15-minute (historical) data
15-minute (historical) data is longer-range information that is collected for each interface. The information includes the protocols, hosts, and conversations for each interface. Summary data is also collected for the ToS, the top protocols for the top ToS values, and the top hosts and conversations for the top ToS values. The data is stored in a MySQL database named nqrptr, which is at <install_path>\MySql51\data\nqrptr.
1-minute (high-resolution) data
1-minute (high-resolution) data is detailed information that is collected from each Harvester and is provided to the NFA console for display in views and reports. The data includes top protocols for each interface; traffic for the top hosts and conversations; top conversations for the top protocols; and top protocols, hosts, and conversations for the top ToS values. The 1-minute data is stored on the Harvester server in a database at <install_path>\Netflow\data\archive.
Administrator
An Administrator, in the context of this document, is a person who is responsible for administering CA Network Flow Analysis in the NFA console. An Administrator also manages elements in the Console for CA Performance Center or CA NetQoS Performance Center that are related to CA Network Flow Analysis, such as SNMP profiles, groups, users, and roles.
application mapping
Application mapping is a rule-based technique for combining the traffic for an application to facilitate reporting for the application. Application mapping rules are based on factors that can include the traffic origin (host, subnet and mask, and/or port), ToS, and protocol.
baseline
A baseline is a record of typical behavior, which is computed from past behavior. Baselines help you compare changes over time and predict future data or performance. Comparing current values to baseline projections is useful for determining whether current values are typical. The baseline in a trend plot is computed by using data from the six weeks before the selected date range, excluding the data point already in the trend plot.
conversation
A conversation is a session of subnet-to-subnet or user-to-user (host-to-host) traffic. The NFA console displays conversation information, so you can find out whether a particular conversation is causing a traffic spike on an interface, for example. You can create and run reports to identify the top volume-based conversations.
custom virtual interface
A custom virtual interface (CVI) is an abstract representation of a network interface, which corresponds to one or more subnets of actual physical interfaces. CVIs can give you visibility into network traffic for a carrier cloud. Set up CVIs for data center traffic that is transferred to subnets through an MPLS carrier cloud when flow is enabled on the routers in the data center.
data sources
Data sources are the supported products--such as CA Network Flow Analysis--that provide data for display in the Console for CA Performance Center or CA NetQoS Performance Center. Data sources also provide some configuration data that is stored in the central Console.
drilldown report
A drilldown report is a more detailed report, which you display by clicking a link in the parent report. You can open a drilldown report by clicking an interface name in an Enterprise Overview page report, for example. You can also drill down from views in the Console for CA Performance Center or CA NetQoS Performance Center to detailed reports in CA Network Flow Analysis.
DSA (Data Storage Appliance)
A DSA (Data Storage Appliance) is a component in a three-tier architecture deployment of CA Network Flow Analysis. Each DSA collects 15-minute resolution (historical) data from the NFA console and stores it. In a two-tier architecture deployment, the 15-minute data is processed and stored on the Harvester.
firewall
A firewall server acts as a gateway between a local area network (LAN) and a large network that is not secure--such as the Internet. A firewall server typically runs a software package that inspects inbound and outbound packets, and decides whether to allow the packets to pass.
flow
A flow is a set of IP packets that pass a network observation point during a certain time interval. In CA Network Flow Analysis 9.2.0, flow may consist of NetFlow v5, v7, or v9; sFlow version 5; or IPFIX, J-Flow, cFlow, or Huawei NetStream flow that conforms to the standards for NetFlow v5, v7, or v9.
group
A group is a collection of managed items. A global administrator can use CA Performance Center or CA NetQoS Performance Center to create custom groups of managed items such as applications, servers, networks, routers, and interfaces, to reflect each user’s area of responsibility. Groups organize items in a tree structure, which is propagated to CA Network Flow Analysis.
Harvester
A Harvester is a component in a distributed deployment of CA Network Flow Analysis, which collects raw flows from the routers. In a two-tier architecture deployment, the Harvester processes and stores the 1-minute and 15-minute data. In a three-tier architecture deployment, the Harvester processes and stores the 1-minute data. The NFA console retrieves and processes the 15-minute data.
host
A host is a specific computer engaged in an exchange across the network. In some cases, a host represents a managed services provider whose IT staff manage and monitor the networks and systems of multiple customers. In CA Network Flow Analysis, hosts are identified by name or IP address. You can track host activity to find out whether a specific server or end-user system is responsible for significant traffic on an interface, for example. You can create and run reports about the traffic that is generated or is received by specified hosts.
IIS
IIS is the Web server that is part of the Microsoft Windows Server application. IIS consists of several services, including Simple Mail Transfer Protocol (SMTP). In versions of IIS before 5.0, IIS is an abbreviation for Internet Information Server. In version 5.0 and later, IIS is an abbreviation for Internet Information Services.
interface
An interface is a point of connection, such as a Serial, Frame Relay, Fast Ethernet, ATM, or PVC interface. CA Network Flow Analysis reports on any logical interface that is enabled on a supported router that has flow enabled. The NFA console displays the interfaces that are monitored in your environment.
IP domains
IP domains are logical collections of data from different devices and networks. Domains let your enterprise conduct separate monitoring of IP addresses with associated interfaces or monitor applications that belong to separate customer networks. A global administrator can monitor IP domains from a single Console, but operators view data only for the domains that they have permission to view. Administrators create custom IP domains in the Console for CA Performance Center or CA NetQoS Performance Center. Administrators use the NFA console to assign Harvesters, routers, interfaces, CVIs, and some other elements to IP domains.
LDAP
LDAP, or Lightweight Directory Access Protocol, is a software protocol for locating organizations, individuals, and other resources, such as files and devices in a network. LDAP is based on a client/server model. The LDAP client makes a Transmission Control Protocol (TCP) connection to an LDAP server, and then sends requests and receives responses over this connection.
NetFlow
NetFlow is a transaction between two hosts, which uses a unique pair of port numbers and IP addresses and which includes certain network traffic information. A Cisco router can be configured to export flow information by sending UDP packets that contain flow statistics to one or more collectors such as the Harvesters. CA Network Flow Analysis supports NetFlow versions 5, 7, and 9 and sFlow version 5. CA Network Flow Analysis also supports IPFIX, J-Flow, cFlow, and Huawei NetStream that complies with the standards for NetFlow v5, v7, or v9.
NFA console
The NFA console is a component in a distributed deployment of CA Network Flow Analysis, which provides a web-based user interface for reports and for some administrative functions. The NFA console creates reports from Enterprise Overview data, which is stored locally and from the 1-minute resolution data and 15-minute resolution data that it retrieves from other components.
permission groups
Permission groups define the scope of the managed items that each user (or operator) can monitor. Administrators assign permission groups to user accounts in CA Performance Center or CA NetQoS Performance Center. Administrators can create and assign custom groups of items to match each user’s area of responsibility, such as applications, servers, networks, routers, and interfaces. Administrators then assign the permission groups in CA Performance Center or CA NetQoS Performance Center to give users access to default or custom groups.
product privilege
A product privilege is a type of permission that is associated with a user account in CA Performance Center or CA NetQoS Performance Center. The product privileges grant access to features in CA Performance Center or CA NetQoS Performance Center, CA Network Flow Analysis, and any other data sources. The CA Network Flow Analysis administrators who manage the user accounts assign product privileges in CA Performance Center or CA NetQoS Performance Center.
report
A report is a display of collected data, which you view in the NFA console from the Enterprise Overview, Interfaces, Custom Reporting, Flow Forensics, and Analysis pages. You can print or save reports in PDF format. You can also export reports as comma-separated value (CSV) files. An Administrator can set up some reports to be sent by email at scheduled intervals.
reporting information base (RIB)
The reporting information base (RIB) is a system of web services and XML files that describe and provide the data for views and dashboards in CA Performance Center. This data originates from data sources, such as CA Network Flow Analysis. The RIB capability provides an operating environment for cross-product, federated, and third-party reporting. RIB uses a single data access web service with SQL-like capabilities.
reporting period
A reporting period is a user-specified time range for data to be included in a CA Network Flow Analysis report. The time options vary with each report type, but the report period could consist of hours, days, weeks, or months.
Reserved Seating
Reserved Seating is a rule-based technique for ensuring that reports include the traffic that interests you, even if the traffic volume or rate is low. The rules create ‘reserved seats’ in reports for data that matches the target ports and protocols.
role
A role is a user account setting that is assigned by an Administrator for CA Network Flow Analysis. Roles control access to product features in the NFA console and to dashboards and other elements in CA Performance Center or CA NetQoS Performance Center. In a well-planned deployment, roles let users access the features they need to perform their duties. Roles also restrict access to features that operators and administrators do not need.
Single Sign-On
Single Sign-On is the authentication scheme that provides one-time login to authenticate users in the suite of related products. Once users are authenticated, they can navigate among the products without signing in again.
SMTP
SMTP (Simple Mail Transfer Protocol) is the Transfer Control Protocol/Internet Protocol (TCP/IP) protocol that is used for sending and receiving e-mail in data networks.
SNMP
SNMP (Simple Network Management Protocol) is a network management protocol that is used almost exclusively in data networks. SNMP is a method for monitoring and controlling network devices, as well as managing configurations, statistics collection, performance, and security.
SNMP profiles
SNMP profiles are definitions that contain the information for using SNMP securely to query device MIBs (Management Information Bases). Each connection to a device is made by using one of the SNMP profiles. Administrators create SNMP profiles in CA Performance Center or CA NetQoS Performance Center as needed. In a multi-tenant CA Performance Center environment, the SNMP profiles are tenant-specific. In this type of environment, each Harvester uses the SNMP profiles that are set up for its parent tenant.
synchronization
Synchronization, or global synchronization, is a process in CA Performance Center and CA NetQoS Performance Center that exchanges configuration and other data with CA Network Flow Analysis. For example, if an administrator creates user accounts or SNMP profiles, the associated data is synchronized (or pushed down) to the NFA console. Synchronization occurs every 5 minutes automatically. Administrators also can perform a full or partial synchronization on demand.
trap
A trap is a message that indicates a threshold has been reached or that another user-defined condition has occurred. An SNMP agent sends traps to the NFA console or to a network management system (NMS). The Watchdog agent defines a number of traps for system and application management.
trend line
A trend line is a projection of the future performance of an element that is based on data from past performance. CA Network Flow Analysis constructs the trend line as the best straight line through the data points of the baseline period.
Web user interface
The CA Network Flow Analysis web user interface appears as the NFA console, which lets an operator access CA Network Flow Analysis views and reports from a web browser. Administrators for CA Network Flow Analysis use this interface to perform a number of administrative functions.
|
Copyright © 2013 CA.
All rights reserved.
|
|