Premier Services Program (PSP) Tools: Overview

Extreme Networks, Inc. 3585 Monroe Street

Santa Clara, California 95051 (888) 257-3000

(408) 579-2800

http://www.extremenetworks.com

Premier Services Program (PSP) Tools:

Overview

Published: September 2008 Part Number: 120349-00 Rev. 03

Alpine, Alpine 3804, Alpine 3802, Altitude, BlackDiamond, BlackDiamond 6808, BlackDiamond 6816, EPICenter, Ethernet Everywhere, Extreme Ethernet Everywhere, Extreme Networks, Extreme Turbodrive, Extreme Velocity, ExtremeWare, ExtremeWorks, ExtremeXOS, GlobalPx Content Director, the Go Purple Extreme Solution Partners Logo, Sentriant, ServiceWatch, Summit, Summit24, Summit48, Summit1i, Summit4, Summit5i, Summit7i, Summit 48i, SummitRPS, SummitGbX, Triumph, vMAN, the Extreme Networks logo, the Alpine logo, the BlackDiamond logo, the Summit logos, the Extreme Turbodrive logo, and the Color Purple, among others, are trademarks or registered trademarks of Extreme Networks, Inc. or its subsidiaries in the United States and other countries. Other names and marks may be the property of their respective owners.

© 2008 Extreme Networks, Inc. All Rights Reserved. Specifications are subject to change without notice.

Merit is a registered trademark of Merit Network, Inc. Solaris and Java are trademarks of Sun Microsystems, Inc. in the U.S. and other countries. Avaya is a trademark of Avaya, Inc.

This product includes software developed by the Apache Software Foundation (http://www.apache.org).

This product contains copyright material licensed from AdventNet, Inc. (http://www.adventnet.com). All rights to such copyright material rest with AdventNet.

Use of Open Source Libraries. The Software uses or links to the third party “open source” library(ies). Please read the “Notice” files included with the Software for identification of these libraries and applicable license agreements.

Contents

Chapter 1: Overview ... 5

Chapter 2: The PSP Appliance ... 7

Data Collection ...7

SNMP Data Collection ...7

NetFlow/sFlow Packet Sampling ...7

Auto Discovery ...8 Security ...8 Availability ...8 Appliance Management ...8

Chapter 3: PSP Tools... 9

Data Collection Services ...9

Data Transformation Services ...9

Data Storage Services ...9

Business Context Integration ...9

Cost Correlation and Key Performance Indicators...10

Notification and Escalation Services ...11

Scalability ...12

LAMP Foundation ...12

Telecommunications Grade Data Center ...13

Chapter 4: PSP Analytics ... 15

PSP ePortal Features...15

PSP Dashboards ...15

Point-and-Click Report Creator ...16

Drill-Down Reporting ...17

Sophisticated Graphics ...17

Report and Dashboard Sharing ...18

Automated Report Distribution ...18

Alert Configuration ...18

Preconfigured Dashboards and Reports ...19

Preconfigured Reports ...19

Chapter 5: Customer Network Impact Overview ... 21

Appendix A: Metrics ... 23

Device Metrics ...23

Interface Metrics...24

1

Overview

Extreme Networks provides clear, comprehensive insight into multi-vendor network performance and operations through an on-demand hosted network monitoring and traffic analysis solution. The PSP tools provide an unparalleled ability to understand traffic and utilization of your network by key applications. Shift the paradigm of network management from one of traditional reactionary break-fix maintenance and support to one where you have more proactive control of your applications,

bandwidth, and network devices, including routers, switches, servers, storage devices, firewalls, power supplies and more. Monitoring your network with the PSP tools will allow you to help identify potential problems, increase network and application availability, support key business applications, and optimize IT infrastructure.

Figure 1: PSP Architecture Overview

Figure 1 is a conceptual representation of the PSP architecture. The bottom shows the appliance, a software collector residing on the customer network, that securely collects and transports data from a customer’s network to the PSP Data Center. The data, after being sent to the PSP Data Center, is received by the PSP tools. The PSP tools are a set of services that enable configuration and sophisticated analytics, such as data transformation, data warehousing, predictive modeling, and alerting. Users can access the data anytime, anywhere through a Web application (the PSP ePortal) that offers drill-down analytics, role-specific dashboards, customized reporting, and sophisticated alerting.

Figure 2 is a representation of the broader PSP architecture, including connectivity between components at Extreme Networks PSP Data Center and the customer premises.

Overview

Figure 2: The PSP Architecture and connectivity

Extreme Networks offers the following additional PSP tools documentation: ● Premier Services Program (PSP) Tools Deployment Guide (part number 100243-00)

● Premier Services Program (PSP) Tools How to Create Custom Reports (part number 120347-00) ● Premier Services Program (PSP) Tools How to Use and Create Dashboards (part number 120348-00) ● Premier Services Program (PSP) Security Overview (part number 120350-00)

Servers Hong Kong Western United States Routers Other Switches Software or Hardware Appliance

(Data monitoring and collection)

Internet Hosted Service Platform

Security Services Data Transformation & Correlation

Statistical Analysis Business Context Overlay Notification & Escalation Services

Data Warehouse Analytics

Packaged Analytical Applications

Analytics Engine PSP Data Center PSP ePortal Browser Application Internet Customer Network

2

The PSP Appliance

The PSP Appliance is simply a software collector that resides on the customer premises. It collects and transports performance, utilization, and network traffic data to the PSP Data Center. The PSP software collector is the only component resident on the customer network, as Extreme Networks does not require agents, packet sniffers, or probes to be installed on customer devices.

The PSP Appliance aggregates, compresses, and encrypts data prior to transporting it to the PSP Data Center to minimize traffic.

Data Collection

Data is collected using Simple Network Management Protocol (SNMP), NetFlow, and sFlow.

SNMP Data Collection

Extreme Networks highly scalable and low-overhead SNMP data collection engine collects data every five minutes from each device or interface (it does so asynchronously, so that devices are not polled at the same time). The PSP Appliance receives a master Management Information Base (MIB) from the PSP tools that specify exactly which metrics to monitor on each device. The master MIB is maintained and updated by Extreme Networks. If additional metrics need to be monitored on either standard or proprietary equipment, they are added to the master MIB by Extreme Networks and made available to remote PSP Appliances. This enables customers to monitor any SNMP metric on any device.

The PSP Appliance supports SNMP versions 1, 2c, or 3.

NetFlow/sFlow Packet Sampling

The PSP Appliance includes a flow collector that supports sFlow and NetFlow. sFlow is an open standard and NetFlow is a Cisco Systems proprietary standard; neither is enabled by default. Therefore, you will need to enable sFlow and/or NetFlow on the switches and routers on which to you want to monitor flow data.

NetFlow and sFlow are sampling technologies, and typically 1 in 100 packet headers is sent to the PSP Appliance. Once collected, Extreme Networks uses information from the packet header, including data port, protocol, and source and destination IP addresses. This data is required for Extreme Networks to provide network usage analytics. Note that the PSP software collector only accesses packet headers. Extreme Networks does not (and cannot) access any packet content.

The PSP Appliance

Auto Discovery

Auto Discovery is a user-executed utility within the PSP tools that simplifies adding devices and interfaces to the network device list (the list of devices and interfaces from which the PSP Appliance collects data). Auto Discovery can be tightly controlled. For example, it can limit which parts of networks are subject to discovery.

Auto Discovery is commonly used during initial configuration, but can also be used to detect network changes and keep the network device list up to date.

Security

The PSP Appliance does not require a set of network credentials. Instead, Access Control Lists (ACLs) need to be modified to allow the PSP software collector to make SNMP Get requests to network devices. The only login to the software collector is through a local account used for setup and configuration. PSP Appliance communications are authenticated by means of RSA 2048-bit x509 certificates and data is transmitted by using Advanced Encryption Standard (AES) 256-bit encryption.

More detailed security information can be found in the PSP Security Overview document.

Availability

If using a hardware appliance, it can be deployed in two different configurations, standard and high availability. The high-availability configuration is comprised of two appliances in an active/passive configuration. If the primary fails for any reason, the passive becomes active and takes over

immediately.

To prevent data loss in the event the PSP software Appliance cannot connect to the PSP Data Center, the appliance stores collected data locally for up to a month. When the connection is reestablished, all collected data is transmitted. Lags in data transmission are transparent to users.

Appliance Management

The appliance is co-sourced, meaning it is remotely managed from the PSP Data Center. Software updates are automatically pushed to the appliance as required, eliminating the need for installing updates manually.

3

PSP Tools

The PSP tools transform enormous amounts of raw data into meaningful and useful information. This includes data aggregation (of the data sent from PSP Appliances), transformation, enrichment, and storage, as well as the analytical services to process requests from PSP Analytics application.

Authentication Services

The PSP tools authenticate requests from remote appliances and communicates with them by using AES 256-bit encryption. For more detailed security information, see the PSP Security Overview document.

Data Collection Services

The PSP tools receive data simultaneously from a large number of PSP collectors through an array of proxy servers that scale horizontally as necessary to handle increased data flow.

Data Transformation Services

The PSP tools transform collected data for storage in the data warehouse. In addition to standardizing data, the PSP tools perform statistical analysis to create summary information and derived metrics important to analysis. For example, when analyzing WAN circuits data, Extreme Networks creates 95th and 99th percentile metrics. These metrics are then used within circuit reports to help customers better understand circuit capacity and volatility.

Data Storage Services

The PSP tools store data in an online analytical processing (OLAP) data warehouse specifically designed for analysis of large data sets. The tools store data for up to a year and allows customers to segment data by various time intervals and attributes.

Business Context Integration

Data is integrated within a customer-specific business context to increase its value and clarify its meaning. For example, attributes such as friendly name, make, model, manufacturer, physical location, department, application, WAN circuit type, and WAN link size are added to the data. Using these attributes, reports are organized intelligently, as opposed to being mere lists of raw data associated with cryptic information, such as IP addresses, port numbers, and the like.

PSP Tools

Figure 3 shows network traffic by application, an example of a business context that is merged with network traffic data.

Figure 3: Traffic data grouped by application

Cost Correlation and Key Performance Indicators

The PSP tools track equipment, contract, and labor costs and integrates them into reports. In addition, customers can set performance targets for individual or groups of devices. Customers can indicate how much they have invested in specific infrastructure and the expected return on that investment. The PSP tools then report on the relationship between the investment, the expected return, and the actual performance. Figure 4 shows an example of application usage compared to its cost.

Notification and Escalation Services

Figure 4: Application usage cost correlation

Notification and Escalation Services

The PSP tools include a sophisticated notification engine to alert customers to potential problems. In order to shift the paradigm from traditional break-fix maintenance and reactionary network

management to one where you have more proactive control of your network operations, we have created predictive modeling and alerting capabilities. Predictive models identify relationships between metrics and events, such as system failure. The models are used for constructing reports and tripping alerts ahead of a failure event. In addition, the PSP tools use a number of additional alerting methods, including threshold based, cumulative, standard deviation, and variable alerts. The cumulative alert considers data over time, while the standard deviation alert evaluates performance data against historical norms and alerts on outliers. These techniques all provide more useful and accurate alerts, reducing false-positives.

Customers can create escalating alerts with virtually unlimited levels, including primary, secondary, tertiary and so forth, up to 1,024 contacts. Figure 5 shows the creation of a predictive alert on CPU Utilization.

PSP Tools

Figure 5: Extreme Networks alert configuration

Scalability

The PSP tools are built from the ground up to run as a set of hosted services and to support thousands of customers simultaneously. The tools are segmented into tiers and designed to scale horizontally as traffic and data volume increases.

LAMP Foundation

Telecommunications Grade Data Center

Telecommunications Grade Data Center

The PSP tools are hosted within a Telecommunications grade data center with a direct connection to the Internet backbone, complete redundancy, and a broad set of physical and technical security measures. For more detailed information, consult the PSP Security Overview document.

4

PSP Analytics

PSP tools are accessible anywhere, anytime from an Internet browser. PSP Analytics is used daily by network engineers, server administrators, and application administrators to manage IT infrastructure, and by IT managers to make better informed infrastructure planning decisions.

PSP ePortal Features

PSP Dashboards

Users have access to create and display up to 10 dashboards, each containing up to nine individual reports. Preconfigured dashboards are structured to provide views that make it easy to view a particular area of infrastructure. Dashboards are preconfigured views that make it easy to view a particular area of infrastructure. Figure 6 shows an example of a server dashboard with six server reports.

PSP Analytics

Figure 6: Server dashboard

From a dashboard, users can view individual reports by clicking on the report name. Users can easily share dashboards with other users. When active on a user’s desktop, a dashboard will automatically refresh every five minutes.

Point-and-Click Report Creator

Pre-packaged reports are created using a point-and-click interface that includes devices, metrics, and report options. Users control report grouping, view ranges, graph intervals, aggregation types, and time-zone data within each report template.

PSP ePortal Features

Figure 7: Report Creation

Drill-Down Reporting

All reports have drill-down capabilities that provide increased levels of detail without creating new reports.

Sophisticated Graphics

To facilitate analysis, Extreme Networks offers a variety of graphical data representations. For example,

Figure 8 shows an Extreme Networks pie chart and stacked-line chart, which are commonly used for analyzing network traffic by application.

PSP Analytics

Figure 8: Network traffic graphical analysis

Report and Dashboard Sharing

Reports and dashboards can be saved and shared with other users.

Automated Report Distribution

Preconfigured Dashboards and Reports

Preconfigured Dashboards and Reports

In conjunction with Extreme Networks customers, Extreme Networks builds and maintains a set of preconfigured dashboards and reports. The dashboards and reports are published through the PSP Analytics application. Extreme Networks on-demand architecture enables changed or improved reports to be immediately available to customers. Customers can copy the preconfigured dashboards and reports to their own report library, where they can be customized.

Preconfigured Reports

Extreme Networks offers nearly 40 preconfigured reports, categorized according to Bandwidth Management, Server Management, Network Management, Applications and Top 10. For more information on reports, please see the document How to Create Custom Reports.

5

Customer Network Impact Overview

The PSP tools are deployed without agents, packet sniffers, or probes, and use a hosted application architecture, helping to make the impact of PSP tools almost negligible on network resources. Extreme Networks implementation of SNMP monitoring carefully avoids using computationally expensive techniques, such as “walking”. Get operations are batched to further reduce computation. CPU utilization of monitored devices is typically less than 1 percent. Utilization of network resources is dependent primarily on the number of devices being monitored, and is typically less than 0.1 percent of network capacity, and is almost always lower than 1 percent. Table 1 shows SNMP use of network capacity for various numbers of devices, given the assumptions stated at the bottom.

Extreme Networks implements NetFlow and sFlow monitoring with similar efficiency. Before taking into account compression, network utilization is less than 1 percent; actual use is typically much smaller. CPU utilization is typically less than 1 percent.

For example, consider the packets generated when a user downloads a large file from the Internet. Typically, packets thereby received are hundreds of kilobytes (KB) in size. When sFlow samples the packets, it only captures 128 bytes. If the average packet is 512 KB, the sFlow sample is only 0.02 percent of the total. When combined with the 1/100 sampling rate, this means that the maximum bandwidth usage is only by 0.0002 percent. NetFlow captures significantly less data in its sampling, so its bandwidth usage is even less than sFlow’s usage.

Table 1: SNMP network utilization

Devices SNMP Traffic (kbps) % of network capacity

1 0.048 0.0000 500 23.906 0.0233 1,000 47.813 0.0467 5,000 239.063 0.2335 10,000 478.125 0.4669 SNMP traffic assumptions

Polling period 5 minutes Community string length 20 characters Average data points per device 30

SNMP header size 288 bits Variable list size 14,400 bits

A

Metrics

NOTE

Metrics may be added or deleted and are subject to change without notice. The following metrics included in this section are representative of the metrics available at this time.

Device Metrics

● Number of active processes running on a CPU ● Active Users

● Number of users logged onto a device ● Antivirus Availability

● Automatic Updates Availability ● Backup Client Availability ● Battery Capacity

● Battery Temperature ● Battery Time Elapsed ● Battery Time Left ● Connected Devices ● CPU Utilization

● DHCP Server Availability ● Disk Space Total

● Disk Space Used ● Disk Space Utilization ● DNS Server Availability ● Email Availability ● Established TCP Connections ● FTP Service Availability ● HTTP SSL Availability ● IMAP4 Availability ● Info Store Availability ● Input Frequency ● Input Line Voltage ● Load Average ● Memory Total

Metrics

● Memory Used ● Memory Utilization

● MS SQL Server Availability ● MTA Stacks Availability ● NNTP Availability ● Output Current ● Output Load ● Output Voltage ● Packet Discards ● Packet Errors ● Packets/Sec ● POP3 Availability ● SMTP Availability ● SNMP Service Availability ● System Attendant Availability ● Temperature

● Terminal Svcs Availability ● Traffic Utilization

● Uptime

● Virtual Memory Used

● WWW Publishing Availability

Interface Metrics

VPN Metrics