Computers and Electronics from the Shadetree Tech

Visibility

Visibility provides insight into network activity, usage and performance. In short it gives you the information you need to keep your network operating at peak performance. 

Visibility into the use of the network provides instantaneous feedback that can be used by an organization to improve their business decisions. Many organizations are facing costly bandwidth upgrades that they believe will resolve the existing problems they are having with network and applications performance. Often when layer 7 deep packet inspection capabilities are employed, an organization gains instant visibility into the use of the network and determines that large quantities of network traffic are non business related. This is often as high as 70-80% of their network traffic. If an organization can scrape or squeeze even 50% of the traffic from the network because it is non business related this amounts to a huge savings by foregoing a bandwidth upgrade or even reducing their current bandwidth capacity. It can also lead to productivity improvements for the users as the critical applications perform more effectively.
Inspection
Layer 7 Classification – Utilizes application signatures to identify and control applications based on the data payload within the packet. This is a required technology to classify and control port hopping applications or to further decipher applications riding within other protocols like video or audio streaming within http.

Layer 7 classification requires WAN Optimization appliances to perform Deep Packet Inspection or DPI. This forms the foundation of next generation traffic shaping products. DPI provides application awareness by analysis of the content in both the packet header and the payload over a series of packet transactions. DPI provides the ability to analyze network usage and optimize network performance by inspecting the complete communication including all layers of the OSI model.
Signatures are the core of Deep Packet Inspection technology. They are patterns that allow unique identification of an application or protocol similar to how and x-ray machine identifies hazards in baggage or how fingerprints are used to identify individuals.

The ability to look inside the packet payload offers capabilities such as URL reporting and control, complete application identification of recreational, peer 2 peer, gaming, streaming video and radio, and many other non critical applications. It also allows identification of business critical applications to ensure these are not impacted by non business network use.

Heuristic Classification – Allows visibility and control of a new breed of advanced applications such as Bit Torrent and Skype that use full encryption techniques to mimic other applications. These are some of the most aggressive and harmful applications to networks.

Heuristic inspection is an additional requirement for complete traffic classification in today’s networks. A few years ago the level of sophistication of many protocols and applications like BitTorrent p2p increased to a level where deep packet inspection was ineffective. These applications have always been difficult to identify but deep packet inspection was capable of doing this. With the increase in sophistication these applications and protocols now completely encrypt the communications which scrambles the packet payload beyond recognition. There is no use of SSL certificates or other means to identify the traffic so heuristic based inspection was developed to classify the traffic based on behavior by correlating a number of attributes of the traffic. Packet size, packet frequency, connection frequency, and more…

Drill Down Capabilities – Allows correlation of user and application usage. Without the ability to drill down and see what applications users are running or what hosts are generating the most application traffic you cannot gain a full understanding of user and application usage on the network.

Real Time Monitoring – Provides instantaneous views into what is happing on the wide area network from a user, application, and conversation perspective. Real time monitoring must also be capable of viewing Layer 7 information such as what URL’s a user is accessing and their precise bandwidth usage over the instance in time.

Top Talkers/Top Conversations – Information should be presented to the IT organization in a manner that is easy to understand and assimilate. Solutions that require extensive investments in training to obtain value are not suitable for today’s reduced staff, resource constrained environments.

User Identification – The use of IP address information is no longer effective to monitor and control user activity on the network. When every system had a static IP address that was tied to a PC in a cube or a public PC at a library it was easy to track the source of the traffic. Today’s network users are using laptops, smartphones, wireless and wired connections, and are connecting to the network from offices, conference rooms, class rooms, libraries, cafeterias, and more. The use of dynamic IP addressing makes tracking a users activity across these various connections and devices almost impossible for an organization. The ability to seamlessly track usage back to a user is critical for an organization to enforce acceptable network use policies and to have the needed visibility to overcome the challenges of today’s mobile computing environments.

Integration with Microsoft Active Directory provides fine-grained visibility into network usage by mapping all network traffic to Users. You can view traffic usage by user names and create policies to manage bandwidth for users rather than IP addresses, especially in dynamic address environments. Policies can be applied to individual users or to whole active directory groups such as the finance department or all printers. This allows you to report and digest information the way you want it, saving you time and money and the ability to make decisions and react quicker.

Anonymous Proxy Detection – Organizations have implemented firewalls, URL filters, and appropriate network use policies to keep their network safe. Anonymous proxies allow a user to easily bypass these policies, and bypass them while going undetected. In addition there are new anonymous proxies available each and every day making it extremely difficult for an organization to block their access. This creates a security holes allowing the potential for malicious or illegal content as well as opening up an opportunity for a user to access improper, banned, or illegal sites/resources/applications that may degrade the performance of the network and critical applications. As an organization plugs one hole a new one becomes available. Anonymous proxy detection using a several identifiers – URL, IP, domain, HTTPs and SSL application signatures and more.

Application Response Time Measurements – Quantify application performance from the end-user perspective. Application response time measurement detects how long end users are waiting for their applications to respond. It also helps to pinpoint whether a problem is network or server related. Equipped with this information, network managers can fine tune QoS policies to control application response times. These measurements are an integral part of a comprehensive solution. Without monitoring application response times, there is no clear measurement to know if application response times are improving.

Application response measurements provide valuable information so the network administrator isn’t clueless when the user complains about application performance. Viewing the network and bandwidth usage is important, it is absolutely critical to be able to see what’s happening on the network. However, just being able to see bandwidth usage and what applications are using the network resources isn’t necessarily providing the complete picture of the network. It is also critical to understand application response times. When there are performance issues what is to blame ? Is it the Network, Server or Application? Application response measurements provide objective data based on analysis of the actual user traffic in the network rather than synthetic measurements such as ping tests. This type of data can help prevent expensive network upgrades when the problem really might be a slow overloaded server or vice versa. 

Reporting
Real-time, Drill Down Correlation, On Demand
With the built in reports available with Exinda’s x60 appliances you can gain real-time visibility into network activity, identify performance issues as they are happening and rapidly troubleshoot your network. Alerts, warning and email notifications inform administrators of configuration errors, NIC drops and transmit and receive errors.

With either our cloud-based Service Delivery Point (SDP) or the built-in tools on individual appliances network managers can view summary reports of network activity or drill down for a more detailed granular view in order to pinpoint areas of concern on the network. If desired, a network manager or analysts can summarize and categorize peer-to-peer (P2P) and recreational traffic to determine how much time and data is being spent on non-business activities.

Exinda has built an extensive collection of out-of-the-box, customizable report templates that means customers spend less time and effort building reports. Run historical reports to identify trends in network usage and to aid in capacity planning. Automatically generate and distribute reports via email to customers, users and stakeholders to keep them informed of key metrics. Reports can be delivered in PDF format or in a variety of other formats suitable for further analysis.