Product Blog

June 2018 Previous month Next month

NetFlow Traffic Analyzer

Faster. Leaner. More Secure.

 

The new NetFlow Traffic Analyzer leverages the power of columnstore technology in MS SQL Server to deliver answers to your flow analysis questions faster than ever before. MS SQL 2016 and later runs in a more efficient footprint than previous flow storage technologies, making better use of your infrastructure. Support for TLS 1.2 communication channels and monitoring of TCP and UDP Port 0 traffic helps to secure your environment.

 

Version 4.4 also introduces a new installation process to confirm that you have the necessary prerequisites, and to guide you through the installation and configuration process.

 

NTA 4.4 is now available in the Customer Portal. Check out the Release Notes for an overview of the features.

 

Faster

The latest release of NTA makes use of Microsoft’s latest version of their SQL columnstore based flow storage database.  Columnstore databases organized and query data by column, rather than row index. They are the optimal technology for large-scale data warehouse repositories, like massive volumes of individual flow records. Our testing and our beta customer experiences indicate that columnstore indexes support substantial performance improvements in both querying data, and in data compression efficiency.

 

NTA was an early adopter of columnstore technology to enhance the performance of our flow storage database. As Microsoft’s columnstore solutions have matured, we’ve chosen to adopt the MS SQL 2016 and later versions as the supported flow storage technology. That offers our customers the ability to standardize on MS SQL across the Orion platform, and to manage their monitoring data using a common set of tools with common expertise. We’ve made deployment and support simpler, more robust, and more performant.

 

Leaner

This same columnstore technology also runs more efficiently with the existing resource footprint. This solution builds and maintains columnstore indexes in memory, and then manages bulk record insertions with much less intensive I/O to the disk storage. CPU required to build indexes is also substantially less intensive than our previous versions. As a result, this version will make better use of the same resources to run more efficiently.

 

More Secure

This version of NTA supports TLS 1.2 communication channels, required in many environments to secure communications with client users.

 

Beginning in this version, NTA will explicitly monitor network flows that are destined to TCP or UDP service port 0. Traffic that’s addressed to TCP or UDP port 0 is either malformed – or malicious traffic. This port is reserved for internal use, and network traffic on the wire should never appear addressed to this port. By highlighting and tracking flows addressed to port 0, NTA helps network administrators to identify sources of malicious traffic that may be attacking hosts in their network, and providing the information they need to shut that traffic down.

 

NTA will surface port 0 traffic as a distinct application, so the information is available in all application resources.

NTA Port 0 Traffic

Supported Database Configurations

This version of NTA maintains a separate database for Flow Storage. NPM also maintains the Orion database for device and interface data. Both of these databases are built in MS SQL instances.

 

New installations of NTA and upgrades to version 4.4 and later will require an instance of MS SQL 2016 Service Pack 1 or later version for flow storage. For evaluation, the express edition is supported. For production deployments, we support the Standard and Enterprise editions.

 

When upgrading to this version from older version on the FastBit database, data migration is not supported. This upgrade will build out a new, empty database in the new MS SQL instance.  The existing flow data in the FastBit database will not be deleted or modified in any way. That data can be archived for regulatory requirements, and customers can run older product versions in evaluation mode to temporarily access the data.

 

In the current NTA product, we require a separate dedicated server for Flow Storage. The simplest upgrade would use that dedicated server with the new release to install an instance of MS SQL 2016 SP1 or later for flow storage. Many of our customers will be interested in running both the Orion database and the NTA Flow Storage database in the same MS SQL instance. We support that, but for most customers that will take some planning to consolidate and to appropriately size that instance to support both databases.

 

Here's a more detailed discussion of NTA's New MS SQL Based Flow Storage Database. Also, a knowledge base article on NTA 4.4 Adoption is available, with frequently asked questions.

 

We’re doing some testing now to provide some performance guidance for key performance indicators to monitor. One of the benefits of using MS SQL technology for both of these databases is that there are many common tools and techniques available to monitor and tune MS SQL databases. We plan to provide guidance for both monitoring, and deployment planning.

 

Conclusion

Please visit the NetFlow Traffic Analyzer Forum on THWACK to discuss your experiences and new feature requests for NTA.

I am very excited to announced that Solarwinds NCM 7.8 is available for download in the Customer Portal! This release brings many valuable features and the release notes are a great resource for these.

 

Network Insight for Cisco Nexus
This is the third iteration in our Network Insight series and in this release we have extended those insights to Cisco Nexus. We understand that your Cisco Nexus devices are a sizable investment and come with a host of valuable features and that you also expect deeper insight from your Solarwinds monitoring and management tools as a result. This meant that we had to go back and develop some new features and expand on existing ones to ensure that the relevant information you need is presented properly. It means that your workflows are logical and more time efficient.

 

 

Virtual Port Channels

One of the really awesome features of a Cisco Nexus, that comes with a good deal of complexity, is the ability to create and deploy vPCs. vPCs operate as a single logical interface, but are actually just a group of interfaces working together. What this means is that managing vPCs can become a time drain, as the number of vPCs increases and as the number of interfaces on each vPC pair increases. Network Insight provides a view to show each vPC and the member interfaces in each of those vPCs. This is covered in the NPM v12.3 release blog.

 

In addition to this view, there is another layer of detail that shows the configuration of each vPC and its member interfaces. To see this detail you will click on "View Configs" on the vPC page. This page displays the configuration details for each of the side of the vPC and the configurations of each member interface. This allows you to save time by more efficiently identifying configuration errors within the vPC and the member interfaces. I think we can all agree that not having to hop across multiple windows and execute manual searches or commands to find issues is a major workflow improvement!

 

The example below is a vPC with multiple member interfaces:

 

Virtual Device Contexts

As it is covered here, each VDC is essentially a VM on a Cisco Nexus (also Cisco ASAs!) and each context is configured separately and provides its own set of services. These configurations are downloaded and backed up by NCM. They are also referenced for all the features in this release.

 

To manage a context in NCM, one just needs to click "Monitor Node" and it will walk through node addition process, after that has concluded each configuration is downloaded and stored separately.

 

Access Control Lists

ACLs define what to do with the network traffic. ACLs are very complicated to manage because within each ACL are rules (Access Control Elements) and within these are object groups. The object groups are containers that house specific information for the given rule like the interfaces that you might block a particular MAC address from traversing. The layering creates some problems. Manually you need to verify the rules are handling traffic by examining the hit counts, and that none of the rules are shadowed or redundant. Lastly, to ensure we met all of your needs for ACLs we extended the existing functionality of Access Control Lists (ACLs) beyond Port Access Control Lists (PACLs) and VLAN Access Control Lists (VACLs), to include MAC ACLs and non-contiguous subnet masks.

 

ACLs are super easy to add and once the Nexus nodes are added to NCM, it will automatically discover ACLs and grant you access to all the information available inside those ACLs. You won't need to spend copious amounts of time digging into each ACL, determining if changes occurred, and what changes occurred.

 

To see the list of ACLs for a particular Nexus, mouse over the entities on the side panel and select “Access Lists.”

Access Control List Entity View

 

With this view you are able to see the historical record of ACLs, including the date and time of each revision, and if there are any overlapping rules inside of each version of the ACL. To expose the previous version for viewing just expand the view. From this same screen you are able to view the ACL details and also compare against the next most recent, older revision, or a different nodes ACL.

ACL detail view and rule alerts

 

When you navigate into the ACL, each of the rules in that ACL are displayed including all the syntax for that ACL. In this view each rule provides a hit counter, making it easy to see which rules are impacting traffic and which ones are not. You are also able to drill down into the object groups.

 

Viewing conflicting rules is simple in NCM. Expanding on the alert, you can see the shadowed or redundant rules.

  • Redundant: a rule earlier in the list overlaps this rule, and does the same action to the matched traffic.
  • Shadowed: a rule earlier in the list overlaps this rule, and does the opposite action.

 

Interface Config Snippets???

At some point during the course of your day you will have identified one or many interfaces that warrant deeper inspection. Based on feedback from many of you, we discovered that once you reached this point you needed to see more information. Specifically, information about that interface and the interface configuration information. Normally you would have had to dig into overall running or startup configs requiring you to navigate away from the interface screen. This is why we created where interface config snippets and this is probably one of my favorite features in this Network Insight release.

 

These snippets are the running configurations of the specific interface you are viewing.

Interface Config Snippet


Once you have found the snippet on the page, you are able to verify which configuration this snippet is pulled from and the date and time of when it was downloaded.

Interface Config Snippet details + history

 

Conclusion

That is all I have for now on this release but I recommend you go check out our online demo and visit the customer portal to click through this functionality and see all the great features available in this release. My fellow cohort cobrien put together a great blog on Network Performance Monitor's v12.3 release for Network Insight and I highly recommend that you head over and give it a read! I look forward to hearing your feedback once you have this new release up and running in your environment!

 

Starting with NPM 12.2, SolarWinds has embarked on a journey to transform your Orion deployment experience with fast and frequent releases of key deployment components. The first step was revamping the legacy installer to the new and improved SolarWinds Orion installer. The installer was able to deploy new or upgrade an entire main poller in one seamless session. The second iteration of the installer released the capability to do the same for your scalability engines. In this release NTA has been updated to utilize a MSSQL database, allowing us to happily say that the SolarWinds Orion installer is truly an All-in-One installer solution for your Orion deployment. For NPM 12.3, we have made tremendous scalability improvements that allow you to utilize even more scalability engines. As a result, your Orion deployment upgrades gain in complexity, so the installer team is providing additional updates to how you can stage your environment for minimal upgrade time.

 

Normal Upgrade Process

 

Using the All-in-One SolarWinds Orion installer, your upgrade process will look like the following.

 

Step one:

 

Review all system requirements, back up your database and if possible snapshot the Orion deployment. This will be especially important in this release, as the NTA Flow Storage database requirements have changed. Note: Flow Storage database refers to the database instance that stores NTA collected flow data. In previous versions this was utilizing a Fastbit database, but in this release has been updated to use MSSQL with a minimum version of 2016. An Orion database is the primary database that stores all polled data from NPM and other Orion products.

 

Step two:

 

Download the NPM 12.3 installer, selecting either the online or the offline variant according to your system requirements. Note: the SolarWinds Orion installer is

 

Step three:

 

Run the installer on your main poller and upgrade it to completion. If you have any other Orion product modules installed, the installer will upgrade this instance to the latest versions of those modules at the same time to maintain compatibility with the new Orion Platform 2018.2. If there are new database instances to be configured, that will be handled during the Configuration Wizard stage of the main poller upgrade. This release of the installer has a new type of preflight check that requires confirmation from you before proceeding. In the example below, is one for the NTA upgrade. Click for details to see the confirmation dialog and select yes or no.

 

Configuration Wizard step for NTA:

 

Step four:

 

If you don’t have any scalability engines, e.g Additional Polling Engines, Additional Websites or HA Backups you’re ready to explore all of the new features available in this version!

 

Scalability Engines

 

For those environments utilizing scalability engines or for those who are looking to try them out, this section will guide you through the process of deployment. Even if you have not utilized scalability engines previously, trying them out to test the scale improvements is incredibly easy. Like every SolarWinds Orion product, they are available for an unlimited 30-day free evaluation.

 

Deploying a fresh scalability engine is handled with the same installer that you downloaded for the main poller.

 

1. Copy the installer to your intended server and Click to “Run as Administrator”

 

Note: If you downloaded the offline installer, which is about 2 GB, the download process to your server can take some time and does not currently stage the scalability engine for faster upgrade. In the future, this is something we’d like to improve but is not an available feature for this release.  if you’d like to shorten the initial download of installer file to server, you can always use the online installer to set up your scalability engine. This installer file is about 40 MB so the download of installer file time to the server is much shorter. This will still meet offline requirements because when selecting the “Add a Scalability Engine” option, it will choose to download from the main poller to maintain version compatibility and does not require internet access. As always, the 40 MB scalability engines installer is also available for download from the All Settings -> Polling Engines page.

 

2. Select the “Add a Scalability Engine” option.

 

first screen of installer

 

3. Similar to the main poller upgrade process, at this point system checks that are specific to scalability engines will be run.

 

Note: Anything tagged as a blocker may need confirmation or action from you before proceeding.  If this is the case, address those issues and run the installer again. Things that are tagged as a warning or informational message are simply for your awareness and will not prevent your installation from proceeding.

 

4. Select the type of scalability engine that you are looking to deploy, and then complete the steps in the wizard to finish your installation per your normal process.

 

 

Upgrading a scalability engine, is also handled through the same installer. However, this is where you have an opportunity to utilize our staging feature.

Note: If you were to proceed with your normal practice of putting the scalability engines installer on each server you need to upgrade, and then manually upgrading, that process will work perfectly well with no changes. Please read through the “Staging Your Environment for your Scalability Engines Upgrade” section below to see the alternative workflow that allows you to stage your environment.

 

Staging Your Environment for Your Scalability Engines Upgrade

 

For customers with more than a handful of scalability engines or with some distributed over WAN links, we noticed that they were occasionally experiencing extremely high download times from their main poller to their scalability engines. In addition, there was no centralized area where one could see the upgraded state of the scalability engines. Navigate to "All Settings", and click "High Availability Deployment Summary" and you will see the foundational pieces for an Orion deployment view.

 

The Servers tab contains the original High Availability Deployment Summary content, and is where you can continue to set up additional HA pools and HA environment.

 

Check out the new Deployment Health tab! You may not have heard of our Active Diagnostics tool, but it comes prepackaged with every install of the Orion Platform with test suites designed to test for our most common support issues. We've brought that in depth knowledge to your web console in the new Deployment Health view. With nightly run tests across your Orion Deployment, every time you come to this page you will see if there are any issues that could be a factor in the performance of Orion or your upgrades.

 

You are able to refresh a check if you're working on an issue and wish to see an updated test result. If there are tests that you don't want to address, silence them to hide the results from the web console. Click on the caret to the right and you'll be able to see more details and a link to a KB article that will give you remediation advice.

 

On the Updates tab is where you will be able to stage your scalability engines.

 

The first page of the wizard will let you know if there are updates that are available to be installed on your scalability engines. At this point you've upgraded your main poller, so there are definitely updates available!  Click "Start" to get started!

 

The second page is where we are testing the connection to each of the scalability engines. If we are able to determine the status of these engines, we'll give you the green light to proceed to the next step. Common issues that could prevent this from being successful could be that the SolarWinds Administration Service has not been updated to the correct version or is not up and running at this point. Click "Start Preflight Checks" to proceed.

 

Similar to the Deployment Health tab, these are running preflight checks across your Orion Deployment. You'll be able to see all of the same preflight checks that were available through the installer client, except centralized to one view. If there are blockers present on this screen, you can still proceed in this flow if at least one scalability engine is ready to go, but please note down those scalability engines with blockers. You will need to address those blockers before an upgrade can occur on those servers. Click "Start download" to start the staging process.

 

 

 

At this point, we are starting the download process of every msi needed to upgrade your scalability engines. In this example, I'm only staging one scalability engine, but if you  have multiple, you can see the benefits in time savings right away! All of the downloads will be triggered in parallel.

Sit back and relax as we stage your environment for you. You can even open up RDP sessions to those servers with one click from this page.

 

When everything has finished downloading, we will let you know which servers are ready to install. Click on the "RDP' icon to open your RDP session to the server.

 

On your desktop, you should see the SolarWinds scalability engines installer waiting for you to click on and finish the upgrade.

 

Visually you will run through the same steps that you normally would in clicking through the installer wizard. However, when you actually get to the installation part, you'll notice that there is no download appears in the progress bar. Finish your upgrade and move on to the next!

 

I hope you enjoy this update to how you can upgrade your Orion Deployment. I'm always looking for feedback on how we make this as streamlined as possible for you.

Filter Blog

By date: By tag:

SolarWinds uses cookies on its websites to make your online experience easier and better. By using our website, you consent to our use of cookies. For more information on cookies, see our cookie policy.