Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
© SecurActive 2013WHAT’S NEW IN VERSION2.15?
© SecurActive 2013 2PERFORMANCE VISION VERSION 2.15Http Application PerformanceBCNWorkflowNetwork AnalysisConfiguration & ...
© SecurActive 2013 3HTTP APPLICATION PERFORMANCE
© SecurActive 2013 4HTTP APPLICATION PERFORMANCE500 - Internal Server Error,ServiceTemporarilyUnavailable Deal with End U...
© SecurActive 2013HTTPAPPLICATIONPERFORMANCE Response Status Code over Time Response Times & Volumetry over Time Flows ...
© SecurActive 2013 6HTTP STATUSResponse Status Code over Time
© SecurActive 2013 7ARE THERE ERRORS?
© SecurActive 2013 8ARE THERE ERRORS?
© SecurActive 2013 9WHAT CAUSED THE ERRORS?Hits Performance & InspectionOne-click Drilldown
© SecurActive 2013 10WHAT CAUSED THE ERRORS?Look at what happened: Who is impacted (Client or Servers)? What are the rel...
© SecurActive 2013 11PERFORMANCE OVER TIMEResponse Times & Volumetry over Time
© SecurActive 2013 12ARE THERE SLOW DOWNS?Check Performance over time for: Average Page Load Time Average Hit Response T...
© SecurActive 2013 13#HOW MANY RESOURCES ARE PROCESSED?Evolution over time: Number of Hits Number of Pages Number of Hi...
© SecurActive 2013 14HTTP TOPSServer IPClient IPHostUser AgentGroup HTTP Flows by:
© SecurActive 2013 15WHAT ARE THE SLOWEST PAGES?
© SecurActive 2013 16INTEREST OF STANDARD DEVIATION?119119119119119024681012141618201 2 3 4 5 6 7 8 9 10182182182182182024...
© SecurActive 2013 17PAGE LEVEL ANALYSISWeb Pages Performance & Timeline Chart
© SecurActive 2013 18WHAT ARE THE SLOWEST PAGES?Check performance indicators on: Number of Elements composing a page Pag...
© SecurActive 2013 19SEE ISSUES AT A GLANCE: TIMELINE CHART
© SecurActive 2013FULLQUERY /RESPONSERETENTIONInspection details of transaction: Client Query Server Response20
© SecurActive 2013FULLQUERY /RESPONSERETENTIONInspection details of transaction: Client Query Server Response21
© SecurActive 2013 22HIT LEVEL ANALYSISHTTP Hits Performance Analysis
© SecurActive 2013 23LIST OF HTTP HITSDetailed list of HTTP hits: Data Transfer Time Server Response Time Payload User...
© SecurActive 2013 24HTTP SPECIFIC FILTERSRefine your search with HTTP analysis dedicated Filters Method GET, HEAD, POST…...
© SecurActive 2013 25HTTP ANALYSIS FOR NPS/APSNPSAPS Flow metrics for both NPS & APS HTTP Performance for APS Only
© SecurActive 2013 26FORMER WEB BROWSING Marked as Deprecated Works like beforeShould be Removed in an Upcoming Version
© SecurActive 2013 27BCN WORKFLOW
Updated for drilldownNew© SecurActive 2013 28BCN WORKFLOWBCN Workflow with Easy Drilldown
© SecurActive 2013 29BUSINESS CRITICAL NETWORK DRILLDOWNV2.12 V2.15 Link to Performance from the first zone to the second...
© SecurActive 2013 30SOURCE/DESTINATION PERFORMANCEDisplay Source/Destination performance over time: Data Transfer Time (...
© SecurActive 2013 31ORIENTED FLOW DETAILDisplay more Information on Source/Destination flows:OS Fingerprint, MAC Addresse...
© SecurActive 2013 32SOURCE/DESTINATION ADVANCED FILTERSV2.12 V2.15Source/Destination Advanced Filters have been Completed...
© SecurActive 2013 33NETWORK ANALYSIS
© SecurActive 2013 34NETWORK ANALYSISNewUpdated
© SecurActive 2013CHECKQOS CLASS35DiffServ FieldClient/ServerSource/Destination
© SecurActive 2013 36DISPLAY MAC ADDRESSESMAC AddressesClient/ServerSource/Destination
© SecurActive 2013 37OPERATING SYSTEM FINGERPRINTINGOS FingerprintingClient/ServerSource/DestinationFor TCP Only!
© SecurActive 2013 38ETHERNET PROTOCOL / MAC VENDOR Improved Display of Ethernet Protocol Improved Display of MAC Addres...
© SecurActive 2013 39CONFIGURATION & USABILITY
© SecurActive 2013 40BETTER PERFORMANCEBetter performance for: Network Sniffing Data Dumping
© SecurActive 2013 41IMPROVED SRT & DTT COMPUTATIONIn presence of lost TCP segments,more accurate: Server Response Time (...
© SecurActive 2013 42ZONE RULES CHECKERFind the first Matching Rule for a Zone.
© SecurActive 2013 43HTTP PERFORMANCE ANALYSIS CONFIGURATIONFor performance reasons it is recommended to RestrictHTTP perf...
© SecurActive 2013 44HTTP PERFORMANCE ANALYSIS IMPACTHTTP performance analysis Impacts: System workloadCheck CPU, RAM, Di...
© SecurActive 2013HTTP PORTSIGNATURES45By default, HTTP performance analysis is performedon these ports. Add more ports t...
© SecurActive 2013 46AUTOPCAP CONFIGURATIONFor Performance Reasons it is Recommended to RestrictAutoPCAP File Generation o...
© SecurActive 2013 47CUSTOM FILTERS (BETA)Available fields: app, capture.begin, capture.end, device, diffserv, diffser...
© SecurActive 2013 48BCN WITH < 1 MIBPS LINKS Business Critical Networks now supportslinks which available bandwidth is <...
© SecurActive 2013 49DATA MERGINGConfigure when to merge Data
© SecurActive 2013DATAMERGING50Increasing levels can generate huge performance issues.In case of slowdowns, consider reduc...
BeginTime EndTime Zone IP Payload EURT08:00 08:01 Internet 76.20.80.201 10 MB 100 ms08:05 08:06 Internet 76.20.80.201 3 MB...
© SecurActive 2013 52APPLICATIVE LOGSKeep track of events
© SecurActive 2013 53APPLICATIVE LOGSKeep track of events on the probe. Up to 7 days for internal processes Up to 31 day...
© SecurActive 2013 54ADVANCED SNIFFER CONFIGURATIONAdvanced Sniffer Configuration
© SecurActive 2013 55ADVANCED SNIFFER CONFIGURATIONFine-tuning of the Sniffer’s parameters
© SecurActive 2013SETTHE MTUOF A POLLER56Set the MTU of a Poller. It is a per poller setting Default is 1800 Over 9000 ...
© SecurActive 2013SNIFFER’SCAPTURELENGTH57Defines the “Capture Length” used by the sniffer to analyze the traffic For bes...
© SecurActive 2013 58UPDATE LOGUpgrade logs have now their own file: log nova/install.log
© SecurActive 2013 59DEFAULT SCREENNew welcome screen during: Updates Services turned Off
© SecurActive 2013 Version 2.15 User Guide Release NotesDOCUMENTATIONUPDATE60Documentation update: One-click access in...
© SecurActive 2013 61VERSION 2.15 IMPACTSImpacts on existing metrics: SRT, DTT, EURT… Main Impacts compared to 2.12: Da...
© SecurActive 2013 62REBOOT AFTER UPDATEAfter the update is completed
© SecurActive 2013 63YOU’RE READY TO GO, ENJOY!
What’s Newin Version2.15?© SecurActive 2013THANK YOU!64For any Questionsales@securactive.netsupport@securactive.netFollow ...
Nächste SlideShare
Wird geladen in …5
×

Performance vision Version 2.15 news

467 Aufrufe

Veröffentlicht am

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Performance vision Version 2.15 news

  1. 1. © SecurActive 2013WHAT’S NEW IN VERSION2.15?
  2. 2. © SecurActive 2013 2PERFORMANCE VISION VERSION 2.15Http Application PerformanceBCNWorkflowNetwork AnalysisConfiguration & Usability
  3. 3. © SecurActive 2013 3HTTP APPLICATION PERFORMANCE
  4. 4. © SecurActive 2013 4HTTP APPLICATION PERFORMANCE500 - Internal Server Error,ServiceTemporarilyUnavailable Deal with End User complaints Track Page / Hit load time Identify Slow / Faulty transactions
  5. 5. © SecurActive 2013HTTPAPPLICATIONPERFORMANCE Response Status Code over Time Response Times & Volumetry over Time Flows grouped by Server IP Flows grouped by Client IP Flows grouped by Host Flows grouped by User Agent Web Pages Performance & Timeline Chart Hits Performance & Inspection5
  6. 6. © SecurActive 2013 6HTTP STATUSResponse Status Code over Time
  7. 7. © SecurActive 2013 7ARE THERE ERRORS?
  8. 8. © SecurActive 2013 8ARE THERE ERRORS?
  9. 9. © SecurActive 2013 9WHAT CAUSED THE ERRORS?Hits Performance & InspectionOne-click Drilldown
  10. 10. © SecurActive 2013 10WHAT CAUSED THE ERRORS?Look at what happened: Who is impacted (Client or Servers)? What are the related resources?
  11. 11. © SecurActive 2013 11PERFORMANCE OVER TIMEResponse Times & Volumetry over Time
  12. 12. © SecurActive 2013 12ARE THERE SLOW DOWNS?Check Performance over time for: Average Page Load Time Average Hit Response Time
  13. 13. © SecurActive 2013 13#HOW MANY RESOURCES ARE PROCESSED?Evolution over time: Number of Hits Number of Pages Number of Hits in Error (4xx & 5xx)
  14. 14. © SecurActive 2013 14HTTP TOPSServer IPClient IPHostUser AgentGroup HTTP Flows by:
  15. 15. © SecurActive 2013 15WHAT ARE THE SLOWEST PAGES?
  16. 16. © SecurActive 2013 16INTEREST OF STANDARD DEVIATION?119119119119119024681012141618201 2 3 4 5 6 7 8 9 10182182182182182024681012141618201 2 3 4 5 6 7 8 9 10Page Load Average: 10Standard Deviation: 1Page Load Average: 10Standard Deviation: 8
  17. 17. © SecurActive 2013 17PAGE LEVEL ANALYSISWeb Pages Performance & Timeline Chart
  18. 18. © SecurActive 2013 18WHAT ARE THE SLOWEST PAGES?Check performance indicators on: Number of Elements composing a page Page Load Time Response Payload
  19. 19. © SecurActive 2013 19SEE ISSUES AT A GLANCE: TIMELINE CHART
  20. 20. © SecurActive 2013FULLQUERY /RESPONSERETENTIONInspection details of transaction: Client Query Server Response20
  21. 21. © SecurActive 2013FULLQUERY /RESPONSERETENTIONInspection details of transaction: Client Query Server Response21
  22. 22. © SecurActive 2013 22HIT LEVEL ANALYSISHTTP Hits Performance Analysis
  23. 23. © SecurActive 2013 23LIST OF HTTP HITSDetailed list of HTTP hits: Data Transfer Time Server Response Time Payload UserAgent, Method, Status, Category, Flags,URL
  24. 24. © SecurActive 2013 24HTTP SPECIFIC FILTERSRefine your search with HTTP analysis dedicated Filters Method GET, HEAD, POST… Status Success, Redirection, Error… Host www.google.fr, pypi.rd.securactive.lan URL Path /application1*, /intranet*/*app*… User Agent Mozilla*, *Gecko*, *MSIE*… Server Software Apache*, *nginx*, AmazonS3*… HTTP Category HTML, Scripts, Style…Be careful when using regular expressions,it can be Highly resource consuming
  25. 25. © SecurActive 2013 25HTTP ANALYSIS FOR NPS/APSNPSAPS Flow metrics for both NPS & APS HTTP Performance for APS Only
  26. 26. © SecurActive 2013 26FORMER WEB BROWSING Marked as Deprecated Works like beforeShould be Removed in an Upcoming Version
  27. 27. © SecurActive 2013 27BCN WORKFLOW
  28. 28. Updated for drilldownNew© SecurActive 2013 28BCN WORKFLOWBCN Workflow with Easy Drilldown
  29. 29. © SecurActive 2013 29BUSINESS CRITICAL NETWORK DRILLDOWNV2.12 V2.15 Link to Performance from the first zone to the second zone Link to the Bandwidth chart between the two zones Link to Oriented Conversations from the first zone to the second zone Link to BCN Edition Link to the Bandwidth chart between the two zones
  30. 30. © SecurActive 2013 30SOURCE/DESTINATION PERFORMANCEDisplay Source/Destination performance over time: Data Transfer Time (DTT), Network Latency (RTT)Retransmission Delay (RD) Retransmission Rate (RR) Number of Packets
  31. 31. © SecurActive 2013 31ORIENTED FLOW DETAILDisplay more Information on Source/Destination flows:OS Fingerprint, MAC Addresses, Port, QoS Field…
  32. 32. © SecurActive 2013 32SOURCE/DESTINATION ADVANCED FILTERSV2.12 V2.15Source/Destination Advanced Filters have been Completed.They now Work like in Client/Server Mode.
  33. 33. © SecurActive 2013 33NETWORK ANALYSIS
  34. 34. © SecurActive 2013 34NETWORK ANALYSISNewUpdated
  35. 35. © SecurActive 2013CHECKQOS CLASS35DiffServ FieldClient/ServerSource/Destination
  36. 36. © SecurActive 2013 36DISPLAY MAC ADDRESSESMAC AddressesClient/ServerSource/Destination
  37. 37. © SecurActive 2013 37OPERATING SYSTEM FINGERPRINTINGOS FingerprintingClient/ServerSource/DestinationFor TCP Only!
  38. 38. © SecurActive 2013 38ETHERNET PROTOCOL / MAC VENDOR Improved Display of Ethernet Protocol Improved Display of MAC Address Vendor
  39. 39. © SecurActive 2013 39CONFIGURATION & USABILITY
  40. 40. © SecurActive 2013 40BETTER PERFORMANCEBetter performance for: Network Sniffing Data Dumping
  41. 41. © SecurActive 2013 41IMPROVED SRT & DTT COMPUTATIONIn presence of lost TCP segments,more accurate: Server Response Time (SRT) Data Transfer Time (DTT)
  42. 42. © SecurActive 2013 42ZONE RULES CHECKERFind the first Matching Rule for a Zone.
  43. 43. © SecurActive 2013 43HTTP PERFORMANCE ANALYSIS CONFIGURATIONFor performance reasons it is recommended to RestrictHTTP performance analysis only to appropriate traffic. Select Zones on which HTTP performanceanalysis will be performed, by default: None! Child zones will be automatically selected.
  44. 44. © SecurActive 2013 44HTTP PERFORMANCE ANALYSIS IMPACTHTTP performance analysis Impacts: System workloadCheck CPU, RAM, Disk… Database workloadCheck License limit (Virtual appliances)
  45. 45. © SecurActive 2013HTTP PORTSIGNATURES45By default, HTTP performance analysis is performedon these ports. Add more ports to Extend analysis scope, This is Global parameter (for all selected zones).The more ports are added,the more CPU power is required!
  46. 46. © SecurActive 2013 46AUTOPCAP CONFIGURATIONFor Performance Reasons it is Recommended to RestrictAutoPCAP File Generation only to Appropriate Traffic. Select Zones on which AutoPCAP files will becaptured and generated. Child Zones will be Automatically Selected.
  47. 47. © SecurActive 2013 47CUSTOM FILTERS (BETA)Available fields: app, capture.begin, capture.end, device, diffserv, diffserv.clt, diffserv.srv, domain, ip, ip.clt, ip.dst, ip.src, ip.srv, mac, mac.clt, mac.dst, mac.src, mac.srv, os, os.clt, os.srv, port.srv, proto, vlan, zone, zone.clt, zone.dst, zone.src, zone.srv Combine filters with logical operators: (or, and, not) Order sub expressions using ParenthesesExamples: (ip=10.10.*.* or ip.srv=10.20.30.*) and os.clt=‘linux’ zone in ‘/Private/Servers’ or port.srv < 1024 (proto=udp and port.srv=53) or zone in ‘/Private/DNS’ domain=‘~^www.google.(fr|com)$’ app=’http’ or app=’https’
  48. 48. © SecurActive 2013 48BCN WITH < 1 MIBPS LINKS Business Critical Networks now supportslinks which available bandwidth is < 1 Mibps
  49. 49. © SecurActive 2013 49DATA MERGINGConfigure when to merge Data
  50. 50. © SecurActive 2013DATAMERGING50Increasing levels can generate huge performance issues.In case of slowdowns, consider reducing merging levels. Configure Merging Level
  51. 51. BeginTime EndTime Zone IP Payload EURT08:00 08:01 Internet 76.20.80.201 10 MB 100 ms08:05 08:06 Internet 76.20.80.201 3 MB 200 ms08:10 08:11 Internet 183.28.100.2 6 MB 150 ms08:10 08:11 Internet 76.20.80.201 3 MB 200 ms08:12 08:14 Lan/Server 192.168.100.8 5 MB 10 ms Example© SecurActive 2013DATAMERGING51BeginTime EndTime Zone IP Payload EURT08:00 08:11:00 Internet 76.20.80.201 16 MB 166 ms08:10 08:11:00 Internet 183.28.100.2 6 MB 150 ms08:12 08:14 Lan/Server 192.168.100.8 5 MB 10 msBeginTime EndTime Zone IP Payload EURT08:00 08:11:00 Internet - 22 MB 158 ms08:12 08:14 Lan/Server 192.168.100.8 5 MB 10 ms Data Aggregation Data Merging
  52. 52. © SecurActive 2013 52APPLICATIVE LOGSKeep track of events
  53. 53. © SecurActive 2013 53APPLICATIVE LOGSKeep track of events on the probe. Up to 7 days for internal processes Up to 31 days for other events (ex: Errors)
  54. 54. © SecurActive 2013 54ADVANCED SNIFFER CONFIGURATIONAdvanced Sniffer Configuration
  55. 55. © SecurActive 2013 55ADVANCED SNIFFER CONFIGURATIONFine-tuning of the Sniffer’s parameters
  56. 56. © SecurActive 2013SETTHE MTUOF A POLLER56Set the MTU of a Poller. It is a per poller setting Default is 1800 Over 9000 is not recommended Reboot is required!MTU
  57. 57. © SecurActive 2013SNIFFER’SCAPTURELENGTH57Defines the “Capture Length” used by the sniffer to analyze the traffic For best accuracy it should be Equal to the highest poller’s MTU. However high values are highly CPU Consuming Smaller values will Save CPU processing power. Sniffer Restart is required!CAPTURE LENGTH
  58. 58. © SecurActive 2013 58UPDATE LOGUpgrade logs have now their own file: log nova/install.log
  59. 59. © SecurActive 2013 59DEFAULT SCREENNew welcome screen during: Updates Services turned Off
  60. 60. © SecurActive 2013 Version 2.15 User Guide Release NotesDOCUMENTATIONUPDATE60Documentation update: One-click access in the interface Available on SecurActive web site User guide and release noteshttp://www.securactive.net/en/resource-library/usersguide
  61. 61. © SecurActive 2013 61VERSION 2.15 IMPACTSImpacts on existing metrics: SRT, DTT, EURT… Main Impacts compared to 2.12: Database MigrationTime: Small Metrics Impact on database is small. Update should take few minutes.
  62. 62. © SecurActive 2013 62REBOOT AFTER UPDATEAfter the update is completed
  63. 63. © SecurActive 2013 63YOU’RE READY TO GO, ENJOY!
  64. 64. What’s Newin Version2.15?© SecurActive 2013THANK YOU!64For any Questionsales@securactive.netsupport@securactive.netFollow Us on@SecurActivePVwww.securactive.netblog.securactive.net

×