background image

Exinda Network Orchestrator

4 Settings

|

500

How Edge Cache Works

Edge Cache enables single-sided caching of Internet-based content, including web objects, videos and software
updates. Edge Cache requires only one Exinda appliance.

When web objects are downloaded from the Internet or across WAN links, Edge Cache stores them at the edge of the
network. When subsequent requests come for the same material, the content is quickly delivered from Edge Cache,
without the need to download the data again over the WAN. The result is the ability to experience LAN speeds of WAN
objects, and provide users with a better network experience.

Edge Cache also supports HTTPS sites allowing the appliance to be a forward proxy and decrypt content for caching.
This is important as more and more applications and services are moving to the cloud. These SaaS-based applications are
typically delivered over HTTPS and so to be effective, Edge Cache must support caching this HTTPS traffic.

Edge Cache also offers cache statistics, which provide insight into the amount of repetitive data being off-loaded from
the WAN link, how cacheable the network data is, and how frequently the cache is being accessed.

Caching Internet-based Content

To cache web traffic, a client-side Exinda appliance is put in line with the traffic. When a network user visits a URL with
cacheable content, Edge Cache first determines if the content is available in its cache. If not, Edge Cache retrieves the
content from the URL. Upon retrieving the content, it is stored in the cache with its expiry date as specified on the
source website. This assumes that the content is cacheable and falls within the Edge Cache setting parameters, such as
size of object and whether or not the URL is blacklisted. The next time a network user visits the same URL, Edge Cache
determines that the content is available in the cache and that the content is not stale by looking at the object expiry
date. The content is then served to the client from the cache, rather than retrieving from the URL over the WAN.

Edge Cache uses a least recently used (LRU) algorithm for expiring cached data to make room for new objects. This
means the most popular and most used content is stored the longest. You also have the ability to manually clear the
entire cache if desired.

Edge Cache operates as a transparent proxy since it is running on an inline device. As a result, your browsers do not
need to be configured with an explicit proxy configuration.

Caching Encrypted Internet-based Content

VERSION INFO

As of version 7.0.2, Edge Cache can cache HTTPS content, as well as HTTP content.

When the network user visits an HTTPS URL, if HTTPS caching is not enabled, Edge Cache is unable to determine what is
being requested because the traffic is encrypted, including the URL being requested. Even if it could cache the
encrypted data, the next request for the same HTTPS URL would not contain the same cached data because the
encryption pattern would be different. By enabling HTTPS caching, Edge Cache is able to act as a forward proxy, and
retrieve the content from the server, decrypt it, and provide it to the client over an encrypted communication channel.
Later requests can then be served from the cache.

To support this feature, you need to upload a trusted certificate to the appliance, which is then used by Edge Cache to
sign all dynamically generated site certificates. All client devices must trust this certificate as a signing authority.

To cache encrypted web traffic, the client tries to communicate with the HTTPS web server. The Exinda appliance
intercepts, keeping the communication open with the client. Then Edge Cache tries to establish a conversation with the
server. Upon receiving the certificate details from the server, Edge Cache extracts the certificate details, constructs a new
certificate and signs it using the signing certificate that was loaded and specified in the Edge Cache settings. Edge
Cache then presents this new certificate to the client. The client trusts this certificate because the details match its HTTPS
URL request as the client has previously been told to trust anything signed by this signing certificate (see below). The
communication negotiation between the client and Edge Cache is now complete. The client then requests the specific

Summary of Contents for EXNV-10063

Page 1: ...ADMINISTRATION GUIDE Find out how to set up and configure Exinda Network Orchestrator in different environments and how to customize advanced features ...

Page 2: ...f information contained in this document and is not responsible for misprints out of date information or errors GFI reserves the right to revise or update its products software or documentation without notice You must take full responsibility for your use and application of any GFI product or service No part of this documentation may be reproduced in any form by any means without prior written aut...

Page 3: ...ic Wizard 30 2 4 4 Licensing information 34 2 5 Installing an Exinda Virtual Appliance 38 2 5 1 Sizing and resource requirements 39 2 5 2 Exinda Virtual Appliance use cases 44 2 5 3 Hypervisor limitations 59 2 5 4 Running on VMware vSphere ESX and ESXi 60 2 5 5 Running on Citrix XenServer 77 2 5 6 Running on Microsoft Hyper V 86 2 6 Managing multiple appliances with the Exinda Management Center 10...

Page 4: ...th the Undefined variable MyVariables ExSoluCtr 262 3 3 1 How performance reports work 263 3 3 2 Using Application Performance reports 263 3 3 3 Using the Application Performance Monitor VoIP report 265 3 3 4 Recreational Traffic 266 3 3 5 Answers to common questions about Solution Center Application Performance 266 3 3 6 Adding and deleting Solutions 268 3 3 7 Setting a new baseline 269 3 3 8 Wor...

Page 5: ...System Setup 426 4 2 1 Date and Time Configuration 426 4 2 2 UI Access Configuration 428 4 2 3 SDP Configuration 430 4 2 4 Configure SQL Access 430 4 2 5 Monitoring Configuration 446 4 2 6 Netflow Configuration 450 4 2 7 Create a Scheduled Job 453 4 2 8 Alerts 454 4 2 9 Control Configuration 457 4 2 10 Disk storage explained 457 4 3 Certificates 462 4 3 1 Managing Certificates and CA Certificates ...

Page 6: ...MAPI traffic 548 5 3 4 Reduction ratio for MAPI is different between Client side and Server side Exindas 549 5 4 Troubleshoot issues with TCP acceleration 549 5 5 Troubleshoot issues with SMB file acceleration 549 5 6 Troubleshoot issues with Active Directory configuration 550 5 6 1 Exinda Appliance Reboots Every Night 550 5 6 2 WMI Service is not running 551 5 6 3 System account showing in traffi...

Page 7: ...Safetyand Compliance 571 8 1 EMC Notice 571 8 2 Compliances 571 8 2 1 CE 571 8 2 2 FCC Class A 571 8 3 Safety Guidelines 572 8 3 1 Lithium Battery Caution 572 9 Predefined Applicationsand Application Groups 573 9 1 Predefined Applications and Supported L7 Signatures 573 9 2 Predefined Application Groups 612 ...

Page 8: ... discovery process and manual definitions the Exinda Appliance learns about your network Then you specify policies to regulate traffic in your network After that you use Exinda s robust set of monitoring tools to gain total insight into the traffic on your network and adjust your policies as needed 1 2 What is network orchestration Network orchestration is the idea that networks can be programmed ...

Page 9: ...cation Details Designed for Small Office Supported Users Up to 1 600 Traffic Shaping Shaping Throughput 150 Mbps Concurrent Flow 45 000 New Connection Rate 4 000 s Packets Per Second 45 000 s Number of Traffic Policies 512 Traffic Acceleration Acceleration Throughput 20 Mbps Edge Cache Throughput 20 Mbps Optimized Connections 2 000 Network Diagnostics APS Objects 100 ...

Page 10: ...op or 1U rack mount Data Store Cache Size 500 GB NICs Default 2 Bridge Pairs or 1 Bridge Pair plus 1 Management NICs expandable to Redundant Power No Network Orchestrator 4062 Series Screenshot 3 Front viewof the Exinda4062 Screenshot 4 Rearviewof the Exinda 4062 Specification Details Designed for Medium Office Supported Users Up to 38 000 ...

Page 11: ... Throughput 50 Mbps Optimized Connections 6 000 Network Diagnostics APS Objects 250 SLA Objects 250 PDF Reports 60 Hardware Specifications Form Factor Desktop or 1U rack mount Data Store Cache Size 1 TB NICs Default 3 Bridge Pairs 1 Management 1 Cluster 10GbE and 1Gb Fiber options available NICs expandable to 5 Bypass Bridges Redundant Power Yes Network Orchestrator 8063 Series Screenshot 5 Front ...

Page 12: ... 150 Mbps Edge Cache Throughput 175 Mbps Optimized Connections 25 000 Network Diagnostics APS Objects 300 SLA Objects 300 PDF Reports 100 Hardware Specifications Form Factor Desktop or 1U rack mount Data Store Cache Size 2 TB RAID 10 Memory 32 GB NICs Default 1 management 1 cluster IPMI support Interface NIC Slots 1 half height occupied 1 full height NICs expandable to 4 bypass bridges Redundant P...

Page 13: ...00 s Packets Per Second 1 400 000 s Number of Traffic Policies 4096 Traffic Acceleration Acceleration Throughput 500 Mbps Edge Cache Throughput 250 Mbps Optimized Connections 32 000 Network Diagnostics APS Objects 300 SLA Objects 300 PDF Reports 100 Hardware Specifications Form Factor Desktop or 2U rack mount Data Store Cache Size 1 8 TB RAID 10 Memory 64 GB NICs Default 1 management 3 extra on bo...

Page 14: ...cifications Form Factor Desktop or 2U rack mount Data Store Cache Size SSD 1 6 TB RAID 2 Memory 256 GB NICs Default 1 management 3 extra on board interfaces 1 IPMI Interface NIC Slots 4 half height 3 full height NICs expandable to 18 bypass bridges Redundant Power Yes 1 3 2 Exinda virtual appliances The virtual Exinda Network Orchestrator provides the same monitoring reporting and control features...

Page 15: ...n the Exinda Network Orchestrator model numbers are the features and licensing of the appliance This is the model number syntax hardware series software license hardware version bandwidth parameters hardware series The hardware model number software license The purchased license hardware version The platform configuration version bandwidth optimization bandwidth acceleration optimization The amoun...

Page 16: ...effectively controls the general traffic scenarios See Optimizer Policy Tree to understand how the policy configuration works You can also customize the traffic policy and have multiple policies in place to match your requirements For more information refer to Policies overview page 292 4 Create alerts and application performance monitors Set alerts on various aspects of the traffic You can monito...

Page 17: ...es specific protocols or modes to enable packet monitoring and inspection Inline In network terminology an inline device receives packets and forwards them to their intended destination Routers firewalls and switches are examples of inline devices The inline designation also alerts you the device is critical to network function If the device goes down network traffic is affected In an in path topo...

Page 18: ...ur appliance has a dedicated management port it also needs to be cabled to an internal switch using an Ethernet cable Both cables are shipped along with the appliance For more information refer to Basic characteristics and behaviors of Exinda Appliances page 17 For specific information about your model download its Quick Start Guide Once all Ethernet cables are in place power the Exinda Appliance ...

Page 19: ...he Exinda Appliance With the Exinda Appliance deployed between the switch and the router you get visibility to all the traffic entering and leaving the Main Site network via the router Installing the Exinda Appliance in a main site internet link topology This install is straightforward and requires just a few steps The high level plan is to plug your Exinda Appliance inline between the switch and ...

Page 20: ...AN use a different deployment strategy One of Exinda s top features is Application Acceleration With only one Exinda Appliance deployed Application Acceleration isn t available because it requires at least two Exinda Appliances Overcoming the limitations of the main site internet link topology If you only have one Exinda Appliance but need to monitor and control network traffic to the Internet fro...

Page 21: ...mation refer to Basic characteristics and behaviors of Exinda Appliances page 17 Capabilities provided by the main site WAN link topology In this topology the Exinda appliance Monitors all traffic utilization and all applications to the Internet You can distinguish between business relevant traffic and traffic used for recreational purposes Monitors usage of Internet and WAN traffic e g how much o...

Page 22: ...ites with multiple Exinda Appliances Deploying multiple Exinda Appliances provides a lot of flexibility for monitoring and shaping network traffic across multiple network sites You also gain the ability to enable Exinda s Application Acceleration feature if your Exinda Appliance model supports it This topology requires at least two Exinda Appliances In the network diagram below there are three Exi...

Page 23: ...his topology the Exinda appliances Monitor and control all traffic to and from the Internet and WAN May accelerate traffic between all WAN sites Monitor distribution of application traffic between all sites Prioritize and manage application performance in a fully meshed environment Control or block P2P and recreational applications site wide Limitation of the distributed branch topology None This ...

Page 24: ...nore all traffic between the local LAN and the DMZ Installing an Exinda Appliance in a network environment with a firewall 1 Enable the appropriate bridges on the IP Address configuration page 2 Connect Exinda WAN2 into your router firewall using a crossover cable 3 Connect Exinda LAN2 into the LAN switch 4 Connect Exinda LAN1 into the DMZ switch or host 5 Connect Exinda WAN1 in the DMZ interface ...

Page 25: ...inator and the router the Exinda Appliance sees only encrypted tunnel traffic Screenshot 15 Topologies with VPNs deployment Scenario 2 Installing an Exinda Appliance in a network environment with a VPN Scenario 1 1 Connect the Exinda WAN port into the internal interface of the VPN terminator using a crossover cable 2 Connect the Exinda LAN port into the LAN switch Scenario 2 ...

Page 26: ...er VPN terminator sites Only a single IP address will be visible per site Limitations of an Exinda Appliance in a network environment with a VPN In VPN scenario 2 the Exinda appliance cannot monitor and prioritize the encrypted traffic by application internal hosts and servers Multiple link topology Exinda Appliance in a network with multiple WAN connections Some Exinda Appliances support multiple...

Page 27: ... with traffic distributed across several servers In this case an Exinda Appliance is installed in front of each load balanced server and all other Exinda Appliances cluster so they each have the same con figuration and network traffic can be reported on in aggregate 2 3 Upgrading and downgrading Exinda Network Orchestrator is upgraded regularly with new product features and improvements Learn how ...

Page 28: ... Schedule Installation and specify the Date and Time By default the image gets downloaded straight away and only the installation gets scheduled To schedule the download of the image to happen at the scheduled time check Schedule Image Download option b By default the Exinda appliance will not reboot following a scheduled installation To restart the appliance after the scheduled installation check...

Page 29: ...nformation about installing a virtual appliance refer to Exinda Virtual Appliances 2 4 1 Gathering required information Use this list prior to installing your Exinda Appliance to check that you have the requisite physical hardware and information to ensure a smooth installation 1 Inspect the package contents The package contents vary slightly depending on the model In general the package includes ...

Page 30: ...izard For more information refer to Creating an initial configuration using the Basic Wizard page 30 2 4 3 Creating an initial configuration using the Basic Wizard The initial configuration wizard steps you through configuring the appliance s interfaces IP settings HTTP proxy settings basic system information license information and storage volume It also provides the option to upgrade the firmwar...

Page 31: ...an set interface speed and duplex settings from this screen Basic Wizard Step 2 IPSettings This screen allows you to configure basic network connectivity settings You can either manually specify these settings or select Autoconf to automatically acquire these settings The type of auto configuration selected depends on your network For IPv4 networks select DHCP for IPv6 use SLAAC ...

Page 32: ... messages specify an HTTP proxy If you have SDP enabled ensure your proxy supports HTTPS Basic Wizard Step 4 System This screen allows to configure basic system settings Basic Wizard Step 5 Licensing This screen allows you to configure the system s license When you enter the screen the Exinda appliance attempts to contact the Exinda licensing server on the Internet If the appliance ...

Page 33: ...creen displays the available disks that can be added to the volume group Basic Wizard Step 7 Firmware This screen displays the status of the firmware running on the Exinda appli ance If the appliance has Internet connectivity the system checks for any newer firmware that may have been released If a newer firmware image is available you are asked if you want to download and install it Basic Wizard ...

Page 34: ...es such as SSL Acceleration Virtualization and Edge Cache require a separate license and some features have a specified license limit such as maximum traffic shaping or acceleration bandwidth The effective license limits can change depending on the license key or combination of keys installed Licensing for Virtual Appliances is different when compared to Hardware Appliances All Virtual Appliances ...

Page 35: ...des the highest specification limits Screenshot 17 License Licensed License Status Host ID Unique identifier of each Exinda appliance software Model Exinda appliance model SS Expiry Expiry date of Exinda Software Subscription After this date you are no longer entitled to support and no new software updates can be installed on the appliance Max Bandwidth Maximum monitoring and QoS bandwidth Optimiz...

Page 36: ... objects 2 Please contact your local Exinda representative if you wish to enable a feature To see the last time that the auto license service checked for a new license 1 Go to Configuration System Setup License 2 The Last Checkand Last Update date time is shown in the Auto License section at the top of the page To force the auto license service to check for a new license 1 Go to Configuration Syst...

Page 37: ...es are currently applied The appliance will use the license that provides the highest specification limits License keys can also be removed from the system by clicking Remove Before removing ensure that you keep a copy of the license key To re enable a virtual appliance that has shut down due to not connecting Contact Exinda TAC to re enable your virtual appliance To generate a virtual appliance t...

Page 38: ...nse process you must have installed the EXN V and captured the Host ID information to complete this process 1 In a browser navigate to the address of your Exinda Virtual Appliance 2 Log into your Exinda VM The default user name is admin and the password is exinda 3 On the Dashboard System tab find the Host ID that the hypervisor created for this virtual machine You must have your purchase order nu...

Page 39: ...l file size be allocated to Edge Cache and SMB1 Cache For example if your SMB1 cache is 1TB then the recommendation is 800MB For WAN Memory size should be based on the following For systems with 2GB RAM Max WAN Memory Cache is 300GB For all other systems Max WAN Memory Cache is 1TB Depending on the WAN bandwidth use the following sizing specifications to estimate the host resources required for ea...

Page 40: ...isk I O bandwidth Use these topics for more guidance on sizing specifications and resource requirements Exinda virtual model 3062 Exinda virtual model 4062 Exinda virtual model 6062 Exinda virtual Model 8063 Exinda virtual model 10063 Exinda virtual model 12063 Exinda virtual model 2061 Specification Details Diagnostics Licensed Bandwidth in mbps 50M Diagnostics and Shaping Licensed Bandwidth in m...

Page 41: ...stics Licensed Bandwidth in mbps 150M Diagnostics and Shaping Licensed Bandwidth in mbps 50M Diagnostics Shaping and Acceleration Licensed Bandwidth in mbps 5M 10M Max Concurrent Flows 150 000 Max L7 New Connection Rate 4 000 Maximum Accelerated Connections 2 000 Reports 20 SLAs 100 APS Objects 100 Policies 512 Edge Cache Max Throughput in mbps 20 CPUs Qty GHz 2 2 0GHz NOTE All virtual machine mod...

Page 42: ...0 APS Objects 250 Policies 1 024 Edge Cache Max Throughput Mbps 20 CPUs Qty GHz 4 2 4Ghz NOTE All virtual machine models must be run on hosts with Intel Xeon class CPUs CPU ratings requirements are as quoted in the table These CPUs must be VT Enabled and 64 Bit Minimum Storage GB 250GB Minimum Memory GB 8GB EC IOPS 50 Monitoring IOPS 150 Exinda virtual model 6062 Specification Details Diagnostics ...

Page 43: ...t Minimum Storage GB 500GB Minimum Memory GB 12GB EC IOPS 70 Monitoring IOPS 150 Exinda virtual Model 8062 Specification Details Diagnostics Licensed Bandwidth Gbps 5G Diagnostics and Shaping Licensed Bandwidth Gbps 3G 4G 5G Diagnostics Shaping and Acceleration Licensed Bandwidth Mbps 100M 200M Max Concurrent Flows 1 200 000 Max L7 New Connection Rate 25 000 Maximum Accelerated Connections 20 000 ...

Page 44: ...ese CPUs must be VT Enabled and 64 Bit NOTE On the EXNV 10062 the number of CPUs depends on the licensed bandwidth for Diagnostics Shaping and Acceleration Minimum Storage TB 2TB Minimum Memory GB 64GB EC IOPS 80 Monitoring IOPS 150 2 5 2 Exinda Virtual Appliance use cases Learn different ways of deploying the Exinda virtual appliance These use cases cover both inline and out of path deployments A...

Page 45: ...ctive Directory At least two physical NIC interfaces are bridged together in the virtual Exinda Virtual Appliance User connections from the branch office to the Data Center applications are in line through the Exinda Virtual Appli ance on both ends of the connections and through external NIC interfaces The Exinda provides diagnostic shaping and acceleration for all traffic in this configuration Op...

Page 46: ...th from a client on the local LAN goes through the Exinda virtual appliance in Inline Mode and out to the WAN Exinda Exinda Virtual Appliance software version is 7 4 2 This deployment works with either local or external storage Inline deployment with an isolated virtual LAN and virtual applications In this use case the Exinda Virtual Appliance is set up for an inline mode deployment with an isolat...

Page 47: ... is on the LAN side the second one is for the WAN side This results in isolating the applications behind the Exinda Virtual Appliance Users connecting from the branch office to the Data Center applications are in line through the Exinda virtual machine s on both ends of the connections and through a single external NIC interface to the WAN The Exinda appliance provides Diagnostics Shaping and Acce...

Page 48: ...witch goes through the Exinda Virtual Appliance in inline mode through the ETH2 ETH3 bridged configuration and out the NIC3 interface to the WAN OPTIONAL If this is a branch office with local users configure local users to connect through the NIC2 physical inter face and SW2 ETH2 Exinda Virtual Appliance interface and out to the WAN This require mapping a third NIC interface Out of band WCCP mode ...

Page 49: ...ngle NIC interface on the hypervisor how ever for performance reasons it is recommended to segment the un optimized traffic from the optimized traffic User access from the branch office to the Data Center applications has two paths Path one is directly to the WAN router with no traffic shaping or acceleration Path two is through the re directed path invoked by the router using WCCP to the Exinda v...

Page 50: ...ance Optional It is possible to configure and map all data traffic on SW1 and SW2 to the NIC1 interface however for per formance reasons it is recommended to segment the optimized traffic on its own NIC and virtual switch for per formance reasons and in the event of failure of the Exinda Virtual Appliance Out of band and High Availability PBR VRRP Mode In this use case there are multiple Exinda Vi...

Page 51: ... Traffic on the Data Center side has the same path as the branch side Traffic that is selected to be optimized and accelerated is redirected to the Exinda Virtual Appliance through PBR on the WAN router Use Case Screenshot 23 Use case forOut of band and High Availability PBR VRRP Mode In this diagram The virtual LAN with application servers APP1 and APP2 are configured in the hypervisor on SW1 and...

Page 52: ...liance is set up to monitor and collect traffic for only reporting only without installing the appliance in the inline mode The appliance monitors and reports on all applications presented on the SPAN mirror port Screenshot 24 Use case forPort mirroring SPANport Configuration In this use case The Exinda Virtual Appliance is used for monitoring and reporting and is configured in the hypervisor to u...

Page 53: ...ts vMotion HA and Fault Tolerant Screenshot 25 Use case forPort mirroring with an externalNexus switch In this use case The customer has selected Exinda for its monitoring and reporting service The EXN V is configured as a virtual machine on a hypervisor or as an ESXi hypervisor for VMware on a dedicated NIC2 interface and dedicated virtual switch SW2 The EXN V management port is mapped to SW0 and...

Page 54: ...tionality The VEM uses the VMware vNetwork Distributed Switch vDS API which was developed jointly by Cisco and VMware to provide advanced networking capability to virtual machines This level of integration helps ensure that the Cisco Nexus 1000V Series is fully aware of all server virtualization events such as VMware VMotion and Dis tributed Resource Scheduler DRS The VEM takes configuration infor...

Page 55: ...ual appliance where the requirement is for Exinda firmware 7 4 4 ESX ESXi HA software versions 5 5 and 6 0 vMotion support vMotion Yes for INLINE line VMware best practice recommends that at least three hosts are used for this configuration and Licensing for the Exinda Virtual Appliance units include two full licenses and one cold standby license Each Exinda Virtual Appliance must maintain network...

Page 56: ...is required Downtime for any workload in HA mode is for the duration of the virtual workload and or the Exinda Virtual Appli ance to reboot VMware Fault Tolerance FT cluster In this use case we discuss the recommended configuration and best practices for installing the Exinda Virtual Appliance on VMware Fault Tolerance FT cluster For this use case you require Exinda firmware version 7 4 4 Hypervis...

Page 57: ...irement you must provide an external switch and separate NIC to pass the traffic between the workloads and the Exinda Virtual Appliance Having a separate host for the Exinda Virtual Appliance allows you to Segment other virtual appliances from the application workloads Support vMotion just for the application workloads and not for the host running the Exinda virtual appliance There are two network...

Page 58: ...or management and licensing of the virtual machines NOTE Any physical NIC interface can be used NIC1 is used for illustration purposes VMware software version 5 5 and 6 0 Exinda Virtual Appliance firmware version 7 4 4 WANEM Virtual Simulator software 2 3 http wanem sourceforge net You can use your own WAN simulator of choice Four virtual switches have been defined on the ESX ESXi host BR_LAN bran...

Page 59: ...o configure on the ESX ESXi host mapping BR_LAN to NIC0 and DC_LAN to NIC3 to connect the external workstation and server The benefit is you can test through the isolated virtual Exinda Virtual Appliance environment with no impact to a product network Screenshot 30 WANexternalworkstation 2 5 3 Hypervisor limitations Consider these additional planning items when installing Exinda Virtual Appliance ...

Page 60: ...Active mode with a Heartbeat between the two systems There must be a separate Virtual NIC configured for Heartbeat traffic to transit 2 5 4 Running on VMware vSphere ESX and ESXi Learn how to run and customize the Exinda Virtual Appliance on VMware vSphere client NOTE VMware ESX ESXi 5 5 or later is required Understanding how VMotion works For isolated virtual applications on the Exinda Virtual Ap...

Page 61: ...witch1 is mapped to external NIC1 and connected to the management network The vSwitch1 is mapped to NIC2 and connects APP1 to the production network The vSwitch2 is mapped to APP2 but does not have a mapping to external NIC3 The use case for this is that a net work administrator may have one or many virtual workloads isolated on the host for testing purposes vMotion is executed for APP1 on ESXi 1 ...

Page 62: ... to a network where you can manage the virtual appliance b If you are configuring the virtual appliance for clustering high availability or out of path deployments map the AUX interface to the appropriate network This interface can be left disconnected if it is not required c If you are deploying the virtual appliance in line add additional NICs 4 Click Next 5 Review the deployment settings and cl...

Page 63: ... Settings 3 On the Hardware tab select CPUs 4 Select the Numberof virtual sockets 5 Select the Numberof corespersocket The resulting total number of cores is a number equal to or less than the num ber of logical CPUs on the host For example if the Numberof virtual socketsis 2 and the Numberof corespersocket is 3 the total number of cores will be 6 Show Image 6 Click OK Adjusting the RAM available ...

Page 64: ...er to Converting two NICs into a Bridge page 65 The following steps describe how to add extra NICs to the Virtual Appliance You need to add extra NICs in pairs in order to create LAN WAN bridges NOTE Even though there is no limitation on the number of bridges a given Virtual Exinda appliance can have the number of connections can affect the performance of the VM For more information refer to Sizin...

Page 65: ...gement Interface becomes a LAN Interface and the Auxiliary Interface becomes a WAN Interface Start the virtual appliance and then 1 On your browser open the Exinda Web UI https UI_IP_address 2 Key in the UserName and Password 3 Click Login The Exinda Web UI appears 5 Navigate to Configuration System Network IPAddress 6 To bridge the two NICs together select the bridge number you would like to conv...

Page 66: ...nd Bridge Packets Promiscuous Mode page 66 Allow Ports to Accept and Bridge Packets Promiscuous Mode Any VMware virtual NIC used to deploy the virtual appliance in line must be configured to allow promiscuous mode ensuring the LAN and WAN ports are capable of accepting and bridging packets that are not destined for them 1 Open the VMware vSphere Client 2 Select the ESXi server and switch to the Co...

Page 67: ...s come with a single 50GB fixed size disk Usually you will want more storage for features such as WAN Memory and Edge Cache This is achieved by adding an additional disk to the Virtual Appliance The size of the disk you should add largely depends on the amount of RAM allocated to the Virtual Appliance As a general rule you should add a maximum of 100GB of disk storage per 1GB of RAM So if you have...

Page 68: ...g started 68 4 Specify the size of the additional disk to create This space will be added to the default 50GB that comes with the Vir tual Appliance So if you add a 200GB disk here the total storage for the Virtual Appliance will be 250GB ...

Page 69: ...Exinda Network Orchestrator 2 Getting started 69 5 Click Next 6 Attach the new disk to the next available SCSI node for best performance ...

Page 70: ...tual Appliance s disks config show storage Services cifs available 3743 46M free of 3876M total edge cache available 3723 53M free of 3872M total monitor available 9882 83M free of 10G total users available 974 62M free of 1024M total wan memory available 17 21G free of 17 65G total Disks sda10 internal in use 36 22 GB sdb not in use 214 7 GB Total 36 22 Unallocated 0 10 The output shows that our ...

Page 71: ... a login prompt on the VMware console At this point you can login with the default username admin and password exinda If the first NIC is connected to a network that provides addresses using DHCP the Virtual Appliance should have picked up an IP address On the Virtual Appliance summary screen VMware tools should display the IP address that the Virtual Appliance has obtained NOTE The VMware Tools s...

Page 72: ...ide credentials when prompted ii Scroll to Troubleshooting Options and press Enter iii If you want to enable local TSM select Local Tech Support and press Enteronce This allows users to login on the virtual console of the ESXi host iv If you want to enable remote TSM select Remote Tech Support SSH and press Enteronce This allows users to login via SSH on the virtual console of the ESXi host RECOMM...

Page 73: ...s Mode and as accepting all VLANs 4065 10 Look around in the Configuration Networking configuration to see if the bvpm0 adapter is already attached to a standalone vSwitch that is not one of the ones created in the previous two steps If that is the case simply disconnect that bvpm0 adapter from it and assign it to the vSwitch that is currently connected to the LAN interface of the virtual Exinda b...

Page 74: ...rfaces the first two are standalone interfaces while the last two are for bridging purposes NOTE From ESXI v6 0 it is possible that after assigning the bpvm0 driver to the LAN switch the driver will not show up as a Physical Adapter unused as in the above screenshot if this is the case you can continue ...

Page 75: ...DD solid state drives SSD and storage area networks SAN As with any benchmark IOPS numbers published by storage device manufacturers do not guarantee real world application performance IOPS are measured in both Commands per Second IO operations per second or Throughput Megabytes per Second In the sizing charts for the Exinda virtual appliance EXN V we have represented the measurement in Commands p...

Page 76: ...service Edge Cache IOPS Monitoring IOPS Average Optimization IOPS Total IOPS Example Virtual Model 2061 IOPS Edge Cache IOPS 30 Monitoring IOPS 140 Average Optimization IOPS 200 Total IOPS 370 1 On the Custom Performance Chart for the EXN V select Virtual disk Real time 2 Select Average write requestspersecond inbound and outbound The report indicates the Minimum Maximum and Average Commands per S...

Page 77: ...isk Additional storage can be added in the form of another disk after the Virtual Appliance has been deployed For more information refer to Add storage to the XenServer virtual appliance page 83 Then click Next 7 Choose the NIC mapping By default the Virtual Appliance comes with 4 NICs The first NIC is the Management Inter face and you should connect it to a network that allows you to manage the V...

Page 78: ...ults to complete the wizard configuration Select No to disable IPv6 Select Yesto configure ETH0 for management access This will disable the BR0 bridge Select Yesto use DHCP on ETH0 Select null to default to the Exinda hostname Select null for SMTP server address Select null for email address for reports and alerts Select null to use the default password which is exinda Select Yesto change the inte...

Page 79: ...r network interface cards NICs TIP Before you can make changes to the virtual appliance you will need to shut it down If more interfaces are needed please follow the next procedure the Exinda appliance will recognize that if two NICs are added they can then be bridged The following steps describe how to add extra NICs to the Virtual Appliance In order to create LAN WAN bridges you need to add extr...

Page 80: ...eployments There are 2 options when it comes to placing the Virtual Appliance in line Convert the first two NICs into a bridge so that the Management Interface becomes a LAN Interface and the Aux iliary Interface becomes a WAN Interface This is achieved by booting into the Virtual Appliance and navigating to the Configuration System Network IPAddresspage on the Web UI advanced mode From this page ...

Page 81: ...orts These 2 additional NICs can be bridged to allow the Virtual Appliance to be placed in line The following steps describe how to add extra NICs to the Virtual Appliance You need to add extra NICs in pairs in order to create LAN WAN bridges 1 From the Networking tab in the Exinda Virtual Appliance settings click Add Interface 2 Choose the network to map this new NIC to then click Add ...

Page 82: ...this will cause the first two NICs to be bridged 4 When the Virtual Appliance is next booted the new NICs will be automatically detected and any additional NIC pairs will be bridged Below is what the System Network IPAddresspage on the Web UI looks like after 2 extra NICs have been added ...

Page 83: ...nal disk to the Virtual Appliance The size of the disk you should add largely depends on the amount of RAM allocated to the Virtual Appliance As a general rule you should add a maximum of 100GB of disk storage per 1GB of RAM So if you have given 4GB of RAM to your Virtual Appliance you can add up to 400GB of extra storage IMPORTANT You must power off the virtual appliance while changing the virtua...

Page 84: ... CLI to provision the new stor age The show storage command lists the current storage allocations as well as the Virtual Appliance s disks config show storage Services cifs available 3743 46M free of 3876M total edge cache available 3723 53M free of 3872M total monitor available 9882 83M free of 10G total users available 974 62M free of 1024M total wan memory available 17 21G free of 17 65G total ...

Page 85: ...ppliance for the first time Power it on The Virtual Appliance will boot and when ready will display a login prompt on the XenCenter console At this point you can login with the default username admin and password Exinda If the first NIC is connected to a network that provides addresses using DHCP the Virtual Appliance should have picked up an IP address On the Virtual Appliance Networking screen X...

Page 86: ... to run in a variety of virtual environments Hyper V provides support for hosting the Exinda Virtual Appliances in Microsoft Server 2012 and 2012 R2 1 Locate the latest release of the Exinda Hyper V Virtual Appliance from the Software Downloads section of the Exinda website The download file is in ZIP format 2 Unzip the ZIP file into a local folder The ZIP archive contains three folders which cont...

Page 87: ...xinda Network Orchestrator 2 Getting started 87 5 Click the Browse button and navigate to and select the local folder where you unzipped the downloaded file The wizard then recognizes the virtual machine ...

Page 88: ...pe page of the wizard opens 7 Select the Copythe virtual machine radio button The Choose Folder for Virtual Machine Files page of the wiz ard opens 8 If you prefer not to use the default folders select the Store the virtual machine checkbox and for each of the three folder options browse to and select your preferred folder ...

Page 89: ...Exinda Network Orchestrator 2 Getting started 89 9 Click Next The Choose Folders to Store Virtual Disks page of the wizard opens 10 Click the Browse button and select the folder to use ...

Page 90: ...e Completing Impoprt Wizard page opens 12 Review the settings in the right pane If they are correct click Finish The installation proceeds When the installation is complete an entry for the new virtual machine appears in the Virtual Machinespane in the Hyper VManager ...

Page 91: ...llowing related tasks IMPORTANT Before powering on your Exinda Virtual Appliance for the first time you need to make sure that the virtual configuration is what you need See the following Related Tasks to fully configure your VM Related Topics Adjusting the number of CPUs available to the Virtual Machine Adjusting the RAM available to the Virtual Machine Adjusting the NICs available to the Virtual...

Page 92: ...s for the virtual machine as long as those resources are available on the host you can make them available to the guest NOTE You will need to shut the virtual appliance down before you can modify its configuration Related Topics Adjusting the number of CPUs available to the Virtual Machine Adjusting the RAM available to the Virtual Machine Adjusting the NICs available to the Virtual Machine Increa...

Page 93: ...you can also adjust several other settings to balance resources among any other virtual machines Consult the Hyper V documentation for more information on these settings 5 Click OK The number of CPUs available to the virtual machine is immediately adjusted NOTE These instructions also apply to changing the configuration after the virtual appliance has entered service ...

Page 94: ...vailable to the Exinda Virtual Appliance There is a basic amount of RAM provided in the Exinda Virtual Appliance but if you have spare RAM on the host machine you may want to make this available to the virtual machine You make adjustments to the amount of RAM in the Hyper V Manager 1 Open the Hyper V Manager 2 In the left pane right click on the virtual machine you need to edit and select Settings...

Page 95: ...also Enable Dynamic Memory and specify amounts and adjust Memory weight Consult the Hyper V documentation for more information on these settings 5 Click OK The amount of RAM available to the virtual machine is immediately adjusted NOTE These instructions also apply to changing the configuration after the virtual appliance has entered service ...

Page 96: ... the NIC TIP In this pane you can also enable Bandwidth Management Consult the Hyper V documentation for more information on these settings 5 Click OK The NIC configuration is immediately modified for when the virtual machine is started NOTE These instructions also apply to changing the configuration after the virtual appliance has entered service Related Topics Adjusting the number of CPUs availa...

Page 97: ...ection select IDE Controller 1 as the Controller and 1 in use as the location By default this is the only slot available in the virtual machine to which to insert a new Virtual Hard Drive However if more hard drives are needed in the future you could remove the DVD Drives present by default given that these are not needed in the appli ance In such a case Controller 0 Location 1 and Controller 1 Lo...

Page 98: ...Exinda Network Orchestrator 2 Getting started 98 6 Click New The New Virtual Hard Disk wizard opens ...

Page 99: ...Exinda Network Orchestrator 2 Getting started 99 7 Select VHDX as the Disk Format type and click Next ...

Page 100: ...Exinda Network Orchestrator 2 Getting started 100 8 In the Choose DiskType section select the Fixed Size option and click Next ...

Page 101: ...Exinda Network Orchestrator 2 Getting started 101 9 Specify a Name and Location for the virtual hard drive and click Next ...

Page 102: ...ecommended sizes are the following EXNV 2061 250 GB Total Add a 200GB Disk EXNV 3062 250 GB Total Add a 200GB Disk EXNV 4062 250 GB Total Add a 200GB Disk EXNV 6062 500 GB Total Add a 450GB Disk EXNV 8062 500 GB Total Add a 450GB Disk EXNV 10062 500 GB Total Add a 450GB Disk 7 Click Finish to create the hard drive This can take a few minutes ...

Page 103: ...ement interface must already have been configured with an IP address or will obtain an IP address using DHCP You need to make sure that the Management Interface is connected to the proper Virtual Switch in your Hyper V environment 10 Find the IP address assigned to the management interface by right clicking on the VM and selecting the Connect option This provides console access 11 Log on to the ap...

Page 104: ...o the new drive is sdd The new space appears as unallocated storage inside the Storage Configuration section NOTE Exinda recommends that you resize the monitor partition to at least 100GB If you are licensed for acceleration you should allocate most of the remaining storage in wan memory partition cache partition for all TCP protocols but if you are accelerating CIFS SMB protocols allow some stora...

Page 105: ... the virtual hard drive 2 6 Managing multiple appliances with the Exinda Management Center The Exinda Management Center EMC provides complete management insight and configuration control of your Exinda Network Orchestrator appliances from one central console All applications devices users and activities across all network locations are managed from a central location giving IT Administrators the a...

Page 106: ...tart by defining the group names you will need For more information refer to Configuring an appliance manually page 117 The Optimizer Policy Tree defines actions to be taken on different types of traffic going through the appliance The tree is processed in a top to bottom order so the policies on traffic are applied accordingly 5 Push Configuration Once all the desired changes have been made to th...

Page 107: ... rather than an entire appliance group After you confirm the configuration add the rest of the appliances to the appliance group and then push the configuration to the group again Appliance Group Inheritance When working with device subgroups remember to plan for group inheritance Implement common configuration at the parent group level because all subgroups can inherit settings from the parent gr...

Page 108: ...o communicate with the Exinda Network Orchestrator appliances follow the workflow below After you complete the steps you are ready to create policy and send it to your appliance groups Step 1 Identify the SDP Location on the Exinda Management Center if forwarding data to an SDP server Configure the location of your SDP so that data from the appliances is forwarded to this SDP At the top right of t...

Page 109: ...d with the same SDP Step 2 Configure Administrator Email Settings The mail server is used to send emails when a user needs to use the Forgot Password functionality At the top right of the interface click Admin SMTPServerSettingsand specify the location of your Mail Server settings ...

Page 110: ...onfiguration on the Network Orchestrator appliances On each of your appliances set the SDP setting to your EMC location using Configuration System Setup SDPtab The appliance then calls into Exinda Management Center every 5 minutes to retrieve new configuration and to provide traffic data which will be forwarded from Exinda Management Center to SDP ...

Page 111: ...the Appliance Pool Move the appliance from the Appliance Pool to Unallocated under the appropriate tenancy Step 6 Create Appliance Groups within a Tenant optional Create an appliance group hierarchy under Configured Appliances Appliances can be added to these groups All appliances under the same group will receive the same configuration Groups can be created hierarchically Go to the Configured App...

Page 112: ...ing configuration is optional but if an appliance has already been in use its configuration can be applied globally across all other appliances instead of configuring the appliances individually Follow these steps to import configuration into a tenant When importing the configuration from an appliance you work your way through a wizard that allows you to select the configuration items you need to ...

Page 113: ...rk objects already exist in the library a green checkmark appears in front of it Once used you will not be able reuse it 2 Click Add Selected NetworkObjectsto the Library Importing applications To import any applications that exist in the configuration of the appliance ...

Page 114: ... this step 2 Use check boxes to select the VLANs you need to import 3 Click Add Selected VLANsto Library 4 Click Next Importing circuits To import any circuits that exist in the configuration of the appliance 1 Click Import Circuits or click Next to skip this step 2 Use check boxes to select the circuits you need to import 3 Click Add Selected Circuitsto Library 4 Click Next Importing virtual circ...

Page 115: ...t 5 Click Import Policiesto import the current policies from the appliance NOTE EMC does not import policies that already exist in library or policies linked to a network object that does not exist in the library Hover over the error icon to see the related error message 6 Click Add Selected Policiesto the Libraryto successfully add selected policies into the library ...

Page 116: ...ting service level agreements To import any service level agreements that exist in the configuration of the appliance 1 Click Import Service Level Agreements or click Next to skip this step 2 Use check boxes to select the virtual circuits you need to import ...

Page 117: ...st in the tenant library a green check mark appears before the configuration item name You cannot use the same configuration item again 4 Click Next to move on to the next configuration class 5 Repeat steps 3 and 4 for each configuration class 6 At the end of the wizard click Close 2 6 7 Configuring an appliance manually If your appliance is new and requires configuration you can follow the steps ...

Page 118: ...onitoring purposes you need to add the application to a monitored application group If you use a custom application in the definition of a virtual circuit or policy for a given appliance group then the cus tom application is automatically added to the appliance group configuration For more information refer to Applic ations Step 4 Configure schedules Optional Schedules can be used to specify when ...

Page 119: ...n the appliance Add a policy set to a configured appliance group Optimizer Policy tree virtual circuit You can also create policy sets from the Optimizer Policy tree or in the library For more information refer to Creating policy sets in the EMC page 309 Step 11 Add or edit a policy Optional Policies are the rules that control the traffic When adding or editing a policy set you can add or edit a p...

Page 120: ...pliances For an appliance to receive the Optimizer Policy Tree configuration rooted with a particular circuit the bridge on the appliance must be mapped to the same Circuit Type as that Circuit For example if the circuit is bound to circuit type Internet and the appliance bridge s is mapped to Internet then that circuit configuration is sent to that appliance bound to the specific bridges Screensh...

Page 121: ...figuration rooted with a particular circuit the bridge for an appliance must be mapped to the same Circuit Type as that Circuit That is if the circuit is bound to circuit type Internet and the appliance bridge s is mapped to Internet then the circuit configuration sent to that appliance is bound to the specific bridges The Bridge Circuit Type Mapping list shows each appliance in the appliance grou...

Page 122: ...rom the drop down list If the desired named circuit type is not in the list click Create new circuit type in the library to create a new circuit type Once created it is then available in the drop down list 3 Click the Update Mapping button Why does it say Pending in the Bridge Circuit Type Mapping column Pending means that the Exinda Management Center has not received the list of bridges from the ...

Page 123: ...estrator appliances The tree is processed in a top to bottom order so the policies on traffic are applied accordingly Policy sent to the appliance is dependent on Circuit Type When the Optimizer Policy Tree is assigned to an appliance group generally all appliance groups that are nested under that group inherit the Optimizer Policy Tree In which case a message area above the Policy Tree indicates ...

Page 124: ...r example when you create and reuse a virtual circuit whenever that virtual circuit is changed all instances of its use are also changed Required objects will automatically be queued to be sent When policy rules or virtual circuits use objects in their definitions such as network objects or schedules then those objects are automatically added to the configuration that must be sent to the appliance...

Page 125: ...ircuit from Library and select a desired cir cuit To add a virtual circuit to the Policy Tree Virtual circuits logically partition the circuit A virtual circuit defines the traffic that is processed in the partition and the bandwidth it consumes Each virtual circuit has its own set of policies 1 Click Create new virtual circuit ...

Page 126: ... the virtual circuit and click Create and Add Similar to circuits virtual circuits can be added from the library if present To add a policy set to the Policy Tree Polices define what actions are to be taken on different types of traffic 1 There are two options ...

Page 127: ...e your own set of policies b Click Add PolicySet from Library to select a pre defined policy set template for a different type of traffic 2 In this example the Internet outbound policy set is selected and it automatically populates all the policies within this set into the virtual circuit ...

Page 128: ...rcuit to its new location To reorder a policy rule 1 Click the policy set that contains the policy that you would like to reorder 2 In the policy set form drag and drop the policy to its new location 3 Click Update in Library To remove elements from the Policy Tree For each element that you want to remove click the x icon at the far right NOTE You cannot delete elements from the Policy Tree if you...

Page 129: ... appliances call in they receive the configuration restart the optimizer and save configuration as instructed If multiple appliance groups exist then you can push the configuration individually for an appliances group by clicking on the main Configured Appliances icon This pushes the configuration to all the appliances groups and appliances within them Pushing the configuration restarts the Optimi...

Page 130: ...Exinda Network Orchestrator 2 Getting started 130 Screenshot 35 The life cycle of configuration status ...

Page 131: ...le hosts or groups of both Once defined a network object may be used throughout the Exinda Appliance for monitoring and identifying which traffic should be processed in the policy engine Network objects are in the configurations of other objects such as applications adaptive response rules application performance score objects and application performance metric objects Network objects are also use...

Page 132: ...ts defined by the network object will be considered to be on the WAN side of the appliance Inherit The locations of the subnets and hosts defined by the network object is determined or inherited by closest match to other network objects If all the subnets in this network object are contained in other network objects that are internal then the location of this network object will inherit the intern...

Page 133: ...fining an internal IPv6 server Create a network object that defines the internal IPv6 server at 2001 db8 1234 5678 Name FileServer6 Location Internal Subnets 2001 db8 1234 5678 128 EXAMPLE Networkobjectwith inherited location Define three network objects as follows Name HQ Subnets 10 0 0 0 8 Location External Name Office A Subnets 10 0 1 0 24 Location Internal Name Server 1 Subnets 10 0 1 200 32 L...

Page 134: ...k states on any interface this causes an automatic refresh of the network object Should you need to perform a refresh you can use the following command config network object NAME refresh When the TTL is lower than 5 minutes Exinda waits the full five minutes before attempting a refresh in order to avoid DNS flooding CAUTION Please be aware that if using a cluster of Exinda Appliances the resolutio...

Page 135: ...Network Orchestrator 3 Using 135 3 Key in a Name for the object 4 In the Subnetssection define subnets to include in this network object by IPNetworkAddressand MaskLength or by FullyQualified Domain Name FQDN ...

Page 136: ... NetworkObjects 7 Click Add networkobject from Library 8 Select one or more network objects to add and click Add NetworkObject to Configured Appliances 9 To define whether to include monitor information of network objects in subnet reporting edit the required network objects and check Include in subnet reporting option within the Reporting section ...

Page 137: ...When defining applications to classify traffic you can apply Network Object library items to classify traffic based on a combination of Network Object TCP Port UDP Port DSCP and Protocols Use the instructions above to create the Network Object in the library and then refer to Applications for further instructions Configuring local network objects in the EMC Local network objects define which part ...

Page 138: ...k object gets set as internal and the Boston and Dallas network objects are set as external On the Boston appliance the Boston network object gets set as internal and the Chicago and Dallas network objects are set as external In the EMC configuration local network objects are appliance specific so appliances cannot share these objects Screenshot 37 Diagram depicting separated localnetwork objects ...

Page 139: ...Exinda Network Orchestrator 3 Using 139 3 Key in the IPNetworkAddressand MaskLength Screenshot 38 Defining localnetwork object by subnet 4 Click Save ...

Page 140: ...e importer indicates if the network object already exists in the library or is included in another network object or if it conflicts with another network object in the library By importing your network objects you can more quickly start building a library of objects to use The system lets you know if the imported network object is already in the library or if the imported network object definition...

Page 141: ...twork objects are imported into the library NOTE While importing network objects neither the location internal or external of the network object nor the reporting flag are imported 3 1 2 Working with dynamically created networkobjects Dynamic network objects are network objects that are automatically updated and maintained by the Exinda Appliance They can be used anywhere static network objects ar...

Page 142: ...Select a configured adaptive response network object ora usernetwork object orusergroup network object To view it go to Configuration Objects Users Groups 3 1 3 Working with users and groups as objects Users and groups objects are used to define pre populated users and groups such that they can be used for monitoring and optimization There are two ways the Exinda Appliance can learn about user and...

Page 143: ...object the object can be used in the Optimizer policies Screenshot 43 Alist of network users displayed on the Network Users page Defining and removing users as dynamic network objects Use the following instructions to define users as dynamic network objects and to stop identifying them as necessary The instructions focus on dealing with one user at a time but you can define or remove many users by...

Page 144: ...ps NetworkGroups 2 Find the group in the list and click Edit 3 To map all users within the selected network group to the network object select Map to NetworkObject 4 Select Ignore Domain to exclude the domain prefix 5 Click Apply The Network Status icon for the group changes to which indicates it is now a network object If the dynamic network object is created from multiple groups the groups are c...

Page 145: ...ed to the list of VLANs in the table EXAMPLE Consider VoIP traffic that has a VLAN ID of 10 Create a VLAN object with this ID This object can then be used to prioritize VoIP traffic using the Optimizer Name VoIP Type 802 1Q VLAN ID 10 10 VLAN Priority 0 7 or leave this field blank The VLAN priority is a field in the 802 1Q header that networking devices use for their own QoS purpose In order for t...

Page 146: ...ng both fields blank would give the same result To define a lesser range type a range somewhere within the absolute range To isolate one VLAN type its ID value in both the Start and End fields b In the VLAN Priority Start and End fields key in the range of values for this VLAN NOTE You can define priorities within a maximum range of 0 7 This would equate to all priorities being assigned to the VLA...

Page 147: ... appears in the row of a VLAN object that you wish to delete it means that the object cannot be deleted because it is in use If you still want to delete it you first need to unlink it from the appliances Also the ALL VLAN object is protected and cannot be deleted 1 Go to Library VLANs 2 In the list of VLAN library objects find the VLAN you need to delete ...

Page 148: ... including ICMP Internet Control Message Protocol TCP Transmission Control Protocol and UDP User Datagram Protocol Additional IPv4 protocols can easily be added by simply specifying IPv4 protocol number NOTE Protocol numbers are unique and can only be defined once All the defined protocol objects are shown in the table Each protocol object can be edited or deleted by clicking the appropriate butto...

Page 149: ...7 signatures TCP UDP port numbers or ranges and network object The following are valid combinations Applications based on L7 signatures For example you can create an application for a particular website by selecting http host and entering the domain of the website Applications based on L7 signature and TCP UDP port numbers or ranges which are OR d together For example you could define HTTP based o...

Page 150: ...ns which makes layer 7 visibility much more granular For instance for reporting on specific web applications most vendors can only report on port 80 traffic Exinda allows a deeper look into Layer 7 applications For example by comparison Layer 4 reporting tools report on web applications as port 80 or HTTP Layer 7 reporting tools report on web applications as Yahoo or Skype Layer 7 with sub type cl...

Page 151: ...items can be found in Library Applications You can define custom applications for each appliance group Go to the desired appliance group in the OptimizerPolicyTree How do I view built in Applications Built in application library items can be found in Library Applications Built in You can view built in applications but not edit To create a Custom Application in the Library 1 Go to Library Applicati...

Page 152: ...nda Appliance comes with a long list of predefined applications used to classify your network traffic If however you want to create your own application you can create new applications based on L7 signatures TCP UDP port numbers and port ranges or network objects You may also want to monitor control or protect your traffic by grouping a set of applications For instance controlling social networkin...

Page 153: ...e applications 4 If you want this application group to be monitored in the Application Group report select the Monitoring checkbox 5 Click Add New Application Group To update an application group 1 Go to Configuration Objects Applications Application Groups 2 Locate the group from which to add or delete applications and click Edit 3 Select a new application from a blank drop down list Or to remove...

Page 154: ...plication within a group is not supported by an appliance then that application definition will not be sent to that specific appliance If you try to add an application to an appliance with a firmware version does not support the application the EMC dis plays an error for the appliance and the application is not imported However the appliance does import the applic ation group along with other sett...

Page 155: ...sing 155 3 You could also view which policies are currently using this application group under In Use How do I create an custom application group 1 Go to Library Application Groupsand click Create new application group in the library ...

Page 156: ... to be monitored and add the applications to be part of this group How do I know which application groups are enabled for monitoring By default all the built in application groups are enabled for monitoring On the main Application Groupspage you can view the specific groups that are set for monitoring ...

Page 157: ...ction The Exinda Appliance receives daily updates from www exinda com containing updated anonymous proxy definitions much like anti virus applications receive daily threat updates The anonymous proxy application is a special application object that is used to detect anonymous proxy websites and services However the anonymous proxy service is disabled by default If the anonymous proxy service is en...

Page 158: ...anonymous proxy service go to Configuration Objects Applications AnonymousProxy To enable the anonymous proxy traffic classification go to Configuration System Setup Monitoring To enable the anonymous proxy traffic classification 1 Check the Auto Update Service Enable checkbox The appliance will communicate with the Exinda web servers daily and fetch any new anonymous proxy definitions 2 Ensure th...

Page 159: ...ce Level Agreement SLA objects are used to monitor the availability of a particular IP site By creating a SLA object you indicate which IP site to monitor The Exinda appliance will send one ICMP ping every 10 seconds to the IP address You can specify the ping packet size to use You can also specify when an alert will be triggered by specifying the ping latency threshold and the duration that the p...

Page 160: ...service level agreement objects in the EMC The Service Level Agreement SLA library objects are used to monitor the availability of particular IP addresses By creating an SLA object you identify the IP address to monitor The Exinda Management Center then sends one ICMP ping every 10 seconds to the IP address You can specify the ping packet size to use You can also specify when an alert is triggered...

Page 161: ...ey in a value for the response time In the Ping Size bytes field key in a packet size for example 1024 Select the Enable Ping checkbox 4 Click Notification and select a delay period from the drop down list The options are 0 Disabled this disables the alert 30 seconds 60 seconds 5 minutes 30 minutes 1 hour the Default setting TIP The default delay is 1 hour If this setting fits your needs you do no...

Page 162: ...he Destination field key in the IP address of the server whose availability you need to monitor In the LatencyThreshold ms field key in a value for the response time In the Ping Size bytes field key in a packet size for example 1024 Select the Enable Ping checkbox 4 Click Notification and select a delay period from the drop down list The options are 0 Disabled this disables the alert 30 seconds 60...

Page 163: ...me Deleting a Service Level Agreement NOTE You can only delete those SLA items that are not currently in use If a icon appears in the row of a SLA item you wish to delete it means that the item cannot be deleted because it is in use If you still want to delete it you first need to unlink it from the appliances 1 Go to Library Service Level Agreements 2 In the list of SLA library objects locate the...

Page 164: ...le can be edited or deleted by clicking the appropriate button in the table The ALWAYS schedule is protected and cannot be edited or deleted Screenshot 52 Predefined schedules Additional schedules can easily be added Screenshot 53 Add a newschedule by specifying one ormore date ranges and time ranges NOTE A single Schedule Object cannot specify different times that overlap Time must be unique with...

Page 165: ... Time for this schedule To layer the time ranges click Add anothertime range For example if you want to apply a schedule for Monday through to Friday from 9 00 to 17 00 but you need a different start and end time for weekends you can add another range for Saturday and Sunday 4 Click Create The Schedule item is added to the Schedules Library category and is then available when defining Policies and...

Page 166: ...he policy tree before the policies intended for the users who have not exceed their quota Traffic attempts to match the policy tree nodes in a top down order Since IP addresses that have exceeded their quota will match either the destination or source network object you need those that exceed their quota to be matched against the destination node first When creating the adaptive response limit obj...

Page 167: ...rection is counted towards the limit The options are inbound outbound both 6 From the Limit Type drop down list select whether you want the limit to be based on data volume the amount of time on the network or both meaning whichever occurs first 7 In the Amount field specify the data volume limit beyond which the IPs will be added to the destination network object Specified in MB 8 In the Time fie...

Page 168: ...resses from the limit rule Selecting an external network object will exclude the hosts having conversations with particular external hosts from the limit rule For example consider an edu cational institution that has a group of students who have IP addresses in the subnet 192 168 0 0 16 Each student is allowed 10GB data transfer uploads and downloads per month The resident assistants are excepted ...

Page 169: ...t name enable EXAMPLE Create an Adaptive Response rule which adds IP addresses from the static Students Network Object to the Dynamic Network Object Students Over Quota once 200 MB has been downloaded per day adaptive limit Students AR network object source Students destination Students Over Quota adaptive limit Students AR amount 200 adaptive limit Students AR duration daily adaptive limit Studen...

Page 170: ... daily adaptive limit Students AR direction inbound adaptive limit Students AR enable adaptive limit Students AR except network object internal IgnoreUser EXAMPLE Create an Adaptive Response rule which adds IP addresses from the static Students Network Object to the Dynamic Network Object Students Over Quota once 200 MB has been downloaded per day except for the DMZ subnet 203 122 212 128 27 netwo...

Page 171: ...n your APS object Most applications use transactional protocols Applications like Citrix XenApp server or Microsoft Remote Desktop use non transactional protocols that send information between the client and server at arbitrary times With these types of applications the standard method of calculating the network delays and server delays does not produce an accurate metric If the application uses a...

Page 172: ...APSobject When editing the APS object you can modify the alert configuration restart the baselining operation and modify the threshold values If you change the network object settings it is recommended that you re evaluate the metric thresholds and possibly re start a baseline ...

Page 173: ...te a new APS object During this set up you can set a scope for the monitoring process The scores can focus on specific internal and or external network objects or on ALL in one or both categories Before you begin If you need to enable alerts ensure that you have set Email on the Configuration System Setup Alertspage For more information see the Exinda Web UI help ...

Page 174: ...Enable checkbox is selected b In the APS Threshold field set a threshold value between 0 and 10 c In the Alert TriggerDelayfield specify how many minutes that the APS score to be below the threshold before the notification is sent EXAMPLE If the alert threshold is set to 7 0 and the alert trigger delay is set to 5 minutes then the alert needs to be below 7 0 for 5 minutes before the alert is trigg...

Page 175: ...fy those applications in the Configuration Library The Configuration Library comes with definitions for a very large number of supported applications 1 In the EMC interface click Library Application Performance Scores 2 On the right side select the Create new application performance link to open the APS set up page 3 Click Name to expand the section Provide a meaningful name for the new performanc...

Page 176: ...ion to expand the section Screenshot 59 Configuring notification settings 7 Configure the following options Option Description Notification Enabled Select if you want to be notified when the Alert Threshold is exceeded Alert Threshold Type an alert level between 0 0 and 10 0 This is a measure of how important is the service the application provides For example an application that provides real tim...

Page 177: ... the appliances When applying the scores this is a global application all appliances in the same appliance group receive the same configuration After applying the scores you must then push the configuration to the appliances in order to get any notifications 1 Go to Configured Appliances Application Performance Scores 2 Click Add application performance from the library link 3 On the Add Applicati...

Page 178: ...le of the Network Object section changes to summarize the settings you have made 6 Expand the Baseline section and choose the duration of the baseline calculation NOTE To establish a baseline for the performance of an application its performance in the network must be monitored for period of time The Baseline Length you define is the initial monitoring period but if the baselining fails the initia...

Page 179: ...iances page 129 Removing APS from the Appliances If any existing APS is no longer required you can remove it from the appliance configuration Removing an APS in this way does not remove it from the Configuration Library the APS item remains there for future reuse If you do want to remove it from the library see Maintaining APS in the Configuration Library But you must remove an APS item from the a...

Page 180: ...nfiguration Library When modifying an APS item you are modifying its use wherever it has been applied 1 In the EMC interface click Library Application Performance Scores A listing of the currently defined performance scores appears on the right 2 In the Name column click on the name of the APS item you need to modify 3 Do the following as needed Modify the APS Name Change the Application ...

Page 181: ...e How performance metric thresholds are calculated Network performance metrics are calculated based on the observed traffic Each threshold is calculated to be 0 85 of a standard deviation above the average observation for that metric This ensures that the calculated thresholds target is an APS of 9 0 If the application reports an APS below 9 0 the application is performing worse than the baseline ...

Page 182: ... standard deviation of normalized network delay Inbound loss the percentage of packet loss on inbound traffic Outbound loss the percentage of packet loss on outbound traffic 4 Click ApplyChanges To save the changes to the configuration file in the status bar click the Unsaved changes menu and select Save configuration changes Configuring automatic APS threshold calculation The baselining process c...

Page 183: ...PS objects is shown If the APS is currently baselining the application traffic there will be a green checkmark in the Auto Baseline column Press the Edit button for the APS object The Baseline Info section specifies the status Running or Stopped and the Start and End Date and time of the baseline period Note that it also shows the average packet size and the amount of traffic seen 3 1 13 Configuri...

Page 184: ... more information see the Exinda Web UI help You also need to set up SNMP on the Configuration System Network SNMPpage for more information see the Exinda Web UI help To create an APM object 1 Go to Configuration Objects Service Levels Application Performance Metric 2 Click the Add New APMObject button 3 Type a name for the APM object 4 Select the metric that you need to monitor The following metr...

Page 185: ...object specify the desired external net work object otherwise select ALL By specifying both the internal and external network object only the application con versations between the specified network objects will be tracked 8 Select the Alert Enable checkbox 9 In the APMThreshold field type the threshold that will trigger an alert if the score drops below that value 10 In the Alert TriggerDelaylist...

Page 186: ...One dashboard displays system health and status information about the Exinda Appliance The other dashboard provides statistical data to show the benefits and impact of the Exinda Appliance in your network System dashboard The System dashboard shows system information the state of system alarms as well as a summary of other Exinda appliances and their respective reduction statistics The dashboard a...

Page 187: ...oard to only include widget s relevant to you To add a hidden widget click the Add More link at the top right of the dashboard If the Add More link is not visible then all available widgets are displayed Widget settings and layouts are retained between log ins The dashboard can be captured and converted to PDF by clicking on the PDF icon at the top right of the interface Exinda recommends Every ni...

Page 188: ...ork The reduction ratio compares After Exinda to Before Exinda Reduction Ratio Data Transfer Size Before Exinda Data Transfer Size After Exinda Data Transfer Size Before Exinda EXAMPLE A ratio of 40 means a transfer that once put 100MB of load onto the WAN now puts 60MB of load on the WAN I e 40 less Link Utilization The link utilization chart shows the throughput through the Exinda Appliance over...

Page 189: ... of visibility allows IT professionals to address root causes instead of mistakenly treating symptoms e g buying more bandwidth to cope with peak load Recreational Having visibility into key recreational applications is the first step to managing them These applications are generally undesirable because they can impact the performance of key business applications negatively impact customer experie...

Page 190: ...Number of Total Packets EXAMPLE A ratio of 40 means 40 of the packets on your network were re ordered That means that non critical data was queued so that business critical data could jump the queue and be delivered in the order that the business requires Time Savings This table shows the improvement in transfer time due to WAN optimization The Before time is the total amount of time an applicatio...

Page 191: ... the real time monitors allow you to answer questions like My link is congested which conversations applications or hosts may be contributing to the congestion I know I have an issue with a particular host or subnet what traffic is that host handling Monitoring network applications in real time The Applications in Real Time monitor shows the top applications by throughput observed during the last ...

Page 192: ...ers widgets in the Realtime Monitor shows the top internal hosts by bandwidth consumption observed during the last 10 seconds The data displayed answers questions such as My link is congested Which hosts are on my network right now The Realtime Monitor separates inbound and outbound host user traffic The traffic is sorted by transfer rate The packet rate and number of flows in the preceding 10 sec...

Page 193: ...served by the Exinda Appliance during the last 10 seconds This report answers questions such as My link is congested who s doing what on my network right now I think I have a problem with a particular host or subnet what is that host or subnet doing right now Is network traffic being accelerated or processed by Edge Cache properly Is network traffic passing through my High Availability or Cluster ...

Page 194: ...ns is flowing through the high availability cluster Indicating asymmetric traffic Screenshot 71 The Conversation monitorreport displays information about network traffic Where do I find this report Go to Monitor Real Time Conversations To understand the acceleration and high availability icons coloring Accelerated conversations are highlighted in yellow and the application acceleration technologie...

Page 195: ...e flow is remotely accelerated Locally Remotely Bridged The connection is passing though both this and other appliances in the cluster Asymmetric traffic If the row is colored yellow then the flow is remotely accelerated Locally Bridged Locally Accelerated The connection is passing through this appliance in the cluster and is being accel erated on this appliance Remotely Bridged Locally Accelerate...

Page 196: ...ck the definition of the affected virtual circuits and ensure the most specific virtual circuit is higher in the policy tree Monitoring reductions in real time The Realtime Reductions monitor shows reduction by application during the last 5 minutes This report answers questions such as Am I getting the reduction freeing the network capacity I expect The monitor filter shows inbound application tra...

Page 197: ...only available if the Performance Metrics ASAM Module is enabled on the System Setup Monitoring page Related topic Monitor the real time application response Monitoring host health in real time The Realtime Host Health monitor shows unhealthy hosts as measured by the number of retransmitted bytes during the last 10 seconds This report answers questions such as Which internal hosts are having the m...

Page 198: ...e Related topic Monitor the real time application response Monitor the real time TCP health duplicate topic The Real Time Host Health report shows the Retransmitted Bytes Aborted Connections Refused Connections Ignored Connections and Flow Count for each internal and external host monitored by the Exinda appliance VERSION INFO A new internal mechanism was implemented in the ExOS 7 4 2 firmware tha...

Page 199: ... Click Configuration System Tools Console 5 Type the appliance username and password at the prompts Do one of the following To enter privileged EXEC enable mode at the prompt run the command hostname enable The hostname prompt appears To enter configuration config mode at the prompt run the commands hostname configure terminal The hostname config prompt appears 7 To display realtime TCP health fro...

Page 200: ...time Conversations monitor shows the top conversations by throughput observed by the Exinda Appliance during the last 10 seconds This report answers questions such as Is traffic being processed by Edge Cache properly For more information refer to Monitoring conversations in real time page 193 ...

Page 201: ...ions in Real Time 3 2 3 Monitoring networkinterfaces Interface reports allow you to view the volume of traffic flowing in and out of your network The Throughput report displays interface and bridge throughput The Packets Per Second report displays the outbound packet rate from your network These reports provide answers to important questions about your network traffic Monitoring interface throughp...

Page 202: ...tes of data The average shows the average data transferred over each 5 minute period You can better understand the throughput distribution by adding a percentile marker line The line shows that the nth percentile of maximum throughput observations exceeds the specified throughput rate For instance if the 95th percentile is at 55 Mbps then 5 out of 100 maximum throughput observations appeared above...

Page 203: ...Exinda Network Orchestrator 3 Using 203 Screenshot 76 The Interface Throughput report displays inbound and outbound network traffic Where do I find this report Go to Monitor Interfaces PacketsperSecond ...

Page 204: ...y looking at 10 second samples of data The average packet rate is calculated by averaging the packet rate over the time period specified by the granularity For instance when looking at a day of traffic each data point represents 5 minutes of data The average shows the average packet rate over each 5 minute period You can better understand the packet rate distribution by adding a percentile marker ...

Page 205: ...le Markerto Displayselector 3 2 4 Monitoring networkthroughput The Network Summary report shows traffic throughput over time by application application groups internal or external hosts internal or external users conversations or URLS You can remove items from the chart to isolate traffic patterns and sources This report answers questions such as What is the pattern of throughput for particular ap...

Page 206: ...op 10 inbound applications Where do I find this report Go to Monitor Network To determine the right size of your network i e remove items from the chart Remove specific types of traffic from the graph by deselecting their checkbox in the legend below the graph The remaining traffic models what your network traffic would look like if you blocked that type of traffic You can then determine an approp...

Page 207: ... set the desired time range for a chart see Setting the Time Range To understand how to print the report or schedule the report see Printing and Scheduling Reports 3 2 5 Monitoring service levels Learn how to view application performance reports the availability of your ISP and the health and efficiency of TCP traffic Monitoring application performance scores The Application Performance Score APS ...

Page 208: ...he following metrics Network delay the time taken for data to traverse the network on the wire Server delay the time taken for a server to respond to the request Normalized network delay the time taken for data to traverse the network where the delay is measured inde pendent of the transaction size by assuming a normalized packet size of 1024 bytes Normalized server delay the time taken for a serv...

Page 209: ... In the Report Selection area select APS TCPHealth and TCPEfficiency 8 In the Report Details area type a name for the report 9 Specify how often the report will be generated 10 Click Add New Report 11 To generate the report locate the report in the list and click PDF What to expect If an APS report is not showing data Either the APS object does not have thresholds set and therefore the score canno...

Page 210: ...could indicate a problem to investigate For example if the network delay is good but the server delay is poor you know that the network is not to blame and that the server administrator should take a look at the application server Determining if a problem has been persistent Look at the APS score time line If the score has been low for an extended period or if it looks like the score is dropping y...

Page 211: ...at the application is performing within the expected levels below the threshold Users should be happy with application performance Tolerated The performance of the application is less than expected but still performing within a range that users should be able to tolerate between the threshold and four times the threshold Frustrated The application is performing poorly more than four times the thre...

Page 212: ...more information refer to Configuring application performance score objects page 171 Monitoring network response SLA The SLA monitor reports the performance of your ISP against a set of predefined criteria The SLA monitor sends 1 64 bit long ICMP ping every 10 seconds to the remote site It reports the maximum and average latency and the percentage loss of the pings over time This report answers qu...

Page 213: ...t SLA Site Select the desired site from the SLA Sitesselector How do I interact with the interactive flash time graphs To understand how to get a better look at traffic patterns and to remove clutter on the time graph see Using Inter active Time Graphs To understand how to set the desired time range for a chart see Setting the Time Range To understand how to print the report or schedule the report...

Page 214: ... efficiency per Application or Host Each item in the table below can be drilled down to view TCP Efficiency details and a graph for that item Screenshot 83 The TCP Efficiency report displays the 50 least efficient applications Where do I find this report Go to Monitor Service Levels TCPEfficiency How do I interact with the interactive flash time graphs To understand how to get a better look at tra...

Page 215: ...d by a RST reset issued by either the client or server rather than a clean close High numbers of aborted connections can point to network or server problems Refused A SYN packet was observed and a RST or ICMP connection refused message was received in response This usually means the server is up but the application is unavailable or not working correctly It can also indicate a TCP port scan is occ...

Page 216: ...onnections overtime The most unhealthy applications or hosts are shown in the table below the charts The table shows the number of connections number of aborted ignored and refused connections You can click the name of the application or host to view the TCP Health details and a graph for that item ...

Page 217: ...ormance of your application groups individual applications unclassified applications and URLs Monitoring application groups traffic The Traffic Analysis Applications Groups report shows the top application groups by data volume for a selected time period Inbound and outbound traffic are shown separately This report answers questions such as Which application groups may be overrunning my network Is...

Page 218: ... The Application Groups report displays traffic volume from the top application groups To access this report go to Monitor Applications Application Groups You can customize the applications objects included in an application group For more information refer to Adding and updating application group objects page 152 To interact with the pie based reports you can hover over the pie slices to view the...

Page 219: ...UI appears 5 Click Monitor Application Groupsand switch to the Groupstab 6 To expose Round trip time Normalized Delays Transaction Delays and Efficiency statistics for each Application Group click Show Details 7 To view the data for individual applications within a group click the application group name Viewing application traffic volume The Applications report shows the top applications by volume...

Page 220: ...ational applications Screenshot 88 The Applications report shows traffic volume graphed overtime NOTE Average bandwidth is calculated as the total bits observed in the charting interval divided by the number of seconds in that interval E g For a chart with an hour of data the intervals are five minutes If you drilled into the applications chart from any of the virtual circuit subnets or hosts char...

Page 221: ...s Press the down arrow next to the dropwdown list at the top of the page and choose which chart type to show The line chart shows the applications against the common zero baseline so they can be compared to each other and the pattern of a specific application is clearer You can look for particular patterns such as spikes or flat tops Determining if one or more applications may be choking out the o...

Page 222: ... to all charts on the appliance See Monitoring Configuration How do I interact with the new time series bar chart reports To understand how to set the desired time range for a chart see Setting the Time Range To understand how to the charts interact and what the toggle buttons do see Understanding How Charts Relate To understand how to drill into the data to find particular filtered data see Drill...

Page 223: ...hould be clas sified as NOTE When deciding how to classify a discovered port look for a common destination port If more than two entries appear with the same destination port adding that port to an application object may classify the application correctly Monitoring URLs visited The URLs report shows the top URLs visited by data volume for the selected time period The URLs report shows inbound tra...

Page 224: ...he Show Detailslink in the tables Screenshot 91 The URLs report displays traffic volume by inbound URL To access this report go to Monitor Applications URLs To interact with the pie based reports you can hover over the pie slices to view the amount of data transferred as well as view the percentage of the pie Note that the pie is showing only the top items so the proportion is relative to the top ...

Page 225: ...ons such as Which applications are part of the application group that I clicked on Which applications did a particular user or host use You can drill into the application by clicking on the application name in the tables below the charts This will show the Hosts Report which lists hosts that used the application Screenshot 92 The Applications report displays a graph of traffic volume by applicatio...

Page 226: ...al users are the top talkers and top listeners Which external users are top talkers Which external users are top listeners Is one user choking the network Using this information you can determine if you need to create policies for these high data volume users You may want to create protection policies for your important users like your CEO or finance department or create control policies to limit ...

Page 227: ...the tables Screenshot 94 The table on the Users report shows traffic volume metrics broken down by user To access this report go to Monitor Users To show only internal users or external users use the Select Usersto View selector at the top of the page To interact with the pie based reports you can hover over the pie slices to view the amount of data transferred as well as view the percentage of th...

Page 228: ...n the drop down list select Custom Select the start and end date and time to include in the report After the date range is selected the graphs and charts are immediately updated Temporal granularity of stored data The Exinda Appliance stores data for the following time intervals 2 years of data this year previous year last 12 months 2 months of data this month previous month last 30 days 2 weeks o...

Page 229: ...are top listeners from which internal hosts are sending information to Could one host be choking out my network Use this information to determine if you need to create policies for these high data volume hosts You may want to create protection policies for your business critical server machines or create control policies to limit hosts that are abusing the network VERSION INFO The hosts report as ...

Page 230: ...g Internal hosts hiding the Inbound data toggles off the Top Listeners data from the graphs whereas hiding the Outbound data toggles off the Top Talkers data When viewing External hosts the opposite is true Chart Type The chart is initially mapped as a Stacked Area but you can change the format to Line Chart if necessary Pie Toggles on or off a colour coded Pie chart to the left of the Top Listene...

Page 231: ...e host The tables at the bottom of the Hosts report information for the top listeners and talkers and include the IP Address the Total Volume of data and the Average Throughput rates Click on any entry in the table to open the Applications Report for that specific host Screenshot 97 Drilling down into hosts data Searching for a specific host If the host you are looking for is not listed in the Top...

Page 232: ...ic Granularity To understand how to print the report or schedule the report see Printing and Scheduling Reports 3 2 9 Monitoring networkconversations The Conversations report shows top conversations by data volume for a selected time period Traffic inbound to your LAN is reported separately from the outbound traffic This report answer questions such as What are the top conversations on my network ...

Page 233: ...rip time RTT network and server delays and TCP efficiency can be shown by clicking on the Show Detailslink in the tables To access this report go to Monitor Conversations To interact with the pie based reports you can hover over the pie slices to view the amount of data transferred as well as view the percentage of the pie Note that the pie is showing only the top items so the proportion is relati...

Page 234: ...Memory CIFS Acceleration The connection is been processed by CIFS Acceleration SSL Acceleration The connection is been processed by SSL Acceleration NCP Acceleration The connection is been processed by NCP Acceleration MAPI Acceleration The connection is been processed by MAPI Acceleration When an appliance is deployed in a High Availability HA or Clustering mode the following icons may appear nex...

Page 235: ...outbound traffic is relative to the subnet not relative to the Exinda Appliance Subnets are not required to be mutually exclusive Traffic may be reported in more than one subnet You can optionally show the top three applications for each of the top subnets These charts can answer questions such as What are the top subnets in my network How much bandwidth does my subnet for the New York branch or f...

Page 236: ...meaningful However if you have defined your subnets to be mutually exclusive then stacked area charts is an option To show the data volume of the subnets as a pie chart Toggle on the pie chart by clicking the Pie button Note that if your subnets are not defined to be mutually exclusive that is data is captured in more than one subnet then the pie chart does not hold much meaning To show more or fe...

Page 237: ... Setting the Time Range To understand how to the charts interact and what the toggle buttons do see Understanding How Charts Relate To understand how to drill into the data to find particular filtered data see Drilling into the Data To understand the difference between inbound and outbound traffic see Understanding Traffic Direction To understand how many data points are shown for each time period...

Page 238: ...ined relative to the subnet network object Traffic originating from the network object is outbound Traffic destined for the network object is inbound Because of these differences when virtual circuits are based exclusively on a network object you should generally expect the totals for that network object on the subnet report and the virtual circuit to match However there are a few cases where the ...

Page 239: ...t traffic by adding in a category to represent the remaining virtual circuit traffic on your network the cumulative stack on the throughput chart represents all the virtual circuit traffic through the appliance This will help you understand the significance of the top virtual circuits relative to the whole In addition to showing the data as a stacked cumulative display you can choose to display th...

Page 240: ...nd traffic graphs are displayed Click either the Inbound or Outbound option to hide the specific graph Chart Type The chart is initially mapped as a Stacked Area chart but you can change the format to a Line chart if necessary Pie Toggles on or off a colour coded Pie chart to the left of the Top Virtual Circuit chart Remaining Traffic Append or hide the Remaining Traffic data below the Top Virtual...

Page 241: ... more or fewer virtual circuits in the top virtual circuits chart and the throughput chart The number of virtual circuits shown are configurable Note that this configuration applies to all charts on the appliance For more information refer to Monitoring Configuration page 446 Should subnet totals match virtual circuit totals when the virtual circuit and subnet are based on the same network object ...

Page 242: ...control policy is reported The traffic inbound to your LAN is shown separately from the outbound traffic If your virtual circuit was defined to provide fair sharing among hosts the Dynamic Virtual Circuit cart will show the number of active hosts and the number of hosts that exceeded the limit and therefore were not processed by the virtual circuit This report answers questions such as Are my cont...

Page 243: ...mple is the total volume of data seen in that sample divided by 10 seconds to yield a per second throughput rate Max Rate is the maximum 10 second throughput Current Rate is the throughput averaged over the last 10 seconds Utilization is the percentage when you consider the current rate as compared to the maximum bandwidth Screenshot 101 Controlgraph fora specified circuit When showing a particula...

Page 244: ...244 Screenshot 102 Controlgraph fora specified virtualcircuit When showing a particular policy the average throughput for the selected policy is shown in the throughput chart The peak throughput for the virtual circuit is shown as a line ...

Page 245: ...t of bandwidth available for the number of active hosts The policies page will show the number of active hosts and the number of hosts that have exceeded the hosts limit for a selected dynamic virtual circuit The hosts that exceeded the hosts limit were not handled by this virtual circuit and would have been captured in another virtual circuit If the virtual circuit selected is a dynamic virtual c...

Page 246: ...Select the desired virtual circuit Select the desired policy The average throughput for the selected policy is shown How is the average bandwidth calculated The average bandwidth is calculated as the total bits observed in the charting interval and dividing by the number of seconds in that interval E g For a chart with an hour of data the intervals are five minutes Thus for each five minute interv...

Page 247: ...d packets over time for the specified span of time as a result of Optimizer policies configured to block traffic This report answers questions such as How many attempts to access blocked apps occurred When are people trying to access the blocked apps The graph shows the number of packets discarded over time The table below the graph shows the total number of discarded packets over the selected tim...

Page 248: ...affic patterns and to remove clutter on the time graph see Using Inter active Time Graphs To understand how to set the desired time range for a chart see Setting the Time Range To understand how to print the report or schedule the report see Printing and Scheduling Reports Monitoring prioritization of applications The Prioritization report shows how often applications were prioritized also referre...

Page 249: ...atio calculated Prioritization Ratio 100 x Number of Packets Re ordered Number of Total Packets How do I interact with the interactive flash time graphs To understand how to get a better look at traffic patterns and to remove clutter on the time graph see Using Inter active Time Graphs To understand how to set the desired time range for a chart see Setting the Time Range To understand how to print...

Page 250: ...choose the traffic direction to report on inbound outbound or bi directional NOTE When reduction statistics are displayed as throughput there is one time series plotted for LAN throughput and one for WAN throughput Screenshot 106 The TotalReduction Throughput graph displays reduction statistics overtime NOTE When reduction statistics are displayed as percentage reduction one line graph represents ...

Page 251: ...estrator 3 Using 251 Screenshot 107 The TotalReduction Ration graph displays reduction ratios overtime The table below the graphs show reduction statistics broken down by a remote Exinda Appliance peer and by application ...

Page 252: ... Size Before Exinda Data Transfer Size After Exinda Data Transfer Size Before Exinda How do I interact with the interactive flash time graphs To understand how to get a better look at traffic patterns and to remove clutter on the time graph see Using Inter active Time Graphs To understand how to set the desired time range for a chart see Setting the Time Range To understand how to print the report...

Page 253: ... was handled by Edge Cache policies The reported WAN throughput is the amount of traffic that was not available in Edge Cache and needed to be retrieved from the application server Therefore the difference between WAN and LAN is the amount of traffic that could be served from Edge Cache When reduction statistics are displayed as throughput there is one time series plotted for LAN throughput and on...

Page 254: ...ar data A hit occurs when a request is satisfied by an object already stored in the Edge Cache Screenshot 111 The Edge Cache Statistics graph The table shows a summary of Edge Cache reduction for the selected time period Where do I find this report Go to Monitor Optimization Edge Cache How to change the Edge Cache Throughput chart to a Edge Cache Reduction Ratio chart Select the desired type of ch...

Page 255: ... your Exinda Appliance The reports cover aspects of operational performance like number of concurrent connections CPU utilization CPU temperature memory usage disk IO and swap space usage Monitoring connections to an Exinda Appliance The Connections report shows the number of concurrent connections as well as the connection establishment rate over time for the selected time period This report answ...

Page 256: ...ation acceleration type SSL SMB1 SMB2 NCP This chart can answer questions such as Is there an unusual number of accelerated connections or is the connection rate particularly high or low Is my traffic being accelerated as I expect Am I close to or have I exceeded my licensed maximum number of accelerated connections NOTE Connections over the licensed limit pass through the appliance without accele...

Page 257: ... System Setup Alerts 2 Ensure the appropriate check boxes are selected for MaxAccelerated ConnectionsExceeded NOTE The appliance must already be configured for email or SNMP Related Topics Alerts Email Configuration Email Configuration Using interactive time graphs To understand how to get a better look at traffic patterns and to remove clutter on the time graph see Using Inter active Time Graphs ...

Page 258: ...tter etc To diagnose a CPU usage problem for each period where the CPU usage is high compare with the Connections report the Accelerated Connections report the Reduction report and the VoIP Solution report Screenshot 115 The CPUutilization graph shows howhard the Exinda Appliance works overtime Where do I find this report Go to Monitor System CPU Usage Where do I find the other reports for diagnos...

Page 259: ...igh CPU usage or is the ambient temperature around the Exinda Appliance too warm You should expect the CPU temperature to be considerably lower than 80 degrees Celsius usually between 35 50 degrees Systems running at very high temperatures may be experiencing a problem and system performance may be affected Once the temperature gets too high 80 90 degrees the appliance will throttle its processing...

Page 260: ...the interactive flash time graphs To understand how to get a better look at traffic patterns and to remove clutter on the time graph see Using Inter active Time Graphs To understand how to set the desired time range for a chart see Setting the Time Range To understand how to print the report or schedule the report see Printing and Scheduling Reports Monitoring Exinda Appliance Disk IO The Disk IO ...

Page 261: ...jects wan memory Disk usage required for WAN memory acceleration techniques edge cache Disk usage required for storing cached content for Edge Cache cifs Disk usage required for CIFS acceleration techniques Screenshot 117 The Disk IO graph displays IO used by edge cache Where do I find this report Go to Monitor System DiskIO How do I interact with the interactive flash time graphs To understand ho...

Page 262: ...how to set the desired time range for a chart see Setting the Time Range To understand how to print the report or schedule the report see Printing and Scheduling Reports 3 3 Monitoring applications with the Undefined variable MyVari ables ExSoluCtr The Undefined variable MyVariables ExSoluCtr provides a series of predefined monitors you can run to generate network performance reports for applicati...

Page 263: ... A baseline requires an hour s worth of network traffic data If no traffic is observed for an application during a baselining period the process continues until enough data is collected The baseline process may not take an hour If an Exinda Appliance has observed and stored traffic for the application within the hour the baseline process starts the baseline process uses that stored information and...

Page 264: ... Screenshot 121 The Outbound Bandwidth chart shows data measured afteracceleration and traffic shaping policies have been applied image Screenshot 122 Users and hosts barcharts Users and Hosts bar charts display bandwidth volume by top listeners and talkers Multi user applications typically show an even distribution among top users or hosts If a user or host displays more bandwidth volume than oth...

Page 265: ...nce VoIP report The graph shows three series representing the number of Good Tolerable and Bad calls over time The table below the chart lists the worst quality inbound and outbound VoIP calls for the specified time period The meanings of the colors Good green MOS greater than 4 Tolerable yellow MOS between 2 and 4 Bad red MOS less than 2 What is MOS MOS or Mean Opinion Score is a measure of all q...

Page 266: ...tant messaging peer to peer social networking and streaming This report can answer questions such as How much data is going over my network for recreational applications How many hosts are involved How much time is spent transferring the data over the network Having visibility into key recreational applications is the first step in being able to manage them These applications are generally undesir...

Page 267: ...f the score is less than 7 0 you may want to investigate What is Application Performance report baselining An Application Performance monitor requires a baseline understanding of observed traffic for an application in your network The process of collecting data and setting a baseline is called baselining Once you create a monitor the baselining operation starts automatically analyzing traffic and ...

Page 268: ...s are accessible through the vari ous links on the left 2 Select the desired solution from the list 3 Click the Run button 4 Specify any details that the wizard requires The final page of the wizard specifies where to find the report 5 Clicking Okwill take you to your report NOTE Once a report has been set up a link to it is available from the main task bar at the top of the page Click Solution Ce...

Page 269: ...between the LAN side and WAN side throughput lines indicates the amount of reduction that was achieved Note that the total reduction in data volume as a percentage is shown under the chart Investigating application usage by the top internal users and top internal hosts Ensure the Internal button is toggled on and the External button is toggled off The top hosts and top users if configured found on...

Page 270: ...etwork traffic As you monitor your traffic you may recognize patterns of activity that you need to manage The Exinda Appliance provides the ability to define policies based on several criteria that you can use to control by either limiting or giving priority to specified classes of traffic on your network You can create network objects to isolate particular parts of the network Using network objec...

Page 271: ...physical link A circuit can contain one or more virtual circuits for the purpose of partitioning the traffic that falls in that circuit The virtual circuit defines what traffic will be processed in this partition and how much bandwidth it is allowed Each virtual circuit will have it s own set of policy rules The following are common use cases for virtual circuits A circuit needs to be partitioned ...

Page 272: ...e number of active connections or limiting the number of active hosts or providing fair sharing between the active hosts When a connection or host limit is reached it will not longer match any incoming traffic Therefore connections or hosts that arrive later will be evaluated against the remaining virtual circuits in the circuit You should ensure that the overflow connections or overflow hosts are...

Page 273: ...virtual circuits for each subnet that you are interested in but your virtual circuits do not cover your entire office For example you have virtual circuits for your WiFi network your servers your staff desktop network but perhaps you forgot your printers The system will automatically define a virtual circuit for the remaining traffic called Auto Catch all Any traffic that falls into a circuit but ...

Page 274: ...ircuit or by a policy it will show up in the real time monitor as an Auto Catch all circuit and an Auto Catch all virtual circuit and an Auto Catch all policy The Auto Catch all circuits and virtual circuits will also be shown on the Virtual Circuit monitor report Enabling policies Policies that are enabled are shown with a green checkmark in the policy tree Policies that are disabled are shown wi...

Page 275: ...orm forversions 7 0 2 Update 1 and later Circuits are part of the policy tree To learn how circuits virtual circuits and policies work together see Policy Tree Can a bridge be bound to more than one circuit A bridge can be assigned to more than one circuit Once a type of traffic matches a virtual circuit and policy it will not be processed by later circuits virtual circuits and policies If the typ...

Page 276: ...fy the bridge or out of path interface to which to bind the circuit All bridges individual bridge names policy based routing interfaces and WCCP interfaces are available 6 Click Add New Circuit Creating a circuit in the EMC Circuits define physical connections to the WAN or the Internet A circuit defines the inbound and outbound bandwidth and the named circuit type On an Exinda Appliance a circuit...

Page 277: ...es not exist you can click Create new circuit type in the libraryto create it For more information refer to Circuit types in the EMC page 278 6 Click Create The circuit appears in the library list To create a new circuit directly in the Policy Tree 1 Go to the desired appliance group OptimizerPolicyTree 2 Click Create new circuit 3 In the Name section key in the name of the circuit The name must b...

Page 278: ...llowing example will further clarify the concept of circuit types Screenshot 128 Circuit types example Consider the following in the example above Bridge br12from first appliance and bridge br10on second appliance are both bound to circuit type Internet Since this circuit type Internet is tied to the circuit Internet all the policies within the Internet circuit are applied to bridge br12 on the fi...

Page 279: ...the number of active hosts within the virtual circuit Any combination of these filters can be applied For example you can create a virtual circuit such that a particular branch or subnet is allowed a certain set of policies for inbound traffic as direction during off work hours using a schedule A virtual circuit specifies its desired bandwidth either as kbps or as a percentage of it s parent circu...

Page 280: ...that the virtual circuit only captures traffic in a certain direction This is useful for asymmetric circuits as these generally require that at least two virtual circuits are defined one for the inbound bandwidth and one for the outbound bandwidth Virtual circuits are part of the policy tree To learn how circuits virtual circuits and policies work together see Policy Tree Related Topics Creating a...

Page 281: ...lick the Create New Virtual Circuit link at the bottom of each circuit or edit an existing virtual circuit 4 In the Virtual Circuit Numberfield type a number that will sort the virtual circuit in the policy tree 5 In the Virtual Circuit Name field type a suitable name for the VC 6 If necessary from the Schedule drop down select a schedule that defines a particular time period the default is ALWAYS...

Page 282: ...rtual circuit Specify an Application to filter which application or application group falls into the virtual circuit The default is ALL 12 Specify the Direction of traffic to capture in the virtual circuit The direction options are NOTE The direction is relative to the LAN Consider an example where a network object and a direction is specified Both both inbound and outbound traffic Inbound inbound...

Page 283: ...olicy trees for each appliance group Go to the desired appliance group Optimizer PolicyTree To create a Virtual Circuit in the Configuration Library 1 Go to Library Virtual Circuits 2 Click Create new virtual circuit 3 In the Name section key in a name for the virtual circuit The name must be unique within the tenant NOTE If you want you can leave the EMC to define a name for you It does this base...

Page 284: ...e Filtersection select the combination of filters to apply to the virtual circuit Optionally type a value to limit the number of connections at one time on this virtual circuit NOTE The virtual circuit can partition the circuit by filtering the traffic based on these filters You can apply any combination of these filters Defined network object library items appear in the Network Object list and yo...

Page 285: ... Each VC gets desired bandwith sum of VC bandwith circuit bandwidth VC A 2 4 3 1 5 Mbps VC B 1 4 3 0 75 Mbps VC C 1 4 3 0 75 Mbps VC A manual 2 Mbps VC B manual 0 5 Mbps VC C manual 0 5 Mbps Each virtual circuit with manually set oversubscription bandwidth will get their guaranteed amount VC A 2 Mbps VC B 0 5 Mbps VC C 0 5 Mbps VC A automatic VC B automatic VC C manual 0 75 Mbps Each virtual circu...

Page 286: ... hosts you fix the number of hosts and have the system calculate the per host bandwidth allowed to each Both methods can limit the number of hosts but for when there is spare capacity you can configure the VC to allow bursting when there are less than the allowed number of hosts The DVC then allows each active host to gain more bandwidth In the configuration you set the VC to automatically calcula...

Page 287: ...the number of hosts you can have the system calculate the amount of bandwidth that is then allowed to each host You can specify an automatic calculation of the per host bandwidth and the number of allowed hosts The system then divides the virtual circuit bandwidth by the number of active hosts Adding a dynamic virtual in the Exinda Web UI On the Add New Virtual Circuit form do the following 1 Sele...

Page 288: ...miting the number of hosts sharing bandwidth Adding a dynamic virtual circuit in the EMC The options available in the Exinda Management Center appear in the following screenshot Screenshot 131 Dynamic virtualcircuit options Consider the following While allocating bandwidth usage to each host on the network ...

Page 289: ...le bandwidth You can also disallow bursting While specifying the location of the hosts as internal or external remember that this setting allows you specify whether the hosts on the dynamic virtual circuit located within the LAN or outside the LAN While defining the maximum number of hosts you can either manually define the maximum number of hosts that can be accommodated on the dynamic virtual ci...

Page 290: ...is less than the virtual circuit bandwidth then you are making some of the bandwidth inaccessible Related Topic Capping bandwidth usage per host with minimum bandwidth Limiting the number of hosts sharing bandwidth Sharing bandwidth equally Capping bandwidth usage per host with minimum bandwidth Use the following instructions to cap the bandwidth available to all hosts in a DVC but allow a minimum...

Page 291: ...re 100 hosts they each get 500 kbps If there are more than 100 hosts the additional hosts will not match this virtual circuit Related Topics Sharing bandwidth equally Ensuring minimum bandwidth when sharing equally Troubleshooting virtual circuits If you are unsure whether traffic is being processed properly by the virtual circuit or the policies within your virtual circuit it is best to use real ...

Page 292: ...pply any combination of these filters For example the policy could be targeted to traffic between a particular branch and headquarters which has particular ToS markings on a particular VLAN during work hours Furthermore you can also add more than one filter That is the policy could target a particular branch site for Netflix and the same branch site for Silverlight When creating policies they are ...

Page 293: ... policy tree Use the following instructions to add a policy to the policy tree that already exists in the policy library 1 Go to Configuration Traffic Policies Optimizer Optimizer Policies 2 Select the desired policy using the drop down list at the bottom of a virtual circuit s policy list in the Optimizer 3 Specify the rank order number so that it will be inserted in the desired location in the p...

Page 294: ... order 10 20 and 30 and you want to swap the order of the virtual circuits with ranking order 20 and 30 then either change the ranking order of 30 to be between 10 and 20 say 15 or change the ranking order of 20 to be after 30 say 35 In either case select Reorderfrom the Actionsmenu on the right hand side of the virtual circuit that changed its ranking number to submit this change Re using policie...

Page 295: ...FilterRules Any of the following fields may be used to specify how to filter the traffic VLAN Select traffic based on 802 1Q VLAN ID and or 802 iP VLAN priority tag using a pre defined VLAN object Source Direction Destination Select traffic based on one end of the conversation belonging to a pre defined network object static or dynamic or select traffic based on one way or two way conversations be...

Page 296: ...pecify what type of action the rule should take Select one of the following Optimize Selecting optimize causes a new action to appear in the UI where you can specify whether you want to apply bandwidth shaping prioritization acceleration or packet marking Discard Select discard to specify that you want to block a particular type of application by discarding the packets Ignore Select ignore to spec...

Page 297: ...licy on either the Optimizer or Policies tab If you create the policy on the Optimizer tab the policy must first be associated with a specific virtual circuit The policy can be associated with other virtual circuits later If you create the policy on the Policies tab it is then available for use with any of the virtual circuits 2 If not already open select the Optimizertab 3 Click the Create New Po...

Page 298: ...to a pre defined network object static or dynamic or select traffic based on one way or two way conversations between two predefined network objects For the first host select a network object that filters for the initiation of a conversation For the second host select a network object that filters for the destination of the conversation If hosts are not specified ALL network objects are assumed Tr...

Page 299: ... amount of traffic that needs to traverse the network None Do not attempt to reduce the traffic The traffic will still be accelerated via TCP based acceleration techniques Compression Compress the traffic using a network optimized LZ compression algorithm The traffic will also be TCP accelerated NOTE If the compressed output is larger than the original the appliance will send the original Disk De ...

Page 300: ...red when allocating excess bandwidth 5 Enter the FilterRules Related Topics Configuring a policy to accelerate traffic Configuring a policy to discard block traffic Configuring a policy to redirect HTTP traffic to an HTTP Response object webpage Configuring a policy to redirect HTTP traffic to a URL Configuring a policy to mark packets How traffic shaping queue modes work When shaping traffic as s...

Page 301: ...fied in the Optimizer as having 10 Mbps bandwidth in an appliance with four CPUs each CPU policy queue will be allowed 10 Mbps 4 2 5 Mbps per CPU In order to have even distribution it assumes multiple flows that can be distributed among the N CPUs This queueing method is not good for environments where customers validate the amount of bandwidth they receive by sending a single long flow through th...

Page 302: ...ot be limited to 1 N of the traffic when a single flow is tested CAUTION Each virtual circuit is assigned to individual policy queues and any given virtual circuit cannot use a policy queue that it has not been assigned to Therefore the virtual circuits cannot be oversubscribed that is the sum of the desired bandwidths for the virtual circuits cannot be higher than the specified bandwidth of the c...

Page 303: ...WAN or LAN of the appliance For example when used with an inbound Virtual Circuit the first SYN packet will be discarded effectively blocking connection establishment from the WAN but allowing traffic from established connections 2 Enter the FilterRules Configuring a policy to mark packets in the Exinda Web UI Use the following instructions to configure a policy such it marks packets To configure ...

Page 304: ...jects HTML Response For more information refer to HTML Response Objects HTTP traffic matching this policy is presented with HTTP webpager This option is useful to notify users when they are no longer allowed to use the network for HTTP HTTP ALT or HTTPS traffic 2 Enter the FilterRules Similar to other policy configurations you can specify VLAN Source Direction Destination ToS DSCP or Application H...

Page 305: ...iffServ differentiated services field in the IPv4 header and the Traffic Class field in the IPv6 header are industry standard fields used to classify IP packets so that routers can make QoS quality of service decisions about what path packets should traverse across the network Exinda Appliances can read and write ToS DSCP marks in packets allowing users fine grained control and classification of a...

Page 306: ...VoIP utilizes high quality low latency and expensive links or they might want to ensure email or recreational traffic uses cheaper but less reliable links Previously there were 5 different categories that users could classify their traffic with using the IP ToS field see RFC 791 Normal Service Minimize Cost Maximize Reliability Maximize Throughput Minimize Delay These have since been replaced by a...

Page 307: ...oducts can read and write the ToS DiffServ field allowing users to Match packets with a ToS DSCP value and apply optimizer polices to this traffic Mark the packets with a ToS DSCP value based on source destination host subnet source destination port layer 7 application time of day vlan id etc Related topics Match Packets to ToS DSCP Values Mark Packets with ToS DSCP Values Matching packets to ToS ...

Page 308: ...gure such an action When the policy action is set to Optimize several options are available on the right hand side one of which is the ToS DSCP Mark checkbox Users will need to enable this feature by checking the box and selecting the appropriate ToS DSCP mark from the drop down Any traffic that matches the corresponding filter rules is then marked with the specified value and should be treated ap...

Page 309: ...o appliances can also found in the policy trees for each appliance group Go to the desired appliance group in the OptimizerPolicyTree To create a policy set in the Library 1 Go to Library PolicySets 2 Click Create new policyset 3 In the Name section key in a name for the policy The name must be unique within the tenant 4 In the Policiessection add policies to the list You can select a policy from ...

Page 310: ... Optimizer Wizard will delete any existing Optimizer Policies and Optimizer Configuration NOTE When asked if you have asymmetric traffic answer YES if the inbound and outbound direction of traffic are flowing through different links Otherwise select NO The first four questions are always the same Step 1 Do you want to start Optimization when thiswizard iscompleted Selecting YES will start the Opti...

Page 311: ... QoS traffic shaping and Application Acceleration You will need to select the WAN topology that bests represents your deployment and also type the inbound and outbound bandwidths for this Exinda appliance Scenario 2 QoS Only Step 3 Do you have asymmetric traffic NO Step 4 Do you want to enable Optimization YES ...

Page 312: ...emplate to apply one is better suited for Enterprise the other is better suited for Service Providers You will need to select the WAN topology that bests represents your deployment And you will also need to type the inbound and outbound bandwidths for this Exinda appliance Scenario 3 Acceleration Only Step 3 Do you asymmetric traffic YES Step 4 Do you want to enable Optimization NO ...

Page 313: ...mizer Wizard The following tables shows the policies that will be available to some of the default application groups after running the Optimizer wizard No Name Min BW Max BW Priority Accelerate 1 Ignore 2 Accelerate X 3 Choke 1 3 1 3 10 4 Limit Low 2 10 2 10 10 5 Limit Med 3 50 3 50 9 6 Limit High 4 70 4 70 8 7 Guarantee Low 5 100 5 100 7 8 Guarantee Med 8 100 8 100 5 9 Guarantee High 10 100 10 1...

Page 314: ... create policies for the authenticated traffic using the user group network objects and you will also need to create a policy to redirect unauthenticated HTTP traffic to your captive portal and another policy to block other types of unauthenticated traffic You should note that you should ensure that DNS traffic for the unauthenticated users is not blocked Since the Exinda Appliance matches traffic...

Page 315: ... virtual circuit where each policy explicitly filters in favour of the authenticated users Using virtual circuits to filter authenticated traffic is easier if you have many policies that you want applied to the authenticated traffic However since only policies not virtual circuits can ensure preferential treatment of the traffic you need to use policies to filter the authenticated user groups Scre...

Page 316: ...g policies to filter for Authenticated Users with no Virtual Circuit available Creating policies that redirect traffic Creating policies that block unwanted unauthenticated traffic Creating a virtual circuit for unauthenticated users Use the following instructions to create a virtual circuit to filter for unauthenticated users To create the virtual circuit 1 Go to Configuration The page to the rig...

Page 317: ...the Action drop down list select Optimize 5 Set the Guaranteed Bandwidth Acceleration and Packet Marking settings as needed 6 Under FilterRules do the following Set the traffic Source to be the network object for the Active Directory authenticated users group Set traffic Direction to Both Set any other options that you need such as setting a particular application or application group Related Topi...

Page 318: ...TP HTTP ALT and HTTPS The recommendation is to add three filter rules one for each of these applications Similar to other policy configurations in conjunction with the application if needed you can specify VLAN Host Direction Host or ToS DSCP 7 When complete click Create New Policy Related Topics Creating policies to filter for Authenticated Users with no Virtual Circuit available Creating policie...

Page 319: ...l Circuit for Unauthenticated Users Creating policies to filter for Authenticated Users with no Virtual Circuit available Creating policies that redirect traffic 3 5 2 Backhauling Internet traffic A backhauled topology transports traffic between a remote site and the Internet via a centralized backbone such as the headquarters of an organization Because of the layout the traffic may go through an ...

Page 320: ...t same traffic when seen on br20 is then passed though untouched the traffic bypasses br20 For an outgoing accelerated connection the acceleration processing will happen on the first bridge with a match ing acceleration policy In this case where the connection is from the Internet if there is an acceleration policy on br20 the acceleration policy is enacted on br20 and the traffic is left untouche...

Page 321: ...ks those that have exceeded their quota by dynamically adding them to a named network object 2 Add a policy or policies to the Optimizer policy tree for those who are over their limit The policy that addresses those that have exceeded their quota is defined according to your business needs You can choose to throttle their traffic or block it entirely When they have HTTP traffic you can also choose...

Page 322: ...7 Adding a network object OPTION 2 Create a network user group object using the Configuration Objects Users Groups NetworkGroups page Screenshot 148 Choosing the user domain 2 Create an adaptive response limit object that defines the 10GB limit as well as the destination dynamic network object that will contain the students who exceeded their quota using the Configuration Objects Adaptive Response...

Page 323: ... will block the students who have exceeded their quota and ensure that it is first in the virtual circuit The rest of the policies can manage the traffic however you like perhaps choking P2P and throttling streaming Screenshot 150 Setting parameters fora virtualcircuit 4 Create an HTML Response object that defines what the webpage will look like once the shoppers have exceeded 2 hours of usage See...

Page 324: ...rs who have had access for less than 2 hours Screenshot 152 Setting policy tree parameters To create the policy that presents the HTML response web page Screenshot 153 Adding a newVCpolicy 1 Select Return HTML Response as the policy action 2 Select the HTML Response Object that you created in step 3 Web traffic matching this policy will be sent back an HTML response with the contents of the HTML R...

Page 325: ... application traffic they are accelerating For instance these other appliances may be configured to apply DSCP mark 2 to all HTTP traffic and DSCP mark 3 to all SMB traffic Then on the Exinda appliance you can create applications based on the DSCP marks Consider a Riverbed appliance and Exinda appliance in the same environment By default the Exinda Appliance will report the accelerated traffic str...

Page 326: ...nfigured the appliances will auto discover each other and one will be elected as the Cluster Master All configuration must be done on the Cluster Master so when accessing the cluster it is best to use the Cluster Master IP address when managing a cluster CAUTION When upgrading the firmware of appliances that are part of a cluster Exinda recommends that you break the cluster before starting the upg...

Page 327: ...is not shared across the cluster New timestamps are added to the data when it enters the other appliances in the cluster If there is a delay in sharing this information which could be due to the appliances in the cluster being separated physically by a great distance or by not providing enough bandwidth between the clustered appliances the reports may not appear similar on the different appliances...

Page 328: ...tate The state online or offline of a given node Create a cluster of Exinda Appliances Configuring the appliances in the network to behave as a cluster allowing for high availability and failover involves two steps 1 Adding Exinda Appliances to the cluster 2 Specifying what data is synchronized between the cluster members Once the appliances are configured the appliances will auto discover each ot...

Page 329: ...lusterMasterSettingsarea select eth1 and type the external address used to access the appliances 5 Repeat these steps all each Exinda Appliance joining the cluster Once these settings are saved the appliances will auto discover each other and one will be elected as the Cluster Master All configuration must be done on the Cluster Master so when accessing the cluster it is best to use the Cluster Ma...

Page 330: ... 0 160 on both appliances regardless of which of these two appliances becomes the Cluster Master it will be reachable on the 192 168 0 160 IP address The Cluster Internal IP on Exinda 1 is configured as 192 168 1 1 and on Exinda 2 as 192 168 1 2 Once these settings are saved the appliances will auto discover each other and one will be elected as the Cluster Master All configuration must be done on...

Page 331: ...E An Exinda Appliance goes into bypass mode by default if it is shut down In an HA Cluster environment in order to maintain control and visibility on the network the administrator might want the entire traffic to failover to a backup link if the Exinda appliance on the active one is offline In order to do this you need the appliance that went offline to purposefully break the traffic so the HA pro...

Page 332: ...g back on This appliance will now be the standby appliance Configuring Exinda Appliances for clustering Before configuring clustering the Exinda Appliances must be correctly cabled It is recommended that each appliance in the cluster be connected and configured with a dedicated management port In addition clustering requires a dedicated interface for traffic that is internal to the cluster Any int...

Page 333: ...160 24 3 Enable the cluster config cluster enable NOTE Configuration changes should only be made on the Cluster Master node The role of the node currently logged into will be displayed in the CLI prompt as shown below exinda 091cf4 exinda cluster master config 4 It is possible to view the status of all the members of a cluster from the CLI by issuing the following command config show cluster globa...

Page 334: ...ll also be referencing the Anonymous Proxy application If you want to block anonymous proxy traffic the anonymous proxy discard policy must be above earlier than any policy that references the Recreational application group in the Optimizer policy tree Screenshot 159 Blocking Anonymous Proxies using the Optimizer 3 6 Managing Exinda Appliances with EMC The appliances list shows the appliances that...

Page 335: ...d Appliances list Selecting Configured Appliances Appliancesshows the appliances that can be configured by the Exinda Man agement Center In order to apply configuration to an appliance it must first be moved to the tenant s Configured Appli ances group Appliance groups can be added to the Configured Appliances group so that the appliances can be organized in a way that makes sense to you Perhaps y...

Page 336: ...appliances upon the next call into the Exinda Management Center To move an appliance 1 Select the node in the Tenant tree that contains the appliance you need to move For instance it could be in the Appliance Pool groups on premises EMC deployments only Not Deployed Appliancesin the tenant Configured Appliancesgroup or one of its nested groups in the tenant 2 The system shows the list of appliance...

Page 337: ... group and press Enterto commit the name To edit an appliance group name 1 Click the appliance group header menu and click the menu icon of the group that you want to rename 2 Select the Edit menu item 3 Type the name of the group to create the group To delete an appliance group 1 Click the appliance group header menu and click the menu icon of the group that you want to delete 2 Select the Delete...

Page 338: ...and how much bandwidth it is allowed Dynamic Virtual Circuits Dynamic virtual circuits provide a means to configure fair sharing among the hosts or to configure a limit to the number of hosts so that those hosts get preferential treatment Policy Sets Ordered list of policies that can be applied to one or more virtual circuits in one or more appliance groups Policies Define the actions to perform o...

Page 339: ...sted service and a virtual appliance SDP simplifies the tasks of installing configuring monitoring and reporting WAN optimization appliances It is a key differentiator in the traffic shaping WAN optimization space A fundamental component of Exinda s Unified Performance Management solution it rounds out the Exinda product line and makes it the most comprehensive and effective solution for achieving...

Page 340: ...e Change individual or mass device config Maintains an archive system for previous device configuration files Supports manual change of a device config Deploying policies to a single or multiple device s Central firmware manager Displays all available firmware updates Update firmware on a single or multiple device s Scheduling future firmware update Central reporting manager Provides access to pre...

Page 341: ...found on the maintenance certificate sent to the end user You can also request this by sending your serial number or hardware key to support exinda com For more information refer to SDP appliance system settings page 346 Registering 1 Go to https sdp auth exinda com sdp registration php 2 Enter your email address 3 Click Submit You will receive a registration confirmation email from Exinda with yo...

Page 342: ... settings in SDP The SDP admin menu allows you to configure your SDP appliance settings To access the SDP admin menu go to https ip address admin and log in The default username and password is admin You can now view the admin menu You have the option to add view users and allocate appliances to them You can also change the default password and the admin email address upload a new firmware for lat...

Page 343: ...s all registered users and the appliances that have been allocated to them 2 You can delete a user by clicking Delete To Allocate an appliance 1 Click Allocate Appliance 2 Select the appliance you would like to allocate to a user 3 Click Allocate 4 Select a user from the drop down menu 5 Click Confirm NOTE You cannot allocate an appliance to multiple users ...

Page 344: ... 2 Select a registered user from the drop down menu 3 Select the appliance s you would like to remove from the user s account 4 Click Deallocate To change the Admin email 1 Click Change Admin Email 2 Enter the new email address 3 Click Save 4 An email notification will be sent to the new address ...

Page 345: ... information can be found on the sup port section of the Exinda Website 4 Enter the release code Please email on sdp exinda com to obtain the release code 5 Enter a link to the release notes of the new firmware The release notes can be found on the support section of the Exinda Website 6 Click Save To upload a new firmware file 1 Click Upload Firmware 2 Click Browse and select the firmware file fo...

Page 346: ... the Host ID and serial number of the new one 3 Click Save 4 Then follow the Allocate an appliance steps to add the new appliance to a user account The allocate process should NOT be performed prior to the replace hardware process SDP appliance system settings The SDP webmin menu allows you to set up the SDP appliance To access the webmin menu go to default address and login The default username a...

Page 347: ...1 Go to Servers Postfixconfiguration 2 Click General Options 3 Change What domain to use in outbound mail to appropriate value 4 Change Local internet domain name to appropriate value 5 Click Save and Apply Network Configuration 1 Go to Networking NetworkConfiguration 2 Configure the following settings a Click Hostname and DNS client to change the server s hostname and DNS IP address Click Save b ...

Page 348: ... Download relevant SDP file from the link provided An email is sent to customers with the activation key and down load link If it is to update SDP software filename will be SDP ear and if it is to update Admin portal file name will be SDP admin ear 2 Login to webmin admin console via https ip 10000 3 Go to Others Upload and Download 4 In Upload and Download window specify file to upload by clickin...

Page 349: ...t Settings 3 Select the gadgets you would like to include in your dashboard 4 Click Save To subscribe to daily email updates 1 Click Setup 2 Click Email Subscription 3 Check Subscribe to dailyupdatesand Notifyon myactionsoptions as required 4 Select a schedule time from the drop down This defines the time that you will be receiving the daily updates 5 Click Save To view new features Go to Setup an...

Page 350: ...ate view or edit a user user group or device group To create a new user account under your profile 1 Click Setup 2 Click Usersand Groups 3 Click Create New User 4 Enter the new user s first and last name 5 Enter the new user s email address 6 Click Save After creating a new user account you need to set users privileges You can select which Exinda devices the user will have access to when logging i...

Page 351: ...ss and W for write access 7 Click Save NOTE A user s email address cannot be edited To create a new user group under your profile Click Setup Click Usersand Groups Click Create New UserGroup Enter a Group Name Select the users you wish to include in the group Hold the ctrl key down for multiple selections Click Save To set user group privileges 1 Click Setup 2 Click Usersand Groups 3 Click View Us...

Page 352: ...r in any group for that device To create a new appliance group 1 Click Setup 2 Click Usersand Groups 3 Click Create New Appliance Group 4 Enter a name for the Appliance Group 5 Select the device s you wish to include in this group Hold the ctrl key down for multiple selections 6 Click Save Configuring SDP policy service SDP Policy Service provides functionality to minimize user input and to ensure...

Page 353: ...the user 4 Click Save 3 7 4 Tools Click Toolson the menu located at the top right corner The Tools menu gives the option to search a device s details such as software subscription SS expiration date firmware version and product hardware activation keys This feature is only available on hosted Exinda SDP You can also log a configuration recommendation request to Exinda TAC via this page To search a...

Page 354: ...3 Select the appliance for which you would like a config recommendation 4 Input the Inbound Outbound bandwidth and latency information 5 Upload your network information and any other files you feel will be useful for an accurate recommendation You can upload up to 3 files of 1MB maximum size 6 Give a detailed explanation of what you are trying to achieve with the exinda 7 Click Submit 8 Exinda TAC...

Page 355: ...ter the device management view 2 Click Group View 3 Click Create New Group 4 Enter a group name 5 Select the appliances you wish to include in the group 6 Click Save The default view is list If you would to make group the default view navigate Setup Default view settings and select Group view This change will be effective next time you log into your account To delete an appliance group navigate to...

Page 356: ...e these template variables with the values you have entered here In addition the Optimizer Wizard will use these values to help you complete the Wizard Local Subnets is also an optional setting You can specify create_local_networkobjects in a Manual Configuration Change to create a Network Object called Local containing the subnets you have entered here Related topics Create Custom View Edit Confi...

Page 357: ... Make necessary changes 5 Click Save To delete a device custom view 1 Click Applianceson the top menu to enter the device management view 2 Select a view form the drop down menu 3 Click Edit View 4 Click Delete Editing appliance configurations When a device is online you can view the config and perform any required changes The available options depend on the firmware version currently installed in...

Page 358: ... list off all completed actions will be displayed You can select to view all or pending only action from the drop down menu Also see Status To restore a previous config 1 Go to the Appliancespage 2 Select a device The device status must be online 3 Click Show Config to view the text based configuration 4 Click Edit Config 5 Select one of the previous configuration files You can view and or restore...

Page 359: ...ct a firmware upgrade version 5 If you want the upgrade to take a place in the future choose a desired date and time Otherwise click Next 6 Review all information and click Confirm NOTE The mass update feature is only available for appliances running on firmware version 5 Creating and applying configuration templates in SDP If your appliance is running on V5 then you ll have the option to create a...

Page 360: ...d reports All dashboard items are aggregate reports but you can view appliance individual reports by clicking on the graphs To create a Dashboard view 1 Click Dashboard on the top menu to enter to the dashboard view 2 Click Dashboard List 3 Click Create New dashboard 4 Enter a Title for the new dashboard 5 Enter a Description for the new dashboard 6 Select a layout style 7 Set accessibility of the...

Page 361: ...ick Reportson the top menu to view or edit existing reports create new ones and set report schedules To create a custom report 1 Click Reportson the top menu to enter the device management view 2 Click Create Custom Report 3 Enter a Name and Description for the new report ...

Page 362: ...d report 4 Specify email addresses of the recipients to whom you want this report to be sent 5 Select the Report Frequency This determines how often you would like this report to generated and sent If you select a daily frequency you re also provided with the list of the days in a week to include or exclude from 6 Enable or Disable the scheduler as required 7 Select the Reportsto include in this s...

Page 363: ...report For best image quality we recommend to upload image resolution of 1024 x 450 or similar NOTE All reports are based on your time zone settings To configure your time zone settings navigate to Setup Timezone settings 3 7 8 Viewing the config log in SDP Click Config Log on the top menu to enter the Config Log page The log shows a list of actions including user login configuration changes and f...

Page 364: ...Exinda Network Orchestrator 3 Using 364 NOTE The time date are based on your time zone settings To configure your time zone settings navigate to Setup Timezone settings ...

Page 365: ... 1 10 Overview of QoS by host 403 4 1 1 NIC configuration The NIC settings page is used to set the speed duplex and MTU of the System NICs to set the behavior of the bridges in the event of an appliance failure for example fail to wire and to set the behavior of the second port in a bridge pair when the first port goes down for example link state mirroring Interface Settings You need the Exinda ap...

Page 366: ...interfaces Fail to Wire bypass The Fail to Wire bypass settings control the behaviour of the Exinda appliance bridges in the event of failure power outage or reboot Depending on the hardware appliance and the type of interface cards installed fail to wire or bypass settings may be configured globally or per bridge Screenshot 163 Independently controllable bypass bridges Screenshot 164 Globally con...

Page 367: ...negotiated with the neighboring equipment 5 Click ApplyChanges To configure the failover mode of the bridges 1 For each bridge check the Enable Failovercheckbox and set the On Failoverstatus On failover the bridge will be automatically moved to the specified mode Bypass The traffic passes through the Exinda appliance but is not intercepted or manipulated No link The bridge interfaces are forced to...

Page 368: ...a appliance allows you to configure bridges and network interfaces as required A bridge consists of a LAN and WAN interface Bridges can be enabled and roles can be assigned to an interface Cluster Mirror or WCCP and IP settings applied The form displays an image showing the available physical interfaces physical interface to I O slot and physical interface to bridge assignments ...

Page 369: ...Exinda Network Orchestrator 4 Settings 369 ...

Page 370: ...find the Exinda appliance Click on the Exinda appliance that has been found to access it If a DHCP address is not picked up the Exinda will default to the IP address of 172 14 1 57 The VLAN configuration allows an An 802 1Q VLAN ID to be set on an interface The VLAN ID can be between 1 and 4094 The Cluster Master address is the external address used to access an appliance in HA environments Furthe...

Page 371: ... the address of your network s default IPv4 and IPv6 gateways 4 1 3 Routes configuration Static routes may need to be defined when access to external networks cannot be reached via the default gateway This may be necessary so the appliance can connect to services such as DNS or NTP Routing table entries are shown for IPv4 and IPv6 networks The destination gateway interface source and state is show...

Page 372: ...iguration The DNS page is used to set a host name for your Exinda appliance and to configure the location of your DNS server s You can also configure domain names that can be used to resolve hostnames in other configuration screens The Exinda appliance hostname should be unique on the network The DNS server setting may be dynamic configured by the DHCP server or it could be configured by entering ...

Page 373: ... do I find this configuration Go to Configuration System Network DNS To configure the appliance s hostname 1 In the System Host Name section in the Host Name field type the name for this appliance 2 Click ApplyChanges How to know if the DNS was configured by the DHCP server In the Static and Dynamic Name Servers section there will be an IP address where the source is indicated to be dynamic ...

Page 374: ...ion Specify a HTTP proxy if you would like the appliance to access Exinda s server via HTTP proxy Access to Exinda s HTTP server is required for firmware updates license updates and Anonymous Proxy updates If you have SDP enabled please ensure your proxy supports HTTPS Where do I find this configuration Go to Configuration System Network HTTPProxy To configure access to Exinda s server via HTTP pr...

Page 375: ...wing instruction to configure the SMTP server settings 1 Go to Configuration System Network Email SMTPServer 2 In the SMTPServerName field type the name NOTE You can use IPv4 or IPv6 addresses or DNS names 3 In the SMTPServerPort field type the port number NOTE The default port number is 25 ...

Page 376: ...ents 1 Go to Configuration System Network Email Add New NotifyRecipients 2 In the Email Addressfield type the email address 3 Select the types of notifications the user should receive Verbose Detail Send detailed event emails to the user Info Emails Send informational emails to the user Failure Emails Send failure emails to the recipient 4 Click Add New Recipient The new recipients are added to th...

Page 377: ...on The Exinda appliance allows data export to SNMP systems Configure the SNMP settings or download the Exinda SNMP MIB NOTE To disable or enable SNMP traps for system alerts see For more information refer to Alerts page 454 Configuring SNMP Use the following instructions to configure SNMP 1 Go to Configuration System Network SNMP SNMPConfiguration ...

Page 378: ...IB II 5 In the SysLocation field specify the syslocation variable in MIB II 6 Type the Read onlyand Default Trap community string NOTE When the Read only community is changed to have a value that does not match an existing community a new SNMP community is added to the list 7 Click ApplyChanges Removing an unwanted SNMP Community Use the following instructions to remove an unwanted SNMP community ...

Page 379: ...NMP authentication for Admin user Use the following instructions to change the SNMP authentication for the Admin user 1 Go to Configuration System Network SNMP SNMPv3Admin User 2 If you need to enable Admin User select the checkbox 3 From the Authentication Type spin box select either SHA1 or MD5 4 From the PrivacyType spin box select either AES 128 or DES 5 If necessary change the Authentication ...

Page 380: ...rvers Use the following instruction to remove a trap sink server 1 Go to Configuration System Network SNMP 2 In the Trap Sinksarea select the server from the list and click Remove Server Defining SNMP trap destinations Use the following instructions to define where SNMP traps are sent 1 Go to Configuration System Network SNMP 2 In the Add New Trap Sinkarea specify the hostname or IP address of the...

Page 381: ... use AD groups and usernames within optimization policies allowing you to implement QoS and Optimization Policies based on individual users or entire groups Integration requires a proprietary Exinda AD Connector service installed onto a server in the network that has access to the Active Directory server After configuration the Connector functions as a gateway between the Active Directory Server a...

Page 382: ...rate Active Directory with the Exinda Appliance you need to install the Exinda AD Connector service on a Windows server that can then connect to the Active Directory server Each Exinda AD Connector can talk to up to 20 Exinda appliances You can download the Active Directory Connector from the Configuration System Network Active Directorytab on the Exinda Appliance Click on the Microsoft Installer ...

Page 383: ...da AD Connector on a server that is not a domain controller ensure that the account in charge of running the service is an Active Directory domain admin account To provide the required permissions 1 Run Services msc as an Administrator 2 Find the entry for the Exinda ADservice 3 Right click on it and select Properties 4 On the Log On tab click Browse and select the domain and administrator account...

Page 384: ...lation file 2 Read and accept the end user license agreement and then proceed through the screens making the selections indicated below and clicking Next where needed Specify the directory where the Exinda Active Directory Connector should be installed Select whether the Active Directory server is on thisserveror anotherserver If the connector is not installed on the server with Active Directory t...

Page 385: ...e Exinda Appliances to the Exinda AD Connector Identify the Exinda Appliance using this Exinda AD Connector to retrieve user and group information NOTE Each installation of the Active Directory Connector can have a maximum of 20 Exinda Appliances connected to it If there are more than 20 Exinda Appliances install the connector on multiple Windows servers and divide the appliances across multiple i...

Page 386: ...on the Exinda Appliance Wait a few moments to ensure the information on the Active Directory tab updates with new information IPAddress The IP address of the server running the Exinda AD Connector WindowsVersion The version of Windows on the Active Directory server Version The Exinda AD Connector version Agent Name The Exinda AD Connector name Last Contact The last time the Active Directory server...

Page 387: ...ation and authentication credentials of the Active Directory server NOTE You need to complete these instructions only if the Exinda AD Connector is NOT installed on the Active Directory server 1 Launch the Exinda AD configuration utility and switch to the AD Server tab 2 Select anotherserver and then type the IPAddressor the hostname of the Active Directory server 3 To authenticate against the ser...

Page 388: ...ess 2 Key in the UserName and Password 3 Click Login The Exinda Web UI appears 5 Click Configuration System Network and switch to the Active Directorytab 6 To clear user group and login data from the appliance and requests an update from the Active Directory clients click Renumerate Change the state of the Exinda AD Connector Temporarily stop or disable the Active Directory integration to help wit...

Page 389: ...t has the user as Domain test user the traffic is not excluded NOTE Regardless of the case of usernames in Active Directory the Exinda Appliance displays the usernames with the first name capitalized and the surname in lower case for example Domain Test user Do not use the value in the Exinda Appliance when adding a username to the Excluded list 4 Click Apply 5 Request updated user and group infor...

Page 390: ...Citrix XenApp server hosts a virtual desktop with pre installed software that users with the correct credentials can access as needed This allows the company to provide access to commonly used software without having to maintain and upgrade installations on each client computer in the network Because the Citrix XenApp server is treated as a single IP address by the Exinda appliance and the IP addr...

Page 391: ...nector so the user names can be displayed in reports on the Exinda Appliances The Exinda Citrix XenApp Plugin must be installed on each Citrix XenApp server in the network NOTE The Exinda Citrix XenApp Plugin is supported on Citrix XenApp Servers version 6 0 1 Download the installer the Exinda Appliance a Click Configuration System Network and switch to the Active Directorytab b Download the Micro...

Page 392: ...e Depending on the logging level selected the Exinda Citrix XenApp Plugin records various types of data in a log file The available log levels include Error Warning Info and Verbose By default the log sensitivity is Warning The location of the log file and the level of detail recorded in the log file are configurable 1 Open the Exinda Citrix XenApp Plugin 2 On the ADServertab specify the location ...

Page 393: ...to be based on one of the following L7 signature L7 signature ports or protocols Network object ports or protocols Network object Ports or protocols NOTE Network objects cannot be used in conjunction with a layer 7 signature 3 Select the NetworkObject for the application If the network object is internal then traffic inbound to the LAN with the network object as a destination will be matched to th...

Page 394: ...re there Some Layer 7 signatures have additional options that allow you to define application objects based on specific parts of that L7 Signature When configuring new application object the L7 signatures followed by in the drop down list have additional options Most provide options that you simply select from Some require a selection plus additional information The following table explains the va...

Page 395: ...backslash Keywords are bare common_name with no quotes Keywords are bare host with no quotes Grouping is supporting using parenthesis Operators supported are or and andand has higher precedence than or The comparison operators that are available are Description Syntax Example equals keyword value host example com does not equal keyword value host example com contains substring keyword value host e...

Page 396: ...porting using parenthesis Operators supported are OR and AND AND has higher precedence than OR The keywords for SSL are common_name cn and organization_name o The comparison operators that are available are Description Syntax Example equals keyword value common_name John does not equal keyword value common_name John contains substring keyword value common_name John does not contain substring keywo...

Page 397: ... Users on the Network The Network Users Internal and Users External reports displays the top users sending traffic through the network 1 On your browser open the Exinda Web UI https UI_IP_address 2 Key in the UserName and Password 3 Click Login The Exinda Web UI appears 5 Click Monitor Network 6 In the Select Graph to Display list select Users Internal or Users External 7 Set the Time Period Refle...

Page 398: ...s and the Internet via a centralized backbone which is typically at headquarters This means that traffic may go through your Exinda appliance at headquarters twice from the source through the Exinda appliance turning around at a router back through the Exinda appliance and on to the destination This is problematic for accelerated traffic because you do not want to re accelerate the traffic The dua...

Page 399: ...on the same bridge as the SYN ACK from the server For monitoring dual bridge bypass controls how flows are tracked and how flows appear in the real time monitor When enabled the same flow is tracked separately on each bridge This allows you to see the different policies and transfer rates that are being applied on each bridge in the real time monitor This may be desirable when you have dual bridge...

Page 400: ...rk group object in the Host source and destination fields and specify the ToS DSCP or Application traffic to be affected 9 Click Create New Policy NOTE Once the desired policies are in place on all Exinda appliances restart the Optimizer On the appliance status bar click Restart 4 1 9 IPMI Configuration The Intelligent Platform Management Interface IPMI is a specification for remote server managem...

Page 401: ...and you want the IPMI interface to also be on that VLAN you can enable VLAN support and specify an 802 1Q VLAN ID Screenshot 167 Configure the appliance to be managed via IPMI Where do I find this configuration Go to Configuration Objects Adaptive Response NetworkObjects To configure IPMI settings Using a static IP address and gateway 1 To enable IPMI management select the Enable checkbox 2 Enter ...

Page 402: ...802 1Q VLAN ID 4 Click ApplyChanges To change the IPMI username and password 1 Enter the AdministratorUserName 2 Enter the New Password and then type it again in the Confirm Password field 3 Click Change Details Which Exinda models support IPMI The table below shows the Exinda models that support IPMI and their capabilities Model NIC User Interface 306X Shared eth1 CLI 406X Shared eth1 CLI ...

Page 403: ... on the Do Power Action button EXAMPLE Power cycle the Exinda appliance with IPMI address 192 168 110 61 config ipmi power address 192 168 110 61 username admin password exinda control cycle Chassis Power Control Cycle EXAMPLE Show the current power state of the Exinda appliance with IPMI address 192 168 110 61 config show ipmi power address 192 168 110 61 username admin password exinda 4 1 10 Ove...

Page 404: ...virtual circuit 9 To enable Per Host QoS select the Dynamic Virtual Circuit checkbox The dialog box expands to show the Dynamic Options 10 In the PerHost Bandwidth field set the amount of bandwidth in kB s or percentage of the virtual circuit band width that each host will receive This bandwidth is guaranteed so it will be available to each host if required NOTE If you select AutomaticallyShare th...

Page 405: ...osts Auto Internal Users is a Network Object that defines all hosts on the LAN side of the Exinda appliance If there is 1 user the user gets the full 1024 kb s If there are 2 users they each get 512 kb s and can burst up to the full 1024 kb s if the other user is not using their guaranteed 512 kb s If there are 10 users they each get 102 kb s and can burst up to the full 1024 kb s if the other use...

Page 406: ...c This VC will match all Internal User s Citrix traffic If there is 1 user the user gets 64kbps for their Citrix traffic and cannot burst If there are 16 users they each get 64kbps for their Citrix traffic and cannot burst If there are 30 users the first 16 users each get 64kbps for their Citrix traffic and cannot burst The remain ing 14 users will not match this VC Specify when multi queue is act...

Page 407: ...pecified in the time range The Current Rate is the policy throughput averaged over the last 20 seconds 1 On your browser open the Exinda Web UI https UI_IP_address 2 Key in the UserName and Password 3 Click Login The Exinda Web UI appears 5 Click Monitor Control Policies 6 Filter the charts by selecting the relevant Circuit Virtual Circuit and Policy The charts are updated immediately to reflect t...

Page 408: ...it each host is limited to a maximum bandwidth of 100 kbps With Max Hosts set to Auto a maximum of 5000 hosts can fall into this Dynamic Virtual Circuit This is calculated by assuming each host is entitled to a minimum bandwidth of 10 kbps as Automatically Share is selected ...

Page 409: ... P2P traffic summed across all hosts is capped at 32 kbps with a guaranteed rate of 16 kbps To further illustrate this example suppose there are 100 active users all using P2P applications on the WAN The per host bandwidth is 100 kbps but the P2P policy caps bandwidth at 32 kbps which will be fairly shared between each user So we would expect to see P2P traffic per user at approx 320 bps Limit App...

Page 410: ... P2P Dynamic Virtual Circuit each host is limited to 20 kbps of P2P traffic With MaxHostsset to Auto a maximum of 500 hosts can fall into this Dynamic Virtual Circuit Additional hosts will share bandwidth allocated in the P2P Overflow Virtual Circuit ...

Page 411: ...Exinda Network Orchestrator 4 Settings 411 Screenshot 168 P2P OverflowVirtualCircuit ...

Page 412: ... 4 Settings 412 Screenshot 169 Dynamic VirtualCircuit To Share Remaining Bandwidth Create a Dynamic Virtual Circuit using the remaining bandwidth Each user is limited to a maximum bandwidth of 100 kbps for all other applications ...

Page 413: ...da Network Orchestrator 4 Settings 413 Guarantee Application Bandwidth EXAMPLE Guarantee 30 kbps per host for the Citrix application Citrix typically requires 20 to 30 kbps of bandwidth to work effectively ...

Page 414: ...e each user is guaranteed 30 kbps for Citrix Furthermore each user can burst up to 100 of the Dynamic Virtual Circuit bandwidth With MaxHostsset to Auto a maximum of 333 hosts can fall into this Dynamic Virtual Circuit Additional hosts will share bandwidth allocated in the second Dynamic Virtual Circuit ...

Page 415: ...ForRemaining Bandwidth The WANDynamic Virtual Circuit has PerHost Bandwidth set to AutomaticallyShare Each user will be allocated a percentage of the Dynamic Virtual Circuit bandwidth This is calculated by dividing the Dynamic Virtual Circuit bandwidth by the number of active hosts ...

Page 416: ...r 4 Settings 416 Per Host QoS with Active Directory EXAMPLE Restrict users in the Active Directory Students group to 100 kbps 1 Using the Web UI Advanced Mode go to Configuration Objects Users Groups Edit the Students DEV group ...

Page 417: ...72 Active Directory Groups 2 Each host is limited to a maximum bandwidth of 100 kbps With PerHost Bandwidth set to AutomaticallyShare a maximum of 400 hosts can fall into this Dynamic Virtual Circuit 3 Create a Network Object from the Active Directory group ...

Page 418: ...Exinda Network Orchestrator 4 Settings 418 Screenshot 173 Map AD Group Students To Network Object Students 4 The Network Object Students can now be used in a Dynamic Virtual Circuit ...

Page 419: ...ynamic VirtualCircuit 5 Each host in the Students Network Object is limited to 100 kbps With Max Hosts set to Auto a maximum of 2400 hosts can fall into this Dynamic Virtual Circuit Additional hosts will share bandwidth allocated in the Students Overflow Virtual Circuit ...

Page 420: ...Exinda Network Orchestrator 4 Settings 420 Screenshot 175 Students OverflowVirtualCircuit ...

Page 421: ...s 421 Screenshot 176 Dynamic VirtualCircuit ForRemaining Bandwidth 6 Another Dynamic Virtual Circuit can be created to share the remaining bandwidth for other hosts In this example each host is guaranteed 100 kbps with No Bursting Allowed ...

Page 422: ...0 MB per day 1 Create the Network Object Studentsbased on the Active Directory Studentsgroup as shown in the previous topic 2 Using the Web UI Advanced Mode go to Configuration Objects Adaptive Response 3 Create a new Adaptive Response rule based on the StudentsNetwork Object Each host is allowed to download 100 MB per day before being placed into the Students_Shaped Network Object ...

Page 423: ... Virtual Circuit with NetworkObject set to Students_Shaped Hosts matching this Network Object will fall into this Dynamic Virtual Circuit 5 Each host is limited to a maximum bandwidth of 100 kbps With PerHost Bandwidth set to AutomaticallyShare a maximum of 400 hosts can fall into this Dynamic Virtual Circuit ...

Page 424: ...Exinda Network Orchestrator 4 Settings 424 Screenshot 178 Students Dynamic VirtualCircuit 6 Additional hosts will share bandwidth allocated in the Students Overflow Virtual Circuit ...

Page 425: ...Exinda Network Orchestrator 4 Settings 425 Screenshot 179 Students OverflowVirtualCircuit Screenshot 180 VirtualCircuit To Share Remaining Bandwidth ...

Page 426: ...2 5 Monitoring Configuration 446 4 2 6 Netflow Configuration 450 4 2 7 Create a Scheduled Job 453 4 2 8 Alerts 454 4 2 9 Control Configuration 457 4 2 10 Disk storage explained 457 4 2 1 Date and Time Configuration It is important to accurately set the date and time of your Exinda appliance so that all time based functions use the appropriate time It is highly recommended to set the date and time ...

Page 427: ...tamps Schedule based policies need to take effect at the appropriate times Scheduled events such as scheduled reports or scheduled jobs need to occur at appropriate times Note that when the current time on the appliance is out of sync with the date time provided by the NTP servers the NTP servers will slowly adjust the clock time If the appliance s time is significantly out of sync with the NTP se...

Page 428: ...not applied If the NTP Time Synchronization checkbox is checked then the manual date time setting will not be applied To force a time reset when the time is significantly out of sync On the command line type ntpd ntp server address ntp server address The location of an NTP server specified as hostname or IPv4 IPv6 address This command is similar to the deprecated ntpdate command 4 2 2 UI Access Co...

Page 429: ... gets automatically logged out To configure the system to never automatically log out set the field to 0minutes It is not recommended to change the values in the Web Session Renewal field or the Web Session Timeout field 3 Click ApplyChanges To enable HTTP or HTTPS web access 1 Ensure the Web UIEnable checkbox is checked 2 To enable HTTP access check the HTTPAccesscheckbox and specify the HTTPPort...

Page 430: ...er information consult the SDP User Manual 4 2 4 Configure SQL Access The SQL Access feature on an Exinda appliance provides access to the traffic monitoring database from any ODBC compliant application In order to use this feature SQL access needs to be configured on the Exinda appliance and an ODBC driver needs to be installed and configured on a client ODBC aware applications running on the cli...

Page 431: ...e Password Specify a password to use for authentication Confirm Password Retype the password specified above Apply the changes The SQL access will be made available immediately A successfully configured appliance would look something like Once remote SQL access has been configured on the Exinda appliance the next step is to create an ODBC data source on the client See the following for more inform...

Page 432: ...r you wish the SQL data to be made available to only the current user User DSN or all users System DSN Then click Add This will start a wizard that allows you to create a new data source 3 Select MySQL ODBC Driverand click Finish You will be prompted to enter details about the SQL access using the form below ...

Page 433: ...ame you specified when enabling SQL access on the Exinda appliance Password Enter the password you specified when enabling SQL access on the Exinda appliance Database Once the above fields are configured press the Test button If the connection attempt is successful the Database drop down will be populated with a list of available databases Select monitor Here is what a successful configuration loo...

Page 434: ...Exinda Network Orchestrator 4 Settings 434 Click OK This will add the Exinda SQL Database to the list of available data sources that can be used by 3rd party applications on this client ...

Page 435: ... Data Sources ODBC You should be presented with the following dialog Select the UserDSNtab or the System DSNtab depending on weather you wish the SQL data to be made available to only the current user User DSN or all users System DSN Then click Add This will start a wizard that allows you to create a new data source ...

Page 436: ...r 4 Settings 436 Select MySQL ODBC Driverand click Finish You will be prompted to enter details about the SQL access using the form below Data Source Name Description Enter a descriptive name for the DSN E g Exinda SQL Database ...

Page 437: ...bling SQL access on the Exinda appliance Database Once the above fields are configured press the Test button If the connection attempt is successful the Database drop down will be populated with a list of available databases Select monitor Here is what a successful configuration looks like Click OK This will add the Exinda SQL Database to the list of available data sources that can be used by 3rd ...

Page 438: ...n that is capable of accessing data from ODBC data sources For the purposes of this How to Guide we will use Microsoft Excel as an example From the Data tab in Excel select From OtherSources From Microsoft Query You will be presented with a dialog box that allows you to select the DSN you created in the previous chapter ...

Page 439: ...w you to choose from the available tables and select the columns to query Select a table and click the button to move that table s fields into the list of columns to query Click through the wizard optionally specifying columns to filter or sort by Then click Finish to return the data to Excel ...

Page 440: ...preadsheet SQL Schema There are a total of 10 tables available for access via SQL Name Description flows_hourly Flow records at an hourly resolution that is information for each flow is stored hourly on the hour flows_daily Flow records at daily resolution that is information for each flow is stored daily on the day at midnight ...

Page 441: ...mmarized by internal host Each record contains information gathered over a 5 minute period flows Table The following table describes the schema of the flows_ SQL tables Field Type Description id unsigned 32 bit integer A unique id that defines this record This is the primary key in_ip binary 128 bit A 16 byte 128 bit representation of the internal IPv6 address the IP address on the LAN side of the...

Page 442: ...is flow during the sample period bps timestamp unsigned 32 bit integer A UNIX timestamp number of seconds since epoch 1st Jan 1970 that represents the start of the sample period in_ username string A string representation of the username that was assigned to the internal IP of this flow when it was created if available ex_ username string A string representation of the username that was assigned t...

Page 443: ...he schema of the app_ids_and_names SQL table Field Type Description app_id unsigned 24 bit integer A unique id that defines the Application This is the primary key app_name string The Application name e g HTTP Hotmail deleted_ flag unsigned 8 bit integer A flag indicating if the Application has been deleted from the appliance 0 no 1 yes urls Table The following table describes the schema of the ur...

Page 444: ...otocol numbers for more information app_id unsigned 24 bit integer The internal Exinda Application ID assigned to this flow This represents Exinda s classification of the flow A zero value should be interpreted as unclassified bytes_in unsigned 64 bit integer The number of inbound WAN LAN bytes recorded for this flow over the sample period bytes_out unsigned 64 bit integer The number of outbound L...

Page 445: ...n external host summary_hosts_ex A host is internal if it is on the LAN side of the appliance and external when on the WAN side Field Type Description ip binary string A string representation of the internal or external IPv4 or IPv6 address of the host bytes_in unsigned 64 bit integer The number of inbound WAN LAN bytes recorded for this flow over the sample period bytes_out unsigned 64 bit intege...

Page 446: ...ggressive to be when attempting to recognize BitTorrent eDonkey Skype and flow detection For analyzing traffic for specific application types Application Specific Analysis Modules ASAM you can specify whether to extract data from Citrix http and SSL traffic whether to identify anonymous proxies in the traffic whether to analyze VoIP traffic whether to calculate the performance and health of connec...

Page 447: ...ith Layer 7 rules are ignored MonitorIPv6LinkLocal Traffic Indicates whether to monitor IPv6 link local traffic that is non routable traffic that is only valid on the single network segment The default is to not monitor this traffic as it is not representative of your net work user s traffic It is mostly used for network discovery OpenVPNDetection Indicates the sensitivity for detecting OpenVPN tr...

Page 448: ...abled every URL seen by the appliance is logged to the database Specify how long in days the data will be saved This module is disabled by default To control the order of resolution methods tried when resolving IP addresses to hostnames Go to Configuration System Setup Monitoring tab Host Resolution Method form There are multiple host resolution methods that can be used to resolve IP addresses to ...

Page 449: ...ive traffic flows through the appliance disabling this option will reduce CPU usage However the detailed records will no longer be col lected and drill down information for Applications Hosts Conversations will no longer be available Summary inform ation that is totals for the entire appliance will be available for Applications Hosts and Conversations Ignore Internal to Internal shown in the Monit...

Page 450: ...m the monitoring database 4 2 6 Netflow Configuration Netflow allows the Exinda appliance to export flow records to 3rd party monitoring devices 1 Use the form below to configure these Netflow targets Property Description IP Address Specify the IP Address of the Netflow target The Exinda appliance will export Netflow data to this IP Address Port Specify the Port number of the Netflow target The Ex...

Page 451: ...Exinda Network Orchestrator 4 Settings 451 ...

Page 452: ...sername Options Timeout Configure maximum number of minutes between exporting of username options Inactive Username Expiry Rate Configure the maximum time to remember inactive usernames Netflow v9 Optional Fields General Option Description Export L7 Application ID Export Application identification information The Application ID to Name mappings are exported as an options template Export Policy ID ...

Page 453: ...delay Export Bytes Lost Export lost bytes count Export APS Score Export APS score 4 2 7 Create a Scheduled Job Cache pre population reboots and firmware installations can be scheduled to run at a specific date and time and at a set frequency Screenshot 183 Create the schedule Where do I find this configuration Go to Configuration System Setup Scheduled Jobs To schedule a job 1 In the Add New Job a...

Page 454: ... is entered as 2h3m4s 7 After selecting the schedule of the job specify the parameters for the schedule For example set the time date inter val or day of the week when the job runs 8 In the Commandsfield type the necessary commands for the job you want run Each command must be on a new line For scheduled pre population jobs leave the commands field blank When creating the pre population object spe...

Page 455: ...tion refer to Configuring service level agreement objects page 159 SLA Loss Alert raised when there is loss for a SLA APS Alert raised when the defined threshold for an APS object is exceeded APM Alert raised when the defined threshold for an APM object is exceeded Connection Limiting Alert raised when one or more Virtual Circuits has connection limits enabled and the threshold was reached MaxAcce...

Page 456: ...d when dropped packets are present on the interfaces NIC Problems RX Alert raised when RX errors are present on the interfaces NIC Problems TX Alert raised when TX errors are present on the interfaces System Startup Alert raised when the Exinda appliance boots up Bridge Link Alert raised when one of the links on an enabled bridge is down Bridge Direction Alert raised when the appliance cabling is ...

Page 457: ...lied across all bridges So the sum of all traffic through all the bridges would not exceed 1Mbps This is typically used when you are using multiple bridges and wish to QoS everything as one link NOTE Global Control cannot be enabled if Dynamic Virtual Circuits are in use In Clustering HA deployments Optimizer policies are implemented globally so this setting only affects how traffic through multip...

Page 458: ...ces have the capability to be encrypted Whether the storage for those services are currently encrypted is also indicated The Disk Configuration section shows a summary of storage by disk partition Related Topics Configure Storage with CLI CLI Storage CLI Bypass NIC Configuration The Disk Storage Map Service the services using disk storage Status the status of that storage the disk storage may be i...

Page 459: ...e Resizing disk storage for a service Use the following instructions to resize the disk storage for a service These instructions apply to each service 1 Go to Configuration System Setup Storage 2 Find the entry for the service in the table 3 In the Size column edit the amount of storage available to a service NOTE The storage size can be specified in terms of kilobytes K megabytes M gigabytes G or...

Page 460: ...efore changing the size of a partition you must remove the encryption on the partition and put the appliance into Bypass mode See CLI Bypass or NIC Settings Formula Example for 6062 HDD size M GB X GiB1Base OS 14GiBData Storage X 14 By default the data storage is divided up as follows CIFS 15 Monitor 15 or 10GiB whichever is largerUser DB 1GiBVirt 50GiB not available on 2060 WM wan memory 55 Edge ...

Page 461: ...sers 500 MiB or current usage whichever is larger virt 500 MiB or current usage whichever is larger WM wan memory 5 GB To re size a storage service use the storage service service size command and use the show storage tasks command to check the progress config storage service wan memory size 5G config show storage tasksStorage tasks Resize wan memory to 5G executing config show storage tasksNo pen...

Page 462: ...ng into and out of your network 4 3 1 Managing Certificates and CA Certificates 462 4 3 2 View all certificates and private keys 465 4 3 1 Managing Certificates and CA Certificates When accelerating encrypted traffic the Exinda appliance transparently decrypts the traffic performs the relevant application acceleration techniques such as TCP Acceleration WAN Memory or Edge Cache caching and then re...

Page 463: ... view the private key once it has been imported If you lose the configuration or need to migrate the configuration to another appliance you must manually load the private key again NOTE The interface for importing both Certificates and CA Certificates is the same NOTE The interface for generating both Certificates and CA Certificates is the same ...

Page 464: ...issued by Certificate Authorities PEM certificates usually have exten tions such as pem crt cer and key If PEM format is selected an additional upload field is exposed so that the private key can be uploaded with the certificate 4 If the key is password protected in the KeyPassphrase field type the password 5 In the Certificate File field click Choose File and navigate to the file to be uploaded t...

Page 465: ...inda appliances on the network 1 In the CA Certificatesand Keystable locate the certificate in the list and click Export 2 Select the format for the exported certificate 3 Click Save The certificate is downloaded onto the computer accessing the Exinda Web UI To delete a certificate Delete an SSL certificate from the Exinda Appliance when it expires or becomes invalid 1 In the CA Certificatesand Ke...

Page 466: ...g the data to be retransmitted The Network Orchestrator appliance uses a variety of techniques to address these issues The appliance can reduce the amount of data transmitted over the WAN by using deduplication compression and caching techniques The appliance can minimize delays associated with waiting for the data to be returned by reducing the chattiness of particular protocols and by anticipati...

Page 467: ... The connection discovery process is as follows 1 When an appliance receives a packet SYN from a client It adds the client IP to its local list E g adding 192 168 0 10 to the Ex1 local list It adds the auto discovery option to the packet filling out the source details E g adding Ex1 as the source of the SYN when leaving Ex1 If the server exists in the appliance remote list then the destination fie...

Page 468: ...ion IP address is in its remote list then it performs acceleration techniques on the packet 7 When an appliance receives a packet that has been accelerated If it finds that the destination does not refer to itself then it will ignore all further packets that are part of that connection If it finds that the destination refer to itself then it will end the acceleration and forward the un accelerated...

Page 469: ... appliance Ensure that the service that you need is running To find the Management Optimization Services controls go to Configuration System Optimization Services CAUTION If a service is disabled any concurrently accelerated connections remain untouched that is acceleration continues whereas any new connections are not be able to use the service When a service is stopped all accelerated connection...

Page 470: ...lly discovered you can manually add the Exinda appliance to the community When the IP address of a manually added Exinda appliance changes the community node must be updated as well Screenshot 185 List of automatically discovered Exinda appliances NOTE The Community service uses port 8017 to communicate between Exinda Appliances Please ensure this port is open for proper functionality VERSION INFO...

Page 471: ...he community group with Group ID 0 As a security measure the CommunityGroup IDcan be used like a PIN to restrict access to any other Exinda appliance from joining your community Manually adding an Exinda appliance to the community 1 Go to Configuration System Optimization Community 2 In the ManuallyAdd New CommunityNode area type a Name and the IPAddressfor the Exinda appliance 3 Click ApplyChange...

Page 472: ...celerated traffic with a standard LZ compression algorithm The WAN memory cache can be configured to be persistent such that it survives a system reboot When using the appliance in cluster mode WAN memory can be configured to synchronize the WAN memory caches to all members of the cluster VERSION INFO The LZ compression algorithm changed in version 6 4 3 For appliances that are accelerating traffi...

Page 473: ... ensure that WAN memory patterns will be stored on the Exinda appliance s hard disk and will survive a system reboot 3 Select HA Cache Sync when in cluster mode so that WAN memory caches will be mirrored to the WAN memory caches on the other appliances in the cluster 4 Click ApplyChanges To clear WAN memory cache Do one of the following Force Data Expiration by clicking Expire This will remove any...

Page 474: ...da Application Acceleration Technology To deal with inefficiencies in the SMB protocol the Exinda Appliance has several optimizations to improve the performance of applications using this protocol including reading ahead of the data stream writing behind the data stream and caching meta data on files and folders NCPAcceleration Provides layer 7 NCP NetWare Core Protocol over TCP port 524 protocol ...

Page 475: ...nt of the initial window size depending on the connectivity properties of the WAN link between the Exinda appliances Slow Start with Congestion Avoidance is used to reset the send window size temporarily to avoid congestion TCP keep alive signals prevent the link between accelerated appliances from being broken You can set whether to use keep alives and how frequently to send the keep alive signal...

Page 476: ...ork or traffic may be blocked When disabled or if TCP option 30 is stripped or blocked by other equipment on your network you will need to manually specify the location of another Exinda appliance in your network on the Configuration Sys tem Optimization Community page Appliance Auto DiscoveryIPAddress Allows you to set the IP address that identifies this appliance when other appliances are trying...

Page 477: ...se is received or 5 minutes passes If five minutes passes without a response the connection is terminated Dual Bridge Bypass Specifies whether acceleration should be handled on a single bridge or multiple bridges when traffic is passing through an Exinda appliance multiple times Enabled All acceleration processing is performed on one bridge only This is desirable for accelerated back hauled traffi...

Page 478: ...outs that happen with protocol 139 when attempting to accelerate past the last appliance It allows servers firewalls that refuse options to work It prevents sending random options out to the Internet which is the case in an accelerated backhauled traffic environment with only a single pair of Exinda appliances If you have a hub and spoke topology then you will not want to enable this setting Confi...

Page 479: ... SNI extension can be added to the Exinda Appliance the server must be added to the appliance without the SNI extension A server without an SNI extension can be used as a fallback in event that the client is unable to process the SSL certificate with SNI A server with the same IP address and port number can be added to the appliance by specifying a unique SNI extension for each server IMPORTANT A ...

Page 480: ...he connection if the server s certificate matches any CA certificate that is loaded on to the Exinda appliance Any SSL Acceleration accepts and processes the connection if the server s certificate matches any cer tificate CA or non CA that is loaded on to the Exinda appliance 8 If Certificate is selected as the Validation type select the certificate to validate against 9 If AnyCA or Anyis selected...

Page 481: ...en a client browser visits a web site hosted on the server over HTTPS the server offers the signed certificate and public key The client browser verifies that the certificate is valid for the site that is being visited and that it has not expired Then it will verify the chain of trust by looking at who has signed the certificate If the certificate is a root certificate it will compare it against t...

Page 482: ...e traffic again This means Exinda can apply all application acceleration technologies to the traffic as if it were clear text while still maintaining SSL connections The server side appliance will act on behalf of the client in the communication between the appliance and the server and the client side appliance will act on behalf of the server for communication between the client and the appliance...

Page 483: ... the proper order You want to ensure that another policy earlier in the tree is not capturing your desired traffic 2 Check the SSL Acceleration Server details Ensure you are using correct spelling etc More troubleshooting help for dis abled SSL Acceleration Servers is offered in the Configure SSL Acceleration Servers section 3 Check that the Exinda community feature has distributed the certificate...

Page 484: ... cached so that various acceleration techniques can be applied to the data If you are concerned about this then you can encrypt storage for WAN memory If the storage for WAN memory is encrypted a green checkmark is shown in the Encrypted column 1 Go to Configuration System Setup Storage 2 To encrypt WAN memory storage click the Encrypt button for wan memory Ciphers supported in SSL acceleration SS...

Page 485: ...sites can be served from a single IP address as the certificates requests for the sites include the SNI extension allowing the correct certificate to be presented to the client browser To host multiple secure websites on Windows Server 2012 configure the websites to include the SNI extension in the connection requests 1 Install IIS 8 0 on Windows Server 2012 2 Add sites to the web server 3 Ensure ...

Page 486: ...ger 3 Double click the server name 4 Right click Sitesand select Add Website 5 Add the parameters for the website 6 In the Binding area ensure you type the host name of the server 7 Click OK 8 Repeat these steps for each secure website that will be available on the server Create self signed certificates for each site requiring Server Name Indication The SelfSSL tool is installed with IIS and allow...

Page 487: ...rnet Information Services IIS Manager 3 Double click ServerCertificates 4 Right click the certificate and select Export 5 Specify the location where the exported certificate should be saved and type a name for the certificate Click Open 6 Type and confirm the password required to use the certificate 7 Click OK The certificate is exported to the specified location Host multiple secure websites on A...

Page 488: ...le mod_ssl c block 3 Ensure Listen 443 is included in the block 4 Add NameVirtualHost 443 to the block 5 Save the configuration file Add a VirtualHost block for each secure site on the server For each domain name or domain subset we want to support SSL for a VirtualHost block must be declared This block identifies the domain name to support connections for and what Certificate or Key files to use ...

Page 489: ... and caching meta data on files and folders SMB acceleration makes the following scenarios more efficient File Download Read The SMB client is reading a file from an SMB server The server side Exinda proactively requests future read events and passes the read information to the client side Exinda so that it is available locally and immediately to the SMB client File Upload Write Similar to the rea...

Page 490: ...tions however relate only to SMB1 traffic For the Data to Prefetch option this again relates only to SMB1 4 In the Acceleration Optionssection complete the following as needed a To prefetch data from the SMB server in anticipation of subsequent client requests select Read Ahead b To update the SMB cache aggregating requests to the SMB server select Write Behind c To enable caching of SMB file attr...

Page 491: ...dentials are incorrect for the requested domain the status of the signed connection is reported as Bypassed or Unhandled 9 In the CompatibilityOptionsarea if on your network there are Exinda appliances that are running a firmware version prior to v6 3 select Support versions pre v6 3 0 Enabled 10 Click ApplyChanges How SMB CIFS File Transfer Acceleration Works SMB1 and SMB2 are remote file access ...

Page 492: ...writing behind the data stream and caching meta data about files and folders In addition to this the Exinda Appliance ensures that data is efficiently compressed and deduplicated SMB1 With SMB1 there are several opportunities to provide optimizations object caching read ahead and write behind of data and meta data caching Object Cache This refers to the saving of files to an internal file storage ...

Page 493: ...that were implemented for SMB1 no longer apply Below is a rationale for each of these and why they are no longer needed Read Ahead and Write Behind In SMB2 read ahead and write behind requests are built in to the client effectively stacking the requests one on top of the other in an asynchronous manner without any gaps between them As a result there is no accumulation of latency and therefore no n...

Page 494: ...chment for output messages should be disabled to maximize reduction as each user will encrypt files with a different key MAPI Encryption is a client side configuration parameter in Outlook Therefore to disable MAPI encryption you need to make the change on each Outlook client You must disable encryption on all Microsoft Outlook clients as well as the Exchange server See For more information refer ...

Page 495: ...ve the settings click OK g To close the Server Settings dialog click Next and Finish Turn off MAPI encryption in Outlook 2010 and 2013 1 Open Microsoft Outlook 2 Configure the Trust Center a On the File menu select Options b Click Trust Center Trust CenterSettings The Trust Center dialog opens c Click E mail Security d Ensure the Encrypt contentsand attachmentsforoutgoing messagescheckbox is not s...

Page 496: ...for the virtual circuit 8 To restart the Optimizer in the system toolbar click Restart NOTE This can be done by following the Optimizer Wizard in the Basic User Interface Select Yes when asked if you would like to accelerate Disable encryption on the Exchange server For 2007 2010 and 2013 Exchange servers Exinda recommends that encryption of the MAPI protocol should be disabled to maximize reducti...

Page 497: ...atus type the following command Get RpcClientAccess Server ExchangeServerName Verify MAPI traffic is being accelerated Confirm that the MAPI traffic from Microsoft Outlook and Exchange are being accelerated View MAPI Acceleration Results Conversations in Real Time Compare compression of MAPI traffic The following two tests compare the performance of Exinda s compression and WAN Memory technologies...

Page 498: ... 2007 server Outlook 2003 client Exinda devices 2 Exinda 4800 appliances View MAPI Acceleration Results View the reduction in MAPI traffic on the network 1 On your browser open the Exinda Web UI https UI_IP_address 2 Key in the UserName and Password 3 Click Login The Exinda Web UI appears 5 Click Monitor Optimization and switch to the Reduction tab The report displays the reduction in MAPI traffic...

Page 499: ...amic content including YouTube Google Video Vimeo NOTE The Acceleration feature including universal protocol specific acceleration is licensed separately Edge Cache is also licensed separately Please contact your local Exinda representative if you wish to enable either of these features Related topics How Edge Cache Works Edge Cache Configuration Edge Cache Report ...

Page 500: ...ge Cache uses a least recently used LRU algorithm for expiring cached data to make room for new objects This means the most popular and most used content is stored the longest You also have the ability to manually clear the entire cache if desired Edge Cache operates as a transparent proxy since it is running on an inline device As a result your browsers do not need to be configured with an explic...

Page 501: ... or black listed The whitelist and blacklist can consist of source IP destination IP source domain and destination domain Note that the domains are resolved using DNS so the resulting IP addresses are reverse mapped to determine the domain that is used to configure the Edge Cache engine The next time a client requests the same content the same negotiation happens where the client requests a secure...

Page 502: ...ache you ll need to ensure all the required configuration is set Configure the Edge Cache settings including indicating what size of objects you want to cache specifying how long you are willing to let Edge Cache wait for a response from the WAN when fetching objects specifying the signing certificate and private key if you plan to cache content from HTTPS sites specifying blacklisted sites to not...

Page 503: ...eb objects are downloaded from the Internet or across WAN links Edge Cache stores them at the edge of the network When subsequent requests come for the same material the content is quickly delivered from the Edge Cache without the need to download the data again over the WAN Edge Cache can cache web objects videos software updates and other content on the WAN You can control whether to exclude par...

Page 504: ...s will still pass through Edge Cache unprocessed and will be highlighted on the Real Time conversations screen in blue indicating that they passed through and were evaluated by Edge Cache Where do I find this functionality Go to Configuration System Optimization Edge Cache To set the range of object size that you would like to cache Screenshot 190 Setting the size of the objects that can be cached...

Page 505: ...ersions prior to 7 0 2 you need to restart Edge Cache for the changes to take effect Go to Configuration System Optimization Services and click the Edge Cache Restart button To blacklist certain HTTP URLs to never cache Screenshot 192 HTTP caching with blacklisted sites 1 In the Add URL Domain area type the HTTP URL or domain that will be excluded from the Edge Cache 2 Click the Add URL button 3 R...

Page 506: ...e Enable caching of HTTPS content checkbox NOTE You cannot enable caching if DNS is not configured 2 Select the signing certificate to use to re sign the traffic 3 Select Attempt to cache all HTTPS sitesexcept forblacklisted exceptionsfrom the drop down list 4 Click the ApplyChangesbutton 5 In the Add IPorDomain area specify the type of traffic you want to blacklist and the Value IP or domain name...

Page 507: ...sses and multiple other domain names 6 Click the Add URL button 7 Repeat until you have your desired blacklist NOTE The blacklist takes effect immediately as Edge Cache automatically restarts 8 Remove an HTTPS URL or domain from the list by clicking the Delete button for the specified URL domain To only allow specified whitelisted encrypted HTTPS URLs Only https traffic specified in the policy and...

Page 508: ... actual domain name that corresponds to that IP address Note that the domain name may resolve to multiple IP address and multiple other domain names 6 Click the Add URL button 7 Repeat until you have your desired whitelist NOTE The whitelist takes effect immediately as Edge Cache automatically restarts 8 Remove an HTTPS URL or domain from the list by clicking the Delete button for the specified UR...

Page 509: ...behalf of the server You need to ensure that this certificate is trusted by all the computers on your network that have traffic passing through Edge Cache It is recommended that you create a self signed CA certificate as opposed to a self signed certificate without the CA designation to simplify the loading and trusting of the certificate by the computers in your network How to create a self signe...

Page 510: ...ions such as pem crt cer and key If PEM format is selected an additional upload field is exposed so that the private key can be uploaded with the certificate 5 If the key is password protected in the KeyPassphrase field type the password 6 In the Certificate File field click Choose File and navigate to the file to be uploaded to the appliance 7 If the PEM format is selected the private key must be...

Page 511: ...assume that you are using a domain controller or a workstation running the domain admin MMC snapins while logged into a domain as a domain admin Some of the elements that are referred to in the instructions will not exist if you are using Windows Server 2008 R2 To use the manual method Follow this method to add the certificates to the Trusted Root Certification Authorities store on each local comp...

Page 512: ...e non CA certificate to start the Keychain Access program 2 When prompted type your computer s admin password 3 In the Keychain Accesswindow select the System keychain to install for all users on the machine or Login keychain to install only for the current user account 4 Find the desired certificate in the list and right click and select Get Info 5 In the Trust section select AlwaysTrust for the ...

Page 513: ...c that is being cached on the first pass However there is one extra consideration Traffic hitting the Edge Cache engine is only shaped by the policy configured for the Web application group or the HTTP HTTPS application objects For example if a flow being classified as Software Updates is falling under the Software Updates policy it is actually shaped as using the Web policy settings To learn more...

Page 514: ...icense with acceleration capabilities An Edge Cache license NOTE In an acceleration environment you need an active Community and Wan Memory for SMB prepopulation to work Create a pre population job in the Exinda Web UI Add and configure pre population jobs in the Exinda Web UI SMB traffic can be stored in SMB object cache and WAN memory cache and HTTP can be stored in either WAN memory cache or Ed...

Page 515: ... between the server and the Exinda appliance click Monitor Real Time Con versations Examples Intranet WindowsFile Share all files and folders from the Public Documentation folder Show image Intranet HTTP all files and folders from a directory called files on an intranet web server Show image Create a Pre population Job in the CLI Add and configure pre population jobs using CLI commands 1 On your b...

Page 516: ...ed videos All files and folders from the Public Documentation folder on a Windows file share exinda appliance config acceleration prepopulate videos location cifs MYSERVER pub lic documentation Including a username and password for authenticating to the server Exinda appliance config acceleration prepopulate videos username myname password mypassword Download the entire path specified including su...

Page 517: ...our network 4 5 1 Display a List of Active Users 517 4 5 2 Local User Accounts 517 4 5 3 AAA 518 4 5 4 LDAP Authentication 519 4 5 5 Radius Authentication 520 4 5 6 TACACS authentication 520 4 5 1 Display a List of Active Users Active Users lists the users currently logged into either the Web UI or the CLI 1 On your browser open the Exinda Web UI https UI_IP_address 2 Key in the UserName and Passw...

Page 518: ...ct a capability Click Add User Admin users have full read write access to the Exinda appliance Monitor users have read only access 8 Create a password for a new user or change the password for an existing user by selecting the username you wish to create or change the password for and enter a new password Click Change Password 4 5 3 AAA AAA configures how remote users should authenticate to the Ex...

Page 519: ...thenticated local only Use the Map Default User setting below Map Default User If the local only option is selected above the user will be given the same privileges as the local user account selected here 5 Click ApplyChanges 4 5 4 LDAP Authentication LDAP authentication allows you to configure the Exinda appliance to authenticate user login attempts with a remote LDAP including Active Directory s...

Page 520: ...ethod on the AAA page 6 Click Configuration System Authentication and switch to the Radiustab 7 Define the global RADIUS settings 8 Click ApplyChanges 9 Specify the hostname or IP address of the remote Radius server IPv4 addresses can be specified Multiple Radius serv ers may be defined 10 Click Add New RADIUS Server 11 To remove Radius servers from the Exinda appliance select the checkbox for the...

Page 521: ...s 4 6 1 Manage System Configuration 521 4 6 2 Factory Defaults 524 4 6 3 Reboot Shutdown 524 4 6 1 Manage System Configuration The Manage System Configuration screen allows you to download save switch revert and delete system configuration files NOTE To Manage System Configuration navigate to Configuration System Maintenance Manage Config on the Web UI advanced mode The table below lists the avail...

Page 522: ...file and make that the new active configuration How to backup your Appliance settings It is recommended to take a backup of your Exinda Appliance configuration during Hardware upgrade RMA Disk replacement Re manufacture Diagnostics by TAC Firmware upgrade Generally users configure Exinda once and the configuration file doesn t have to be changed over and over again Hence simply use the steps below...

Page 523: ...configurations Option Description Upload local binary file Use this option to upload a saved binary configuration file This file would have been downloaded as a binary file from the System Maintenance Manage Config page Once this file is uploaded it will appear in the list of available con figuration files on the System Maintenance Manage Config page Upload local text file Use this option to uploa...

Page 524: ...itoring data To preseve monitoring data tick the Preserve monitoring box prior to restoring the factory default settings After performing a Factory Defaults the Exinda appliance will automatically reboot 4 6 3 Reboot Shutdown The Reboot Shutdown screen allows you to configure Reboot options as well as gracefully shutdown the Exinda appliance in order to reboot it or power it down In this area of t...

Page 525: ...ake a few minutes to restart Automatically Reboot the Exinda Appliance If the Exinda Appliance becomes unresponsive the System Watchdog can automatically reboot the appliance 1 On your browser open the Exinda Web UI https UI_IP_address 2 Key in the UserName and Password 3 Click Login The Exinda Web UI appears 5 Click Configuration System Maintenance and switch to the Reboot Shutdown tab 6 In the S...

Page 526: ... Ping Tool to test network connectivity from the Exinda appliance to other hosts on the WAN or Internet 1 On your browser open the Exinda Web UI https UI_IP_address 2 Key in the UserName and Password 3 Click Login The Exinda Web UI appears 5 Click Configuration System Tools Ping 6 In the IPv4host or IPv6host field specify an IP address or fully qualified domain name to attempt to ping 7 Click Ping...

Page 527: ...he configured DNS servers to resolve the specified domain name 1 On your browser open the Exinda Web UI https UI_IP_address 2 Key in the UserName and Password 3 Click Login The Exinda Web UI appears 5 Click Configuration System Tools DNS Lookup 6 In the Domain field specify a fully qualified domain name to look up 7 Click Lookup It may take a few seconds for the operation to complete and display t...

Page 528: ...ction Example Power cycle the Exinda appliance with IPMI address 192 168 110 61 ipmi power address 192 168 110 61 username admin password exinda control cycle Example Show the current power state of the Exinda appliance with IPMI address 192 168 110 61 show ipmi power address 192 168 110 61 username admin password exinda 4 7 5 iPerf Client iPerf is a tool used for network throughput measurements T...

Page 529: ...sec 4 7 6 iPerf Server iPerf is a tool used for network throughput measurements To function it requires that two devices must be running the iPerf software to obtain bandwidth metrics between two endpoints One device plays the role of the server and the other plays the role of the client In Exinda there is a Web User Interface option to configure an appliance as an iPerf server To configure an Exi...

Page 530: ... bandwidth KM for UDP bandwidth to send at in bits sec default 1 Mbit sec implies u c client host run in client mode connecting to host d dualtest Do a bidirectional test simultaneously n num KM number of bytes to transmit instead of t r tradeoff Do a bidirectional test individually t time time in seconds to transmit for default 10 secs F fileinput name input the data to be transmitted from a file...

Page 531: ... traffic from an Iperf client After the server is started you can test the connection from an Iperf client by supplying the hostname as a parameter Example Results EXAMPLE Server listening on TCP port 5001 TCP window size 85 3 KByte default 4 local 10 10 1 200 port 5001 connected with 10 2 6 228 port 58665 ID Interval Transfer Bandwidth 4 0 0 10 1 sec 112 MBytes 93 2 Mbits sec ...

Page 532: ...tory configuration 550 5 7 Troubleshooting Edge Cache 554 5 8 Topology troubleshooting 556 5 1 Diagnostics Learn the various diagnostics tools available on your Exinda Appliance You can use these tools to help troubleshoot issues you might encounter 5 1 1 Diagnostics Files 532 5 1 2 Acceleration Diagnostics 533 5 1 3 Monitor 536 5 1 4 NIC Diagnostics 537 5 1 5 Optimizer Diagnostics 538 5 1 6 RAID ...

Page 533: ... current TCP configuration settings as well as the number of new and concurrent accelerated connections and reduction statistics The SMB Acceleration diagnostics display the current SMB configuration settings If SMB signed connections are present the total number of signed connections is also displayed The WAN memory Acceleration diagnostics display the current configuration settings as well as re...

Page 534: ...ently connected Total Signed All signed connections since the SMB Acceleration service was last started including those recorded as Concurrent As signed connections are processed there are three possible results Bypassed The number of connections that bypass acceleration because the first time an attempt to validate the domain credentials failed which resulted in the connection being identified as...

Page 535: ...ted topic Troubleshoot issues with SMB file acceleration Viewing TCP Acceleration Configuration and Statistics Use the following instructions to view the TCP acceleration configuration and current statistics 1 Go to Configuration System Diagnostics Acceleration 2 From the Module drop down select TCPAcceleration The configuration settings and statistics for TCP acceleration appear EXAMPLE Viewing W...

Page 536: ... System Diagnostics Acceleration 2 From the Module drop down select WANMemory The configuration settings for WAN memory acceleration appear EXAMPLE 5 1 3 Monitor The monitor diagnostics display the current monitor settings and the status of monitor and collector processes ...

Page 537: ...ng network delay issues NIC errors collisions and discards indicate a negotiation problem which can lead to dropped packets and network delay It is recommended that negotiation issues are addressed immediately The first lines show a summary of installed network adapters Detailed information is available from the CLI show diag command NOTE To configure NIC settings navigate to Configuration System ...

Page 538: ...Exinda Network Orchestrator 5 Troubleshooting 538 5 1 5 Optimizer Diagnostics The optimizer diagnostics display the current optimizer status and the optimizer configuration ...

Page 539: ...eshooting 539 5 1 6 RAID Diagnostics The RAID diagnostics page is available on models that support Redundant Storage A summary of the logical volume status is shown as well as details for RAID adapters logical volumes and physical drives ...

Page 540: ...7 TCP Dump A TCP Dump captures packets being transmitted or received from the specified interfaces and can assist in troubleshooting A TCP Dump may be requested by Exinda TAC Run a TCP Dump from the Exinda appliance Click Configuration Diagnostics TCPDump ...

Page 541: ...ing TCP Dump Common Use Cases The following examples provide the syntax to enter in the Filter field to gather data from a particular source To collect traffic to from a single host host IP address Example host 1 2 3 4 To collect traffic from a single host who is the source of the traffic src IP address Example src 1 2 3 4 To collect traffic from a single host who is the destination for the traffi...

Page 542: ...ert that has triggered the warning click the alarm name Use the information in this alert to help troubleshooting the issue 6 To remove the history for an alert click Reset The system health status is returned to OK Alert Name Description CPU Utilization Alert raised when the CPU utilization threshold is reached The trigger and clear thresholds can be altered The defaults are 95 and 80 busy respec...

Page 543: ...rage Alert raised when one of the hard disks fails only available on platforms with storage redundancy Max Accelerated Connections Exceeded Alert raised when the number of accelerated connections exceeds the licensed limit Connections over the licensed limit pass through the appliance and are not accelerated Asymmetric Route Detection Alert raised when traffic from a single connection comes in to ...

Page 544: ...em or question is included in the Subject field 8 Provide a detailed description of the question or the problem you are experiencing in the Description field 9 Select whether to attach a diagnostics file or monitoring report to the case 10 Click Log Case After the case is submitted a confirmation message containing a case number is sent to the email address identified in the case 5 2 Log Files Lea...

Page 545: ... and click Apply The following are examples of com mon filters thar reduce the reported log lines to a single type WAN memory wmd TCP acceleration tcpad SMB acceleration smbad Community communityd 4 If there are multiple pages of log entries to navigate to a specific page type the page number in the Go to Page field and click Go 5 2 2 Live Log The Live Log page allows you to view new entries to th...

Page 546: ... Web UI https UI_IP_address 2 Key in the UserName and Password 3 Click Login The Exinda Web UI appears 5 Click Configuration System Logging and switch to the Setup tab 6 Specify the format log files should be saved in The Standard form is usually sufficient however some external log file parsers may prefer the log file in WELF format 7 Select the severity level of log entries that should be saved ...

Page 547: ...yslog server remove the server from the Exinda appliance 1 On your browser open the Exinda Web UI https UI_IP_address 2 Key in the UserName and Password 3 Click Login The Exinda Web UI appears 5 Click Configuration System Logging and switch to the Setup tab 6 Select the server from the Remote Log Sinks list and select Remove Selected 7 Click Add New Remote Sink To save the changes to the configura...

Page 548: ...to send and receive emails Microsoft Outlook takes a long time to complete the task or is unresponsive Resolution Verify that the Exinda is causing the slowness by putting the appliance into bypass mode 1 If Microsoft Outlook continues to be slow the Exinda Appliance is not causing the slowness Troubleshoot other areas of your network to find the problem 2 If Microsoft Outlook performs at an expec...

Page 549: ...ave a mix of 7 4 7 0 6 4 3 and pre 6 4 3 appliances perhaps the Acceleration TCP Option Mode is not set cor rectly Exinda had used option 30 to indicate acceleration but needed to change this when option 30 was assigned to indicate multi path TCP A number of choices were added to ensure compatibility with earlier appliances Ensure that you believe your choice is correct for your situation or choos...

Page 550: ...ltered for SMB acceleration smbad WAN memory wmd TCP acceleration tcpad or community communityd For more information refer to Viewing System Log Files page 545 5 6 Troubleshoot issues with Active Directory configuration If you are experiencing issues with the Active Directory integration these troubleshooting topics may help resolve the issue 5 6 1 Exinda Appliance Reboots Every Night 550 5 6 2 WM...

Page 551: ...he traffic Solution When SMB signing is configured and enabled the SMB signing account is the last user account registered as using an IP address the Exinda AD Connector transfers the SMB signing account as the username that is generating the traffic To ignore the SMB signing account and report the traffic as being generated by the actual user configure the Exinda AD Connector to ignore the SMB si...

Page 552: ...username is case sensitive For example if the Active Directory has the user Domain Test User and the excluded list has the user as Domain test user the traffic is not excluded NOTE Regardless of the case of usernames in Active Directory the Exinda Appliance displays the usernames with the first name capitalized and the surname in lower case for example Domain test user Do not use the value in the ...

Page 553: ...e absent then you will need to enable logon auditing In the Domain Controller go to Event Viewer WindowsLogs SecurityLogs For Windows Server 2008 2008 R2 2012 and 2012 R2 you should see Event ID 4624 For Windows Server 2003 2003 R2 you should see Event ID 528 and 540 If the Domain Controller is not logging these events then you need to enable logon auditing on the domain controller and renumerate ...

Page 554: ...t know if Edge Cache is caching any traffic You can determine if any traffic is passing through Edge Cache by looking at the real time conversations monitor available at Monitor Real Time Conversations Any traffic that is currently being processed by Edge Cache will have a blue background This will tell you if Edge Cache is evaluating whether data could be retrieved from its cache or evaluating wh...

Page 555: ...want to increase the effectiveness of Edge Cache You can restrict the size of the objects that can be cached to more closely match the type of data that you want cached by visiting Configuration System Optimization Edge Cache You can increase the amount of storage available for Edge Cache to use by visiting Configuration System Setup Storage What factors should I consider before starting Edge Cach...

Page 556: ...ficate list c Click Apply Changes 4 Import the PFX PKCS12 certificate to your own computer Reload the page that was formatted incorrectly to ensure the new certificate solves the problem Are there any open issues I should know about The following open issues are known concerns Facebook does not work with Chrome Facebook works with Safari but still has a pop up Google apps work with Chrome but they...

Page 557: ...tions and descriptions Command history is available by using the up and down arrow keys Command line editing is available using the left and right keys to navigate Use ctrl w to delete from the cursor to start of line See the following topics for more information 6 1 1 Accessing the Command Line Interface 557 6 1 2 CLI Configuration Jumpstart 558 6 1 3 Configure command line options 559 6 1 1 Acce...

Page 558: ... settings use the serial console or vga keyboard to access the CLI 1 Enable IPv6 These questions allow you to enable IPv6 support for the entire system If your network supports IPv6 then type Y otherwise type N 2 Enable IPv6 autoconfig SLAAC on eth1 interface If you enable IPv6 you have the option of enabling IPv6 SLAAC autoconfiguration Type Y if you wish to have an address and netmask automatica...

Page 559: ...the HTTP Proxy setup HTTP proxy address 0 0 0 0 to disable HTTP proxy port 3128 HTTP proxy authentication type N one or B asic N B Allow insecure unverified certificate SSL Y N 13 Do you want to check for a new license online Y N Enter Y to have the Exinda appliance check for a newer license on the Exinda website if the Exinda appliance has Internet connectivity If a newer license is found you wil...

Page 560: ... 560 To disable auto logout set the minutes to 0 3 To enable or disable paging use the following command hostname config no cli default paging enable 4 Use the show cli command to see current CLI settings 5 To save the running configuration type configuration write ...

Page 561: ...license to the software and except as otherwise specified in an accompanying license summary invoice or other documents evidencing the purchase of the software license Exinda grants you a non exclusive non transferable license to use the software during the subscription period on servers connected to a maximum number of user computers not exceeding the number of user computers specified in the pac...

Page 562: ...ou and Exinda which supersedes any prior agreement or understanding whether written or oral relating to the subject matter of this license 7 2 GNU General Public License GPL Version 3 29 June 2007 Copyright 2007 Free Software Foundation Inc Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed 7 2 1 Preamble The GNU General Public Lice...

Page 563: ... this License Each licensee is addressed as you Licensees and recipients may be individuals or organizations To modify a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission other than the making of an exact copy The resulting work is called a modified version of the earlier work or a work based on the earlier work A covered work means either the unm...

Page 564: ...e acknowledges your rights of fair use or other equivalent as provided by copyright law You may make run and propagate covered works that you do not convey without conditions so long as your license otherwise remains in force You may convey covered works to others for the sole purpose of having them make modifications exclusively for you or provide you with facilities for running those works provi...

Page 565: ...fixed on a durable physical medium customarily used for software interchange b Convey the object code in or embodied in a physical product including a physical distribution medium accom panied by a written offer valid for at least three years and valid for as long as you offer spare parts or customer support for that product model to give anyone who possesses the object code either 1 a copy of the...

Page 566: ...rce conveyed and Installation Information provided in accord with this section must be in a format that is publicly documented and with an implementation available to the public in source code form and must require no special password or key for unpacking reading or copying 7 Additional Terms Additional permissions are terms that supplement the terms of this License by making exceptions from one o...

Page 567: ...notice Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License If your rights have been terminated and not permanently reinstated you do not qualify to receive new licenses for the same material under section 10 9 Acceptance Not Required for Having Copies You are not required to accept this License in o...

Page 568: ...covered work in a country would infringe one or more identifiable patents in that country that you have reason to believe are valid If pursuant to or in connection with a single transaction or arrangement you convey or propagate by procuring conveyance of a covered work and grant a patent license to some of the parties receiving the covered work authorizing them to use propagate modify or convey a...

Page 569: ...ional or different permissions However no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version 15 Disclaimer of Warranty There is no warranty for the program to the extent permitted by applicable law Except when otherwise stated in writing the copyright holders and or other parties provide the program as is without warranty of ...

Page 570: ...ote products derived from this software without specific prior written permission This software is provided by the copyright holders and contributors as is and any express or implied warranties including but not limited to the implied Warranties of merchantability and fitness for a particular purpose are disclaimed In no event shall the copyright owner or contributors be liable for any direct indi...

Page 571: ... the interference at their own expense See Also Safety Compliance Safety Guidelines 8 2 Compliances 8 2 1 CE This product has passed the CE test for environmental specifications Test conditions for passing included the equipment being operated within an industrial enclosure In order to protect the product from being damaged by ESD Electrostatic Discharge and EMI leakage we strongly recommend the u...

Page 572: ...atteries according to the instructions Operating Safety Electrical equipment generates heat Ambient air temperature may not be adequate to cool equipment to acceptable operating temperatures without adequate circulation Be sure that the room in which you choose to operate your system has adequate air circulation Ensure that the chassis cover is secure The chassis design allows cooling air to circu...

Page 573: ... The protocol of network traffic is identified based on a combination of deep packet inspection DPI and behavioral analysis regardless of whether they are plain text or use advanced encryption and obfuscation techniques The following list includes all supported protocols and applications in bold sub protocols in italic and clients in standard characters 0 9 1kxun 9ku 360 Mobile Security A Acronis ...

Page 574: ... Apple Talk Apple Updates AppleJuice Ares Filepipe KCEasy Ariel Armagetron Audiko Audiogalaxy Audiogalaxy iOS Audiogalaxy Android AURP AVG Antivirus AVI Avira Antivirus Avira B Backweb Baidu Battlefield BattleNet Bebo BGP Biff bini Bitdefender BitTorrent BitTorrent plain BitTorrent encrypted ABC Acquisition Anatomic P2P ...

Page 575: ...p BitComet BitFlu BitLord BitPump BitRocket Bits on Wheels BitSpirit BitSticks BitTornado BitTorrent Mainline BitTyrant Blizzard Downloader BTG BtManager burst CTorrent Deluge FlashGet Freeloader FrostWire G3 Torrent Gnome BitTorrent Halite KTorrent LimeWire MLDonkey MonoTorrent MooPolice Opera Pando qBittorrent QTorrent ...

Page 576: ...rrent Swapper TorrentVolve Transmission Turbo Torrent μTorrent μTorrent Mac WizBit Xtorrent ZipTorrent BitTorrent UTP BitTorrent UTP encrypted Blackberry Blackberry encrypted Blackberry email Blackberry messenger ORB client BlackBerry Internet Service BlackBerry Management Center BlackBerry Messenger Unknown Blackberry Mail Blackberry Messenger Bluejeans BOLT Bolt Android Booking Com BootPC ...

Page 577: ...mmunication Cassandra Query Language CBT Channel 4oD Chargen CIFS CiscoDiscovery Citrix Citrix application Citrix priority Citrix user CloudME Club Penguin clussvc CNN CNTV ComodoUnite Comodo EasyVPN Constant Contact CORBA Crashplan Pro Crime City Crossfire CRS CtiTV CUDev CVSpserver CyberGhost D Dailymotion dameware Daytime dcc ...

Page 578: ...mand5 Demand5 stream Demand5 web Demand5 iOS Destiny DFS DHCP DHCPv6 Diameter DICOM DICOM TLS DiDi IM DiDi Voice DirectConnect DirectConnect hub DirectConnect peer DirectConnect adc peer ApexDc BCDC CZDC DC DC DCTC Dolda Connect Elise fulDC GtkDC LDCC LinuxDC Microdc Microdc2 oDC Revconnect SababaDC ...

Page 579: ... 1 clickshare com 1clickshare net 1fichier com 1 upload com 1 upload to 2shared com 4fastfile com 4share ws 4shared com 4shared vn 4us to adrive com alldrives ge allshares ge annonhost net badongo net banashare com bestsharing com bigfilez com biggerupload com bitshare com boosterking com cash file net chinamole com cobrashare sk coolshare cz cramit in crocko com cum com ...

Page 580: ...m easy share com edisk cz enterupload com euroshare eu extabit com eyvx com fastfileshare com ar fast load net fast share com fik1 com file2upload net fileape com filearchiv ru filearn com filebase to filecloud com filedude com filefactory com fileflyer com filefrog com filefront com fileho com filehook com filehost tv filejungle com filemaze ws fileover net filepost com filepost ru ...

Page 581: ...smonster com asixfiles com badongo com filesonic com filesonic in filestube com files upload com file upload net file upload to fileupyours com filevo com filezup com freakshare net freespace by fshare vn fsx hu ftp2share com gaiafile com gamefront com gigapeta com gigasize com gigeshare com gotoupload com hellshare com hitfile net hostggg com hotfile com hulkshare com hyperfileshare com ...

Page 582: ...aposta cz letitbit net livedepot net live share com load to loadles in massmirror com mediafire com mega 1280 com megafree kz megaporn com megarapid eu megarotic com megashare com megashare vn megashare vnn vn megashares com megaupload com midupload com missupload com mofile com mofile net movreel com multishare cz mytempdir com netload in netuploaded com obsiebie najlepsze net oron com ...

Page 583: ...rapidshark pl rapidupload com sanupload com savefile com scribd com sendmefile com sendspace com sharebase to sharebee com sharebig com sharebigfile com sharebigflie com sharefile net share online bz share rapid cz shragle com simpleupload net speedshare org storage to terafiles net tunabox net turbobit net turbobit ru turboupload com u 115 com ugotfile com uloz to ultrashare de unibytes com ...

Page 584: ...adc com uploaded to uploader pl uploadfloor com uploadpower com uploadstation com uploadyourfiles de upnito sk uptobox com usershare net videobb com vip file com wiiupload net wupload com x7 to yourfilehost com yourfiles biz youtube com yunfile to ziddu com zomgupload to zshare net Discard DLS DNS Dofus Doom3 Doook Dota 2 Dota Legend DriveLock Dropbox ...

Page 585: ...o E EA Origin eBay eBuddy eBuddy BrowserApplet eBuddy iOS echo eDonkey eDonkey plain eDonkey encrypted aMule Hydranode Jubster Lphant MLDonkey Morpheus Shareaza WinMX MP3 XoloX EGP Endomondo enLegion Eset Evernote ExindaAD ExindaCom ExindaSSL ExindaWM F F Prot Facebook Facetime Feidian FiCall ...

Page 586: ...ger FIX QuickFIX Flash Flash host Flickr Florensia FNA Forfone Foursquare Freenet Friendster FTP control FTP data Fring Fring unknown Fring video Fring voice Fring Android Fring Symbian Fring iOS FTP FTP SSL Funshion Funshion Fuze Meeting G Gadu Gadu Gadu Gadu server Gadu Gadu file transfer Gadu Gadu voice Gadu Gadu video ...

Page 587: ... GaduGadu iOS Instantbird Kopete Miranda Pidgin Game of War GameKit Gmail Gnutella Acqlite Acquisition Apollon BearFlix Cabos CocoGnut DM2FrostWire Filepipe giFT Gluz Gnucleus Gtk gnutella iMesh Light KCEasy Kiwi Alpha LimeWire Morpheus Mutella Phex Poisoned Qtella Shareaza Swapper NET Symella WinMX MP3 ...

Page 588: ...e encrypted Google Cloud Google Docs Google Drive Google Earth Google Encrypted Google Play Google Play Music Google Plus Google Talk Google Talk file transfer Google Talk unknown Google Talk video Adium Ayttm GMX Multimessenger iChat Instantbird Miranda Pidgin previously Gaim Kopete Pidgin Proteus Psi Qnext Trillian Trillian Pro Web de Multimessenger Google Talk voice ...

Page 589: ...ft Grooveshark Groupwise GTP GTP control GTP prime GTP user data GuildWars H H323 Ekiga NetMeeting OpenH 323 XMeeting Half Life 2 HamachiVPN LogMeIn Hamachi Hi5 HiDrive Hike Messenger HiNet HL7 Hotmail HTTP HTTP advanced HTTP content type HTTP file HTTP host HTTP method HTTP referer HTTP x_forwarded_for HTTP ALT HTTPS ...

Page 590: ...Hulu HyRead I IAX Diax Firefly IAXComm IAXPhone Idefisk Zoiper Kiax LoudHush PURtel YakaPhone ZiaxPhone ICAP Icecast iCloud Orkut iOS ICMP ICMPv6 ICQ Webchat ident IDrive IEC61850 IEC61850 goose IEC61850 manufacturing message IEC61850 sampled values IGMP iHeart Radio iLeader iLive to IM IM Android IM Blackberry ...

Page 591: ...IMAP IMAP encrypted IMAP plain IMAP SSL iMesh BearShare iMesh iMesh Lite Lphant Shareaza iMessage IMO IMO Android IMO Blackberry IMO Browser Applet IMO for iPad IMO iOS IMS Instagram Intralinks IOS OS Update IP mobility iPerf IPIP iPlayer iPlayer iOS IPP IPSEC IPSEC control Cisco VPN Client HotSpot Shield iOS IPSEC data IPSEC over UDP ...

Page 592: ... transfer Adium Ayttm Fire Instantbird Mibbit Web IRC Miranda mIRC Pidgin IRC unknown IRC SSL isakmp iSkoot iTunes iTunes Radio ITV ITV stream ITV web ITV Player iOS iWow systex J Jabber Jabber encrypted Jabber file transfer Jabber unknown Jabber voice Jabber video Adium Ayttm GMX Multimessenger iChat Instantbird ...

Page 593: ...roteus Psi Qnext Trillian Trillian Pro Web de Multimessenger JAP JAP JonDo Java RMI JBK3000 JD com JDENet K Kakao Kakao generic Kakao kakaotalk Kakao Talk Kaspersky Kaspersky Antivirus Kazaa Fasttrack Apollon Filepipe iMesh Light Kazaa Kazaa Lite Mammoth Kerberos Kik Messenger Kontiki L L2TP OpenL2TP Label Distribution Protocol ...

Page 594: ...in LDAP SSL LeTV Line Line audio Line generic Line video LinkedIn Live com LiveJasmin LivePerson LLMNR lockd LotusNotes LoveFilmLync Lync audio Lync file transfer Microsoft Lync Lync unknown Lync video Lync M macfile Magine TV MagV MagV Kids Manolito Blubster Piolet MAPI MapleStory MATIP McAfee MCK mDNS ...

Page 595: ...Meebo Notifier Meebo iOS Meeting Maker MEGA Megaco H 248 Mei Lu MGCP MGCP control MGCP rtp Microsoft Dynamics AX Microsoft Dynamics NAV Microsoft Exchange Microsoft Exchange generic Microsoft Exchange outlook web acess Microsoft Media Server Mig33 mig33 Android Mitake MMS Windows Media Player Modern War Mojo Move Player Moves MPEG Jupster Screamerradio VLC Winamp MPlus ...

Page 596: ...cal Security Architecture MS SQL msmq MSN MSN file transfer MSN unknown MSN video MSN voice MSN webchat aMSN Adium Ayttm Fire GMX Multimessenger Instantbird Kopete Mercury Microsoft Messenger Mac Miranda Pidgin Pidgin previously Gaim Web de Multimessenger Qnext Trillian Trillian Pro Windows Live Windows Live iOS MSRP Blink MSRPC mstask Mute MyBook MyCard ...

Page 597: ...ple MyPeople audio MyPeople unknown MySpace MySQL MyVideo Stream Web Jupster Screamer Radio VLS Winamp N nat t National Baseball Naver NCP Net2Phone NETBIOS Netbus Netflix Netflix generic Netflix video Netflix iOS Netflow Netlogon NetMotion Next TV NFS Nike Nimbuzz Nimbuzz Android Nimbuzz Blackberry Nimbuzz Mac ...

Page 598: ...rus NTLM NTLM encrypted NTLM plain NTP O Octoshape CNN streaming Odnoklassniki Office 365 OFFSystem OGG olap ooVoo ooVoo iOS Open FT OpenVPN Hotspot Shield MyFreedom Opera Mini Opera Mini Symbian Opera Mini Android Opera Mini Blackberry Opera Mini iOS Oracle Oracle DB Oracle SSL ORB ORB server ORB client ORB client 3gp ORB client flash ...

Page 599: ...nt upload download ORB client wma ORB client wmv ORB server ORB unknown Orbix2000 Orbix2000 SSL Orkut OS Update Android iOS Windows Phone Oscar Oscar file transfer Oscar picture transfer Oscar unknown Oscar video AIM AIM Android AIM for Mac AIM for iPad AIM iOS Adium Ayttm Fire Oscar voice GMX Multimessenger iChat ICQ ICQ Android ICQ Mac OS X ICQ iOS ...

Page 600: ...iously Gaim Proteus Qnext Trillian Trillian Pro Web de Multimessenger OSPF P Paltalk Paltalk file transfer Paltalk server Paltalk video Paltalk Android Paltalk iOS Paltalk voice Panda Security Pando Pandora Path PCanywhere PCoIP PDProxy PeerEnabler Periscope PinkFong Pinterest PlayTales Pochta Rossii Poison Ivy POP POP encrypted POP plain POP SSL ...

Page 601: ...e generic PPLive video PPTV PPTV Android PPTV iOS PPTV HD iOS PPTV Mac PPStream PPStream Android PPStream Mac PPStream Ubuntu PPStream iOS PPTP Print PS3 pubu bookbuffet Q QIP RU QQ QQ file transfer QQ unknown QQ voice QQ video Instantbird QQ HD iOS QQ International QQ iOS QQ for Mac QQ for Pad Android QQ Games QQLive ...

Page 602: ...QQLive iPad Quake HalfLife Call of Duty Quake HalfLife Qualsys QUIC QuickTime Quicktime host iTunes Quotd QVOD R Radius radmin Rally RC5DES Rdio RDP RealDataTransport RealMa RealMedia RealMediaPlayer Redmine RedTube Remote Telnet Remote Web Workplace Renren Replify rFactor Rhapsody RIP rlogin RRP RSVP rsync ...

Page 603: ... S SalesForce SAP SAP MCAST NET SCTP Scydo Scydo Android Scydo iOS Second Life SecureSight SecureSight SSL Shell SSL Shoutcast Fishradio iTunes Silverlight Silverfast host Simfy Sina Weibo SinaTV SIP SIP audio SIP gadu gadu SIP ichat facetime SIP MagicJack SIP mplus SIP msn SIP oscar SIP oscar video SIP unknown SIP video ...

Page 604: ...acetime Facetime iOS gooberVoIP Gizmo KPhone MagicJack MagicTalk OpenWengo QuteCom SipGate Twinkle Vonage XMeeting SIP SSL Skinny Skout SkyDrive Skyking Skype Skype chat Skype file transfer Skype out Skype unknown Skype video Skype Android Skype for iPad Skype iOS Skype Linux Skype Symbian Skype voice Skype for Business File Transfer Skype Video ...

Page 605: ...TP encrypted SMTP plain Snapchat SnapMirror SNMP SOAP SOCKS Socks v4 Socks v5 SoftEthernet Sohu SOPCAST Soribada Soulseek iSoul Nicotine Plus SolarSeek SoulSeeX pySoulSeek SoundCloud SPDY Speakaboos Speedtest SpiderOak SplashFighter Spotify Spotify Android Spotify iOS Spotify Mac Spreecast Spreed SPTG TV sqidproxy ...

Page 606: ...SMTPS Stunnel SSL advanced SSL common name SSL organization name SSL SPDY SSTP StealthNet Steam StreamWorks StreetVoice STUN Sudaphone Sudaphone Android Sudaphone iOS SugarSync SunRPC svrloc Sybase Syncplicity SyncServer SSL syslog T T 120 Taaze TACACS Tango Tango audio Tango file transfer Tango im Tango unknown ...

Page 607: ... Mac Teamspeak iOS TeamViewer TeamViewer Android TeamViewer Linux TeamViewer Mac TeamViewer for iPad TeamViewer HD for iPad TeamViewer for Meetings iPad TeamViewer iOS TeamViewer for Meetings iOS Telegram Telnet Telnet generic Telnet tn3270 Telnet SSL Teredo textPlus TFTP Three Bamboo Threema Thrift Tibia TigerText Timbuktu Time Server Timely TV TMall TN3270 TOR ...

Page 608: ...o Truphone Truphone Android Truphone Mac Truphone iOS Truphone iPad TTPoD Tudou Tumblr TVAnts TVBS TVUPlayer TVUPlayer Android TVUPlayer Mac TVUPlayer iOS Twitch Twitter U Ubuntu One UltraBac UltraSurf Unreal UppTalk Usenet iLoad UseNeXT uucp UUSee V vBulletin Vcast Ventrilo VeohTV VeohTV generic VeohTV flash ...

Page 609: ...io Viber file transfer Viber Instant Messaging Viber Android Viber iOS Viber out Viber unknown Vimeo Vine Vippie Vippie Android Vippie iOS VK VNC VoIP Tunnel Voxer VPN X VRRP VTUN VyprVPN W WAP WAP TLS Warcraft 3 Watchever Wealth God WebDAV Cadaver Goliath Webex WebEx Meeting Center Applet Webex for iPad Webex iOS WebQQ ...

Page 610: ...deo Call WeChat Voice Live Chat WeChat WebChat WhatsApp WhatsApp Android WhatsApp Symbian WhatsApp iOS WhatsApp file transfer WhatsApp generic WhatsApp voice call Whois Wickr Wii Windows Azure Windows Phone OS Update Windows Updates WindowsMedia WindowsMedia host WinMX XNap WINNY Wins Workout Trainer World of Kung Fu World of Warcraft Wowza WSM Server WSM Server SSL Wuala ...

Page 611: ...p Xing XNXX XVideos XWindows Y Yahoo Yahoo file transfer Yahoo unkown Yahoo video Yahoo voice Yahoo webchat Yahoo webmail Adium Ayttm GMX Multimessenger Instantbird Kopete Miranda Pidgin Pidgin previously Gaim Qnext Trillian Trillian Pro Web de Multimessenger Yahoo Messenger Yahoo Messenger Android Yahoo Messenger for Mac Yahoo Messenger iOS Yahoo Games ...

Page 612: ...cy for the appliance and for monitoring Custom application groups can also be defined and custom applications can be added to existing application groups NOTE A given application can exist in multiple application groups However monitored groups must not contain applications which are already a member of another group being monitored Any given application can only be monitored within a single appli...

Page 613: ...pple Talk CIFS FLUTE FTP Intralinks NCP NFS rsync Syncplicity TFTP Thri ft Games Age of Warring Empire Armagetron Battlefield Call of Duty Club Penguin Crime City Crossfile Destiny Dofus Doom3 Dota 2 Dota Legend Fiesta Florensia Game of War Gamekit GuildWars Half Life 2 King of Pirates MapleStory Modern War ...

Page 614: ...lfLife rFactor SecondLife Skyking SplashFighter Steam TeamSpeak Tibia Unreal Warcraft 3 WealthGod Wii World of Kung Fu World of Warcraft xbox live Zynga Instant Messaging Blackberry Messenger DiDi IM eBuddy enLegion FETnet Google Talk Hike Messenger ICQ Webchat IM iMessage IMO IRC Jabber Kik Messenger Live Person Meebo ...

Page 615: ... Groups 615 MPlus MQTT MSN MSRP Oscar PalTalk Path Telegram textPlus TigerText Vibe Voxer WebQQ WeChat WhatsApp Wickr Yahoo IM Interactive BGP DNS echo Remote Telnet rlogin SSH Telnet Time Server TN3270 Mail Blackberry Mail GMail Hotmail IMAP IMAP SSL LotusNotes MAPI POP ...

Page 616: ...o WebMail P2P ANts P2P Ares BitTorrent Edonkey Feidian Filetopia Gadu Gadu Gnutella Kazaa Fastrack Kontiki OFFSystem Open FT POPO PPLive PPSteam QQ QQLive Soulseek StealthNet UUSEE Webthunder ZATTOO Recreational Anonymous Proxy Audiko Audiogalaxy DirectDownload Duokan Endomondo Facebook Flash Flickr ...

Page 617: ...il Instagram iTunes JAP Kollect Book LinkedIn MagV MagV Kids MapMyRun Mig33 Mojo Moves MyFitnessPal MySpace National Baseball Nike Orkut Pinterest PlayTales RealMedia Run Keeper Runtastic Sina Weibo Snapchat Sohu Speakaboos Spotify SPTG TV TTPod Tumblr UltraSurf Vine VoIP Tunnel Watchever WindowsMedia ...

Page 618: ...edom YouTube Secure DDM SSL FTP SSL HTTPS IMAP SSL IRC SSL L2TP LDAP SSL MS Global Catalogue SSL NNTP SSL Oracle SSL Orbix2000 SSL POP SSL PPTP SecureSight Shell SSL SIP SSL SSH SSL SyncServer SSL Tacacs Telnet SSL WAP TLS WSM Server SSL Social Networking aimini Bebo Doook Facebook Flickr Foursquare Friendster ...

Page 619: ...nkedIn MySpace Orkut Pinterest Renren Sina Weibo Skout Snapchat StreetVoice Tumblr Twitter Vine Xing Yelp Yik Yak YouTube Software Updates Adobe Updates Android OS Update Antivirus Lab Apple Updates Avira Bitdefender Eset F Prot Grisoft iOS OS Update Kaspersky McAfee Norton Antivirus Panda Security Windows Phone OS Update ...

Page 620: ...ing 1kxun 9ku Amazon Prime Music AVI BlueJeans Channel 4oD Ciaomobile HDTV CNN CNTV CtiTV Dailymotion Deezer Demand 5 Flash Funshion Google Play Music Grooveshark Hulu Icecast iHeartRadio iLive to iPlayer IPTV iTunes Radio ITV last fm LoveFilm MMS Move Player MPEG MyMusic TW MyVideo Netflix Octoshape OGG ...

Page 621: ...e QUIC Quicktime QVOD RealDataTransport RealMedia Rhapsody RTSP Shoutcast Silverlight Simfy SinaTV Soribada SoundCloud Spreecast Timely TV TTPod TuDou TVBS VeohTV Vimeo Watchever WindowsMedia Youku Thin Client AdobeConnect Citrix GoToMeeting GoToMyPc PCAnywhere PCoIP RDP Spreed TeamViewer VNC Webex ...

Page 622: ...mcp XWindows Unified Communications FiCall Forfone Fring Goober Lync ooVoo Scydo Tango Truphone UppTalk Ventrilo Voice Burner DiDi Voice Facetime H323 IAX Megaco H 248 MGCP Net2Phone Nimbuzz RTCP RTP SIP Skinny Skype Skype Video Skype Voice Sudaphone Vippie VPN CpmodoUnite CyberGhost ...

Page 623: ...623 GRE HamachiVPN HTTPTunnel IPSEC IPSEC over UDP isakmp L2TP NetMotion OpenVPN PDProxy PPTP SoftEthernet SSTP Teredo VPN X VyprVPN Web Baidu BOLT Google Google Cloud Google Drive Google Encrypted HTTP HTTP ALT HTTPS Live com Naver OperaMini SPDY squidproxy WAP WebDAV WebSocket ...

Reviews: