This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

IPAM and NetFlow Traffic Analyzer - Introducing Release Candidate 2020.2

Welcome to our latest iteration of the NetFlow Traffic Analyzer, available now in your customer portal

Each release candidate is a fully tested and supported version of the product and you can upgrade current production servers, while retaining your complete configuration and history.

Version 2020.2 is the next release following NTA 2019.4 and is compatible with Orion Platform 2020.2

This is one of three articles describing features we're introducing in the NTA 2020.2 Release Candidate. We're posting this article in the IPAM product forum to describe an exciting new integration between NTA and IPAM. 

In this thread, we’ll talk about an integration with the IPAM module that enable us to reuse the IP groups we’ve already created with NTA, and we’ll discuss an enhancement to flow alerts that allow us to write precise notifications that reference application traffic with IP groups, or specific endpoints.

New IP Group import from IPAM

Both the IPAM module and NTA have facilities to create and work with IP groups – that is, collections of endpoints, or subnets that reference groups of endpoints. One common requirement is to characterize the traffic that’s generated or received by an IP group.

Since these are separate modules, each includes the ability to create and work with IP groups within it’s own function. But – having created and actively managed IP groups in IPAM, it’s certainly convenient to share those with NTA.  Importing IPAM IP group definitions avoids expecting our NTA administrator to rebuild identical groups in a second module.

Playing nicely together

To import an IPAM IP Group definition into NTA, navigate to “Netflow Settings” from the NTA Summary page. You’ll find “Manage IP Address Groups” in the “IP Address Groups” settings.

Screen Shot 2020-04-27 at 4.11.28 PM.png

The IP Address Groups Management page for NTA is all new, with a cleaner and easier to navigate look and feel. Groups can be created in either NTA or IPAM, and shown or hidden in NTA easily by selecting the group and clicking on “Show” or “Hide.”  Simple filtering supports working with longer lists to narrow down where a group was created, and if it’s shown in NTA or not. There’s also a search facility to find groups easily.

Screen Shot 2020-04-27 at 4.14.26 PM.png

Other improvements include a table edit function, and the ability to specify subnets when creating a new IP group in NTA using a standard CIDR notation. If you’ve ever had to enter long lists of IP start/stop ranges, you’ll appreciate how much simpler this is.

Screen Shot 2020-04-27 at 4.18.31 PM.png

The file import/export functions are still available, through the menu item “More v” pull-down list.

To import an IP Group definition from IPAM, select the “Import IPAM Group” link. You’ll be presented a list of IPAM groups available for import. Note that the group definitions in IPAM are hierarchical – several named subnets may be collected together under the same hierarchy.

Screen Shot 2020-04-27 at 4.23.50 PM.png

IP groups in NTA are not hierarchical – they exist in one collection. This gives us some flexibility – we can import an entire hierarchy (as one NTA IP Group), and also each subnet under that hierarchy as it’s own IP Group.

Screen Shot 2020-04-27 at 4.24.15 PM.png

In the example above, selecting only “Austin” will surface a single IP group in NTA that includes all of the Austin subnets. Selecting individual subnets within the Austin hierarchy will create additional IP groups for each subnet.  Selecting all of these – the “Austin” IPAM group, and also each of it’s individual subnets will surface five IP groups in total within NTA.

Screen Shot 2020-04-27 at 4.25.06 PM.png

Any of these can be used to filter traffic in the Flow Navigator, or used to qualify an application flow alert.

While we have a summary page for TopN IP Address Groups, the more common use of IP groups is to filter group traffic using the Flow Explorer. Open the Flow Navigator, and expand the IP Address Groups section to add a filter for traffic involving a specific IP group.

Screen Shot 2020-04-27 at 4.31.23 PM.png

Once you add the filter and submit it, the view of traffic on this page includes only conversations involving endpoints in this IP group.

Application Flow Alerts

To create an application flow alert:

  • Specify a node or interface where the traffic is observed
  • Add an application filter
  • Open the “Create a Flow Alert” dialog, and specify your trigger condition

Flow alerts will now pick up specific endpoints or IP groups from the Flow Navigator, and include those in the definition of the alert. You can now write very specific, tightly bounded application traffic alerts that help minimize alert fatigue.

 Screen Shot 2020-04-27 at 4.35.30 PM.png

The final common use for IP groups is in the creation of custom applications. Custom applications allow you to define applications that run over very common protocols – like HTTPS, for example – and further qualify these with specific groups of endpoints.  These may be legacy applications that only run on specific servers in your data center, for example.  Or, they may be public SaaS services with well-know and published IP ranges.

We’ve published a series of detailed examples to help you compose custom applications.  See these postings in the NTA product forum:

Monitoring WebEx Traffic with NetFlow Traffic Analyzer 

Monitoring Microsoft Teams/Skype Traffic with NetFlow Traffic Analyzer 

Monitoring Zoom Traffic with NetFlow Traffic Analyzer

New Orion Platform Features

With this NTA RC comes some fantastic new updates & enhancements to the Orion Platform which include:

  • Monitor up to 1,000,000 elements per Orion Platform instance.
    • For SAM components the limit is increased to be 550,000 components per SAM installation.
  • An Orion Map to Success! - Orion Maps improvements, such as creating and customizing text boxes, labels, or layouts, incorporating custom icons, adding shapes, dynamic backgrounds, bulk administration and all new Time Travel.
  • Performance enhancements
  • Dashboards, Dashboards, Get Your Dashboards! All New Custom Summary Dashboards
  • A Gateway To Your Fastest Upgrade Ever! - Upgrade improvements, such as pre-staging upgrades, upgrade plan reports, automating upgrades via Orion SDK
  • Enhanced volume status
  • 3rd Party Language Pack Support - scripts to extract UI texts from the Orion Web Console

Your Feedback Counts!

The team is incredibly interested in your feedback, and  when you participate by downloading and installing the RC, you'll receive THWACK points. More importantly - your feedback shapes our products. Post your thoughts, questions and concerns into the NTA Release Candidate area  and not only will you be able to get some SolarWinds swag, but we'll be watching for input to continuously drive product improvements. In addition, sometimes you'll come up with brand new feature ideas that we would want to consider for a future release. Visit our NTA Feature Requests area to tell us what you'd like to see.