This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Introducing the NTA 2020.2 GA Release - IPAM IP Group Integration

Welcome to our latest iteration of the NetFlow Traffic Analyzer, available now in your customer portal

Version 2020.2 is the next release following NTA 2019.4 and is compatible with Orion Platform 2020.2

This is one of three articles describing features we're introducing in the NTA 2020.2 GA Release. We’ll post the details of these features in three separate discussion threads in the NTA product forum, to help you focus on the problems you need to solve in your environment. 

In this thread, we’ll talk about a useful integration with the SolarWInds IPAM (IP Address Manager) module that enable us to reuse the IP groups we’ve already created, and we’ll discuss an enhancement to flow alerts that allow us to write precise notifications that reference application traffic with IP groups, or specific endpoints.

New IP Group import from IPAM

Both the IPAM module and NTA have facilities to create and work with IP groups – that is, collections of endpoints, or subnets that reference groups of endpoints. One common requirement is to characterize the traffic that’s generated or received by an IP group.

Since these are separate modules, each includes the ability to create and work with IP groups within it’s own function. But – having created and actively managed IP groups in IPAM, it’s certainly convenient to share those with NTA.  Importing IPAM IP group definitions avoids expecting our NTA administrator to rebuild identical groups in a second module.

Playing nicely together

To import an IPAM IP Group definition into NTA, navigate to “Netflow Settings” from the NTA Summary page. You’ll find “Manage IP Address Groups” in the “IP Address Groups” settings.

Screen Shot 2020-04-27 at 4.11.28 PM.png

The IP Address Groups Management page for NTA is all new, with a cleaner and easier to navigate look and feel. Groups can be created in either NTA or IPAM, and shown or hidden in NTA easily by selecting the group and clicking on “Show” or “Hide.”  Simple filtering supports working with longer lists to narrow down where a group was created, and if it’s shown in NTA or not. There’s also a search facility to find groups easily.

Screen Shot 2020-04-27 at 4.14.26 PM.png

Other improvements include a table edit function, and the ability to specify subnets when creating a new IP group in NTA using a standard CIDR notation. If you’ve ever had to enter long lists of IP start/stop ranges, you’ll appreciate how much simpler this is.

Screen Shot 2020-04-27 at 4.18.31 PM.png

The file import/export functions are still available, through the menu item “More v” pull-down list.

To import an IP Group definition from IPAM, select the “Import IPAM Group” link. You’ll be presented a list of IPAM groups available for import. Note that the group definitions in IPAM are hierarchical – several named subnets may be collected together under the same hierarchy.

Screen Shot 2020-04-27 at 4.23.50 PM.png

IP groups in NTA are not hierarchical – they exist in one collection. This gives us some flexibility – we can import an entire hierarchy (as one NTA IP Group), and also each subnet under that hierarchy as it’s own IP Group.

Screen Shot 2020-04-27 at 4.24.15 PM.png

In the example above, selecting only “Austin” will surface a single IP group in NTA that includes all of the Austin subnets. Selecting individual subnets within the Austin hierarchy will create additional IP groups for each subnet.  Selecting all of these – the “Austin” IPAM group, and also each of it’s individual subnets will surface five IP groups in total within NTA.

Screen Shot 2020-04-27 at 4.25.06 PM.png

Any of these can be used to filter traffic in the Flow Navigator, or used to qualify an application flow alert.

While we have a summary page for TopN IP Address Groups, the more common use of IP groups is to filter group traffic using the Flow Explorer. Open the Flow Navigator, and expand the IP Address Groups section to add a filter for traffic involving a specific IP group.

Screen Shot 2020-04-27 at 4.31.23 PM.png

Once you add the filter and submit it, the view of traffic on this page includes only conversations involving endpoints in this IP group.

Application Flow Alerts

To create an application flow alert:

  • Specify a node or interface where the traffic is observed
  • Add an application filter
  • Open the “Create a Flow Alert” dialog, and specify your trigger condition

Flow alerts will now pick up specific endpoints or IP groups from the Flow Navigator, and include those in the definition of the alert. You can now write very specific, tightly bounded application traffic alerts that help minimize alert fatigue.

 Screen Shot 2020-04-27 at 4.35.30 PM.png

The final common use for IP groups is in the creation of custom applications. Custom applications allow you to define applications that run over very common protocols – like HTTPS, for example – and further qualify these with specific groups of endpoints.  These may be legacy applications that only run on specific servers in your data center, for example.  Or, they may be public SaaS services with well-know and published IP ranges.

We’ve published a series of detailed examples to help you compose custom applications.  See these postings in the NTA product forum:

Monitoring WebEx Traffic with NetFlow Traffic Analyzer 

Monitoring Microsoft Teams/Skype Traffic with NetFlow Traffic Analyzer 

Monitoring Zoom Traffic with NetFlow Traffic Analyzer


More NTA Goodness

This is one of three articles on the 2020.2 NTA GA Release.  Here's the complete set, for your handy reference:

Introducing the NTA 2020.2 GA Release - VMware vSphere Distributed Switch support

Introducing the NTA 2020.2 GA Release - IPAM IP Group Integration

Introducing the NTA 2020.2 GA Release - Node Traffic Reconciliation


New Orion Platform Features

With this NTA RC comes some fantastic new updates & enhancements to the Orion Platform which include:

  • Monitor up to 1,000,000 elements per Orion Platform instance.
    • For SAM components the limit is increased to be 550,000 components per SAM installation.
  • An Orion Map to Success! - Orion Maps improvements, such as creating and customizing text boxes, labels, or layouts, incorporating custom icons, adding shapes, dynamic backgrounds, bulk administration and all new Time Travel.
  • Performance enhancements
  • Dashboards, Dashboards, Get Your Dashboards! All New Custom Summary Dashboards
  • A Gateway To Your Fastest Upgrade Ever! - Upgrade improvements, such as pre-staging upgrades, upgrade plan reports, automating upgrades via Orion SDK
  • Enhanced volume status
  • 3rd Party Language Pack Support - scripts to extract UI texts from the Orion Web Console

Your Feedback Counts!

The team is incredibly interested in your feedback, and we'd like to hear more about your implementation experiences! Your consistent feedback really shapes our products; we are constantly reviewing your questions, comments, and experiences to come up with brand new feature ideas that we would want to consider for a future release. Visit our NTA Feature Requests area to tell us what you'd like to see.