Upload
wildpackets
View
334
Download
5
Tags:
Embed Size (px)
DESCRIPTION
Late in 2013 TRAC Research, a market research and analyst company that specializes in IT management, published research findings on key trends in the Network Performance Monitoring market. The research highlights some challenges, and well as some common misconceptions, with the state of Network Performance Monitoring solutions. Join us as we host Bojan Simic, Principal Analyst at TRAC Research, who will share his insights on these research findings as well as his perspectives on the changing landscape in the Network Performance Monitoring market.
Citation preview
www.wildpackets.com © WildPackets, Inc. Copyright 2014 – All rights reserved
Show us your tweets! Use today’s webinar hashtag:
#wp_networkperformance with any questions, comments, or feedback.
Follow us @wildpackets
Bojan Simic President and Principal Analyst TRAC Research
The Changing Landscape in Network Performance Monitoring
Jay Botelho Director of Product Management WildPackets
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
Administration
• All callers are on mute ‒ If you have problems, please let us know via the Chat window
• There will be Q&A ‒ Feel free to type a question at any time
• Slides and recording will be available ‒ Notification within 48 hours via a follow-up email
2
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
Agenda
• NPM by the Numbers • Network Forensics for NPM • Configuring Your Network for Forensics • Customer Use Cases • Best Practices in Network Forensics • WildPackets Corporate Overview • WildPackets Product Line Overview
3
www.wildpackets.com © WildPackets, Inc. Copyright 2014 – All rights reserved
Network Performance Monitoring By The Numbers
4
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
NPM research- demographics
406 participants Company type: 70% - Enterprise 28% - Service Providers
Company size: 41% - Large organizations 38% - Medium 21% - Small
TRAC Research, Inc
Geography 56% - North America 24% - EMEA 14% - APAC
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
Top strategic goals for managing network performance
TRAC Research, Inc
22%
23%
42%
43%
53%
Reduce OPEX
Meet compliance requirements
Improve user experience
Improve ability to dynamically adapt tochanges in IT environments
Enable networks to support roll-outs of newtechnologies
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
Key IT initiatives impacting network performance
TRAC Research, Inc
48%
54%
59%
65%
66%
69%
72%
BYOD
Public Cloud services
Video conferencing
Virtual desktops
Enterprise Mobility
Big Data
VoIP
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
Ability to assess impact of new technology roll outs on network performance
41%
38%
21%
Fully meets goals Partially meets goals Doesn't meet goals
TRAC Research, Inc
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
Key challenges for network performance management
TRAC Research, Inc
29%
29%
35%
36%
41%
46%
Inability to identify potential performanceissues when designing the network
Difficulty determining next steps to take whena problem is detected
Oversubscribed network monitoring tools
Lack of visibility into the business impact ofnetwork performance
Lack of visibility into application performance
Inability to identify root cause of performanceproblems in a timely manner
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
31%
28%
25%
16%
0-20% 21-50% 51-80% 81-100%
Percent of performance incidents that are proactively prevented
TRAC Research, Inc
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
Key capabilities organizations are looking to deploy
TRAC Research, Inc
24%
27%
30%
30%
34%
39%
Ability to monitor VM-to-VM communications
Single platform for managing networkperformance and security
Access to network performance data based onjob role and level of responsibility
Ability to monitor impact of routing changeson network traffic activity
End-to-end visibility into applicationtransactions
Ability to analyze and report performanceissues at 10Gbps line rate
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
Key challenges for using packet capture solutions
TRAC Research, Inc
34%
40%
41%
51%
59%
Inability to collect packets at all networklocations
Lack of capabilities for analyzing / searchingrecorded network traffic
Inability to support 10Gb networks
Reliability of captured data
Number of dropped packets
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
Executive Summary
32%
38%
42%
61%
63%
Number of false alerts
UI is difficult to use
Number or "false positives"
Amount of performance data that is not relevant
Time spent correlating performance data
Key challenges for making data actionable
TRAC Research, Inc
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
31%
38%
48%
49%
59%
Better align IT with business strategies/goals
Improve utilization of existing IT resources
Reduce cost of managing IT
Improve flexibility of IT infrastructure
Increase amount of IT resources available forinvesting in innovation and new services
Key strategic goals of CIOs
TRAC Research, Inc
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
By the numbers... 64% of organizations reported that managing
network performance has become more complex over last 12 months Organizations are losing on average $72,000 per
minute of unplanned network downtime 48% of organizations reported that, on average,
they spend more than 60 minutes on repairing performance issues - per incident
TRAC Research, Inc
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
Summary and key takeaways Network is becoming more of a strategic asset Traditional tools are not as effective in managing
high speed networks Proactive management of network performance
results in measurable business benefits Organizations are looking to improve their ability
for managing performance of VoIP and other real-time applications Quality of user experience is becoming a key metric
for monitoring network performance
TRAC Research, Inc
www.wildpackets.com © WildPackets, Inc. Copyright 2014 – All rights reserved
Network Forensics NPM at 10G and Beyond
17
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
What is Network Forensics ? • Marcus Ranum is credited with defining Network
Forensics as “the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents.” (wikipedia)
• It’s not like TV – employ forensics before the “crime” - network traffic is transmitted and then lost, leaving no clues behind
• Other names: packet mining, packet forensics, digital forensics
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
Network Forensics Drivers
• Faster networks/greater data volumes ‒ 10/40G adoption grew 62% in 2012 ‒ 75% of the investments in networking are for 10G1
• Richer data • Subtler and more malicious security threats
‒ Zero-day attacks ‒ APTs (Advanced Persistent Threats) ‒ 75% of data breaches financially motivated ‒ 66% of breaches took months or longer to discover2
• Sampled data and high-level stats ‒ Flow-based network monitoring vs. detailed DPI analysis
19
1 http://www.infonetics.com/pr/2013/2H12-Networking-Ports-Market-Highlights.asp 2 http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2013_en_xg.pdf
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
Why Forensics?
• Validate what your logs are telling you • Generate alarms/alerts on data you’ll never find in
logs • Invest time analyzing, not reproducing • Immediately begin investigating the issue – you have
a recording of the incident! • Isolate key data – from multi-TB archives - rapidly
and intuitively • Understand the depth of penetration for any incident
www.wildpackets.com © WildPackets, Inc. Copyright 2014 – All rights reserved
Configuring Your Network for Forensics
21
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
Requirements for a Network Forensics Solution
• Capturing and recording data ‒ 10/40G network support ‒ No dropped packets – 100% fidelity ‒ Continuously available ‒ Always test in your environment
• Discovering data ‒ Timely results delivery ‒ Filtering for IP addresses, applications, etc.
• Analyzing data ‒ Automated analysis – Expert events ‒ Simple, intuitive workflow ‒ Data visualization from multiple perspectives
22
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
10G Network Analysis Workflow
Identify Key Analysis Pts
Deploy 24x7 Monitoring
Alarms/ Alerts
Problem?
Rewind Data Analyze Tune if
Necessary
NO
YES
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
A Solution for Every Network
24
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
Forensic Analysis – Capturing An Attack IDS/IPS System
1. Attack bypasses firewall
3. Event logged, attack partially tracked by IDS
2. Data Recorder records and aggregates data throughout attack
4. Post event analysis reveals attacker, method, damage!
Servers
www.wildpackets.com © WildPackets, Inc. Copyright 2014 – All rights reserved
Customer Use Cases
26
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
Tracing a Server Attack Security solution raises alert about unusual server
activity on 10.4.3.248
27
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
Tracing a Server Attack (cont.)
Network forensics records all network traffic, providing detail at the time of the CIFS burst, and its
consequences
28
Three more systems now need to be added to the
quarantine list
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
Demonstrating Security Compliance • Sensitive data should never be sent in the clear • “Negative” filters can be used to capture only
packets that display a given set of characteristics – like numeric strings with a format xxx-xx-xxxx
29
You hope to never see
this!
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
Transaction Verification
• Verify transactions that are called into question ‒ All routing information is preserved ‒ All data is preserved
• Verify online transactions ‒ Capture and store traffic containing credit card
transactions ‒ Easily determine whether an authorization of
denial was transmitted correctly ‒ Easily determine if guidelines are being
properly followed in authorizations or denials
30
www.wildpackets.com © WildPackets, Inc. Copyright 2014 – All rights reserved
Best Practices in Network Forensics
31
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
Best Practices for Network Forensics
Capturing Network Traffic 1. Capture traffic continuously 2. Deploy a solution that captures traffic reliably 3. Set up filters to catch anomalies Storing Traffic 4. Allocate sufficient storage for the volume of data
being collected 5. Adjust file sizes for the desired performance
optimization
32
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
Best Practices for Network Forensics (cont.)
Analyzing Traffic 6. Select a network forensics solution that supports
filters and searches that are fast, flexible, and precise
7. Record baseline measurements of network performance
8. Use filters to zoom in on the problem at hand
33
www.wildpackets.com © WildPackets, Inc. Copyright 2014 – All rights reserved
Q&A
Show us your tweets! Use today’s webinar hashtag:
#wp_networkperformance with any questions, comments, or feedback.
Follow us @wildpackets
Follow us on SlideShare! Check out today’s slides on SlideShare
www.slideshare.net/wildpackets
www.wildpackets.com © WildPackets, Inc. Copyright 2014 – All rights reserved
WildPackets Corporate Overview
Optimizing Network and Application Performance
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
Corporate Background • Experts in network monitoring, analysis, and troubleshooting
‒ Founded: 1990 / Headquarters: Walnut Creek, CA ‒ Offices throughout the US, EMEA, and APAC
• Customers spanning leading edge organizations ‒ Mid-market and enterprise lines of business ‒ Financial, manufacturing, ISPs, major federal agencies,
state and local governments, universities ‒ Over 7,000 customers / 60+ countries / 80% of Fortune 1,000
• Award-winning solutions that improve network performance ‒ Internet Telephony, Network Magazine, Network Computing awards ‒ United States Patent 5,787,253 issued July 28, 1998
• “Apparatus and Method of Analyzing Internet Activity”
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
Why Our Customers Need Us
• VoIP, video, cloud, virtualization, and key business applications are saturating critical network services
• Evolving network technologies create discontinuities ‒ 1 Gig 10 Gig 40 Gig 100 Gig networks ‒ Wireless, BYOD initiatives
• Users and business can not tolerate network problems for mission critical services
Increasing demand for better real-time network visibility, network analytics, network forensics, and DPI
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
How We Create Value
We provide innovative, industry-leading, real-time network performance management solutions
‒ Easy-to-use, easy-to-learn user interface ‒ Uniquely extensible solutions ‒ Wireless network leadership ‒ Detailed analytics related to network applications ‒ Fastest network traffic capture appliance in its class ‒ Technical superiority at competitive price point
WildPackets has continually advanced its solution to meet the needs of its customers
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
Unprecedented Network Visibility
ROOT-CAUSE ANALYSIS
OmniPeek network analyzer performs deep packet inspection and can reconstruct all network activity, including e-mail and IM, as well as analyze VoIP and video traffic quality.
PINPOINT NETWORK ISSUES ANYWHERE
Omnipliance Portable can rapidly identify and troubleshoot issues before they become major problems—wired or wireless—down the hall or across the globe.
UNDERSTAND END-USER PERFORMANCE Omnipliance network analysis and recorder appliances monitor and analyze performance across critical network segments, virtual environments, and remote sites.
NETWORK HEALTH
WatchPoint can manage and report on key device performance and availability across the entire network, from anywhere on the network.
GLOBAL
DISTRIBUTED
PORTABLE
DPI
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
A History of Innovation
2003 Distributed real-time
troubleshooting
2001 • First 802.11 wireless analyzer • First network analyzer with automated expert analysis
2005 Combined distributed network and VoIP network analysis
2008 Enterprise-wide
Monitoring and Reporting
2009 Innovative dashboard with drill-down for VoIP and video
2012 • Capture, record, and
analyze from 40G network segments
• First wireless network analyzer to support
801.11ac, k, r, u, v, w
2011 • Total visibility with zero packet loss • First wireless network analyzer to support capture and analysis of 802.11n 3-stream wireless
2010 First to achieve 11
Gbps sustained capture-to-disk
2013 Industry leading
network analysis and
recorder appliances
www.wildpackets.com © WildPackets, Inc. Copyright 2014 – All rights reserved
Product Line Overview
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
Omni Distributed Analysis Platform OmniPeek
Enterprise Packet Capture, Decode and Analysis
• Ethernet,1/10 Gigabit, 802.11, and voice and video over IP • Portable capture and OmniEngine console • Aggregate analysis data across multiple capture points
Omnipliance Network Analysis and Recorder Appliances
• High-performance packet capture and real-time analysis • Stream-to-disk for forensics analysis • Integrated OmniAdapter network analysis cards up to 40G
WatchPoint Centralized Enterprise Network Monitoring Appliance
• Aggregation and graphical display of network data • WildPackets OmniEngines • NetFlow and sFlow
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
Omni Distributed Analysis Platform Software and Turnkey Solutions
• Enterprise monitoring and reporting ‒ WatchPoint Server ‒ OmniFlow, NetFlow, and sFlow Collectors
• Network Analysis and Recorder Appliances ‒ Omnipliance CX, MX, TL ‒ Optional OmniStorage ‒ OmniAdapter analysis cards
• Distributed analysis software ‒ OmniPeek – Enterprise, Professional, Basic, Connect ‒ OmniPeek Remote Assistant ‒ OmniEngine Enterprise
• Portable solutions ‒ OmniPeek network analyzer ‒ Omnipliance Portable
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
OmniPeek Network Analyzer • Distributed analysis manager
– Connect to and configure distributed OmniEngines and Omnipliances,
• Comprehensive dashboards present network traffic in real-time – Vital statistics and graphs display trends on network and application
performance – Visual peer-map shows conversations and protocols – Intuitive drill-down for root-cause analysis of performance bottlenecks
• Visual Expert diagnosis speeds problem resolution – Packet and payload visualizers provide business-centric views
• Automated analytics and problem detection 24/7 – Easily create filters, triggers, scripting, advanced alarms, and alerts
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
OmniPeek Remote Assistant Distributed, End-user Packet Capture Made Simple
• Simple to deploy, simple to use ‒ Remote push, download from server, or even
email ‒ Simple user interface - eliminates confusion for
end user ‒ Full fidelity capture - see exactly what the PC
sees ‒ Wired or wireless
• Encrypted file ‒ Only the analyst can open it ‒ Different encryption keys for different locations
or customers
• Detailed client-side/end-user experience analysis
• Perfect for Tech Support or IT Desktop support
Trouble call from remote site - network response is slow.
User downloads and installs OmniPeek Remote. Encrypted capture
data sent back for analysis.
Network analyst uses OmniPeek Enterprise to quickly troubleshoot problem without leaving the office.
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
OmniWiFi USB WLAN Capture Adapter • A single device for all WLAN packet capture needs
• Driver included with Omni v7.9 CDs
• Tested and supported with OmniPeek and OmniEngine
• Product features: • USB device with extension cable • Dual band operation – 2.4GHz and 5GHz • Supports all standard international 802.11 channels (a/b/g/n) • Supports 802.11n - 3 transmit/receive streams (450Mbps) • Supports 802.11n 20MHz and 40MHz channel operation • Supports multi-channel aggregation and roaming
• Technical Details: ‒ Size (LWH): 6 inches, 1.5 inches, 5.5 inches ‒ Weight: 5.6 ounces
• Available via Amazon - $99/each
NOTE: • Capture ONLY – no network services • Does not capture 802.11ac
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
New Network Analysis and Recorder Appliances
Powerful Precise Affordable
The new family of WildPackets Network Analysis and Recorder appliances gives IT organizations powerful and precise analysis of
high-speed networks in an affordable solution with half the hardware footprint of rival offerings.
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
Powerful
‒ Fastest network recorder in its class! Captures traffic up to 20Gbps of real-world traffic (all size packet distribution)
‒ Scales up to 128 TB of storage ‒ Provides simultaneous real-time analysis and a comprehensive Forensic
Search that rapidly searches through terabytes of captured traffic for the details relevant to an investigation
Precise ‒ Captures complete network traffic, so you can analyze everything, not just
samples or high-level statistics ‒ Doesn’t drop packets or sacrifice accuracy for speed ‒ Supports rich, detailed analysis, including VoIP and video-over-IP traffic
Affordable ‒ Delivers outstanding price/performance (lower price; half the rack space) ‒ Allows mix of 1G/10G/40G interfaces without buying extra appliances ‒ Solutions start at $16,995
Your network is bigger and faster. Now your analysis solution is, too.
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
Omnipliance TL Industry Leading Network Analysis and Recorder Appliance
• Sets a new standard in capture-to-disk speeds ‒ 20Gbps sustained capture to disk rate with zero packet drop
• Best price/performance Network Analysis Appliance in the market ‒ 20Gbps with only one Omnipliance TL + OmniStorage ‒ Consuming less rack space, less cooling, less electrical power
• Most flexible network interface offering ‒ 1G/10G/40G interfaces supported in a single unit eliminates
additional unit requirement
• Most accurate real-time analytics ‒ Packet-based processing and analysis vs. inaccurate sample-
based calculation
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
WildPackets Network Analysis Recorder Appliances Price/Performance Solutions for Every Application
Portable Omnipliance CX Omnipliance MX Omnipliance TL
Ruggedized Troubleshooting
Less Demanding Networks Remote Offices
Datacenter Workhorse Easily Expandable
Enterprise, Highly-Utilized Networks
Aluminum chassis / 17” LCD 1U rack mountable chassis 3U rack mountable chassis 3U rack mountable chassis
24GB RAM 16GB RAM 32GB RAM 64GB RAM
2 PCI-E Slots 2 PCI-E Slots 4 PCI-E Slots 4 PCI-E Slots
2 Built-in Ethernet Ports 2 Built-in Ethernet Ports 2 Built-in Ethernet Ports 2 Built-in Ethernet Ports
6TB Storage 4/8/16TB Storage 16/32TB Storage 32/48/64TB Storage Optional OmniStorage: 32/48/64TB Up to 128TB total Storage
OmniAdapter 1G and 10G OmniAdapter 1G/10G MX OmniAdapter 1G/10G MX OmniAdapter 1G/10G/40G
6.5Gbps CTD 3.8Gbps CTD 8.8Gbps CTD 20Gbps CTD with OmniStorage
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
WatchPoint Centralized Monitoring for Distributed Enterprise Networks
• High-level, aggregated view of all network segments
– Monitor per campus, per region, per country
• Wide range of network data
– NetFlow, sFlow, OmniFlow • Web-based, customizable
network dashboards • Flexible detailed reports • Direct link to detailed,
packet-based analysis
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
Comprehensive Support and Services Standard Support Maintenance and upgrades Telephone and email contacts Knowledgebase MyPeek Portal
Premier Support 24 x 7 x 365 Dedicated escalation manager 2 customer contacts per site Plug-in reconfiguration assistance
WildPackets Training Academy Public, web-based, and on-site classes Complete curriculum: technology and product focused Practical applications and labs covering network analysis,
wireless, VoIP monitoring and advanced troubleshooting
Consulting and Custom Development Services Deployment, configuration, and assessment engagement Systems integration and testing Application integration, driver, decode, interface development
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
WildPackets Key Differentiators • Visual Expert intelligence with intuitive drill-down
– Let computer do the hard work, and return results, real-time – Packet /payload visualization is faster than packet-per-packet diagnostics – Experts and analytics can be memorized and automated
• Automated capture analytics – Filters, triggers, scripting, and advanced alarming system combine to provide
automated network problem detection 24x7 • Multiple issue network forensics
– Can be tracked by one or more people simultaneously – Real-time or post capture
• User-extensible platform – Plug-in architecture and SDK
• Aggregated network views and reporting – NetFlow, sFlow, and OmniFlow
© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance
24x7 Network Monitoring, Analysis, and Troubleshooting
www.wildpackets.com © WildPackets, Inc. Copyright 2014 – All rights reserved
Thank You!
WildPackets, Inc. 1340 Treat Boulevard, Suite 500 Walnut Creek, CA 94597 (925) 937-3200