NetScout’s Innovative nGenius® AFMon
Integrated Performance Monitoring &
Introduction Forensic Analysis
www.NetScout.com

Agenda
Performance Management Challenges
nGenius AFMon Features and Benefits
Top Down Troubleshooting and Superior
Forensic analysis to Reduce MTTR
NetScout is a strategic vendor partner

Performance Management Challenges
Challenge:
– Intermittent problems wreak havoc
– Optimal performance of key applications
– Degradations, intermittent problems can be elusive
– To speed up problem resolution
Needs:
– Ability to automatically analyze traffic
– Continuously retain evidence to recreate a complex
incident
– Discover root cause without waiting for the event to recur

Presenting
Combines application level monitoring and analysis with
continuous packet capture for post event data mining
Architecture purpose built for high performance recording
and infrastructure monitoring
High capacity, highly available hardware platform

nGenius Application Fabric Monitor
An architecture and design to dramatically reduce
MTTR and improve QoE
Targeted at applications requiring extreme
availability and responsiveness
– e.g. Revenue impacting business services
Designed for deployment in complex, next
generation environments
– Ultra high speed networks
– High performance servers
– Distributed and multi-tier applications

Benefits of nGenius AFMon
Reduce MTTR with:
– Rapid, Top-down Troubleshooting
– Superior Forensics Analysis
Visibility into how the network is used
– Complete Application monitoring and profiling
State of the Art Hardware appliance
– Scalable Recording and Data-mining Architecture
Reduced TCO with unified, integrated support for multiple
technologies
– Cost-effective
– Investment Protection

Context-sensitive integration with leading enterprise management
systems. Alarm messages contain problem description and a URL
to launch the exact views in nGenius relating to the problem
More than alarm notification, it
contains a description of what
triggered the event for quicker
problem identification…
… And detailed Alarm views and Power
Alarm Evidence at your fingertips
… And a URL to launch a
context-sensitive view in nGenius
Company Confidential

Seamless navigation from flow to packet: Intuitively drill down to any
level of granularity with just a right-click – even to sub-second statistics or a
packet decode – to solve even the most complex or subtle problems
Company Confidential

Top Down Approach to Troubleshooting
Lowers MTTR
Seamless user experience for navigating from high-level
to detailed (packet-level) troubleshooting.
Tight integration of nGenius AFMon with nGenius
Performance Manager
Seamless drill-down from flows to packet-level data
– Users navigate from 1 minute to sub-second data
Single login
– Access AFMon data without a secondary login
Continuous capture driven off of CDM flow configuration
– Automatically collects packet level data from physical as well as
virtual interfaces

Faster MTTR with Superior Forensic Analysis
Company Confidential

Faster MTTR with Superior Forensic Analysis
Metadata for faster summary decodes, filtering, and post
capture displays
Decode engine runs on recording appliance
Reporting off loaded from the recording appliance
Quickly hone and refine your
data set using advanced
filtering and rules capabilities
Custom create rules library, identifying the precise
combination of addresses, ports, applications and
patterns to be identified, or use pre-defined Expert Rules
Company Confidential

Superior Forensic Analysis
Expert Analysis
– Expert Zoom and Data Mining
interface with multiple
workspaces
– Broad support of over 1000
protocol decodes
– TCP Session Follow
– Bounce Diagrams
Intuitive, flexible GUI
– Multi-user, Web-based console
– Eases search process
Incident Reports for
collaborating and
communicating with others

Highly Efficient Architecture
Scalable recording and analysis architecture
Netscout Approach
Traditional Approach
Deep Packet Capture Flow Monitoring

Highly Efficient Architecture
Scalable recording and analysis architecture
NetScout Competitor
Efficient Inefficient
On-board Analysis Client-based Analysis

Case in Point: Solution Architecture Wins Business
Bank in North America has assets
With the nGenius AFMon,
approaching $300 Billion
they are able to perform top
2 trading floors – Chicago, New York, down troubleshooting with
& NJ disaster recovery detailed analysis of
Pain Point: Needs continuous capture applications and
and monitoring on trading floors conversations. When
– Need both flow based monitoring and necessary for in-depth
trending for troubleshooting and troubleshooting the actual
capacity planning Plus recording for packets are available for
in-depth analysis because of the event reconstruction and
value of the financial trades
forensic data mining without
– Current solution in Chicago not adding load to the network.
working – network managers
constrained by time delays in viewing
packet trace files when pulling them
over the network.

Visibility into how the network is used
Complete Application monitoring and profiling with CDM Virtualization
Application identification - Common matrix for multimedia
voice, video and data
– Well known, complex, custom, URL based
– VoIP for RTP, SIP, MGCP, H.323, SCCP
– Industry specific i.e.: FIX protocol, IP Multicast and PACs
– Application discovery for TCP and UDP unknown
– No data reduction – all applications
QoE / Response time analysis
Proactive Alarms for thresholds, response times, time over
threshold and microbursts
Virtual interface analysis for VLANs, VRFs, QoS, or sites
Post-capture filters by variety of metrics, not just by IP
address, ie: CDM port #

Application Discovery
Visibility into Unknown Traffic
Identify Port-to-Port
conversations for
unknown applications
– Can be logged Historically
with 1-minute resolution
Company Confidential

Reduced nGenius Solution TCO
Unified, integrated support for multiple topologies
Can instrument where and how IT organization requires
– nGenius Probes, nGenius AFMons, nGenius Collectors
10 Gigabit Ethernet Support
– Available in nGenius Probes today
– Available in nGenius AFMons next quarter
MPLS support for both Remote Sites or VRFs
Virtual interface analysis for VLANs, DLCIs, PVCs, along
with associated QoS classes

State of the Art Hardware Appliance
Optimized Performance - Highly Available
OS Reliability
– Security hardened Linux appliance
– Operating system is located on dual internal OS drives configured
separate from the main storage array
Redundant hot swappable power modules
RAID-5 with hot standby and hot swappable disks
– If one drive fails, standby automatically kicks in – if that drive fails,
RAID 5 kicks in
Dedicated disk controller port per disk
– Enables simultaneous write to all disks
Compatibilities
– nGenius Performed Manager 4.0 required
– CDM v4.0 Agent Firmware

Flexible, Cost-effective configurations
Multiple functions in a single box (not just a single
solution set)
– Superior hardware at competitive prices
– Feature rich solution set
0, 2TB, 4TB, and 8TB configurations
Flexible port configurations
– 4 HDX/2 FDX ports and 8 HDX/4 FDX port configurations
SFP or 10/100/1000Base-T capture port configurations

Flexible, cost-effective configurations
Flexible Configurations
Model # Description
4910/LS-3U nGenius AFMon, 4 SFP* configurable Gigabit, up to 2 TB storage
4910 nGenius AFMon, 4 SFP* configurable Gigabit, up to 4 TB storage
4910/HS nGenius AFMon, 4 SFP* configurable Gigabit, up to 8 TB storage
4916/LS-3U nGenius AFMon, 4-Port 10/100/1000Base-T, up to 2 TB storage
4916/HS nGenius AFMon, 4-Port 10/100/1000Base-T, up to 8 TB storage
4986/LS-3U nGenius AFMon, 8-Port 10/100/1000Base-T, up to 2 TB storage
4986/HS nGenius AFMon, 8-Port 10/100/1000Base-T, up to 8 TB storage
*Requires one SX, LX or TX SFP transceiver per port (sold separately)

Case in Point: Troubleshooting employee remote
access problem
New England based insurance
company Discovered two
Pain Point: Remote employees LDAP servers had
having trouble accessing network their authentication
resources databases out of
– LDAP servers source of many
sync and were
problems spending their cycles
– Intermittent issues were elusive trying to sync their
databases
nGenius AFMon provided continuous
capture and recording for in-depth
troubleshooting forensics

Realizing value from monitoring & recording
Geographic location requires coverage
– Trading Floors
The business service demands it
– Application servers with customer order information
Key network management objectives dictate analysis
– Mission Critical Links with crucial or high concentration of
conversations
– Locations with chronic, highly visible, difficult to resolve intermittent
problems
Critical tasks or functions point to solution
– Ensuring SLAs

Superior Company
Technology leader with a
clear vision
The most experienced team
in the industry
– Founded in 1984
– Over 360 employees
Growing, profitable
– $100M revenue run rate
– $95M in cash, no debt
World-wide distribution and
support

Summary –
nGenius AFMon is superior to the alternatives
Reduced MTTR with Unified Solution
– Integral part of enterprise-wide nGenius Solution
– Top down approach with data mining using CDM metrics
Lower TCO with Architecture Advantages
– Better performance
– Larger capacity
– Highly available architecture
– Integrated CDM and reporting functionality
– All-around better value
NetScout is a strategic vendor partner
– Technology leader
– Financial stability

Thank You
www.NetScout.com