For any given data collector device such as the AMD, you can set a variety of options, such as time thresholds. The general settings affect the monitoring of default and user-defined software services. Some of these settings can then be overridden by settings for a particular analyzer, software service, or URL.
To define the general settings for an AMD:
1. Start and log on to RUM Console.
2. Select Devices and Connections ➤ Manage Devices from the top menu, to display the current device list.
3. Select Open Configuration from the context menu for an AMD. The AMD Configuration window appears.
4. Select Configuration ➤ Global ➤ General to access the list of general configuration settings.
While some of the options control only general AMD behavior, some options in the
Advanced group affect more specific configurations in application monitoring. For example,
if Inherit from global settings is selected in your other configurations while configuring user-defined software services, the global setting takes precedence over the specific monitoring configuration.
Configuration options include:
Monitoring interval
The monitoring interval in minutes. Increasing this value reduces the number of chunks of data that need to be transferred and processed.
Default: 5 minutes.
Verify that the monitoring interval is synchronized between the data collectors.
Operation time threshold
The number of seconds after which an operation is considered to be “slow”. The global threshold value depends on the analyzer.
This threshold is used by the following analyzers: Cerner
Cerner over MQ Epic
Generic with transactions HTTP
MS Exchange over HTTP MS Exchange over HTTPS Oracle Applications over HTTP Oracle Applications over HTTPS SAP GUI
SAP RFC
SAP GUI over HTTP SAP GUI over HTTPS SMTP
SSL
SSL Decrypted
Server time threshold
The Server time threshold relates to the server time portion of an overall operation time. Server times above the threshold limit are considered to be slow due to poor datacenter performance.
This threshold is used by the following analyzers: HTTP
SAP GUI over HTTP SAP GUI over HTTPS
IP address of the server authorized to set AMD time
In an environment with a number of servers sharing the same AMD, it is good practice to designate only one of these servers as a time synchronization server to make changes to AMD settings. Otherwise, the server used for time synchronization will change inadvertently every time you save an AMD configuration.
Default analyzer
The default setting for the TCP analyzer is Generic (with transactions). To change it, select another analyzer from the list.
Client RST packet timeout to mark session as CLOSED
If the time between the last ACK for data sent by the server and an RST packet sent by the client is greater than this value, the session is treated as closed instead of aborted.
Huge packet size
The upper size limit, in bytes, of an HTTP request to be processed successfully by the AMD.
Maximum packet size
The AMD is capable of processing packets of up to 16128 bytes, besides the Ethernet standard MTU (Maximum Transmission Unit) of 1536 bytes.
Choose one of the predefined values (2048, 4096, 8192, or 16132 bytes) to enable
the AMD to process non-standard MTU packets. When you have chosen the
Maximum packet size value, make sure that you also set the Huge packet size to
an applicable value.
Enabling theAMD to process nonstandard MTU packets without extending RAM on the machine and leaving Packet buffer size (64-bit AMDs only) and Data memory limit unchanged can cause an excessive packet loss. To avoid this, extend
RAM and configure its usage as recommended in the tables below. For more information, see Setting Packet Buffer Size in the Data Center Real User Monitoring
Agentless Monitoring Device Installation Guide and Setting Data Memory Limit in
the Data Center Real User Monitoring Agentless Monitoring Device Installation
Guide.
NOTE
Do not enable the processing of large packets for a Small AMD. These devices are not designed to process larger packets. For more information, see Small AMD in the
Data Center Real User Monitoring Agentless Monitoring Device Installation Guide.
Table 2. Recommended RAM Configuration for Maximum Packet Size Values for AMDs Recommended RAM size for 64-bit platforms
Maximum packet size
64 GB 8192 B or less 96 GB 8192 B 128 GB 16132 B
Sampling enabled
Supported in 64-bit customized AMD drivers and all- native drivers. The sampling mechanism is beneficial when heavy traffic may negatively affect AMD performance and there is a risk of losing IP session consistency. When this option is enabled, the AMD tries to analyze the greatest possible portion of traffic. It drops packets in a controlled manner that preserves complete and consistent sessions. Note that statistics for dropped packets are not shown on the report server.
If packets are dropped because of sampling, the CAS shows notification messages. For percentages between 75 and 99, a warning icon is displayed; for values below
75, the report server issues error messages.
When this option is disabled and the network interface driver performance is degraded, random packets are dropped.
Default: enabled.
For more information, see Using Network Interfaces with Native Drivers in the Data
Center Real User Monitoring Agentless Monitoring Device Installation Guide and Driver, Network, and Interface Configuration in the Data Center Real User Monitoring Agentless Monitoring Device Installation Guide.
NOTE
When capturing packets on an AMD with sampling disabled, if the AMD experiences packet drop due to high traffic volume, the packet capture is not automatically canceled. If this occurs, select Tools ➤ Packet Data Mining Tasks on the CAS, find the task that was using the AMD in question, and click to cancel that task.
Deduplication method
You can choose one of four methods for eliminating duplicate packets:
• Based on TCP checksum and IP ID – Using this method, duplicate packets are detected based on their TCP checksum and IP ID.
• Based on TCP checksum and IP ID (excluded SEQ and ACK numbers) – Using this more complex, two-stage method, duplicate packets are detected based on a modified packet KCP checksum (SEQ and ACK numbers are excluded) and IP ID. This method is useful if the AMD captures packets on various interfaces of the router, rewriting SEQ and ACK numbers.
A packet is considered a duplicate when the modified checksum, IP ID, and SEQ and ACK numbers are identical.
First, a packet checksum with SEQ and ACK numbers is created and compared to the packets stored in the detection buffer. If the comparison indicates that the packet is not a duplicate, it is checked to determine whether it matches the current session. A packet matches the current session when its SEQ and ACK numbers are different from processed and cached numbers by the value defined in TCP
duplicate window. If the difference exceeds the defined value, the AMD assumes
the ACK and SEQ numbers were rewritten by the router and the packet is Chapter 5 ∙ Basic Monitoring Configuration
• TCP checksum, IP ID and MAC address (excluded SEQ and ACK) – Using
this method, the deduplication process is similar to the one based on TCP
checksum and IP ID (excluded SEQ and ACK numbers), but in addition to
TCP checksum and IP ID, the source/destination MAC addresses are also taken into account for the calculation.
• TCP checksum, IP ID and MAC address – Using this method, duplicate packets
are identified based on their TCP checksum, IP ID and source/destination MAC addresses.
TCP duplicate window
This setting is useful only if Deduplication method is set to Based on TCP checksum
with excluded SEQ and ACK numbers. It is used for determining whether a packet,
based on its SEQ and ACK numbers, belongs in the session. If a packet's SEQ and ACK numbers differ from the current session's SEQ and ACK numbers by a value larger than TCP duplicate window, the packet is considered a duplicate.
Default: 65536. Packet buffer size
The number of packets to keep in the buffer for use as a basis for comparison in duplicate packet detection. Newly captured packets are sequentially compared to the packets in the buffer. A newly captured non-duplicate packet (all packets in the buffer are unique) is placed on the top of the stack and the oldest is removed.
Range: 6 to 24 packets.
Default: 16.
Reset duplicate detection time threshold
Time of inactivity (in seconds) after which the duplicate packets elimination mechanism is reset. If Deduplication method is set to Based on TCP checksum
with excluded SEQ and ACK numbers or TCP checksum, IP ID and MAC address (excluded SEQ and ACK) , and the Reset duplicate detection time threshold should be greater than every response generation time (server time).
5. Save or publish the configuration.
• Click Save to save your changes and continue with configuration.
• Click Save and Publish to immediately update the devices configuration.
6. Close the AMD Configuration window.