View
288
Download
1
Category
Tags:
Preview:
DESCRIPTION
Presentation slides from October 2014 ADDM Discovery Interest Group.
Citation preview
Extending discovery to network devices and their relationships to your applications.
Presented by Wes Fitzpatrick – wfitzpatrick@cssdelivers.com
Applications, Firewalls & Routers
• ADDM is very good at mapping:• Application 2 software dependencies• Software 2 software, host dependencies• Host 2 host, neighbouring switch dependencies• Technical and operational dependencies
• Not so good for:• Switch and router neighbours• Firewall neighbours• Load balancer neighbours• Logical or functional application dependencies
ADDM Current Discovery Capability – pros and cons
Application Architecture as seen by ADDMApplication
Software Instances
HostsS
witches
Application Architecture as seen by the Organisation
https://rmohan.com/?p=436
Application
Load Balancers
Firewall/Routers
Hosts + Software Instances
Switches
• Multinational retailer• 1500 OSIs comprised of Windows, Unix, AS400s, Exadata and Netezza.• Application stack included F5 load balancers and AS400 messaging
subsystems.
• Tier 1 Investment bank• 10,000 OSIs• Decentralised ADDM deployments to Americas, EMEA, APAC datacentres.• BAM not used – single focus on remote firewalled connections.
Business Cases
Getting Load Balancers into the Model
• SNMP Only• Creates a NetworkDevice node• No direct relationship to SIs or BAIs.
• Solution• Trigger on a web server SI type• Create an link through DiscoveryAccess and update an attribute on the SI• Trigger on NetworkDevice• Create an SI for “F5 Load Balancer”• Reverse lookup DiscoveredNetworkConnection for port to process mapping• All communicating software!
Load Balancers
Getting Firewalls into the Model
• Can be discovered (unsupported device)• Custom TPL needed• SNMP?• No direct way to link to a Host or Router
Firewall/Routers
Getting Firewalls into the Model
Firewall/Routers
http://www.xpresslearn.com/networking/design/network-design-series-ii/#
• Bank Environment
Getting Firewalls into the Model
• Bank Environment• No TPL required (no application models)• No 3rd party software available• Scanning additional domains/zones not permitted• NMAP not permitted• SNMP login to firewalls/routers not permitted• Traceroute? Maybe….
Firewall/Routers
"Hop-count-trans" by Stagira - http://commons.wikimedia.org/wiki/File:Hop-count-trans.png#mediaviewer/File:Hop-count-trans.png
Getting Firewalls into the Model cont…
• Solution• Obtained a pre-defined list of “hand-off” routers• Started with pool of 100 dev hosts• TPL out of the question• Expanded to 1000 prod hosts• 200,000 remote IP addresses in ADDM (40,000 unique records)• Filtered to 7500 unique remote IPs, 230 outside of firewall• Output 4 csv files:
• Hosts with hand-off router connections• Hosts with no remote connections• Traceroute timings• Connection details
• Average 3 seconds per traceroute, 90 minutes to run.
Firewall/Routers
• Multinational retailer• In the process of mapping their additional applications.• Application models now considered core to move.
• Tier 1 Investment bank• 1st Stage proof of concept success.• Considering expanding script to other datacenters for holistic view.
Summary
• Application Models can be extended to include• Routers• Load Balancers• Firewalls
• ADDM is a ‘must-have’ tool for datacentre migrations• Provides visibility of ‘what’ is connected ‘where’• Important to understand how the application model differs from HLD
Summary
Questions?
https://communities.bmc.com/ideas/7623
http://www.slideshare.net/WesFitzpatrick/bmc-addm-cheat-sheet-css-delivers-37644290
Recommended