• Like
Cymphonix Network Composer User Guide
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Cymphonix Network Composer User Guide

  • 2,940 views
Published

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
2,940
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
17
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Network ComposerUser GuideV5.3
  • 2. ***While every effort is used to ensure this Network Composer User Guide is accurate,Cymphonix products are continuously being updated and modified. This may result inoccasional differences between what is portrayed and what is actually observed during usage.Please speak with a Cymphonix authorized Solution Provider for details on which features andservices can be made available for a specific network configuration and topology. Cymphonixrepresentatives can be reached at support@cymphonix.com or at 801-938-1500.Copyright © 2003 – 2005; Cymphonix and Network Composer are trademarks of CymphonixCorp.All other trademarks are the property of their respective owners.All Rights Reserved May 2005
  • 3. Cymphonix Network Composer User Guide Table of Contents (New/Updated in 5.3)Introduction.......................................................................................................................................... 2 Accessing Network Composer ......................................................................................................2 Network Composer Welcome Screen.....................................................................................................3 My Network Usage............................................................................................................................................. 3 Network Composer Administration ................................................................................................................ 3 Creating Usernames and Passcodes ........................................................................................................3Using Network Composer.................................................................................................................. 4 Welcome Dashboard.......................................................................................................................4 Navigation ...................................................................................................................................................4Monitor & Report................................................................................................................................ 5 Real Time Monitor ..........................................................................................................................5 Report Menu Toolbars ...................................................................................................................6 Alerts ............................................................................................................................................................6 Email Report/Report Broadcasts ............................................................................................................7 Applications Reports.......................................................................................................................8 User Reports.....................................................................................................................................8 Web Content Reports .....................................................................................................................9 Blocked Web Content.....................................................................................................................9 Bypassed Web Content...................................................................................................................9 Instant Messenger............................................................................................................................9 Spyware .............................................................................................................................................9 System Reports ................................................................................................................................9Shape and Create................................................................................................................................10 Application Shaping ......................................................................................................................10 Application Settings Manager.................................................................................................................10 User Shaping ..................................................................................................................................11 Create User Profile ...................................................................................................................................12Favorites ..............................................................................................................................................12Tools & Settings.................................................................................................................................12 Web Content ..................................................................................................................................12 Utilities ............................................................................................................................................13 Logins & User Rights....................................................................................................................14 Software ..........................................................................................................................................14 Network ..........................................................................................................................................14 Client Settings (Centralized Reporting)......................................................................................15 Settings ............................................................................................................................................16Additional Services ............................................................................................................................17 Contact Cymphonix/Feature Requests......................................................................................17 Cymphonix End User License Agreement ................................................................................18 Hardware Warranty .......................................................................................................................19 Extended Hardware Warranty Coverage..............................................................................................20 Expedited Hardware Replacement ........................................................................................................20 Return Procedure .....................................................................................................................................20 Technical Support .........................................................................................................................20May 2005 Cymphonix Network Composer Release Version 5
  • 4. IntroductionThank you for selecting Cymphonix Network Composer. Network Composer is an appliance thatsits on your network, typically between the Internet router/firewall and the network/LAN switch.As network traffic travels through the device, it evaluates data packets as they pass into and out ofyour network. Network Composer knows who is sending and receiving data, and exactly what typesof applications are moving to and from the Internet. The device can then monitor, filter, prioritize,log and shape traffic at the packet level by both user and application.The appliance offers many ways to manage the traffic on your network. The normalrecommendations for usage, especially initial usage after installation, include these steps: 1. Use the Network Composer Real Time Monitor to see what is happening on your network at any given time. 2. Use the Application and User Reports to determine normal usage patterns and to discover usage that exceeds or violates the acceptable use policies in place at your organization. 3. Set filtering policies, application and user shaping policies, and traffic priorities to allow the most critical applications and users to maintain priority access to the Internet.Optimizing your network traffic will allow your organization to get better network performance,improve productivity (by limiting or disabling unwanted applications), and reduce liability forinappropriate content (such as adult web sites or copyrighted peer to peer file sharing).Accessing Network ComposerNetwork Composer is accessed through a Web browser, which may allow you to access the systemfrom both inside and outside your network. For security reasons, access may be limited to internalaccess only.Your system administrator can tell you the IP Address of your Network Composer which you canthen record below and enter into the URL Address Bar of your browser._____._____._____._____There may also be a DNS name that will allow you to access the Network Composer interface suchas nc.mycompany.com.Supported Internet Web browsers include Internet Explorer (v. 6 or later) and Mozilla Firefox (v. 1or later).Page 2 Cymphonix™ Network Composer™ User Guide – Release Version 5May 2005 Copyright © 2003 - 2005
  • 5. Network Composer Welcome ScreenThe Network Composer Welcome screen offers two different ways to interact with the system; MyNetwork Usage, and Network Composer Administration.My Network UsageMy Network Usage allows you to view the network statistics associated with your computer such asvisited web sites, average usage, total uploads, and total downloads. You can also see how muchtraffic of each type of application is associated with your usage. This allows you to monitor yourown usage, and validate that you are obtaining the network speeds you expect. You may also be ableto detect usage patterns that suggest a computer virus or other infection, such as usage during offhours. In this case, you can seek additional assistance from your network administrator to ensureyour computer is functioning appropriately.Network Composer AdministrationNetwork Composer Administration offers system administrators, department managers, organizationdirectors, executives and other appropriate individuals to access network wide information. Thisincludes information about individual and total user and application activity, web histories, networkusage, device health, and more. It also enables access to the Real Time Monitor, Application SettingsManager, Welcome Dashboard, Auto-Email Report Manager, and User Reports, Profiles, andSettings.Selecting the login button prompts the user for a username and passcode. These will need to beprovided by the System Installer/Administrator. The default username is admin (all lowercase), andthe default passcode is cymphonix (all lowercase). These may have been changed during theinstallation process however.Important! – You should delete or change the default login information if it has not been changedalready to help secure your system.Creating Usernames and PasscodesUsernames and passcodes should be created by the System Administrator for each individual whoneeds access to the network wide data. Logins can be created & modified through the Tools &Settings → Logins portion of the application with full system rights, or with read only rights. It isrecommended that users who do not need to modify system settings be granted read-only logins.Page 3 Cymphonix™ Network Composer™ User Guide – Release Version 5May 2005 Copyright © 2003 - 2005
  • 6. Using Network ComposerWelcome DashboardUpon login, the Welcome Dashboard is presented. This dashboard by default contains theApplication Traffic Report, Bandwidth User Traffic Report, Top Web URLs, and the NetworkTraffic Report, however, you can substitute other graphs or charts on your dashboard whenever yousee this “Add to Dashboard” button.NavigationIn the system header, you can see the current software version, yourcompany name and the current date & time. The Main Menu toolbar is alsovisible, with the Menu bar for the current page highlighted.The current page toolbar contains buttons allowing you to interact with thecurrent system page. Available actions are in full contrast, while currentlyunavailable actions have been grayed out.Accessing the submenus from the Main menu is accomplished by mousingover the Main Menu.Page 4 Cymphonix™ Network Composer™ User Guide – Release Version 5May 2005 Copyright © 2003 - 2005
  • 7. Monitor & Report The Monitor & Report Menu offers you access to the Cymphonix Real TimeMonitor; easy to read, understand, and share Application, User, and System Reports; BlockedContent Reports; network performance; system health; and automated report distribution.Real Time MonitorThe Real Time Monitor is an application thatruns on Microsoft™ Windows™ basedcomputers. To obtain the application, selectMonitor & Report → Real Time Monitor.The landing page provides a link to downloadthe Real Time Monitor application.Download the application, and Save it to aconvenient location on your computer orchoose to Open or Run the applicationdirectly from the download dialogue.When the Real Time Monitor opens, enterthe IP Address assigned to the BandwidthTempo device, along with your NetworkComposer username and passcode.Using Network Composer Real Time MonitorOn the upper left side of the Real Time Monitor, there are three windows displaying (from the topdown): 1. The total traffic being uploaded (in blue) and downloaded (in green) through the system, 2. The total traffic by application type, and 3. The total traffic for the selected application You can select the application for the lower window from the “Total Application” drop down window.On the upper right side, there are three “traffic by user” windows. Select the user you wish to viewby double-clicking the IP Address in the IP Address table at the bottom right of the Monitor. Thetraffic information for that user will be displayed (from the top down): 1. The total traffic for the selected user 2. The total traffic by application type for the selected user 3. The total traffic for the selected application from the selected user. You can select the application for the lower window from the “User Application” drop down window.The Active IP Address table displays up to 50 active IP Addresses on the network, and allows you tosort by application type or total by clicking on the column headers. Double-click on an IP Addressto display the traffic information for that user in the User windows above.Page 5 Cymphonix™ Network Composer™ User Guide – Release Version 5May 2005 Copyright © 2003 - 2005
  • 8. Report Menu ToolbarsIn order to make effective use of the reports, several options have been designed to make theirinformation more valuable to your organization. Not all options may be available on all reports.Reporting PeriodYou can modify the time period of almost all reports in the reporting date toolbar. Select a presettime period from the dropdown menu, or tailor the report by specifying the report period using thecustom period fields. Select Run Report to update the information.Alerts Using the Add Alert button, you can establish and modify performance parameters thatif exceeded will result in an email notification. This allows you to respond to situations before theybecome critical.To create an Alert, select the Add Alert button from the page toolbar or from a specific reporttoolbar where applicable. Set a name for the alert that describes the condition you are watching for,and an email address or addresses (separated by semicolons) that need to be notified if the conditionsare reached.Select the 1º Alert Criteria to watch for (use Ctrl + Select for multiple selections within a list)1º Alert Criteria – User Application(s) (bandwidth threshold) Web Category (# of hits threshold) Specific URL (# of hits threshold) Network Traffic (bandwidth threshold)Then select a 2º Alert Criteria to provide additional specificity if desired1º User → 2 º options include: Applications or Categories or URLs1º Applications → 2 º options include: Users1º Categories → 2 º options include: Users1º Specific URL → 2 º options include: UsersVerify the threshold parameters and click “Save Alert” to finish.You can access all saved Alerts from the Monitor & Report → Alerts submenu.Add to Dashboard The Welcome Dashboard contains up to four summary reports that areimmediately visible upon login. Using the Add to Dashboard button, administrators can modify thecontents of the Dashboard to reflect the information they want to view. When adding a new graphor report to the Dashboard, simply select the location you wish to insert the new information, and itwill replace the existing graph or report.Page 6 Cymphonix™ Network Composer™ User Guide – Release Version 5May 2005 Copyright © 2003 - 2005
  • 9. Add to Favorites Selecting Add to Favorites allows you to build a list of reports and graphs accessiblefrom the Main Favorites Menu.Print Select the Print button to obtain a printable view of any reportEmail Report/Report Broadcasts The Email report button allows administrators to establish automated email deliveryof selected reports to any email address. This is useful when people may need access to informationon a regular basis, but don’t require an administrator login. Additionally, this makes it easy formanagers to understand normal activity rates as well as spot anomalies. Finally, regular reports allowfor a considered approach to upgrades and other scalability concerns.To create a new report broadcast, start with a name that is descriptive of the information andaudience it is to be sent to. Enter recipient email addresses in the To field, separating multiple entrieswith a semicolon. ‘;’ If you want to have recipients be able to reply to the message, enter a validemail address in the From field. Select how often you wish to send the broadcast in the period field,and the format for the data in the email. Typically, email reports are sent weekly or monthly. Thestart date is the first time the email will be sent, then it will repeat every time the “Period” value isreached.The Summary Reports include the graphs associated with that information. The Detail Reports mayalso include graphs and other additional information. On large networks, the detail reports canbecome quite large. To save the broadcast schedule, select the Save Broadcast button at the lower leftof the page. This allows you to easily re-open the settings for future modification. To send the broadcast only once, select the Send Broadcast Now button at thelower right of the page. This allows for easy creation of one time or ad hoc report broadcasts.Download/Export Data You can export data from the reports to use in other reporting ordata analysis tools. The export format options include • PDF (Adobe Portable Document Format) • Spreadsheet / Microsoft™ Excel (comma separated values), • XML (eXtensible Markup Language)Edit Settings Where application class bandwidth usage is displayed, selecting the Edit Settings linkconnects you with the Application Settings Manager. This allows you to modify the applicationsettings for the appropriate application class.Scale to Peak The default view for reports shows the bandwidth usage relative to the total size ofthe Internet connection. In some cases, the bandwidth used by the selected application type may bePage 7 Cymphonix™ Network Composer™ User Guide – Release Version 5May 2005 Copyright © 2003 - 2005
  • 10. so much smaller than the total size of the connection that it appears empty. Selecting the Scale toPeak button allows users to view the data in the report scaled to the local data peak, rather than thesystem connection size for easier viewing and interpretation.Expand Report The expand report link is placed at the right hand edge of most summary reporttitle bars. This link opens a full report showing not just the summary information, but also all of thedetails available for download/export.Applications ReportsThe Application Overview provides a summary of all the application types active on the system inthe given time period (defaults to past 24 hours).From the Application Overview Graph, you can viewdetailed reports on the listed application classes byclicking on the desired application class in the graphlegend.Following the Application Overview in the Application Report Menu are individual application datareports. Recognized applications include: • P2P (Peer to Peer) • VOIP Traffic • Custom1 Traffic • NetBios Traffic • Online Games • Custom2 Traffic • HTTP/HTTPS • IM/Chat Traffic • Custom3 Traffic • FTP Traffic • Remote Desktop • Custom4 Traffic • Email Traffic • Streaming Media • Custom5 Traffic • SSH/Telnet/DNS • VPN Traffic • ICMP/TOS • Unknown TrafficWithin the specific Application Reports, administrators with full rights can setand modify the settings associated with each application class policy using thedrop down menus within the report window. Administrators with read-onlyrights can view, but not modify any policy settings. Report details include peakand average traffic, as well as total download and upload usage.Selecting the Edit Settings link from the overview or the individual trafficreports will take you to the Application Settings Manager where all applicationshaping policies can be viewed and/or modified.User ReportsThe User Overview report provides a summary of the heaviest network users, displaying total usage,top upload, and top download users. Links within the reportsallow you to immediately access more detailed information aboutspecific users.Individual User Profiles display network usage information aboutthe selected user. These reports are also available directly to theusers under the My Network Usage link from the NetworkComposer login page.Web Requests by User are also available under the User Reportsmenu option. The Web Request User Hit Report lists the usersPage 8 Cymphonix™ Network Composer™ User Guide – Release Version 5May 2005 Copyright © 2003 - 2005
  • 11. who have the most Web hits. From here, you can click on the names of users you wish to investigatefurther. This then displays the Internet Web surfing history of the selected computer/user. The timeand date stamp data help to provide context about when the link was accessed and for how long.Web Content ReportsThe most frequently requested categories of websites are displayed in the Web Requests byCategory report. This allows both system administrators and business managers to verify thatacceptable usage policies are being adhered to.To exempt a user from Web Request logging/Web Filtering, simply access Monitor & Report →Users → Profiles, select their profile and check “No Web Requests/Filtering” in the ProfileSettings section.The File Types and MIME Types reports display the most frequently downloaded and/oruploaded file types. Selecting the Edit Settings link allows you to edit the appropriate Blocked Typespage. By adding file types to the Blocked list, those file types will not be allowed to be uploaded ordownloaded through the system.The Web sites report displays the most frequently requested web sites. From the details section ofthe report, you can view which users have been accessing the site by clicking on the users link. TheURL Link button takes you directly to the selected URL to verify the site contents as needed.Blocked Web ContentReports showing Websites that users attempted to view but were blocked are located in the BlockedWeb Content submenu. Reports show why a particular Website was blocked. Websites can beassociated with blocked categories or blocked websites, and/or pages may include file types that areblocked.Bypassed Web ContentReports showing Websites that users were initially blocked from accessing but chose to bypass thefiltering to view the site anyway are located in the Bypassed Web Content submenu. Reports showwhy a particular Website was blocked. Websites can be associated with blocked categories orblocked websites, and/or pages may include file types that are blocked.Instant MessengerReports displaying Instant Messenger (IM) usage by network users is reflected in the InstantMessenger reports. Reports include which services are in use on the network, how much timevarious users are spending in IM and links to logged IM conversations.To exempt a user from IM logging, simply access Monitor & Report → Users → Profiles, selecttheir profile and check “No IM Logging” in the Profile Settings section.SpywareThe Blocked Spyware Reports allow administrators to view how many users have been blocked byand or bypassed the spyware filtering within the system.System ReportsNetwork Graphs display overall network usage for the selected time period. System administratorsmay find these helpful in determining maximum, average, and minimum usage for a selected timeperiod or service level. Information on the number of active users and latency are also available.Page 9 Cymphonix™ Network Composer™ User Guide – Release Version 5May 2005 Copyright © 2003 - 2005
  • 12. System Graphs show information about the appliance itself, including temperature, memory usage,and CPU utilization. It is normal to see consistently heavy memory usage.The Open Port report generates a list of all open ports within the monitored subnets. This allowssystem administrators to view which machines within their networks have open ports. The port #,listed protocol, service description, and the number of machines with that port open is displayed inthe details section of the report. By expanding a selected port detail row, you can view whichmachines have the port open.Due to the overhead involved in scanning an entire network for all open ports, the system cachesport information for each machine on the network.If you have reason to update the report information, you can update multiple users (recommendedmaximum of 50 users) using the Tools & Settings → Utilities → Rescan Ports utility.For individual users, you can select Rescan User Profile in the Profile settings portion of the selectedusers profile available from Monitor & Report → Users → Profiles.Report Broadcasts & AlertsFor information on Report Broadcasts, and Alerts, see the Report Menu Toolbar section above.Shape and Create This portion of the menu offers tremendous control over the way traffic passesinto and out of your network. By configuring the application and user settings under this menu, youwill be able to optimize your network traffic. Administrators with full rights can create and modifyshaping policies. Administrators with read-only rights can view, but cannot create or modify anypolicies.Application ShapingThis page displays all the available application classes; the individual applications or traffic typescontained within those classes are visible by selecting the class name. For example, the P2P or Peerto Peer class contains the individual applications KaZaa, Morpheous, Grokster, BitTorrent and manyothers. The complete list of applications included within the class can be seen by clicking on theclass name.Application Settings ManagerApplication Shaping options include an upload maximum, a download maximum, and a priority.The maximum settings automatically suggest limits based on percentages of stated bandwidthavailable. More precise settings are always available by selecting custom, and entering the desiredbandwidth limit. While there are allowances for bursts of traffic, sustained upload or downloadspeeds will not exceed the configured maximums.Priority settings allow administrators to list traffic in order of sensitivity and importance. Typically,real time applications such as VoIP or video conferencing require very little delay to function well,and as such should be given Highest priority. Less delay sensitive applications such as email or webtraffic can handle more moderate or normal priorities. Non-business applications, or entertainmentsuch as peer to peer traffic or online games can be assigned low priority or disabled entirelyaccording to organization policies.Page 10 Cymphonix™ Network Composer™ User Guide – Release Version 5May 2005 Copyright © 2003 - 2005
  • 13. It is recommended that maximums for any traffic class not be allowed to exceed 80% of totalbandwidth. At this level, other lower priority traffic may not be allowed to pass at all until all of thehigh priority traffic is complete.The list of recognized applications grows regularly and new signatures are frequently included inproduct releases and upgrades. The recognized applications classes includes: • P2P (Peer to Peer) • VOIP Traffic • Custom1 Traffic • NetBios Traffic • Online Games • Custom2 Traffic • HTTP/HTTPS • IM/Chat Traffic • Custom3 Traffic • FTP Traffic • Remote Desktop • Custom4 Traffic • Email Traffic • Streaming Media • Custom5 Traffic • SSH/Telnet/DNS • VPN Traffic • ICMP/TOS • Unknown TrafficThe Custom Application classes are available for system administrators to control individual trafficstreams as long as all traffic can be accounted for over specific traffic ports or ranges of ports. Fortrue packet level control, the ability to manage additional applications must be coordinated withCymphonix Professional Services, available at support@cymphonix.com or by phone at 801-938-1500 (opt. 2 Customer Service). The capture packet service built into Network Composer can beused to obtain a sample of the traffic desired to control. Contact the Services group above for moreinformation on timing, pricing, and additional technical requirements.User ShapingIn some cases, for example traffic to and from servers, needs to be treated as higher or lower prioritythan other traffic of the same application class from other users. User shaping options can beconfigured to allow a maximum upload, maximum download, and priority on a per machine basis.Specifically, traffic associated with a given MAC address or IP address will be subject to the usershaping settings.Application shaping rules act as gatekeepers over user shaping rules. In other words, if anapplication class has a total download maximum of 512 Kbps, a user with a download maximumsetting of 1000 Kbps will not exceed the listed application class maximum. This is to preventapplications from exceeding their organization wide limits. In the example above, the user is free toutilize the remaining portion of provisioned bandwidth on other application class traffic up to theuser limit.User priority settings apply to traffic within the same application class. If a server has been assigneda higher priority than default, it will have a higher effective priority of transmission that all otherdefault users within that class. The priority does not affect transmission rates outside of theapplication class. For example, high user priority http traffic will not displace high applicationpriority VoIP traffic.To shape a user, select the user from the list (sorted by machine name) and select the download andupload maximums and set a priority. Click submit to save changes.The users download and upload bandwidth settings are the total of all traffic types for that userthrough the Network Composer system. In other words, if a user maximum is set at 512 Kbps, theyPage 11 Cymphonix™ Network Composer™ User Guide – Release Version 5May 2005 Copyright © 2003 - 2005
  • 14. will not be able to access more bandwidth at any one time regardless of the number and type ofapplications being used.Create User ProfileUser Profiles must be created for new users if MAC basedauthentication is in place. Once a Network Composer systemhas been installed, access to information that lies on the otherside of the system, the Internet for example, can only be allowedonce the users MAC address and machines name have beenadded to the system. Additionally, if a machine is known to notneed access through the system, a profile can be created whichspecifically de-activates system access and throughput for thatmachine.Favorites Adding a graph, chart or report to favorites is accomplished by clicking on the“Add to Favorites” star icon. This will allow an administrator to quickly create a list of regularlyaccessed information that will speed up future administration sessions. Add a descriptive name tothe shortcut for rapid access in the future, and click submit to save.The Welcome Dashboard is a collection of the top 4 items the administrator desires to view uponsystem login. Selecting the “Add to Dashboard” icon where found allows the administrator to placethe item in one of the four locations.To organize your Favorites list, select the order you want, or delete items that are no longernecessary.Tools & Settings This menu offers many of the Installation and Configuration options, as well asaccess to the web filtering capabilities within Network Composer.Web ContentBlocking inappropriate Web content (frequently called blacklist orblacklisting) by Web category, file type, MIME type and specific URLs,and the controls for allowing (or whitelisting) specific Websites areaccessed through the Web Content submenu.Blocking web sites by category is an efficient way to reduce thelikelihood of certain categories of websites being viewed within yourorganization. While no filtering solution can ever be perfect, thecontent filtering capabilities and the real time content analysis engine,combined with the Web surfing history logging capabilities offer arobust solution to controlling content that exceeds that offered by URLfiltering alone. Knowing that all web traffic is logged and can be usedto enforce acceptable use policies is frequently sufficient to reduce ifnot eliminate unacceptable Web surfing.Page 12 Cymphonix™ Network Composer™ User Guide – Release Version 5May 2005 Copyright © 2003 - 2005
  • 15. File type blocking and MIME type blocking dis-allows downloads of selected types. Theseunencrypted downloads may contain viruses or spyware, but they may also simply be bandwidthintensive or generally not productivity or organization related and therefore contribute to bandwidthcongestion issues. Select file types you wish to block (use Ctrl + Select for multiples), then add themto the block list using the arrows.By blocking specific URLs or Websites, you can prohibit traffic to sites deemed inappropriate for theorganization regardless of their categorization or content.The Whitelist capability allows you to specifically allow traffic to a given URL or Website, regardlessof the categorization or content.UtilitiesThe Utilities submenu offers a number of tools designed to optimize Network Composer capabilitiesin your organization or business.Human NamesThe Human Names option allows you to select the MAC/IP addresses and machine names ofcurrent users, and request that they enter their first and last name. This name will then appear on allreports and profiles allowing for more rapid identification of the user.Do not select unattended computers/appliances/devices such as routers, firewalls, servers, etc., forHuman Name activation. These may require access to the Internet for upgrades, patches, or otherupdates, but will be blocked if they do not successfully complete the Human Names request pagepresented as a result of this option being activated.Capture PacketsThe capture packets screen allows administrators to identify specific machines from which NetworkComposer will record up to 60 seconds of traffic. This will allow Cymphonix Professional Servicesto create a signature unique to that application that will then allow for packet level identification,recognition and control. If you wish to use this to capture a currently unrecognized application, youwill also need to contact Cymphonix at support@cymphonix.com or by phone at 801-938-1500 (opt.2 Customer Service) to obtain additional timing, pricing, and technical information.The Feature Request email screen allows you to request and comment on new and modifiedcapabilities within the Network Composer system. All requests are received atfeature@cymphonix.com. If you are sending from within the system, please be sure to include yourcontact information so that we can verify new or modified features and capabilities as well as thankyou for your submissions. While not all requests can be included, we do appreciate your thoughtsand feedback, and want to provide you with an easy way to let us know what you like and how wecan improve.Rescan PortsAs part of the user profile information, an open port report is available on every user. This data isalso presented as a collection so that the administrator may view a list of all open ports anywhere onthe network and then identify which machines have the ports open. Knowing which ports should beopen and on which machines is helpful in determining where additional security measures may beneeded. Additionally, being able to easily identify suspicious ports and the machines affected is easyaccomplished with Network Composer. See User Profiles for additional information.Page 13 Cymphonix™ Network Composer™ User Guide – Release Version 5May 2005 Copyright © 2003 - 2005
  • 16. When changes have been made affecting the open ports of one or more machines, the rescan portsoption can be invoked to update the report with the new information on the selected user/machineimmediately.Time ZoneSetting the appropriate time zone allows the time and date stamps to be accurate, as NetworkComposer will auto-synchronize with Internet time servers.Support LinkThe Support Link is an easy and secure method to allow authorized Cymphonix Engineers toexamine your system with your permission. The system cannot be activated without your actions,but offers a way for support personnel to observe your system in the event that their assistance isneeded.Logins & User RightsCreating and modifying administrator logins is accomplished through the Login submenu. Asdiscussed previously, login usernames and passcodes should be created for each distinct user whoneeds access to system wide data. Email reports can be created for individuals who need periodicaccess to specific usage data, and all users can check their own data using the My Network Statisticsfeature from the Welcome Page.Logins can be established as either Full Control or Read Only. Full Control logins have access to allsections of the system, and can make any modifications to both user and application settings. ReadOnly logins have rights to view all data, and to establish auto-mail reports, but cannot make changesto the shaping configurations.SoftwareThe Software submenu contains links to the system license information, the company name andsystem defaults.System licensing displays the maximum throughput (throughput is full-duplex, e.g. 90Mbps is90Mbps upload AND download for a total of 180 Mbps total throughput). Also displayed is themaximum number of nodes (used to establish the total number of user profiles on the system), andthe system identifier code. This code is required to order upgrades to system capacity if available.The Company Name is displayed on reports, charts and system screens. This is helpful inidentifying a particular location or geography in a multiple system organization.Software defaults allow you to set generic rules that apply to all users on a system. This is helpfulso that as the system auto-populates with users, they are all assigned a standard set of rules. Thisallows for management by exception, saving time for administrators who now need to manage onlythose users or machines who do not follow the standard rule set.NetworkThe Network Submenu offers Custom Traffic controls and VLAN/Subnet controlsCustom 1 – 5 Traffic controls offer administrators a way to manage traffic by port for applicationswhich are not currently recognized by default.Page 14 Cymphonix™ Network Composer™ User Guide – Release Version 5May 2005 Copyright © 2003 - 2005
  • 17. The user auto-discovery capabilities will discover VLAN implementations within the same broadcastdomain without any further configuration.Network Composer standard settings monitor the subnet into which it is installed. In order tomonitor user traffic outside of the local subnet, the additional subnets to be monitored must belisted.For subnets or other network segments that exist outside the broadcast domain containing NetworkComposer, the administrator needs to manually enter the subnets to be monitored under: Tools & Settings → Network → Remote Subnets Subnets should be entered in the following format: Network/CIDR Subnet --------------/---- (e.g.)192.168.1.0/24There is no need to reboot after making this change. Within one hour it will start populating UserProfiles from those subnets. • As MAC Addresses are not transmitted beyond the broadcast domain, the MAC address listed in the user profile will be a unique identifier assigned by Network Composer. • Network Composer cannot monitor users outside of the broadcast domain when Network Address Translation (NAT) is being used between broadcast domains.Client Settings (Centralized Reporting)Centralized Reporting allows administrators with distributed networks to aggregate data from severalNetwork Composers and generate reports and views of network activity over many segments.Begin by setting up a Network Composer NC500 which can be designated as the Host(NC500/BC100 systems can serve as a host or a client, NC200 systems can serve as clients). UnderTools & Settings → Client Settings, select New Client Authorization. In the box labeled “NewClient IPs”, enter the public IP (post NAT) address of any client location that will be reporting tothis Host server. Click on the right arrows ( » ) to authorize the IP(s) on this host.Next, install the client location Network Composer. Once the client Network Composer is installed,access the Tools & Settings → Settings → Advanced menu. Enter the public IP address of theHost system in the “Data Host IP” field, and click Next to continue. See the troubleshooting guideat the end of this section if any errors are displayed. Once you have confirmed your settings, theclient system will begin uploading its user data to the host system once every five (5) minutes.On the host system, the administrator can now create names for the various client systems under theTools & Settings → Client Settings → Existing Client Configuration menu. It isrecommended that client names be assigned by geography or some other notable characteristic toallow users to easily know which data they are viewing.When a client system begins reporting its data to the host, use the Client Display Group Manager toestablish policies for viewing data collected by the clients. The Client Display Group Manager isaccessible from the Tools & Settings → Client Settings → Client Display Groups menu on thehost system and allows administrators to organize client systems into groups (a group may consist ofone client system, a subset of the systems, or all the systems), create a name for a group, and grantPage 15 Cymphonix™ Network Composer™ User Guide – Release Version 5May 2005 Copyright © 2003 - 2005
  • 18. access to individual logins. In the Network Composer report menus, an additional toolbar will allowadministrators to select which group they wish to view.Client Settings TroubleshootingIf a client system is unable to communicate with the host, it will display one of three errors. 1. “<IP address> is either not a Composer or is not configured to allow client connections”. Problem: An invalid or incorrect Data Host IP Address was entered in the Advanced Settings menu. 2. “Timeout attempting to connect to <IP address>”. Problem: The IP address entered in the Data Host IP field of the Advanced Settings Menu could not be reached. 3. “Error connecting to remote database…”. Problem: The correct Data Host IP address is entered, but the client IP address has not been correctly added as an Allowed Client. The IP address in this error should be added to the host in the Client Settings → New Client Authorization menu as described previously.SettingsThe Settings submenu offers access to Network Composer installation and configuration data. Onlytrained technicians should modify system settings as inappropriate or inaccurate settings will result inthe system being unable to function correctly, including the total loss of connectivity. If thishappens, simply disconnect Network Composer, and connect the network/LAN switch directly tothe Internet firewall/router until the system can be restored.The Network Composer settings are those basic settings that are required to function appropriately.The current settings should be recorded below in case they are needed to rebuild the system in anemergency.DNS Server IP Address _____._____._____._____Composer IP Address _____._____._____._____Subnet Mask _____._____._____._____Network Gateway _____._____._____._____Download Link Speed ___________________ (bits/sec)Upload Link Speed ___________________ (bits/sec)Advanced settings are used to manipulate features that are not commonly modified within thesystem. These include the host name and domain, SNMP auto-population information, Shapingoptions and other controls. Please contact your authorized Cymphonix Reseller for moreinformation if these settings apply to your network.After certain upgrades and system modifications, Network Composer must be rebooted before theycan take effect. Rebooting the system can take up to 2 minutes before traffic can be restored.Scheduling updates or other changes when traffic is either light or can be temporarily interrupted isrecommended.Page 16 Cymphonix™ Network Composer™ User Guide – Release Version 5May 2005 Copyright © 2003 - 2005
  • 19. FilterThe Global Filtering settings allow the administrator to enable or disable filtering capabilities that willbe engaged for all users on the system. Additionally, users with proxy/caching systems can set theiraddress information.Premium Filtering is included on all v5.3 systems with a current software subscription (ASM) at noadditional charge. It includes the real-time content analysis component of Cymphonix Web Filtering(the URL list-only filtering is not affected by this setting), the custom Redirection Page, and activeSpyware scanning.Premium Filtering is disabled by default on firmware upgrades to avoid overtaxing busy systems, butcan be enabled by selecting the checkbox. If there are any concerns about the systems performancewith premium filtering enabled, please contact your Authorized Cymphonix Dealer for assistance.New systems have Premium Filtering enabled from the factory.RebootThe ability to reboot the system remotely is accessible through the Reboot option. A landing pagewarns users of the potential disruption to the system during the approximately 2 minutes required toreboot a system. The option is not available for administrators with read-only logins.System MaintenanceNetwork Composer is designed to be a robust, efficient platform for managing Internet traffic. Aswith all critical connectivity components and appliances, appropriate uninterruptible power supplies(UPS) and surge protection must be implemented to maintain regular and effective operation. Theappliance should not be installed in a location that does not have constant regulation for heat andhumidity. In order to keep the cooling fans and internal components operating efficiently, it isrecommended that a small hand vacuum be used along the front and front sides of the appliance tokeep the dust filters clear.Additional ServicesContact Cymphonix/Feature RequestsTo suggest modifications, make feature requests, or to comment on the product and/or yourexperience with it, we would love to hear from you at feature@cymphonix.com. Please make sureyou identify the product in your email and a way to get back in touch with you if desired. You canalso send us requests/comments directly from within the application by selecting the Tools &Settings → Utilities → Feature Request window.Page 17 Cymphonix™ Network Composer™ User Guide – Release Version 5May 2005 Copyright © 2003 - 2005
  • 20. Cymphonix End User License AgreementCymphonix License and WarrantyPLEASE READ THE FOLLOWING BEFORE USING THE ACCOMPANYING PRODUCT.YOU SHOULD CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONSBEFORE USING THE ACCOMPANYING SOFTWARE AND HARDWARE (“APPLIANCE”).THE USE OF THE PRODUCT IS LICENSED FOR USE ONLY AS SET FORTH BELOW. IFYOU DO NOT AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT, DONOT USE THE PRODUCT. IF YOU USE ANY PART OF THE SOFTWARE ANDHARDWARE, SUCH USE WILL INDICATE THAT YOU ACCEPT.License Grant. Subject to the terms and conditions of this License, Cymphonix grants you anonexclusive right and license to use the Software on the Appliance, in addition, (1) you may notrent, lease, sell, sublicense or lend the Appliance; (2) you may not reverse engineer, decompile,disassemble or modify the Software or Appliance, except and only to the extent that such activity isexpressly permitted by applicable law notwithstanding this limitation; and (3) you may not transferrights under this License unless such transfer is part of a permanent sale or transfer of the Product,and you transfer at the same time the Appliance and Software to the same party or destroy suchmaterials not transferred, and the recipient agrees to this License. No license is granted in any of theSoftware’s proprietary source code.You may make a reasonable number of copies of the electronic documentation accompanying theSoftware for each Software license you acquire, provided that, you must reproduce and include allcopyright notices and any other proprietary rights notices appearing on the electronic documentation.Cymphonix reserves all rights not expressly granted herein.Intellectual Property Rights. The Software and Appliance is protected by copyright laws, internationalcopyright treaties, and other intellectual property laws and treaties. This license does not grant youany rights to patents, copyright, trade secrets, trademarks or any other rights with respect to theSoftware and Appliance. Cymphonix and its suppliers retain all ownership of, and intellectualproperty rights in (including copyright), the Software and Appliance. However, certain componentsof the Software are components licensed under the GNU General Public License (version 2), whichCymphonix supports. You may obtain a copy of the GNU General Public License athttp:/www.fsf.org/copyleft/gpl.html. Cymphonix will provide source code for any of thecomponents of the Software licensed under the GNU General Public License upon request.Export Restrictions. You agree that you will not export or re-export the Appliance, Software, anypart thereof, or any process or service that is the direct product of the Appliance or Software inviolation of any applicable laws or regulations of the United States or the country in which youobtained them.U.S. Government Restricted Rights. The Software and related documentation are provided withRestricted Rights. Use, duplication, or disclosure by the Government is subject to restrictions setforth in subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause atDFARS 252.227-7013 or subparagraphs (c) (1) and (2) of the Commercial Computer Software –Restricted Rights at 48 C.F.R. 52.227-19, as applicable, or any successor regulations.Term and Termination. This License is effective until terminated. The License terminatesimmediately if you fail to comply with any term or condition. In such an event, you must destroy allcopies of the Software. You may also terminate this License at any time by destroying the Product.Page 18 Cymphonix™ Network Composer™ User Guide – Release Version 5May 2005 Copyright © 2003 - 2005
  • 21. Governing Law and Attorney’s Fees. This License is governed by the laws of the State of Utah,USA, excluding its conflict of law rules. You agree that the United Nations Convention on Contractsfor the International Sale of Goods is hereby excluded in its entirety and does not apply to thisLicense. In any action or suit to enforce any right or remedy under this License or to interpret anyprovision of this License, the prevailing party will be entitled to recover its costs, includingreasonable attorneys’ fees.Entire Agreement. This License constitutes the entire agreement between you and Cymphonix withrespect to the Software, and supersedes all other agreements or representations, whether written ororal. The terms of this License can only be modified by express written consent of both parties. Ifany part of this License is held to be unenforceable as written, it will be enforced to the maximumextent allowed by applicable law, and will not affect the enforceability of any other part.CYMPHONIX DISCLAIMS ANY AND ALL OTHER WARRANTIES, WHETHER EXPRESSOR IMPLIED, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OFMERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. OTHER THAN ASSTATED HEREIN, THE ENTIRE RISK AS TO SATISFACTORY QUALITY,PERFORMANCE, ACCURACY, AND EFFORT IS WITH YOU. ALSO, THERE IS NOWARRANTY AGAINST INTERFERENCE WITH YOUR ENJOYMENT OF THESOFTWARE OR AGAINST INFRINGEMENT. IF YOU HAVE RECEIVED ANYWARRANTIES REGARDING THE DEVICE OR THE SOFTWARE, THOSE WARRANTIESDO NOT ORIGINATE FROM, AND ARE NOT BINDING ON, CYMPHONIX.NO LIABILITY FOR CERTAIN DAMAGES. EXCEPT AS PROHIBITED BY LAW,CYMPHONIX SHALL HAVE NO LIABILITY FOR COSTS, LOSS, DAMAGES OR LOSTOPPORTUNITY OF ANY TYPE WHATSOEVER, INCLUDING BUT NOT LIMITED TO,LOST OR ANTICIPATED PROFITS, LOSS OF USE, LOSS OF DATA, OR ANYINCIDENTAL, EXEMPLARY SPECIAL OR CONSEQUENTIAL DAMAGES, WHETHERUNDER CONTRACT, TORT, WARRANTY OR OTHERWISE ARISING FROM OR INCONNECTION WITH THIS LICENSE OR THE USE OR PERFORMANCE OF THESOFTWARE. IN NO EVENT SHALL CYMPHONIX BE LIABLE FOR ANY AMOUNT INEXCESS OF THE PURCHASE PRICE AND/OR ANY LICENSE FEES PAID TOCYMPHONIX UNDER THIS LICENSE. SOME STATES AND COUNTRIES DO NOTALLOW THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL ORCONSEQUENTIAL DAMAGES, SO THIS LIMITATION MAY NOT APPLY TO YOU.Hardware WarrantyCymphonix Corp. warrants your Cymphonix product to be in good working order and to be freefrom defects in workmanship and material (except in those cases where materials are supplied by thePurchaser) under normal and proper use and service for the period of one (1) year from the date ofpurchase from an Authorized Cymphonix Reseller. In the event that this product fails to meet thiswarranty within the applicable warranty period, and provided that Cymphonix confirms the specifieddefects, Purchaser’s sole remedy is to have Cymphonix, at Cymphonix’s sole discretion, repair orreplace such product at the place of manufacture, at no additional charge other than the cost offreight of the defective product to and from the Purchaser. Repair costs and replacement productswill be provided on an exchange basis and will be either new or reconditioned. Cymphonix willretain, as its property, all replaced parts and products. Notwithstanding the foregoing, this hardwarewarranty does not include service to replace or repair damage to the product resulting from accident,disaster, abuse, misuse, electrical stress, negligence, any non-Cymphonix modification of the productexcept as provided or explicitly recommended by Cymphonix, or other cause not arising out ofPage 19 Cymphonix™ Network Composer™ User Guide – Release Version 5May 2005 Copyright © 2003 - 2005
  • 22. defects in material or workmanship. This hardware warranty also does not include service to replaceor repair damage to the product if the serial number or seal or any part thereof has been altered,defaced, or removed. If Cymphonix does not find the product to be defective, the Purchaser will beinvoiced for said inspection and testing at Cymphonix’s then current rates, regardless of whether theproduct is under warranty.Extended Hardware Warranty CoverageIf Purchaser buys Extended Hardware Warranty Coverage at the time of product purchase or withinthirty (30) days from the date of original purchase, the period of the warranty will be extended by theamount of coverage (one (1) or two (2) years) for a total of up to three (3) years of coverage.Expedited Hardware ReplacementIn the event that the Standard or Extended Hardware Warranty Coverage is engaged, an expeditedhardware replacement option is available. This program allows a customer to receive a temporaryreplacement unit to provide the needed functionality while the original unit is undergoing warrantyservice.Once an RMA has been established for the original unit, customers will be given the option ofExpedited Hardware Replacement. Cymphonix will obtain valid credit card information from thecustomer, and a temporary (loaner) unit will be shipped for the earliest delivery possible. (Via priorityovernight delivery in most cases). The temporary unit will be available to the customer as long astheir original unit is undergoing service. Once the original unit has been repaired or replaced, andreturned to the customer, the customer will have 5 business days to return the loaner unit. If theloaner unit is returned in that time, the credit card will only be charged for the shipping costs of thereplacement program, plus a $25 processing fee. If the temporary unit is not returned, the credit cardwill be charged for the current retail price of the unit.Return ProcedureBefore returning any product to Cymphonix for either warranty service, trial period expiration, orother reason, a Return Materials Authorization (RMA) must first be obtained from Cymphonix.Product should be returned, freight prepaid, in its original or equivalent packaging, to the addressbelow. Warranty service returns must also include proof of purchase. Purchaser shall agree to insurethe product or assume the risk of loss or damage in transit.Cymphonix Corp.Attn: RMA ####8871 S. Sandy Parkway, Suite 150Sandy, UT 84070801-938-1500Technical SupportFor additional usage and technical support, please contact your Authorized Cymphonix Reseller.Authorized Cymphonix Resellers can contact Cymphonix Technical Support atsupport@cymphonix.com or during normal business hours by phone at 801-938-1500. Should youhave any questions concerning this product, or for assistance in locating an Authorized CymphonixReseller, please contact the Cymphonix at the phone number or email address above.Thank you for choosing Cymphonix Network Composer.Page 20 Cymphonix™ Network Composer™ User Guide – Release Version 5May 2005 Copyright © 2003 - 2005