15-minute (historical) data
15-minute (historical) data is longer-range information that is collected for each interface. The information includes the protocols, hosts, and conversations for each interface. Summary data is also collected for the ToS, the top protocols for the top ToS values, and the top hosts and conversations for the top ToS values. The data is stored in a MySQL database named nqrptr, which is at <NFA_install_path>\MySql51\data\nqrptr.
1-minute (high-resolution) data
1-minute (high-resolution) data is detailed information that is collected from each Harvester and is provided to the NFA console for display in views and reports. The data includes top protocols for each interface; traffic for the top hosts and conversations; top conversations for the top protocols; and top protocols, hosts, and conversations for the top ToS values. The 1-minute data is stored on the Harvester server in a database at <NFA_install_path>\Netflow\data\archive.
Administrator
An Administrator, in the context of this document, is a person who is responsible for administering CA Network Flow Analysis in the NFA console. An Administrator also manages elements in the CA Performance Center Console that are related to CA Network Flow Analysis, such as SNMP profiles, IP domains, groups, user accounts, permissions, privileges, and roles.
application mapping
Application mapping is a rule-based technique for combining the traffic for an application to facilitate reporting for the application. Application mapping rules are based on factors that can include the traffic origin (host, subnet and mask, and/or port), ToS, and protocol.
baseline
A baseline is a record of typical behavior, which is computed from past behavior. Baselines help you compare changes over time and predict future data or performance. Comparing current values to baseline projections is useful for determining whether current values are typical. The baseline in a trend plot is computed by using data from the six weeks before the selected date range, excluding the data point already in the trend plot.
conversation
A conversation is a session of subnet-to-subnet or user-to-user (host-to-host) traffic. The NFA console displays conversation information, so you can find out whether a particular conversation is causing a traffic spike on an interface, for example. You can create and run reports to identify the top volume-based conversations.
custom virtual interface
A custom virtual interface (CVI) is an abstract representation of a network interface, which corresponds to one or more subnets of actual physical interfaces. CVIs can give you visibility into network traffic for a carrier cloud. Set up CVIs for data center traffic that is transferred to subnets through an MPLS carrier cloud when flow is enabled on the routers in the data center.
data sources
Data sources are the supported products--such as CA Network Flow Analysis--that provide performance data for display in CA Performance Center. Data sources also provide some configuration data that is stored in CA Performance Center. CA Network Flow Analysis performs monitoring, data collection, data aggregation, and other tasks. Some of these tasks are performed independently, but once an instance of CA Network Flow Analysis is registered to an instance of CA Performance Center, CA Performance Center refers to the CA Network Flow Analysis instance as a data source.
drilldown report
A drilldown report on an Interfaces page is a view of detailed data about an interface. To display an interface drilldown report, select Interfaces from the NFA console menu, then locate and click an interface link. You can also display this type of report by clicking an interface link in an CA Performance Center dashboard or on other types of CA Network Flow Analysis views.
DSA (Data Storage Appliance)
A DSA (Data Storage Appliance) is a component in a three-tier architecture deployment of CA Network Flow Analysis. Each DSA collects 15-minute resolution (historical) data from the NFA console and stores it. In a two-tier architecture deployment, the 15-minute data is processed and stored on the Harvester.
firewall
A firewall server acts as a gateway between a local area network (LAN) and a large network that is not secure--such as the Internet. A firewall server typically runs a software package that inspects inbound and outbound packets, and decides whether to allow the packets to pass.
flow
A flow is a set of IP packets that pass a network observation point during a certain time interval. In CA Network Flow Analysis 9.1.2, flow may consist of NetFlow v5, v7, or v9; sFlow version 5; or IPFIX, Jflow, cFlow, or Huawei NetStream flow that conforms to the standards for NetFlow v5, v7, or v9.
group
A group is a collection of managed items. You can create custom groups in CA Performance Center to let you logically organize managed items in a tree structure, which is propagated to CA Network Flow Analysis. A global administrator can create custom groups of managed items, such as applications, servers, networks, routers, and interfaces, to reflect each user’s area of responsibility. Local Administrators for CA Network Flow Analysis and operators can find items according to group.
Harvester
A Harvester is a component in a distributed deployment of CA Network Flow Analysis, which collects raw flows from the routers. In a two-tier architecture deployment, the Harvester processes and stores the 1-minute and 15-minute data. In a three-tier architecture deployment, the Harvester processes and stores the 1-minute data. The NFA console retrieves and processes the 15-minute data.
host
A host is a specific computer engaged in an exchange across the network. In some cases, a host represents a managed services provider whose IT staff manage and monitor the networks and systems of multiple customers. In CA Network Flow Analysis, hosts are identified by name or IP address. You can track host activity to find out whether a specific server or end-user system is responsible for significant traffic on an interface, for example. You can create and run reports about the traffic that is generated or is received by specified hosts.
IIS
IIS is the Web server that is part of the Microsoft Windows Server application. IIS consists of several services, including Simple Mail Transfer Protocol (SMTP). In versions of IIS before 5.0, IIS is an abbreviation for Internet Information Server. In version 5.0 and later, IIS is an abbreviation for Internet Information Services.
interface
An interface is a point of connection, such as a Serial, Frame Relay, Fast Ethernet, ATM, or PVC interface. CA Network Flow Analysis reports on any logical interface that is enabled on a supported router that has flow enabled. The NFA console displays the interfaces that are monitored in your environment.
IP domains
IP domains are logical groupings that identify data that is collected from different devices and networks. Monitoring by domain means that IP addresses with associated interfaces or applications that belong to separate customer networks are monitored separately. When combined with appropriate permissions, IP domains are monitored from a single console, but users view data only for the domains that they monitor. Administrators create custom IP domains in the CA Performance Center Console and assign Harvesters, interfaces, and CVIs to IP domains in the NFA console.
LDAP
LDAP, or Lightweight Directory Access Protocol, is a software protocol for locating organizations, individuals, and other resources, such as files and devices in a network. LDAP is based on a client/server model. The LDAP client makes a Transmission Control Protocol (TCP) connection to an LDAP server, and then sends requests and receives responses over this connection.
NetFlow
NetFlow is a transaction between two hosts, which uses a unique pair of port numbers and IP addresses and which includes certain network traffic information. A Cisco router can be configured to export flow information by sending UDP packets that contain flow statistics to one or more collectors such as the Harvesters. CA Network Flow Analysis supports NetFlow versions 5, 7, and 9 and sFlow version 5. CA Network Flow Analysis also supports IPFIX, Jflow, cFlow, and Huawei NetStream that complies with the standards for NetFlow v5, v7, or v9.
NFA console
The NFA console is a component in a distributed deployment of CA Network Flow Analysis, which provides a web-based user interface for reports and for some administrative functions. The NFA console creates reports from Enterprise Overview data, which is stored locally and from the 1-minute resolution data and 15-minute resolution data that it retrieves from other components.
permission groups
Permission groups in CA Performance Center comprise the scope of the managed items that each user can monitor. Administrators can create custom groups of managed items, such as applications, servers, networks, routers, and interfaces, to reflect each user’s area of responsibility. When an Administrator for CA Network Flow Analysis assigns custom groups to a user account as permissions, the groups are called permission groups.
product privilege
A product privilege is a type of permission that is associated with a user account in CA Performance Center. The product privileges grant access to features in CA Performance Center. CA Network Flow Analysis, and any other data sources that are bound to the CA Performance Center instance. Administrators for CA Network Flow Analysis assign product privileges to user accounts in CA Performance Center.
report
A report is a display of collected data, which you view in the NFA console from the Enterprise Overview, Interfaces, Custom Reporting, Flow Forensics, and Analysis pages. You can print or save reports in PDF format. You can also export reports as comma-separated value (CSV) files. An Administrator can set up some reports to be sent by email at scheduled intervals.
reporting information base (RIB)
The reporting information base (RIB) is a system of web services and XML files that CA Infrastructure Management uses to describe and provide the data in CA Performance Center views and dashboards. This data originates from data sources that are registered with the CA Performance Center instance, such as CA Network Flow Analysis. The RIB capability provides an operating environment for cross-product, federated, and third-party reporting and a single data access web service with SQL-like capabilities.
reporting period
A reporting period is a user-specified time range for data to be included in a CA Network Flow Analysis report. The time options vary with each report type, but the report period could consist of hours, days, weeks, or months.
Reserved Seating
Reserved Seating is a rule-based technique for ensuring that reports include the traffic that interests you, even if the traffic volume or rate is low. The rules create ‘reserved seats’ in reports for data that matches the target ports and protocols.
role
A role is a parameter that an Administrator for CA Network Flow Analysis assigns to a user account, which controls user access to CA Network Flow Analysis product features and to CA Performance Center dashboard pages. A role also can grant administrative access to product configuration. In a well-planned deployment, roles let users access the features that they require to perform their duties Roles also restrict access to features that users do not require.
Single Sign-On
Single Sign-On is the authentication scheme used by CA Network Flow Analysis and the other CA data sources that CA Performance Center supports. The Single Sign-On component provides the login page that supports user authentication in CA Performance Center and in the data source products. Once users are authenticated for CA Performance Center, they can navigate among CA Performance Center, CA Network Flow Analysis, and other registered data sources without signing in again.
SMTP
SMTP (Simple Mail Transfer Protocol) is the Transfer Control Protocol/Internet Protocol (TCP/IP) protocol that is used for sending and receiving e-mail in data networks.
SNMP
SNMP (Simple Network Management Protocol) is a network management protocol that is used almost exclusively in data networks. SNMP is a method for monitoring and controlling network devices, as well as managing configurations, statistics collection, performance, and security.
SNMP profiles
SNMP profiles are definitions that contain the information that is necessary to enable secure queries of device MIBs by using SNMP. Each connection to a device is made by using one of the SNMP profiles that are stored in CA Performance Center. Administrators for CA Network Flow Analysis can create SNMP profiles in CA Performance Center as needed.
synchronization
Synchronization, or global synchronization, is an automatic process in CA Performance Center, in which information from CA Network Flow Analysis and other data sources is received and processed. Synchronization occurs every 5 minutes and includes configuration and performance data from all registered data sources.
trap
A trap is a message that indicates a threshold has been reached or that another user-defined condition has occurred. An SNMP agent sends traps to the NFA console or to a network management system (NMS). The Watchdog agent defines a number of traps for system and application management.
trend line
A trend line is a projection of the future performance of an element that is based on data from past performance. CA Network Flow Analysis constructs the trend line as the best straight line through the data points of the baseline period.
Web user interface
The CA Network Flow Analysis web user interface appears as the NFA console, which lets an operator access CA Network Flow Analysis views and reports from a web browser. Administrators for CA Network Flow Analysis use this interface to perform a number of administrative functions.
|
Copyright © 2013 CA.
All rights reserved.
|
|