Sales
Support We have been doing lots of installations and proof of concepts with Riverbed Cascade (Network Behavioural Analysis) all across Europe recently and have collected together a few of those jaw dropping moments when people suddenly realise they don’t know quite as much about their network as they thought they did!!
ByLocation
Cascade allows you to group devices (servers, clients etc) by different variables, one of which is geographic location. Sometimes the result show a whole range of IP addresses and devices which were completely unknown to the central network team.
When creating/importing the ByLocation host group view members of all existing host locations. Then add a new group “0/0 unassigned”. This will pick up all internal addresses that have not yet been allocated into one of the location groups. This has 1 or 2 effects – it identifies those locations that were missed from the network location list, and/or identifies networks/IP addresses that hitherto were unknown to the network administrators.
Server Delay / Network Delay
Being able to track real-time responses of real application traffic anywhere in the network is powerful, after all that is the whole purpose of the systems, to provide decent responses and performance to end users no matter where they are or what application they are running.
Whilst navigating through the various reports look out for any large numbers around the RTT / Server Delay / Network Delay fields. Whilst they may not in themselves be cause for alarm, it should warrant further investigation to prove that these large numbers are acceptable. Remember, because we are just installing the profiler we have no concept of normal behaviour on this network. It is equally likely that we have identified a problem area as it is this is normal behaviour (server delay should never be excessive though)
Suspicious connections
Because Cascade can see all traffic traversing the network, it can see stuff that should be there and perhaps stuff that shouldn’t.
A tough one for us to identify as we do not fully “understand” the customer’s network - but go with their instincts. On a couple of occasions we have noticed client host systems connecting to other hosts (server or client) that have required additional investigation e.g. why is that system in Italy connecting to another in Finland? In this particular instance we noticed that the volume of traffic between this client and the Exchange server was far greater than its contemporaries. Drilling into this client then identified a number of other suspect connections including the Finnish one.
Daily Reports
The reporting capabilities of Cascade are vast. Whether you are a network person, a server person, an application person, a security person, a line of business person, a data centre person..... (the list goes on), Cascade has reports which are useful to you in your daily life. As a line of business person, for example, getting a report showing end to end performance of an application and variations across the reporting period and from normal, gives a clear view that all is well, or otherwise. So that report turning up in your inbox every morning along with the ability to look at your customised dashboard in real0-time, means you have a real handle on your critical service delivery.
Try and configure a daily report that emails to the principal contact – say WAN Utilisation report, and/or a mission critical application reports such as SAP Utilisation or Exchange. This will help to keep Cascade in the forefront of their daily activity. We don’t want them to forget it’s there two days after leaving site.
Product details
[ add comment ] ( 2 views ) | [ 0 trackbacks ] | permalink
Calendar
