Embed Size (px)
Citation preview
Performance Vision
Agenda
What’s new in SecurActive
Performance Vision v2.9?
Performance Vision
Official Version
v2.3
v2.5
v2.9
Performance Vision (NPS & APS)
Main new features Virtualized Environments
Virtual Collector & Virtual Pollers
Alerting for BCA/BCN through SNMP
New metric: 0-Window Multiple improvements in:
Distributed mode Network sniffing Reporting and GUI
What’s New?
Q4 2011 Q1 2012Q3 2011
Performance Vision
Performance Vision v2.9?
Virtual Environments (VMWare)1. Virtual Poller2. Virtual Collector
Performance VisionPerformance Vision
Performance Vision
Local
Central Site
Single NodePerformance Vision
Appliance
Performance Vision Single NodePerformance Vision
Appliance
Performance Vision
Performance Vision
Applications, Databases, Intranet, Files, Mails... Users Users
Internet
Firewall
Core Switches Monitoring Port(s)
Admin Port
Performance VisionPerformance Vision Single NodeVirtual Performance
Vision
Virtual Performance Vision
Local
Central Site
Performance Vision Single NodeVirtual Performance
Vision
Performance Vision
Monitoring Port(s)
Admin Port
Applications, Databases, Intranet, Files, Mails... Users Users
Internet
Firewall
Core Switches
VMWare ESX
VirtualPerformance
Vision
Virt
ual S
witc
h
Virtual NIC
Physical NIC
Performance VisionPerformance Vision
Network
Appliance Poller
Appliance Collector
Local
Distant SiteDistant Site
Central Site
Appliance Poller
Distant Site
Appliance Poller
Distributed EnvironmentPerformance Vision
Appliances
Performance Vision Distributed EnvironmentPerformance Vision
Appliances
Performance Vision
Appliance Collector
Applications, Databases, Intranet, Files, Mails... Users Users
Internet
Firewall
Core Switches Monitoring Port(s)
Admin Port
Switches
SPV Pollers
WAN
Distant Site
Performance VisionVirtual Poller
Performance Vision
Network
Appliance Collector
Local
Distant Site
Central Site
Appliance PollerVirtual Poller
Distant Site Distant Site
Appliance Poller
Performance Vision Distributed EnvironmentPerformance Vision Mix
Performance Vision
Appliance Collector
Applications, Databases, Intranet, Files, Mails... Users Users
Internet
Firewall
Core Switches Monitoring Port(s)
Admin Port
Switches
SPV Virtual Pollers or Appliances
WAN
Distant Site
Performance Vision
Network
Appliance Poller
Virtual Collector
Virtual Poller
Local
Distant Site Distant Site
Central Site
Virtual Collector
Virtual Poller
Distant Site
Performance Vision
Applications, Databases, Intranet, Files, Mails...
Internet
Firewall
0 1
Performance Vision
Users Users
Monitoring Port(s)
AdminPort
VMWare ESX
Virtual Machine
1
Virtual Switch
Virtual Machine
2
Virtual Machine
3
Virtual Machine
n
Performance Vision can see traffic from/to the VMWare, but cannot see the traffic inside it. Core Switches
Performance Vision
Applications, Databases, Intranet, Files, Mails...
Internet
Firewall
0 1
Performance Vision
Users Users
Monitoring Port(s)
AdminPort
VMWare ESX
Virtual Machine
1
Virtual Switch
Virtual Machine
2
Virtual Machine
3
VirtualPollerSPV
Listening modes: Promiscuous Mode VDS or 3rd Party vSwitch (with SPAN) Virtual TAP
Core Switches
Performance Vision
Trial Audit Express Performance Vision
Modules APS APS NPS/APS NPS/APP/APS
Max Interfaces 3 10 3 10
History 15 days 30 days 15 days 360 days
Distributed - - -
Max Pollers - - - 1,2,3+
Reporting - -
Support - - Option
Licence Free for 15 days
Expires after 30
daysUnlimited Unlimited
VMWare Versions
Performance Vision
Performance Vision v2.9?
Information System Integration BCA & BCN values available
through SNMP
Performance VisionBCA / BCN & SNMP
Business Critical Applications and Business Critical Networks metrics (and sub-components) are available through SNMP.
The values can be queried through SNMP (see Performance Vision MIB)
SNMP
Centralized Monitoring
Custom Alerting System
Proactive Issue Solving
Performance Vision
Performance Vision v2.9?
Multiple Improvements!
New features Ease of Use
Performance Vision
Workflow Drill-Down for TCP Conversations & Events
Improved Data Presentation
Tops Reorganization: Easy access to most active elements
Version 2.5 Version 2.9
Performance Vision
Conversations
Flow Detail
TCP Events
Improved Data Presentation
Workflow Drill-Down for TCP Conversations & Events
Performance Vision Improved Filtering Options
Advanced Filters, Search Flows
Without Payload Without VLAN tag Identified as Unilateral flows Without transactions IPv6 only With retransmission Non Classified Applications Without Connections
Cleans main menu entries and improves filtering possibilities
Performance Vision Improved Filtering Options
More details added into top views One-click access to conversation
details
Version 2.5
Version 2.9
Performance Vision Improved Filtering Options
Easily create a traffic matrix based on custom Source & Destination IP addresses or subnets
Performance Vision
Time frame selection improved: New time intervals (1 hour
default) Fixed dates Keep last five recently used
intervals
Improved Usability
Online help: One-click access to documentation
Performance VisionReports
Reports: Page ordering made easy
Simple Drag’n drop
Time interval is now displayed for easier access to information
Performance VisionReports
As reports are stored on the probe and available through ftp, email recipients are now optional
Performance VisionExport as PDF
You can now export each view as PDF file in one single click
Performance VisionImproved Usability
DNS: On demand one-click name resolution (on/off)
Performance Vision Regular Expression for Web Applications
More flexibility: Use regular expression for Web applications
For validation you can check regular expression detection
Usage of Regular Expressions can be extremely resource consuming
Performance VisionVendor / MAC Address
Display Vendor name based on MAC address: On demand one-click name resolution (on/off)
Performance Vision
Performance Vision v2.9?
New Metric
Zero Window Event
Performance Vision New MetricTCP Zero Window
Count number of events. Tells that the receiver’s buffer is full and that the sender must wait before sending more data.
Performance Vision
Performance Vision v2.9? Network Sniffer Improvements
De-duplication process takes into account if vlan & interfaces are aggregated or not
Better segregation of ICMP messages Avoid that standard TCP keep-alives impact
metrics calculation New heuristic to find out clients from servers
without SYNs Support for HTTP chunked transfer encoding Conntracking improved for SIP protocol
Performance VisionAutoPCAP & PCAP
days
AutoPcap files are now kept for 72 hours instead of 48 hours to cover the week-end
Limitation on storage size for manual PCAP files has been removed. User can now freely manage size of captures depending on available storage capacity
Performance Vision
Performance Vision v2.9?
Improvements in Pulsar
Performance VisionPulsar
Reset Unified “reset” command
Performance VisionPulsar
New or Improved Commands
csv_status ethtool ifconfig ip ntpdate
Performance VisionConsole Port
You can now also use the console port to access to the probe
Performance Vision
Performance Vision v2.9?
Main Impacts compared to 2.5: Data Transfer Time (DTT & EURT) Retransmission Rate (RR) Reports
Performance VisionData Transfer Time (DTT)
If there is no data transfer for a transaction after one second, the DTT metric will now timeout. We consider that the last packet received was the one to take into account for the DTT.
DTT metrics may appear with slower values (and so EURT)
Performance VisionRetransmission Rate (RR)
The Retransmission Rate is now computed regardless of empty packets.
RR metrics may appear with higher values.
Performance VisionReports Scheduling
For Reports, date of queries are not longer relatives
Existing reports may be impacted (depending on contains)
Performance VisionSystem Access
Direct System Access
Only for Certified Partners / Resellers
Platform specific (case by case) Support handled by Partner / Resellers Updates are not guaranteed Reinstallation: a new disk is sent
Performance Vision
THANK YOU!
For any [email protected]
Please Visitwww.securactive.netblog.securactive.net
