• Save

Loading…

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

Like this presentation? Why not share!

Observe it

on

  • 830 views

 

Statistics

Views

Total Views
830
Views on SlideShare
828
Embed Views
2

Actions

Likes
0
Downloads
0
Comments
0

2 Embeds 2

https://ucmo.blackboard.com 1
http://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Observe it Observe it Presentation Transcript

    • ObserveIT – Record & Replay Terminal, Citrix and Console Sessions
      info@observeit-sys.com
      January 2010
    • Agenda
      Quick Overview
      Why use ObserveIT
      Competitive Landscape
      Product Feature Demonstrations
      Enterprise-Ready Architecture
      Case Studies
    • The Company in a Nutshell
      Founded in 2006
      Focused exclusively on People-Auditing software products
      First GA product release – 2007
      Current product version - v5.0
      Global Presence
      Partners in 5 Continents
    • Our Product in a Nutshell
      Record and Replay of user sessions
      Like a ‘security camera’ on your servers
      Software-based solution
      Playback Remote Desktop, Citrix, VMWare or any other remote access session
      Fast search and navigation to find user actions, without lengthy playback
    • Hundreds of Enterprise Customers
      Financial
      Telecommunications
      Manufacturing
      Healthcare/Education/Gov’t
      IT Services
    • Agenda
      Quick Overview
      Why use ObserveIT
      Competitive Landscape
      Product Feature Demonstrations
      Enterprise-Ready Architecture
      Case Studies
    • ObserveIT Answers Critical Needs
      Compliance and Security
      Track every access to corporate servers and databases
      Audit people, not just apps
      Total application coverage that grows with your growth
      Bulletproof evidence
      Precise user identification
      Remote Vendor Monitoring
      • Know exactly what 3rd party vendors are doing on your servers
      • Improve security, accountability and policy messaging
      • Transparent SLA and billing validation
      • No more ‘Finger pointing’
      Root-Cause Analysis
      • Know ‘Who did what?’: Answer the question that will really lead to problem resolution
      • Immediate root cause determination
      • Alerts from within Network Monitor Tools
      • Defeat the ‘Oops’ factor
    • ObserveIT Answers Critical Needs
      Compliance and Security
      • Track every access to corporate servers and databases
      • Audit people, not just apps
      • Total application coverage that grows with your growth
      • Bulletproof evidence
      • Precise user identification
      Remote Vendor Monitoring
      • Know exactly what 3rd party vendors are doing on your servers
      • Improve security, accountability and policy messaging
      • Transparent SLA and billing validation
      • No more ‘Finger pointing’
      Root-Cause Analysis
      • Know ‘Who did what?’: Answer the question that will really lead to problem resolution
      • Immediate root cause determination
      • Alerts from within Network Monitor Tools
      • Defeat the ‘Oops’ factor
      Who accessed the salaries spreadsheet in the past 24 hours?
      And what did they do?
      Without ObserveIT
      With ObserveIT
      Check the file system logs
      Check the HR app audit
      Check the finance dept. audit
      Check admin support app log
      Unified reporting of all user activity on the HR spreadsheet
      I wonder if there are other access points?
      Instant playback of exact user actions
      ??
      ??
      ??
      ??
    • Compliance and Security
      • Track every access to corporate servers and databases
      • Audit people, not just apps
      • Total application coverage that grows with your growth
      • Bulletproof evidence
      • Precise user identification
      Remote Vendor Monitoring
      • Know exactly what 3rd party vendors are doing on your servers
      • Improve security, accountability and policy messaging
      • Transparent SLA and billing validation
      • No more ‘Finger pointing’
      Root-Cause Analysis
      • Know ‘Who did what?’: Answer the question that will really lead to problem resolution
      • Immediate root cause determination
      • Alerts from within Network Monitor Tools
      • Defeat the ‘Oops’ factor
      Without ObserveIT
      With ObserveIT
      ObserveIT Answers Critical Needs
      What did SupportCorp do on our servers yesterday?
      Are they responsible for the data deletion event?
      I have no idea……
      Finger pointing accusations
      Lengthy SLA review
      Find the exact user session
      Is there anywhere we can find this information?
      ??
      Session playback eliminates any doubt
      ??
      ??
    • Compliance and Security
      • Track every access to corporate servers and databases
      • Audit people, not just apps
      • Total application coverage that grows with your growth
      • Bulletproof evidence
      • Precise user identification
      Remote Vendor Monitoring
      • Know exactly what 3rd party vendors are doing on your servers
      • Improve security, accountability and policy messaging
      • Transparent SLA and billing validation
      • No more ‘Finger pointing’
      Root-Cause Analysis
      • Know ‘Who did what?’: Answer the question that will really lead to problem resolution
      • Immediate root cause determination
      • Alerts from within Network Monitor Tools
      • Defeat the ‘Oops’ factor
      Why is our server broken?
      And how can I fix it?
      Without ObserveIT
      With ObserveIT
      ObserveIT Answers Critical Needs
      Check the event log
      Check the database log
      Identify cause of outage immediately
      Check the registry
      Check the network cable
      Attention all admins: Who touched this server?!?%!?
      ??
      ??
    • Agenda
      Quick Overview
      Why use ObserveIT
      Competitive Landscape
      Product Feature Demonstrations
      Enterprise-Ready Architecture
      Case Studies
    • Key Differentiators:ObserveIT ↔ Other Software-based Monitors
      ObserveIT captures ALL sessions
      Other solutions are protocol specific (ex. Only ICA, Only RDP)
      ObserveIT captures full textual metadata
      Not a simple “Dummy Recorder”
      ObserveIT is enterprise-ready
      Small footprint, pervasive user permissions, robust security, SCOM /CA integration
      ObserveIT allows fast search and navigation
      Other solutions do not capture metadata, thus requiring tedious playback to find a specific event
      ObserveIT audit reports are more thorough
      Detailed metadata, full coverage, plus real-time alerting
    • Key Differentiators:ObserveIT ↔ Network Appliances
      ObserveIT captures ALL sessions
      Appliances only record certain remote session protocols, and do not capture local console (admins and users must be routed via gateway)
      ObserveIT captures full textual metadata
      Appliances only capture what the network protocol gives them: Only text for CLI/text-based protocols; Only graphics for RDP/graphic-based protocols
      ObserveIT is best-of-breed solution
      Why use network appliance for remote login, when you can choose industry leading solutions (ex. Juniper)?
      ObserveIT allows fast search and navigation
      Appliances do not give chapter-based navigation, metadata searching, etc.
      ObserveIT allows both agent-less and agent-based deployment
      Flexible deployment scenarios can meet your specific requirements for every access point
    • Agenda
      Quick Overview
      Why use ObserveIT
      Competitive Landscape
      Product Feature Demonstrations
      Enterprise-Ready Architecture
      Case Studies
      Video Replay of User Sessions
      Comprehensive Searching and Navigation
      Policy-Based, Event-Driven Recording
      Report Generator
      Policy Messaging
      User Identification
      Real Time Playback
    • Clicking on video icon launches the video replay
      (see next slide)
      ObserveIT lists every user session
      Jump straight to the precise action.
      Replay only what you’re interested in.
      Within each session, details of every action taken
    • See an exact video playback of the entire user session
      (including mouse movements, selection of UI elements and text entry)
      Navigate quickly within the recording
      (including jumping between each activity, as the user launches a new app or opens a new window)
    • Agenda
      Quick Overview
      Why use ObserveIT
      Competitive Landscape
      Product Feature Demonstrations
      Enterprise-Ready Architecture
      Case Studies
      Video Replay of User Sessions
      Comprehensive Searching and Navigation
      Policy-Based, Event-Driven Recording
      Report Generator
      Policy Messaging
      User Identification
      Real Time Playback
    • Search and filter according to:
      • User ID
      • Date of Session
      • Specific Server
      Search and filter according to:
      • User ID
      • Date of Session
      • Specific Server
      Search and filter according to:
      • User ID
      • Date of Session
      • Specific Server
    • Google-like free text search: Search for any text appearing in user sessions
      • Application Name
      • Window Titles
      • UI Elements
      • User generated content
      Search results highlight exact location of user action within the user session timeline
    • Agenda
      Quick Overview
      Why use ObserveIT
      Competitive Landscape
      Product Feature Demonstrations
      Enterprise-Ready Architecture
      Case Studies
      Video Replay of User Sessions
      Comprehensive Searching and Navigation
      Policy-Based, Event-Driven Recording
      Report Generator
      Policy Messaging
      User Identification
      Real Time Playback
    • Define policies to handle each session
    • Granular policy rules to specify:
      • Whether to record video
      • What metadata to capture
      • If user identification is required
      • Specific users / applications / servers to include or exclude
      Granular policy rules to specify:
      • Whether to record video
      • What metadata to capture
      • If user identification is required
      • Specific users / applications / servers to include or exclude
      Granular policy rules to specify:
      • Whether to record video
      • What metadata to capture
      • If user identification is required
      • Specific users / applications / servers to include or exclude
    • Agenda
      Quick Overview
      Why use ObserveIT
      Competitive Landscape
      Product Feature Demonstrations
      Enterprise-Ready Architecture
      Case Studies
      Video Replay of User Sessions
      Comprehensive Searching and Navigation
      Policy-Based, Event-Driven Recording
      Report Generator
      Policy Messaging
      User Identification
      Real Time Playback
    • Create your own custom reports
      Schedule reports to run automatically for email delivery
      Deliver formatted report
      or
      Export Excel data
    • Design report according to precise requirements:
      • Content Inclusion
      • Data Filtering
      • Sorting and Grouping
      Design report according to precise requirements:
      • Content Inclusion
      • Data Filtering
      • Sorting and Grouping
      Design report according to precise requirements:
      • Content Inclusion
      • Data Filtering
      • Sorting and Grouping
      Design report according to precise requirements:
      • Content Inclusion
      • Data Filtering
      • Sorting and Grouping
    • Agenda
      Quick Overview
      Why use ObserveIT
      Competitive Landscape
      Product Feature Demonstrations
      Enterprise-Ready Architecture
      Case Studies
      Video Replay of User Sessions
      Comprehensive Searching and Navigation
      Policy-Based, Event-Driven Recording
      Report Generator
      Policy Messaging
      User Identification
      Real Time Playback
    • Immediately upon logging into the server…
      …the user receives your message
      (ex. Network Policy, Ticket #)
      NOTE: No database admin task may be performed between 0800 and 1800 GMT
      Please enter your support ticket number in box below.
      User is required to acknowledge receipt(and optionally required to enter response)
    • Agenda
      Quick Overview
      Why use ObserveIT
      Competitive Landscape
      Product Feature Demonstrations
      Enterprise-Ready Architecture
      Case Studies
      Video Replay of User Sessions
      Comprehensive Searching and Navigation
      Policy-Based, Event-Driven Recording
      Report Generator
      Policy Messaging
      User Identification
      Real Time Playback
    • User logs on as generic “Administrator”
    • ObserveIT requires username identification prior to granting access to system
      Active Directory used for authentication
    • Each session is now tagged with an actual name
      Login userid: administrator
      Actual user: daniel
    • Agenda
      Quick Overview
      Why use ObserveIT
      Competitive Landscape
      Product Feature Demonstrations
      Enterprise-Ready Architecture
      Case Studies
      Video Replay of User Sessions
      Comprehensive Searching and Navigation
      Policy-Based, Event-Driven Recording
      Report Generator
      Policy Messaging
      User Identification
      Real Time Playback
    • “On Air” icon shows that a session is currently active
    • Video replay of session is launched in Real-Time mode, with continuous updates until the session ends
      Video replay of session is launched in Real-Time mode, with continuous updates until the session ends
    • Agenda
      Quick Overview
      Why use ObserveIT
      Competitive Landscape
      Product Feature Demonstrations
      Enterprise-Ready Architecture
      Case Studies
    • Complete Coverage
      Agnostic to network protocol and client application
      Captures all Remote Sessions and also Console Sessions
      Terminal
    • Small Footprint
      Ultra-efficient data storage
      Less than 250GB/year for high-usage, 1000 server environment
      Minimal Agent CPU utilization
      0% CPU when no console active
      1%-2% CPU, 10 MB RAM during session
    • Integration with System Monitors
      Instant-replay from within your network management environment
      Microsoft SCOM, CA-Unicenter, IBM Tivoli, HP OpenView
      Real-time alerts
      On file access/deletion, Network share, Registry edit , RDP open connection, URL access etc.
      ObserveIT alert in CA-Unicenter
      ObserveIT alert in MS SCOM
      Trigger automatic email alert delivery
      Click on alert to see ObserveIT video playback
    • Robust Security Infrastructure
      Agent ↔ Server communication
      AES Encryption - Rijndael
      Token exchange
      SSL protocol (optional)
      IPSec tunnel (optional)
      Database storage
      Digital signatures on captured sessions
      Standard SQL database inherits your enterprise data security practices
      Watchdog mechanism
      Restarts the Agent if the process is ended
      If watchdog process itself is stopped, Agent triggers watchdog restart
      Email alerts sent on any watchdog/agent tampering
    • Pervasive User Permissions
      Granular permissions / access control
      Define rules for each user
      Specify which sessions the user may playback
      Permission-based filtering affects all content access
      Reports
      Searching
      Video playback
      Metadata browsing
      Access to ObserveIT Web Console is also audited
      ObserveIT audits itself
      Satisfies regulatory compliance requirements
    • System Components
      Agent
      Corporate Server
      HTTP Traffic
      (by default -TCP 4884)
      SQL Traffic
      (by default -TCP 1433)
      Agent
      Switch
      Application Server
      Web Console using IIS on
      Windows Server 2003/2008
      Database Server
      using MS SQL Server 2000/2005
      on Windows Server 2003/2008
      Corporate Server
      How it Works
      Each monitored desktop or server runs the ObserveIT Agent
      The Agent encrypts information about user activity and sends it to the Application Server
      Application Server analyzes data and stores it in the Database Server
      Web Management Console is a web-based interface for searching and reporting on captured user activity
      HTTP
      Agent
      ObserveIT Admin
      using a Web Browser
      Corporate Desktop
    • Deployment Architecture: Enterprise network (1000’s of servers)
      Agent
      LDAP Server
      LDAP Traffic
      (TCP 389)
      Corporate Servers
      HTTP Traffic
      App Server
      Agent
      Load Balancer
      Switch
      SQL Traffic
      DB Serveron MS SQL Cluster
      Corporate Servers
      App Server
      SQL Traffic
      Agent
      HTTP Traffic
      Corporate Desktops
      ObserveIT Admin
      Web Console
    • Deployment Architecture:Remote Access Gateway (Agent-less Servers)
      Published Applications
      Putty.exe
      RDP Traffic
      VPNTraffic
      Corporate Servers
      (No Agent installed)
      VPN
      ICATraffic
      Corporate Servers
      (No Agent installed)
      Terminal or Citrix Server
      with ObserveIT Agent
      Win2008
      TS Gateway
      RDP over SSL Traffic
      Telnet/SSHTraffic
      Corporate Servers
      (No Agent installed)
      App Server
      Web Console
      DB Server
    • Agenda
      Quick Overview
      Why use ObserveIT
      Competitive Landscape
      Product Feature Demonstrations
      Enterprise-Ready Architecture
      Case Studies
    • Case Study: Reducing Errors and Improving QoS at Pelephone
      Company: Pelephone
      Industry:  Cellular Network OperatorFounded:  1986Headquarters:  Tel Aviv, Israel
      Solution
      Business Environment
      Challenge
      • 1200-server IT environment in 3 hosting centers
      • Business applications (Billing, CRM, etc.) and Customer-facing applications (Revenue generating mobile services)
      • Maintain QoS with multiple 3rd party apps
      • Track activities of privileged vendor access

      Since we deployed ObserveIT, users are much more careful with their server activity. Knowing that your actions can be replayed has a remarkable effect.
      • Oct 2006: ObserveIT deployed on 5 internal business app servers
      • Nov 2006:ObserveIT resolves high-visibility outage
      • Minimized impact on mission-critical app
      • Identified improper actions by outsource vendor
      • Jan 2007: ObserveIT deployed on entire IT platform
      • 2007-Present:Multiple customer-facing outages solved
      • Positive ROI : Elimination of revenue losses from service outages pays for ObserveIT deployment many times over
      • 2008:ObserveIT integrated into CA-Unicenter environment

      Isaac MilshteinDirector, IT Operations, Pelephone
    • Company: VocaLink
      Industry:  Financial Services
      Founded:  2007 (Merger)
      Headquarters:  London, UK
      Solution
      Business Environment
      Challenge
      Case Study: Remote Access Visibility at VocaLink
      • Payment transaction platform distributed across Europe
      • Supporting 60,000 ATM machines
      • Clearing 90,000,000 transactions per day
      • Control access to system resources, including shared privileges between two merged corporate entities during period of merger
      • Achieve common system management and visibility
      • 2008- ObserveIT deployed to monitor and audit serve activity during merger activity
      • 2009- Successful visibility results from merger activity lead to system-wide deployment
    • Case Study: Compliance Auditing at Toshiba Medical
      Company: Toshiba Medical Systems
      Industry:  Healthcare Equipment Founded:  1939
      Headquarters:  Tokyo, Japan (Corp HQ) Los Angeles, CA, USA (Division)
      Solution
      Business Environment
      Challenge
      • Medical imaging products (MRI, CT, US, X-Ray) deployed at hospitals and medical centers worldwide
      • Customer support process requires remote session access to deployed systems
      • Strict HIPAA compliance regulations must be enforced and demonstrable
      • In addition, SLA commitments require visibility of service times and durations
      • ObserveIT deployed in a Gateway architecture
      • All access routed via agent-monitored Citrix gateway
      • Actual systems being accessed remain agent-less
      • Toshiba achieved 24x7 SLA reports, including granular incident summaries
      • Automatic generation of HIPAA regulatory documentation, led to reduced compliance costs and improved customer (hospital) satisfaction
    • Thank You!Netbr & Observe It5511 – 3159 4119