Page 1
www.wildpackets.com © WildPackets, Inc.
Jay Botelho
Director of Product Management
WildPackets
[email protected]
Show us your tweets! Use today’s webinar hashtag:
#wp_watchpoint with any questions, comments, or feedback.
Follow us @wildpackets
Don’t Let History Repeat Itself Network Monitoring and Reporting with
WatchPoint
Page 2
© WildPackets, Inc. 2 WatchPoint v2.0
Agenda
• Key Technologies in Network Reporting
• Limitations in Single Technology Approaches
• Why WatchPoint
• WatchPoint v2.0 Demo ‒ Determining long-term trends using WatchPoint
‒ Troubleshooting ongoing issues with WatchPoint
‒ Generating detailed, scheduled reports
‒ Linking directly from high-level reporting to detailed packet
analysis
• Company Overview
• Product Line Overview
Page 3
www.wildpackets.com © WildPackets, Inc.
Key Technologies in Network
Reporting
Page 4
© WildPackets, Inc. 4 WatchPoint v2.0
Choices and Comprises
Overhead???
Cost???
Data
Gra
nula
rity
Data Accuracy
SNMP
Flow-based
Packet-based
Page 5
© WildPackets, Inc. 5 WatchPoint v2.0
SNMP
• Best used to identify and describe system
configuration
• Monitor network-attached devices for high-level
conditions ‒ Up/Down
‒ Total traffic (bytes, packets)
‒ Number of users
• Typically polling-based – heavy bandwidth impact
• Typically 5 second granularity
• Trouble-shooting/root cause analysis not possible
Page 6
© WildPackets, Inc. 6 WatchPoint v2.0
"Go With the Flow"
• Flows, or flow records, have become the default element used in centralized network monitoring
• A ―flow‖ is a sequence of packets that has the following seven identical characteristics:
‒ Source IP address
‒ Destination IP address
‒ Source port
‒ Destination port
‒ Layer 3 protocol type
‒ TOS byte
‒ Input logical interface
• By implication, a flow is unidirectional
Page 7
© WildPackets, Inc. 7 WatchPoint v2.0
Packet-based - OmniFlow
• Developed by WildPackets
• Analysis of every packet AND payload
• Unrivaled info for each flow
• Layer 3 - 7
• 100% accurate
• Minimal network impact – 10’s of Kbps
• Monitor AND troubleshoot
Page 8
www.wildpackets.com © WildPackets, Inc.
Limitations in Single Technology
Approaches
Page 9
© WildPackets, Inc. 9 WatchPoint v2.0
Not All Data Sources Are Created Equal
Netflow sFlow OmniFlow Packets
• Developed by
Cisco
• RFC 3176
• sFlow agents
• Developed by
WildPackets
• RFC 1122
• Transit and
terminated traffic
• Statistical
sampling
• Higher speed
networks
• Analysis of every
packet AND
payload
• Every packet
recorded
• Detailed
troubleshooting
• Detailed info for
each flow
• Time-based
sampling of
interface counters
• Unrivaled info for
each flow
• Layer 2 - 7
• Apdex, Latency,
Reconstruction, …
• NO packets • NO packets • Links to packets • Packets with
network forensics
• Sampled – not
100% accurate
• Sampled – not
100% accurate
• 100% accurate • 100% accurate
Page 10
© WildPackets, Inc. 10 WatchPoint v2.0
It’s All In The Packets
Detailed errors
automatically
identified, with
alerts
One click identifies
the user and
application
One more click
identifies the root
cause of the issue
Page 11
www.wildpackets.com © WildPackets, Inc.
Why WatchPoint?
Page 12
© WildPackets, Inc. 12 WatchPoint v2.0
WatchPoint v2.0 Delivers
• 100% data accuracy ‒ Stop wondering if your monitoring solution is missing key results
• Detailed network history ‒ No loss of granularity for historical data
• Complete visibility ‒ From global network usage to detailed packet analysis for root-
cause analysis in a single solution
‒ SNMP, NetFlow, sFlow, OmniFlow integrated into a single
solution
• Immediate access to worldwide network data ‒ Monitor network usage and drill-down into specifics at the speed
of a click
Page 13
© WildPackets, Inc. 13 WatchPoint v2.0
WildPackets Comprehensive Solutions
Page 14
© WildPackets, Inc. 14 WatchPoint v2.0
Enterprise-wide Network Management
Page 15
© WildPackets, Inc. 15 WatchPoint v2.0
WatchPoint Benefits
• For CIOs ‒ High-level, instantaneous view of entire enterprise-wide network
‒ Quickly identify anomalistic network behavior
‒ Network usage, compliance, SLA reporting
• For IT Managers ‒ Centrally managed monitoring solution
‒ Configure access based on role and usage
‒ Modify reports on-the-fly to see the data you need
• For Network Engineers ‒ Find and fix network issues before they become major problems
‒ Correlate WatchPoint data with OmniEngine packet files for
detailed, post-capture analysis
Page 16
© WildPackets, Inc. 16 WatchPoint v2.0
What’s New in WatchPoint v2
• Comprehensive network monitoring via SNMP,
NetFlow, sFlow and OmniFlow
• Pre-built and custom reports
• SLA monitoring of key network elements ‒ Alerts, Alarms, Notifications
• Detailed drill-down into utilization, flows, and
conversations
• OmniFlow enhancements ‒ Direct access to packets
‒ Aggregated reporting of Expert events
‒ Aggregated reporting of VoIP statistics
Page 17
www.wildpackets.com © WildPackets, Inc.
WatchPoint v2.0 Demo
Page 18
© WildPackets, Inc. 18 WatchPoint v2.0
WatchPoint 2.0 At-A-Glance
• Detailed, precise, conversation-based analysis ‒ Eliminates inaccuracies from polling/sampling-based solutions
• 1 minute history – ALWAYS ‒ Never time-averaged historical data
• Tight integration into packet analysis – one solution
• Global reporting of Expert and VoIP analysis for
investigation of real-time or historical problems
Page 19
www.wildpackets.com © WildPackets, Inc.
Company Overview
Page 20
© WildPackets, Inc. 20 WatchPoint v2.0
Corporate Background
• Experts in network monitoring, analysis, and troubleshooting
‒ Founded: 1990 / Headquarters: Walnut Creek, CA
‒ Offices throughout the US, EMEA, and APAC
• Our customers are leading edge organizations
‒ Mid-market, and enterprise lines of business
‒ Financial, manufacturing, ISPs, major federal agencies,
state and local governments, and universities
‒ Over 7,000 customers / 60+ countries / 80% of Fortune 1,000
• Award-winning solutions that improve network performance
‒ Internet Telephony, Network Magazine, Network Computing Awards
‒ United States Patent 5,787,253 issued July 28, 1998 • Different approach to maintaining availability of network services
Page 21
© WildPackets, Inc. 21 WatchPoint v2.0
Real-World Deployments
Education
Health Care / Retail
Financial
Telecom
Government
Technology
Page 22
www.wildpackets.com © WildPackets, Inc.
Product Line Overview
Page 23
© WildPackets, Inc. 24 WatchPoint v2.0
OmniPeek/Compass Enterprise Packet Capture, Decode and Analysis
• 10/100/1000 Ethernet, Wireless, WAN, 10G
• Portable capture and OmniEngine console
• VoIP analysis and call playback
Omnipliance / TimeLine Distributed Enterprise Network Forensics
• Packet capture and real-time analysis
• Stream-to-disk for forensics analysis
• Integrated OmniAdapter network analysis cards
WatchPoint Centralized Enterprise Network Monitoring Appliance
• Aggregation and graphical display of network data
• WildPackets OmniEngines
• NetFlow and sFlow
Product Line Overview
Page 24
© WildPackets, Inc. 25 WatchPoint v2.0
OmniPeek Network Analyzer
• OmniEngine Manager
– Connect and configure distributed OmniEngines/Omnipliances
• Comprehensive dashboards present network traffic in real-time
– Vital statistics and graphs display trends on network and application
performance
– Visual peer-map shows conversations and protocols
– Intuitive drill-down for root-cause analysis of performance bottlenecks
• Visual Expert diagnosis speeds problem resolution
– Packet and Payload visualizers provide business-centric views
• Automated analytics and problem detection 24/7
– Easily create filters, triggers, scripting, advanced alarms and alerts
Page 25
© WildPackets, Inc. 26 WatchPoint v2.0
Omnipliance Network Recorders
• Captures and analyzes all network traffic 24x7
– Runs our OmniEngine software probe
– Generates vital statistics on network and application performance
– Intuitive root-cause analysis of performance bottlenecks
• Expert analysis speeds problem resolution
– Fault analysis, statistical analysis, and independent notification
• Multiple Issue Digital Forensics
– Real-time and post capture data mining for compliance and troubleshooting
• Intelligent data transport
– Network data analyzed locally
– Detailed analysis passed to OmniPeek on demand
– Summary statistics sent to WatchPoint for long term trending and reporting
– Efficient use of network bandwidth
• User-Extensible Platform
– Plug-in architecture and SDK
Page 26
© WildPackets, Inc. 27 WatchPoint v2.0
Omnipliance Network Recorders Price/performance solutions for every application
Portable Edge Core
Ruggedized
Troubleshooting
Small Networks
Remote Offices
Datacenter Workhorse
Easily Expandable
Aluminum chassis / 17” LCD 1U rack mountable chassis 3U rack mountable chassis
Quad-Core Xeon 2.5GHz Quad-Core Intel Xeon
X3460 2.80Ghz
Two Quad-Core Intel Xeon
E5530 2.4Ghz
4GB RAM 4GB RAM 6GB RAM
2 PCI-E Slots 2 PCI-E Slots 4 PCI-E Slots
2 Built-in Ethernet Ports 2 Built-in Ethernet Ports 2 Built-in Ethernet Ports
500GB and 2.5TB SATA
storage capacity
1TB SATA storage capacity 2TB SATA storage capacity
Page 27
© WildPackets, Inc. 28 WatchPoint v2.0
TimeLine
• Fastest network recording and real-time statistical
display — simultaneously ‒ 11.7Gbps sustained capture with zero packet loss
‒ Network statistics display in TimeLine visualization format
• Rapid, intuitive forensics search and retrieval ‒ Historical network traffic analysis and quick data rewinding
‒ Several pre-defined forensics search templates making
searches easy and fast
• A natural extension to the WildPackets product line
• Turnkey bundled solution ‒ Appliance + OmniEngine, OmniAdapter, OmniPeek Connect
Page 28
© WildPackets, Inc. 29 WatchPoint v2.0
TimeLine For the most demanding network analysis tasks
TimeLine
10g Network Forensics
3U rack mountable chassis
Two Quad-Core Intel Xeon 5560 2.8Ghz
18GB RAM
4 PCI-E Slots
2 Built-in Ethernet Ports
8/16/32TB SATA storage capacity
Page 29
© WildPackets, Inc. 30 WatchPoint v2.0
WatchPoint Centralized Monitoring for Distributed Enterprise Networks
• High-level, aggregated
view of all network
segments
– Monitor per campus, per
region, per country
• Wide range of network
data
– NetFlow, sFlow, OmniFlow
• Web-based, customizable
network dashboards
• Flexible detailed reports
• Omnipliances must be
configured for continuous
capture
Page 30
© WildPackets, Inc. 31 WatchPoint v2.0
WildPackets Key Differentiators
• Visual Expert Intelligence with Intuitive Drill-down
– Let computer do the hard work, and return results, real-time
– Packet / Payload Visualizers are faster than packet-per-packet diagnostics
– Experts and analytics can be memorized and automated
• Automated Capture Analytics
– Filters, triggers, scripting and advanced alarming system combine to provide
automated network problem detection 24x7
• Multiple Issue Network Forensics
– Can be tracked by one or more people simultaneously
– Real-time or post capture
• User-Extensible Platform
– Plug-in architecture and SDK
• Aggregated Network Views and Reporting
– NetFlow, sFlow, and OmniFlow
Page 31
www.wildpackets.com © WildPackets, Inc.
Thank You!
WildPackets, Inc.
1340 Treat Boulevard, Suite 500
Walnut Creek, CA 94597
(925) 937-3200