in parentheses at the top of the screen as either Global or Local. Information displayed includes settings for application Name and Parent, Response Time, responsiveness intervals, ASR, and Slice Size. The template type is displayed in parentheses at the top of the screen. To view the Associated Applications screen: 1. Login to the nGeniusONE console, and click

Device Configuration.

2. Select a device from the list displayed in the Devices screen. 3. Click

Associated Applications. The Associated Applications sliding screen

displays. When finished viewing, click

Back to withdraw the screen.

Refer to the following table for supported functionality. Icon/Column /

/

Description Show/Hide the filter to order the display. You can filter entries in any column. Reset the filter to the default. Refresh the display.

Device Protocol Settings

This column in the Devices tab describes the template you created in the Device Protocol Settings module (UMC). If you did not create a template, the Global template including all active protocols, but not messages, displayed.

Associated Application pane Name

Application Name which can include child applications. For example: BGP

Parent

Parent of the listed application. For example, IP is the parent application of the child application MIPV6.

504

CONFIGURING AND MANAGING nGeniusONE

Response Time

Checkbox indicating whether or not you assigned time values to the specified application.

Fast/Expected/Degraded/Service/Available

Intervals you assigned to the specified application including Fast, Expected, Degraded, Service, and Available settings, in microseconds.

ASR

Checkbox indicating whether or not you enabled ASR.

Recording

The slice size value you assigned to the application. Options: Default, Full, None, or a custom value in bytes.

505

nGeniusONE 5.4.1 Online Help Topics

Adding a UC Lync Collector UC Introduction Accessing UC Services NetScout's UC (Unified Communications) Lync Collector gathers and converts voice/video data processed by Microsoft Lync reports and Cisco CDRs (Call Detail Records) to extract data for ASI analysis of UC-KPI metrics. It is added as an InfiniStream appliance in Device Configuration similar to any other NetScout device. The records collected are utilized by certain UC Server views with the exception of conversation data. The UC Lync Collector is capable of supporting up to 10,000 calls per minute. Note that the UC Lync Collector is not related to nGenius Voice | Video Manager Data Collectors or nGenius 3300 Collectors and that the nGenius Voice | Video Manager Data Collectors and nGenius Voice | Video Engines do not inter-operate with the UC Server. Important: When upgrading the UC Lync Collector, be aware that remote upgrades are not supported. You must manually upgrade this type of NetScout device. Refer to the nGenius UC Lync Collector Administrator Guide for instructions. Configuration To add a UC Lync Collector to the nGeniusONE Server: 1. Click

Device Configuration.

2. Select the Devices tab. 3. Click

Add.

4. In the Add Device dialog box, enter information in the required fields. Important: The UC Lync Collector must be set to device type nGenius InfiniStream. Use of Flow Collector or any other setting for this device type is not supported. 5. (Optional) Click Advanced to enter values for Retries, Timeouts, and SNMPv3 Settings as well as Enable Device Unreachable Alarm, Enable learn only mode, and DLC check boxes if applicable. 6. Click Apply. 7. Click OK to save your configuration.

506

CONFIGURING AND MANAGING nGeniusONE

Deactivating or Activating a Device If you want to temporarily stop the nGeniusONE server from polling a device, you can deactivate it. You can subsequently activate the device when appropriate. More about deactivating and activating devices. What happens when you deactivate or activate a device To deactivate or reactive a device: 1. From the nGeniusONE Console, click

Device Configuration.

2. Select Devices tab. 3. Do one of the following: • Deactivate — Select an active device, and click Deactivate. Click OK to confirm that you want to deactivate the selected device. • Activate — Select an inactive device and click Activate. Click OK to confirm that you want to activate the selected device. 4. Click Apply.

507

nGeniusONE 5.4.1 Online Help Topics

PFS Integration with the nGeniusONE Server Enable PFS Ports to Display as Physical Interfaces NetScout's nGenius Packet Flow Switch (PFS) is a high performance, ultra low-latency network monitoring switch that aggregates, replicates, filters, and distributes network traffic for data, voice, video monitoring, and CyberSecurity deployments. nGeniusONE supports integration with the PFS as follows: • Logs MIB-2 statistics polled from PFS ports connected to the InfiniStream • Provides secure communications with the PFS through SNMPv3. Support includes these Authentication and Privacy protocols and associated AuthPriv or authNoPriv modes. Refer to Add/Modify Device for directions to configure SNMPv3. authNoPriv • MD5 • SHA-1 AuthPriv • MD5 auth with DES privacy • MD5 auth with AES-128 privacy • MD5 auth with 3DES privacy • SHA-1 auth with DES privacy • SHA-1 auth with AES-128 privacy • SHA-1 auth with 3DES privacy • SHA-2 authentication are included • AES-192 and AES-256 encryption (PFS 3900 Series) PFS Ports Displayed as Physical Interfaces With the introduction of PFS Mode, ingress ports (and their sources) on the PFS can be monitored and mapped to InfiniStream-monitored ports connected to an egress port on the PFS, and viewed on the nGeniusONE server. The number of supported combinations varies based on whether the configuration is enabled for: • full duplex — ifn12-31 are used to support up to 20 ingress ports and up to 450 virtuals, or • half duplex — ifn12-51 are used to support up to 40 ingress ports and up to 900 virtuals. PFS Mode is supported as follows. Traffic streams from several PFS ingress ports combine into one PFS egress port which is then directed to an InfiniStream appliance. The PFS can be configured to insert the PFS ID of each ingress port into packets for classification by the InfiniStream which uses this PFS tagging to create a logical interface identifying ingress ports in nGenius applications. To support cases in which you prefer to identify the port as a physical interface (such as when Host Analysis is needed, which only operates on physical interfaces; or when the environment includes monitoring virtual networks and stacking a VLAN ID on top of those

508

CONFIGURING AND MANAGING nGeniusONE IDs is not desirable), the InfiniStream appliance can be configured to map the inserted IDs to logical interfaces. This mapping allows PFS ports to be represented the same way as physical interfaces in nGeniusONE applications along with standard support for virtual networks being monitored on those links. After the mapping is performed, the PFS interface functions in the user interface and Device Configuration as a physical interface would. Also, data can then be tracked in Traffic Monitor and examined in Packet Analysis. This implementation allows detected traffic to be displayed in nGeniusONE as a logical PFS interface indicating the origin of the traffic. To aid identification of these data sources, you can create meaningful names to label this traffic by creating a configuration file in the opt/NetScout/rtm/config folder on the Server. Refer to Enable PFS Traffic to Appear as Physical Interfaces for details. For example, having created logical interfaces for PFS physical interface 3, the separate traffic streams are displayed in nGeniusONE Modify Device interface pane (shown below) as follows.

Important: Regarding licensing requirements, PFS physical interfaces do not count against the 50 physical interface limit of the nGeniusONE server. Important: To access the PFS GUI, you must first have added the PFS in the Devices tab > Add Device screen. Be aware that Learn Only Mode and DLC functions are not supported for the PFS. Refer to Add/Modify Device for more information. For more information, refer to nGenius Packet Flow Switch documentation.

509

nGeniusONE 5.4.1 Online Help Topics

Information Specific to Adding Switches in nGeniusONE The following information which is specific to adding switches, includes the following topics: • Preventing automatic switch configuration by enabling the Learn Only mode • How the nGeniusONE Server handles Ether Stat entries and trap destinations • Setting switches to log and monitor DLC (Data Link Control) or MIB2 Preventing Automatic Device Configuration By default, when you add a device to the nGeniusONE Server, the server automatically configures the device by applying Global Settings. For switches, however, you can prevent automatic configuration by using the Enable Learn Only option. Selecting Enable Learn Only prevents the server from applying Global Settings, templates, history, and alarms to the switch. You can select the Enable Learn Only option when you add the switch to the nGeniusONE Server or at a later time. If you enable the Learn Only option after the switch has been added to the nGeniusONE Server, the initial Global Settings, templates, alarms, and history settings are not removed. However, no further updates to the Global Settings, templates, alarms, or history are written to the switch. Ether Stat Entries and Trap Destinations When you add switches, the nGeniusONE Server handles Ether Stat entries and trap destinations as follows: • Learns the Ether Stat entries on the switch, if any exist • Creates Ether Stat entries if none exist • Creates trap destination entries. An error message is generated if the switch does not allow trap destinations to be installed. • Cisco Catalyst switches running CatOS firmware — If RMON is disabled on the switch, RMON entries (Ether Stats, Ether History, Alarms and Events, and trap destinations) are not created. The following table shows how the nGeniusONE Server adds or deletes trap destinations on a switch, depending on the trap destination setting (global_settings.switch_config_trap_dest) defined in the serverprivate.properties file and whether or not Learn Only Mode is enabled. Note: If you want to modify the global_settings.switch_config_trap_dest property, you must add it to the serverprivate.properties file. You do not need to restart the server. serverprivate.properties Learn Only Mode setting Disabled (default)

Learn Only Mode Enabled

global_settings.switch_ config_trap_dest=true

The nGeniusONE Server does not delete current entries in the switch trap destination table, and adds only the local server as a new trap destination.

510

The nGeniusONE Server deletes all entries in the switch trap destination table, and adds the entries that are defined in Global Settings.

CONFIGURING AND MANAGING nGeniusONE

global_settings.switch_ config_trap_dest=false (default)

The nGeniusONE Server deletes only the entries in the switch trap destination that are owned by nGenius, and adds the entries that are defined in Global Settings.

The nGeniusONE Server does not delete current entries in the switch trap destination table, and does not add new entries.

Setting Switches to Monitor/Log MIB2 or DLC By default, when you add a switch, it is set to monitor and log MIB2 data. You can optionally modify the device settings so that the switch monitors and logs DLC (Data Link Control) data. Changing logging/monitoring from DLC to MIB2 or MIB2 to DLC has the following results: Toggling from MIB2 to DLC The nGeniusONE Server: • Learns the Ether Stat entries on the switch, if any exist • Creates Ether Stat entries if none exist • Creates Alarms Toggling from DLC to MIB2 If created by the nGeniusONE Server, the following entries are deleted: • Ether Stat • Ether History • Alarm events

511

nGeniusONE 5.4.1 Online Help Topics

Viewing Ports Discovered on a Switch To view details about switch physical and virtual interfaces: 1. From the nGeniusONE Console, launch

Device Configuration.

2. Click the Devices tab. 3. Double-click the device to view all ports that the nGeniusONE Server discovered on the switch when the switch was added to the server or during

Relearn.

You can perform the following tasks: • Modify the port name — If the nGeniusONE Server learned the name of the interface from the device, it cannot be renamed. When the interface name is configurable, alphanumeric characters are valid. • Add or modify physical interface aliases • Deactivate or reactivate a port • View the port type and description • Designate a port as an analyzer port and specify an external probe

512

CONFIGURING AND MANAGING nGeniusONE

Setting Speed Override for Router Interfaces By default, the nGeniusONE software automatically learns device interface speeds when devices are added to the nGeniusONE Server. You can optionally override the learned speed for router interfaces. Also, you can enter or edit interface names or aliases. Note: Because override speeds are used in calculating utilization, it is important that you enter an accurate speed if you enable the override. To override the learned speed for the router and optionally edit the interface Name and Alias, or enter an alias: 1. From the nGeniusONE Console, launch

Device Configuration.

2. Select the Devices tab. 3. Double-click the router containing the interfaces you want to modify. 4. Select one or more router interfaces. Click and drag the cursor, or use Shift-click or Ctrl-click to select multiple interfaces. 5. Click

Modify or double-click the selected router interface.

Note: Inline editing is not supported. 8. Click the

Speed check box and enter the new speed.

9. Click OK. The new speed displays for the interfaces you selected. Note: To revert to the learned speed, deselect the interface and click OK.

Speed check box for the

10. Optionally, add or edit the interface add Alias. 11. Click OK and OK again to save your changes.

513

nGeniusONE 5.4.1 Online Help Topics

Changing Router Duplex State in nGeniusONE Accurate utilization views require correct NetFlow duplex settings. The nGeniusONE Server assumes router interfaces to be full duplex. If any flow source interfaces on the router are half-duplex, you must manually change the router duplex state. To change the router duplex state: 1. From the nGeniusONE Console, click

Device Configuration.

2. Select the Devices tab. 3. Double-click the router. 4. Select the interface. The Fdx checkbox displays the duplex setting for each router interface. (A check indicates full duplex mode.) 5. Click the Fdx check box required.

to toggle the interface between full and half duplex, as

Note: If you cannot toggle the Fdx check box, nGeniusONE Server was able to learn the correct duplex state from the router. You do not need to modify the setting. 6. Click Apply to save the new setting. Configuring Flow Interfaces on Routers, Probes, and Collectors

514

CONFIGURING AND MANAGING nGeniusONE

Setting Speed Override for Switch Port Interfaces By default, when devices are added, the nGeniusONE Server automatically learns device interface speeds and speeds from switch port interfaces. Note: Because override speeds are used in calculating utilization, it is important that you enter an accurate speed if you enable the override. To override the learned speed for switch port interfaces: 1. From the nGeniusONE Console, launch

Device Configuration.

2. Select the Devices tab. The Ports tab is selected by default. 3. Double-click the switch containing the interface you want to modify. 4. Select an interface. Click and drag the cursor, or use Shift-click or Ctrl-click to select multiple interfaces. 5. Double-click the selected interface, Click the speed.

Speed check box, and enter the new

6. Click OK. In the Modify Device dialog, the new speed displays for the interfaces you selected and a check mark in the Speed Override column indicates that you have overridden the speed learned when the device was added. Note: To revert to the learned speed, deselect the the interface and click OK.

Speed Override check box for

10. Click OK and Apply to save your configuration.

515

nGeniusONE 5.4.1 Online Help Topics

Adding Extreme Switches The following Extreme switches are supported: • Summit48Si version 6.2.2 (build 56) or higher • Alpine3804 version 6.2.2 (build 124) • Alpine3808 version 6.2.2 (build 124) • BlackDiamond6808 version 6.2.2 (build 124) You can configure nGeniusONE probes to receive packets from specific UDP ports on the Extreme switch. The probe CDM Adaptor interfaces that monitor this traffic are located on Interfaces 13 through 16. The probe allows one UDP port per interface and one interface per UDP port for a maximum of four NetFlow sources per probe. Adding Extreme Switches You can add an Extreme switch in either of the following ways: • Add the switch as a device. If you select Automatic as the device type, the nGeniusONE Server reads the switch sysOID and chooses the proper device plugin to support the switch. When you add the Extreme switch using the nGeniusONE Server Add Device function, it can be monitored as a Basic Level CDM Adaptor. • Add a probe currently receiving NetFlow data from the switch. When you add the probe, the switch is also added and displays in nGeniusONE Server. When you add an Extreme switch to the nGeniusONE Server, all of its ports and 802.1Q VLANs are learned. Extreme supports aggregated interfaces called Shares. These interfaces are similar to FECs/GECs on Cisco switches. Shares do not display because Extreme does not create interfaces for them in the Interface table.

516

CONFIGURING AND MANAGING nGeniusONE

Viewing/Modifying Interfaces Device Details - Interfaces Screen The Interfaces or Ports section of the Modify Devices screen, as shown below, provides for configuration and display of physical interface information for InfiniStreams, probes, routers, and switches as well as drill-down access to associated virtual interfaces. Be aware that depending on the interface type chosen, some data and functions are not available.

From this screen you can: •

Modify interface properties.

•

Delete an interface.

•

Activate or

Deactivate an interface.

•

Clear Captures to empty buffers of packets collected by previous captures. This function is not available for switches or routers.

•

Monitoring options to configure virtual interface parameters: IPSLA, NetFlow Aggregate, IP Ping, Associate Sites, Associate APN, or Associate VRF Groups and others. This function is not available for switches or routers.

•

Virtuals to view and configure virtual interfaces, as shown below. This function is not available for switches or routers. Also, the Virtuals icon is disabled if the selected physical interface does not have configured virtual interfaces.

Important: Inline editing is not supported. Modify Interface Name, Alias, or Speed To modify a physical interface Name, Alias, or Speed, refer to: • Modifying Device Information • Modifying Physical Interfaces • Modifying FEC Interfaces • Modifying virtual interfaces: APN, BSID, LA-RA, NetFlow, QoS, sFlow, Site, TAC, VLAN, VRF Group, and VRF Site. Important: Depending on the interface type, changing a name or interface speed may not be permitted. Column

Description

Name

The name of the interface. This field is configurable:

517

nGeniusONE 5.4.1 Online Help Topics

• Spaces and alphanumeric characters are valid up to a limit of 128 characters. • Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some, all, or none. • The name must be unique for each interface. Note: Interface names are based on if Descriptors or if Names (if entered on the device). If the nGenius Server learned the name of the interface from the device, you cannot modify the interface name. Alias

(Optional) A user-defined alternate name for the interface. This field is configurable: • Spaces and alphanumeric characters are valid. • Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some, all, or none. • The alias must be unique for each interface.

IP Address (Routers Only)

The IP address of the interface. If an interface has multiple IP addresses, only one address displays. This field does not display for probes or switches.

Number (Probes and Routers Only)

The interface number. This field does not display for switches.

Slot/Port (Switches Only)

The slot and port numbers on the device.

IF Type

The type of network the device is connected to such as Ethernet (ET), Frame Relay (FR), ATM, Token Ring (TR), WAN, GigabitEthernet, or ASI PORTAL (for select voice-supporting InfiniStream models). If the nGenius Server does not recognize the interface type, then the topology is defined as Other.

Speed Override (Routers and Switches Only)

Check box indicating whether or not the original interface speed was overridden.

Speed (Mbps)

The interface speed. By default, the speed is learned when a device is added. In many instances, this value can be overwritten.

Fdx (Routers and Switches Only)

Select this check box if the device supports full duplex. With Fdx (Full duplex) selected, the interface speed is doubled for utilization calculations. This field does not display for probes.

518

CONFIGURING AND MANAGING nGeniusONE

Status

The status of an interface— Active, Inactive, Absent, or Pending. You can deactivate an active interface by selecting the interface and clicking Deactivate, or activate an inactive interface by selecting the interface and clicking

Activate.

Alarm Template

Lists the alarm template (or Default) for each interface.

Locations/Virtualization

Indicates the type of Location Key (virtual interface) discovered by the InfiniStream appliance such as Site, VLAN, VRF, QoS, Cell Site, Cell Area, Cell ID, HandsetGroup, CMTS, APN, CMTS, TAC, BSID, LA-RA, and PLMN. Multiple and hybrid Location Key types are displayed in this column per physical interface as well as in the Virtuals screen. A list stretching longer than the field can be viewed in its entirety by hovering your cursor over the entry. They are also displayed in the Location Keys pane of the Service Configuration monitor where users can choose to display locations discovered by the InfiniStream (already carrying traffic) or those configured in Global Settings but not yet in operation. Caveats • A delay of between 6 and 10 minutes will occur for Location Keys to display after they are discovered. • Only when asi_mode is set to ASI will the InfiniStream display all supported location keys it discovers from the ASI tables. CDM mode will display virtual interfaces only. • When a virtual interface is changed in ASI mode (from VLAN to Site, for example), the relearn process will take 15 minutes to process the old virtual interface and return the new virtual interface type. • Note: With hybrid mode selected, this column is titled Virtualization. When ASI mode is selected, the column is titled Locations.

519

nGeniusONE 5.4.1 Online Help Topics

Viewing Interface Details for nGeniusONE Data Sources The Modify Device screen in the Devices tab of Device Configuration provides information about interfaces associated with the selected device. This window also provides options to configure functions and display settings of selected interfaces. 1. From the nGeniusONE Console, launch

Device Configuration.

2. Click the Devices tab. 3. Double-click a device to view physical interfaces discovered on the nGeniusONE data source. Note: Interfaces in Manage Only mode do not display in the Modify Device window. For more information about Manage Mode, refer to the appropriate probe agent administrator guide. 4. Select an interface containing virtual interfaces and click Virtuals. (The Virtuals button is enabled only when virtual interfaces exist for the selected physical interface.) In the Modify Devices window, you can perform the following tasks for supported devices: • Modify the interface name or alias (You cannot modify the interface name for NetFlow or sFlow interfaces.) • Add or modify physical interface aliases • View virtual interfaces • Deactivate or reactivate an interface • Clear data captures on selected interfaces • Delete an absent interface • Configure Site Monitoring definitions • Configure an SAA Device for IPSLA • Define IP Ping intervals • Create NetFlow Aggregate groups • View a list of Alarm Policies associated with a selected interface, and, if necessary, apply a different policy. 5. When finished, click OK, then Apply.

520

CONFIGURING AND MANAGING nGeniusONE

Modifying Physical Interfaces You can change the Name, Alias, Speed, Alarm Policy, or Link Type of physical interfaces listed in the Devices tab. Important: Support to change a physical interface name, alias, or speed depends on the type of associated probe, router, or switch. Not all settings are available for each device. To modify physical interface settings: 1. From the nGeniusONE Console, open

Device Configuration.

2. Select the Devices tab. 3. Double-click a device from the list and select an interface. 4. Click

Modify.

5. Enter a new Name or Alias. Special characters are not supported except for the following: ( ) _ - { } [ ] : ; , . , 6. Click the

Speed check box and enter a new Speed.

7. Select an Alarm Template from the drop-down menu. 8. Select a Link Type from the drop-down menu. 9. Click OK and OK again to save your configuration. Check the Report to ensure the new values were accepted successfully.

Task Progress

521

nGeniusONE 5.4.1 Online Help Topics

Modifying a Physical Interface Alias To modify a physical interface alias: 1. From the nGeniusONE Console, launch

Device Configuration.

2. Select the Devices tab. 3. Select a device and click the General tab. 4. Double-click a physical interface and in the Interfaces panel, enter a new alias or edit the old alias. Note: • Spaces and alphanumeric characters are valid. • With the exception of the forward slash (/), special characters are not allowed. • You must use an alias that is unique among all monitored physical interfaces. 5. Click OK and OK again to save your configuration.

522

CONFIGURING AND MANAGING nGeniusONE

Viewing Location Keys in Device Configuration Location Keys, also referred to as virtual interfaces, can be viewed in Global Settings > Locations screens by drilling down from their associated devices and physical interfaces. When discovered by the InfiniStream appliance, they are displayed in the Location Keys pane of the Service Configuration monitor where users can choose to list locations already carrying traffic or only those configured in Global Settings but are not yet in operation. Multiple and hybrid Location Key types are displayed in the Locations column per physical interface, as shown immediately below, and particular Location Keys are shown in the Virtuals screen, shown further down. A list stretching longer than the field can be viewed in its entirety by hovering your cursor over the entry.

To display discovered Location Keys in a monitor, click here. Caveats • A delay of between 6 and 10 minutes will occur for Location Keys to display after they are discovered. • When a virtual interface is changed in ASI mode (from VLAN to Site, for example), the relearn process will take 15 minutes to process the old virtual interface and return the new virtual interface type. • Only when asi_mode is set to ASI will the InfiniStream display all supported location keys it discovers from the ASI tables. InfiniStreams set to CDM mode will display virtual interfaces only. • In hybrid mode, the Locations column is titled Virtualization. Configuration To view the Location Keys (virtual interfaces) associated with a specific physical interface: 1. Click

Device Configuration.

2. Click the Devices tab and double-click a device. 3. Select the physical interface configured for virtual interfaces, and click Virtuals , as shown below. The virtual interface Name, Alias, ID, Speed Override setting (when applicable), and Speed (in Mbps) display. The Virtuals button is disabled if no virtual interfaces exist for the selected interface.

523

nGeniusONE 5.4.1 Online Help Topics

Note: To sort a column, click the arrow head in the column heading. You can also use the

filter to find a particular Location Key.

Click on the links below for more information about these Location Key types: • QOS (including QoSGroup) • RAT • Server/Client Communities • VLAN (including vlanservice) • Site (including Server Site and Client Site) • VRF (including VRFGroup, VRFAssign and VRFAdmin) • Cell (including cellsite, CellID, CellGroup, CellArea) • APN • Handset • PLMN • CMTS • BSID • TAC • RAI Viewing Virtual Interfaces on the Aggregate Interface If you configured the aggregate interface (interface 12) on the data source, the data source is automatically put in load balanced mode and virtual interfaces display only on the aggregate interface. No virtual interfaces display on the aggregated physical interfaces. For details on configuring the aggregate interface, refer to the appropriate agent administrator guide for your specific data source. 524

CONFIGURING AND MANAGING nGeniusONE

Modifying a Virtual Interface Alias To add or modify a virtual interface alias: 1. From the nGeniusONE Console, launch

Device Configuration.

2. Select the Devices tab. 3. Double-click a device. 4. Select a physical interface and click the

Virtuals icon.

5. Select a virtual interface whose alias you want to edit and click

Modify.

6. Enter a new or edit the old alias, click OK and OK again to save your configuration. Note: • In the Alias field, spaces and alphanumeric characters are valid. • With the exception of the forward slash (/), special characters are not allowed in alias names. • You must use an alias that is unique among all monitored virtual interface aliases.

525

nGeniusONE 5.4.1 Online Help Topics

Enabling Extended Virtual Interface Support on the nGeniusONE Server By default, the number of virtual interfaces you can detect is limited to 1000. If you have already configured your InfiniStream appliances for this feature, use the steps below to enable Extended Virtual Interface Support on the nGeniusONE Server. This is not required for collectors configured with extended virtual interfaces: 1. Access the nGeniusONE Server using SSH or a terminal emulation program. 2. Navigate to the /rtm/html directory. 3. Make a backup copy of client.properties before making any changes. 4. Using a text editor, open the client.properties file. 5. Add the following parameter on a new line: siteAssociation.maximumSitesPerME=2000 6. Save and exit the file. 7. Navigate to /rtm/bin directory. 8. Make a backup copy of the serverprivate.properties file. 9. Using a text editor, open the serverprivate.properties file. 10. Add the same parameter on a new line: siteAssociation.maximumSitesPerME=2000 11. Save and exit the file. 12. Restart the nGeniusONE Server processes. Note: For a more comprehensive set of configuration steps, including data source steps, refer to Configuring Extended Virtual Interfaces Support.

526

CONFIGURING AND MANAGING nGeniusONE

Deactivating or Activating an Interface If you want to temporarily stop the nGeniusONE Server from polling an interface, you can deactivate it. You can subsequently activate the interface when appropriate. More about deactivating and activating devices. To deactivate or activate an interface: 1. From the nGeniusONE Console, launch

Device Configuration.

2. Select the Devices tab. 3. Double-click a device and do one of the following: • Deactivate — Select an active interface, and click Deactivate . Click OK to confirm that you want to deactivate the selected interface. The status of the interface changes to Inactive. • Activate — Select an inactive interface and click Activate . Click OK to confirm that you want to activate the selected interface. The status of the interface changes to Active. 4. Click Apply.

527

nGeniusONE 5.4.1 Online Help Topics

Modifying FEC Interfaces Configured Fast EtherChannel (FEC) interfaces display in the FECs tab of the Modify Device screen (accessed by double-clicking a switch in the Devices tab of Device Configuration). You can modify or delete FECs using buttons in the toolbar. The following table describes the parameters/columns. Parameter

Description

Name

Not configurable. The FEC interface designation. For example: FEC_162.

Alias

Configurable. (Select the interface and click the Modify button.) Note that special characters are not supported except for the following: ( ) _ - { } [ ] : ; , . ,

Interface #

Not configurable. The switch interface number. For example: 162

Status

Not configurable. The real-time state of the interface: Active, Inactive, or Absent.

Description

Not configurable. The type of interface. For example: aggregated interface

528

CONFIGURING AND MANAGING nGeniusONE

Viewing FECs Discovered on a Switch The Modify Device screen list all the Fast EtherChannel (FEC) interfaces discovered by the nGeniusONE Server during the relearn process, or when the switch was added to the server. The information that displays is retrieved from the MIB table on the switch. To view FECs: 1. From the nGeniusONE Console, click

Device Configuration.

2. Select the Devices tab. 3. Double-click a switch. 4. Select FECs to display any associated slots/ports. Note: The FEC tab is unavailable to the Packet Flow Switch. 5. Click the Modify

icon to modify values.

529

nGeniusONE 5.4.1 Online Help Topics

Viewing FEC, Gigabit, and 10-Gigabit Interfaces Discovered on a Switch Fast EtherChannel, Gigabit, and 10-Gigabit interfaces discovered by the nGeniusONE Server during the relearn process, or when the switch was added to the server, are displayed in the Devices > Modify Device pane. The information that displays is retrieved from the MIB table on the switch. To view physical interfaces: 1. From the nGeniusONE Console, launch

Device Configuration.

2. Select the Devices tab. 3. Double-click a switch. 4. Click either Ports, VLANS, or FECs. 5. Select a FEC and click Virtuals

530

to display any associated slots/ports.

CONFIGURING AND MANAGING nGeniusONE

Viewing BSID Interfaces in nGeniusONE All BSID interfaces discovered by the nGeniusONE Server during relearn, or when the device was added to the server display in the Devices tab in nGeniusONE Server. To view BSID interfaces: 1. From the nGeniusONE Console, launch

Device Configuration.

2. Select the Devices tab. 3. Double-click a device. 4. Select a physical interface and click Virtuals. Configured BSID interfaces are displayed with the Status, Name, Alias, and BSID columns as shown below. Note: To sort a column, click the arrow head in the column heading.

531

nGeniusONE 5.4.1 Online Help Topics

Viewing LA-RA Interfaces in nGeniusONE All LA-RA interfaces discovered by the nGeniusONE Server during relearn, or when the device was added to the server display in the Devices tab in nGeniusONE Server. To view LA-RA interfaces: 1. Click

Device Configuration from the nGeniusONE Console.

2. Select the Devices tab. 3. Double-click a device. 4. Select a physical interface and click

Virtuals.

5. Configured LA-RA interfaces are displayed with their Name, Alias, and LA-RA ID. Note: To sort a column, click the arrow head in the column heading.

532

CONFIGURING AND MANAGING nGeniusONE

Viewing TAC Interfaces in nGeniusONE All TAC interfaces discovered by the nGeniusONE Server during relearn, or when the device was added to the server display in the Devices tab in the nGeniusONE Server. To view TAC interfaces: 1. From the nGeniusONE Console, launch

Device Configuration.

2. Select the Devices tab. 3. Double-click a device. 4. Select a physical interface and click Virtuals

.

5. Configured TAC interfaces are displayed with the Name, Alias, and TAC ID. Note: To sort a column, click the arrow head in the column heading.

533

nGeniusONE 5.4.1 Online Help Topics

Viewing VLAN Interfaces in nGeniusONE All VLAN interfaces discovered by the nGeniusONE Server during relearn, or when the device was added to the server display in the Modify Devices screen. When a probe is connected to an analyzer port on a device, the source of the data is coming directly from the device and sent to the probe on the analyzer port. If you are using this configuration, you can view VLANs. To view VLANS: 1. From the nGeniusONE Console, launch

Device Configuration.

2. Select the Devices tab. 3. Double-click a device. 4. Select a physical interface and click

Virtuals.

5. Configured VLANs are displayed with the Status, Name, Alias, ID, Speed Override check box, and DTE/DTE or Speed (Mbps). DTE/DCE columns display for Full Duplex interfaces, the Speed column displays for Half Duplex. Note: To sort a column, click the arrow head in the column heading.

534

CONFIGURING AND MANAGING nGeniusONE

Viewing VRF Group Virtual Interfaces in nGeniusONE When a device physical or flow interface detects network traffic that matches a VRF Group, it is displayed as a virtual interface. If needed, click Re-Learn in the Devices window to ensure the group definition is available on the device. To view the VRF Groups associated with a device: 1. From the nGeniusONE Console, launch

Device Configuration.

2. Select the Devices tab. 3. Double-click the applicable device. 4. Select the appropriate physical interface and click Virtuals. The Virtuals button is enabled only for those interfaces containing virtual interface(s). 5. The VRF Group interfaces display with Name, Alias, VRF Group ID, and DTE and DCE speeds. Note: To sort a column, click the arrow head in the column heading.

535

nGeniusONE 5.4.1 Online Help Topics

Modifying VRF Group Virtual Interface Speeds Use this procedure to configure VRF Group definitions for individual interfaces on probes. To modify speeds on individual interfaces, the speed set in Global Settings must be equal to zero. Device Configuration.

1. From the nGeniusONE Console, open

2. Select the Devices tab and double-click a supported device. 3. Select the physical interface and click the 4. Select the virtual interface and click 5. Click the

Virtuals icon.

Modify.

Speed Override check box and enter the Speed (Mbps).

6. Click OK and OK again to save your configuration.

536

CONFIGURING AND MANAGING nGeniusONE

Viewing VRF Site Interfaces in nGeniusONE To view discovered VRFs on an interface: 1. From the nGeniusONE Console, click

Device Configuration.

2. Select the Devices tab. 3. Double-click the appropriate device. 4. Select the physical interface and click

Virtuals.

Note: If the interface is not in download mode, and there are no virtual interfaces associated with the selected physical interface, the Virtuals button is disabled. 5. Configured interfaces for VRF Sites are displayed with the Status, Name, Alias, Admin and Assigned numbers, and Speed. If you configured the device to monitor both VRF and QoS, the QoS Level/Group displays for selected interfaces. Note: To sort a column, click the arrow head in the column heading.

537

nGeniusONE 5.4.1 Online Help Topics

Associating APN Definitions with a Physical Interface in nGeniusONE Adding APN Virtual Interface Definitions Adding or Modifying APN Groups After adding or modifying APN definitions in Global Settings, you must associate the APN definitions with an appropriately-configured physical interface. Associating APNs with a specific interface allows you to configure each interface on a probe to monitor a different virtual interface type. To download APN virtual interface definitions to the probe: 1. From the nGeniusONE Console, launch

Device Configuration.

2. Select the Devices tab. 3. Double-click the appropriate device. 4. Select the physical interface configured for APN Monitoring. 5. Click menu.

Select monitoring options and click Associate APN from the drop-down

6. Click an APN site to associate the site with the interface. Note: If the Associate check box is inactive, ensure that you have properly configured the selected interface in the device Agent Configuration Utility. To associate multiple APNs, do one of the following: • In the Associate column, select the appropriate

check box(es) one-by-one.

• Shift-click or Ctrl-click to multi-select APNs, then right-click and select Associate. You can use the same procedure to remove multiple APNs if required. • Click Associate all. (The button changes to associations.)

Remove all

7. Click OK. The Associate APNs window closes and the associations are saved to the selected physical interfaces. APN definitions download and apply only to physical and flow interfaces that you configure for APN monitoring.

538

CONFIGURING AND MANAGING nGeniusONE

Viewing VLANs Discovered on a Switch The Modify Device window displays all the virtual LAN interfaces that were discovered by the nGeniusONE Server during relearn, or when the switch was added to the server. When a probe is connected to an analyzer port on a switch, the source of the data is coming directly from the switch and sent to the probe on the analyzer port. If you are using this configuration, you can view Switch VLANs. To view switch VLANS: 1. From the nGeniusONE Console, click

Device Configuration.

2. Select the Devices tab. 3. Double-click a switch. 4. Select a physical interface with a VLAN and click the VLANs tab. The screen displays the Name, Alias, Interface #, ID, Status, and Description. Slot/Port, IF Type, Speed Override, Speed (Mbps), Fdx, Status, and Alarm Template of the VLAN interface. Note: To sort a column, right click the column heading.

539

nGeniusONE 5.4.1 Online Help Topics

Site-APN Interfaces The Site-APN Interfaces dialog box displays virtual interfaces associated with the selected Site interface on an appropriately configured probe. Viewing Site-APN Interfaces You can perform the following: Parameter Name

Description 1. Double-click or click Modify interface.

for the selected

2. Enter a new name for the device. Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all. 3. Click OK. Alias

1. Double-click or click Modify interface.

for the selected

2. Enter a new alias or edit the existing alias. 3. Click OK. ID

An auto-generated APN identifier that is not configurable. This column is not always displayed.

IP Address

Not configurable

Speed (bps)

Not configurable

540

CONFIGURING AND MANAGING nGeniusONE

BSID Interfaces in nGeniusONE Base Station ID (BSID) codes enable the monitoring of mobile cell site-based information on SID-NID virtual interfaces. The BSID interfaces dialog box displays virtual interfaces associated with the selected interface on an appropriately configured probe. Viewing BSID Interfaces You can perform the following functions: Parameter Name

Description 1. Click anywhere on the interface row and click Alternately, you can double click the row.

Modify.

2. The edit dialog box opens. Write an entry in the Name field. 3. Click OK. Alias

1. Click anywhere on the interface row and click Alternately, you can double click the row.

Modify.

2. The edit dialog box opens. Write an entry in the Alias field. 3. Click OK. BSID

Not configurable

541

nGeniusONE 5.4.1 Online Help Topics

LA-RA Interfaces Location Area (Code)-Routing Area (Code) (LA-RA) virtual interfaces enable the monitoring of mobile cell ID-based information. LA-RA virtual interfaces are available for selected physical links and must be configured on an nGenius InfiniStream appliance. These interfaces are situated in GPRS/UMTS networks. The LA-RA Interfaces dialog box displays virtual interfaces associated with the selected physical interface on an appropriately configured probe. Viewing LA-RA interfaces You can perform the following functions: Parameter Name

Description 1. Double-click anywhere on the interface row. 2. Write an entry in the Name field. 3. Click OK.

Alias

1. Double-click anywhere on the interface row. 2. Write an entry in the Alias field. 3. Click OK.

LA-RA ID

542

Not configurable

CONFIGURING AND MANAGING nGeniusONE

Quality of Service Interfaces You can modify a Quality of Service (QoS) virtual interface name, alias, or speed from Device Configuration > Devices > >

Virtual.

By default, nGeniusONE software automatically learns device interface speeds, as well as speeds for any QoS Levels or Groups. You can optionally override the learned speed on specific probe interfaces. Because override speeds are used in calculating utilization, it is important that they be accurately configured. Note: To override learned QoS speeds, the probe must be configured in the speed modifyonly mode. Refer to the appropriate agent administrator guide for details. You can perform the following functions: Parameter Name

Description 1. Click anywhere on the interface row and click Alternately, you can double click the row.

Modify.

2. The Modify dialog box opens. Write an entry in the Name field. 3. Click OK. Alias

1. Click anywhere on the interface row and click Alternately, you can double click the row.

Modify.

2. The Modify dialog box opens. Write an entry in the Alias field. 3. Click OK. QoS (ID)

Not configurable

IP Address

Not configurable

Speed Override Speed (Mbps)

Check box indication that the speed for the selected QoS Level/Group is overidden. 1. Select one or more QoS interfaces. Shift-click or Ctrl-click to make multiple selections. 2. Double-click the selected QoS interface or click Modify. 3. Click Speed Override. 4. Enter the new speed. 5. Click OK and OK again to save your configuration.

543

nGeniusONE 5.4.1 Online Help Topics

Site Interfaces The Site Interfaces dialog box displayed by clicking the Virtuals icon in Device Configuration displays virtual interfaces associated with the selected Site interface on an appropriately configured probe. If you configured the probe interface for QoS, the QoS Level/Group displays for selected Site interfaces. Viewing Site interfaces You can perform the following: Parameter

Description

Name

Not configurable

Alias

1. Double-click or click interface.

Modify for the selected

2. Enter a new alias or edit the existing alias. 3. Click OK. Site ID

Not configurable

IP Address

(Displays for Flow interfaces only) IP address of the source router.

Speed (Mbps)

Not configurable

If you configured the probe for Site-QoS, (vifn_mode = site-qos), do one of the following: Name

Not configurable. The name drives from the parent virtual interface and the QoS Level/Group.

Alias

Optionally enter an alias for the QoS Level/Group.

Site ID

Not configurable

QOS Level/Group

Not configurable

Speed Override Speed (Mbps)

Overrides the speed of the selected QoS Level/Group. 1. Double-click or click Modify for the QoS virtual you want to modify. 2. Select

Speed Override.

3. Enter a new speed. 4. Click OK.

544

CONFIGURING AND MANAGING nGeniusONE

Modifying Switch Ports The Switch Ports Details screen displays slots, ports and their associated values accessed from the Device Configuration > Devices tab > Modify Device screen. Actions you can take with switch ports are as follows: • Modify

interface parameters

• Delete

the interface

• Activate • Deactivate

the port the port

Important: In exception to other switches, nGenius 1500 Series Packet Flow Switch (PFS) parameters including Name, Alias, Fdx, and Speed Override can be modified. Parameter

Description

Name

The designation for the port showing the slot/port number. Example: 1/1 PFS only: 1. Click anywhere on the interface row and click Modify . Alternately, you can double click the row. 2. The edit dialog box opens. Write an entry in the Name field. 3. Click OK.

Alias

1. Click anywhere on the interface row and click Modify . Alternately, you can double click the row. 2. The edit dialog box opens. Write an entry in the Alias field. 3. Click OK.

Port

Not configurable. The slot/port number for the switch.

IF Type

Not configurable. The network typology type. For example: ET

Speed Override

Not configurable inline. Check box indicating whether the speed of the selected port was overridden.

Speed (Mbps)

Not configurable inline. The speed of the selected port.

Fdx

Not configurable. Check box indicating whether Fdx is enabled. PFS only: Not configurable inline. Click the

Fdx check box.

545

nGeniusONE 5.4.1 Online Help Topics

Status

Not configurable. The real-time state of the interface: Active, Inactive, or Absent.

Alarm Template

Not configurable inline. On the Switch Port dialog box, select a policy from the drop-down menu.

546

CONFIGURING AND MANAGING nGeniusONE

TAC Interfaces in nGeniusONE Tracking Area Code (TAC) virtual interfaces enable the monitoring of mobile cell ID-based information on LTE networks. Support for TAC virtual interfaces is available only for S1MME or S11 physical links. Throughput-related views for LTE protocols collected on TAC virtuals do not support S1 interface (S1.AP, ESM, EMM, and Diameter Children) metrics. The only supported workflows are Response Time views. The TAC interfaces dialog box displays virtual interfaces associated with the selected interface on an appropriately configured probe. Viewing TAC interfaces Important: Throughput-related metrics in TAC virtuals for Control Plane traffic on the S1MME Interface (when S1-U is not collected) are not supported due to S1/deciphering performance limitations. The Cell Site Summary view is not available and associated QoE/KPI data is not verifiable for S1 NAS child applications; the only supported workflows are Response Time views. NetScout recommends using the S1U interface on an S11 link (with a TAC virtual). You can perform the following functions: Parameter Name

Description 1. Click anywhere on the interface row and click Alternately, you can double click the row.

Modify.

2. The edit dialog box opens. Write an entry in the Name field. 3. Click OK. Alias

1. Click anywhere on the interface row and click Alternately, you can double click the row.

Modify.

2. The edit dialog box opens. Write an entry in the Alias field. 3. Click OK. TAC ID

Not configurable

547

nGeniusONE 5.4.1 Online Help Topics

VLAN Interfaces in nGeniusONE When a dedicated nGenius data source is attached to a trunk, the nGeniusONE Server discovers the VLANs that exist on the switches. The data source can provide analysis on the traffic generated by the two connecting switches.

The VLAN interfaces screen, shown below, displays virtual interfaces associated with the selected physical interface on an Ethernet probe. If you configured the data source interface for VLAN-QoS, the QoS Level/Group displays for selected interfaces in the same screen. The example below represents a Full Duplex interface.

Viewing VLAN interfaces You can perform the following functions: Parameter Name

Description 1. Click anywhere on the interface row and click Modify. Alternately, you can double click the row. 2. The edit dialog box opens. Write an entry in the Name

548

CONFIGURING AND MANAGING nGeniusONE field. 3. Click OK. Alias

1. Click anywhere on the interface row and click Modify. Alternately, you can double click the row. 2. The edit dialog box opens. Write an entry in the Alias field. 3. Click OK.

ID Speed Override DTE/DCE or Speed (Mbps)

Not configurable. Check box to override speed for the selected virtual interface. Devices with Full Duplex interfaces display DTE/DCE speeds; devices with Half Duplex interfaces display Speed only. 1. Select one or more VLANs. Shift-click or Ctrl-click to make multiple selections. 2. Double-click the selected VLAN or click 3. Click

Modify.

Speed Override.

4. Enter the new speed for DTE and DCE, or Speed values. 5. Click OK. If you configured the probe for VLAN-QoS, (vifn_mode = vlan-qos), your choices are as follows. Mixed location types are displayed in one screen. Name

Not configurable. The name drives from the parent virtual interface and the QoS Level/Group.

Alias

Optionally enter an alias for the QoS Level/Group.

ID

Not configurable. Same as the parent ID.

QOS

The QOS Level or group. Not configurable.

Speed Override Speed (Mbps)

Enables speed override for the selected QoS Level/Group. 1. Double-click the QoS interface you want to modify. 2. Select Speed Override. 3. Enter a new speed. 4. Click OK.

549

nGeniusONE 5.4.1 Online Help Topics

Setting Speed Override, Name, and Alias for VLANs A VLAN interface's speed, name, and alias can be set. By default, the server automatically learns device interface speeds but, optionally, you can override the learned speed for VLANs using the procedure below. Note: Because override speeds are used in calculating utilization, it is important that you enter an accurate speed if you enable the override. Without an override speed, the value is derived from the parent. To override the learned speed, and set a name and alias for VLANs: 1. From the nGeniusONE Console, launch

Device Configuration.

2. Select the Devices tab. 3. Double-click the data source containing the VLANs you want to modify. 4. Select the physical interface with associated VLANs and click

Virtuals.

5. Select one or more VLANs. Shift-click or Ctrl-click to select multiple VLANs. 6. Click

Modify for multiple VLAN interfaces or double-click one VLAN interface.

Note: Inline editing is not supported. Name and Alias can be changed only one interface at a time. 8. Enter a Name, Alias, and click the

Speed Override check box, as necessary.

9. Enter the new speed in the DTE and DCE or Speed fields. Devices with Full Duplex interfaces display DTE/DCE speeds; devices with Half Duplex interfaces display Speed only. 10. Click OK. The dialog closes, the new name, alias, or speed displays for the VLANs you selected, and a check mark in the Speed Override column indicates that you have overridden the speed learned when the device was added. Note: To revert to the learned speed, deselect the for the interface and click OK.

Speed Override check box

11. Click OK to close the VLAN interfaces dialog and save your configuration.

550

CONFIGURING AND MANAGING nGeniusONE

VRF Group Interfaces in nGeniusONE When you click the Virtuals icon, the dialog box displays VRF Groups associated with the selected interface on an appropriately configured device. If you configured the probe interface for VRF-groups and QoS, the QoS Level/Group displays for the selected interface. You can perform the following functions: Parameter

Description

Name

Not configurable

Alias

1. Double-click the Alias field of the selected interface. 2. Enter a new alias or edit the existing alias. 3. Click OK.

VRF Group ID

Not configurable

Speed (Kbps)

Not configurable in this dialog box. But, you can change speeds by clicking

Set monitoring options > Associate VRF Groups.

1. From the VRF associations list, select the VRF Group you want to modify. 2. Click

Modify.

3. Enter a new speed. 4. Click OK and OK again to save your configuration. If you configured the probe for VRF-Group QoS, (vifn_mode = vrf-group-qos), do one of the following: Name

Not configurable. The name derives from the parent virtual interface and the QoS Level/Group.

Alias

Optionally enter an alias for the QoS Level/Group.

VRF Group ID

Not configurable

QOS (Level/Group)

Not configurable

Speed Override

Click to override the speed of the selected QoS Level/Group.

Speed (bps)

• • • • •

Select Speed Override. Right click the speed you want to modify. Click Edit Speed. Enter a new speed. Click OK.

551

nGeniusONE 5.4.1 Online Help Topics

VRF Site Interfaces When you click the Virtuals icon, the dialog box displays VRF Sites associated with the selected interface on an appropriately configured device. If you configured the probe interface for VRF and QoS, the QoS Level/Group displays for the selected interfaces. You can modify the following values. Note: Inline editing is not supported. Parameter Name

Description 1. Click anywhere on the interface row and click Modify. Alternately, you can double click the row. 2. The edit dialog box opens. Write an entry in the Name field. 3. Click OK. e

Alias

1. Click anywhere on the interface row and click Modify. Alternately, you can double click the row. 2. The edit dialog box opens. Write an entry in the Alias field. 3. Click OK.

Speed Override Speed (Mbps)

When selected this check box opens the Speed field to override the default speed setting. Not configurable. The speeds are associated with the parent interface.

If you configured the probe for VRF-Site-QoS, (vifn_mode = vrf-site-qos), do one of the following: Name

Not configurable. The name drives from the parent virtual interface and the QoS Level/Group.

Alias

Optionally enter an alias for the QoS Level/Group.

QoS

Not configurable

Speed Override Speed (Mbps)

552

Not configurable Not configurable

CONFIGURING AND MANAGING nGeniusONE

553

nGeniusONE 5.4.1 Online Help Topics

Viewing Flow Interfaces in nGeniusONE Server 1. From the nGeniusONE Console, launch

Device Configuration.

2. Select the Devices tab. 3. Double-click an nGenius Collector configured as a flow destination. 4. Select the flow interface and click Virtuals

.

Note: If the Virtuals button is disabled, then no virtual interfaces are available.

554

CONFIGURING AND MANAGING nGeniusONE

NetFlow Interfaces The NetFlow Interfaces for NetFlow Interface-Mode dialog box displays virtual interfaces associated with nGenius Collector appliances. If you configured the Collector interface for QoS, the QoS Level/Group displays for selected NetFlow interfaces. You can perform the following functions: Parameter

Description

Name

Not configurable

Alias

1. Click anywhere on the interface row and click Modify . Alternately, you can double click the row. 2. The edit dialog box opens. Write an entry in the Alias field. 3. Click OK.

Alarm Template

Drop-down menu choices of alarm templates created in the UMC or the default.

Fdx

Checkbox

NetFlow ID

Not configurable

IP Address

Not configurable. IP address of the source router.

Topology

Type of network.

Speed Override

Checkbox interface.

Speed (Mbps)

Note: You must disable auto-discovery on the probe to modify the speed. Refer to the agent administrator guide for your probe for details.

to select Full Duplex.

to override the speed of the selected NetFlow

1. Select one or more NetFlow interfaces. Click and drag the cursor, or use Shift-click or Ctrl-click to select multiple interfaces. 2. Double-click the selected interfaces. 3. Enter the new speed. 4. Click OK. If you configured the probe for QoS, (vifn_mode = router-ifn-qos), do one of the following: Name

Not configurable. The name derives from the parent virtual interface and the QoS Level/Group.

Alias

Optionally enter an alias for the QoS Level/Group.

NetFlow ID

Not configurable

555

nGeniusONE 5.4.1 Online Help Topics

QOS Level/Group

Not configurable

Speed Override

Click to override the speed of the selected QoS Level/Group.

DTE/DCE

1. Select Speed Override. 2. Right click the speed you want to modify. 3. Click Edit Speed. 4. Enter a new speed. 5. Click OK.

556

CONFIGURING AND MANAGING nGeniusONE

sFlow Interfaces The sFlow Interfaces dialog box displays virtual interfaces associated with the selected interface on an appropriately configured nGenius Collector. You can perform the following functions: Parameter Name

Description 1. Click anywhere on the interface row and click Modify Alternately, you can double click the row.

.

2. The edit dialog box opens. Write an entry in the Name field. 3. Click OK. Alias

1. Click anywhere on the interface row and click Modify Alternately, you can double click the row.

.

2. The edit dialog box opens. Write an entry in the Alias field. 3. Click OK. Alarm Template Number

Select a particular interface alarm template or use the default template. Interface Number. Not configurable

Speed Override

Checkbox to override the speed of the selected sFlow interface.

DTE/DCE

Note: You must disable auto-discovery on the Collector to modify the speed. Refer to the agent administrator guide for your Collector for details. 1. Select one or more sFlow interfaces. Click and drag the cursor, or use Shift-click or Ctrl-click to select multiple interfaces. 2. Right-click the selected interfaces. 3. Click Edit Speed. 4. Enter the new speed. 5. Click OK.

557

nGeniusONE 5.4.1 Online Help Topics

Setting NetFlow Interface Speed Override By default, the nGeniusONE software automatically learns device interface speeds, as well as speeds for any NetFlow interfaces. You can optionally override the learned speed for any NetFlow interface. Because override speeds are used in calculating utilization, it is important that you enter an accurate speed if you enable the override. To set NetFlow interface speed override: 1. From the nGeniusONE Console, launch

Device Configuration.

2. Click the Devices tab and double-click the probe you want modify. 3. Select the NetFlow interface. 4. Click Virtuals

.

5. Select one or more NetFlow interfaces. Click and drag the cursor, or use +click or +click to select multiple interfaces. 6. Click Modify

or double-click the selected NetFlow interfaces.

Note: For Full Duplex probes, DTE and DCE speed columns display. Note: Inline editing is not supported. 7. Click the Speed Override

checkbox.

8. Enter the new speed. 9. Click OK. The new speed displays for the NetFlow interfaces you selected and a check mark in the Speed Override column indicates that you have overridden the speed learned when the device was added. Note: To revert to the learned speed, deselect the Speed Override check box for the interface and click OK. 10. (Optional) If you want to add or change an existing Alias, enter a value in the Alias field. 11. Click OK.

558

CONFIGURING AND MANAGING nGeniusONE

Importing/Exporting Creating a File to Import Devices in nGeniusONE You can save time when adding multiple devices to the nGeniusONE Server by creating a comma-separated value (CSV) file. Meeting Requirements Importing nGenius devices Supporting SNMPv3 Creating the File Examples Requirements The following requirements apply to the CSV file: • Enter information for each device on a separate line. • Device type, device name, and IP address (IPv4 or IPv6) are required. • In a distributed nGeniusONE Server environment, include the name of the Local Server Name to which the device is to be added. The Local Server name supplied must match the name used for the Local Server configuration. When adding devices, you can enter the device type as AUTOMATIC. This allows the nGeniusONE Server to determine the device type and display the information in the device Type column in

Device Configuration.

Importing nGenius InfiniStreams Supporting SNMPv3 You can import nGenius InfiniStreams that support SNMPv3 as follows: • Import InfiniStreams configured for SNMPv2 (the default configuration). After importing the probes, configure the probes for SNMPv3. • Import InfiniStreams already configured for SNMPv3. Then: o Reboot the InfiniStream. Rebooting changes the nGeniusONE Server communication to SNMPv3 (the Config Server Address on the probe must match the IP address of the nGeniusONE Server). o Note: To verify that the Config Server address in the probe matches the Sniffer Analysis nGeniusONE Server address, you can click Remote Login to remotely login to the probe and confirm that the correct address is entered in option 4. Creating the File To create the CSV file: 1. Create a new text file using a text editor. 2. Enter one line of information for each device using the following format (the last three fields are used to configure SNMP v3): Device type, Name, IP Address, Read Community, Write Community, 559

nGeniusONE 5.4.1 Online Help Topics Retries, Timeout, Learn Only, Server Name, Device Alias, Notes, Web Server Port, Server Address, nFR Server Name, Workspace Name, Device Unreachable Alarm, Log/Monitor MIB2, Status, System Description, Physical Address, Communication Protocol, Authentication Protocol, Privacy Protocol, Privacy Password Click here for a description and defaults for each field Note: • When creating the import file, create a space for all of the above fields (including SNMPv3 fields), even if they do not contain any values. • Enter AUTOMATIC in upper case. (nGenius InfiniStream is added as device type AUTOMATIC). For example, to specify an nGenius InfiniStream, enter nGenius InfiniStream. The CSV file is casesensitive on Linux systems. • To accept defaults for all fields that follow required fields, you can leave the fields blank. Refer to Example 1 below. • You can use the default value for a parameter by entering a comma for that field. In Example 2 below, defaults are accepted for all fields between Local Server Name and MIB2Mode. 3. Save the file with a .csv extension and close the file. 4. You can add all of the devices in your CSV file by clicking

Import devices.

Examples Example 1: Adding an nGenius InfiniStream appliance nGenius InfiniStream,boston_server,10.20.160.111,public,public,3,1,Standalone Server,OH-Operations,,0,,,,TRUE,Active,InfiniStream Model 2910A - CDM 5.4.0 (Build 307),10.20.160.111,HTTP,,,, Example 2: Adding a switch to a Global Manager in a distributed server environment, with Learn Only enabled AUTOMATIC,My Switch2,10.45.67.89,public,public,3,4,LO, LocalServer1,,,,,,,,true In this example, since there is an entry for MIB2Mode, commas must be entered to accept the defaults for all fields between Local Server Name and MIB2Mode. With MIB2Mode set to true, the switch is set to monitor and log MIB2 data.

Importing Devices in nGeniusONE You can add multiple devices more efficiently by creating and importing a .CSV file that contains all relevant device information. To add multiple devices: 1. Create a CSV file containing information about each device you want to add. by creating the file manually. 2. From the nGeniusONE Console, click 3. Select the Devices tab.

560

Device Configuration.

CONFIGURING AND MANAGING nGeniusONE

4. Click

Import devices.

5. Locate and select your .CSV file. Make sure the filename displays in the File name field. 6. Click Open. The devices are added and display in the Devices window. Be aware if the Task Progress Report for errors.

Exporting Device Settings You can export device settings from one nGeniusONE Server to a file that you can then import to another Server. Features Exported • Well known Apps • Server-based Applications • Extension Apps • Application Groups • Sites • Host Groups • QoS Groups • APN Groups • SNMP Trap Listeners • KPI Alarm • KPI Error Code Config • KPI Error Codes Exporting Device settings is useful to accomplish the following tasks: • Export the device configuration • Export custom protocols — When you import custom protocols, certain rules are applied to prevent importing duplicate. Export is not supported for protocols provided by default. • Export Application Group associations To export device settings: 1. From the nGeniusONE Console, click

Device Configuration.

2. Click the Devices tab. 3. Click

Export devices.

Important: Saving the file with the same name as a previously-saved file overwrites files contents. 4. Click Save File and OK. You can later import the file to another system.

561

nGeniusONE 5.4.1 Online Help Topics

Fields for Import Devices CSV File To create a CSV file to import devices to nGeniusONE server, refer to the parameters described in the table below. NOTE: All fields must be included but only required fields must be populated. Creating a File to Import Devices in nGeniusONE Field

Default

Required?

Description

Device Type

None

Required

Enter one of the following: • AUTOMATIC • PROBE (or NETSCOUT PROBE) • OTHER DEVICE (Use for Routers) Enter the device type in upper case. The CSV file is case-sensitive on Linux systems.

Name

None

Required

Enter a unique device name. This field accepts spaces and alphanumeric characters.

Device IP Address

None

Required

Enter the device IP address (IPv4 or IPv6).

Read Community

public

Optional

The read community string.

Write Community

public

Optional

The write community string. This setting must match the write community string defined in the device (more).

Retries

3

Optional

The number of times you want the nGeniusONE Server to attempt to reach the device if there is no response. This value must be an integer between 1 and 1000.

Timeout

1

Optional

The amount of time (in seconds) you want the nGeniusONE Server to wait before retrying an SNMP request. The value must be an integer between 1 and 1000.

Learn Only

False

Optional

For switches only. Enter LO if you want the nGeniusONE Server to only learn the configuration from the switch, and you do not want to apply Global Settings, history, templates, or alarms to the switch. More about

562

CONFIGURING AND MANAGING nGeniusONE

the Enable Learn Only option. Server Name

None

Required if importing from a Global Manager

Required for distributed server environment only. If you are adding a device from a Global Manager system, enter the Local Server Name of the Local Server to which the device is to be added. The Local Server Name supplied must match the name in the Server Configuration. Note: If you entered the Server IP Address as the Server Name during configuration, then enter the Server IP Address in the Server Name field.

Alias

None

Optional

A user-defined alternate name for the device. • Spaces and alphanumeric characters are valid. • With the exception of the forward slash (/), special characters are not allowed in alias names. • The alias must be unique for each device.

Notes

None

Optional

Additional user-entered information about the device such as the physical location. Spaces and alphanumeric characters only are valid.

Web Server Port

0

Optional

Used by nGenius Flow Recorder

Server Address

None

Optional

Used by nGenius Flow Recorder

nFR Server Name

None

Optional

Used by nGenius Flow Recorder

WorkSpace Name

None

Optional

Used by nGenius Flow Recorder

Device Unreachable Alarm

true

Optional

If set to true, an alarm displays in the Alarm Viewer if the device is unreachable; a subsequent alarm displays if the device comes back up. Enter false for this field if you do not want an alarm displayed if the device is unreachable.

Log/Monitor MIB2Mode

false

Optional

For switches only. You can optionally set a switch to monitor and log Data Link Control (DLC) data, or MIB2

563

nGeniusONE 5.4.1 Online Help Topics

data. By default MIB2Mode is set to false; the switch monitors and logs DLC data. To monitor and log MIB2 data, set this parameter equal to true. More on the DLC/ MIB2 option. Status

None

Optional

Active or inactive

System Description

None

Optional

System info including software version

Physical Address

None

Required

Physical IP address

Communication Protocol

Auto

Optional

Automatic, HTTP, HTTPS, SNMP, SNMPV1, or SNMPV3

Authentication Protocol

None

Required for SNMPv3

Used for SNMPv3

Privacy Protocol

None

Required for SNMPv3

Used for SNMPv3

Privacy Password

None

Required for SNMPv3

Used for SNMPv3

Default Values for Devices in nGeniusONE The following table lists the default values for devices. Fields marked with an asterisk (*) are required. Fields are displayed depending on the device type. Parameter

Default Value

Description General tab

*Name

None

Device name

Alias

None

Optional user-defined alias for the device

*Address

None

IP address of the device

Device Type

Automatic

Device type — select Automatic if the type is unknown

Notes

None

Optionally enter notes about the device

Communication Protocol

None

Optionally enter the communication protocol for the device

Read Community

public

Read community string

Write Community

public

Write community string Advanced tab

564

CONFIGURING AND MANAGING nGeniusONE

*Retries

3

Number of times the server tries to contact the device in order to add it

*Timeout

1

Interval between retries (seconds)

Enable deviceunreachable alarm

Checked (true)

When selected (or set to true in a CSV file for adding multiple devices), an alarm displays in the Alarm Viewer if the device is unreachable; if the device comes back up, a subsequent alarm displays

Enable learn only mode

Checked

For switches only in support of spanning. Click the check box to prevent the nGeniusONE server from applying Global Settings, templates, and alarms to the switch.

Do not add routers for NetFlow

Unchecked (false)

Click the check box if you do not want routers to be discovered (NetFlow Collectors only)

MIB2

For switches only. Click the check box to monitor/log Data Link Control traffic. If unchecked, the setting is MIB2.

Authentication Protocol

MD5

Choose one of the following from the drop-down menu: MD5 or SHA

Privacy Settings

Unchecked (false)

Applies to SNMPv3 settings only. Click the check box to enable.

Privacy Protocol

AES

Applies to SNMPv3 settings only. Drop-down menu choices: AES, DES, or 3DES

*Password

None

Applies to SNMPv3 settings only. If you have chosen a Privacy protocol, enter a Privacy password of no more than 128 bytes

DLC

565

nGeniusONE 5.4.1 Online Help Topics

Upgrade Remotely Upgrading the nGenius InfiniStream Appliance — Overview The nGeniusONE solution allows users granted the System Administrator role to remotely upgrade the nGenius InfiniStream with the following: • nGenius InfiniStream software • Decode Packs Note: • You cannot use the remote upgrade function to re-image the appliance operating system. • You can also remotely upgrade nGeniusONE Server software. To perform the remote upgrade, you must first download the software package or decode pack to the parent server (Global Manager/Dedicated Global Server or standalone nGeniusONE Server). Following upgrade the decode pack major and minor versions and build numbers display in the Upgrade screens in Device Configuration. This information displays in the Device Configuration screen following the automatic reboot at the end of the upgrade. Version and build display in the Upgrade screen following refresh or automatically after midnight. MasterCare customers can schedule software package and decode pack download to the parent server to take place automatically; however, you can download packages manually if you prefer. Note that downgrades to previous software versions are not supported. Remotely Upgrading InfiniStream Software Requirements: Automatic Download Requirements: Remote Upgrade Order of Upgrade Multiple Upgrades Partitioning File System Prerequisites Requirements: Scheduling Automatic Download • You must be a MasterCare customer and be granted the System Administrator role to perform this procedure. Requirements: Remote Upgrade • Refer to the nGenius InfiniStream Administrator Guide and Deployment Essentials Guide for up to date information about Remote Upgrades of nGeniusONE, InfiniStream and Decode pack software from earlier versions. Order of Upgrade The nGeniusONE Server must be running an equal or higher version of software than the nGenius InfiniStream appliance it manages.

566

CONFIGURING AND MANAGING nGeniusONE Multiple Upgrades — You can select any number of appliances for upgrade. However, the nGeniusONE Server downloads files to appliances in batches to minimize bandwidth consumption. Nevertheless, network congestion may cause some upgrades to fail. Retry the upgrade for each appliance that initially fails if you are certain the appliance is up and responding. Partitioning — When you upgrade you can choose to preserve or modify existing partitions. Re-partitioning results in loss of data. Because of this, you may want to make changes to the existing partitions before you start capturing data. • Individual upgrade — When you upgrade a single nGenius InfiniStream appliance, the Upgrade screen displays existing partition sizes. You can preserve or modify the existing partition. • Multiple upgrade — When you select multiple nGenius InfiniStream appliances for upgrade you can preserve the existing partitions on all selected systems Partition Guidelines, Description, and Ranges File System — For the Packet storage partition, you can select one of the following: • NetScout (Raw) • XFS Prerequisites • The nsprobe process must be running on each target appliance. • You must have write access to the devices being upgraded. Verifying nsprobe and Write Community a. From the nGeniusONE Console, launch

Device Configuration.

b.Select the device. c. Click

Information and verify the following:

• Ping Test = OK • Write Community = OK d. Click Close. You can also determine whether nsprobe is running by logging on to the appliance operating system, navigating to /rtm/bin folder, and executing the ./PS command.

Remotely Upgrading the nGenius InfiniStream Appliance — Overview The nGeniusONE solution allows users granted the System Administrator role to remotely upgrade the nGenius InfiniStream with the following: • nGenius InfiniStream software • Decode Packs

567

nGeniusONE 5.4.1 Online Help Topics Note: • You cannot use the remote upgrade function to re-image the appliance operating system. • You can also remotely upgrade nGeniusONE Server software. To perform the remote upgrade, you must first download the software package or decode pack to the parent server (Global Manager/Dedicated Global Server or standalone nGeniusONE Server). Following upgrade the decode pack major and minor versions and build numbers display in the Upgrade screens in Device Configuration. This information displays in the Device Configuration screen following the automatic reboot at the end of the upgrade. Version and build display in the Upgrade screen following refresh or automatically after midnight. MasterCare customers can schedule software package and decode pack download to the parent server to take place automatically; however, you can download packages manually if you prefer. Note that downgrades to previous software versions are not supported. Remotely Upgrading InfiniStream Software Requirements: Automatic Download Requirements: Remote Upgrade Order of Upgrade Multiple Upgrades Partitioning File System Prerequisites Requirements: Scheduling Automatic Download • You must be a MasterCare customer and be granted the System Administrator role to perform this procedure. Requirements: Remote Upgrade • Refer to the nGenius InfiniStream Administrator Guide and Deployment Essentials Guide for up to date information about Remote Upgrades of nGeniusONE, InfiniStream and Decode pack software from earlier versions. Order of Upgrade The nGeniusONE Server must be running an equal or higher version of software than the nGenius InfiniStream appliance it manages. Multiple Upgrades — You can select any number of appliances for upgrade. However, the nGeniusONE Server downloads files to appliances in batches to minimize bandwidth consumption. Nevertheless, network congestion may cause some upgrades to fail. Retry the upgrade for each appliance that initially fails if you are certain the appliance is up and responding. Partitioning — When you upgrade you can choose to preserve or modify existing partitions. Re-partitioning results in loss of data. Because of this, you may want to make changes to the existing partitions before you start capturing data.

568

CONFIGURING AND MANAGING nGeniusONE • Individual upgrade — When you upgrade a single nGenius InfiniStream appliance, the Upgrade screen displays existing partition sizes. You can preserve or modify the existing partition. • Multiple upgrade — When you select multiple nGenius InfiniStream appliances for upgrade you can preserve the existing partitions on all selected systems Partition Guidelines, Description, and Ranges File System — For the Packet storage partition, you can select one of the following: • NetScout (Raw) • XFS Prerequisites • The nsprobe process must be running on each target appliance. • You must have write access to the devices being upgraded. Verifying nsprobe and Write Community a. From the nGeniusONE Console, launch

Device Configuration.

b.Select the device. c. Click

Information and verify the following:

• Ping Test = OK • Write Community = OK d. Click Close. You can also determine whether nsprobe is running by logging on to the appliance operating system, navigating to /rtm/bin folder, and executing the ./PS command.

Remotely Upgrading InfiniStream Software Before you perform the remote upgrade, ensure that your environment meets all prerequisites. To upgrade software for one or more nGenius InfiniStream appliances: 1. Do one of the following: • Download the appropriate upgrade file to the /rtm/tftpboot directory on the nGeniusONE Server. In a distributed server environment, you can perform the upgrade from the Global Manager or from the Local Server that owns the appliance. b. Upgrade files are named according to the following convention: is-[major version]-[build]-[topology].bin c. For example, a v5.4 build 500 upgrade file would be named: is-5400-500-eth.bin d. Note: MasterCare customers can download the binary upgrade files for the latest version of software from the NetScout Systems Support site: https://my.netscout.com/mcp/Pages/landing.aspx

569

nGeniusONE 5.4.1 Online Help Topics Refer to the appropriate software release notes for your appliance for specific instructions. • Schedule automatic software download. When using this method in a distributed server environment, you must download the files to the Global Manager. 2. From the nGeniusONE console, click

Device Configuration.

3. Click the Upgrade tab. 4. Click the InfiniStreams tab. Installed InfiniStream appliances are listed with their current Status, Name, (IP) Address, Model number, Version number, and Description including the firmware release and Build numbers. 5. Select one or more appliances to upgrade. — A red icon in the Status column indicates the existence of an upgrade file with a higher version than the appliance is currently running. — A green icon indicates that the appliance is already upgraded to the latest file version in the nGeniusONE Server upgrade file repository. Note: All selected appliances must share the same topology. For example: eth(ernet). 6. Click

Select file to upgrade.

7. In the nGenius InfiniStream Software Package dialog box, each software package displays with a unique version number that includes the device type, release version, build number, and topology. Select the appropriate upgrade file (the dialog box displays only those software packages appropriate to the selected appliance) and click OK. Note: To delete a software package, select it and click Delete. Confirm the deletion to complete the action. 8. Click Upgrade. The Upgrade Parameters dialog box displays. Configure upgrade parameters according to the type of upgrade you are performing: • Individual appliance • Multiple appliances 9. When you finish configuring upgrade parameters, click Upgrade. 10. Click OK to confirm. The software package is uploaded to the selected nGenius InfiniStream appliance(s). The Task Progress Report arrow displays detailed, step-by-step information as the upgrade progresses. In the case of multiple upgrades, progress displays for each individual device. Following a successful upload, the appliance saves its current configuration, runs the binary upgrade executable, restores the configuration, and reboots. Upgrade can take 10-15 minutes to complete, including the automatic post-upgrade reboot of the appliance. Click Details to review progress. 570

CONFIGURING AND MANAGING nGeniusONE

Following reboot, the upgraded appliance automatically requests a re-learn from nGeniusONE Server. In the Upgrade dialog, a red icon displays next to the appliance name. Following re-learn (usually within 60 seconds), nGeniusONE Server updates the dialog by removing the red icon and updating the appliance description software version and build number. To view the new upgrade status for the appliance along with decode pack version and build number, refresh the Upgrade dialog (the dialog does not refresh automatically). If you do not refresh, the information automatically displays at midnight following the upgrade. 11. (Optional) In the Devices screen, select the appliance and click to verify that upgrade was successful.

Information

Note: The first time the CDM Agent starts following upgrade, the CodecTable settings are automatically backed up to CodecTable.V. A new CodecTable is created that converts previous codec settings, and also includes any new payload types. If you modified EVRC or EVRC-B codecs, verify that your settings were carried forward. Copy any required changes from the backed up CodecTable to the new CodecTable and restart the CDM Agent to apply. Troubleshooting • If upload of the upgrade file to the device fails (for example, due to network congestion or slow connectivity), restart the upgrade. • If upload completes, but the upgrade fails on the device, you must manually upgrade by logging directly into the device. • The following files may be helpful in diagnosing issues: o

nGeniusONE Server: Global Manager: /rtm/log/debuglog-globalm-xxx.txt Local Server or standalone nGenius Server: /rtm/log/debuglog-xxx.txt

o

nGenius InfiniStream: /opt/platform/nsupgrade/upgrade.log

• If for any reason the device is not automatically relearned, use the nGeniusONE Server Relearn option to do so manually (in the Devices window, select the device and click

Relearn.)

Remotely Upgrading InfiniStream Decode Packs Before you perform the remote upgrade, ensure that your environment meets all prerequisites. Perform the following procedure to upgrade decode packs for the nGenius InfiniStream appliance. 1. Do one of the following: • On the parent server, download the appropriate upgrade file to the /rtm/pmupgrade directory. (Note that the download directory differs from that for nGenius InfiniStream software.)

571

nGeniusONE 5.4.1 Online Help Topics

Upgrade files are named according to the following convention: dep-[major version]-[minor version] - [build] - [OS].bin For example, a v15.1 build 166 upgrade file for Linux would be named: dep-15-1-166-lin.bin Note: MasterCare customers can download the binary upgrade files for the latest version of software from the NetScout Systems Support site: https://my.netscout.com/mcp/Pages/landing.aspx You can find the software in the Sniffer Decode and Expert Pack section. Refer to the appropriate software release notes for your appliance for specific instructions. • Schedule automatic software download. When using this method in a distributed server environment, you must download the files to the Global Manager. 2. From the nGeniusONE console, click the Device Configuration

icon.

3. Click the Upgrade tab. 4. Click the Decode Pack tab. Installed Decode Packs are listed with their current Status, Name, (IP) Address, Model number, Version number, and Description including the firmware release and Build numbers. 5. Select one or more appliances to upgrade. — A red icon in the Status column indicates the existence of an upgrade file with a higher version than the appliance is currently running. — A green icon indicates that the appliance is already upgraded to the latest file version in the nGeniusONE Server upgrade file repository. — Note: If no status icons display in the Status column, no valid upgrade files reside in the pmupgrade directory. 6. Click Upgrade . The releases that have been copied to pmupgrade directory are listed in descending version order. 7. Select the decode pack version you want to upload and click Upgrade. 8. Click OK to confirm. The software package is uploaded to the selected nGenius InfiniStream appliance(s). The Task Progress Report arrow displays detailed, step-by-step information as the upgrade progresses. In the case of multiple upgrades, progress displays for each individual device. Upgrade can take 10-15 minutes to complete. The Task Progress Report displays progress for each appliance.

572

CONFIGURING AND MANAGING nGeniusONE 9. (Optional) In the Devices > Device list screen, select the appliance and click Information

to verify that the upgrade was successful.

Upgrade Parameters in nGeniusONE WARNING: Any change to existing partitions or to the type of file system results in the loss of all stored data. • Partition Guidelines • File System Format Changes • Partition Sizing and Usage • Individual Device • Multiple Devices • Partition Descriptions and Defaults Partition Guidelines Keep in mind these guidelines: • Stored data can be retained during an upgrade if you do not change partition settings or the type of file system used for the packet store partition (/data). • Any changes to other partitions or the type of file system used for the packet store partition results in the loss of all stored data and metadata. This includes: o Changing the format of the packet store partition (for example, from XFS to the NetScout File System [raw format]). o o

Changing the size of any other partition (/flow, /metadata, or /xdr). Creating or deleting any other partition (/flow, /metadata, or /xdr).

• All stored data is lost when upgrading the appliance by re-imaging. • Total storage capacity of the nGenius InfiniStream appliance. • Type of data you plan to monitor. For example: If you anticipate heavy use of the InfiniStream Console, consider increasing the /metadata partition default to a greater percentage of total storage. • Partitions are located on the nGenius InfiniStream storage drives used for packet storage. Therefore, allocating more space for these partitions reduces space available for packet storage. • Review current documentation for the nGenius InfiniStream appliance for the most up to date information. File System Format Changes During upgrades, you will have the option to change your file system and partitioning strategy. In some cases you will have the opportunity to change the data partition format. It is important to understand that anytime you change format or partition size, stored data is not preserved on the InfiniStream appliance. Refer to the table below to understand the options that will be presented to you for re-partitioning, and the impact of your choice on the data store.

573

nGeniusONE 5.4.1 Online Help Topics

Packet Store File System Scenarios

Available Impact of Selection Options

XFS to XFS NetScout File System to NetScout File System

Retain or Recreate the Partitions

If you select Retain, the data and partition size are preserved.

XFS to NetScout File System

Recreate only

The only option presented is to Recreate the partition. When you change file system type, the partition must be recreated. Data is not preserved in this case.

NetScout File System to XFS

If you select Recreate, you will be prompted to designate the size for a new partition. Data is not preserved in this case.

Partition Sizing and Usage Refer to the table in the Partition Descriptions and Defaults section review the partition formats, impact of changing partition formats and sizes, and the sizing required for the way you will use the InfiniStream appliance. Additionally, consider the following: • For releases v5.0 through v5.4, the default minimum /metadata partition size was increased to 25 GB to accommodate additional TFA analysis index files, HTTP/VoIP replays, nGeniusONE/Performance Manager and InfiniStream Console trace storage, and Adaptive Session Intelligence (ASI) metadata. During an upgrade to v5.4.1, you are not required to re-partition your appliance and you can retain this 25 GB partition size. In this scenario, ASI metadata continues to be written to the /metadata partition. However, if you choose to modify your partitions during or after an upgrade to v5.4.1, the following partition changes occur: o A new /asi partition is automatically created and allocated 50 GB of storage space by default (minimum size for this new partition is 25 GB). All ASI metadata is now written to this new partition instead of /metadata, providing improved performance and avoiding contention for space in the /metadata partition from saved trace and decode files. o The default size of the /metadata partition changes to 50 GB, although the minimum partition size of 25 GB is still allowed. So, the amount of storage reserved for remote decode, mining trace files, and ASI metadata increases from a 25 GB to 50 GB (25 GB minimum for /metadata and 25 GB minimum for /asi) if you choose to change the partition settings during/after an upgrade to v5.4.1. Important: If you choose to retain your partitions during the v5.4.1 upgrade, it is strongly recommended that you do not save remote trace files on the InfiniStream appliance. These trace files consume space on the /metadata partition and reduce the space available for the ASI metadata required for nGeniusONE monitors and enablers. • During an application update to any v5.x release from a v4.x release, a new partition, /private, may be created on certain InfiniStream appliances. This partition is used for the temporary storage of compressed files. Because this partition is file-mounted, it always appears at 100% utilization, which is normal and

574

CONFIGURING AND MANAGING nGeniusONE no cause for concern. This partition is not used for packet storage and should not be modified. • On InfiniStream 45xxD appliances equipped with external storage units (ESU-ZS), the installation process creates asymmetrical partitions across the RAID 6 array. The /asi, /xdr, /metadata, and /flow partitions are only created on the internal storage drives of the InfiniStream appliance, and these drives do not contain any /data partitions for packet storage. The drives in the ESU-ZS contain /data partitions only. This arrangement is created automatically during installation; no special steps are required. Upgrading an Individual Device When you upgrade an individual nGenius InfiniStream appliance, you can choose to preserve or modify existing partitions. Allowable ranges and defaults vary depending on the appliance total disk free space. Option

Description

Preserve all existing partitions and data

(Default) Preserves existing partition sizes.

Modify one or more partitions and rewrite the partition table

Select to modify a partition size or eliminate a partition entirely. When you select this option the partition options become configurable. Note: Stored data is lost if you choose this option. o Size — Select (enable) the partition check box and enter a value that falls within the displayed range. Deselecting (disabling) a check box eliminates that partition. The Packet storage option reflects the values you enter for the remaining partitions. o File System (Packet storage partition) — From the drop-down menu, select NetScout or XFS. (NetScout File System is not supported for appliances configured with multi-nsprobe.)

Upgrading Multiple Devices When you upgrade multiple nGenius InfiniStream appliances, you can choose to preserve the partitions existing on each device or use partition defaults in all cases. Option

Description

Preserve the existing partitions on all selected systems

(Default) When selected preserves current partition sizes for all selected appliances. Note: Existing NetScout file system partitions are not preserved.

Partition Descriptions and Defaults WARNING: Any change to existing partitions or to the type of file system results in the loss of all stored data.

575

nGeniusONE 5.4.1 Online Help Topics

Partition

Description

/asi

This partition is dedicated to 50 GB storing Adaptive Service Intelligence (ASI) metadata. In previous releases, ASI metadata was written to the /metadata partition. In v5.4.1, for improved performance and to avoid contention for space in the /metadata partition from saved trace and decode files, this new /asi partition can be created. Whether or not this partition is created depends upon your choices when upgrading to v5.4.1: • If you choose to retain your partitions during the upgrade, this partition is not created and ASI data continues to be written to the /metadata partition as it has in previous releases (refer to recommendations for the /metadata partition below). • If you choose to modify your partitions, the /asi partition is automatically created and linked to the /metadata partition. All ASI metadata is written to this partition instead of /metadata and this cannot be eliminated.

576

Defaults

Minimum

Maximum

Size (GB)

File System

25 GB

10% of available storage

50 GB

XFS

CONFIGURING AND MANAGING nGeniusONE

/metadata for nGeniusONE, Sniffer Analysis

This partition is required for nGeniusONE, Performance Manager, and InfiniStream Console features such as remote decode, data capture, and InfiniStream trace file storage.

50 GB

25 GB

10% of available storage

Enter the required size for selected partitions

XFS

Set a size for this partition based on your anticipated usage of features listed below: • nGeniusONE Decode View/ Performance Manager Remote Decode stores transient session data files in /data and /rtm/pa/data folders. Although these files are automatically removed when the decode session is closed, multiple simultaneous decode sessions can also create temporary index files in the /metadata partition consuming as much as 20 GB of space. • InfiniStream Console and Performance Manager users can save remote trace files on the InfiniStream appliance’s /metadata partition instead of immediately moving mined packets to the InfiniStream Console system or nGeniusONE Server, respectively. NOTE: For releases v5.0 through v5.4, the default/minimum /metadata partition size was 25 GB. Now for v5.4.1, the default/minimum partition size has increased to 50 GB. When upgrading to v5.4.1, you are not required to modify existing partition sizes and you can choose to leave existing /metadata partitions at 25 GB. However, if you retain the existing /metadata partition size, it is strongly recommended that you do not save remote trace files on the InfiniStream appliance. These trace files consume space on the partition and reduce the space available for the ASI metadata required for nGeniusONE monitors and enablers.

Excluding remote decode operations, files saved on this partition must be managed manually. Users who expect heavy use of any of the above features should increase the default to a greater percentage of the total storage. Note that if you choose to increase the size of an existing /metadata partition, all stored metadata will be lost.

577

nGeniusONE 5.4.1 Online Help Topics

/xdr for nGeniusONE, nGenius Subscriber Intelligence, and nGenius Voice | Video Manager

If the appliance will be 20% of configured to produce available xDRs/ASRs (eXtended Data storage Records/Adaptive Session Records) and Conversation data for use by nGeniusONE or nGenius Subscriber Intelligence, you MUST allocate an /xdr partition to store this session data. This partition can be eliminated if the appliance will not be used to produce session data for use with those applications.

6 GB

50% of available storage

Enter the required size

1% of available storage

35% of available storage

Enter the required size

N/A

N/A

Total remaining storage space after space is allocated to the other partitions. Unconfigurable and cannot be eliminated.

XFS

(entering 0 eliminates the partition)

An xDR stores eXtended Data Records (xDRs) for mobile subscriber sessions. The nGenius Subscriber Intelligence application uses these records to correlate mobile sessions across multiple monitored legs. The more space you allocate to xDR storage, the further back Subscriber Intelligence will be able to mine for mobile data session correlation. /flow for InfiniStream Console

/data or /raw for Packet storage

578

Required for use with the InfiniStream Console. InfiniStream Console users MUST allocate a /flow partition for the storage of RMON data, 15-second flow records, and aggregated 5minute statistics. All others can enter 0 to eliminate this partition. On XFS-formatted appliances, collected packets are stored in a /data partition. On NetScout File System-formatted appliances, collected packets are stored in a /raw partition.

5% of available storage

N/A

XFS

(entering 0 eliminates the partition)

Select one of the following:

• NetScout (Raw) default

• XFS

CONFIGURING AND MANAGING nGeniusONE

Configuring Monitored Element Groups Monitored Element Groups Tab in Device Configuration Monitored Element Groups Overview The Monitored Element Groups tab in Device Configuration displays a list of configured monitored elements, groups, super groups and their associated characteristics, described in the table below. Important: When upgrading, monitored element groups containing one or more ASI physical or virtual interfaces are automatically converted to network domains in nGeniusONE. If you previously had services with monitored element groups, the services are updated to use the new network domains instead of ME Groups. Virtual interfaces from the previous ME Groups are shown as location keys in the service member details for the network domains. Functionality Monitored Element Groups can contain: • Physical or virtual interfaces • Switches and routers • A combination of the above The screen also provides buttons to perform the following functions. Click the hyperlink for step-by-step instructions. • Add

a monitored element group or Super Group.

• Delete

a monitored element group or Super Group.

• Show or Hide Filter to display or hide the filter field. When displayed, the filter field lists one or more specified ME Groups or Super Groups in the ME Groups pane. A more selective filter is provided in the Group Details pane where you can arrange the list by Name, Full Name, Alias, IP Address, Speed, Device Category, or Interface Category. • Reset Filter

displays or hides the filter field.

• Import

Super Groups in bulk.

• Refresh

the ME Group display.

• Clicking the Task Progress Report arrow screen displays a report with the Name of the particular ME Group, Details and Status of the operation. You can click Details to display additional information about the task.

579

nGeniusONE 5.4.1 Online Help Topics

Field

Description Monitored Element Groups Pane

or Name

Type of group (Monitored Element Group or Monitored Element Super Group) Name of the group Group Details Pane

Name

For adding/editing the group name. Becomes available when Add a monitored element group

is clicked.

Group Type filter options:

Check the Super Group check box to display members of the super group selected in the left pane.

• Super Group

Check the Show Members Only check box to display members of the group selected in the left pane. Uncheck the box to display all configured ME members.

• Show Members Only Column function/name

Description

Check box to select/deselect devices Name

The name of an ME member, defined when you add a device to the nGenius Server.

Full Name

Descriptive name for an ME member which can include the associated device name, physical and virtual interface names, and QoS group level. For example: john234:if5:VRFGROUP_Other:QOS

Alias

User-supplied, optional, alternate name for an ME member.

Address

The IP address of an ME member.

Speed (Mbps)

Speed of the interface in bits per second. The speed is detected by the nGenius Server.

Device Category

Type of device associated with the ME member. For example: InfiniStream

Interface

Type of interface: either Physical, Virtual, or User Defined ME.

580

CONFIGURING AND MANAGING nGeniusONE

Category

Monitored Element Groups/Super Groups in nGeniusONE — Overview Creating Monitored Element groups allows you to group nGenius InfiniStream and probe interfaces, router interfaces, and switch ports in a way that is most useful to your organization. For example, you can group monitored elements according to topology, type of link, region, or business unit. You could also group Monitored Element groups to make it possible to restrict access to data for certain users. By further aggregating Monitored Element Groups into Super Groups, you can manage monitored elements to reflect the structure of your enterprise. Super Groups are particularly useful in large distributed enterprises. In a distributed server environment, you can create Monitored Element Groups from the Global Manager as well as from the Local Server. The advantage of creating Monitored Element Groups from the Global Manager is that you can include device interfaces and switch ports that reside on different Local Servers in one group. You can also see other Monitored Element Groups that are created on each Local Server. From a Local Server, you can view all Monitored Element Groups, but within each group, you can view only those device interfaces and switch ports that exist on that Local Server. Monitored Element Groups with ASIs Automatically Converted When upgrading, monitored element groups containing one or more ASI physical or virtual interfaces are automatically converted to network domains in nGeniusONE. Once added to nGenius Performance Manager, monitored element groups are available in nGeniusONE. If you previously had services with monitored element groups, the services are updated to use the new network domains instead of ME Groups. Virtual interfaces from the previous ME Groups are shown as location keys in the service member details for the network domains. Monitored Element Groups and Super Groups display in the module.

Device Configuration

• Network Administrators and Approvers can create, edit, rename, or delete Monitored Element Groups and Super Groups in the nGeniusONE Server. • You can combine Monitored Element Groups into Super Groups. • System Administrators can restrict access to groups for certain users. • All users can view Monitored Element Groups, Super Groups and their contents. Monitored Element Groups are supported for both physical and virtual interfaces. The following monitored elements cannot belong to a group: • Top level device groups such as Ethernet, WAN, or Enterprise • Probes (at the device level) Super Groups can contain Monitored Element Groups but not monitored elements.

581

nGeniusONE 5.4.1 Online Help Topics

Adding a Monitored Element Group in nGeniusONE The add monitored element (ME) group functionality in the Device Configuration module lets you create a ME group or Super Group, and aggregate existing monitored elements into groups or ME groups into Super Groups. To create a monitored element group on the nGeniusONE Server: 1. From the nGeniusONE Console, click

Device Configuration.

2. Select the Monitored Element Groups tab. 3. Click Add monitored element group. Clicking this button activates the Name field in the Group Details pane. 4. Enter a name for the ME Group or Super Group name. The name must be unique for each device. Up to 128 alphanumeric characters are valid. Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all. Do not include commas or spaces in the name. Be advised that if you use nonapproved characters or spaces, you may encounter problems generating alarms with user-defined protocols and using certain CLA commands. Do not use "Enterprise" as a group name. The underscore _ and dash — are not considered special characters. 5. Click the check box of one or more monitored elements or groups and click Apply to save the group. After the group is added, the name remains in the field but is grayed out until you add another group or select a group to display.

Creating a Monitored Element Group or Super Group When you create groups to monitor, you can select the following: • Physical or virtual interfaces • A switch or router to add all of the switch or router interfaces to the group at once Note: You cannot select a probe to add all of the probe interfaces in this manner. • A combination of the above To create a Monitored Element Group or Super Group: 1. From the nGeniusONE console, click the

Device Configuration icon.

2. Select the Monitored Element Groups tab. 3. Select Add monitored element group. Clicking this icon activates the Name field in the Group Details pane. 4. Enter a group name. It must be unique for each group. Note: Monitored Element Group names can have a maximum of 128 alphanumeric

582

CONFIGURING AND MANAGING nGeniusONE characters and/or spaces. Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all. Do not use "Enterprise" as a group name and do not include commas or spaces in the name. Be advised that if you use non-approved characters or spaces, you may encounter problems generating alarms with user-defined protocols and using certain CLA commands. The underscore _ and dash — are not considered special characters. 5. To create an ME Group, continue with the next step but to create a Super Group, click the Super Group check box. Tips: - This procedure describes how to create an individual Super Group. You can also import Super Groups in bulk. - You cannot add Super Groups to another Super Group; but, you can expand an existing Super Group and add its members to another Super Group. - Monitored elements cannot be added to a Super Group, only Monitored Element Groups. 6. Click the check box of one or more monitored elements or groups from the list and click Apply to save the group. Note: Un-clicking the checked Show Members Only check box displays all configured monitored elements, groups, and Super Groups in the nGeniusONE server. After the group is created and displays in the list, the name remains in the Name field but is grayed out until you add another group or select a group to display. Note: To remove one or more groups or Super Groups, click the corresponding member group.

check box and click

Delete the selected monitored element

Creating a Monitored Element Super Group You can group Monitored Element Groups to create Super Groups. By combining Monitored Element Groups into Super Groups, you can creatively and flexibly manage monitored elements to reflect the structure of your enterprise. Super Groups are particularly useful in large distributed enterprises. You can delete or modify Super Groups in exactly the same manner as Monitored Element Groups. Note: The procedure in this topic describes how to create an individual Super Group. You can also import Super Groups in bulk. To create a Super Group: 1. From the nGeniusONE console, click the

Device Configuration icon.

2. Click the Monitored Element Groups tab.

583

nGeniusONE 5.4.1 Online Help Topics 3. If you have not previously configured Monitored Element Groups, do so now. 4. In the Monitored Element Groups dialog box, click Add monitored element group. 5. Enter a group Name; it must be unique for each group. Up to 128 alphanumeric characters and spaces are supported. Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some or all. Do not use "Enterprise" as a group name and do not include commas or spaces in the name. Be advised that if you use non-approved characters or spaces, you may encounter problems generating alarms with userdefined protocols and using certain CLA commands. The underscore _ and dash — are not considered special characters. 6. Click the Super Group

check box.

7. In the Monitored Element pane, select the Monitored Element Groups you want to include and click Apply. Click and drag the cursor, or use Shift-click, or Ctrl-click to make multiple selections. Tips: • You cannot add Super Groups to another Super Group; however, you can expand an existing Super Group and add its members to another Super Group. • To remove a Monitored Element Group, select it from the Group Members list (you can make multiple selections), and click Remove. To remove all entries, click Remove All.

Importing Monitored Element Super Groups in nGeniusONE If you plan to create many Monitored Element Super Groups, you can do so more conveniently by creating and importing a properly configured text file. 1. Open a text editor create an import file using the following format: ,megroup1 ,megroup2 ,megroup Notes: • Enter each Monitored Element Group on a separate line. • Group and Super Group names support alphanumeric characters and spaces. With the exception of the forward slash (/) special characters are not supported. • Entries are case sensitive. Example To import Super1 enter: Super1,ME1 Super1,ME2 Super1,ME3

584

CONFIGURING AND MANAGING nGeniusONE To import Super2 enter: Super2,ME3 Super2,ME2 To import Super3, the following formats are invalid for ME1 and ME2 Super3,ME2,ME1 [list each ME group on a separate line] Super3,me1 [case sensitive] Super3,me2 [case sensitive] 2. Save the file in CSV format. 3. From the nGeniusONE console, click the

Device Configuration icon.

4. Select the Monitored Element Groups tab. 5. If you have not previously configured the appropriate Monitored Element Groups, do so now. 6. Click Import super groups and navigate to the location where you saved your import file. (Select All Files if you saved the file in other than *.csv format.) 7. Select the file, making sure it displays in the File name field. 8. Click Open. Note: If the group does not immediately display, click the

Refresh icon.

Modifying a Monitored Element Group Network Administrators and Approvers can modify Monitored Element Groups or Super Groups by adding or removing group members. To modify a Monitored Element Group: 1. From the nGeniusONE console, click the

Device Configuration icon.

2. Select the Monitored Element Groups tab. 3. In the Monitored Element Groups pane, select the group you want to modify. 4. Perform one of the following: • Select Add monitored element group, select one or more monitored elements from the Group Details member list, and click Apply to save your changes. Important: be sure that the Show Members Only check box is unchecked to view all available members. • Select Delete the selected monitored element group, select one or more monitored elements from the Group Details member list, and click Apply to save your changes. Important: be sure that the Show Members Only check box is unchecked to view all available members.

585

nGeniusONE 5.4.1 Online Help Topics Note: If you add monitored elements to a group to which a Restricted User has access, the Restricted User must log out of nGeniusONE and then log back in to be able to view the new monitored elements. If the group does not immediately display, click the Refresh icon or press F5 to display your new Monitored Element group.

Deleting a Monitored Element Group in nGeniusONE In the Network Administrator role, you can delete Monitored Element groups. Deleting Monitored Element groups does not remove the interface, port, or device from the nGeniusONE server but simply removes the group as a logical listing. Note: You cannot delete the only Monitored Element group associated with a user account. Doing so would provide the previously Restricted User Account access to enterprise-wide data. Click here for options available to the System and Network Administrators. To delete a Monitored Element Group: 1. From the nGeniusONE console, click the

Device Configuration icon.

2. Click the Monitored Element Groups tab. 3. In the Monitored Element Groups pane, select an existing group and click the selected monitored element group.

Delete

If the Monitored Element group is associated with any user account, the Delete Monitored Element dialog box informs you that deleting the group also deletes the group association with user accounts, and lists the affected user accounts. 4. Click OK when prompted to delete the selected groups. 5. Click Apply. One of the following occurs: • The Monitored Element group is deleted if either of the following is true: o The Monitored Element group is not associated with any user account o The Monitored Element group is associated with one or more user accounts, but it is not the only group associated with any user account • If a Monitored Element Group is the only group associated with any user account, a message indicates that the group cannot be deleted and advises you to contact your System Administrator. Click OK. Options.

586

CONFIGURING AND MANAGING nGeniusONE

NetFlow Groups NetFlow and sFlow Collection Overview Flow collection is based on receiving flow records from enabled devices. nGenius Collectors support the following: • NetFlow versions 1, 5, 7, and 9 • Vendor formats, such as JFlow and IPFIX, that conform to NetFlow • sFlow versions 2, 3, 4, and 5 NetFlow and sFlow are enabled directly on the routers and switches themselves, but require an nGenius Collector to receive flow data. nGenius Collectors can be configured to act as collection devices for flow data. nGenius Collectors (3300 Series) support collection of NetFlow and IP SLA data. By default, when you add an nGenius Collector to nGeniusONE, its associated routers are added automatically, provided the Read/Write communities are Public. If the communities are other than Public, you can manually add the router to the nGenius Collector from Device Configuration. Each nGenius Collector can support up to 10 NetFlow-enabled devices with a combined maximum number of 1000 interfaces. Alternatively, the nGenius Collector can be deployed to support an unlimited number of flow-enabled devices with a combined maximum number of 250 interfaces. Using the extd_vifn_mode command, you can increase the virtual interface support on nGenius Flow Collector and nGenius Collector appliances to 5000. The flow information collected on each device is sent to the management interface of a nGenius Collector, and each flow source (interface on a switch/router) is mapped to an independent virtual interface in the Collector. The Collector dynamically creates the flow virtual interfaces as it receives flow export for those interfaces. Statistics available for NetFlow and sFlow virtual interfaces include: • Utilization • Average Packet Size • Application Statistics • IP Hosts and Conversations • Application Layer Host and Conversation data Note: nGenius Collectors support sFlow versions 2, 3, 4, and 5. sFlow v5 includes two variations of formatting, a regular format and an extended interface format; both are supported. However, ifIndex values of greater than 64K (65535) are not supported in sFlow collections. IfIndex values above the 1-65535 range are collected in the default ifIndex 0 virtual interface associated with the exporting device.

587

nGeniusONE 5.4.1 Online Help Topics

Flow Overview A flow is a unidirectional sequence of unicast packets between given source and destination endpoints. The following seven elements define a unique flow. If a flow has one or more elements different from another flow, then it is considered a new flow. • Source IP Address • Destination IP address • Source port number (TCP, UDP) • Destination port number (TCP, UDP) • Layer 3 protocol type (IP, ICMP) • Type of Service (ToS) byte (0-7) • Input logical interface NetFlow and sFlow are technologies used to monitor IP traffic flows in routed and switched environments. nGenius Collectors (3300 Series) support the following: • NetFlow versions 1, 5, 7, and 9 • Vendor formats, such as IPFIX and JFlow, that conform to NetFlow • sFlow versions 2, 3, 4, and 5 When configured to generate NetFlow datagrams, routers and switches can be directed to send the data to the nGenius Collector. nGenius Collectors, dedicated high-density NetFlow and IP SLA collection devices, gather NetFlow datagrams and IP SLA test data from Cisco routers and/or switches for display in nGeniusONE, nGenius Performance Manager, and nGenius Performance Manager for Flows. Configuring Flow Interfaces on Routers, Probes, and Collectors

Add or Modify a NetFlow Aggregate Group Field

Description

Name

Enter a name for the group. Alphanumeric characters are supported.

DTE Speed

(Optional) Enter the DTE speed in bits per second (bps). For accurate utilization calculation, you must enter the correct speed. If no speed is entered, the speed is set to 0.

DCE Speed

(Optional) Enter the DCE speed in bits per second (bps). For accurate utilization calculation, you must enter the correct speed. If no speed is entered, the speed is set to 0.

Discovered

Displays only those NetFlow interfaces that do not belong to another Aggregate Group.

Associated

Select the interface(s) you want to associate with the

588

CONFIGURING AND MANAGING nGeniusONE group from the Discovered column, and click Add. Ctrlclick or Shift-click to selection multiple interfaces. Your selections display in the Associated column. Select an interface and click Remove or Remove All to revise your selections. Tip: To make multiple selections, use Shift-click, or Ctrlclick to select interfaces.

Creating a NetFlow Aggregate Group You can group existing NetFlow interfaces created on an nGenius Collector as a logical group. The logical group you create becomes a virtual interface on the Collector that you can monitor. You can create more than one NetFlow Aggregate group for a Collector, but each NetFlow interface discovered on the Collector can belong to only one group. Note: The nGenius Collector must be set to Interface-Mode. Device mode is not supported for creating NetFlow aggregate groups. Refer to the nGenius Collector Administrator Guide for details on how to configure Interface-Mode. Requirements Note: The nGenius Collector must be set to Interface-Mode. Device mode is not supported for creating NetFlow aggregate groups. Refer to the nGenius Collector Administrator Guide for details on how to configure Interface-Mode. To create a NetFlow Aggregate group: 1. From the nGeniusONE Console, launch

Device Configuration.

2. Select the Devices tab. 3. Double-click the appropriate nGenius Collector. 4. Select the interface, click Select monitoring options, and from the drop-down menu, select Aggregate NetFlow. The Aggregate NetFlow window displays. 5. Click Add

. The Aggregate Groups Edit window displays.

Note: If you created other Aggregate groups for the selected Collector, only those NetFlow interfaces that do not belong to another display in the Discovered column. 6. Enter the appropriate data in the fields in the Aggregate Groups window. 7. From the Discovered column, select the interface you want to include and click Add. Ctrl-click or Shift-click to add multiple interfaces. (Click Remove or Remove All if you need to revise your selections.)

589

nGeniusONE 5.4.1 Online Help Topics 8. When you finish adding interfaces to the group, click OK. The Aggregate Groups window closes and the new group displays in the Aggregate NetFlow window. Select a group to display its associated interfaces. Note: • The Aggregate ID column displays ID numbers that are automatically assigned to each group in sequence as they are created. You can create a maximum of 254 groups. • Modify or delete a group by selecting it and clicking the appropriate button. 9. Click OK. The blue triangle on the Aggregate NetFlow button indicates a change to an aggregate group that has not been downloaded to the Collector. 10. Click OK to download the new group to the Collector.

Deleting a NetFlow Aggregate Group To delete a NetFlow Aggregate Group: 1. From the nGeniusONE Console, click

Device Configuration.

2. Select the Devices tab. 3. Double-click the probe on which you created the NetFlow Aggregate Group. 4. Select the interface and click

Select monitoring options.

5. From the drop-down menu, click Aggregate NetFlow. The Aggregate NetFlow window displays. 6. Select the group you want to delete and click

Delete.

7. Click Yes to confirm the deletion. 8. Click OK. The blue triangle on the Aggregate NetFlow button indicates a change to an Aggregate Group that has not been downloaded to the probe. 9. Click OK. The group is deleted from the probe.

Modifying NetFlow Aggregate Groups To modify a NetFlow Aggregate Group: 1. From the nGeniusONE Console, launch

Device Configuration.

2. Select the Devices tab. 3. Double-click the probe on which you created the NetFlow Aggregate Group. 4. From the Interfaces tab, click Aggregate NetFlow. The Aggregate NetFlow window displays. 5. Select the group you want to modify and click Modify window displays. 590

. The Aggregate Groups

CONFIGURING AND MANAGING nGeniusONE 6. Modify the group as required. 7. When you finish making your modifications, click OK. The Aggregate Groups window closes and the Aggregate NetFlow window displays. You can select the modified group to view the associated interfaces. 8. Click OK to close the Aggregate NetFlow window. The blue triangle on the Aggregate NetFlow button indicates a change to an Aggregate Group that has not been downloaded to the probe. 9. Click OK to download your modifications to the Collector.

591

nGeniusONE 5.4.1 Online Help Topics

Additional Topics Other Device Configuration Configuring Devices on the nGeniusONE Console — Overview The Device Configuration home page on the nGeniusONE console provides the following functionality: • Devices — to display, add, modify, or delete settings for devices connected to your server. • Upgrade - to install newer InfiniStream or InfiniStream Decode Pack software • Monitored Element Groups — to add, delete, or import monitored element groups or super groups on your server.

Clearing Data Captures In the Network Administrator role, you can clear the data captures from InfiniStream appliance interfaces. 1. From the nGeniusONE Console, open

Device Configuration.

2. Select the Devices tab. 3. Select an InfiniStream with interfaces from which you want to clear data captures. 4. Select one or more interfaces and click

Clear Captures.

5. When prompted to clear a capture, click OK.

Logging in to a Device Remotely If you are a Network Administrator, you can log in to a probe or nGenius InfiniStream remotely. When you remotely log in to a device, the Agent Configuration Utility displays. Included in the menu are options allowing you to modify device settings, for example: • Change the device IP address • Change the Read/Write Communities • Configure firmware options • Add or modify security options To remotely log in to a device: 1. From the nGeniusONE Console, launch

Device Configuration.

2. Select the Devices tab. 3. Select the device and click Remote Login. The Remote Console displays the Agent Configuration Utility. (Login and password may be required.)

592

CONFIGURING AND MANAGING nGeniusONE Note: The number of consoles permitted to be open at any given time is four. Refer to the Agent Administrator Guide regarding your NetScout device for additional details.

Deleting a Device or Interface To delete a device or interface, you must be assigned the Network Administrator role. When you delete a device, the device is removed from the Devices tab and all interfaces removed. When you delete an interface, the interface is removed from the Modify Device screen. All data related to the device remains in the database until it ages out. When you delete a switch, the nGeniusONE Server deletes ether stat entries that the nGeniusONE server created. To delete a device: 1. From the nGeniusONE Console, launch

Device Configuration.

2. Select the Devices tab. 3. Select the device you want to delete and click

Delete.

4. In the confirmation window, click OK to delete the selected device. To delete an interface: 1. From the nGeniusONE Console, launch

Device Configuration.

2. Select the Devices tab. 3. Double-click the device for whose interface you want to delete. 4. Select the interface. 5. Click

Delete.

6. In the confirmation window, click OK to delete the selected interface. 7. Click OK to save your configuration.

Exporting Device Settings You can export device settings from one nGeniusONE Server to a file that you can then import to another Server. Features Exported • Well known Apps • Server-based Applications • Extension Apps • Application Groups • Sites • Host Groups • QoS Groups

593

nGeniusONE 5.4.1 Online Help Topics • APN Groups • SNMP Trap Listeners • KPI Alarm • KPI Error Code Config • KPI Error Codes Exporting Device settings is useful to accomplish the following tasks: • Export the device configuration • Export custom protocols — When you import custom protocols, certain rules are applied to prevent importing duplicate. Export is not supported for protocols provided by default. • Export Application Group associations To export device settings: 1. From the nGeniusONE Console, click

Device Configuration.

2. Click the Devices tab. 3. Click

Export devices.

Important: Saving the file with the same name as a previously-saved file overwrites files contents. 4. Click Save File and OK. You can later import the file to another system.

Device and Interface Alias Overview You can optionally give a device or an interface an alternate name known as an alias. You might want to use aliases when, for example, the Network Administrator has a preferred method for naming devices that is useful in the Administrator role, but which is inconvenient for other users who are accessing views or reports. You can create aliases for devices and for physical and virtual interfaces: • Device — You can create an alias when you add a device to the nGeniusONE Server, or you can add or modify a device alias. • Physical interface — Add or modify aliases for physical interfaces at the Interfaces tab of the device details window. • Virtual interface — Add or modify alias names for virtual interfaces by clicking Virtuals in the device details window. After you define aliases for devices and/or interfaces, you can also choose to have device/interface aliases display for a specific NewsPaper report. Note: If you select aliases to display and no alias is defined for a device or interface, the device or interface name displays.

594

CONFIGURING AND MANAGING nGeniusONE

Preventing Switch Configuration When you add a device to the nGeniusONE Server, the server automatically configures the device by applying Global Settings and templates. For switches only though, the Enable Learn Only option is selected by default. This mode prevents the nGeniusONE Server from applying Global Settings, templates, history, and alarms to the switch. Only switch information is learned. Note: Spanning requires that Enable Learn Only be selected. You can disable or re-enable the Learn Only option using the following procedure: 1. From the nGeniusONE Console, launch

Device Configuration.

2. Click the Devices tab and double-click the switch. 3. Select or deselect the

Enable learn only mode check box as required.

4. Click OK. Note: If you enable the Learn Only option after the switch has operated with the Learn Only flag disabled, Global Settings, templates, alarms, and history settings are retained. However, no further updates to the Global Settings, templates, alarms, or history are written to the switch.

595

nGeniusONE 5.4.1 Online Help Topics

IP Ping IP Ping in nGeniusONE Note: If the Add probe.

button is disabled, verify that Response Time is enabled on the

Column

Description

Target Host (IP Address)

Enter the IP address of the device you want the probe to contact. You can add a maximum of 20 entries.

Ping Interval (seconds)

Enter the interval (in seconds) in which you want the device to be contacted. The default is 60 seconds.

QoS Level

Enter the Quality of Service level. The default is 5.

Using IP Ping to Contact Other Devices You can monitor the path availability and network latency to any device on your network by specifying the IP address of the device you want the nGeniusONE probe to contact. Once IP Ping is configured, you can receive responsiveness and availability Power Alarms as well as view response time for the pinged device. Note: You can enable monitoring of Response Time for the IPPING protocol in Applications. Important: nGenius probes support IP-PING, which requires you to enable monitor support on Interface 1. nGenius InfiniStream appliances do not support this feature. 1. Ensure that you meet all requirements. 2. From the nGeniusONE Console, launch

Device Configuration.

3. Select the Devices tab. 4. Double-click the probe that you want to use to contact another device. 5. Select interface 1, click Select monitoring options, and select IP Ping from the drop-down menu. If the IP Ping button is disabled, review the IP Ping requirements. You may need to enable monitoring for interface 1 on the probe. 6. Click Add

. If the Add button is disabled, review the IP Ping requirements.

7. Enter the IP address (IPv4) of the device or server (Target Host) you want the probe to contact. 8. Enter the Ping Interval (seconds) to specify how frequently the probe pings the device or server. The default is 60 seconds. 9. Enter the QoS Level (default is 5). 10. Click OK.and Apply to save your configuration.

596

CONFIGURING AND MANAGING nGeniusONE Note: If you modify an attribute in the Probe Interfaces dialog box, the icon will appear in the Pending column. The type of configured action made displays by hovering your cursor over the icon. For example: Pending changes: Alarm Policy. IP Ping Requirements You can monitor the path availability and network latency to any device on your network by specifying the IP address of the device you want the probe to contact. Once IP Ping is configured, you can receive responsiveness and availability Power Alarms as well as view response time for the pinged device in any response time view. To use IP Ping, you must meet the following requirements: • nGenius Collector o Agent Options — Monitor ifn 11 set to on (disabled by default) o Software Options — Response Time Monitor set to on (enabled by default) For detailed information on how to enable monitoring on the Collector, see the Monitor Interface 11 and Response Time Monitor topics. Important: nGenius Collectors support IP PING, which requires you to enable monitor support on Interface 11. nGenius InfiniStream appliances do not support this feature. • Applications o Configure IP PING for Response Time monitoring o (Optional) Modify Response Time boundaries, if required Read/Write Community Write Community String in nGeniusONE The Write Community setting defined in the device and in the nGeniusONE Server must match. If the write community string is defined incorrectly in either place, then the nGeniusONE Server will be unable to apply Global Settings and templates. To change the write community string for an individual device: 1. From the nGeniusONE console, click the 2. Select the device and click

Device Configuration icon.

Device Settings.

3. Change the Write Community field to match the setting in the device and click OK. 4. (Optional) Click the is accepted.

Information icon to view whether the write community string

Note: A device with a correct Read Community setting displays as Active in the Status column of the Devices screen even if the Write Community setting fails. In that case, you have read privileges, but you cannot write to the device.

597

nGeniusONE 5.4.1 Online Help Topics

Relearn Automatic Relearn in nGeniusONE — Overview When you add a device to the nGeniusONE server, the server automatically learns all the interfaces and configures the device by applying Global Settings. The server relearns the device whenever the device reboots (for example, when a new physical interface is added or removed or firmware is upgraded). In addition, the server automatically checks devices on an hourly basis to ensure that the device and the server remain synchronized. Certain events, if detected during the hourly check, prompt a full relearn of the device including: • Device interface speed changes on an active interface • Interface type changes on an active interface • A new virtual interface appears on an active interface • A virtual interface on an active interface is no longer present • The virtual interface numbers no longer match (VPI/VCI) • Interface encapsulation changes • Any mismatch in protocol configuration You can also relearn a device on demand. Relearning a Device The nGeniusONE server automatically accesses the nGeniusONE data source on an hourly basis to ensure that it remains synchronized with the server. More about automatic relearn. To quickly perform a manual relearn: 1. From the nGeniusONE Console, click

Device Configuration.

2. Select the Devices tab. 3. Select the device and click

Relearn.

4. Click OK to confirm that you want the device to be relearned. 5. Information about the task performed displays as shown below. Note: if the arrow points up, the Task Progress Report also displays.

598

CONFIGURING AND MANAGING nGeniusONE

Device Details Device Details — Modify Device Screen The Modify Device dialog box allows you to view and, except as noted below, modify information about a specific probe, nGenius InfiniStream, router, or switch. It is accessed by double-clicking the selected device in the Devices tab of Device Configuration. Function availability varies by device. Click the links for more information on device and interface settings. Field

Description

General information Name

The device name. This field accepts spaces and alphanumeric characters. • Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some, all, or none. • The device name must be unique. This field is required.

Alias

(Optional) A user-defined alternate name for the probe. • Spaces and alphanumeric characters are valid. • Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some, all, or none.

Address

The IP address (IPv4, IPv6) or host name of the nGenius Collector, Probe, InfiniStream, Packet Flow Switch, router, or switch. This field is required.

Notes

(Optional) Additional user-supplied information such as the device's location. Maximum length is 128 characters.

Device Template

The template applied to this device chosen from a pulldown menu.

Communication Protocol

The communication protocol type used to exchange information between network devices. Choices: Automatic (default), HTTP, HTTPS, SNMPv1, SNMP (SNMPv2c), or SNMPv3. Protocol choices are dependent on the Device Type. Important: NetScout strongly recommends that

599

nGeniusONE 5.4.1 Online Help Topics

HTTP/HTTPS be selected instead of an SNMP version. HTTPS communications between NetScout appliances is performed such that certificates are verified on both server and client sides of the traffic once you have added the SSLHelper.trustAllCertificates=false property to the serverprivate.properties file. Note: HTTP is automatically detected only on 5.0.x and later InfiniStream devices. HTTPS and SNMPv3 are not automatically detected - you must manually choose these protocols. Important: When adding a device behind a firewall, be aware that nGeniusONE Server uses particular ports for the SNMP, HTTP, and HTTPS communication protocols. Alternatively, you can use optional ports for these protocols. Refer to the Ports Used by nGeniusONE Server Hardware section in the nGeniusONE Administrator Guide for these mandatory and optional port numbers. Read Community

The read community string. The initial default setting is public. This field is required. Note: When SNMPv3 is the selected communication protocol, this field becomes User Name. The Read Community value is used as the default.

Write Community

The write community string. This setting must match the write community string defined in the probe (more). The initial default setting is private. This field is required. Note: When SNMPv3 is the selected communication protocol, this field becomes Authentication Password. The Write Community value is used as the default.

Device Status

Displays the current status of the device. Device status can be Active, Inactive, Down, or Pending. This field cannot be modified.

Description

Displays system information about the device such as vendor, model, and firmware version of the device. This field cannot be modified.

Advanced settings Retries

The number of times you want the nGeniusONE Server to attempt to reach the probe if there is no response. This value must be an integer between 1 and 1000. Default value: 3. This field is required.

Timeout

The interval (in seconds) you want the nGeniusONE Server

600

CONFIGURING AND MANAGING nGeniusONE

to wait before retrying an SNMP request. The value must be an integer between 1 and 1000. Default value: 1. This field is required. Enable deviceunreachable alarm

If enabled, an alarm displays in the Alarm Viewer if the device is unreachable; a subsequent alarm displays if the device comes back up.

Enable learn only mode

Select this check box if this switch is used for spanning purposes only and you do not want to apply Application settings, history, templates, or alarms to the switch. More about the Enable Learn Only option.

(Switch Only) Do not add routers for NetFlow

DLC (Switch Only)

Enable this option if you do not want routers to be discovered. When disabled (default), System Relearn identifies routers discovered by virtual interfaces. It concerns Collectors only. This option is available only when adding the device. Data Link Control check box. A switch setting for monitoring and logging MIB2 data.

SNMPv3 settings (available only when the SNMPv3 communication protocol is chosen) Authentication Protocol

The authentication protocol used with SNMPv3. Choices: MD5 or SHA1.

Privacy Settings

Click the check box to choose a privacy protocol from the drop-down menu and enter a privacy password.

Privacy Protocol

SNMPv3 privacy protocol. Choices: AES, DES, or 3DES. A privacy password is required if the privacy protocol is provided.

Password

Refresh

Enter a privacy password. A concurrent configuration edit will enable the Refresh button so that any changes made by one user can subsequently be displayed by other users clicking the button.

Device Details - Interfaces Screen The Interfaces or Ports section of the Modify Devices screen, as shown below, provides for configuration and display of physical interface information for InfiniStreams, probes, routers, and switches as well as drill-down access to associated virtual interfaces. Be aware that depending on the interface type chosen, some data and functions are not available.

601

nGeniusONE 5.4.1 Online Help Topics

From this screen you can: •

Modify interface properties.

•

Delete an interface.

•

Activate or

Deactivate an interface.

•

Clear Captures to empty buffers of packets collected by previous captures. This function is not available for switches or routers.

•

Monitoring options to configure virtual interface parameters: IPSLA, NetFlow Aggregate, IP Ping, Associate Sites, Associate APN, or Associate VRF Groups and others. This function is not available for switches or routers.

•

Virtuals to view and configure virtual interfaces, as shown below. This function is not available for switches or routers. Also, the Virtuals icon is disabled if the selected physical interface does not have configured virtual interfaces.

Important: Inline editing is not supported. Modify Interface Name, Alias, or Speed To modify a physical interface Name, Alias, or Speed, refer to: • Modifying Device Information • Modifying Physical Interfaces • Modifying FEC Interfaces • Modifying virtual interfaces: APN, BSID, LA-RA, NetFlow, QoS, sFlow, Site, TAC, VLAN, VRF Group, and VRF Site. Important: Depending on the interface type, changing a name or interface speed may not be permitted. Column

Description

Name

The name of the interface. This field is configurable: • Spaces and alphanumeric characters are valid up to a limit of 128 characters. • Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some, all, or none. • The name must be unique for each interface. Note: Interface names are based on if Descriptors or if Names (if entered on the device). If the nGenius Server learned the name of the interface

602

CONFIGURING AND MANAGING nGeniusONE

from the device, you cannot modify the interface name. Alias

(Optional) A user-defined alternate name for the interface. This field is configurable: • Spaces and alphanumeric characters are valid. • Rules governing the use of special characters vary by function. In most cases, the user interface validates characters as you enter them, allowing some, all, or none. • The alias must be unique for each interface.

IP Address (Routers Only)

The IP address of the interface. If an interface has multiple IP addresses, only one address displays. This field does not display for probes or switches.

Number (Probes and Routers Only)

The interface number. This field does not display for switches.

Slot/Port (Switches Only)

The slot and port numbers on the device.

IF Type

The type of network the device is connected to such as Ethernet (ET), Frame Relay (FR), ATM, Token Ring (TR), WAN, GigabitEthernet, or ASI PORTAL (for select voice-supporting InfiniStream models). If the nGenius Server does not recognize the interface type, then the topology is defined as Other.

Speed Override (Routers and Switches Only)

Check box indicating whether or not the original interface speed was overridden.

Speed (Mbps)

The interface speed. By default, the speed is learned when a device is added. In many instances, this value can be overwritten.

Fdx (Routers and Switches Only)

Select this check box if the device supports full duplex. With Fdx (Full duplex) selected, the interface speed is doubled for utilization calculations. This field does not display for probes.

Status

The status of an interface— Active, Inactive, Absent, or Pending. You can deactivate an active interface by selecting the interface and clicking Deactivate, or activate an inactive interface by selecting the interface and clicking

Activate.

Alarm Template

Lists the alarm template (or Default) for each interface.

Locations/Virtualization

Indicates the type of Location Key (virtual interface)

603

nGeniusONE 5.4.1 Online Help Topics

discovered by the InfiniStream appliance such as Site, VLAN, VRF, QoS, Cell Site, Cell Area, Cell ID, HandsetGroup, CMTS, APN, CMTS, TAC, BSID, LA-RA, and PLMN. Multiple and hybrid Location Key types are displayed in this column per physical interface as well as in the Virtuals screen. A list stretching longer than the field can be viewed in its entirety by hovering your cursor over the entry. They are also displayed in the Location Keys pane of the Service Configuration monitor where users can choose to display locations discovered by the InfiniStream (already carrying traffic) or those configured in Global Settings but not yet in operation. Caveats • A delay of between 6 and 10 minutes will occur for Location Keys to display after they are discovered. • Only when asi_mode is set to ASI will the InfiniStream display all supported location keys it discovers from the ASI tables. CDM mode will display virtual interfaces only. • When a virtual interface is changed in ASI mode (from VLAN to Site, for example), the relearn process will take 15 minutes to process the old virtual interface and return the new virtual interface type. • Note: With hybrid mode selected, this column is titled Virtualization. When ASI mode is selected, the column is titled Locations.

604

CONFIGURING AND MANAGING nGeniusONE

Activation/Deactivation Deactivating or Activating Devices and Interfaces Deactivating a device or interface produces the following effects: • nGeniusONE server stops polling the device or interface. • All data related to the device or interface remains in the database. Inactive.

• The Devices tab window displays the device Status as • In the Devices tab window, the

Deactivate,

Relearn,

Device

Settings, Remote Login, and Associated Applications buttons become disabled. They are also disabled when the device is in a Down or Pending state. • The Devices tab window displays the number of Inact(ive) Interfaces by device. • More. Activating a device produces the following effects: • nGeniusONE server starts polling at the next polling interval. • The Devices tab window displays the device Status as

Active.

• The Details tab window displays the number of Act(ive) Interfaces for the device. • In the Devices tab window, buttons become enabled. To stop the nGeniusONE server from polling a device or interface, you can deactivate it. You can subsequently activate the device when appropriate. For example, you might want to deactivate/activate a device when you: • Send a probe in for repairs, but do not have a replacement probe configured with the same IP address. • Temporarily disconnect a port from a switch (deactivate the switch port). You must be granted the Network Administrator role to deactivate or activate a device. Distributed Server Environment In a distributed server environment, you can deactivate and activate a device from either the Global Manager or from the Local Server to which the device belongs. Both Global Manager and Local Server display the current state (active or inactive) of the device. Deactivating a device or interface produces the following effects: • nGeniusONE server stops polling the device or interface. • All data related to the device or interface remains in the database. • The Devices tab window displays the device status as

Inactive.

• The Details tab window displays the number of Inact(ive) Interfaces for the device. • More. Activating a device produces the following effects:

605

nGeniusONE 5.4.1 Online Help Topics • nGeniusONE server starts polling at the next polling interval. • The Devices tab window displays the device Status as

Active.

• The Details tab window displays the number of Inact(ive) interfaces by device. • In the Devices tab window, the Delete, Deactivate, Relearn, and Remote Login buttons are enabled. • More.

Deactivating or Activating a Device If you want to temporarily stop the nGeniusONE server from polling a device, you can deactivate it. You can subsequently activate the device when appropriate. More about deactivating and activating devices. What happens when you deactivate or activate a device To deactivate or reactive a device: 1. From the nGeniusONE Console, click

Device Configuration.

2. Select Devices tab. 3. Do one of the following: • Deactivate — Select an active device, and click Deactivate. Click OK to confirm that you want to deactivate the selected device. • Activate — Select an inactive device and click Activate. Click OK to confirm that you want to activate the selected device. 4. Click Apply. Common Questions About Deactivating or Activating a Device or Interface The following is a list of common questions about deactivating or activating a device or interface: What Happens When a Device or Interface is Deactivated? When you deactivate a device or interface, the nGeniusONE Server stops polling that device or interface for data. The data previously collected in the database for that device or interface remains in the database and is not aged out. After you place the monitored device or interface back online, you can instruct the nGeniusONE Server to begin polling that device or interface at the next polling interval by activating it. What Happens if You Do Not Deactivate a Device or Interface Before Taking the Device or Interface Offline? The nGeniusONE Server marks all devices Inactive or counts interfaces that it cannot locate as Absent. When a device or interface has an absent status, the data in the database begins to age out. When the device or interface is back online, and the nGeniusONE Server relearns the device, it recognizes the device or interface and marks

606

CONFIGURING AND MANAGING nGeniusONE the device or interface as Active. If you reconnect the device or interface, you can delete the Absent device or interface. What Happens When a Device or Interface is Activated? When you activate a device, the nGeniusONE Server relearns the device and automatically verifies the IP address and media type of the device and/or interface. If the IP address and media type both match the deactivated device and/or interface, the nGeniusONE Server uses the same entry in the database and marks the device and/or interface Active. If the IP address and media type do not match the deactivated device and/or interface, the nGeniusONE Server marks the deactivated device and/or interface as Absent and a new entry for that device and/or interface is created in the database.

607

nGeniusONE 5.4.1 Online Help Topics

Absent Interfaces Understanding Absent Interfaces in nGeniusONE An interface displays a status of Absent when one of the following occurs: • A previously Active interface cannot be located on a probe or switch during relearn • The nGeniusONE Server synchronizes with the device For example, if you disconnect a port from a switch without first deactivating it, the port status changes to Absent. During each relearn, the nGeniusONE Server continues to look for the port. If the port is found, the status of the interface changes back to Active. To resolve an absent interface, you can reconnect the interface so that the nGeniusONE Server can find the interface during the next relearn, or you can delete it. The deleted interface ages out of the database. You cannot deactivate an absent interface.

Deleting an Absent Interface in nGeniusONE You can delete an Absent interface from the Interface details window. You can delete only interfaces with a status of Absent; you cannot delete interfaces with a status of Inactive. To delete an Absent interface: 1. From the nGeniusONE Console, click

Device Configuration.

2. Click the Devices tab. 3. Double-click the device containing an absent interface. 4. Select the absent interface and click Delete. 5. In the Confirmation dialog box, click Yes to delete the absent interface, or click No to cancel the deletion process. 6. Click OK. 7. Click Apply.

608

CONFIGURING AND MANAGING nGeniusONE

Supported Devices Other Supported Devices in nGeniusONE You can add devices such as routers, switches, or servers using nGeniusONE Device Configuration to report MIB2 data over SNMP. The device you add must support the SNMP protocol and be MIB2 compliant. Note: Although you can add the switches and routers in Device Configuration, these devices are not displayed in nGeniusONE modules. Instead you can view these devices in legacy applications such as nGenius Performance Manager. Devices with Multiple IP Addresses Interfaces on MIB2 devices can have different IP addresses. To avoid adding the same device twice, all IP addresses on the device are learned and stored in the database. When a new device is added, the nGeniusONE Server searches the database to verify that the IP address does not exist. If the IP address already exists on the standalone nGeniusONE Server or on any Local Server in a distributed server environment, you will be unable to add the device. For example, consider a router with the IP address 10.45.67.8 for interface 1 and an IP address 10.34.56.7 for interface 2. If you add the router using the IP address for interface 1, the nGeniusONE Server also learns the IP address for interface 2 and stores it in the database. If you attempt to add the same device using interface 2, you are unable to add the device because it already exists. Invalid Router Interfaces By default, the nGeniusONE Server learns all interfaces on routers, including those without octets or packets. This can result in illegal interfaces. To filter out invalid interfaces, edit serverprivate.properties as follows: 1. Navigate to /rtm/bin. 2. Using a text editor, open the serverprivate.properties file. Note: NetScout Systems recommends making a backup copy of the file before making any changes. 3. Add the parameter, genericDevice.filterInterfaces.enabled, and set it to true as follows: genericDevice.filterInterfaces.enabled=true 4. Save and close the file. 5. Restart the nGeniusONE Server: /opt/NetScout/rtm/bin/stop /opt/NetScout/rtm/bin/start

609

nGeniusONE 5.4.1 Online Help Topics

MANAGING SERVICES Overview of Service Configuration nGeniusONE provides a centralized Service Configuration feature where Administrators can create services for monitoring and reporting by components such as Service Monitors, Reporting, and the Service Dashboard. Using these service-based tools, IT organizations can detect service issues and degradation before large numbers of users are affected, thereby improving service availability and overall user experience. Services are categorized by type, application or network domain, each of which is composed of one or more service members. • In an application service, a service member consists of one ASI-enabled interface or group of interfaces (network domain), plus one application, application group, or message ID. Optionally, one location key may be added to a service member containing an appropriately configured monitored element. • In a network domain service, service members comprise only ASI physical interfaces defined in Device Configuration and their associated location keys. Users with Service Configuration privileges define services by selecting applications and interfaces configured in nGeniusONE Global Settings. The SYSADMIN and NTWKADMIN roles have this privilege, by default. These administrators can also assign services to specific end-users or to all users. Administrators can organize services and service domains into one or more hierarchies in the Service Editor. By default, at the top level, the Enterprise domain is the parent of all other domains. Service hierarchies are displayed in associated Service Dashboards and can be monitored for performance metrics and alerts.

Understanding Services In nGeniusONE, the term "service" includes the following types of configurations: • Service member — The fundamental unit of a service. A service member may contain one interface or group of interfaces (known as a network domain). Depending on the type of service, the member may also contain one application, application group, or message ID, and one location key. In nGeniusONE, all interfaces must be ASI-enabled. For additional information, refer to Command-Line Object: asi_mode. • Application service — A service that can include interfaces, applications, application groups, message IDs, network domains, and location keys, and is designated by . • Network domain — A service that includes only physical interfaces and location keys, and is designated by . This type also includes a system-defined network domain called "All Locations," described as follows. By default, the Services pane contains a system-defined network domain service called All Locations. This service is not a static grouping, but dynamically obtains all current interfaces so that they can be treated as a single node in other areas of nGeniusONE, such as Reporting. The All Locations service cannot be modified, renamed, duplicated, deleted, or associated with an alert profile. It can be assigned to users. With new installations

610

CONFIGURING AND MANAGING nGeniusONE or upgrades where there are no restricted users, the All Locations service is assigned to the Everyone system user group. For upgrades with restricted users, the service is assigned to specific users who have no restrictions. • Service domain — A grouping of application services, network domains, and other service domains, designated by . • Service hierarchy — An organization of application services, network domains, and service domains in parent-child order. Keep in mind the following considerations for all services and service domains: • In a Distributed Server environment, services and hierarchies are configured only on the Global Manager and pushed to Local Servers. • Only users with Service Configuration privileges can create services; other users must have services assigned to them by an Administrator. • Individuals who are members of user groups can view services that have been assigned to the group as well as services that have been assigned to them directly. In addition, the following considerations apply to network domains: • You can combine multiple network domains in a service domain to mirror a super group. • Network domains are not associated with specific service monitors. They are available to all nGeniusONE monitors and applications.

Creating New Application Services Administrators can create services to enable application and network monitoring in various areas of the nGeniusONE solution, such as Service Monitors, Reports, and the Service Dashboard. Create a new application service by including service members (consisting of applications and monitored elements) as follows: Tip: Read instructions below for quick methods of creating services. 1. Launch Service Configuration

from the nGeniusONE Console.

2. Click the Create service button in the Services pane on the left and select the Application Service type from the dropdown menu. The service type selection filters the list of applications and monitored elements supported as possible service members. Additionally, the service type narrows the number and type of metrics available as triggers for service alert profiles. 3. Enter a name for the service in the Service settings panel on the right. 4. Configure and add service members by clicking Add service member Service Members pane.

in the

The Service Members panel opens. This panel contains sections for Monitored Elements, Location Keys, and Applications. Each defined member must consist only of one ME or network domain, and one Application, Application Group, or Message ID. Optionally, one location key may be added to a service member containing an

611

nGeniusONE 5.4.1 Online Help Topics appropriately configured monitored element. You can use the Service Members panel to configure multiple service members at the same time. a. Select from the list one or more applications, application groups, or message IDs you want included in the service. • If you select multiple applications, groups, or Message IDs, the software separates the selections into single ME-application pairings. Note: Combining messages and the parent application for those messages in the same service is not recommended. For example, do not configure a service that includes both DNS (parent) and DNS:AAAA. • (Optional) Filter the list of applications displayed in the table by clicking and entering text in any of the column heading fields. Your parameters are applied and filtered results are displayed. You can also filter by selecting checkboxes for Applications, Application Groups, or Message IDs. • (Optional) Reduce the list to display just your selected applications in the table by clicking Only show selections. • When adding RTP applications to a service, keep in mind that RTP data is not available for display in the Application Service Dashboard. However, this data is displayed in the Unified Communications Dashboard, with a UC Server license. b.

Select one or more monitored elements or network domains.

• If you select multiple elements, the software separates the selections into single ME-application pairings. • (Optional) Filter the list of monitored elements by clicking and entering text in any of the column heading fields. Your parameters are applied and filtered results are displayed. You can also filter by selecting checkboxes for Monitored Elements or Network Domains. c. (Optional) If available for the selected ME, select one or more location keys from the list. Note: • If you add different types of location keys to this service, data is aggregated separately for each location key. There is no calculation to combine data for specific combinations of location keys. • If you are working in an upgraded nGeniusONE environment, and you previously had services with monitored element groups, the ME groups are converted to network domains and the services are updated to use the new network domains instead of the ME groups. Virtual interfaces from the previous ME Groups are shown as location keys in the service member details for the network domains. d. Click Apply to save the service member definition and continue defining other service members.

612

CONFIGURING AND MANAGING nGeniusONE Click OK to save the service member definition and close the Add Service Member panel. Separate service members are formed and listed in the Service Members list. Each row represents one member consisting of one ME/network domain + one App/App Group and any specified optional values. These entries are in a pending state until you click OK to complete the service. 5. Continue adding service members as needed. 6. (Optional) Select Alerts if you want to enable alerts for this service. Refer to Enabling Alerts for Services for additional information. 7. (Optional) From the Monitor: dropdown menu, select a service monitor to be associated with the new service. This association enables drilldowns from the new service in nGeniusONE applications, such as the Service Dashboard, to its counterpart service monitor. By default, all services are associated for drilldown to the general-use Universal Monitor. Note: • If your environment has been customized for specific business types (in Global Settings), the list of monitors available for service configuration reflects those business types. • The software does not prevent you from associating a monitor that is not applicable for the data in the service. In these cases, after drilldown the specified monitor displays no data for the service. • If the service contains RTP protocols and data, be sure to associate it with the RTP Monitor or the Media Monitor (if available). By default, services are associated with the Universal Monitor/general application view, which does not support RTP protocols and, therefore, displays no data in the monitor. 8. (Optional) Select Server or Client as an orientation preference if the service contains location keys with server and client traffic, such as Sites. This selection determines whether server or client statistics are displayed in nGeniusONE applications such as reports, monitors, and alerts. To display statistics for both client and server, create a separate service for each direction. 9. Click OK to save your service. The application service, designated by to the Services pane.

, is added

To apply restrictions on user access to services in other areas of nGeniusONE, you can assign services to specific users and groups. Refer to Assigning Services to nGeniusONE Users for additional information. You can also quickly create a service in either of the following ways: • Create a new service using the same applications as an existing service by selecting the service in the Services pane and clicking Create service from settings

.

The Service Members panel opens with the applications preselected and your choice of monitored elements to apply to the new service. • Create a service from a predefined template.

613

nGeniusONE 5.4.1 Online Help Topics

Creating a Service from a Template nGeniusONE provides several templates to help you quickly create services for monitoring. When you create a template-based service, the template provides predefined applications and you specify the monitored elements. If required, you can customize template-based services by adding and deleting applications and monitored elements. Service templates have the following characteristics: • All users who have access to the Service Definition Editor can use all templates. • The templates available for selection are filtered according to the selected service type. • After creating a template-based service, you can perform any other tasks associated with ordinary services. • You cannot create your own templates. To create a service based on a template: 1. Click Create a service from a template

in the Service Definition panel.

2. Select the template you want as a basis for the new service from the dropdown menu. The Service Members panel opens showing the default applications provided by the selected template. a. Select one monitored element or network domain for the new service member. b.(Optional) If available, select location keys for the service member. c. Click OK. The Service Definition panel displays the application-monitored element service members for the template-based service. Notice that the corresponding service monitor has been automatically associated. This association enables drilldowns from the new service to its counterpart service monitor. 3. Click OK to complete the template-based service. The service is added to the Services List (on the left). You can perform other tasks as necessary for the new service, such as changing the service name, modifying applications and monitored elements, and changing the default monitor association. Refer to Creating New Application Services for additional details.

Configuring Network Domains Administrators can configure network domains to enable network monitoring in various areas of the nGeniusONE solution, such as Service Monitors, Reports, and the Network Dashboard. 614

CONFIGURING AND MANAGING nGeniusONE Create a new network domain service by including service members (consisting of monitored elements and location keys) as follows: 1. Launch Service Configuration

from the nGeniusONE Console.

2. Click the Create service button in the Services pane on the left and select the Network Domain service type from the dropdown menu. The service type selection filters the list of possible service members to display only monitored elements. Additionally, the service type narrows the number and type of metrics available as triggers for service alert profiles. 3. Enter a name in the Network Domain panel on the right. 4. Add service members by clicking Add service member Members pane.

in the Network Domain

The Service Members panel opens. This panel contains sections for Monitored Elements and Location Keys. You can use the Service Members panel to configure multiple service members at the same time. a.

Select one or more monitored elements.

b. (Optional) Filter the list of monitored elements by clicking and entering text in any of the column heading fields. Your parameters are applied and filtered results are displayed. c. (Optional) If available for the selected ME, select one or more location keys from the list. Note: • If you add different types of location keys to this network domain, data is aggregated separately for each location key. There is no calculation to combine data for specific combinations of location keys. • If you are working in an upgraded nGeniusONE environment, and you previously had services with monitored element groups, the ME groups are converted to network domains and the services are updated to use the new network domains instead of the ME groups. Virtual interfaces from the previous ME Groups are shown as location keys in the service member details for the network domains. d. Click Apply to save the service member definition and continue defining other service members. Click OK to save the service member definition and close the Add Service Member panel. Separate service members are formed and listed in the Service Members list. Each row represents one member consisting of one ME and any specified location keys. These entries are in a pending state

until you click OK to complete the service.

5. Continue adding service members as needed.

615

nGeniusONE 5.4.1 Online Help Topics 6. (Optional) Select Alerts if you want to enable alerts for this network domain. Refer to Enabling Alerts for Services for additional information. 7. (Optional) Select Server or Client as an orientation preference if the service contains location keys with server and client traffic, such as Sites. This selection determines whether server or client statistics are displayed in nGeniusONE applications such as reports, monitors, and alerts. To display statistics for both client and server, create a separate service for each direction. 8. Click OK to save your network domain service. The network domain, designated by , is added to the Services pane. Network domains can be included in application services, added to domains in the service hierarchy, and viewed on the Network Dashboard. You can also configure alerts for excessive bit rate occurring in the network domain. To apply restrictions on user access to network domains in other areas of nGeniusONE, you can assign them to specific users and groups.

Creating Service Domains You can create service domains by selecting previously configured application services and network domains, then organizing the service domains into service hierarchies as follows: Tip: Read instructions below for quick methods of creating service domains. 1. Launch Service Configuration

from the nGeniusONE Console.

2. Select a domain in the Service Hierarchy pane under which you want to create the new domain or sub-domain. 3. Click the Create domain button

in the Service Hierarchy pane on the left.

4. Enter a name for the domain in the Service Domain panel on the right. You cannot enter a name that is already assigned within the selected domain; however, you can use an existing name from a different parent domain. 5. (Optional) Filter the list of entries by clicking and entering text to filter for matching services. If you have multiple pages of services, the filter applies to all entries. 6. (Optional) Select all services on the current page or sort by the column heading (Name, Monitor, Service Type). If you have multiple pages of services, the column sorting applies to all entries. 7. Select one or more services/network domains from the list in the Service Domain panel. 8. Click OK to save the service domain. The domain is added to the selected location in the Service Hierarchy designated by . 9. (Optional) Select the service domain and assign it to other users by clicking Assign Users/Groups . Assigning the domain makes it accessible to these users for monitoring and reporting in other areas of the nGeniusONE product set. Refer to Assigning Services to nGeniusONE Users for additional information.

616

CONFIGURING AND MANAGING nGeniusONE Tips for creating domains • Duplicate an existing service domain by selecting it in the Service Hierarchy pane and clicking Duplicate domain

.

A duplicate copy is added under the same location as the original service; the duplicate has a unique name based on the original name. • Copy an existing service domain by selecting it in the Service Hierarchy pane and clicking Copy

. Then paste it into the preferred hierarchy location

.

Managing Service Hierarchies When you define services and service domains, you can arrange them into custom hierarchies that align with your organization's infrastructure, physical sites, logical workgroups, geographic regions, or business units. The hierarchies created in Service Configuration are displayed in the Service Dashboard so that you and others can visualize how services are delivered to end users and proactively identify and triage performance issues. The top level of the hierarchy tree is the fixed Enterprise Domain and all user-defined hierarchies are added below this top level. Users with the Service Configuration privilege can rename the Enterprise Domain. Using controls in the Service Hierarchy pane, you can work with hierarchies in the following ways: • Create and remove domains • Assign domains to users • Copy and paste service domains to different areas of the hierarchy • Create a duplicate copy of an existing service domain in the same location of the hierarchy • Reorder services and domains by using the reorder buttons to move up or down in the same node • Rearrange services and service domains in the hierarchy by dragging and dropping them within the same node • Import and export the service hierarchy in XML format

Understanding Service Assignments With a new installation of nGeniusONE, the top level of the Service Configuration hierarchy is the Enterprise domain, which is assigned to a system user group called "EVERYONE." This group assignment enables all nGeniusONE users to access the Enterprise domain and any service and subdomains defined under Enterprise. Since new services are not automatically assigned to any users, they must be added to the Enterprise hierarchy to inherit this global user assignment. Users who have services and domains assigned to them can also see and work with these services and domains in other areas of nGeniusONE, including Service Monitors, Reports, and the Service Dashboard.

617

nGeniusONE 5.4.1 Online Help Topics Administrators with Service Configuration privileges can exercise more selective control over user access to services using either of the following methods: • Remove the Enterprise domain's assignment to the Everyone group and assign individual services and domains to specified users In this case, the services and service domains you add to the Enterprise domain are not automatically available to any nGeniusONE users, including yourself. You must explicitly assign your services and domains to users to make them accessible for monitoring and reporting. Assigned service definitions are available only to the specified users. • Retain the Enterprise domain's assignment to the Everyone group and assign selected services and domains to users as required In this case, the services and service domains you add to the Enterprise domain are automatically available to all other nGeniusONE users. But you can explicitly assign a selected service or domain to specific users, making it available only to those users. By default, the Network Administrator (NTWKADMIN) and System Administrator (SYSADMIN) user roles have the Service Configuration privilege and can create and assign services. Users with other roles cannot create services. Keep in mind the following considerations when working with assigned services and service domains: • Administrators can assign a service to users in two ways: Explicit assignment from the Services pane Assign Users/Groups

o .

o Inheritance through an assigned domain. If a domain is assigned to a user, the user inherits assignments to the services and subdomains within the parent domain. • Administrators can assign individual services and service domains without assigning their parent domains (if any). • If a parent domain is assigned to users, and the Administrator separately assigns a nested child domain to a different user, that child domain is no longer available to the parent domain users. The Administrator must explicitly assign the child domain to the other users. • Services assigned to users explicitly or through domain inheritance are available for monitoring in Service Monitors and Reporting. Application services and network domains added to the Service Hierarchy are available for monitoring in Service and Network Domain dashboards. • You can view the users and groups to whom a particular service or domain has been assigned by selecting the node and clicking Assign Users/Groups can be revoked by deselecting user names.

618

. Access

CONFIGURING AND MANAGING nGeniusONE

Assigning Services and Domains to nGeniusONE Users With a new installation of nGeniusONE, the Enterprise domain at the top level of the Service Configuration hierarchy is assigned to a system user group called "EVERYONE." This group assignment enables all nGeniusONE users to access the Enterprise domain and any service and child domains defined under Enterprise. Users who have services and domains assigned to them can also see and work with these services and domains in other areas of nGeniusONE, including Service Monitors, Reports, and the Service Dashboard. Administrators with Service Configuration privileges can exercise more selective control over user access to services by assigning or unassigning currently configured services and domains as follows: 1. Launch Service Configuration

on the nGeniusONE Console.

2. Select one or more services in the Services pane or select a single service domain, including the root-level Enterprise domain, in the Service Hierarchy pane. If you assign a service or domain that is a child of a parent domain, the child assignment has no bearing on the parent. However, when assigning a parent domain to a user, the user inherits assignments for all underlying children. 3. Click Assign users/groups

.

A dialog box opens with lists of users and user groups configured in User Management. Current assignments are indicated with check marks. Note: If you selected multiple services, no users or groups are checked, even if the individual services were assigned to specific users. Assignments you make now for the multiple services will override any pre-existing user assignments. 4. Select one or more users and groups to be assigned the selected services or domain. To unassign a service or domain, deselect users who are currently assigned. Important: If you remove the assignment to the Everyone group, select your own user name for assignment to see this service or domain when using other nGeniusONE features. 5. Click OK after selecting the users and groups. The selected service , network domain to indicate that it has been assigned.

, or domain

is labeled with an icon

After all assignments are complete, only the specified users will see the assigned services in Reports, Service Monitors, and Service Dashboards.

619

nGeniusONE 5.4.1 Online Help Topics

Enabling Alerts for Services When working with nGeniusONE application services and network domains, you can enable alerts for the monitored elements and applications in those services. Service alerts, which are displayed in the Service Dashboard and Alert Browser, are generated by the nGeniusONE Server and provide early awareness of possible problems with applications, links, servers, voice services, or the network. Additionally, for network domains you can enable Real-Time alerts that provide immediate notification about anomalous conditions for specific supported metrics. To enable these alerts, separate configuration steps are required as described in Configuring Real-Time Alerts for Services. To enable alerts for a service: 1. Create the service. 2. Select Alerts on the service settings panel.

3. Accept the default alert profile, select a previously defined alert profile, or create a new alert profile. When you enable alerts, a default alert profile is associated with the application service or network domain. The default profile for application services produces alerts when baselines are exceeded for average response time, failure rate, and transaction rate. The default profile for network domains produces alerts when baselines are exceeded for bit rate. Other metrics are available. You can view and modify the default and other profiles by selecting the profile and opening the settings panel. Refer to Configuring Alert Profiles for Services for additional information. 4. (Optional) Select Actions. This option allows you to specify actions to occur when an alert is triggered, such as executing a script, forwarding an SNMP trap, or sending an email. Refer to Configuring Actions for Service Alerts for additional information. 5. Click OK to apply the alert settings to the service. 6. Add the service or network domain to a service domain in the Service Hierarchy to enable display of alerts in the Alert Browser. If you want to prevent the generation of service alerts during specific periods of time, you can configure service alarm exclusions.

Configuring Alert Profiles for Services and Network Domains When you enable alerts for an application or network domain service, the alerts are managed through the use of alert profiles, either the default profile associated with the service or a user-defined profile. An alert profile consists of one or more metrics with triggers for generating alerts. Using the default profile, an alert is generated when a trigger in the profile is exceeded on any member in the associated service. If preferred,

620

CONFIGURING AND MANAGING nGeniusONE you can configure an alert profile that generates alerts for aggregated service data. This option is described below. To view or modify the triggers in the default or any other profile, click the Modify button to open the settings dialog box. You can create your own profiles with customized triggers as follows: 1. After enabling alerts for a selected application service or network domain, click Create alert profile

(next to the Profile dropdown menu).

The Alert Profile panel opens. Use the settings in this panel to create or modify the triggers in alert profiles. The alert profiles you configure will always be associated with the type of service selected: application service or network domain. 2. (Optional) Select the checkbox to enable Real-Time alerts. These alerts are supported only for services and network domains with qualified elements. Refer to Configuring Real-Time Alerts for Services for additional information. 3. (Optional) Select the checkbox to enable aggregated service alerts. (Not supported when Real-Time alerts are enabled.) This feature allows you to receive alerts on aggregated data for an entire application or network domain service rather than a service's individual members. When enabled, aggregation is included in the alert profile and is applied to every service or network domain with this alert profile assigned. Alerts are generated, as warranted, by comparing the aggregated service data to the configured baselines or thresholds. The generated alerts are labelled with "Aggregated Service" when displayed in the Alert Browser. Considerations: Alarming on aggregated services is restricted to the following supported metrics: For network domains: Bit Rate For application services: Application Service Bit Rate (the sum of traffic to and from the servers for the applications in this service), Failure Rate, Transaction Rate, Timeout Percentage If you enable aggregation in an alert profile with previously created triggers, you receive a warning that the triggers will be converted to apply to an entire service. Triggers that aren't supported for aggregated services will be removed. If preferred, you can keep the existing profile by cancelling this conversion and create a new profile for aggregated services. 4. Click Add trigger

.

5. Configure triggers for the alert profile as required. Click Apply to add as many as 10 triggers. 6. (Optional) Select Action if you want to specify additional operations, such as executing a script, forwarding SNMP traps, and/or sending an email, in response to alerts generated for the selected alert profile.

621

nGeniusONE 5.4.1 Online Help Topics 7. Click OK on the main panel to save the alert profile and triggers. The profile is added to the dropdown menu and can be used for other application services or network domains, depending on the type of service currently selected. For example, if the profile is defined for a network domain, the profile is available only for other network domain type services. If the profile is defined for an application service, it is available only for other application services.

Modifying and Deleting Services and Hierarchies Any user with Service Configuration privileges can modify and delete services, service domains, and hierarchies: • To modify a service, a domain, or a hierarchy: Select the entry in the Services pane or Service Hierarchy pane and make changes using the Service Definition panel. • To modify a service member within a service: Select the entry in the Service Members panel and make changes in the Add Service Member dialog box. • To delete a service or a domain: Select the entry in the Services pane or Service Hierarchy pane and click Delete

.

Exporting/Importing Service Definitions If you want to save your configured service definitions in a transferable form, you can use the Service Configuration tool to export and import them between nGeniusONE servers. You can export and import the following service definition types: • All services and network domains • All domains, services, and network domains with the hierarchy structure preserved The tool allows you to import service definitions that were previously exported using either the Service Configuration tool or the Command Line Administrator utility.

Exporting Service Definitions Note: When exporting services that have associated alert profiles and actions, the tool maintains the associations. However, you must also export the alert profiles and actions themselves. Refer to Exporting/Importing Service Alert Profiles and Actions for additional information. • To export the entire hierarchy of service domains, services, and network domains: 1. Launch Service Configuration 2. Click Export

from the nGeniusONE Console.

in the Service Hierarchy pane.

• To export all services and network domains: 1. Launch Service Configuration 2. Click Export

from the nGeniusONE Console.

in the Services pane.

Note: This action exports all services and network domains even if you have filtered the list to display a subset.

622

CONFIGURING AND MANAGING nGeniusONE The hierarchy or service configurations are exported in XML format. Depending on your browser settings, the XML takes one or more of the following forms: • Saved automatically to a default folder on your system (usually Downloads) • Displayed in a new window • Available for you to run or save manually

Importing Service Definitions Keep in mind the following considerations when importing service definitions: • If the services being imported have associated alert profiles and actions, you must import the alert profiles and actions before importing the service. Refer to Exporting/Importing Service Alert Profiles and Actions for additional information. • When importing services, the destination server must have the same devices and applications configured as the source server. Otherwise, the imported services will have no service members. • Invalid service members are excluded during import. If a service has no valid service members, the service is not imported. To import a hierarchy of domains and services: a. Click Import

in the Service Hierarchy pane.

b. Navigate to a previously exported and saved service hierarchy XML file. c. Click Open. The hierarchy is imported to the current system. If the current system already had domains and services configured, the imported nodes are integrated and, if necessary, service members are added to the current services. To import all services and network domains: a. Click Import

in the Services pane.

b. Navigate to and select a previously exported service definition file. c. Click Open. The services are imported to the current system. If the current system already had services configured, the imported services are integrated and service members are added, as necessary.

623

nGeniusONE 5.4.1 Online Help Topics

User Roles and Privileges in Service Configuration nGeniusONE provides two privileges associated with service configuration. These privileges are assigned, by default, to certain user roles as described in the table below. Privilege name

User roles (assigned by default)

Description

Service Access Control

Network Administrator (NTWKADMIN); System Administrator (SYSADMIN)

Provides the ability to assign services and domains to other users in nGeniusONE Service Configuration.

Service Configuration

Network Administrator (NTWKADMIN); System Administrator (SYSADMIN)

Provides the ability to configure services, including creation, deletion, and modification.

Note: • If users are in a user group, the privileges associated with the group role override those assigned to the individual user. For example, if User1 is assigned the System Administrator role but is added to a group with the Help Desk role, User1 will have service privileges associated with the Help Desk rather than the System Administrator role. • The System Administrator can modify privileges and user role assignments in nGeniusONE Server Management as described in Modifying User Roles. • With a new installation of nGeniusONE, the top level of the Service Configuration hierarchy is the Enterprise domain, which is assigned to a system user group called "EVERYONE." This group assignment enables all nGeniusONE users to access the Enterprise domain and any service and subdomains defined under Enterprise. • Newly configured services are not automatically assigned to any users; the services must be added to the Enterprise hierarchy to inherit the global user assignment. • If a user has been restricted to specified UMC-based Monitored Element Groups and the individual logs in to nGeniusONE, the user is able to view all services and service domains, but cannot create or modify them.

624

CONFIGURING AND MANAGING nGeniusONE

Using CLA Commands for Service Definitions The nGenius Command Line Administrator is a command-line utility for performing a variety of management functions. It is especially useful for streamlining repetitive tasks that would be time-consuming when using the nGeniusONE user interface. There are a number of commands that enable you to create, modify, assign, and delete services, network domains, and service domains. This help topic provides general guidelines and examples for using the CLA. Refer to the command-line help for a complete description of all service definition parameters and usage.

Accessing the nGenius CLA utility 1. Log in to the nGeniusONE Server system and navigate to the /rtm/cla prompt. 2. Execute nGeniusCLA.bat (Windows) or ./nGeniusCLA.sh (UNIX) followed by the appropriate parameters (described below). 3. To view command-line help, enter nGeniusCLA.bat -help or ./nGeniusCLA.sh help. Help for the service definition commands is in the Service Config Parameters section.

Command Syntax Linux: ./nGeniusCLA.sh -ur -pw -act serviceConfig