5-minute summary file
A 5-minute summary file, created by a CA Application Delivery Analysis Standard Monitor, Multi-Port Monitor, Virtual Systems Monitor, CA GigaStor, or a Cisco NAM, consists of 5-minute averages for each performance metric, application, server, and network combination.
access layer
In a typical three-tier LAN network (access, distribution, core), the access layer is the closest layer to the server and connects servers to the network. Switches and hubs usually fall into the access layer. Typically, all server traffic can be seen at this layer, but this requires the most monitoring points.
ACK packet
During the TCP connection setup, an ACK packet is sent by the client to the server to acknowledge receipt of a SYN-ACK packet from the server.
action
See responsive action.
application
An application specifies a TCP port or port range to monitor across a range of server IP addresses, such as TCP-80 traffic across a /29 server subnet.
Application Connection Time investigation (term)
An application connection time investigation is an application incident response that provides IT staff with information about how long it takes to connect to a TCP/IP application port. This includes time for the server to respond with a connection acknowledgment. A CA ADA administrator can also launch or schedule this investigation.
application incident
An application incident occurs when a Network Incident or a Server Incident impacts the performance of an application.
The threshold for a combined metric is crossed when an underlying Network Incident or Server Incident causes a combined metric for an application to cross a performance threshold.
When a combined metric crosses a threshold, the management console rates the performance impact to the application as Major (orange) or Minor (yellow), but does not create an application incident response. You must define the application incident response to launch when an underlying Network or Server Incident occurs for the application.
application incident response
An application incident response is an application response to a Network incident or a Server incident. For example, if you configure an application incident response for the Exchange application, the management console launches the incident response when a Network incident is created by clients accessing the Exchange application, or a Server incident is created by a server that hosts the application. The management console does not launch an application incident response when the threshold for a Combined metric, such as Data Transfer Time, is crossed. The management console lets you assign the following responses to a application: Email notification, SNMP Trap notification, and Application Connection Time investigation.
availability operational level agreement (availability OLA)
An availability operational level agreement (availability OLA) reports the percentage of time that an application is available. For example, an application must be available on a server 99% of the time over a one month period.
baseline
A baseline enables you to see what is historically normal performance in your network. The management console automatically reports baselines for all TCP sessions between an application port on a server, and a client network. Use baselines to compare the current performance of an application to a historical average of past performance. A crossed baseline does not necessarily indicate a problem. Baselines are calculated hourly, and take into account hour of the day, day of the week and day of the month.
CA ADA Availability Poller service
The CA ADA Availability Poller service checks the availability of an application. If the server that hosts an application is monitored by a CA Standard Monitor, the check is performed by the monitoring device. Otherwise, the CA ADA Availability Poller service on the CA ADA Manager checks the availability of the application.
CA ADA Batch service
The CA ADA Batch service stages .dat data files for processing by the CA ADA Master Batch service on the CA ADA Manager. This service runs on the CA Standard Monitor.
CA ADA Data Pump service
The CA ADA Data Pump service performs weekly database maintenance on the CA ADA Manager.
CA ADA Data Transfer Manager service
The CA ADA Data Transfer Manager service synchronizes Cisco WAE device monitoring based on the applications, servers, and client networks defined on the CA ADA Manager. This service runs on the CA ADA Manager.
CA ADA Inspector Agent service
The CA ADA Inspector Agent service launches an investigation on an application, server, and its related networks. If the server that hosts an application is monitored by a CA Standard Monitor, the investigation is launched from the monitoring device. Otherwise, the CA ADA Inspector Agent service on the CA ADA Manager launches the investigation.
CA ADA Inspector service
The CA ADA Inspector service loads five minute .dat files processed by the CA ADA Master Batch service into the CA ADA Manager database and communicates with the CA ADA Inspector Agent service to launch investigations. This service runs on the CA ADA Manager.
CA ADA Master Batch service
The CA ADA Master Batch service runs on the management console to receive data files from the CA ADA Batch service on the CA Standard Monitor for processing into 5-minute .dat files. This service runs on the CA ADA Manager.
CA ADA Messenger service
The CA ADA Messenger service synchronizes monitoring on any assigned CA Standard Monitor, CA Multi-Port Monitor, and CA GigaStor monitoring devices, based on the applications, servers, and client networks defined on the CA ADA Manager. This service runs on the CA ADA Manager.
CA ADA Monitor Management service
The CA ADA Monitor Management service responds to requests from the CA ADA Manager to transfer .dat files. This service runs on the CA Standard Monitor.
CA ADA Monitor service
The CA ADA Monitor service receives mirrored TCP packets and packet digest files from a CA ADA monitoring device. This service runs on the CA Standard Monitor and the CA ADA Manager.
CA ADA Reader service
The CA ADA Reader service runs on a CA GigaStor to send packet digest files, which consist of TCP headers, to the assigned CA ADA Standard Monitor or Multi-Port Monitor for metric calculation.
CA Application Delivery Analysis Manager (CA ADA Manager)
The CA Application Delivery Analysis Manager (CA ADA Manager) is a component of the CA ADA architecture that provides central configuration, analysis, management, and reporting across multiple monitoring devices. The CA ADA Manager receives response time metrics from any assigned monitoring devices, including a CA ADA Standard Monitor, Multi-Port Monitor, Virtual Systems Monitor, CA GigaStor, or a Cisco NAM.
CA Observer Expert
CA Observer Expert is bundled with CA GigaStor. It combines application response time monitoring from CA ADA, with the ability to drill down into packet level data for root cause analysis.
combination
A combination identifies the time frame, application port, server, network, and performance metric where CA ADA computes response time metrics. For example, the management console can report on the average Network Connection Time for all applications and servers that communicated with the Development client network in the last 24 hours.
Combined metric
A Combined metric indicates that an application performance problem is caused by either a server that hosts the application or a network that is communicating with the application, or both. The CA ADA management console sets a performance threshold for each of the following Combined metrics: Data Transfer Time and Transaction Time. Note that the management console does not create application incidents. However, because Combined metrics include both Network and Server metrics, the management console can rate a server or network as Minor (yellow) or Major (orange), and rate the corresponding performance impact on the application itself. For example, if a Server metric is rated as Minor, the management console can also rate a Combined metric for the application as Minor.
control port application
A control port application uses two TCP ports. The control port sends and receives the request information, and the data port sends and receives the actual data. The same monitoring device must monitor both the control port and the data port traffic to determine the transaction response time. Any type of monitoring device can monitor a control port application.
core layer
In a typical three tier LAN network (access, distribution, core), the core layer enables high speed interconnection of distribution layer devices. the core layer usually has the highest speed interconnections and the highest power routers and switches in the network. Typically only client to server transactions are seen at this layer.
Data Transfer Time
Data Transfer Time is a Combined metric that measures the time it takes to transmit a complete application response from the first response (the end of the Server Response Time) to the last packet sent in the request.
Data Transfer Time excludes the initial server response time and includes Network Round Trip Time if there is no more data to send that fits in the TCP window. The response time can be impacted by the design of the application, or the performance of the server or network.
The management console does not open an incident when the Data Transfer Time threshold is crossed.
device
A device can be any TCP/IP system connected to the monitored network.
discarded packet
A discarded packet is a packet that was intentionally discarded by a monitoring device because the packet did not match the list of applications, servers, and client networks that are specified on the management console.
distribution layer
In a typical three tier LAN network (access, distribution, core), the distribution layer is where routing, filtering, and policy management take place. This layer usually includes routers and layer three switches. Data is gathered when access switches send data to the distribution layer. Some server-to-server traffic can be seen at this layer, as long as the servers are on different switches.
domain
A domain separates client IP traffic for reporting purposes and identifies the DNS server that the management console uses to resolve the host name of a server.
dropped packet
A dropped packet is a packet that is not analyzed by the packet capture driver on a CA Standard Monitor or by the GigaStor Connector on a CA GigaStor, because the monitoring device is too busy to process all of the packets it receives. If the monitoring device drops too many packets, the management console creates a Major monitoring device incident. The management console does not monitor packet loss at the server switch port or the monitor NIC on the monitoring device.
Effective Network Round Trip Time
Effective Network Round Trip Time is a Network metric that consists of Network Round Trip Time plus Retransmission Delay. Note that Retransmission Delay is not the delay due to retransmissions; it is the average amount of retransmission delay per round trip. It is important to note that the management console is adding two averages, and is actually combining two metrics.
Email notification
An Email notification is an application incident response, server incident response, or network incident response that notifies the recipients about a threshold violation for the affected applications, servers, or networks.
Estimated Hop Delay
Estimated Hop Delay is the estimate of how much delay was encountered between two nodes. The management console determines this estimate by using the average of all the samples taken, for example, during a Trace Route investigation.
Expired Sessions
Expired Sessions measures the number of TCP sessions where the CA ADA Monitor service did not see the TCP session tear down (FIN or RST packet). Sessions which are inactive for a period of time are cleared out of memory and marked as Expired. The management console classifies a session as Expired if it does not observe any packets in a 15 minute period. Too many expired sessions left open can cause servers to become unresponsive.
FIN packet
In the TCP protocol, a SYN packet is used by the client when establishing a TCP connection to a server. Likewise, the FIN packet is used to begin the tear down or termination of the TCP connection. The monitoring device determines that a TCP conversation is being terminated when it receives a FIN or RST packet.
fragmented packet
A fragmented packet is a packet that has been split into multiple packets as it traverses the network.
hop
A hop is the logical link between two gateways in a network. When a data packet traverses a network, it will usually pass through one or more routers or gateways. The path between any two logically adjacent gateways is considered a hop.
incident
An incident is opened by the management console to raise awareness about a period of anomalous behavior on an application, server, or client network. See responsive action.
incident response
An incident response helps you troubleshoot a problem at the time it occurs, and reduce the mean time to repair. Assign incident responses to your business-critical applications, servers, and networks. Incident responses notify your team about a performance degradation and actively investigate a problem to gather additional information that can help you identify the root cause of a performance degradation.
investigation
An investigation is an active inquiry into specific performance data on applications, networks, and servers. The management console can automatically launch an investigation in response to an incident. A CA ADA administrator can also launch or schedule an investigation.
keep-alive messages
A method to keep a TCP connection active and established persistently rather than establishing a new TCP connection for each request/response. TCP keep-alive messages follow a known format and do not skew response time metrics. Application keep-alives, which increment sequence numbers and contain payload, can skew measurements of some server metrics, such as Server Response Time (SRT).
Major performance rating
A Major performance rating is a severity state (orange) that is represented in the management console to indicate that the metric value exceeds the Major threshold. The management console sets thresholds for both Minor and Major performance degradations.
metric digest file
A metric digest file contains the pre-calculated response time metrics from a Cisco NAM. The CA ADA Manager receives metric digest files from a Cisco NAM.
Minor performance rating
A Minor performance rating is a severity state (yellow) that is represented in the management console to indicate that the metric value exceeds the Minor threshold. The management console sets thresholds for both Minor and Major performance degradations.
monitor feed
A monitor feed is a source of response time information, such as a CA Standard Monitor.
monitoring device
A monitoring device monitors TCP transactions and calculates application, server, and network response time metrics.
monitoring device incident
A monitoring device incident is created by the management console if the threshold for the performance and availability of a monitoring device is violated. For example, if a device becomes unreachable, no data is seen by the device, or a device discards packets.
monitoring unit
A monitoring unit is the processing load that is created on the CA ADA Manager by adding a monitoring device. For example, a CA Standard Monitor utilizes one monitoring unit. The CA ADA Manager supports up to 15 monitoring units.
multi-tier application
A multi-tier application is an application with more than one server, and communication between servers is performed by at least one server that acts as both a server to client requests, and a client to another server.
NetQoS MySql51 service
Starts and stops the MySql server which hosts the CA ADA Manager database.
Network Connection Time
Network Connection Time (NCT) is a Network metric that measures the amount of time between the Syn-Ack sent by the server and the Ack received back from the client. When a network is uncongested, it is a measurement of network latency that represents the minimum latency due to distance and serialization, and is the best possible round trip time for your network architecture. Sudden spikes in this value are commonly attributed to congestion, while a plateau (which goes up and stays up) typically indicates a path change.
Network incident
The management console creates a Network incident when the threshold for a network metric, such as Network Round Trip Time, Network Connection Time, Effective Round Trip Time, or Retransmission Delay, is exceeded during a 5-minute interval for a particular application, server, and network combination.
network incident response
An Network incident response is a CA ADA response to a Network incident. The CA ADA administrator can assign an Email notification, SNMP Trap notification, and Trace Route investigation to a Network incident.
Network metric
A Network metric indicates an application performance problem is caused by a network that is communicating with the application. Use the CA Application Delivery Analysis management console to customize the performance thresholds for each of the following Network metrics: Network Round Trip Time, Network Connection Time, Effective Network Round Trip Time, and Retransmission Delay.
network region
A network region is a management console tool used to automatically expand a broad subnet definition into narrower subnets. You can define a network with up to 256 regions, such as a /16 network with 256 regions, to define 256 /24 networks. If you use network regions, the management console reports on the narrower network region subnet definitions rather than the broader network definition.
Network Round Trip Time
Network Round Trip Time is a Network metric that measures the time that a packet takes to travel across the network in both directions between the server and clients on a network, excluding lost packets. Application, server, and client processing time are excluded.
network tap
A network tap is a hardware device that lets you access the data flowing across a computer network. After a tap is in place, you can connect a monitoring device to it without impacting the monitored network. Taps enable you to view traffic occurring in both directions (upstream and downstream), but only in one broadcast domain in a switched network.
network type
A group of networks that share the same physical access to the application. For example, all of the subnets at a remote site would share the same WAN link to the data center.
observation count
The observation count measures the number of times during a five minute interval that a monitoring device calculates a performance metric for a particular application, server, and network combination. Within a TCP transaction there can be different numbers of observations for different metrics. For example, there may be more observations of Network Round Trip Time than Server Response Time. Other metrics are links and will always have the same number of observations. For example, each TCP transaction has one Server Response Time observation and one Data Transfer Time observation. To rate a metric as Normal, Minor (yellow), or Major (orange), the metric must have a minimum number of observations.
OLA
See performance operational level agreement (performance OLA) and availability operational level agreement (availability OLA).
Packet Capture investigation
A Packet Capture investigation is an application incident response or a server incident response that performs a filtered capture of a particular server, application port, and network experiencing a problem. A CA ADA administrator can also launch or schedule this investigation.
packet digest file
A packet digest file contains the TCP headers from a Cisco WAE device, or CA GigaStor Connector.
Packet Loss Percentage
Packet Loss Percentage is a Network metric that measures the ratio of retransmitted data to total data within the network from the vantage point of the monitoring device adjacent to the server. The monitoring device can see packets retransmitted by the server due to data loss in the server-to-client direction along the network path. When data loss occurs in the client-to-server direction before reaching the server, the monitoring device cannot observe the packet loss, and that loss is not included in the Packet Loss Percentage. On the Engineering page of the management console, Packet Loss Percentage is part of the QoS report.
performance operational level agreement (performance OLA)
A performance operational level agreement (performance OLA) lets you evaluate compliance with application performance goals for a remote site. By default, the management console does not define operational levels for application performance.
performance thresholds
A performance threshold is a boundary of acceptable performance behavior that exists by default for each application. Thresholds enable the management console to rate data. They contribute to incident creation, incident responses, and investigations.
Performance via SNMP investigation
A Performance via SNMP investigation is a server incident response that uses SNMP to poll a server for performance information, such as CPU and memory utilization. A CA ADA administrator can also launch or schedule this investigation.
permission set
A defined list of application, server, and network aggregations that a user has permission to view. An aggregation can be a member of one or more permission sets.
Ping Response Time investigation
A Ping Response Time investigation is a server incident response that measures the time it takes to receive a ping reply after sending a ping request, and report on the packet round trip time. A CA Application Delivery Analysis administrator can also launch or schedule this investigation.
Ping Response Time vs. Packet Size investigation
A Ping Response Time vs. Packet Size investigation measures the time it takes to receive a ping reply for ping requests (data packets) of various sizes. This investigation helps track excessive delays and lack of connectivity at various packet sizes. A CA ADA administrator can manually launch or schedule this investigation.
port exclusion
A port exclusion filters the application port traffic at the monitoring device and maximizes the available resources on the management console, while at the same time focusing the management console user’s attention on the applications of interest. The monitoring device ignores TCP sessions that match a port exclusion.
product privilege
A product privilege determines the actions that can be performed by a user on the Administration page.
Refused Session Percentage
Refused Session Percentage is a Server metric that measures the percentage of connection requests the server explicitly rejects during the reporting interval. This metric is part of the Unfulfilled TCP/IP Session Requests report in the CA ADA management console.
report page
The management console organizes report data under standard report pages designed for particular types of users such as operations personnel, executives, and engineers.
responsive action
A responsive action, such as sending a notification or starting an investigation, is a response to a performance threshold violation.
Retransmission Delay
Retransmission Delay is a Network metric that measures the elapsed time between the original packet send and the last duplicate packet send. The management console reports Retransmission Delay as an average across observations and not just for the retransmitted packets. For example, if one packet in a set of 10 requires 300 ms of retransmission time, the Retransmission Delay is reported as 30 ms (300 ms/10 packets).
role
A role specifies the pages of the CA ADA management console that are displayed to a CA ADA user.
RST packet
A RST packet is a normal way to end a TCP session. A web browser typically ends a session with RST rather than FIN. The management console counts a RST packet during the connection handshake as an Unfulfilled Session Request. If the monitoring device sees a RST before the TCP three way handshake has completed, the management console considers the session to be rejected.
sensitivity level
The sensitivity level is a unitless measure on the scale of 0-200 that is applied to a proprietary formula which calculates a new threshold for each client, server and application combination, based on historical data. The management console automatically generates a new threshold value for a metric each night at midnight GMT, using percentile statistics from the last 30 days. The management console automatically generates a separate set of threshold values for the users who access an application from each client network.
Server Connection Time
Server Connection Time (SCT) is a Server metric that measures the amount of time that a server takes to acknowledge the initial client connection request by sending a Syn-Ack in response to the client’s SYN packet.
Server incident
A Server incident is created by the management console when the threshold for a Server metric, such as Server Response Time, Server Connection Time, Refused Session Percentage, or Unresponsive Session Percentage, is exceeded during a five minute interval for a particular application, server, and network combination.
server incident response
A Server incident response is a response by the management console to a Server incident. The management console lets you assign the following responses to a Server incident: Email notification, SNMP Trap notification, Ping Response Time investigation, Performance via SNMP investigation, and Packet Capture investigation.
Server metric
A Server metric indicates that an application performance problem is caused by a server that hosts the application. Use the CA ADA management console to customize the performance thresholds for each of the following Server metrics: Server Response Time, Server Connection Time, Refused Session Percentage, and Unresponsive Session Percentage.
Server Response Time
Server Response Time is a Server metric that measures the time it takes for a server to send an initial response to a client request, or the initial server think time. Increases in the Server Response Time generally indicate a lack of server resources such as CPU, memory, disk I/O, a poorly written application, or a poorly performing tier in a multi-tier application.
server subnet
A server subnet identifies a contiguous range of server IP addresses that are monitored by each monitoring device. When defining an application, you can assign a particular server subnet to an application, to enable the management console to automatically monitor application performance across a contiguous range of server IP addresses.
severity
Severity classifies performance data as None, Unrated, Minor, Major, and Unavailable, by established thresholds over a time period.
SNMP profile
A SNMP profile is used by the management console to manage SNMPv3 user credentials and SNMPv1 and SNMPv2 community names. A SNMP profile maintains the SNMP user credentials required by the management console to query the SNMP agent on a server or network device and to send a SNMP trap message.
SNMP Trap notification
A SNMP Trap notification is an application incident response, network incident response, or server incident response that notifies a SNMP Manager about the Open or Closed incident status of the affected applications, servers, or networks.
SPAN
Switched Port Analyzer (SPAN), also known as port mirroring, is used on a Cisco network switch to send a copy of all network packets seen on one switch port to a network monitoring connection on another switch port. This is commonly used by network appliances to monitor network traffic. SPAN enables monitoring devices to view traffic occurring on multiple broadcast domains on one or more switch ports. SPAN capabilities vary by chassis.
SYN packet
In the TCP protocol, conversations (connections) between clients and servers are established by means of a three-way handshake. The SYN packet is sent by the client to a server to initiate the connection setup. A monitoring device uses the SYN packet in the timing and analysis of monitored connections on the network.
SYN-ACK packet
During the TCP connection setup, a SYN-ACK packet is sent by the server to the client to acknowledge receipt of a SYN packet from the client. A monitoring device uses the SYN-ACK packet in the timing and analysis of monitored connections on the network.
synchronize monitoring devices
Synchronize monitoring devices to monitor TCP sessions based on the current client network, server subnet, and application definitions on the management console. To minimize temporary interruptions to monitoring during synchronization, complete all changes before synchronizing monitoring devices.
tap
See network tap.
three-way handshake
A three-way handshake, in the TCP protocol, is used to establish a connection between a client and a server. The SYN packet is sent by the client to a server to initiate the connection setup. A SYN-ACK packet is sent by the server to the client to acknowledge receipt of a SYN from the client. Finally, an ACK packet is sent by the client to the server to acknowledge receipt of a SYN-ACK from the server and to establish the TCP connection. A monitoring device uses the three-way handshake in the timing and analysis of monitored connections on the network.
thresholds
Trace Route investigation
A Trace Route investigation is a network incident response that records the path and each hop between a monitoring device and end-points to monitor latency and routing issues, and optionally, SNMP poll each router for its performance information. A CA ADA administrator can also launch or schedule this investigation.
traceroute
Traceroute refers to either of two types of diagnostic tools used in incident analysis: ICMP or TCP.
transaction
A transaction is a TCP request and all the subsequent responses. A single application transaction, such as loading a web page, can consist of multiple TCP transactions.
Transaction Time
Transaction Time is a Combined metric that measures the amount of time elapsed from when the client sends the request to when it receives the last packet in the response. Transaction Time is the sum of Server Response Time, Network Round Trip Time, Retransmission Delay, and Data Transfer Time. The management console does not open an incident when the Transaction Time threshold is crossed.
Unrated performance rating
An Unrated performance rating, indicated by a gray severity state on the Operations page of the management console, means that either there is insufficient past data to establish a threshold (two full business days of data are needed), or there were not enough observations to exceed the minimum observations threshold.
Unresponsive Session Percentage
An Unresponsive Session Percentage is a Server metric that measures the percentage of sessions where a connection request was sent, but the server did not respond. This metric is part of the Unfulfilled TCP/IP Session Requests view.
WAN
A wide area network (WAN) is a network that typically covers a large, diverse area comprised of multiple Local Area Networks or LANs. WANs can be private, used by different offices of a single enterprise, or public, such as the Internet.
WAN optimization device
A WAN optimization device reduces the volume of traffic that is transferred between the data center and a remote office through compression or other algorithms. Cisco WAE devices and Riverbed Steelhead appliances are examples of WAN optimization devices.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|