Manageengine Netflow analyzer - An Insight

2,464 views

Published on

This video highlights some valuable features of the product in its latest edition. Some screenshots have been added for the benefit of the viewers to get the look and feel of our product.

Published in: Technology, Business
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,464
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
153
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Manageengine Netflow analyzer - An Insight

  1. 1. NetFlow Analyzer Version 9 – Build 9000 Training
  2. 2. Product Introduction <ul><li>Powerful traffic analysis and network forensic tool </li></ul><ul><li>All-software solution - requires no hardware probes </li></ul><ul><li>Provides in-depth visibility into network traffic and its patterns </li></ul><ul><li>Multiple Monitoring Technologies in a single solution </li></ul><ul><ul><li>NetFlow, sFlow, IPFIX, etc – All Major Flow Formats Supported </li></ul></ul><ul><ul><li>CBQoS Monitoring for Validating QoS Policies </li></ul></ul><ul><ul><li>Cisco NBAR support – SNMP and Flexible NetFlow </li></ul></ul><ul><ul><li>Cisco IP SLA - VoIP & WAN RTT </li></ul></ul><ul><ul><li>Cisco WAAS (Wide Area Application Services) </li></ul></ul><ul><ul><li>Flow based security analytics </li></ul></ul>
  3. 3. Why NFA <ul><li>Reports on Network Bandwidth usage </li></ul><ul><ul><li>Traffic </li></ul></ul><ul><ul><li>Applications, Conversations, Port, Protocol </li></ul></ul><ul><ul><li>DSCP based QoS, ToS, NextHop, TCP Flags </li></ul></ul><ul><li>Class Based QoS Traffic Analysis – Validate QoS Policies </li></ul><ul><li>Deep-Packet Inspection for Layer7 traffic visibility </li></ul><ul><li>Cisco IPSLA to verify network quality and performance </li></ul><ul><li>Flow based security analytics </li></ul><ul><li>Cisco WAAS monitoring </li></ul><ul><li>Centralized monitoring console for entire network traffic </li></ul><ul><li>Multiple Monitoring Technologies – Single Product </li></ul>
  4. 4. How NFA Works Traffic NetFlow Enabled Router NetFlow Analyzer UDP NetFlow Export Packets NFA Web GUI <ul><li>Export Packets </li></ul><ul><li>Approximately 1500 bytes </li></ul><ul><li>Typically contain 20-50 flow records </li></ul><ul><li>Sent more frequently if traffic increases on NetFlow-enabled interfaces </li></ul>
  5. 5. Features <ul><ul><li>Traffic Analysis </li></ul></ul><ul><ul><li>Network Forensics </li></ul></ul><ul><ul><li>Network Planning </li></ul></ul><ul><ul><li>IP Accounting </li></ul></ul><ul><ul><li>IPv6 (Preliminary Support) </li></ul></ul><ul><ul><li>Enhanced Cisco ASA NetFlow support </li></ul></ul><ul><ul><li>WAAS (Wide Area Application Services) monitoring </li></ul></ul><ul><ul><li>Cisco NBAR report </li></ul></ul><ul><ul><li>Reporting on Cisco CBQoS </li></ul></ul><ul><ul><li>Usage Based Billing </li></ul></ul><ul><ul><li>Capacity Planning and Application Growth Report </li></ul></ul><ul><ul><li>Flow based security analytics </li></ul></ul><ul><ul><li>Cisco IPSLA (VOIP & WAN RTT) </li></ul></ul>
  6. 6. Key Features <ul><li>Traffic Analysis </li></ul><ul><li>Visualize traffic patterns with real time graphs </li></ul><ul><li>View detailed time based network data </li></ul>Top Sources and related Conversation reports Ranging from last minute to forever Top destinations and related Conversation reports Top Applications and protocol reports Who When Where What
  7. 7. Key Features <ul><li>Network Forensics </li></ul><ul><li>Conversation Awareness </li></ul><ul><li> Ability to examine packets and their numerous fields in detail, so that unauthorized and hostile activity can be traced and analyzed. </li></ul><ul><li>Conversations and Interfaces </li></ul><ul><li> Knowing the source IP addresses of conversations and their inbound and outbound interfaces is critical to tracking and understanding unusual behavior. </li></ul>
  8. 8. Key Features <ul><li>Network Planning </li></ul>
  9. 9. Key Features <ul><li>IP Accounting </li></ul><ul><li>Identify department wise bandwidth usage </li></ul><ul><li>Advanced IP group classification engine </li></ul><ul><li>Group based on IP, Application and DSCP </li></ul><ul><li>Separate view for each entity </li></ul>
  10. 10. <ul><li>IPv6 Support </li></ul><ul><li>Preliminary support for IPv6 Address reporting </li></ul><ul><li>Support for IPv6 conversations in raw NetFlow data </li></ul><ul><li>Future ready network monitoring </li></ul><ul><li>Enhancements will be done based on customer demand </li></ul>Key Features
  11. 11. Key Features <ul><li>Enhanced Cisco ASA NetFlow </li></ul><ul><li>ASA NetFlow support to see Pre and Post NAT details </li></ul><ul><li>Original and Mapped IP Addresses shown in Conversations </li></ul><ul><li>View NSEL Event details – Flow creation, denied or teardown </li></ul>
  12. 12. <ul><ul><li>WAAS (Wide Area Application Services) monitoring </li></ul></ul><ul><li>In depth visibility in optimization on WAN Applications. </li></ul><ul><li>Reports on complete distribution of applications optimized by any WAE. </li></ul><ul><li>Allows to compare with NetFlow application reports </li></ul>Key Features
  13. 13. Reports in NetFlow Analyzer <ul><li>Reports in NetFlow Analyzer </li></ul><ul><li>Traffic Reports </li></ul><ul><li>Troubleshoot Reports </li></ul><ul><li>Consolidated Reports </li></ul><ul><li>Compare Reports </li></ul><ul><li>Search Report </li></ul><ul><li>Schedule of Reports </li></ul>
  14. 14. <ul><li>Traffic Reports </li></ul><ul><li>The Traffic tab shows real-time traffic graphs for incoming and outgoing traffic. </li></ul><ul><li>1 minute, 5 minute or 15 minute averages available. </li></ul><ul><li>Traffic graphs for an interface and IP group. </li></ul><ul><li>Can view the graph in terms of volume of traffic, speed, link utilization, and number of packets received </li></ul><ul><li>Ability to select the needed time periods. </li></ul>Reports in NetFlow Analyzer
  15. 15. <ul><li>Troubleshoot Reports </li></ul><ul><li>Detailed information of conversation happened in a particular time interval can be obtained from ‘Troubleshoot’ report </li></ul><ul><li>‘ Troubleshoot’ reports is taken directly from raw data </li></ul><ul><li>Used for in-depth troubleshooting of network. </li></ul>Reports in NetFlow Analyzer
  16. 16. <ul><li>Consolidated Reports </li></ul><ul><li>Available for device, interface and IP Groups </li></ul><ul><li>Lists the traffic graph for a selected interface or IP group with the top 10 Applications, Source and Destination for IN and OUT directions. </li></ul><ul><li>Device consolidated Report lists traffic graph with Top Interfaces based on Utilization and Speed, Top Application, Protocol, Source, Destination, Conversation, DSCP, etc. for a device. </li></ul><ul><li>Report generated from Aggregated data. </li></ul>Reports in NetFlow Analyzer Interface/IP Group Consolidated Report
  17. 17. Device Consolidated Report Reports in NetFlow Analyzer
  18. 18. <ul><li>Compare Reports </li></ul><ul><li>Compare traffic pattern of interfaces and/or IP groups over different time periods or with one other. </li></ul>Reports in NetFlow Analyzer
  19. 19. <ul><li>Search Report </li></ul><ul><li>Search Reports lets you set several criteria and view specific reports. </li></ul><ul><li>Works like ‘Troubleshoot’ report but reports are generated from aggregated data for time period more than 2 hours. </li></ul>Reports in NetFlow Analyzer
  20. 20. <ul><li>Schedule of Reports </li></ul><ul><li>Lets you create reports about the needed information and have it automatically emailed to you on a daily, weekly or monthly basis </li></ul><ul><li>Reports can be send to multiple email addresses defined and the reports are also saved within the product for later access </li></ul><ul><li>The reports for Traffic, Application, Source, Destination, Conversation, QoS, NBAR, CBQoS, etc can be scheduled. </li></ul>Reports in NetFlow Analyzer
  21. 21. <ul><li>Features available with NetFlow Analyzer Professional Plus Edition </li></ul><ul><li>NBAR </li></ul><ul><li>CBQoS </li></ul><ul><li>Billing </li></ul><ul><li>Capacity Planning </li></ul>
  22. 22. Professional Plus Features <ul><ul><li>Cisco NBAR Support – Pro Plus edition feature </li></ul></ul><ul><ul><li>Application Recognition through Deep Packet Analysis </li></ul></ul><ul><ul><li>Allows identification of applications which use dynamic ports as well as those using well known ports </li></ul></ul><ul><ul><li>NBAR Reporting - Via SNMP and Flexible NetFlow </li></ul></ul><ul><ul><li>Flexible NetFlow - NBAR </li></ul></ul><ul><ul><ul><li>Removes Requirement for SNMP Polling </li></ul></ul></ul><ul><ul><ul><li>NBAR data exported along with NetFlow data </li></ul></ul></ul><ul><ul><ul><li>Deeper Visibility than through SNMP based NBAR </li></ul></ul></ul>
  23. 23. Professional Plus Features <ul><li>Cisco CBQoS Reporting – Pro Plus edition feature </li></ul><ul><ul><li>Validation of QoS Policies </li></ul></ul><ul><li>For monitoring </li></ul><ul><ul><li>Class based pre and post policy traffic usage </li></ul></ul><ul><ul><li>Class based drops </li></ul></ul><ul><ul><li>Class based queuing </li></ul></ul><ul><ul><li>Reports for each Match Statement </li></ul></ul>
  24. 24. Professional Plus Features <ul><li>Usage Based Billing – Pro Plus edition feature </li></ul><ul><li>Generation of periodic bills for accounting and for charge-back. </li></ul><ul><li>Useful for service providers and enterprises </li></ul><ul><li>Value addition to the basic need of traffic analysis and network forensics </li></ul><ul><li>With no additional infrastructure cost </li></ul>
  25. 25. Professional Plus Features <ul><li>Trend analysis over a period of time </li></ul><ul><li>Helps predict the traffic growth in your network </li></ul><ul><li>Application Growth Report - time wise split of top 10 applications used </li></ul>Capacity Planning – Pro Plus edition feature
  26. 26. <ul><li>Add-ons available for NetFlow Analyzer Professional / Professional Plus Edition </li></ul><ul><li>ASAM (Advanced Security Analytics tool) </li></ul><ul><li>Cisco IPSLA – VOIP & WAN RTT </li></ul>
  27. 27. Add On Features <ul><li>Network anomaly detection leveraging on NetFlow data </li></ul><ul><li>Detect anomalies that surpass firewall and IDS </li></ul><ul><li>Detect anomalies by problems and problem classes for easy understanding </li></ul><ul><li>Detailed forensic investigation. </li></ul>Advanced Security Analytics Module (ASAM)
  28. 28. Add On Features <ul><ul><li>Cisco IPSLA (VOIP & WAN RTT) </li></ul></ul><ul><li>Monitor Network performance using Cisco IPSLA </li></ul><ul><li>Reports on Jitter, Latency, Packet Loss, MoS . </li></ul><ul><li>VOIP - helps find the exact cause of VoIP issues in the network. </li></ul><ul><li>WAN RTT - monitors Link Availability and Round-Trip-Time to ensure best performance of WAN traffic . </li></ul>
  29. 29. Vertical Enhancements <ul><li>Other Major Features </li></ul><ul><li>Support for sampled NetFlow v5 and v9 </li></ul><ul><li>Geo-Location Report for IP Address </li></ul><ul><li>User specific Customizable Dashboard </li></ul><ul><li>New Graphical Widgets </li></ul><ul><li>Network links in Google Map </li></ul><ul><li>SNMP V3 Support </li></ul><ul><li>Report Profiles </li></ul><ul><li>Schedule all UI reports including conversations </li></ul>
  30. 30. Benefits <ul><li>Multiple bandwidth monitoring technologies in a single product </li></ul><ul><li>Leverages on the power of Cisco NetFlow, sFlow, IPFIX, NetStream, NBAR, CBQoS and IPSLA </li></ul><ul><li>Delivers unmatched network forensics, troubleshooting and reporting capabilities </li></ul><ul><li>All software solution - runs on Windows & Linux operating systems </li></ul><ul><li>Multiple versions to suit the SMBs and large enterprises </li></ul>
  31. 31. <ul><li>Thank You </li></ul>

×