1

Traffic Analysis How ToWebinar Series

Traffic Analysis on Windows ServersDecember 10, 2009

2 2

Agenda:

Today’s Presenters:• Kevin Gillis, VP Product Management, Network Management• Jason Williams, Product Manager & The WhatsUp Guru

Agenda:– Overview– Flow Publisher Overview– Server Based Traffic Analysis– Technical Demonstration– Q&A– Next Steps

3

The Need for Traffic Analysis

• My network is slow and I do not know why…– Existing tools don’t give me any or enough visibility…

• Into user and application network bandwidth utilization

• Into network performance issues

• Into locating and troubleshooting issues

• Into applications and their effect on the network

• Into security breaches and unauthorized usage

• Current solutions– Require expertise in packet level analysis– Require device or network upgrades/downtime– Require investment in appliances or probes

Tools are either too expensive or complex to deploy

4

Flow Publisher v1.0 Summary

• Flow data generated from raw network traffic– Convert raw traffic into NetFlow v1, v5 and v9 compliant flow records

• Full range of NetFlow information• Not sampled flow data

• Pinpoint or broad traffic analysis– Virtually any network device supporting port mirroring– Passive TAPs (Test Access Point)– Windows servers and any running applications (e.g. Oracle, SAP,

Exchange)

• High impact – non-invasive and inexpensive to maintain– Leverages existing network infrastructure– No device hardware or software upgrades required– Does not require network or device downtime

Enables flow analysis for non-flow capable devices

5

Flow Publisher v1.0 Features

• Two Components1. Agent Manager Interface

• Configure and manage a single or multiple agents

2. Flow Publisher Agent• Processes raw traffic data• Standalone installation

– Dedicated Windows computer

– TAP or mirrored interfaces

– Accepts raw traffic from up to 4 individual interfaces

• Hosted installation– Directly on Windows Servers

» Application monitoring

» User monitoring

» VMware Virtualized Systems

Software only solution

2.

1.

6

Flow Publisher v1.0 Features cont’d

• Integrates with v14.x of WhatsUp Gold and v2.0 of Flow Monitor for:– Real-time traffic monitoring

and analysis

– Threshold alerting

– 40+ reports (web and mobile)

• Maps MAC addresses to reported interfaces

• Jumbo and fragmented packet support

• Configurable logging– 3 levels of detail

• 2 levels of capture– Normal

– Promiscuous

7

Agent & Collector High-level InteractionServer with Flow

Publisher agent Installed

TAP

Switch

Switch forwards mirrored traffic to Flow Publisher agent

Agent forwards NetFlow records to Flow Monitor collector

TAP forwardsbi-directional traffic to Flow Publisher agent

Server based agent forwards NetFlow records to Flow Monitor collector

`

Flow Publisher agent on PC

`

WhatsUp Gold and Flow Monitor

collector

Three flexible deployment models provide unlimited choices

8

Application and User Traffic Analysis

• Rapid isolation of server versus network based issues• Insight into reasons for application traffic

– Traffic loads– Users– Peak usage timeframes

• Locate under and over subscribed applications and servers– Standalone servers– Virtualized servers

• Traffic to individual virtual machines (VMs)

Why is server based traffic analysis important?

Creates opportunity to optimize server infrastructures based upon actual user and application utilization data

9

Server Traffic Analysis Deployment

• Flow Publisher Server Agent– Windows Server

• 32 & 64 bit: Standard and Enterprise Server 2008 and Standard and Enterprise Server 2005 SP2

• Non-virtualized and virtualized servers

• Network interface

– Runs as a Windows service• Small resource footprint

Application and user traffic analysis at the source

10 10

Server Based Flow MonitoringTechnical Demonstration

11 11

Next Steps…

Find out more about Flow Publisher v1.0http://www.whatsupgold.com/whatsnew

Try - free 30 day evaluationhttp://www.whatsupgold.com/download

Buy – (3) ways to purchase www.whatsupgold.com/buy

1. WhatsUp Gold Representative2. An Ipswitch Reseller Partner of your choice3. Online via our ecommerce shop

Increased visibility into application and user trafficon your servers!

12

Traffic Analysis How To Webinar Series

• Session 2 – 11:00 AM EST Tuesday, January 12, 2010 – Traffic Analysis for Non-flow Enabled Networks (Part 1)

• To understand single or multi-segment traffic patterns• To pinpoint origins of slow network performance in real-time

• Session 3 – 11:00 AM EST Tuesday, January 19, 2010– Traffic Analysis for Non-flow Enabled Networks (Part 2)

• To increase defense against internal and external threats • To provide cost effective traffic analysis without upgrades or downtime

• Session 4 – 11:00 AM EST Tuesday, January 26, 2010– Traffic Analysis Techniques for Flow and Non-flow Networks

• To optimize the power of flow-based traffic analysis in networks• To create valuable strategies to ensure future network stability and

security

13

Flip over this…1 randomly selected attendee will receive a Flip Mino camcorder

14 14

Q & APlease submit your questions

via the Q&A feature in the lower right corner

Additional Questions?

Jason Williams – guru@ipswitch.comKevin Gillis – k@ipswitch.com

orhttp://whatsupgold.com/community – then go to Forums

15 15

Thank You