• Save
Observe It Presentation
Upcoming SlideShare
Loading in...5
×
 

Observe It Presentation

on

  • 2,867 views

ObserveIT - Record and Replay RDP, Console, Terminal and Citrix Sessions.

ObserveIT - Record and Replay RDP, Console, Terminal and Citrix Sessions.

Statistics

Views

Total Views
2,867
Views on SlideShare
2,865
Embed Views
2

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 2

http://www.linkedin.com 2

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • China contstruction bankQuebec LotoHyperionComverseToronto HydroSamsung NetworksBT FrontlineLondon Clearing HouseBSkyBNexus SA CCSingapore PostWash Univ StLWestern Governors UniversityBesT MobileCenter to Protomote HealthCareXeroxBPAustralian Stock ExchangeINGVontobelBBVA BNP ParibasUHS East

Observe It Presentation Observe It Presentation Presentation Transcript

  • ObserveIT – Record & Replay Terminal, Citrix and Console Sessions
    January 2010
  • The Company in a Nutshell
    Founded in 2006
    Focused exclusively on People-Auditing software products
    First GA product release – 2007
    Current product version - v5.0
    Global Presence
    Partners in 5 Continents
    Official Distributor in Malaysia
    Comwise Internetwork SdnBhd
    78A, JalanRenang 13/26
    Section 13, 40100 Shah Alam, Selangor.
    Contact : Mr TS Teh – 019-263 7311 tsteh@comwise.com.my
    Kent Ng - 019-325 3248 kentng@comwise.com.my
  • Our Product in a Nutshell
    Record and Replay of user sessions
    Like a ‘security camera’ on your servers
    Software-based solution
    Playback any Remote Desktop, Citrix, VMWare or any other remote access session
    Fast search and navigation to find user actions, without lengthy playback
  • Hundreds of Enterprise Customers
    Financial
    IT Services
    Education/Gov’t/Healthcare
    Manufacturing
    Telecommunications
  • Why use ObserveIT ?
     Compliance and Security
    • Track every access to corporate servers and databases
    • Audit people, not just apps
    • Total application coverage that grows with your growth
    • Bulletproof evidence
    • Precise user identification
     Remote Vendor Monitoring
    • Know exactly what 3rd party vendors are doing on your servers
    • Improve security, accountability and policy messaging
    • Transparent SLA and billing validation
    • No more ‘Finger pointing’
     Root-Cause Analysis
    • Know ‘Who did what?’: Answer the question that will really lead to problem resolution
    • Immediate root cause determination
    • Alerts from within Network Monitor Tools
    • Defeat the ‘Oops’ factor
    Who accessed the salaries spreadsheet in the past 24 hours?
    And what did they do?
    Without ObserveIT
    With ObserveIT
    Check the file system logs
    Check the HR app audit
    Check the finance dept. audit
    Check admin support app log
    Unified reporting of all user activity on the HR spreadsheet
    I wonder if there are other access points?
    Instant playback of exact user actions
    ??
    ??
    ??
    ??
  •  Compliance and Security
    • Track every access to corporate servers and databases
    • Audit people, not just apps
    • Total application coverage that grows with your growth
    • Bulletproof evidence
    • Precise user identification
     Remote Vendor Monitoring
    • Know exactly what 3rd party vendors are doing on your servers
    • Improve security, accountability and policy messaging
    • Transparent SLA and billing validation
    • No more ‘Finger pointing’
     Root-Cause Analysis
    • Know ‘Who did what?’: Answer the question that will really lead to problem resolution
    • Immediate root cause determination
    • Alerts from within Network Monitor Tools
    • Defeat the ‘Oops’ factor
    Why use ObserveIT ?
    What did SupportCorp do on our servers yesterday?
    Are they responsible for the data deletion event?
    Without ObserveIT
    With ObserveIT
    Find the exact user session
    I have no idea……
    Finger pointing accusations
    Lengthy SLA review
    Session playback eliminates any doubt
    Is there anywhere we can find this information?
    ??
    ??
    ??
  • Why use ObserveIT ?
     Compliance and Security
    • Track every access to corporate servers and databases
    • Audit people, not just apps
    • Total application coverage that grows with your growth
    • Bulletproof evidence
    • Precise user identification
     Remote Vendor Monitoring
    • Know exactly what 3rd party vendors are doing on your servers
    • Improve security, accountability and policy messaging
    • Transparent SLA and billing validation
    • No more ‘Finger pointing’
     Root-Cause Analysis
    • Know ‘Who did what?’: Answer the question that will really lead to problem resolution
    • Immediate root cause determination
    • Alerts from within Network Monitor Tools
    • Defeat the ‘Oops’ factor
    Why is our server broken?
    And how can I fix it?
    Without ObserveIT
    With ObserveIT
    Check the event log
    Check the database log
    Immediate identification of cause of outage
    Check the registry
    Check the network cable
    Attention all admins: Who touched this server?!?%!?
    ??
    ??
  • Video Replay of User Sessions
    Clicking on video icon launches the video replay
    (see next slide)
    ObserveIT lists every user session
    Jump straight to the precise action.
    Replay only what you’re interested in.
    Within each session, details of every action taken
  • Video Replay of User Sessions
    See an exact video playback of the entire user session
    (including mouse movements, selection of UI elements and text entry)
    Navigate quickly within the recording
    (including jumping between each activity, as the user launches a new app or opens a new window)
  • Comprehensive Searching and Navigation
    Search and filter according to:
    • User ID
    • Date of Session
    • Specific Server
    Search and filter according to:
    • User ID
    • Date of Session
    • Specific Server
    Search and filter according to:
    • User ID
    • Date of Session
    • Specific Server
  • Comprehensive Searching and Navigation
    Google-like free text search: Search for any text appearing in user sessions
    • Application Name
    • Window Titles
    • UI Elements
    • User generated content
    Search results highlight exact location of user action within the user session timeline
  • Policy-Based, Event-Driven Recording
    Define policies to handle each session
  • Granular policy rules to specify:
    • Whether to record video
    • What metadata to capture
    • If user identification is required
    • Specific users / applications / servers to include or exclude
    Granular policy rules to specify:
    • Whether to record video
    • What metadata to capture
    • If user identification is required
    • Specific users / applications / servers to include or exclude
    Granular policy rules to specify:
    • Whether to record video
    • What metadata to capture
    • If user identification is required
    • Specific users / applications / servers to include or exclude
  • Report Generator
    Create your own custom reports
    Schedule reports to run automatically for email delivery
    Deliver formatted report
    or
    Export Excel data
  • Design report according to precise requirements:
    • Content Inclusion
    • Data Filtering
    • Sorting and Grouping
    Design report according to precise requirements:
    • Content Inclusion
    • Data Filtering
    • Sorting and Grouping
    Design report according to precise requirements:
    • Content Inclusion
    • Data Filtering
    • Sorting and Grouping
    Design report according to precise requirements:
    • Content Inclusion
    • Data Filtering
    • Sorting and Grouping
  • Immediately upon logging into the server…
    Policy Messaging
    …the user receives your message
    (ex. Network Policy, Ticket #)
    NOTE: No database admin task may be performed between 0800 and 1800 GMT
    Please enter your support ticket number in box below.
    User is required to acknowledge receipt(and optionally required to enter response)
  • User Identification
    User logs on as generic “Administrator”
  • ObserveIT requires username identification prior to granting access to system
    Active Directory used for authentication
  • Each session is now tagged with an actual name
    Login userid: administrator
    Actual user: daniel
  • Real Time Playback
    “On Air” icon shows that a session is currently active
  • Video replay of session is launched in Real-Time mode, with continuous updates until the session ends
    Video replay of session is launched in Real-Time mode, with continuous updates until the session ends
  • Enterprise-Ready ArchitectureComplete Coverage
    Agnostic to network protocol and client application
    Captures all Remote Sessions and also Console Sessions
    Terminal
  • Small Footprint
    Ultra-efficient data storage
    Less than 250GB/year for high-usage, 1000 server environment
    Minimal Agent CPU utilization
    0% CPU when no console active
    1%-2% CPU, 10 MB RAM during session
  • Integration with System Monitors
    Instant-replay from within your network management environment
    Microsoft SCOM, CA-Unicenter, IBM Tivoli, HP OpenView
    Real-time alerts
    On file access/deletion, Network share, Registry edit , RDP open connection, URL access etc.
    ObserveIT alert in CA-Unicenter
    ObserveIT alert in MS SCOM
    Trigger automatic email alert delivery
    Click on alert to see ObserveIT video playback
  • Pervasive User Permissions
    Granular permissions / access control
    Define rules for each user
    Specify which sessions the user may playback
    Permission-based filtering affects all content access
    Reports
    Searching
    Video playback
    Metadata browsing
    Access to ObserveIT Web Console is also audited
    ObserveIT audits itself
    Satisfies regulatory compliance requirements
  • System Components
    Agent
    Corporate Server
    HTTP Traffic
    (by default -TCP 4884)
    SQL Traffic
    (by default -TCP 1433)
    Agent
    Switch
    Application Server
    Web Console using IIS on
    Windows Server 2003/2008
    Database Server
    using MS SQL Server 2000/2005
    on Windows Server 2003/2008
    Corporate Server
    How it Works
    Each monitored desktop or server runs the ObserveIT Agent
    The Agent encrypts information about user activity and sends it to the Application Server
    Application Server analyzes data and stores it in the Database Server
    Web Management Console is a web-based interface for searching and reporting on captured user activity
    HTTP
    Agent
    ObserveIT Admin
    using a Web Browser
    Corporate Desktop
  • Deployment Architecture:Remote Access Gateway (Agent-less Servers)
    Published Applications
    Putty.exe
    RDP Traffic
    VPNTraffic
    Corporate Servers
    (No Agent installed)
    VPN
    ICATraffic
    Corporate Servers
    (No Agent installed)
    Terminal or Citrix Server
    with ObserveIT Agent
    Win2008
    TS Gateway
    RDP over SSL Traffic
    Telnet/SSHTraffic
    Corporate Servers
    (No Agent installed)
    App Server
    Web Console
    DB Server
  • Company: VocaLink
    Industry:  Financial Services
    Founded:  2007 (Merger)
    Headquarters:  London, UK
    Solution
    Business Environment
    Challenge
    Case Study: Remote Access Visibility at VocaLink
    • Payment transaction platform distributed across Europe
    • Supporting 60,000 ATM machines
    • Clearing 90,000,000 transactions per day
    • Control access to system resources, including shared privileges between two merged corporate entities during period of merger
    • Achieve common system management and visibility
    • 2008- ObserveIT deployed to monitor and audit serve activity during merger activity
    • 2009- Successful visibility results from merger activity lead to system-wide deployment
  • Case Study: Compliance Auditing at Toshiba Medical
    Company: Toshiba Medical Systems
    Industry:  Healthcare Equipment Founded:  1939
    Headquarters:  Tokyo, Japan (Corp HQ) Los Angeles, CA, USA (Division)
    Solution
    Business Environment
    Challenge
    • Medical imaging products (MRI, CT, US, X-Ray) deployed at hospitals and medical centers worldwide
    • Customer support process requires remote session access to deployed systems
    • Strict HIPAA compliance regulations must be enforced and demonstrable
    • In addition, SLA commitments require visibility of service times and durations
    • ObserveIT deployed in a Gateway architecture
    • All access routed via agent-monitored Citrix gateway
    • Actual systems being accessed remain agent-less
    • Toshiba achieved 24x7 SLA reports, including granular incident summaries
    • Automatic generation of HIPAA regulatory documentation, led to reduced compliance costs and improved customer (hospital) satisfaction
  • Thank You!For More Information, Please contact Comwise Internetwork SdnBhdMr. TS Teh 019-263 7311Mr. Kent Ng 019-325 3248