what's new in performance vision version 3.2

© SecurActive 2014

WHAT’S NEW

IN VERSION 3.2?

© SecurActive 2014

PERFORMANCE VISION VERSION 3.2

CIFS Transaction Analysis

New Features & Improvements

Performance Vision 3.2

© SecurActive 2014

CIFS/SMBTRANSACTION ANALYSIS

© SecurActive 2014

CIFS TRANSACTION ANALYSIS: USER BENEFITS

Monitor CIFS/SMB Performance

Identify Slow Transactions

Correlate File Sharing Problems with Network Performance Issues

Access Rights Deleted or Corrupted Files Insufficient Resources All Errors and Warnings

Troubleshoot File Sharing Issues

© SecurActive 2014

IN-DEPTH CIFS/SMB PERFORMANCE ANALYSIS

CIFS/SMB in APS

Supported CIFS/SMB versions

SMB 1.0

SMB 2.0

SMB 3.0 (no encryption)

© SecurActive 2014 6

CIFS OVERVIEW

Overview of CIFS Commands

© SecurActive 2014

OVERVIEW OF CIFS COMMANDS

Display CIFS Overview per Command type:

Number of Queries

Number of Errors and Warnings

Performance Metrics (SRT, DTT)

Payload and Number of Packets (PDUs)

One-click drill down to more details


CIFS PERFORMANCE

Performance of CIFS Queries over Time

© SecurActive 2014

PERFORMANCE OF CIFS QUERIES OVER TIME

Display CIFS Performance metrics over time:

Data Transfer Time and Server Response Time

Number of OKs, Warnings and Errors

Payload for Queries, Responses and Metadata

One-click drill down to more details


CIFS CLIENTS

CIFS Most Active Clients

© SecurActive 2014

CIFS MOST ACTIVE CLIENTS

Display CIFS metrics for the most active clients:

Client IP

Number of Queries, Errors and Warnings


Payloads and Number of Packets (PDUs)

One-click drill down to queries and errors


CIFS SERVERS

CIFS Most Active Servers

© SecurActive 2014

CIFS MOST ACTIVE SERVERS

Display CIFS metrics for the most active servers:

Server IP






CIFS FILES

CIFS Most Active Files

© SecurActive 2014

CIFS TOP FILES

Display queries aggregated by Files:

File Path






CIFS TREES

CIFS Most Active Trees

© SecurActive 2014

CIFS TOP TREES

Display queries aggregated by Trees:

Tree Path





© SecurActive 2014

DIFFERENCE BETWEEN TREE AND FILE

\\ WINSHARE \

DATA

\\ WINSHARE \ USR

Tree (Mount

Point)File

\ Private \ Users \ UC576 \ mailbox.pst


CIFS USERS

CIFS Most Active Users

© SecurActive 2014

CIFS TOP USERS

Display queries aggregated by Users:

Username





© SecurActive 2014

USER NOT ALWAYS AVAILABLE?

Why is the User not always available?

Secured authentication (Kerberos)

Potentially unsupported authentication

mechanism

Session initialization has not been captured


CIFS QUERIES

List of CIFS Queries

© SecurActive 2014

CIFS QUERIES

Available CIFS Data

Command, Subcommand and Status

File ID and Path

Number of Queries, Errors & Warnings


Username

Domain name

Tree ID and Tree name

Data Payload: Reads, Writes

Metadata Payload: Reads, Writes

Number of Packets (PDUs)


CIFS RAW DATA

Details of all CIFS Transactions

© SecurActive 2014

CIFS RAW DATA: TRUE ROOT CAUSE ANALYSIS

CIFS transactions without any grouping

Useful for advanced troubleshooting

Application behavior auditing

Queries

Raw Data

© SecurActive 2014

USER FRIENDLY ROOT CAUSE ANALYSIS

User-friendly interface

Color highlighting for readability

One-click filtering facility

Inline CIFS protocol help

Resizable textboxes

© SecurActive 2014

CIFS DEDICATED FILTERS

Dedicated CIFS filters:

Refine search for specific issues

Search results by:

Port number

Command type

Status name

Path name and File ID

Subcommand type

Tree name and Tree ID

User and Domain

© SecurActive 2014

SEARCH FOR SPECIFIC CIFS ELEMENTS

Type text to automatically refine the list of available

options

CIFS Commands, Statuses and Subcommands organized into Categories

© SecurActive 2014

EASY DRILL-DOWN

One click to see Performance over time for these CIFS Transactions

One click drill-down to CIFS Queries or Raw data

One click drill-down to Flow Details associated to these Transactions

One click drill-down to CIFS Errors or Warnings

© SecurActive 2014

FOR POWER USERS: CUSTOM FILTERS FOR CIFS

Custom Filters for CIFS

Used to build advanced queries

See Custom Filters reference in Guide

© SecurActive 2014

FAST ANALYSIS: CIFS COMMON STATUSES

Common Statuses for CIFS:

STATUS_NO_SUCH_FILE,

STATUS_NO_SUCH_DEVICE,

STATUS_OBJECT_NAME_NOT_FOUND,

STATUS_OBJECT_PATH_INVALID,

STATUS_OBJECT_PATH_NOT_FOUND,

STATUS_OBJECT_PATH_SYNTAX_BAD,

STATUS_DFS_EXIT_PATH_FOUND,

STATUS_REDIRECTOR_NOT_STARTED,

STATUS_TOO_MANY_OPENED_FILES,

STATUS_ACCESS_DENIED,

STATUS_PORT_CONNECTION_REFUSED,

STATUS_FILE_DELETED,

STATUS_INSUFF_SERVER_RESOURCES,

STATUS_MORE_PROCESSING_REQUIRED,

STATUS_BUFFER_OVERFLOW,

STATUS_WRONG_PASSWORD,

STATUS_NETWORK_ACCESS_DENIED,

STATUS_TOO_MANY_SESSIONS.

Common statuses category contains the most common CIFS errors and warnings.

cifs.status = "common"

Note: We do not consider

SMB_STATUS_NO_MORE_FILES as a Warning

© SecurActive 2014

ACTIVATION: CONFIGURE CIFS ANALYSIS

Configuration > Zones

Activate CIFS transaction analysis

for the zone and its subzones

If not needed, do not add print servers to the scope of CIFS analysis.

© SecurActive 2014

IMPACT: CIFS ANALYSIS WORKLOAD

Configuration > Database Workload

Check impact of CIFS analysis on workload

© SecurActive 2014

PERFORMANCE SAVING: CIFS DATA MERGING

Datatype Zone Merging level Degraded metrics

Configuration > Data Merging

Adjust merging levels for more performance

or for more details

By default: maximum performance

© SecurActive 2014

CORRELATION BETWEEN

NETWORK ISSUES AND CIFS TRANSACTIONS

CIFS

© SecurActive 2014

ONE CLICK SWITCH: FROM TCP FLOWS TO CIFS TRANSACTIONS

DNS

SQL

ICMP

HTTP

Flows

CIFS

Already in 3.0

Switch from TCP Flows to CIFS Transactions

From TCP Details to CIFS Queries

From TCP Raw Data to CIFS Queries

© SecurActive 2014

ONE CLICK SWITCH: FROM CIFS TRANSACTIONS TO TCP FLOWS

CIFS

SQL

HTTP

Flows

Switch from CIFS Transactions to TCP Flows

From CIFS Queries to TCP Flow Details

From CIFS Raw Data to TCP Flow Details

DNS

Already in 3.0

© SecurActive 2014

SORT BCN BY CRITICALITY

BCN can be sorted by criticality level

BCN with most alerting events are shown first

One Red > Any oranges

One Orange > Any greens

Note: For Business Critical Networks only (not yet for BCA)

© SecurActive 2014

DNS TROUBLESHOOTING

For DNS Troubleshooting:

Add new Custom Filters

Bandwidth, Packets, IPs

3.0

3.2

© SecurActive 2014

ONE CLICK @ SWITCHING

New button to switch client/server values:

Zones, IP Addresses and MAC Addresses

© SecurActive 2014

HINTS FOR « NO RESULTS »

Hints added:

When search requests return “No results”

Data could be merged

Metric could be disabled at sniffer level

Metric might not be active on any zone

Examples:

© SecurActive 2014

DATABASE PERFORMANCE IMPROVEMENTS

Better usage of query multithreading:

Response times up to 20% faster

Example: BCN computations

© SecurActive 2014

BETTER HANDLING OF BUFFERED TCP PACKETS

Better handling of buffered TCP packets

Potential impact on DTT / EURT metrics

Note: already included in 3.0.17

© SecurActive 2014

SHELLSHOCK SECURITY UPDATE

Bash security update for

Shellshock vulnerability

http://en.wikipedia.org/wiki/Shellshock_(software_bug)

© SecurActive 2014

VERSION 3.2: IMPACTS SUMMARY

Major impacts compared to 3.0:

Database migration time: low

CIFS performance analysis

Potentially on DTT/EURT

Check impact of CIFS performance analysis on

workload & license limits

Potential impact on DTT/EURT metrics

Migration time is low

Update should take few minutes depending on

database size

What’s New

in Version 3 .2 ?

© SecurActive 2014

THANK YOU!

For any [email protected]

[email protected]

Follow Us on@SecurActivePV

www.securactive.netblog.securactive.net

mailto:[email protected]

mailto:[email protected]?subject=Contact from What's new in 2.12

http://www.securactive.net/

http://www.securactive.net/

what's new in performance vision version 3.2

Technology