NetScout’s Innovative nGenius® AFMon
Integrated Performance Monitoring &
Forensic AnalysisIntroduction
www.NetScout.com
Agenda
Performance Management Challenges
nGenius AFMon Features and Benefits
Top Down Troubleshooting and Superior
Forensic analysis to Reduce MTTR
NetScout is a strategic vendor partner
Performance Management Challenges
Challenge:
– Intermittent problems wreak havoc
– Optimal performance of key applications
– Degradations, intermittent problems can be elusive
– To speed up problem resolution
Needs:
– Ability to automatically analyze traffic
– Continuously retain evidence to recreate a complex
incident
– Discover root cause without waiting for the event to recur
Presenting
Combines application level monitoring and analysis with
continuous packet capture for post event data mining
Architecture purpose built for high performance recording
and infrastructure monitoring
High capacity, highly available hardware platform
nGenius Application Fabric Monitor
An architecture and design to dramatically reduce MTTR and improve QoE
Targeted at applications requiring extreme availability and responsiveness– e.g. Revenue impacting business services
Designed for deployment in complex, next generation environments– Ultra high speed networks
– High performance servers
– Distributed and multi-tier applications
Benefits of nGenius AFMon
Reduce MTTR with:
– Rapid, Top-down Troubleshooting
– Superior Forensics Analysis
Visibility into how the network is used
– Complete Application monitoring and profiling
State of the Art Hardware appliance
– Scalable Recording and Data-mining Architecture
Reduced TCO with unified, integrated support for multiple
technologies
– Cost-effective
– Investment Protection
Company Confidential
More than alarm notification, it
contains a description of what
triggered the event for quicker
problem identification…
… And a URL to launch a
context-sensitive view in nGenius
… And detailed Alarm views and Power
Alarm Evidence at your fingertips
Context-sensitive integration with leading enterprise management
systems. Alarm messages contain problem description and a URL
to launch the exact views in nGenius relating to the problem
Company Confidential
Seamless navigation from flow to packet: Intuitively drill down to any
level of granularity with just a right-click – even to sub-second statistics or a
packet decode – to solve even the most complex or subtle problems
Seamless user experience for navigating from high-level
to detailed (packet-level) troubleshooting.
Tight integration of nGenius AFMon with nGenius
Performance Manager
Seamless drill-down from flows to packet-level data
– Users navigate from 1 minute to sub-second data
Single login
– Access AFMon data without a secondary login
Continuous capture driven off of CDM flow configuration
– Automatically collects packet level data from physical as well as
virtual interfaces
Top Down Approach to TroubleshootingLowers MTTR
Company Confidential
Faster MTTR with Superior Forensic Analysis
Company Confidential
Faster MTTR with Superior Forensic Analysis
Metadata for faster summary decodes, filtering, and post
capture displays
Decode engine runs on recording appliance
Reporting off loaded from the recording appliance
Quickly hone and refine your
data set using advanced
filtering and rules capabilities
Custom create rules library, identifying the precise
combination of addresses, ports, applications and
patterns to be identified, or use pre-defined Expert Rules
Superior Forensic Analysis
Expert Analysis– Expert Zoom and Data Mining
interface with multiple workspaces
– Broad support of over 1000 protocol decodes
– TCP Session Follow
– Bounce Diagrams
Intuitive, flexible GUI– Multi-user, Web-based console
– Eases search process
Incident Reports for collaborating and communicating with others
Highly Efficient ArchitectureScalable recording and analysis architecture
Deep Packet Capture Flow Monitoring
Netscout ApproachTraditional Approach
Efficient
On-board AnalysisInefficient
Client-based Analysis
NetScout Competitor
Highly Efficient ArchitectureScalable recording and analysis architecture
Case in Point: Solution Architecture Wins Business
Bank in North America has assets
approaching $300 Billion
2 trading floors – Chicago, New York,
& NJ disaster recovery
Pain Point: Needs continuous capture
and monitoring on trading floors
– Need both flow based monitoring and
trending for troubleshooting and
capacity planning Plus recording for
in-depth analysis because of the
value of the financial trades
– Current solution in Chicago not
working – network managers
constrained by time delays in viewing
packet trace files when pulling them
over the network.
With the nGenius AFMon,
they are able to perform top
down troubleshooting with
detailed analysis of
applications and
conversations. When
necessary for in-depth
troubleshooting the actual
packets are available for
event reconstruction and
forensic data mining without
adding load to the network.
Visibility into how the network is usedComplete Application monitoring and profiling with CDM Virtualization
Application identification - Common matrix for multimedia voice, video and data– Well known, complex, custom, URL based
– VoIP for RTP, SIP, MGCP, H.323, SCCP
– Industry specific i.e.: FIX protocol, IP Multicast and PACs
– Application discovery for TCP and UDP unknown
– No data reduction – all applications
QoE / Response time analysis
Proactive Alarms for thresholds, response times, time over threshold and microbursts
Virtual interface analysis for VLANs, VRFs, QoS, or sites
Post-capture filters by variety of metrics, not just by IP address, ie: CDM port #
Company Confidential
Application Discovery Visibility into Unknown Traffic
Identify Port-to-Port
conversations for
unknown applications
– Can be logged Historically
with 1-minute resolution
Reduced nGenius Solution TCO Unified, integrated support for multiple topologies
Can instrument where and how IT organization requires
– nGenius Probes, nGenius AFMons, nGenius Collectors
10 Gigabit Ethernet Support
– Available in nGenius Probes today
– Available in nGenius AFMons next quarter
MPLS support for both Remote Sites or VRFs
Virtual interface analysis for VLANs, DLCIs, PVCs, along
with associated QoS classes
State of the Art Hardware Appliance Optimized Performance - Highly Available
OS Reliability
– Security hardened Linux appliance
– Operating system is located on dual internal OS drives configured
separate from the main storage array
Redundant hot swappable power modules
RAID-5 with hot standby and hot swappable disks
– If one drive fails, standby automatically kicks in – if that drive fails,
RAID 5 kicks in
Dedicated disk controller port per disk
– Enables simultaneous write to all disks
Compatibilities
– nGenius Performed Manager 4.0 required
– CDM v4.0 Agent Firmware
Flexible, Cost-effective configurations
Multiple functions in a single box (not just a single
solution set)
– Superior hardware at competitive prices
– Feature rich solution set
0, 2TB, 4TB, and 8TB configurations
Flexible port configurations
– 4 HDX/2 FDX ports and 8 HDX/4 FDX port configurations
SFP or 10/100/1000Base-T capture port configurations
Model # Description
4910/LS-3U nGenius AFMon, 4 SFP* configurable Gigabit, up to 2 TB storage
4910 nGenius AFMon, 4 SFP* configurable Gigabit, up to 4 TB storage
4910/HS nGenius AFMon, 4 SFP* configurable Gigabit, up to 8 TB storage
4916/LS-3U nGenius AFMon, 4-Port 10/100/1000Base-T, up to 2 TB storage
4916/HS nGenius AFMon, 4-Port 10/100/1000Base-T, up to 8 TB storage
4986/LS-3U nGenius AFMon, 8-Port 10/100/1000Base-T, up to 2 TB storage
4986/HS nGenius AFMon, 8-Port 10/100/1000Base-T, up to 8 TB storage
Flexible, cost-effective configurationsFlexible Configurations
*Requires one SX, LX or TX SFP transceiver per port (sold separately)
Case in Point: Troubleshooting employee remote
access problem
New England based insurance
company
Pain Point: Remote employees
having trouble accessing network
resources
– LDAP servers source of many
problems
– Intermittent issues were elusive
nGenius AFMon provided continuous
capture and recording for in-depth
troubleshooting forensics
Discovered two
LDAP servers had
their authentication
databases out of
sync and were
spending their cycles
trying to sync their
databases
Realizing value from monitoring & recording
Geographic location requires coverage– Trading Floors
The business service demands it– Application servers with customer order information
Key network management objectives dictate analysis– Mission Critical Links with crucial or high concentration of
conversations
– Locations with chronic, highly visible, difficult to resolve intermittent problems
Critical tasks or functions point to solution– Ensuring SLAs
Superior Company
Technology leader with a
clear vision
The most experienced team
in the industry
– Founded in 1984
– Over 360 employees
Growing, profitable
– $100M revenue run rate
– $95M in cash, no debt
World-wide distribution and
support
Reduced MTTR with Unified Solution– Integral part of enterprise-wide nGenius Solution
– Top down approach with data mining using CDM metrics
Lower TCO with Architecture Advantages– Better performance
– Larger capacity
– Highly available architecture
– Integrated CDM and reporting functionality
– All-around better value
NetScout is a strategic vendor partner– Technology leader
– Financial stability
Summary –nGenius AFMon is superior to the alternatives