OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks

OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. All

trademarks are the property of their respective owners and are used herein for identification purposes only.

Application and Network MonitoringLorna Robertshaw, Director of Applications Engineering

OPNET Technologies

OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.

All trademarks are the property of their respective owners and are used herein for identification purposes only.

Corporate Overview• Founded in 1986• Publicly traded (NASDAQ: OPNT)• HQ in Bethesda, MD• Approximately 600 employees• Worldwide presence through direct offices and channel partners

Best-in-Class Solutions and Services• Application Performance Management• Network Engineering, Operations, and Planning• Network R&D

Strong Financial Track Record• Long history of profitability• Trailing 12-month revenue of over $120M• Approximately 25% of revenue re-invested in R&D

Broad Customer Base• Corporate Enterprises• Government Agencies/DoD• Service Providers• Network Equipment Manufacturers

About OPNET Technologies, Inc.®



Analytics for Networked Applications

End-User Experience Monitoring & Real-Time Network Analytics

Real-Time Application Monitoring and Analytics

Systems Capacity Planning for Enterprises

OPNET Solutions PortfolioApplication Performance Management (APM)

Network Engineering, Operations, and Planning

Network R&D

Network Planning and Engineering for Enterprises

Network Planning and Engineering for Service Providers

Transport Network Planning and Engineering

Network Audit, Security, and Policy Compliance

Automated Up-to-Date Network Diagramming

Modeling and Simulation for Defense Communications

Wireless Network Modeling and Simulation

Accelerating Network R&D



Agenda

• Monitoring Application Behavior–Case Study: Impact of rogue application and users–Case Study: Impact of worms and viruses–Case Study: Impact of bottlenecks–Monitoring, Triage, and Forensics–Monitoring network and application behavior with OPNET ACE Live–Deep-dive packet analysis and forensics with ACE Analyst–Using application characterizations in OPNET Modeler

• Auditing Network Configuration–Case Study: Impact of misconfigurations on WAN infrastructure–Case Study: Default passwords on Internet-facing routers–Auditing device configurations with Sentinel–Providing network diagramming through NetMapper

• Questions



Monitoring Application Behavior



Case Study: Impact of Rogue Applications

• Company that does scientific research for defense agencies

• Large monthly costs for WAN connection between two main sites

• Link is often near saturation, so cost is justified

• Investigation finds one user responsible for 1/3 of total inbound traffic throughout workday – syncing home computer to work computer

• Possible security threat

• Huge monthly expense to company



Case Study: Impact of Worms and Viruses

• The perfect storm: Large software company. Battles between IT staff and developers over management of development servers.

• Blaster Worm (August 2003)• Worm caused infected computers to become

unstable• Infected computers also caused major network

outages that impacted non-infected computers!

• Network was unusable but no one knew why• Application monitoring showed ~150 infected

machines sending ARP requests for every IP they could think of

• It took 5 hours to find and unplug infected computers• Major business impact – tech support was down,

customer support site was down, lost productivity



Case Study: Impact of Network Bottlenecks

• Medical Service Provider

• One data center with large research facilities (high bandwidth), hospitals (lower bandwidth), and small strategic sites (T1, sufficient for 3-4 users)

• Citrix, Terminal services, WAN Optimizers deployed throughout to overcome network latency issues

• Tricky environment to troubleshoot and gain visibility!

• Users in low bandwidth locations experience high network congestion and retransmissions

• Monitoring showed that congestion correlated with times users were printing

• Single print server in the Data Center was a huge bottleneck and was impacting high priority traffic to the strategic sites


All trademarks are the property of their respective owners and are used herein for identification purposes only.9OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.


Three Dimensions of Application Performance Management

Monitoring: high-level view• Broad visibility (network, server…) • Real-time dashboards • Alerts when user experience degrades• SLA violations• Trending and historical data

Forensics: root cause• Follow user transaction across network and

through servers• Identify specific cause (network event, line

of code, etc.)

Triage: initial troubleshooting• Localize problem (who, what, when, how bad)• Due to network or server?• Which team to call next?• Snapshot and archive forensic data


All trademarks are the property of their respective owners and are used herein for identification purposes only.10OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc.

All trademarks are the property of their respective owners and are used herein for identification purposes only.10

ACE Live

ACE Live

Data Center

• Real-time agentless performance monitoring

• Broad coverage with a small footprint (all users and all applications)

• Localize performance problems and differentiate between network and server delay

• Snapshot detailed data for forensic analysis



End User Experience Monitoring

• 24x7 application monitoring appliance– End-user response time for all transactions and users

• Auto-discovers applications out-of-the-box– Oracle, Peoplesoft, SAP, Microsoft, IM, P2P, others

• Intuitive, easy-to-use, low TCO– One-click guided work flows – Web-based dashboards; customizable reports– Installed and configured within 1 hour

• Unified views across the enterprise• Automatic analysis

– Components of delay, top-talkers – Dynamic thresholds— “learns” abnormal behavior– Historical trending (up to one year)

• Real-time VoIP performance management• NetFlow collection

– NetFlow and user response time in a unified view in a single appliance

• Exclusive: Integrated monitoring and troubleshooting

– Integrates with ACE Analyst for root cause analysis

Executive dashboard of real-time performance

SLA monitor highlights poor performance

Quick, easy network troubleshooting



ACE Live “Insights”• Easy guided workflows for troubleshooting and analysis

–Point-and-click wizards automate best practices–Accomplish complex tasks at a mouse-click–Customizable



Bandwidth Hogs



Alerts: Potential DoS Attacks



Worm Hunt: Detect External Attacks



End-User Response Times: Server Delay



End-User Response Times: Network Delays



Analytics for Networked Applications

• Automatic root-cause analysis– Visualize application behavior across the network– Diagnose root causes of response-time delay– Validate proposed solutions– Certify new applications prior to rollout

• Restores network-tier visibility in WAN-optimized environments

– Support for leading vendors (e.g. Riverbed, Cisco, Juniper)

• Response time prediction using a behavioral application model

– New application deployment – Data center migrations – Server consolidation and virtualization– WAN optimization deployment– Application deployment to new locations

• Over 700 protocol and application decodes– Citrix, Oracle, SQL Server, Web Services, others

Predict response times

Summarize components of response-time delay



ACE Analyst for Deep Dive Forensics

• Visually see the connections

• Gantt chart of each conversation

• Drill into packet decodes

• Shorten time/skillset needed to analyze packet captures



Application Characterization for simulation in OPNET Modeler

• Real traffic patterns add accuracy to simulated models

• Simulate DoS attacks etc.



Application Monitoring: Summary

• Quality monitoring tools will help you:–Weed out rogue applications–Detect and study security threats–Only pay for bandwidth you need–Avoid congestion caused by inefficient architecture–Understand import of issues on end-user experience–TRIAGE problems and allow deeper dive into FORENSICS tools

• Keys to deploying application monitoring solutions:–Diverse user community with different access levels, cross-disciplinary communication–User training–Hook into existing tools wherever possible, look for integrated tool suites rather than point solutions



Network Configuration Monitoring



Case Study: Impact of misconfigurations on WAN infrastructure

• Global ISP

• Core routers have HUGE routing tables

• Peering points to customer networks use route filters to avoid bombarding CE routers with Internet routing tables

• Operator fat fingers route filter name

• Cisco IOS responds by sharing no routes

• Months pass…

• IOS upgrade occurs

• IOS throws out the command altogether

• ALL routes sent to CE router

• Outage in middle of business day



Case Study: Default Passwords

• Large insurance company with stringent regulatory requirements (SOX, HIPAA)

• Some routers and switches in production network still have “staging” configurations

• Default username/pw combinations (cisco/test etc) found on Internet facing devices

• Production community strings found on devices

• Major changes required to entire network in case the devices had been compromised

• Could have been worse!



Network Audit, Security, and Policy-Compliance

• Reduce network outages–Detect configuration problems before they disrupt network operations

–Automatically audit production network configuration with ~750 rules

• Ensure network security–200+ security rules

• Demonstrate regulatory compliance–Generate self-documenting, customizable reports

–Leverage rule templates for rapid customization



Sentinel Architecture

Near Real-Time Comprehensive Network Model

Scheduled Audit Engine

Production Network

Configuration & Topology

Third Party Data Sources



Security Standards and Guidelines

Standard/Guide Description Applicable Organizations

PCI Data Security Standard

Describes the Payment Card Industry (PCI) Data Security Standard (DSS) requirements.

PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or transmitted.

* Banks* Credit Card Merchants

NIST Special Publication 800-53(also basis for FISMA compliance)

Provides technical guidance to enhance the confidentiality, integrity, and availability of Federal Information Systems.

This document is provided by NIST as part of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, P.L. 107-347.

* DoD* Defense Contractors * Federal Agencies

DISA Network Infrastructure STIG

Provides security configuration guidance to enhance the confidentiality, integrity, and availability of sensitive DoD Automated Information Systems (AISs).

This Security Technical Implementation Guide (STIG) is provided under the authority of DoD Directive 8500.1.

* DoD* Federal Agencies * Defense Contractors

NSA Router Security Configuration Guide

Provides technical recommendations intended to help network administrators improve the security of their routed networks.

The initial goal for this guide is to improve the security of the routers used on US Government operational networks.

* Federal Agencies* DoD* Enterprises* Service Providers

NSA Cisco IOS Switch Security Configuration Guide

Provides technical recommendations intended to help network administrators improve the security of their switched networks.

The initial goal for this guide is to improve the security of the switches used on DoD operational networks.

* DoD* Enterprises* Service Providers

Cisco SAFE Blueprint for Enterprise Networks

Provides Cisco’s best practices to network administrators on designing and implementing secure networks.

* Enterprises

ISO-17799 Provides guidelines and general principles for initiating, implementing, maintaining, and improving

information security in an organization.

This is an International Standard developed by the International Organization for Standardization (ISO) and the International Electro technical Commission (IEC).

* Enterprises



Example Sentinel Reports



Example Sentinel Reports



Automated Network Diagramming

• Automatically generate up-to-date network diagrams

• Published in Microsoft Visio® format

• Comprehensive and detailed unified network views

–Physical layouts–Detailed configuration information–Logical views including Layer 2/3, VPN, OSPF, BGP, and VLANs

–Custom annotations

• Benefits–Meet regulatory compliance requirements: PCI, SOX, etc.

–Accelerate network troubleshooting–Perform effective asset & change management



Questions?

Documents

OPNET Confidential – Not for release to third parties. © 2009 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks