End To End Service Management With Operations Manager 2007
Observe It Presentation
1. ObserveIT – Record & Replay Terminal, Citrix and Console Sessions January 2010
2. The Company in a Nutshell Founded in 2006 Focused exclusively on People-Auditing software products First GA product release – 2007 Current product version - v5.0 Global Presence Partners in 5 Continents Official Distributor in Malaysia Comwise Internetwork SdnBhd 78A, JalanRenang 13/26 Section 13, 40100 Shah Alam, Selangor. Contact : Mr TS Teh – 019-263 7311 tsteh@comwise.com.my Kent Ng - 019-325 3248 kentng@comwise.com.my
3. Our Product in a Nutshell Record and Replay of user sessions Like a ‘security camera’ on your servers Software-based solution Playback any Remote Desktop, Citrix, VMWare or any other remote access session Fast search and navigation to find user actions, without lengthy playback
4. Hundreds of Enterprise Customers Financial IT Services Education/Gov’t/Healthcare Manufacturing Telecommunications
15. Defeat the ‘Oops’ factor Who accessed the salaries spreadsheet in the past 24 hours? And what did they do? Without ObserveIT With ObserveIT Check the file system logs Check the HR app audit Check the finance dept. audit Check admin support app log Unified reporting of all user activity on the HR spreadsheet I wonder if there are other access points? Instant playback of exact user actions ?? ?? ?? ??
26. Defeat the ‘Oops’ factor Why use ObserveIT ? What did SupportCorp do on our servers yesterday? Are they responsible for the data deletion event? Without ObserveIT With ObserveIT Find the exact user session I have no idea…… Finger pointing accusations Lengthy SLA review Session playback eliminates any doubt Is there anywhere we can find this information? ?? ?? ??
37. Defeat the ‘Oops’ factor Why is our server broken? And how can I fix it? Without ObserveIT With ObserveIT Check the event log Check the database log Immediate identification of cause of outage Check the registry Check the network cable Attention all admins: Who touched this server?!?%!? ?? ??
38. Video Replay of User Sessions Clicking on video icon launches the video replay (see next slide) ObserveIT lists every user session Jump straight to the precise action. Replay only what you’re interested in. Within each session, details of every action taken
39. Video Replay of User Sessions See an exact video playback of the entire user session (including mouse movements, selection of UI elements and text entry) Navigate quickly within the recording (including jumping between each activity, as the user launches a new app or opens a new window)
71. ObserveIT requires username identification prior to granting access to system Active Directory used for authentication
72. Each session is now tagged with an actual name Login userid: administrator Actual user: daniel
73. Real Time Playback “On Air” icon shows that a session is currently active
74. Video replay of session is launched in Real-Time mode, with continuous updates until the session ends Video replay of session is launched in Real-Time mode, with continuous updates until the session ends
76. Small Footprint Ultra-efficient data storage Less than 250GB/year for high-usage, 1000 server environment Minimal Agent CPU utilization 0% CPU when no console active 1%-2% CPU, 10 MB RAM during session
77. Integration with System Monitors Instant-replay from within your network management environment Microsoft SCOM, CA-Unicenter, IBM Tivoli, HP OpenView Real-time alerts On file access/deletion, Network share, Registry edit , RDP open connection, URL access etc. ObserveIT alert in CA-Unicenter ObserveIT alert in MS SCOM Trigger automatic email alert delivery Click on alert to see ObserveIT video playback
78. Pervasive User Permissions Granular permissions / access control Define rules for each user Specify which sessions the user may playback Permission-based filtering affects all content access Reports Searching Video playback Metadata browsing Access to ObserveIT Web Console is also audited ObserveIT audits itself Satisfies regulatory compliance requirements
79. System Components Agent Corporate Server HTTP Traffic (by default -TCP 4884) SQL Traffic (by default -TCP 1433) Agent Switch Application Server Web Console using IIS on Windows Server 2003/2008 Database Server using MS SQL Server 2000/2005 on Windows Server 2003/2008 Corporate Server How it Works Each monitored desktop or server runs the ObserveIT Agent The Agent encrypts information about user activity and sends it to the Application Server Application Server analyzes data and stores it in the Database Server Web Management Console is a web-based interface for searching and reporting on captured user activity HTTP Agent ObserveIT Admin using a Web Browser Corporate Desktop
80. Deployment Architecture:Remote Access Gateway (Agent-less Servers) Published Applications Putty.exe RDP Traffic VPNTraffic Corporate Servers (No Agent installed) VPN ICATraffic Corporate Servers (No Agent installed) Terminal or Citrix Server with ObserveIT Agent Win2008 TS Gateway RDP over SSL Traffic Telnet/SSHTraffic Corporate Servers (No Agent installed) App Server Web Console DB Server