Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
WHAT’S NEW 
IN VERSION 3.2? 
© SecurActive 2014
PERFORMANCE VISION VERSION 3.2 
CIFS Transaction Analysis 
New Features & Improvements 
© SecurActive 2014
Performance 
Vision 3.2 
CIFS/SMB 
TRANSACTION ANALYSIS 
© SecurActive 2014
CIFS TRANSACTION ANALYSIS: USER BENEFITS 
Monitor CIFS/SMB Performance 
Troubleshoot File Sharing Issues 
Access Rights De...
IN-DEPTH CIFS/SMB PERFORMANCE ANALYSIS 
© SecurActive 2014 
CIFS/SMB in APS 
Supported CIFS/SMB versions 
 SMB 1.0 
 SMB...
CIFS OVERVIEW 
Overview of CIFS Commands 
© SecurActive 2014 6
OVERVIEW OF CIFS COMMANDS 
Display CIFS Overview per Command type: 
 Number of Queries 
 Number of Errors and Warnings 
...
CIFS PERFORMANCE 
Performance of CIFS Queries over Time 
© SecurActive 2014 8
PERFORMANCE OF CIFS QUERIES OVER TIME 
Display CIFS Performance metrics over time: 
 Data Transfer Time and Server Respon...
CIFS CLIENTS 
CIFS Most Active Clients 
© SecurActive 2014 10
CIFS MOST ACTIVE CLIENTS 
Display CIFS metrics for the most active clients: 
 Client IP 
 Number of Queries, Errors and ...
CIFS SERVERS 
CIFS Most Active Servers 
© SecurActive 2014 12
CIFS MOST ACTIVE SERVERS 
Display CIFS metrics for the most active servers: 
 Server IP 
 Number of Queries, Errors and ...
CIFS FILES 
CIFS Most Active Files 
© SecurActive 2014 14
CIFS TOP FILES 
Display queries aggregated by Files: 
 File Path 
 Number of Queries, Errors and Warnings 
 Performance...
CIFS TREES 
CIFS Most Active Trees 
© SecurActive 2014 16
CIFS TOP TREES 
Display queries aggregated by Trees: 
 Tree Path 
 Number of Queries, Errors and Warnings 
 Performance...
DIFFERENCE BETWEEN TREE AND FILE 
© SecurActive 2014 
Tree (Mount 
Point) 
 WINSHARE  
DATA 
 WINSHARE  USR 
File 
 Privat...
CIFS USERS 
CIFS Most Active Users 
© SecurActive 2014 19
CIFS TOP USERS 
Display queries aggregated by Users: 
 Username 
 Number of Queries, Errors and Warnings 
 Performance ...
USER NOT ALWAYS AVAILABLE? 
© SecurActive 2014 
Why is the User not always available? 
 Secured authentication (Kerberos)...
CIFS QUERIES 
List of CIFS Queries 
© SecurActive 2014 22
CIFS QUERIES 
Available CIFS Data 
© SecurActive 2014 
 Command, Subcommand and Status 
 File ID and Path 
 Number of Q...
CIFS RAW DATA 
Details of all CIFS Transactions 
© SecurActive 2014 24
CIFS RAW DATA: TRUE ROOT CAUSE ANALYSIS 
© SecurActive 2014 
CIFS transactions without any grouping 
 Useful for advanced...
USER FRIENDLY ROOT CAUSE ANALYSIS 
© SecurActive 2014 
User-friendly interface 
 Color highlighting for readability 
 On...
CIFS DEDICATED FILTERS 
© SecurActive 2014 
Dedicated CIFS filters: 
Refine search for specific issues 
Search results by:...
SEARCH FOR SPECIFIC CIFS ELEMENTS 
CIFS Commands, Statuses and Subcommands organized into Categories 
Type text to automat...
EASY DRILL-DOWN 
 One click to see Performance over time for these CIFS Transactions 
 One click drill-down to CIFS Quer...
FOR POWER USERS: CUSTOM FILTERS FOR CIFS 
© SecurActive 2014 
Custom Filters for CIFS 
 Used to build advanced queries 
...
FAST ANALYSIS: CIFS COMMON STATUSES 
© SecurActive 2014 
Common Statuses for CIFS: 
 STATUS_NO_SUCH_FILE, 
 STATUS_NO_SU...
ACTIVATION: CONFIGURE CIFS ANALYSIS 
Configuration > Zones 
 Activate CIFS transaction analysis 
© SecurActive 2014 
for ...
IMPACT: CIFS ANALYSIS WORKLOAD 
© SecurActive 2014 
Configuration > Database Workload 
 Check impact of CIFS analysis on ...
PERFORMANCE SAVING: CIFS DATA MERGING 
Datatype Zone Merging level Degraded metrics 
© SecurActive 2014 
Configuration > D...
CORRELATION BETWEEN 
NETWORK ISSUES AND CIFS TRANSACTIONS 
© SecurActive 2014 
CIFS
ONE CLICK SWITCH: 
FROM TCP FLOWS TO CIFS TRANSACTIONS 
© SecurActive 2014 
DNS 
HTTP 
SQL 
ICMP 
Flows 
CIFS 
Already in ...
ONE CLICK SWITCH: 
FROM CIFS TRANSACTIONS TO TCP FLOWS 
Switch from CIFS Transactions to TCP Flows 
 From CIFS Queries to...
CIFS DOCUMENTATION 
User Guide update 
 CIFS Analysis 
 CIFS Status Categories (appendix) 
© SecurActive 2014
Performance 
Vision 3.2 
NEW FEATURES 
& IMPROVEMENTS 
© SecurActive 2014
LDAP INTEGRATION 
© SecurActive 2014 
LDAP Integration 
 Requires anonymous 
authorization
SORT BCN BY CRITICALITY 
BCN can be sorted by criticality level 
 BCN with most alerting events are shown first 
 One Re...
#REQUESTS FOR DNS PAGES 
© SecurActive 2014 
For all DNS pages: 
 Add #Requests: Number of DRT 
 DRT: DNS Response Time
DNS TROUBLESHOOTING 
© SecurActive 2014 
For DNS Troubleshooting: 
 Add new Custom Filters 
 Bandwidth, Packets, IPs 
3....
ONE CLICK @ SWITCHING 
New button to switch client/server values: 
 Zones, IP Addresses and MAC Addresses 
© SecurActive ...
HINTS FOR « NO RESULTS » 
Hints added: 
 When search requests return “No results” 
 Data could be merged 
 Metric could...
HTTP DATA MERGING 
© SecurActive 2014 
3.0 
3.2 
For HTTP Transactions: 
 Added a new data merging level
DATABASE PERFORMANCE IMPROVEMENTS 
Better usage of query multithreading: 
 Response times up to 20% faster 
 Example: BC...
BETTER HANDLING OF BUFFERED TCP PACKETS 
Better handling of buffered TCP packets 
 Potential impact on DTT / EURT metrics...
SHELLSHOCK SECURITY UPDATE 
© SecurActive 2014 
Bash security update for 
 Shellshock vulnerability 
http://en.wikipedia....
VERSION 3.2: IMPACTS SUMMARY 
Migration time is low 
 Update should take few minutes depending on 
database size 
 Check...
SOMETHING BIG IS COMING 
© SecurActive 2014 
 Q1 2015 Technical Update 
 TBD 2015 Something BIG is coming
REBOOT AFTER UPDATE 
After the upgrade is completed 
© SecurActive 2014
YOU'RE READY TO GO, ENJOY VERSION 3.2! 
© SecurActive 2014
What’s New 
in Version 
3.2? 
For any Question 
sales@securactive.net 
support@securactive.net 
THANK YOU! 
Follow Us on 
...
Nächste SlideShare
Wird geladen in …5
×

What's new in Performance vision version 3.2

653 Aufrufe

Veröffentlicht am

Discover Performance Vision version 3.2 new features and especially its capabilities for performance diagnostic / troubleshooting for Microsft file storage & transfer (CIFS / SMB)

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

What's new in Performance vision version 3.2

  1. 1. WHAT’S NEW IN VERSION 3.2? © SecurActive 2014
  2. 2. PERFORMANCE VISION VERSION 3.2 CIFS Transaction Analysis New Features & Improvements © SecurActive 2014
  3. 3. Performance Vision 3.2 CIFS/SMB TRANSACTION ANALYSIS © SecurActive 2014
  4. 4. CIFS TRANSACTION ANALYSIS: USER BENEFITS Monitor CIFS/SMB Performance Troubleshoot File Sharing Issues Access Rights Deleted or Corrupted Files Insufficient Resources All Errors and Warnings © SecurActive 2014 Identify Slow Transactions Correlate File Sharing Problems with Network Performance Issues
  5. 5. IN-DEPTH CIFS/SMB PERFORMANCE ANALYSIS © SecurActive 2014 CIFS/SMB in APS Supported CIFS/SMB versions  SMB 1.0  SMB 2.0  SMB 3.0 (no encryption)
  6. 6. CIFS OVERVIEW Overview of CIFS Commands © SecurActive 2014 6
  7. 7. OVERVIEW OF CIFS COMMANDS Display CIFS Overview per Command type:  Number of Queries  Number of Errors and Warnings  Performance Metrics (SRT, DTT)  Payload and Number of Packets (PDUs) One-click drill down to more details © SecurActive 2014
  8. 8. CIFS PERFORMANCE Performance of CIFS Queries over Time © SecurActive 2014 8
  9. 9. PERFORMANCE OF CIFS QUERIES OVER TIME Display CIFS Performance metrics over time:  Data Transfer Time and Server Response Time  Number of OKs, Warnings and Errors  Payload for Queries, Responses and Metadata One-click drill down to more details © SecurActive 2014
  10. 10. CIFS CLIENTS CIFS Most Active Clients © SecurActive 2014 10
  11. 11. CIFS MOST ACTIVE CLIENTS Display CIFS metrics for the most active clients:  Client IP  Number of Queries, Errors and Warnings  Performance Metrics (SRT, DTT)  Payloads and Number of Packets (PDUs) One-click drill down to queries and errors © SecurActive 2014
  12. 12. CIFS SERVERS CIFS Most Active Servers © SecurActive 2014 12
  13. 13. CIFS MOST ACTIVE SERVERS Display CIFS metrics for the most active servers:  Server IP  Number of Queries, Errors and Warnings  Performance Metrics (SRT, DTT)  Payloads and Number of Packets (PDUs) One-click drill down to queries and errors © SecurActive 2014
  14. 14. CIFS FILES CIFS Most Active Files © SecurActive 2014 14
  15. 15. CIFS TOP FILES Display queries aggregated by Files:  File Path  Number of Queries, Errors and Warnings  Performance Metrics (SRT, DTT)  Payloads and Number of Packets (PDUs) One-click drill down to queries and errors © SecurActive 2014
  16. 16. CIFS TREES CIFS Most Active Trees © SecurActive 2014 16
  17. 17. CIFS TOP TREES Display queries aggregated by Trees:  Tree Path  Number of Queries, Errors and Warnings  Performance Metrics (SRT, DTT)  Payloads and Number of Packets (PDUs) One-click drill down to queries and errors © SecurActive 2014
  18. 18. DIFFERENCE BETWEEN TREE AND FILE © SecurActive 2014 Tree (Mount Point) WINSHARE DATA WINSHARE USR File Private Users UC576 mailbox.pst
  19. 19. CIFS USERS CIFS Most Active Users © SecurActive 2014 19
  20. 20. CIFS TOP USERS Display queries aggregated by Users:  Username  Number of Queries, Errors and Warnings  Performance Metrics (SRT, DTT)  Payloads and Number of Packets (PDUs) One-click drill down to queries and errors © SecurActive 2014
  21. 21. USER NOT ALWAYS AVAILABLE? © SecurActive 2014 Why is the User not always available?  Secured authentication (Kerberos)  Potentially unsupported authentication mechanism  Session initialization has not been captured
  22. 22. CIFS QUERIES List of CIFS Queries © SecurActive 2014 22
  23. 23. CIFS QUERIES Available CIFS Data © SecurActive 2014  Command, Subcommand and Status  File ID and Path  Number of Queries, Errors & Warnings  Performance Metrics (SRT, DTT)  Username  Domain name  Tree ID and Tree name  Data Payload: Reads, Writes  Metadata Payload: Reads, Writes  Number of Packets (PDUs)
  24. 24. CIFS RAW DATA Details of all CIFS Transactions © SecurActive 2014 24
  25. 25. CIFS RAW DATA: TRUE ROOT CAUSE ANALYSIS © SecurActive 2014 CIFS transactions without any grouping  Useful for advanced troubleshooting  Application behavior auditing Queries Raw Data
  26. 26. USER FRIENDLY ROOT CAUSE ANALYSIS © SecurActive 2014 User-friendly interface  Color highlighting for readability  One-click filtering facility  Inline CIFS protocol help  Resizable textboxes
  27. 27. CIFS DEDICATED FILTERS © SecurActive 2014 Dedicated CIFS filters: Refine search for specific issues Search results by:  Port number  Command type  Status name  Path name and File ID  Subcommand type  Tree name and Tree ID  User and Domain
  28. 28. SEARCH FOR SPECIFIC CIFS ELEMENTS CIFS Commands, Statuses and Subcommands organized into Categories Type text to automatically refine the list of available options © SecurActive 2014
  29. 29. EASY DRILL-DOWN  One click to see Performance over time for these CIFS Transactions  One click drill-down to CIFS Queries or Raw data  One click drill-down to Flow Details associated to these Transactions One click drill-down to CIFS Errors or Warnings © SecurActive 2014
  30. 30. FOR POWER USERS: CUSTOM FILTERS FOR CIFS © SecurActive 2014 Custom Filters for CIFS  Used to build advanced queries  See Custom Filters reference in Guide
  31. 31. FAST ANALYSIS: CIFS COMMON STATUSES © SecurActive 2014 Common Statuses for CIFS:  STATUS_NO_SUCH_FILE,  STATUS_NO_SUCH_DEVICE,  STATUS_OBJECT_NAME_NOT_FOUND,  STATUS_OBJECT_PATH_INVALID,  STATUS_OBJECT_PATH_NOT_FOUND,  STATUS_OBJECT_PATH_SYNTAX_BAD,  STATUS_DFS_EXIT_PATH_FOUND,  STATUS_REDIRECTOR_NOT_STARTED,  STATUS_TOO_MANY_OPENED_FILES,  STATUS_ACCESS_DENIED,  STATUS_PORT_CONNECTION_REFUSED,  STATUS_FILE_DELETED,  STATUS_INSUFF_SERVER_RESOURCES,  STATUS_MORE_PROCESSING_REQUIRED,  STATUS_BUFFER_OVERFLOW,  STATUS_WRONG_PASSWORD,  STATUS_NETWORK_ACCESS_DENIED,  STATUS_TOO_MANY_SESSIONS. Common statuses category contains the most common CIFS errors and warnings. cifs.status = "common" Note: We do not consider SMB_STATUS_NO_MORE_FILES as a Warning
  32. 32. ACTIVATION: CONFIGURE CIFS ANALYSIS Configuration > Zones  Activate CIFS transaction analysis © SecurActive 2014 for the zone and its subzones If not needed, do not add print servers to the scope of CIFS analysis.
  33. 33. IMPACT: CIFS ANALYSIS WORKLOAD © SecurActive 2014 Configuration > Database Workload  Check impact of CIFS analysis on workload
  34. 34. PERFORMANCE SAVING: CIFS DATA MERGING Datatype Zone Merging level Degraded metrics © SecurActive 2014 Configuration > Data Merging  Adjust merging levels for more performance or for more details  By default: maximum performance
  35. 35. CORRELATION BETWEEN NETWORK ISSUES AND CIFS TRANSACTIONS © SecurActive 2014 CIFS
  36. 36. ONE CLICK SWITCH: FROM TCP FLOWS TO CIFS TRANSACTIONS © SecurActive 2014 DNS HTTP SQL ICMP Flows CIFS Already in 3.0 Switch from TCP Flows to CIFS Transactions  From TCP Details to CIFS Queries  From TCP Raw Data to CIFS Queries
  37. 37. ONE CLICK SWITCH: FROM CIFS TRANSACTIONS TO TCP FLOWS Switch from CIFS Transactions to TCP Flows  From CIFS Queries to TCP Flow Details  From CIFS Raw Data to TCP Flow Details © SecurActive 2014 CIFS HTTP SQL Flows DNS Already in 3.0
  38. 38. CIFS DOCUMENTATION User Guide update  CIFS Analysis  CIFS Status Categories (appendix) © SecurActive 2014
  39. 39. Performance Vision 3.2 NEW FEATURES & IMPROVEMENTS © SecurActive 2014
  40. 40. LDAP INTEGRATION © SecurActive 2014 LDAP Integration  Requires anonymous authorization
  41. 41. SORT BCN BY CRITICALITY BCN can be sorted by criticality level  BCN with most alerting events are shown first  One Red > Any oranges  One Orange > Any greens Note: For Business Critical Networks only (not yet for BCA) © SecurActive 2014
  42. 42. #REQUESTS FOR DNS PAGES © SecurActive 2014 For all DNS pages:  Add #Requests: Number of DRT  DRT: DNS Response Time
  43. 43. DNS TROUBLESHOOTING © SecurActive 2014 For DNS Troubleshooting:  Add new Custom Filters  Bandwidth, Packets, IPs 3.0 3.2
  44. 44. ONE CLICK @ SWITCHING New button to switch client/server values:  Zones, IP Addresses and MAC Addresses © SecurActive 2014
  45. 45. HINTS FOR « NO RESULTS » Hints added:  When search requests return “No results”  Data could be merged  Metric could be disabled at sniffer level  Metric might not be active on any zone © SecurActive 2014 Examples:
  46. 46. HTTP DATA MERGING © SecurActive 2014 3.0 3.2 For HTTP Transactions:  Added a new data merging level
  47. 47. DATABASE PERFORMANCE IMPROVEMENTS Better usage of query multithreading:  Response times up to 20% faster  Example: BCN computations © SecurActive 2014
  48. 48. BETTER HANDLING OF BUFFERED TCP PACKETS Better handling of buffered TCP packets  Potential impact on DTT / EURT metrics © SecurActive 2014 Note: already included in 3.0.17
  49. 49. SHELLSHOCK SECURITY UPDATE © SecurActive 2014 Bash security update for  Shellshock vulnerability http://en.wikipedia.org/wiki/Shellshock_(software_bug)
  50. 50. VERSION 3.2: IMPACTS SUMMARY Migration time is low  Update should take few minutes depending on database size  Check impact of CIFS performance analysis on  Major impacts compared to 3.0:  Database migration time: low  CIFS performance analysis  Potentially on DTT/EURT © SecurActive 2014 workload & license limits  Potential impact on DTT/EURT metrics
  51. 51. SOMETHING BIG IS COMING © SecurActive 2014  Q1 2015 Technical Update  TBD 2015 Something BIG is coming
  52. 52. REBOOT AFTER UPDATE After the upgrade is completed © SecurActive 2014
  53. 53. YOU'RE READY TO GO, ENJOY VERSION 3.2! © SecurActive 2014
  54. 54. What’s New in Version 3.2? For any Question sales@securactive.net support@securactive.net THANK YOU! Follow Us on @SecurActivePV www.securactive.net blog.securactive.net © SecurActive 2014

×