Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Observe It Presentation

3,339 views

Published on

ObserveIT - Record and Replay RDP, Console, Terminal and Citrix Sessions.

  • Be the first to comment

Observe It Presentation

  1. 1. ObserveIT – Record & Replay Terminal, Citrix and Console Sessions<br />January 2010<br />
  2. 2. The Company in a Nutshell<br />Founded in 2006<br />Focused exclusively on People-Auditing software products<br />First GA product release – 2007<br />Current product version - v5.0<br />Global Presence <br />Partners in 5 Continents<br />Official Distributor in Malaysia<br />Comwise Internetwork SdnBhd<br />78A, JalanRenang 13/26<br />Section 13, 40100 Shah Alam, Selangor.<br />Contact : Mr TS Teh – 019-263 7311 tsteh@comwise.com.my<br /> Kent Ng - 019-325 3248 kentng@comwise.com.my<br />
  3. 3. Our Product in a Nutshell<br />Record and Replay of user sessions<br />Like a ‘security camera’ on your servers<br />Software-based solution<br />Playback any Remote Desktop, Citrix, VMWare or any other remote access session<br />Fast search and navigation to find user actions, without lengthy playback<br />
  4. 4. Hundreds of Enterprise Customers<br />Financial<br />IT Services<br />Education/Gov’t/Healthcare<br />Manufacturing<br />Telecommunications<br />
  5. 5. Why use ObserveIT ?<br /> Compliance and Security<br /><ul><li>Track every access to corporate servers and databases
  6. 6. Audit people, not just apps
  7. 7. Total application coverage that grows with your growth
  8. 8. Bulletproof evidence
  9. 9. Precise user identification</li></ul> Remote Vendor Monitoring <br /><ul><li>Know exactly what 3rd party vendors are doing on your servers
  10. 10. Improve security, accountability and policy messaging
  11. 11. Transparent SLA and billing validation
  12. 12. No more ‘Finger pointing’</li></ul> Root-Cause Analysis<br /><ul><li>Know ‘Who did what?’: Answer the question that will really lead to problem resolution
  13. 13. Immediate root cause determination
  14. 14. Alerts from within Network Monitor Tools
  15. 15. Defeat the ‘Oops’ factor </li></ul>Who accessed the salaries spreadsheet in the past 24 hours?<br />And what did they do?<br />Without ObserveIT<br />With ObserveIT<br />Check the file system logs<br />Check the HR app audit<br />Check the finance dept. audit<br />Check admin support app log<br />Unified reporting of all user activity on the HR spreadsheet<br />I wonder if there are other access points?<br />Instant playback of exact user actions<br />??<br />??<br />??<br />??<br />
  16. 16.  Compliance and Security<br /><ul><li>Track every access to corporate servers and databases
  17. 17. Audit people, not just apps
  18. 18. Total application coverage that grows with your growth
  19. 19. Bulletproof evidence
  20. 20. Precise user identification</li></ul> Remote Vendor Monitoring <br /><ul><li>Know exactly what 3rd party vendors are doing on your servers
  21. 21. Improve security, accountability and policy messaging
  22. 22. Transparent SLA and billing validation
  23. 23. No more ‘Finger pointing’</li></ul> Root-Cause Analysis<br /><ul><li>Know ‘Who did what?’: Answer the question that will really lead to problem resolution
  24. 24. Immediate root cause determination
  25. 25. Alerts from within Network Monitor Tools
  26. 26. Defeat the ‘Oops’ factor </li></ul>Why use ObserveIT ?<br />What did SupportCorp do on our servers yesterday?<br />Are they responsible for the data deletion event? <br />Without ObserveIT<br />With ObserveIT<br />Find the exact user session<br />I have no idea……<br />Finger pointing accusations<br />Lengthy SLA review<br />Session playback eliminates any doubt<br />Is there anywhere we can find this information?<br />??<br />??<br />??<br />
  27. 27. Why use ObserveIT ?<br /> Compliance and Security<br /><ul><li>Track every access to corporate servers and databases
  28. 28. Audit people, not just apps
  29. 29. Total application coverage that grows with your growth
  30. 30. Bulletproof evidence
  31. 31. Precise user identification</li></ul> Remote Vendor Monitoring <br /><ul><li>Know exactly what 3rd party vendors are doing on your servers
  32. 32. Improve security, accountability and policy messaging
  33. 33. Transparent SLA and billing validation
  34. 34. No more ‘Finger pointing’</li></ul> Root-Cause Analysis<br /><ul><li>Know ‘Who did what?’: Answer the question that will really lead to problem resolution
  35. 35. Immediate root cause determination
  36. 36. Alerts from within Network Monitor Tools
  37. 37. Defeat the ‘Oops’ factor </li></ul>Why is our server broken?<br />And how can I fix it? <br />Without ObserveIT<br />With ObserveIT<br />Check the event log<br />Check the database log<br />Immediate identification of cause of outage<br />Check the registry<br />Check the network cable<br />Attention all admins: Who touched this server?!?%!?<br />??<br />??<br />
  38. 38. Video Replay of User Sessions<br />Clicking on video icon launches the video replay<br />(see next slide)<br />ObserveIT lists every user session<br />Jump straight to the precise action.<br />Replay only what you’re interested in.<br />Within each session, details of every action taken<br />
  39. 39. Video Replay of User Sessions<br />See an exact video playback of the entire user session<br />(including mouse movements, selection of UI elements and text entry)<br />Navigate quickly within the recording<br />(including jumping between each activity, as the user launches a new app or opens a new window)<br />
  40. 40. Comprehensive Searching and Navigation <br />Search and filter according to:<br /><ul><li>User ID
  41. 41. Date of Session
  42. 42. Specific Server</li></ul>Search and filter according to:<br /><ul><li>User ID
  43. 43. Date of Session
  44. 44. Specific Server</li></ul>Search and filter according to:<br /><ul><li>User ID
  45. 45. Date of Session
  46. 46. Specific Server</li></li></ul><li>Comprehensive Searching and Navigation <br />Google-like free text search: Search for any text appearing in user sessions<br /><ul><li>Application Name
  47. 47. Window Titles
  48. 48. UI Elements
  49. 49. User generated content</li></ul>Search results highlight exact location of user action within the user session timeline<br />
  50. 50. Policy-Based, Event-Driven Recording<br />Define policies to handle each session<br />
  51. 51. Granular policy rules to specify:<br /><ul><li>Whether to record video
  52. 52. What metadata to capture
  53. 53. If user identification is required
  54. 54. Specific users / applications / servers to include or exclude</li></ul>Granular policy rules to specify:<br /><ul><li>Whether to record video
  55. 55. What metadata to capture
  56. 56. If user identification is required
  57. 57. Specific users / applications / servers to include or exclude</li></ul>Granular policy rules to specify:<br /><ul><li>Whether to record video
  58. 58. What metadata to capture
  59. 59. If user identification is required
  60. 60. Specific users / applications / servers to include or exclude</li></li></ul><li>Report Generator<br />Create your own custom reports<br />Schedule reports to run automatically for email delivery<br />Deliver formatted report<br />or <br />Export Excel data<br />
  61. 61. Design report according to precise requirements:<br /><ul><li>Content Inclusion
  62. 62. Data Filtering
  63. 63. Sorting and Grouping</li></ul>Design report according to precise requirements:<br /><ul><li>Content Inclusion
  64. 64. Data Filtering
  65. 65. Sorting and Grouping</li></ul>Design report according to precise requirements:<br /><ul><li>Content Inclusion
  66. 66. Data Filtering
  67. 67. Sorting and Grouping</li></ul>Design report according to precise requirements:<br /><ul><li>Content Inclusion
  68. 68. Data Filtering
  69. 69. Sorting and Grouping</li></li></ul><li>Immediately upon logging into the server…<br />Policy Messaging<br />…the user receives your message<br />(ex. Network Policy, Ticket #)<br />NOTE: No database admin task may be performed between 0800 and 1800 GMT<br />Please enter your support ticket number in box below.<br />User is required to acknowledge receipt(and optionally required to enter response) <br />
  70. 70. User Identification<br />User logs on as generic “Administrator”<br />
  71. 71. ObserveIT requires username identification prior to granting access to system<br />Active Directory used for authentication<br />
  72. 72. Each session is now tagged with an actual name<br />Login userid: administrator<br />Actual user: daniel<br />
  73. 73. Real Time Playback<br />“On Air” icon shows that a session is currently active<br />
  74. 74. Video replay of session is launched in Real-Time mode, with continuous updates until the session ends<br />Video replay of session is launched in Real-Time mode, with continuous updates until the session ends<br />
  75. 75. Enterprise-Ready ArchitectureComplete Coverage<br />Agnostic to network protocol and client application<br />Captures all Remote Sessions and also Console Sessions<br />Terminal<br />
  76. 76. Small Footprint<br />Ultra-efficient data storage<br />Less than 250GB/year for high-usage, 1000 server environment<br />Minimal Agent CPU utilization<br />0% CPU when no console active<br />1%-2% CPU, 10 MB RAM during session<br />
  77. 77. Integration with System Monitors<br />Instant-replay from within your network management environment <br />Microsoft SCOM, CA-Unicenter, IBM Tivoli, HP OpenView<br />Real-time alerts<br />On file access/deletion, Network share, Registry edit , RDP open connection, URL access etc.<br />ObserveIT alert in CA-Unicenter<br />ObserveIT alert in MS SCOM<br />Trigger automatic email alert delivery<br />Click on alert to see ObserveIT video playback<br />
  78. 78. Pervasive User Permissions<br />Granular permissions / access control<br />Define rules for each user<br />Specify which sessions the user may playback<br />Permission-based filtering affects all content access<br />Reports<br />Searching<br />Video playback <br />Metadata browsing<br />Access to ObserveIT Web Console is also audited<br />ObserveIT audits itself <br />Satisfies regulatory compliance requirements<br />
  79. 79. System Components<br />Agent<br />Corporate Server<br />HTTP Traffic<br />(by default -TCP 4884)<br />SQL Traffic<br />(by default -TCP 1433)<br />Agent<br />Switch<br />Application Server<br />Web Console using IIS on <br />Windows Server 2003/2008<br />Database Server<br />using MS SQL Server 2000/2005<br />on Windows Server 2003/2008<br />Corporate Server<br />How it Works<br />Each monitored desktop or server runs the ObserveIT Agent<br />The Agent encrypts information about user activity and sends it to the Application Server<br />Application Server analyzes data and stores it in the Database Server<br />Web Management Console is a web-based interface for searching and reporting on captured user activity<br />HTTP<br />Agent<br />ObserveIT Admin <br />using a Web Browser<br />Corporate Desktop<br />
  80. 80. Deployment Architecture:Remote Access Gateway (Agent-less Servers)<br />Published Applications<br />Putty.exe<br />RDP Traffic<br />VPNTraffic<br />Corporate Servers<br />(No Agent installed)<br />VPN<br />ICATraffic<br />Corporate Servers<br />(No Agent installed)<br />Terminal or Citrix Server<br />with ObserveIT Agent<br />Win2008<br />TS Gateway<br />RDP over SSL Traffic<br />Telnet/SSHTraffic<br />Corporate Servers<br />(No Agent installed)<br />App Server<br />Web Console<br />DB Server<br />
  81. 81. Company: VocaLink<br />Industry:  Financial Services<br />Founded:  2007 (Merger)<br />Headquarters:  London, UK<br />Solution<br />Business Environment<br />Challenge<br />Case Study: Remote Access Visibility at VocaLink<br /><ul><li>Payment transaction platform distributed across Europe
  82. 82. Supporting 60,000 ATM machines
  83. 83. Clearing 90,000,000 transactions per day
  84. 84. Control access to system resources, including shared privileges between two merged corporate entities during period of merger
  85. 85. Achieve common system management and visibility
  86. 86. 2008- ObserveIT deployed to monitor and audit serve activity during merger activity
  87. 87. 2009- Successful visibility results from merger activity lead to system-wide deployment</li></li></ul><li>Case Study: Compliance Auditing at Toshiba Medical<br />Company: Toshiba Medical Systems<br />Industry:  Healthcare Equipment Founded:  1939 <br />Headquarters:  Tokyo, Japan (Corp HQ) Los Angeles, CA, USA (Division)<br />Solution<br />Business Environment<br />Challenge<br /><ul><li>Medical imaging products (MRI, CT, US, X-Ray) deployed at hospitals and medical centers worldwide
  88. 88. Customer support process requires remote session access to deployed systems
  89. 89. Strict HIPAA compliance regulations must be enforced and demonstrable
  90. 90. In addition, SLA commitments require visibility of service times and durations
  91. 91. ObserveIT deployed in a Gateway architecture
  92. 92. All access routed via agent-monitored Citrix gateway
  93. 93. Actual systems being accessed remain agent-less
  94. 94. Toshiba achieved 24x7 SLA reports, including granular incident summaries
  95. 95. Automatic generation of HIPAA regulatory documentation, led to reduced compliance costs and improved customer (hospital) satisfaction</li></li></ul><li>Thank You!For More Information, Please contact Comwise Internetwork SdnBhdMr. TS Teh 019-263 7311Mr. Kent Ng 019-325 3248<br />

×