Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.
WHAT’S NEW 
IN VERSION 3.2? 
© SecurActive 2014
PERFORMANCE VISION VERSION 3.2 
CIFS Transaction Analysis 
New Features & Improvements 
© SecurActive 2014
Performance 
Vision 3.2 
CIFS/SMB 
TRANSACTION ANALYSIS 
© SecurActive 2014
CIFS TRANSACTION ANALYSIS: USER BENEFITS 
Monitor CIFS/SMB Performance 
Troubleshoot File Sharing Issues 
Access Rights De...
IN-DEPTH CIFS/SMB PERFORMANCE ANALYSIS 
© SecurActive 2014 
CIFS/SMB in APS 
Supported CIFS/SMB versions 
 SMB 1.0 
 SMB...
CIFS OVERVIEW 
Overview of CIFS Commands 
© SecurActive 2014 6
OVERVIEW OF CIFS COMMANDS 
Display CIFS Overview per Command type: 
 Number of Queries 
 Number of Errors and Warnings 
...
CIFS PERFORMANCE 
Performance of CIFS Queries over Time 
© SecurActive 2014 8
PERFORMANCE OF CIFS QUERIES OVER TIME 
Display CIFS Performance metrics over time: 
 Data Transfer Time and Server Respon...
CIFS CLIENTS 
CIFS Most Active Clients 
© SecurActive 2014 10
CIFS MOST ACTIVE CLIENTS 
Display CIFS metrics for the most active clients: 
 Client IP 
 Number of Queries, Errors and ...
CIFS SERVERS 
CIFS Most Active Servers 
© SecurActive 2014 12
CIFS MOST ACTIVE SERVERS 
Display CIFS metrics for the most active servers: 
 Server IP 
 Number of Queries, Errors and ...
CIFS FILES 
CIFS Most Active Files 
© SecurActive 2014 14
CIFS TOP FILES 
Display queries aggregated by Files: 
 File Path 
 Number of Queries, Errors and Warnings 
 Performance...
CIFS TREES 
CIFS Most Active Trees 
© SecurActive 2014 16
CIFS TOP TREES 
Display queries aggregated by Trees: 
 Tree Path 
 Number of Queries, Errors and Warnings 
 Performance...
DIFFERENCE BETWEEN TREE AND FILE 
© SecurActive 2014 
Tree (Mount 
Point) 
 WINSHARE  
DATA 
 WINSHARE  USR 
File 
 Privat...
CIFS USERS 
CIFS Most Active Users 
© SecurActive 2014 19
CIFS TOP USERS 
Display queries aggregated by Users: 
 Username 
 Number of Queries, Errors and Warnings 
 Performance ...
USER NOT ALWAYS AVAILABLE? 
© SecurActive 2014 
Why is the User not always available? 
 Secured authentication (Kerberos)...
CIFS QUERIES 
List of CIFS Queries 
© SecurActive 2014 22
CIFS QUERIES 
Available CIFS Data 
© SecurActive 2014 
 Command, Subcommand and Status 
 File ID and Path 
 Number of Q...
CIFS RAW DATA 
Details of all CIFS Transactions 
© SecurActive 2014 24
CIFS RAW DATA: TRUE ROOT CAUSE ANALYSIS 
© SecurActive 2014 
CIFS transactions without any grouping 
 Useful for advanced...
USER FRIENDLY ROOT CAUSE ANALYSIS 
© SecurActive 2014 
User-friendly interface 
 Color highlighting for readability 
 On...
CIFS DEDICATED FILTERS 
© SecurActive 2014 
Dedicated CIFS filters: 
Refine search for specific issues 
Search results by:...
SEARCH FOR SPECIFIC CIFS ELEMENTS 
CIFS Commands, Statuses and Subcommands organized into Categories 
Type text to automat...
EASY DRILL-DOWN 
 One click to see Performance over time for these CIFS Transactions 
 One click drill-down to CIFS Quer...
FOR POWER USERS: CUSTOM FILTERS FOR CIFS 
© SecurActive 2014 
Custom Filters for CIFS 
 Used to build advanced queries 
...
FAST ANALYSIS: CIFS COMMON STATUSES 
© SecurActive 2014 
Common Statuses for CIFS: 
 STATUS_NO_SUCH_FILE, 
 STATUS_NO_SU...
ACTIVATION: CONFIGURE CIFS ANALYSIS 
Configuration > Zones 
 Activate CIFS transaction analysis 
© SecurActive 2014 
for ...
IMPACT: CIFS ANALYSIS WORKLOAD 
© SecurActive 2014 
Configuration > Database Workload 
 Check impact of CIFS analysis on ...
PERFORMANCE SAVING: CIFS DATA MERGING 
Datatype Zone Merging level Degraded metrics 
© SecurActive 2014 
Configuration > D...
CORRELATION BETWEEN 
NETWORK ISSUES AND CIFS TRANSACTIONS 
© SecurActive 2014 
CIFS
ONE CLICK SWITCH: 
FROM TCP FLOWS TO CIFS TRANSACTIONS 
© SecurActive 2014 
DNS 
HTTP 
SQL 
ICMP 
Flows 
CIFS 
Already in ...
ONE CLICK SWITCH: 
FROM CIFS TRANSACTIONS TO TCP FLOWS 
Switch from CIFS Transactions to TCP Flows 
 From CIFS Queries to...
CIFS DOCUMENTATION 
User Guide update 
 CIFS Analysis 
 CIFS Status Categories (appendix) 
© SecurActive 2014
Performance 
Vision 3.2 
NEW FEATURES 
& IMPROVEMENTS 
© SecurActive 2014
LDAP INTEGRATION 
© SecurActive 2014 
LDAP Integration 
 Requires anonymous 
authorization
SORT BCN BY CRITICALITY 
BCN can be sorted by criticality level 
 BCN with most alerting events are shown first 
 One Re...
#REQUESTS FOR DNS PAGES 
© SecurActive 2014 
For all DNS pages: 
 Add #Requests: Number of DRT 
 DRT: DNS Response Time
DNS TROUBLESHOOTING 
© SecurActive 2014 
For DNS Troubleshooting: 
 Add new Custom Filters 
 Bandwidth, Packets, IPs 
3....
ONE CLICK @ SWITCHING 
New button to switch client/server values: 
 Zones, IP Addresses and MAC Addresses 
© SecurActive ...
HINTS FOR « NO RESULTS » 
Hints added: 
 When search requests return “No results” 
 Data could be merged 
 Metric could...
HTTP DATA MERGING 
© SecurActive 2014 
3.0 
3.2 
For HTTP Transactions: 
 Added a new data merging level
DATABASE PERFORMANCE IMPROVEMENTS 
Better usage of query multithreading: 
 Response times up to 20% faster 
 Example: BC...
BETTER HANDLING OF BUFFERED TCP PACKETS 
Better handling of buffered TCP packets 
 Potential impact on DTT / EURT metrics...
SHELLSHOCK SECURITY UPDATE 
© SecurActive 2014 
Bash security update for 
 Shellshock vulnerability 
http://en.wikipedia....
VERSION 3.2: IMPACTS SUMMARY 
Migration time is low 
 Update should take few minutes depending on 
database size 
 Check...
SOMETHING BIG IS COMING 
© SecurActive 2014 
 Q1 2015 Technical Update 
 TBD 2015 Something BIG is coming
REBOOT AFTER UPDATE 
After the upgrade is completed 
© SecurActive 2014
YOU'RE READY TO GO, ENJOY VERSION 3.2! 
© SecurActive 2014
What’s New 
in Version 
3.2? 
For any Question 
sales@securactive.net 
support@securactive.net 
THANK YOU! 
Follow Us on 
...
Próxima SlideShare
Cargando en…5
×

What's new in Performance vision version 3.2

651 visualizaciones

Publicado el

Discover Performance Vision version 3.2 new features and especially its capabilities for performance diagnostic / troubleshooting for Microsft file storage & transfer (CIFS / SMB)

Publicado en: Tecnología
  • Sé el primero en comentar

  • Sé el primero en recomendar esto

What's new in Performance vision version 3.2

  1. 1. WHAT’S NEW IN VERSION 3.2? © SecurActive 2014
  2. 2. PERFORMANCE VISION VERSION 3.2 CIFS Transaction Analysis New Features & Improvements © SecurActive 2014
  3. 3. Performance Vision 3.2 CIFS/SMB TRANSACTION ANALYSIS © SecurActive 2014
  4. 4. CIFS TRANSACTION ANALYSIS: USER BENEFITS Monitor CIFS/SMB Performance Troubleshoot File Sharing Issues Access Rights Deleted or Corrupted Files Insufficient Resources All Errors and Warnings © SecurActive 2014 Identify Slow Transactions Correlate File Sharing Problems with Network Performance Issues
  5. 5. IN-DEPTH CIFS/SMB PERFORMANCE ANALYSIS © SecurActive 2014 CIFS/SMB in APS Supported CIFS/SMB versions  SMB 1.0  SMB 2.0  SMB 3.0 (no encryption)
  6. 6. CIFS OVERVIEW Overview of CIFS Commands © SecurActive 2014 6
  7. 7. OVERVIEW OF CIFS COMMANDS Display CIFS Overview per Command type:  Number of Queries  Number of Errors and Warnings  Performance Metrics (SRT, DTT)  Payload and Number of Packets (PDUs) One-click drill down to more details © SecurActive 2014
  8. 8. CIFS PERFORMANCE Performance of CIFS Queries over Time © SecurActive 2014 8
  9. 9. PERFORMANCE OF CIFS QUERIES OVER TIME Display CIFS Performance metrics over time:  Data Transfer Time and Server Response Time  Number of OKs, Warnings and Errors  Payload for Queries, Responses and Metadata One-click drill down to more details © SecurActive 2014
  10. 10. CIFS CLIENTS CIFS Most Active Clients © SecurActive 2014 10
  11. 11. CIFS MOST ACTIVE CLIENTS Display CIFS metrics for the most active clients:  Client IP  Number of Queries, Errors and Warnings  Performance Metrics (SRT, DTT)  Payloads and Number of Packets (PDUs) One-click drill down to queries and errors © SecurActive 2014
  12. 12. CIFS SERVERS CIFS Most Active Servers © SecurActive 2014 12
  13. 13. CIFS MOST ACTIVE SERVERS Display CIFS metrics for the most active servers:  Server IP  Number of Queries, Errors and Warnings  Performance Metrics (SRT, DTT)  Payloads and Number of Packets (PDUs) One-click drill down to queries and errors © SecurActive 2014
  14. 14. CIFS FILES CIFS Most Active Files © SecurActive 2014 14
  15. 15. CIFS TOP FILES Display queries aggregated by Files:  File Path  Number of Queries, Errors and Warnings  Performance Metrics (SRT, DTT)  Payloads and Number of Packets (PDUs) One-click drill down to queries and errors © SecurActive 2014
  16. 16. CIFS TREES CIFS Most Active Trees © SecurActive 2014 16
  17. 17. CIFS TOP TREES Display queries aggregated by Trees:  Tree Path  Number of Queries, Errors and Warnings  Performance Metrics (SRT, DTT)  Payloads and Number of Packets (PDUs) One-click drill down to queries and errors © SecurActive 2014
  18. 18. DIFFERENCE BETWEEN TREE AND FILE © SecurActive 2014 Tree (Mount Point) WINSHARE DATA WINSHARE USR File Private Users UC576 mailbox.pst
  19. 19. CIFS USERS CIFS Most Active Users © SecurActive 2014 19
  20. 20. CIFS TOP USERS Display queries aggregated by Users:  Username  Number of Queries, Errors and Warnings  Performance Metrics (SRT, DTT)  Payloads and Number of Packets (PDUs) One-click drill down to queries and errors © SecurActive 2014
  21. 21. USER NOT ALWAYS AVAILABLE? © SecurActive 2014 Why is the User not always available?  Secured authentication (Kerberos)  Potentially unsupported authentication mechanism  Session initialization has not been captured
  22. 22. CIFS QUERIES List of CIFS Queries © SecurActive 2014 22
  23. 23. CIFS QUERIES Available CIFS Data © SecurActive 2014  Command, Subcommand and Status  File ID and Path  Number of Queries, Errors & Warnings  Performance Metrics (SRT, DTT)  Username  Domain name  Tree ID and Tree name  Data Payload: Reads, Writes  Metadata Payload: Reads, Writes  Number of Packets (PDUs)
  24. 24. CIFS RAW DATA Details of all CIFS Transactions © SecurActive 2014 24
  25. 25. CIFS RAW DATA: TRUE ROOT CAUSE ANALYSIS © SecurActive 2014 CIFS transactions without any grouping  Useful for advanced troubleshooting  Application behavior auditing Queries Raw Data
  26. 26. USER FRIENDLY ROOT CAUSE ANALYSIS © SecurActive 2014 User-friendly interface  Color highlighting for readability  One-click filtering facility  Inline CIFS protocol help  Resizable textboxes
  27. 27. CIFS DEDICATED FILTERS © SecurActive 2014 Dedicated CIFS filters: Refine search for specific issues Search results by:  Port number  Command type  Status name  Path name and File ID  Subcommand type  Tree name and Tree ID  User and Domain
  28. 28. SEARCH FOR SPECIFIC CIFS ELEMENTS CIFS Commands, Statuses and Subcommands organized into Categories Type text to automatically refine the list of available options © SecurActive 2014
  29. 29. EASY DRILL-DOWN  One click to see Performance over time for these CIFS Transactions  One click drill-down to CIFS Queries or Raw data  One click drill-down to Flow Details associated to these Transactions One click drill-down to CIFS Errors or Warnings © SecurActive 2014
  30. 30. FOR POWER USERS: CUSTOM FILTERS FOR CIFS © SecurActive 2014 Custom Filters for CIFS  Used to build advanced queries  See Custom Filters reference in Guide
  31. 31. FAST ANALYSIS: CIFS COMMON STATUSES © SecurActive 2014 Common Statuses for CIFS:  STATUS_NO_SUCH_FILE,  STATUS_NO_SUCH_DEVICE,  STATUS_OBJECT_NAME_NOT_FOUND,  STATUS_OBJECT_PATH_INVALID,  STATUS_OBJECT_PATH_NOT_FOUND,  STATUS_OBJECT_PATH_SYNTAX_BAD,  STATUS_DFS_EXIT_PATH_FOUND,  STATUS_REDIRECTOR_NOT_STARTED,  STATUS_TOO_MANY_OPENED_FILES,  STATUS_ACCESS_DENIED,  STATUS_PORT_CONNECTION_REFUSED,  STATUS_FILE_DELETED,  STATUS_INSUFF_SERVER_RESOURCES,  STATUS_MORE_PROCESSING_REQUIRED,  STATUS_BUFFER_OVERFLOW,  STATUS_WRONG_PASSWORD,  STATUS_NETWORK_ACCESS_DENIED,  STATUS_TOO_MANY_SESSIONS. Common statuses category contains the most common CIFS errors and warnings. cifs.status = "common" Note: We do not consider SMB_STATUS_NO_MORE_FILES as a Warning
  32. 32. ACTIVATION: CONFIGURE CIFS ANALYSIS Configuration > Zones  Activate CIFS transaction analysis © SecurActive 2014 for the zone and its subzones If not needed, do not add print servers to the scope of CIFS analysis.
  33. 33. IMPACT: CIFS ANALYSIS WORKLOAD © SecurActive 2014 Configuration > Database Workload  Check impact of CIFS analysis on workload
  34. 34. PERFORMANCE SAVING: CIFS DATA MERGING Datatype Zone Merging level Degraded metrics © SecurActive 2014 Configuration > Data Merging  Adjust merging levels for more performance or for more details  By default: maximum performance
  35. 35. CORRELATION BETWEEN NETWORK ISSUES AND CIFS TRANSACTIONS © SecurActive 2014 CIFS
  36. 36. ONE CLICK SWITCH: FROM TCP FLOWS TO CIFS TRANSACTIONS © SecurActive 2014 DNS HTTP SQL ICMP Flows CIFS Already in 3.0 Switch from TCP Flows to CIFS Transactions  From TCP Details to CIFS Queries  From TCP Raw Data to CIFS Queries
  37. 37. ONE CLICK SWITCH: FROM CIFS TRANSACTIONS TO TCP FLOWS Switch from CIFS Transactions to TCP Flows  From CIFS Queries to TCP Flow Details  From CIFS Raw Data to TCP Flow Details © SecurActive 2014 CIFS HTTP SQL Flows DNS Already in 3.0
  38. 38. CIFS DOCUMENTATION User Guide update  CIFS Analysis  CIFS Status Categories (appendix) © SecurActive 2014
  39. 39. Performance Vision 3.2 NEW FEATURES & IMPROVEMENTS © SecurActive 2014
  40. 40. LDAP INTEGRATION © SecurActive 2014 LDAP Integration  Requires anonymous authorization
  41. 41. SORT BCN BY CRITICALITY BCN can be sorted by criticality level  BCN with most alerting events are shown first  One Red > Any oranges  One Orange > Any greens Note: For Business Critical Networks only (not yet for BCA) © SecurActive 2014
  42. 42. #REQUESTS FOR DNS PAGES © SecurActive 2014 For all DNS pages:  Add #Requests: Number of DRT  DRT: DNS Response Time
  43. 43. DNS TROUBLESHOOTING © SecurActive 2014 For DNS Troubleshooting:  Add new Custom Filters  Bandwidth, Packets, IPs 3.0 3.2
  44. 44. ONE CLICK @ SWITCHING New button to switch client/server values:  Zones, IP Addresses and MAC Addresses © SecurActive 2014
  45. 45. HINTS FOR « NO RESULTS » Hints added:  When search requests return “No results”  Data could be merged  Metric could be disabled at sniffer level  Metric might not be active on any zone © SecurActive 2014 Examples:
  46. 46. HTTP DATA MERGING © SecurActive 2014 3.0 3.2 For HTTP Transactions:  Added a new data merging level
  47. 47. DATABASE PERFORMANCE IMPROVEMENTS Better usage of query multithreading:  Response times up to 20% faster  Example: BCN computations © SecurActive 2014
  48. 48. BETTER HANDLING OF BUFFERED TCP PACKETS Better handling of buffered TCP packets  Potential impact on DTT / EURT metrics © SecurActive 2014 Note: already included in 3.0.17
  49. 49. SHELLSHOCK SECURITY UPDATE © SecurActive 2014 Bash security update for  Shellshock vulnerability http://en.wikipedia.org/wiki/Shellshock_(software_bug)
  50. 50. VERSION 3.2: IMPACTS SUMMARY Migration time is low  Update should take few minutes depending on database size  Check impact of CIFS performance analysis on  Major impacts compared to 3.0:  Database migration time: low  CIFS performance analysis  Potentially on DTT/EURT © SecurActive 2014 workload & license limits  Potential impact on DTT/EURT metrics
  51. 51. SOMETHING BIG IS COMING © SecurActive 2014  Q1 2015 Technical Update  TBD 2015 Something BIG is coming
  52. 52. REBOOT AFTER UPDATE After the upgrade is completed © SecurActive 2014
  53. 53. YOU'RE READY TO GO, ENJOY VERSION 3.2! © SecurActive 2014
  54. 54. What’s New in Version 3.2? For any Question sales@securactive.net support@securactive.net THANK YOU! Follow Us on @SecurActivePV www.securactive.net blog.securactive.net © SecurActive 2014

×