Application and Network Monitoring

Application and Network Monitoring
Lorna Robertshaw, Director of Applications Engineering
OPNET Technologies
OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.
All trademarks are the property of their respective owners and are used herein for identification purposes only.
About OPNET Technologies, Inc.®
Corporate Overview
•
•
•
•
•
Founded in 1986
Publicly traded (NASDAQ: OPNT)
HQ in Bethesda, MD
Approximately 600 employees
Worldwide presence through direct offices and channel partners
Best-in-Class Solutions and Services
• Application Performance Management
• Network Engineering, Operations, and Planning
• Network R&D
Strong Financial Track Record
• Long history of profitability
• Trailing 12-month revenue of over $120M
• Approximately 25% of revenue re-invested in R&D
Broad Customer Base
•
•
•
•
Corporate Enterprises
Government Agencies/DoD
Service Providers
Network Equipment Manufacturers
OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.
All trademarks are the property of their respective owners and are used herein for identification purposes only.
OPNET Solutions Portfolio
Application Performance
Management (APM)
Network Engineering,
Operations, and Planning
Analytics for Networked Applications
Network Planning and Engineering for Enterprises
End-User Experience Monitoring & Real-Time Network Analytics
Network Planning and Engineering for Service Providers
Real-Time Application Monitoring and Analytics
Transport Network Planning and Engineering
Systems Capacity Planning for Enterprises
Network Audit, Security, and Policy Compliance
Automated Up-to-Date Network Diagramming
Network R&D
Modeling and Simulation for Defense Communications
Wireless Network Modeling and Simulation
Accelerating Network R&D
OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.
All trademarks are the property of their respective owners and are used herein for identification purposes only.
Agenda
• Monitoring Application Behavior
–Case Study: Impact of rogue application and users
–Case Study: Impact of worms and viruses
–Case Study: Impact of bottlenecks
–Monitoring, Triage, and Forensics
–Monitoring network and application behavior with OPNET ACE Live
–Deep-dive packet analysis and forensics with ACE Analyst
–Using application characterizations in OPNET Modeler
• Auditing Network Configuration
–Case Study: Impact of misconfigurations on WAN infrastructure
–Case Study: Default passwords on Internet-facing routers
–Auditing device configurations with Sentinel
–Providing network diagramming through NetMapper
• Questions
OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.
All trademarks are the property of their respective owners and are used herein for identification purposes only.
Monitoring Application Behavior
OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.
All trademarks are the property of their respective owners and are used herein for identification purposes only.
Case Study: Impact of Rogue Applications
•
•
•
•
Company that does scientific research for defense agencies
Large monthly costs for WAN connection between two main sites
Link is often near saturation, so cost is justified
Investigation finds one user responsible for 1/3 of total inbound traffic throughout
workday – syncing home computer to work computer
• Possible security threat
• Huge monthly expense to company
OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.
All trademarks are the property of their respective owners and are used herein for identification purposes only.
Case Study: Impact of Worms and Viruses
• The perfect storm: Large software company. Battles
between IT staff and developers over management
of development servers.
• Blaster Worm (August 2003)
• Worm caused infected computers to become
unstable
• Infected computers also caused major network
outages that impacted non-infected computers!
• Network was unusable but no one knew why
• Application monitoring showed ~150 infected
machines sending ARP requests for every IP they
could think of
• It took 5 hours to find and unplug infected computers
• Major business impact – tech support was down,
customer support site was down, lost
productivity
OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.
All trademarks are the property of their respective owners and are used herein for identification purposes only.
Case Study: Impact of Network Bottlenecks
• Medical Service Provider
• One data center with large research facilities (high bandwidth),
•
•
•
•
•
hospitals (lower bandwidth), and small strategic sites (T1,
sufficient for 3-4 users)
Citrix, Terminal services, WAN Optimizers deployed throughout
to overcome network latency issues
Tricky environment to troubleshoot and gain visibility!
Users in low bandwidth locations experience high network
congestion and retransmissions
Monitoring showed that congestion correlated with times users
were printing
Single print server in the Data Center was a huge bottleneck
and was impacting high priority traffic to the strategic sites
OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.
All trademarks are the property of their respective owners and are used herein for identification purposes only.
Three Dimensions of Application Performance
Management
Monitoring: high-level view
•
•
•
•
•
Broad visibility (network, server…)
Real-time dashboards
Alerts when user experience degrades
SLA violations
Trending and historical data
Triage: initial troubleshooting
•
•
•
•
Localize problem (who, what, when, how bad)
Due to network or server?
Which team to call next?
Snapshot and archive forensic data
Forensics: root cause
• Follow user transaction across network and
through servers
• Identify specific cause (network event, line of
code, etc.)
9
OPNET
Confidential
– Not
release
third
parties.©©2009
2009OPNET
OPNETTechnologies,
Technologies,Inc.
Inc.AllAllrights
rightsreserved.
reserved.OPNET
OPNETand
andOPNET
OPNETproduct
productnames
namesare
aretrademarks
trademarksofofOPNET
OPNETTechnologies,
Technologies,
Inc.
OPNET
Confidential
– Not
forfor
release
to to
third
parties.
Inc.
trademarks
property
their
respective
owners
and
used
herein
identification
purposes
only.
AllAll
trademarks
areare
thethe
property
of of
their
respective
owners
and
areare
used
herein
forfor
identification
purposes
only.
• Real-time agentless performance monitoring
• Broad coverage with a small footprint (all users and all
applications)
• Localize performance problems and differentiate between
network and server delay
• Snapshot detailed data for forensic analysis
ACE Live
ACE Live
Data Center
10
OPNET
Confidential
– Not
release
third
parties.©©2009
2009OPNET
OPNETTechnologies,
Technologies,Inc.
Inc.AllAllrights
rightsreserved.
reserved.OPNET
OPNETand
andOPNET
OPNETproduct
productnames
namesare
aretrademarks
trademarksofofOPNET
OPNETTechnologies,
Technologies,
Inc.
OPNET
Confidential
– Not
forfor
release
to to
third
parties.
Inc.
trademarks
property
their
respective
owners
and
used
herein
identification
purposes
only.
AllAll
trademarks
areare
thethe
property
of of
their
respective
owners
and
areare
used
herein
forfor
identification
purposes
only.
End User Experience Monitoring
• 24x7 application monitoring appliance
– End-user response time for all transactions and users
• Auto-discovers applications out-of-the-box
Executive dashboard of real-time performance
– Oracle, Peoplesoft, SAP, Microsoft, IM, P2P, others
• Intuitive, easy-to-use, low TCO
– One-click guided work flows
– Web-based dashboards; customizable reports
– Installed and configured within 1 hour
• Unified views across the enterprise
• Automatic analysis
– Components of delay, top-talkers
– Dynamic thresholds— “learns” abnormal behavior
– Historical trending (up to one year)
• Real-time VoIP performance management
• NetFlow collection
Quick, easy network troubleshooting
– NetFlow and user response time in a unified view in a
single appliance
• Exclusive: Integrated monitoring and
troubleshooting
– Integrates with ACE Analyst for root cause analysis
SLA monitor highlights poor performance
OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.
All trademarks are the property of their respective owners and are used herein for identification purposes only.
ACE Live “Insights”
• Easy guided workflows for troubleshooting and analysis
–Point-and-click wizards automate best practices
–Accomplish complex tasks at a mouse-click
–Customizable
OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.
All trademarks are the property of their respective owners and are used herein for identification purposes only.
Bandwidth Hogs
OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.
All trademarks are the property of their respective owners and are used herein for identification purposes only.
Alerts: Potential DoS Attacks
OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.
All trademarks are the property of their respective owners and are used herein for identification purposes only.
Worm Hunt: Detect External Attacks
OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.
All trademarks are the property of their respective owners and are used herein for identification purposes only.
End-User Response Times: Server Delay
OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.
All trademarks are the property of their respective owners and are used herein for identification purposes only.
End-User Response Times: Network Delays
OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.
All trademarks are the property of their respective owners and are used herein for identification purposes only.
Analytics for Networked Applications
• Automatic root-cause analysis
– Visualize application behavior across the network
– Diagnose root causes of response-time delay
– Validate proposed solutions
– Certify new applications prior to rollout
• Restores network-tier visibility in WANoptimized environments
– Support for leading vendors (e.g. Riverbed, Cisco,
Juniper)
• Response time prediction using a behavioral
Summarize components of response-time delay
application model
– New application deployment
– Data center migrations
– Server consolidation and virtualization
– WAN optimization deployment
– Application deployment to new locations
• Over 700 protocol and application decodes
– Citrix, Oracle, SQL Server, Web Services, others
Predict response times
OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.
All trademarks are the property of their respective owners and are used herein for identification purposes only.
ACE Analyst for Deep Dive Forensics
•
•
•
•
Visually see the connections
Gantt chart of each conversation
Drill into packet decodes
Shorten time/skillset needed to analyze packet captures
OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.
All trademarks are the property of their respective owners and are used herein for identification purposes only.
Application Characterization for
simulation in OPNET Modeler
• Real traffic patterns add accuracy to simulated models
• Simulate DoS attacks etc.
OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.
All trademarks are the property of their respective owners and are used herein for identification purposes only.
Application Monitoring: Summary
• Quality monitoring tools will help you:
–Weed out rogue applications
–Detect and study security threats
–Only pay for bandwidth you need
–Avoid congestion caused by inefficient architecture
–Understand import of issues on end-user experience
–TRIAGE problems and allow deeper dive into FORENSICS tools
• Keys to deploying application monitoring solutions:
–Diverse user community with different access levels, cross-disciplinary communication
–User training
–Hook into existing tools wherever possible, look for integrated tool suites rather than
point solutions
OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.
All trademarks are the property of their respective owners and are used herein for identification purposes only.
Network Configuration Monitoring
OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.
All trademarks are the property of their respective owners and are used herein for identification purposes only.
Case Study: Impact of misconfigurations
on WAN infrastructure
• Global ISP
• Core routers have HUGE routing tables
• Peering points to customer networks use route filters to avoid bombarding CE
routers with Internet routing tables
• Operator fat fingers route filter name
• Cisco IOS responds by sharing no routes
• Months pass…
•
•
•
•
IOS upgrade occurs
IOS throws out the command altogether
ALL routes sent to CE router
Outage in middle of business day
OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.
All trademarks are the property of their respective owners and are used herein for identification purposes only.
Case Study: Default Passwords
• Large insurance company with stringent regulatory requirements
(SOX, HIPAA)
• Some routers and switches in production network still have “staging”
configurations
• Default username/pw combinations (cisco/test etc) found on Internet
facing devices
• Production community strings found on devices
• Major changes required to entire network in case the devices had
been compromised
• Could have been worse!
OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.
All trademarks are the property of their respective owners and are used herein for identification purposes only.
Network Audit, Security, and Policy-Compliance
• Reduce network outages
–Detect configuration problems before they
disrupt network operations
–Automatically audit production network
configuration with ~750 rules
• Ensure network security
–200+ security rules
• Demonstrate regulatory compliance
–Generate self-documenting, customizable
reports
–Leverage rule templates for rapid
customization
OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.
All trademarks are the property of their respective owners and are used herein for identification purposes only.
Sentinel Architecture
Production Network
Scheduled
Audit Engine
Configuration
& Topology
Third Party Data Sources
Near Real-Time
Comprehensive
Network Model
OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.
All trademarks are the property of their respective owners and are used herein for identification purposes only.
Security Standards and Guidelines
Standard/Guide
PCI Data Security
Standard
Description
Describes the Payment Card Industry (PCI) Data Security Standard (DSS) requirements.
Applicable Organizations
* Banks
* Credit Card Merchants
PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or
transmitted.
NIST Special Publication
800-53
(also basis for FISMA
compliance)
Provides technical guidance to enhance the confidentiality, integrity, and availability of Federal
Information Systems.
DISA Network
Infrastructure STIG
Provides security configuration guidance to enhance the confidentiality, integrity, and availability of
sensitive DoD Automated Information Systems (AISs).
* DoD
* Defense Contractors
* Federal Agencies
This document is provided by NIST as part of its statutory responsibilities under the Federal Information
Security Management Act (FISMA) of 2002, P.L. 107-347.
* DoD
* Federal Agencies
* Defense Contractors
This Security Technical Implementation Guide (STIG) is provided under the authority of DoD Directive
8500.1.
NSA Router Security
Configuration Guide
Provides technical recommendations intended to help network administrators improve the security of
their routed networks.
The initial goal for this guide is to improve the security of the routers used on US Government
operational networks.
NSA Cisco IOS Switch
Security Configuration
Guide
Provides technical recommendations intended to help network administrators improve the security of
their switched networks.
* Federal Agencies
* DoD
* Enterprises
* Service Providers
* DoD
* Enterprises
* Service Providers
The initial goal for this guide is to improve the security of the switches used on DoD operational
networks.
Cisco SAFE Blueprint for
Enterprise Networks
Provides Cisco’s best practices to network administrators on designing and implementing secure
networks.
* Enterprises
ISO-17799
Provides guidelines and general principles for initiating, implementing, maintaining, and improving
information security in an organization.
* Enterprises
This is an International Standard developed by the International Organization for Standardization (ISO)
and the International Electro technical Commission (IEC).
OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.
All trademarks are the property of their respective owners and are used herein for identification purposes only.
Example Sentinel Reports
OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.
All trademarks are the property of their respective owners and are used herein for identification purposes only.
Example Sentinel Reports
OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.
All trademarks are the property of their respective owners and are used herein for identification purposes only.
Automated Network Diagramming
• Automatically generate up-to-date
network diagrams
• Published in Microsoft Visio® format
• Comprehensive and detailed unified
network views
–Physical layouts
–Detailed configuration information
–Logical views including Layer 2/3,
VPN, OSPF, BGP, and VLANs
–Custom annotations
• Benefits
–Meet regulatory compliance
requirements: PCI, SOX, etc.
–Accelerate network troubleshooting
–Perform effective asset & change
management
OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.
All trademarks are the property of their respective owners and are used herein for identification purposes only.
Questions?
OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.
All trademarks are the property of their respective owners and are used herein for identification purposes only.