Module_08_Monitoring_and_Reportingx
Download
Report
Transcript Module_08_Monitoring_and_Reportingx
Monitoring and Reporting
Agenda
• What is AppFlow
• Visibility inside Cloud Network
• Monitoring Cloud Deployments
• Access Control, Auditing and Security
• Performance Monitoring for Key components
© 2012 Citrix | Confidential – Do Not Distribute
Limited,
Expensive
Tools
App Visibility
Web
Front
Agent
Tap
App
Server
Tap
End User
Agent
Tap
Instrumentation Limiting
Ubiquitous App Visibility
Costly | Intrusive | No Standards
© 2012 Citrix | Confidential – Do Not Distribute
DB
Server
Agent
Limited,
Expensive
Tools
Getting it Right
Simple
Tool
AppFlow
Simple
Tool
AppFlow
Simple
Tool
AppFlow
Web
Front
Agent
Tap
ADC
End User
WOC
ADC
App
Server
Tap
ADC
AppFlow
Agent
Tap
DB
Server
Agent
In-Place Real Estate
Non-Instrusive| App Aware| Standardized
© 2012 Citrix | Confidential – Do Not Distribute
Standard AppFlow Components
Template
Flow
Record
• Actual flow records that follow a given
templates
• Unidirectional IP packets identified by five
tuples: sourceIP, sourcePort, destIP, destPort,
and protocol
• Data points on traffic streams passing through
the device
Exporter
• Device which generates flows sent to the
collector
Collector
• Third-party tools aggregating records for
reporting purposes
© 2012 Citrix | Confidential – Do Not Distribute
AppFlow Record Basics
• Standard based on IPFIX
• Transaction level visibility for HTTP, SSL, TCP and SQL
• Ability to sample and filter desired flow types
• Flow records transmitted to external collectors
• Collectors aggregate the flow records for real-time reporting
© 2012 Citrix | Confidential – Do Not Distribute
NetScaler AppFlow Implementation
• Supports up to four collectors
• Uses UDP as transport medium
• Packet contains sequence number of flow records
• Helps collector detect packet drops/out of sequence
• Templates built for end user specific information
© 2012 Citrix | Confidential – Do Not Distribute
AppFlow Partners
© 2012 Citrix | Confidential – Do Not Distribute
Importance of Visibility in a Network
• Data movement across various components
• Location of Hosted Applications
• Access visibility by Applications and Data
• Different client types access
• Details of Request and Response parameters
© 2012 Citrix | Confidential – Do Not Distribute
AppFlow Insight: Visibility and Analytics Tool
© 2012 Citrix | Confidential – Do Not Distribute
Issues with monitoring Cloud deployments
• Everything is up in the Cloud
• Cloud vendor ensure the uptime
• No enterprise or end user driven monitoring
• Systems are UP but Apps are DOWN
• Live troubleshooting becomes a nightmare
© 2012 Citrix | Confidential – Do Not Distribute
Ways to Monitoring Cloud Deployments
• Events and Alerts
• Log record analysis – AppFlow or Syslog
• Analytics provides insight into:
ᵒ
ᵒ
ᵒ
ᵒ
ᵒ
System health status
CPU and Memory spikes
Hardware failures
Application down
User access and denial
© 2012 Citrix | Confidential – Do Not Distribute
AppFlow Insight: Allows active Monitoring
© 2012 Citrix | Confidential – Do Not Distribute
Access, Auditing and Security Challenges
• Security has been the major concern for Cloud
• Multi dimensional problem with Access to Audit
• Ensuring proper authentication
• Logging all possible audit data
© 2012 Citrix | Confidential – Do Not Distribute
Security visibility for Cloud deployments
• AppFlow can help visualize the security logs
• Helps visualize the security events
• Core visibility with AppFlow Insight
• Remote access visibility with Access Gateway Insight
• ICA and virtualization visibility with ICA Insight
© 2012 Citrix | Confidential – Do Not Distribute
AppFlow Insight: Visibility into Security
16
© 2012 Citrix | Confidential – Do Not Distribute
End User Performance Monitoring Challenges
• Application and Data resides remotely
• Users experience varied performance
• Multiple deployment factors outside control
• Client side latency can cause damage
• Application specific latency issues
• Network level latency issues
© 2012 Citrix | Confidential – Do Not Distribute
End User Monitoring: Key Statistics
• Performance monitoring should be done at logical point
• ADCs are best as they see both Client and Server
• Key statistics to measure
ᵒ
ᵒ
ᵒ
ᵒ
ᵒ
ᵒ
End to end response time
Network latency on client side
Network latency on server side
Server processing time
Client page load time
Client page render time
© 2012 Citrix | Confidential – Do Not Distribute
AppFlow Insight: Performance Monitoring
© 2012 Citrix | Confidential – Do Not Distribute
AppFlow Deployment Use Case
Collector
© 2012 Citrix | Confidential – Do Not Distribute
AppFlow for SQL
• Available with MySQL and Microsoft SQL
© 2012 Citrix | Confidential – Do Not Distribute
NEW in
NetScaler
10
Enterprise AppFlow Cases
• Identify Performance Anomalies
ᵒ Build timing profiles on a per-application module basis (URL prefix)
ᵒ Request/response pairs that fall out of the cluster of “normal” merit further investigation
ᵒ Produce scatter chart to identify natural clusters/curves visually
• The Cloud: Remove the Need for Network Taps
ᵒ Enable the use of APM tools in cloud environments
ᵒ Troubleshoot application behavior.
• IP Subnet vs. TCP RTT vs. User-Agent
ᵒ Identify which mobile devices are coming from which networks
ᵒ Do certain kinds of mobile devices need different types of application behavior? Is
there an upstream network provider that is misbehaving?
© 2012 Citrix | Confidential – Do Not Distribute
More Use Cases for AppFlow
• Identify error conditions
ᵒ Real-time processing of AppFlow data to identify clustered error conditions
ᵒ Requires detailed timing information
ᵒ Troubleshooting requires visibility into the client request in addition to the server
response headers. This information is lost in current generation logging.
• Track Real-Time SLA Management
ᵒ Collect aggregate data for web server logs in real-time
ᵒ Monitor whether content delivery is happening within SLA
ᵒ Hold detailed transaction records for proof
• Real-time Analytics
ᵒ Identify fast changing “Top 10” content to drive traffic optimization policies
ᵒ Follow changes in user behavior, application preferences, and application traffic
patterns.
© 2012 Citrix | Confidential – Do Not Distribute
app1
/
Response Time
/*
Bad News
/app2/*
/app1/*
© 2012 Citrix | Confidential – Do Not Distribute
/app3/*
Request
Time
Response Time for a given
URL
304
Bad News
200 OK
Response
code (304
OK)
© 2012 Citrix | Confidential – Do Not Distribute
502
Request Time for a given
URL
Page Duration and User Count vs. Time
© 2012 Citrix | Confidential – Do Not Distribute
Common Monitoring Issues Faced by
Administrators
• Decentralized infrastructure makes monitoring difficult
• Multiple vendors offering different non-interoperable solutions
• Proprietary technologies decrease flexibility
• Bulky Agent software increases management overhead
• Network taps are expensive and impractical in the Cloud Era
© 2012 Citrix | Confidential – Do Not Distribute
The AppFlow Solution
• More and more applications are moving to the Cloud
• Open Source Standard allows for homogeneous infrastructure
• Vendor lock in is no longer a concern
• Agent-less allows for the right tool for the job
• IETF standard defined in RFC 5101
• Allows for a “Full Picture” Solution
© 2012 Citrix | Confidential – Do Not Distribute
How AppFlow Works
• Using UDP as the transport protocol Appflow transmits the collected data
called “flow records” to one or more IPv4 collectors
• Provides visibility for HTTP, SSL, TCP and SSL_TCP flows
• Various 3rd party collectors aggregate the collected traffic in real time (Splunk,
SolarWinds)
• Feature introduced for AppFlow in NetScaler 9.3nc
• Available in NetScaler Standard, Enterprise, and Platinum
• Supported both on the MPX, VPX, and SDX
• AppFlow support in NetScaler 10 for DataStream and EdgeSight
© 2012 Citrix | Confidential – Do Not Distribute
Data Flows that can be reported on
Client to VIP
VIP to Client
© 2012 Citrix | Confidential – Do Not Distribute
SNIP/MIP to Server
Server to SNIP/MIP
AppFlow Records
• Records transmitted in IPFIX format via the NSIP of the NetScaler
• IPFIX based off of Cisco’s NetFlow
• Each flow records contains a sequence number, so that the collector can see if
there is a missed flow record
• No retransmission of missed flow records (function of UDP)
• Collector may be able to report on missed records
© 2012 Citrix | Confidential – Do Not Distribute
Appflow Records sent to Collector Via
NetScaler
SNIP/MIP to Server
Client to VIP
NSIP to Appflow
Collector
Appflow Collector
© 2012 Citrix | Confidential – Do Not Distribute
Configuring AppFlow
Configuring AppFlow on the NetScaler
• Enable the AppFlow Feature (enable feature AppFlow from the CLI or SystemSettings-Configure advanced features and check the “AppFlow” box in the
GUI)
• Add a Collector (default port is 4739)
• Add a AppFlow Action specifying a Collector
• Add a AppFlow Policy, define an expression
• Bind the Action to the Policy
© 2012 Citrix | Confidential – Do Not Distribute
Configuring AppFlow on the NetScaler (cont.)
• Bind AppFlow Policy either to the VServer or Globally
• Ensure AppFlow Logging is checked on the VServer or Service
© 2012 Citrix | Confidential – Do Not Distribute
Setting AppFlow Parameters
• Control what is sent to the Collector
• Tailor information sent to the collector to fit your
environment
• Client Traffic only collects only client side traffic
• Multiple records in each UDP packet
© 2012 Citrix | Confidential – Do Not Distribute
Configuring the NetScaler to send Syslog info
via Appflow
© 2012 Citrix | Confidential – Do Not Distribute
Policies
DataStream Support in NetScaler 10
© 2012 Citrix | Confidential – Do Not Distribute
EdgeSight Monitoring for AppFlow
© 2012 Citrix | Confidential – Do Not Distribute
Basic Troubleshooting
• Check if policy is being hit
• Nstcpdump.sh filtering UDP
• Network trace from Collector
• “Show run | grep appflow” to verify config from CLI
© 2012 Citrix | Confidential – Do Not Distribute
Basic Troubleshooting
Verify HTTP (or other)
data exists within the
packet being
transmitted to the
Collector
© 2012 Citrix | Confidential – Do Not Distribute
AppFlow Counters
• SNMP can be used to monitor AppFlow for ignored packets
• These values also translate into counters for the nsconmsg tool
• Information such as flow records transmitted, IPFIX records ignored, and IPFIX
records not sent
• Can be useful for proactive monitoring of AppFlow itself
© 2012 Citrix | Confidential – Do Not Distribute
Interpreting the Collected Data
What exactly
is traversing
my Network?
© 2012 Citrix | Confidential – Do Not Distribute
Interpreting the Collected Data
• Allows for analysis on all aspects of data passing through the NetScaler
• HTTP, TCP, Application Firewall, VPN, and UI among other statistics can be
logged
• Grants a top down view of data that can be graphed and exported
• This allows for statistics to be logged, trends to be noticed quicker, easier, and
action to be taken
• Quicker Time to Resolution when troubleshooting issues.
© 2012 Citrix | Confidential – Do Not Distribute
General Overview of Data via AppFlow
© 2012 Citrix | Confidential – Do Not Distribute
More Specific break down of Total Bytes
Sent/Received
© 2012 Citrix | Confidential – Do Not Distribute
General Overview of Data via AppFlow
© 2012 Citrix | Confidential – Do Not Distribute
General Overview of Data via AppFlow
© 2012 Citrix | Confidential – Do Not Distribute
HTTP Visibility
© 2012 Citrix | Confidential – Do Not Distribute
HTTP Visibility
© 2012 Citrix | Confidential – Do Not Distribute
HTTP Visibility
© 2012 Citrix | Confidential – Do Not Distribute
HTTP Visibility
© 2012 Citrix | Confidential – Do Not Distribute
Application Firewall Visibility
© 2012 Citrix | Confidential – Do Not Distribute
Application Firewall Visibility
© 2012 Citrix | Confidential – Do Not Distribute
SSL VPN Visibility
© 2012 Citrix | Confidential – Do Not Distribute
SSL VPN Visibility
© 2012 Citrix | Confidential – Do Not Distribute
SSL VPN Visibility
© 2012 Citrix | Confidential – Do Not Distribute
SSL VPN Visibility
© 2012 Citrix | Confidential – Do Not Distribute
In Depth Traffic Visibility
© 2012 Citrix | Confidential – Do Not Distribute
Work better. Live better.