Things Riverbed Cascade does that made customers go "Wow!" 
We have been doing lots of installations and proof of concepts with Riverbed Cascade (Network Behavioural Analysis) all across Europe recently and have collected together a few of those jaw dropping moments when people suddenly realise they don't know quite as much about their network as they thought they did!!

Cascade allows you to group devices (servers, clients etc) by different variables, one of which is geographic location. Sometimes the result show a whole range of IP addresses and devices which were completely unknown to the central network team.

When creating/importing the ByLocation host group view members of all existing host locations. Then add a new group '0/0 unassigned'. This will pick up all internal addresses that have not yet been allocated into one of the location groups. This has 1 or 2 effects - it identifies those locations that were missed from the network location list, and/or identifies networks/IP addresses that hitherto were unknown to the network administrators.

Server Delay / Network Delay
Being able to track real-time responses of real application traffic anywhere in the network is powerful, after all that is the whole purpose of the systems, to provide decent responses and performance to end users no matter where they are or what application they are running.

Whilst navigating through the various reports look out for any large numbers around the RTT / Server Delay / Network Delay fields. Whilst they may not in themselves be cause for alarm, it should warrant further investigation to prove that these large numbers are acceptable. Remember, because we are just installing the profiler we have no concept of normal behaviour on this network. It is equally likely that we have identified a problem area as it is this is normal behaviour (server delay should never be excessive though)

Suspicious connections
Because Cascade can see all traffic traversing the network, it can see stuff that should be there and perhaps stuff that shouldn't.

A tough one for us to identify as we do not fully 'understand' the customer's network - but go with their instincts. On a couple of occasions we have noticed client host systems connecting to other hosts (server or client) that have required additional investigation e.g. why is that system in Italy connecting to another in Finland? In this particular instance we noticed that the volume of traffic between this client and the Exchange server was far greater than its contemporaries. Drilling into this client then identified a number of other suspect connections including the Finnish one.

Daily Reports
The reporting capabilities of Cascade are vast. Whether you are a network person, a server person, an application person, a security person, a line of business person, a data centre person..... (the list goes on), Cascade has reports which are useful to you in your daily life. As a line of business person, for example, getting a report showing end to end performance of an application and variations across the reporting period and from normal, gives a clear view that all is well, or otherwise. So that report turning up in your inbox every morning along with the ability to look at your customised dashboard in real0-time, means you have a real handle on your critical service delivery.

Try and configure a daily report that emails to the principal contact - say WAN Utilisation report, and/or a mission critical application reports such as SAP Utilisation or Exchange. This will help to keep Cascade in the forefront of their daily activity. We don't want them to forget it's there two days after leaving site.

Product details

[ add comment ]   |  [ 0 trackbacks ]   |  permalink  |  related link
Monitoring Primary and Backup WAN Paths 
Many organisations will typically have backup network paths between the datacentre and their branches protecting against failure on their primary WAN circuits. The technology options for these backup circuits may vary from dial-up circuits such as ISDN to low speed serial circuits such as lease line or frame relay. Many organisations today use xDSL for this purpose.

An important factor in this is ensuring the backup circuit is alive and operating correctly at all times - it will be too late when the primary system goes down to then find that the backup circuit also isn't working with a preventable problem leaving the branches disconnected from the datacentre.

The PathView software sequencers located in each branch are used by the PathView system in the datacentre to monitor the network paths between the datacentre and the branch sequencers. The PathView system reports on a variety of metrics including: latency, jitter, capacity, utilisation, and (of course) connectivity. If any of these metrics breach the predetermined thresholds then alerts are automatically issued so that remedial action can be taken if necessary.

This is all well and good for the primary circuit, but how can we monitor the backup line? The sequencer by default is installed with just one network interface. By adding an additional interface to the sequencer and monitoring systems on a VLAN dedicated to monitoring the backup route we can now test both the default and backup paths.

The diagram above shows a typical MPLS architecture with IPSec backup paths. For clarity the routing for just one branch has been detailed.

Having sequencers with two interfaces at each branch location will allow for simultaneous monitoring of either WAN type from either direction. This will provide great visibility into path performance for each scenario.

Paths are defined as a triple in PathView Premise (sequencer, target, target type).

To take advantage of the dual interface create and assign a duplicate target type for the IPSec VPN paths.


SeqA=head office
SeqB=some branch office
10.10.10.x=MPLS WAN IP numbering
172.16.1.x=IPSec WAN IP numbering

Possible Paths:

SeqA(10.10.10.x) to SeqB(10.10.10.x) using Server WAN (MPLS)
SeqA(172.16.1.x) to SeqB(172.16.1.x) using Server WAN (IPSec)

You could also perform UDP monitoring at the same time:

SeqA(10.10.10.x) to SeqB(10.10.10.x) using Server WAN (MPLS - UDP)
SeqA(172.16.1.x) to SeqB(172.16.1.x) using Server WAN (IPSec - UDP)

Furthermore, you could perform monitoring in the opposite direction ..

SeqB(10.10.10.x) to SeqA(10.10.10.x) using Server WAN (MPLS)
SeqB(172.16.1.x) to SeqA(172.16.1.x) using Server WAN (IPSec)
SeqB(10.10.10.x) to SeqA(10.10.10.x) using Server WAN (MPLS - UDP)
SeqB(172.16.1.x) to SeqA(172.16.1.x) using Server WAN (IPSec - UDP)

[ add comment ]   |  [ 0 trackbacks ]   |  permalink  |  related link
Citrix XenServer - Free Enterprise-Class Virtualisation 
Citrix have upped the ante in the server virtualisation stakes by offering their "enterprise-class, cloud-proven" XenServer platform at no cost.

This is an interesting twist in the server virtualisation wars. They have decided their very capable product can be free, presumably to step on VMware ESX sales by differentiating themselves at the entry point. In the current cash strapped times this should do them no harm at all.

It is not a cut down or incapable version, it comes with a feature set that will be all many organisations need, with features such as centralised multi-node management, and full live motion.

They are reverting to a classic Citrix model of adding value to "standard" products by producing a range of chargeable add-ons for those who need them. Citrix Essentials for XenServer, a new product line that includes a rich set of capabilities specifically optimised for the XenServer environment. These optional features including:

� lab automation
� dynamic provisioning
� workflow orchestration
� high availability
� seamless integration with leading storage systems

will be directly visible in the XenCenter administration console in grayed-out mode, making it easy to understand the additional capabilities available. As Citrix adds new enhancements to the Citrix Essentials product line, all active XenServer users will have the option to be automatically notified of these new capabilities through their XenCenter management console.

Customers using Microsoft Windows Server 2008 Hyper-V for their virtualisation platform will also be able to add similar advanced virtualisation management capabilities to their environments by purchasing Citrix Essentials for Hyper-V. With the Citrix Essentials product line, Citrix is committed to adding significant value to both XenServer and Hyper-V, the two fastest growing virtualisation platforms in the market, helping customers in all market segments achieve more manageable, scalable and agile data centres in a way that leverages their existing investments in the most efficient way possible.

Free Citrix Xenserver Download

[ 3 comments ] ( 174 views )   |  [ 0 trackbacks ]   |  permalink  |  related link
What�s in name? 
Mazu Profiler is now Riverbed Cascade. We know why Mazu is now Riverbed - they bought the company. Who knows why Profiler, which describes a bit of what this wonderful piece of kit does, is now Cascade. No idea what Cascade describes or implies, but that doesn't stop the product being magnificent. It's not a network monitor. It's not a security monitor. It's not an application performance monitor. It's not a compliance monitor. It's not a behavioural analysis monitor. It's ALL of those things and probably more beside.

It's a strange beast. When you try and describe it to someone they almost always say "I have something that does that". I've seen things that do bits of what this can do, but nothing like as comprehensive. You probably can recreate much of the functionality by throwing loads of products at it, but you would end up with multiple panes of glass to manage and multiple throats to choke, multiple support contracts and a general nightmare.

With Riverbed Cascade, as we must get used to calling it, you get real end to end visibility into how the entire infrastructure stack is delivering services to the end users, which after all is the whole point of the infrastructure. There is no synthetic traffic to run across the network. No agents or probes to install and maintain. Just a simple installation which can start to give meaningful results within a couple of hours of taking the appliance out of the box.

Simple use examples are:
- For those who were clobbered by Conficker. With this you can see the activity and isolate the affected hosts before it spreads
- Get real response time measurements for every client server conversation, for every application
- Is the problem the network or the server, easily identify root causes for quick resolution
- Active Directory, DNS and DHCP integration means you can easily see who and what is involved
- SNMP integration means you can get location information and identify which switch the user is plugged into
- Easily allows you to prove to an auditor that no unauthorised (non-compliant) activity has happened
- Deep packet inspection means you know exactly what that application is, not just ports and protocols
- How heavily used is your network, great for capacity planning
- Where do the application dependencies lie, does the application really work in the way you think
- How many of your servers are not really doing anything, how much could you save switching those servers off

Integrates with a bunch of other stuff, manage it through your overall management architecture; integrate it with specialist tools, such as SEMS.

The only way to really get your head round the power of this system is to see it in action. Ask about our webinar demonstrations and see what it could do for you!!

Product Link

[ 1 comment ] ( 8 views )   |  [ 0 trackbacks ]   |  permalink  |  related link
What use is IT to the rest of the organisation? 
From the businesses point of view, what is the purpose of IT? It is usually to help the rest of the business function by providing information, data, communication, applications, etc. In other words it allows the business to function.

It is therefore important to the business to know how well those services are being provided to the end users.

In many environments this visibility is provided by how frequently the helpdesk phone rings. Some have a range of sophisticated probes and monitors deployed. Deploying probes is always a hassle and is never cheap. Some run synthetic traffic across the network and measure responses; that adds load, is hassle to set up and doesnt represent the real world.

What is needed is something that:
Is simple to install, without probes everywhere
Can see all traffic, all the time
Can see across the LAN and the WAN
Can see response times for real data and applications
Introduces no real load on the system
Can give a helicopter view across silos
Facilitates easy deep dives into the nitty gritty to allow proper root cause analysis
Doesnt need to be set up and scheduled, like a sniffer, as its always everywhere

That is what the Mazu Profiler is like. It is awesomely powerful. It can do so much it is easy to make it sound unbelievable, but it really is.

Mazu Profiler uses Network Behaviour Analysis (NBA) to provide a new way of looking at the infrastructure by analyzing network traffic to provide valuable information about the interactions of and dependencies between users, applications, and systems.

You can set up different dashboards appropriate for different users. So it can be a simple traffic light, or tell you the inside leg measurement of the router in rack 24, or the SQL query being processed by the server when it runs like a dog. Unbelievable? Yes, but real and awesome!

[ add comment ]   |  [ 0 trackbacks ]   |  permalink  |  related link

Back Next