15-minute (historical) data
15-minute (historical) data is longer-range information that is collected for each interface. The information includes the protocols, hosts, and conversations for each interface. Summary data is also collected for the ToS, the top protocols for the top ToS values, and the top hosts and conversations for the top ToS values. The data is stored in a MySQL database named nqrptr, which is at <install_path>\MySql51\data\nqrptr.
1-minute (high-resolution) data
1-minute (high-resolution) data is detailed information that is collected from each Harvester and is provided to the NFA console for display in views and reports. The data includes top protocols for each interface; traffic for the top hosts and conversations; top conversations for the top protocols; and top protocols, hosts, and conversations for the top ToS values. The 1-minute data is stored on the Harvester server in a database at <install_path>\Netflow\data\archive.
Administrator
An Administrator, in the context of this document, is a person who is responsible for administering the product in the NFA console. An Administrator also manages elements in the Performance Center Console that are related to CA Network Flow Analysis, such as SNMP profiles, groups, users, and roles.
application mapping
Application mapping is a rule-based technique for combining the traffic for an application to facilitate reporting for the application. Application mapping rules are based on factors that can include the traffic origin (host, subnet and mask, and/or port), ToS, and protocol.
baseline
A baseline is a record of typical behavior, which is computed from past behavior. Baselines help you compare changes over time and predict future data or performance. Comparing current values to baseline projections is useful for determining whether current values are typical. The baseline in a trend plot is computed by using data from the six weeks before the selected date range, excluding the data point already in the trend plot.
conversation
A conversation is a session of subnet-to-subnet or user-to-user (host-to-host) traffic. The NFA console displays conversation information, so you can find out whether a particular conversation is causing a traffic spike on an interface, for example. You can create and run reports to identify the top volume-based conversations.
custom virtual interface
A custom virtual interface (CVI) is an abstract representation of a network interface, which corresponds to one or more subnets of actual physical interfaces. CVIs can give you visibility into network traffic for a carrier cloud. Set up CVIs for data center traffic that is transferred to subnets through an MPLS carrier cloud when flow is enabled on the routers in the data center.
dashboards
Dashboards are dynamic report-building pages in the Performance Center Console. Dashboards are accessible from the Dashboards tab (CA PC) or Reports tab (NPC). Each dashboard is a collection of views that present data from registered data sources on a single web page. The layout, views, time interval, and group context of each dashboard can be customized.
data sources
Data sources are the products that provide data for display in the Performance Center Console. Data sources also provide some configuration data that is stored in Performance Center. CA Network Flow Analysis is designed to be a data source for Performance Center.
drilldown report
A drilldown report is a more detailed report that you display by clicking a link in a report. You can open a drilldown report by clicking an interface name in an Enterprise Overview page report, for example. Properly credentialed users also can drill down from Performance Center views to detailed reports in the NFA console.
DSA (Data Storage Appliance)
A DSA (Data Storage Appliance) is a component in a three-tier architecture deployment of CA Network Flow Analysis. Each DSA collects 15-minute resolution (historical) data from the NFA console and stores it. In a two-tier architecture deployment, the 15-minute data is processed and stored on the Harvester.
firewall
A firewall server acts as a gateway between a local area network (LAN) and a large network that is not secure--such as the Internet. A firewall server typically runs a software package that inspects inbound and outbound packets, and decides whether to allow the packets to pass.
flow
A flow is a set of IP packets that pass a network observation point during a certain time interval. In CA Network Flow Analysis 9.2.1, flow may consist of NetFlow v5, v7, or v9 or one of the following flow types that conforms to the standards for NetFlow v5, v7, or v9: sFlow version 5; or IPFIX, J-Flow, cFlow, or Huawei NetStream flow .
In order for data from non-sampled flows to appear in reports of 15-minute (historical) data, the following minimum fields are required:
group
A group is a collection of managed items that is organized in a tree structure. A global administrator can use Performance Center to create custom groups of the managed items that an operator can see. These managed items can be applications, servers, networks, routers, and interfaces, for example.
Harvester
A Harvester is a component in a distributed deployment of CA Network Flow Analysis, which collects raw flows from the routers. In a two-tier architecture deployment, the Harvester processes and stores the 1-minute and 15-minute data. In a three-tier architecture deployment, the Harvester processes and stores the 1-minute data. The NFA console retrieves and processes the 15-minute data.
host
A host is a specific computer engaged in an exchange across the network. In some cases, a host represents a managed services provider whose IT staff manage and monitor the networks and systems of multiple customers. In CA Network Flow Analysis, hosts are identified by name or IP address. You can track host activity to find out whether a specific server or end-user system is responsible for significant traffic on an interface, for example. You can create and run reports about the traffic that is generated or is received by specified hosts.
IIS
IIS is the Web server that is part of the Microsoft Windows Server application. IIS consists of several services, including Simple Mail Transfer Protocol (SMTP). In versions of IIS before 5.0, IIS is an abbreviation for Internet Information Server. In version 5.0 and later, IIS is an abbreviation for Internet Information Services.
interface
An interface is a point of connection, such as a Serial, Frame Relay, Fast Ethernet, ATM, or PVC interface. CA Network Flow Analysis reports on any logical interface that is enabled on a supported router that has flow enabled. The NFA console displays the interfaces that are monitored in your environment.
IP domains
IP domains are logical collections of data from different devices and networks. Domains let your enterprise conduct separate monitoring of IP addresses with associated interfaces or monitor applications that belong to separate customer networks. A global administrator can monitor IP domains from a single Console, but operators view data only for the domains that they have permission to view. Administrators create custom IP domains in the Performance Center Console. Administrators can use the NFA console to assign Harvesters, routers, interfaces, CVIs, and some other elements to IP domains.
LDAP
LDAP, or Lightweight Directory Access Protocol, is a software protocol for locating organizations, individuals, and other resources, such as files and devices in a network. LDAP is based on a client/server model. The LDAP client makes a Transmission Control Protocol (TCP) connection to an LDAP server, and then sends requests and receives responses over this connection.
NetFlow
NetFlow is a transaction between two hosts, which uses a unique pair of port numbers and IP addresses and which includes certain network traffic information. A Cisco router can be configured to export flow information by sending UDP packets that contain flow statistics to one or more collectors such as the Harvesters. CA Network Flow Analysis supports NetFlow versions 5, 7, and 9 and sFlow version 5. CA Network Flow Analysis also supports IPFIX, J-Flow, cFlow, and Huawei NetStream that complies with the standards for NetFlow v5, v7, or v9.
NFA console
The NFA console is a component in a distributed deployment of CA Network Flow Analysis, which provides a web-based user interface for reports and for some administrative functions. The NFA console creates reports from Enterprise Overview data, which is stored locally and from the 1-minute resolution data and 15-minute resolution data that it retrieves from other components.
Performance Center
Performance Center is a term this documentation uses to refer to CA Performance Center and CA NetQoS Performance Center collectively. CA Network Flow Analysis is designed to be used with one of these programs. Page names or functions that are specific to a Performance Center version may be identified by the full program name or acronym. CA PC is used as an acronym for CA Performance Center and NPC is used for CA NetQoS Performance Center.
permission groups
Permission groups define the scope of the managed items that each user or operator can monitor. Administrators can create and assign custom groups of items to match each user’s area of responsibility, such as applications, servers, networks, routers, and interfaces. Administrators assign permission groups in Performance Center to give users access to default or custom groups.
product privilege
A product privilege is a type of permission that is associated with a user account in Performance Center. The product privileges grant access to features in the Performance Center Console, the NFA console, and any other data sources. The administrators who manage user accounts assign product privileges in the Performance Center Console.
report
A report is a display of collected data, which you view in the NFA console from the Enterprise Overview, Interfaces, Custom Reporting, Flow Forensics, and Analysis pages. You can print or save reports in PDF format. You can also export reports as comma-separated value (CSV) files. An Administrator can set up some reports to be sent by email at scheduled intervals.
reporting information base (RIB)
The reporting information base (RIB) is a system of web services and XML files that describe and provide the data for views and dashboards in the CA Performance Center Console. This data originates from data sources, such as CA Network Flow Analysis. The RIB capability provides an operating environment for cross-product, federated, and third-party reporting. RIB uses a single data access web service with SQL-like capabilities.
reporting period
A reporting period is a user-specified time range for data to be included in a CA Network Flow Analysis report. The time options vary with each report type, but the report period could consist of hours, days, weeks, or months.
Reserved Seating
Reserved Seating is a rule-based technique for ensuring that reports include the traffic that interests you, even if the traffic volume or rate is low. The rules create ‘reserved seats’ in reports for data that matches the target ports and protocols.
role
A role controls access to product features in the NFA console and the Performance Center Console. In a well-planned deployment, roles let users access the features they need to perform their duties. Roles also restrict access to features that operators and administrators do not need. The administrator who manages user accounts assigns roles in the Performance Center Console.
Single Sign-On
Single Sign-On is the authentication scheme that provides one-time login to authenticate users in the suite of related products. Once users are authenticated, they can navigate among the products without signing in again.
SMTP
SMTP (Simple Mail Transfer Protocol) is the Transfer Control Protocol/Internet Protocol (TCP/IP) protocol that is used for sending and receiving e-mail in data networks.
SNMP
SNMP (Simple Network Management Protocol) is a network management protocol that is used almost exclusively in data networks. SNMP is a method for monitoring and controlling network devices, as well as managing configurations, statistics collection, performance, and security.
SNMP profiles
SNMP profiles are definitions that contain the information for using SNMP securely to query device MIBs (Management Information Bases). Each connection to a device is made by using an SNMP profile. Administrators create SNMP profiles as needed in the Performance Center Console. In a multi-tenant CA Performance Center environment, SNMP profiles are tenant-specific. In this type of environment, each Harvester uses one of the SNMP profiles that are set up for its parent tenant.
synchronization
Synchronization, or global synchronization, is a Performance Center process that exchanges configuration and other data with CA Network Flow Analysis. For example, if an administrator creates user accounts or SNMP profiles, the associated data is pushed down to the NFA console through synchronization. Synchronization occurs every 5 minutes automatically. Administrators also can perform a full or partial synchronization on demand.
trap
A trap is a message that indicates a threshold has been reached or that another user-defined condition has occurred. An SNMP agent sends traps to the NFA console or to a network management system (NMS). The Watchdog agent defines a number of traps for system and application management.
trend line
A trend line is a projection of the future performance of an element that is based on data from past performance. CA Network Flow Analysis constructs the trend line as the best straight line through the data points of the baseline period.
Web user interface
The CA Network Flow Analysis web user interface appears as the NFA console, which lets an operator access CA Network Flow Analysis views and reports from a web browser. Administrators for CA Network Flow Analysis use this interface to perform a number of administrative functions.
|
Copyright © 2014 CA.
All rights reserved.
|
|