NetFlow Traffic Analyzer Vs. AppFlow Analyzer Free Tool for NetScalers


We have NetScalers talking to NTA, sort of.  With the current configuration I can see in NTA:

  • How the NetScalers are load balancing to each server ("service" in NetScaler config lingo) in real time.
  • The type of traffic (e.g. HTTP vs. HTTPS), though for non-web traffic this seems to get tricky to configure -- I'm trying to find a way to label non-web traffic flows so they don't all appear in NTA as "unmonitored traffic" -- if anyone knows of a handy way to do this, I'm all ears.  For example, assume you're load-balancing for Exchange 2010 -- how do you get MAPI/RPC traffic to be labeled as such in NTA, rather than being put in an "unmonitored traffic" bucket?
  • Source/destination of traffic by domain and country.

If anyone's interested in getting at least this much information, this is how you do it (don't know if the following is the best way, but at least it worked):

  • First, enable AppFlow on your NetScalers (in the NetScaler GUI, drill down to NetScaler\System, right-click the AppFlow folder and go "enable").
  • Within the AppFlow folder in the GUI navigation pane, click "Collectors" go "Add" then add your SolarWinds box (ours defaulted to TCP 9995 for the port).
  • Under the Appflow folder, click "Actions" then add an action (named something descriptive like "Send_to_SolarWinds"), specifying the collector you created in the previous step.
  • This is where most of the NetScaler AppFlow configuration will be (and also where it becomes complicated):  Policies.  Under the AppFlow folder, click "Policies."  It's pretty straightforward if you're configuring a policy for web traffic, more complicated for other types of traffic.  If you want to create a policy for Outlook Web Access, for example, click "Add," specify a descriptive name for the policy, create an expression (that the traffic must match to send information on it to SolarWinds), such as HTTP.REQ.HOSTNAME.CONTAINS("webmail") (or whatever hostname you use in your OWA URL in place of "webmail"), then select the action you created in the previous step.
  • Finally, click the AppFlow folder, and in the details pane, click "AppFlow policy manager."  Assuming we're still working with a web traffic policy (as in the previous bullet point), make sure that "HTTP" and "Override Global" are selected under "Bind Points."  Then click "Insert Policy," specifying the policy you created in the previous step (which should appear in the "Policy Name" drop-down menu).  The other fields should populate automatically (and using defaults in the remaining fields).  In this step you're enabling the policy.
  • To confirm that the policy is enabled, go back to the AppFlow folder, click Policies, and you should see a green check mark and "Yes" to the right of the policy line.  You will also see traffic counters increment in this screen when traffic matches the policy.  If all is working propery, the NetScalers should be sending AppFlow data on this traffic to SolarWinds.

Assuming your NetScalers are already added as nodes to SolarWinds, no additional configuration should be required for basic functionality (we have "Enable automatic addition of NetFlow sources" enabled in NTA settings).

I hope this helps anyone looking to get basic NetScaler AppFlow data to SolarWinds.  If anyone's interested, I can talk about basic policy configuration for non-web traffic (that gets more complicated).

By the way, we get IPFIX template error messages in SolarWinds (under "Traffic Analyzer Events") from the NetScalers.  Is this a NetScaler issue, SolarWinds issue, or both?  Does anyone know the fix for this?

Ok, for my original reason for posting:  what is the difference in NTA and the AppFlow Analyzer Free Tool for NetScaler AppFlow data?  For example, I see that the Analyzer Free Tool can report on client-facing performance vs. server-facing performance.  Is there a way to get all of the information available in the AppFlow Analyzer Free Tool to show up in NTA?  Is the most complete solution to use both tools?  If so, does SolarWinds have an ETA of when NTA will include all functionality in the Analyzer Free Tool for NetScaler AppFlow data?

Thank you!