Cascade® Profiler and Cascade® Express Appliance User’s Guide Version 10.0 December 2012 © 2012 Riverbed Technology. All rights reserved. Accelerate®, AirPcap®, BlockStream™, Cascade®, Cloud Steelhead®, Granite™, Interceptor®, RiOS®, Riverbed®, Shark®, SkipWare®, Steelhead®, TrafficScript®, TurboCap®, Virtual Steelhead®, Whitewater®, WinPcap®, Wireshark®, and Stingray™ are trademarks or registered trademarks of Riverbed Technology, Inc. in the United States and other countries. Riverbed and any Riverbed product or service name or logo used herein are trademarks of Riverbed Technology. All other trademarks used herein belong to their respective owners. The trademarks and logos displayed herein cannot be used without the prior written consent of Riverbed Technology or their respective owners. F5, the F5 logo, iControl, iRules and BIG-IP are registered trademarks or trademarks of F5 Networks, Inc. in the U.S. and certain other countries. Linux is a trademark of Linus Torvalds in the United States and in other countries. VMware, ESX, ESXi are trademarks or registered trademarks of VMware, Incorporated in the United States and in other countries. Portions of Cascade® products contain copyrighted information of third parties. Title thereto is retained, and all rights therein are reserved, by the respective copyright owner. PostgreSQL is (1) Copyright © 1996-2009 The PostgreSQL Development Group, and (2) Copyright © 1994- 1996 the Regents of the University of California; PHP is Copyright © 1999-2009 The PHP Group; gnuplot is Copyright © 1986-1993, 1998, 2004 Thomas Williams, Colin Kelley; ChartDirector is Copyright © 2007 Advanced Software Engineering; Net-SNMP is (1) Copyright © 1989, 1991, 1992 Carnegie Mellon University, Derivative Work 1996, 1998-2000 Copyright © 1996, 1998-2000 The Regents of The University of California, (2) Copyright © 2001-2003 Network Associates Technology, Inc., (3) Copyright © 2001-2003 Cambridge Broadband Ltd., (4) Copyright © 2003 Sun Microsystems, Inc., (5) Copyright © 2003-2008 Sparta, Inc. and (6) Copyright © 2004 Cisco, Inc. and Information Network Center of Beijing University of Posts and Telecommunications, (7) Copyright © Fabasoft R&D Software; Apache is Copyright © 1999-2005 by The Apache Software Foundation; Tom Sawyer Layout is Copyright © 1992 - 2007 Tom Sawyer Software; Click is (1) Copyright © 1999-2007 Massachusetts Institute of Technology, (2) Copyright © 2000-2007 Riverbed Technology, Inc., (3) Copyright © 2001-2007 International Computer Science Institute, and (4) Copyright © 2004-2007 Regents of the University of California; OpenSSL is (1) Copyright © 1998-2005 The OpenSSL Project and (2) Copyright © 1995-1998 Eric Young ([email protected]); Netdisco is (1) Copyright © 2003, 2004 Max Baker and (2) Copyright © 2002, 2003 The Regents of The University of California; SNMP::Info is (1) Copyright © 2003- 2008 Max Baker and (2) Copyright © 2002, 2003 The Regents of The University of California; mm is (1) Copyright © 1999-2006 Ralf S. Engelschall and (2) Copyright © 1999-2006 The OSSP Project; ares is Copyright © 1998 Massachusetts Institute of Technology; libpq++ is (1) Copyright © 1996-2004 The PostgreSQL Global Development Group, and (2) Copyright © 1994 the Regents of the University of California; Yahoo is Copyright © 2006 Yahoo! Inc.; pd4ml is Copyright © 2004-2008 zefer.org; Rapid7 is Copyright © 2001-2008 Rapid7 LLC; CmdTool2 is Copyright © 2008 Intel Corporation; QLogic is Copyright © 2003-2006 QLogic Corporation; Tarari is Copyright © 2008 LSI Corporation; Crypt_CHAP is Copyright © 2002-2003, Michael Bretterklieber; Auth_SASL is Copyright © 2002-2003 Richard Heyes; Net_SMTP is Copyright © 1997-2003 The PHP Group; XML_RPC is (1) Copyright © 1999-2001 Edd Dumbill, (2) Copyright © 2001-2006 The PHP Group; Crypt_HMAC is Copyright © 1997-2005 The PHP Group; Net_Socket is Copyright © 1997-2003 The PHP Group; PEAR::Mail is Copyright © 1997-2003 The PHP Group; libradius is Copyright © 1998 Juniper Networks. This software is based in part on the work of the Independent JPEG Group the work of the FreeType team. This documentation is furnished "AS IS" and is subject to change without notice and should not be construed as a commitment by Riverbed Technology. This documentation may not be copied, modified or distributed without the express authorization of Riverbed Technology and may be used only in connection with Riverbed products and services. Use, duplication, reproduction, release, modification, disclosure or transfer of this documentation is restricted in accordance with the Federal Acquisition Regulations as applied to civilian agencies and the Defense Federal Acquisition Regulation Supplement as applied to military agencies. This documentation qualifies as "commercial computer software documentation" and any use by the government shall be governed solely by these terms. All other use is prohibited. Riverbed Technology assumes no responsibility or liability for any errors or inaccuracies that may appear in this documentation. Individual license agreements can be viewed at the following location: https://<appliance_name>/license.php This manual is for informational purposes only. Addresses shown in screen captures were generated by simulation software and are for illustrative purposes only. They are not intended to represent any real traffic or any registered IP or MAC addresses. Riverbed Technology 199 Fremont Street San Francisco, CA 94105 Phone: 415.247.8800 Fax: 415.247.8801 Part Number Web: http://www.riverbed.com 712-00060-10 Contents Introduction.................................................................................................................................................1 About This Guide............................................................................................................................................1 Types of Users..........................................................................................................................................1 Organization of This Guide......................................................................................................................2 Document Conventions............................................................................................................................2 Product Dependencies and Compatibility.......................................................................................................3 Hardware and Software Dependencies.....................................................................................................3 Ethernet Network Compatibility..............................................................................................................3 SNMP-Based Management Compatibility...............................................................................................4 Contacting Riverbed........................................................................................................................................4 Internet......................................................................................................................................................4 Technical Support.....................................................................................................................................4 Professional Services................................................................................................................................4 Documentation.........................................................................................................................................4 Chapter 1 - Overview..................................................................................................................................5 Overview of Profiler and Express appliances..................................................................................................5 Information sources.........................................................................................................................................6 NetFlow, sFlow, and IPFIX sources.........................................................................................................7 Behavior analysis.............................................................................................................................................7 Alerting and notification..................................................................................................................................9 Alerting.....................................................................................................................................................9 Notification...............................................................................................................................................9 Traffic profiles...............................................................................................................................................10 Host groups....................................................................................................................................................10 Port groups......................................................................................................................................................11 Interface groups..............................................................................................................................................11 Applications....................................................................................................................................................11 Traffic reporting.............................................................................................................................................12 Shortcuts page........................................................................................................................................12 Cascade Profiler and Cascade Express User’s Guide iii Contents Traffic Report pages................................................................................................................................12 Quick report box.............................................................................................................................................12 Left-clicking............................................................................................................................................12 Right-clicking..........................................................................................................................................13 User interface..................................................................................................................................................13 Home pages.............................................................................................................................................14 Other GUI pages......................................................................................................................................17 Getting help....................................................................................................................................................19 Chapter 2 - Configuration........................................................................................................................21 Accessing the user interface...........................................................................................................................21 Logging in and out...................................................................................................................................21 User interface preferences..............................................................................................................................22 Data section.............................................................................................................................................23 Autocomplete section..............................................................................................................................23 Date and Time Formatting section..........................................................................................................23 Miscellaneous section..............................................................................................................................24 Account Management.....................................................................................................................................24 User Accounts..........................................................................................................................................24 RADIUS Settings....................................................................................................................................27 ODBC DB Access...................................................................................................................................29 Passwords.......................................................................................................................................................29 Integration.......................................................................................................................................................30 Mitigation.......................................................................................................................................................30 Flow log..........................................................................................................................................................30 Flow log disk space balancing.................................................................................................................31 Reporting time frames.............................................................................................................................31 Profilers (Express only)..................................................................................................................................31 Licenses (except Profiler-VE)........................................................................................................................33 Licenses (Profiler-VE only)............................................................................................................................34 General settings..............................................................................................................................................34 Management Interface Configuration......................................................................................................35 Name Resolution.....................................................................................................................................35 Aux Interface Configuration (Express only)...........................................................................................37 Static Routes (Express only)...................................................................................................................39 Monitor Interface Configuration (Express only).....................................................................................39 Packet Deduplication (Express only)......................................................................................................39 Time Configuration.................................................................................................................................39 Data Sources (Cascade Express only).....................................................................................................40 SNMP MIB Configuration......................................................................................................................41 Outgoing Mail Server (SMTP) Settings..................................................................................................41 Inside Address Configuration..................................................................................................................42 Security Module Configuration...............................................................................................................42 Report Data Management........................................................................................................................43 iv Cascade Profiler and Cascade Express User’s Guide Contents Service Management...............................................................................................................................43 Chapter 3 - Monitoring Services.............................................................................................................45 Overview.........................................................................................................................................................45 Service dashboard...........................................................................................................................................45 Service Health content block...................................................................................................................46 Service Health by Location content block...............................................................................................47 Service Map content block......................................................................................................................48 Service reports................................................................................................................................................49 Overall Service Performance Report.......................................................................................................49 Service Performance Report....................................................................................................................51 Service Incident Report...........................................................................................................................53 Location Performance Report..................................................................................................................55 Location Incident Report.........................................................................................................................56 Managing services..........................................................................................................................................58 Chapter 4 - Definitions.............................................................................................................................61 Applications....................................................................................................................................................61 Layer 7 Fingerprints................................................................................................................................61 Layer 4 Mappings....................................................................................................................................62 Host groups.....................................................................................................................................................63 Host grouping pages................................................................................................................................63 Defining host groups...............................................................................................................................65 Managing host group types.....................................................................................................................67 Interface groups..............................................................................................................................................67 Port names......................................................................................................................................................68 Port groups......................................................................................................................................................69 Quality of Service...........................................................................................................................................69 Sensors/Sharks and Steelheads.......................................................................................................................70 WAN...............................................................................................................................................................71 Chapter 5 - Enterprise Integration..........................................................................................................73 Vulnerability scanning....................................................................................................................................73 Types of vulnerability scans....................................................................................................................74 Configuring automatic scans...................................................................................................................74 Manually initiating a vulnerability scan..................................................................................................76 External links..................................................................................................................................................76 Host switch port discovery.............................................................................................................................76 API access.......................................................................................................................................................77 Identity sources...............................................................................................................................................78 Load balancers................................................................................................................................................78 Cascade Profiler and Cascade Express User’s Guide v Contents DHCP integration...........................................................................................................................................79 Lease data file format..............................................................................................................................79 Transfer mechanism................................................................................................................................80 Update intervals.......................................................................................................................................80 Chapter 6 - System Verification...............................................................................................................83 System information.........................................................................................................................................83 Data sources....................................................................................................................................................84 Device/Interface Tree view......................................................................................................................85 Interfaces view.........................................................................................................................................86 Devices view...........................................................................................................................................87 Audit trail........................................................................................................................................................89 Report Criteria.........................................................................................................................................89 Report results...........................................................................................................................................91 Activity Types and Subtypes...................................................................................................................96 Shutdown/Reboot.........................................................................................................................................103 Update...........................................................................................................................................................103 Backup..........................................................................................................................................................104 Backup Status........................................................................................................................................104 Excluded file types................................................................................................................................105 Backup location.....................................................................................................................................105 Notification............................................................................................................................................106 Running the backup operation...............................................................................................................106 Manual Backup and Restore..................................................................................................................106 Chapter 7 - Service Policies..................................................................................................................107 Overview.......................................................................................................................................................107 The Services Policies page...........................................................................................................................108 Configured Policies section...................................................................................................................108 Tune Policies section.............................................................................................................................110 Chapter 8 - Performance and Availability Policies..............................................................................115 Overview.......................................................................................................................................................115 Types of policies...........................................................................................................................................115 Application Availability policies...........................................................................................................116 Application Performance policies.........................................................................................................117 Link Congestion policies.......................................................................................................................117 Link Outage policies..............................................................................................................................119 Managing policies.........................................................................................................................................120 Managing configured policies...............................................................................................................120 Creating or Editing Performance and Availability policies...................................................................122 Creating new performance and availability policies....................................................................................124 Tuning a policy.............................................................................................................................................125 vi Cascade Profiler and Cascade Express User’s Guide Contents Chapter 9 - User-defined Policies.........................................................................................................127 Overview.......................................................................................................................................................127 Pre-defined policies......................................................................................................................................128 Defining policies...........................................................................................................................................129 Setting alerting thresholds............................................................................................................................129 Chapter 10 - Security Policies...............................................................................................................133 Overview.......................................................................................................................................................133 Security event detection................................................................................................................................134 Security profiles............................................................................................................................................135 Types of security profiles......................................................................................................................136 Changing security profiles.....................................................................................................................136 Tuning alerting..............................................................................................................................................137 Alerting thresholds........................................................................................................................................137 Specifying alerting thresholds...............................................................................................................137 Requirements for matching an alerting rule..........................................................................................138 Precedence of alerting threshold rules...................................................................................................139 Tools for managing alerts.............................................................................................................................139 Notifications of security events....................................................................................................................139 Chapter 11 - Health Policies..................................................................................................................141 Sensor Problem.............................................................................................................................................141 Storage Problem............................................................................................................................................142 Chapter 12 - Notifications......................................................................................................................143 Overview.......................................................................................................................................................143 Adding recipients..........................................................................................................................................144 Assigning notifications to recipients............................................................................................................145 Chapter 13 - Reporting...........................................................................................................................147 Overview.......................................................................................................................................................148 Quick reports................................................................................................................................................149 Shortcuts to reports.......................................................................................................................................150 Built-in reports.......................................................................................................................................152 Custom reports.......................................................................................................................................152 Service reports..............................................................................................................................................153 Traffic reports..............................................................................................................................................153 Report Criteria section...........................................................................................................................153 Report-by options..................................................................................................................................155 Traffic report section.............................................................................................................................157 Cascade Profiler and Cascade Express User’s Guide vii Contents WAN Optimization reports...........................................................................................................................157 Site reports.............................................................................................................................................159 Intersite reports......................................................................................................................................159 Overall reports.......................................................................................................................................160 Top Talkers reports.......................................................................................................................................160 Report Criteria section...........................................................................................................................161 Traffic Report section............................................................................................................................161 Event reports.................................................................................................................................................162 Report Criteria section...........................................................................................................................162 Event Report section..............................................................................................................................163 Event Details reports.....................................................................................................................................165 Viewing with an Event Viewer account................................................................................................166 Active Directory Users reports.....................................................................................................................166 Report Criteria section...........................................................................................................................167 Report section........................................................................................................................................168 Saved reports................................................................................................................................................168 Reports section......................................................................................................................................169 Templates section..................................................................................................................................169 General Information reports.........................................................................................................................170 Application Information reports............................................................................................................170 Interface Information reports.................................................................................................................171 Device Information reports....................................................................................................................172 Interface Group Information reports.....................................................................................................174 Host Information reports.......................................................................................................................175 Host Group Information reports............................................................................................................176 Server Information reports....................................................................................................................176 Network Segment Information reports..................................................................................................177 QoS Information reports........................................................................................................................178 Investigation reports.....................................................................................................................................178 Service Level Objective reports............................................................................................................179 Performance Investigation reports.........................................................................................................181 95th Percentile report............................................................................................................................181 SDN (Software-defined Networks) Reports.................................................................................................182 VXLAN technology..............................................................................................................................183 VXLAN Summary Report.....................................................................................................................183 Virtual Network Information Report.....................................................................................................186 Tunnel Endpoint Information Report....................................................................................................189 VoIP reports..................................................................................................................................................193 VoIP Performance report.......................................................................................................................193 VoIP Dependencies - Signaling report...................................................................................................198 VoIP Dependencies - Calls report..........................................................................................................200 Audit Trail reports.........................................................................................................................................201 Packet analysis and export with Cascade Pilot.............................................................................................201 Prerequisites..........................................................................................................................................202 Analyzing Cascade Shark packet information......................................................................................202 viii Cascade Profiler and Cascade Express User’s Guide Contents Exporting Cascade Shark packet information.......................................................................................204 Packet reporting and export with Cascade Sensor........................................................................................205 Viewing Sensor packet information......................................................................................................205 Exporting Sensor packet information....................................................................................................206 Chapter 14 - Mitigation...........................................................................................................................209 Introduction...................................................................................................................................................209 Switch Mitigation..................................................................................................................................210 Router Mitigation..................................................................................................................................210 Using the mitigation feature..................................................................................................................212 Trusted hosts setup........................................................................................................................................212 Switch mitigation setup................................................................................................................................213 Field descriptions...................................................................................................................................214 Modifying switch setups........................................................................................................................214 Router mitigation setup.................................................................................................................................215 Field descriptions...................................................................................................................................215 Modifying and testing router setups......................................................................................................216 Enabling mitigation plan generation.............................................................................................................216 Managing mitigation actions........................................................................................................................217 Activating mitigation actions................................................................................................................218 Deactivating mitigation actions.............................................................................................................219 Managing mitigation plans...........................................................................................................................219 Working with Plans and Actions...........................................................................................................221 Chapter 15 - Appliance Security............................................................................................................223 Overview.......................................................................................................................................................223 Password Security.........................................................................................................................................224 Security Compliance.....................................................................................................................................225 Operational modes.................................................................................................................................225 Accounts................................................................................................................................................229 Access....................................................................................................................................................230 Encryption Key Management.......................................................................................................................231 Displays and controls on the page.........................................................................................................231 Replacing Keys and Certificates...........................................................................................................233 Replacing SSH keys.....................................................................................................................................234 Regenerating an SSH key pair...............................................................................................................234 Changing SSH key pair.........................................................................................................................234 Replacing SSL certificates............................................................................................................................235 Replacing the MNMP SSL certificate...................................................................................................235 Replacing the Identityd SSL certificate.................................................................................................242 Replacing the Apache SSL certificate...................................................................................................248 SSL certificate requirements.................................................................................................................251 Cascade Profiler and Cascade Express User’s Guide ix Contents Appendix A - SNMP Support.................................................................................................................253 Trap summary...............................................................................................................................................253 Variables common to all Cascade Profiler and Cascade Express traps........................................................254 Additional trap variables...............................................................................................................................256 Denial of Service/Bandwidth Surge trap variables................................................................................256 Suspicious Connection trap variables....................................................................................................256 New Server Port trap variables..............................................................................................................257 Performance, Availability, and User-defined trap variables..................................................................257 Service trap variables............................................................................................................................257 Storage Problem trap variables..............................................................................................................257 Cascade Profiler and Cascade Express appliance MIB................................................................................258 Versions 1 and 2c...................................................................................................................................258 Version 3................................................................................................................................................258 Examples...............................................................................................................................................258 Appendix B - Securing the Environment..............................................................................................261 Appendix C - Tracked Applications......................................................................................................263 x Cascade Profiler and Cascade Express User’s Guide
Description: