Key Terms and Concepts

Contents
nfa1000
 
Contents
 
 
 
1-minute (high-resolution) data
 
1-minute (high-resolution) data
 is detailed information that is collected from each Harvester and is provided to the NFA console for display in views and reports. The data includes top protocols for each interface; traffic for the top hosts and conversations; top conversations for the top protocols; and top protocols, hosts, and conversations for the top ToS values. The 1-minute data is stored on the Harvester server in the 
archive
 database
.
 
15-minute (historical) data
 
15-minute (historical) data
 is longer-range information that is collected for each interface. The information includes the protocols, hosts, and conversations for each interface. Summary data is also collected for the ToS, the top protocols for the top ToS values, and the top hosts and conversations for the top ToS values. The data is stored in the database.
archive15
Administrator
An A
dministrator,
 in the context of this document, is a person who is responsible for administering the product in the NFA console. An Administrator also manages elements in the Performance Center Console that are related to 
DX NetOps
, such as SNMP profiles, groups, users, and roles.
application mapping
Application mapping
 is a rule-based technique for combining the traffic for an application to facilitate reporting for the application. Application mapping rules are based on factors that can include the traffic origin (host, subnet and mask, and/or port), ToS, and protocol.
Autonomous System
Autonomous System
 (AS) refers to a connected group of Internet Protocol (IP) routing prefixes. The IP routing prefixes have a single, clearly defined routing policy and are controlled by one or more network operators. Meaningful AS data is available in reports only when routers and interfaces are configured to export it.
baseline
baseline
 is a record of typical behavior, which is computed from past behavior. Baselines help you compare changes over time and predict future data or performance. Comparing current values to baseline projections is useful for determining whether current values are typical. The baseline in a trend plot is computed by using data from the six weeks before the selected date range, excluding the data point already in the trend plot.
conversation
conversation
 is a session of subnet-to-subnet or user-to-user (host-to-host) traffic. The
DX NetOps
 the console displays conversation information, so you can find out whether a particular conversation is causing a traffic spike on an interface, for example. You can create and run reports to identify the top volume-based conversations.
custom virtual interface
custom virtual interface
 (CVI) is an abstract representation of a network interface, which corresponds to one or more subnets of actual physical interfaces. CVIs can give you visibility into network traffic for a carrier cloud. Set up CVIs for data center traffic that is transferred to subnets through an MPLS carrier cloud when the flow is enabled on the routers in the data center.
dashboards
 
Dashboards 
are dynamic report-building pages in the Performance Center Console. Dashboards are accessible from the 
Dashboards
 tab (CA PC) or 
Reports
 tab (NPC). Each dashboard is a collection of views that present data from registered data sources on a single web page. The layout, views, time interval, and group context of each dashboard can be customized.
data sources
 
Data sources
 are the products that provide data for display in the Performance Center Console. Data sources also provide some configuration data that is stored in the Performance Center. 
DX NetOps
 is designed to be a data source for Performance Center.
drilldown report
drilldown report
 is a more detailed report that you display by clicking a link in a report. You can open a drilldown report by clicking an interface name in an Enterprise Overview page report, for example. Properly credentialed users also can drill down from Performance Center views to detailed reports in the NFA console.
drill down
To 
drill down
 is to navigate from one data view to another, more detailed data view or context page. The new page displays data from the same time frame, for the same managed item or set of items. You can drill down to details in 
DX NetOps
 from views in Performance Center.
filter
A
 filter
 in a report is a set of selection criteria that are used to focus a report on the desired data.
firewall
firewall 
server acts as a gateway between a local area network (LAN) and a large network that is not secure--such as the Internet. A firewall server typically runs a software package that inspects inbound and outbound packets, and decides whether to allow the packets to pass.
flow
flow
 is a set of IP packets that pass a network observation point during a certain time interval. In 
DX NetOps
, flow may consist of NetFlow v5, v7, or v9 or one of the following flow types that conforms to the standards for NetFlow v5, v7, or v9: sFlow version 5; or IPFIX, J-Flow, cFlow, or Huawei NetStream flow.
For data from non-sampled flows to appear in reports of 15-minute (historical) data, these minimum fields are required:
  • One of the following: 1 - IN_BYTES, 85 - IN_PERMANENT_BYTES, 231 - FW_INITIATOR_OCTETS, or 232 - FW_RESPONDER_OCTETS
  • All of the following: 4 - PROTOCOL, 7 - L4_SRC_PORT, 8 - IPV4_SRC_ADDR, 10 - INPUT_SNMP, 11 - L4_DST_PORT, 12 - IPV4_DST_ADDR, and 14 - OUTPUT_SNMP
group
group 
is a collection of managed items that are organized in a tree structure. A global administrator can use Performance Center to create custom groups of the managed items that an operator can see. These managed items can be applications, servers, networks, routers, and interfaces, for example.
Harvester
Harvester 
is a component in a distributed deployment of 
DX NetOps
, which collects raw flows from the routers. In a two-tier architecture deployment, the Harvester processes and stores the 1-minute and 15-minute data.
host
host
 is a specific computer engaged in an exchange across the network. In some cases, a host represents a managed services provider whose IT staff manages and monitor the networks and systems of multiple customers. In 
DX NetOps
, hosts are identified by name or IP address. You can track host activity to find out whether a specific server or end-user system is responsible for significant traffic on an interface, for example. You can create and run reports about the traffic that is generated or is received by specified hosts.
IIS
IIS
 is the Web server that is part of the Microsoft Windows Server application. IIS consists of several services, including Simple Mail Transfer Protocol (SMTP). In versions of IIS before 5.0, IIS is an abbreviation for Internet Information Server. In version 5.0 and later, IIS is an abbreviation for Internet Information Services.
interface
An 
interface
 is a point of connection, such as a Serial, Frame Relay, Fast Ethernet, ATM, or PVC interface. 
DX NetOps
 reports on any logical interface that is enabled on a supported router that has flow enabled. The NFA console displays the interfaces that are monitored in your environment.
IP domains
IP domains
 are logical collections of data from different devices and networks. Domains let your enterprise conduct separate monitoring of IP addresses with associated interfaces or monitor applications that belong to separate customer networks. A global administrator can monitor IP domains from a single Console, but operators view data only for the domains that they have permission to view. Administrators create custom IP domains in the Performance Center Console. Administrators can use the NFA console to assign Harvesters, routers, interfaces, CVIs, and some other elements to IP domains.
LDAP
LDAP, 
or Lightweight Directory Access Protocol, is a software protocol for locating organizations, individuals, and other resources, such as files and devices in a network. LDAP is based on a client/server model. The LDAP client makes a Transmission Control Protocol (TCP) connection to an LDAP server, and then sends requests and receives responses over this connection.
NetFlow
NetFlow
 is a transaction between two hosts, which uses a unique pair of port numbers and IP addresses and which includes certain network traffic information. A Cisco router can be configured to export flow information by sending UDP packets that contain flow statistics to one or more collectors such as the Harvesters. 
DX NetOps
 supports NetFlow versions 5, 7, and 9 and sFlow version 5. 
DX NetOps
 also supports IPFIX, J-Flow, cFlow, and Huawei NetStream that complies with the standards for NetFlow v5, v7, or v9.
NFA console
The 
NFA console
 is a component in a distributed deployment of 
DX NetOps
, which provides a web-based user interface for reports and for some administrative functions. The NFA console creates reports from Enterprise Overview data, which is stored locally and from the 1-minute resolution data and 15-minute resolution data that it retrieves from other components.
Performance Center
 
Performance Center
 is a term this documentation uses to refer to CA Performance Center and CA NetQoS Performance Center collectively. 
DX NetOps
 is designed to be used with one of these programs. Page names or functions that are specific to a Performance Center version may be identified by the full program name or acronym. 
CA PC
 is used as an acronym for CA Performance Center and 
NPC
 is used for CA NetQoS Performance Center.
permission groups
Permission groups
 define the scope of the managed items that each user or operator can monitor. Administrators can create and assign custom groups of items to match each user’s area of responsibility, such as applications, servers, networks, routers, and interfaces. Administrators assign permission groups in Performance Center to give users access to default or custom groups.
product privilege
product privilege
 is a type of permission that is associated with a user account in Performance Center. The product privileges grant access to features in the Performance Center Console, the NFA console, and any other data sources. The administrators who manage user accounts assign product privileges in the Performance Center Console.
protocol
protocol
 is a standard for regulating communication between computers. Common protocols include: HTTP, SNMP, FTP, and VoIP. The information that is displayed may include the top protocols in and out for a particular interface. This information can help identify which application is causing network traffic. You can also create and run reports to determine which protocols and applications are used by different groups in your organization.
QoS (Quality of Service)
QoS (Quality of Service)
 is a defined level of performance--quality of transmission and service availability--in a data transmission system.
report
report
 is a display of collected data, which you view in the NFA console from the 
Enterprise Overview
Interfaces
Custom Reporting
Flow Forensics
Analysis
, and
 Site to Site
 pages. You can print or save reports in PDF format. You can also export reports as comma-separated value (CSV) files. An Administrator can set up some reports to be sent by email at scheduled intervals.
reporting information base (RIB)
The 
reporting information base (RIB) 
is a system of web services and XML files that describe and provide the data for views and dashboards in the CA Performance Center Console. This data originates from data sources, such as 
DX NetOps
. The RIB capability provides an operating environment for cross-product, federated, and third-party reporting. RIB uses a single data access web service with SQL-like capabilities.
reporting period
reporting period 
is a user-specified time range for data to be included in a 
DX NetOps
 report. The time options vary with each report type, but the report period could consist of hours, days, weeks, or months.
Reserved Seating
Reserved Seating
 is a rule-based technique for ensuring that reports include the traffic that interests you, even if the traffic volume or rate is low. The rules create ‘reserved seats’ in reports for data that matches the target ports and protocols.
role
role
 controls access to product features in the NFA console and the Performance Center Console. In a well-planned deployment, roles let users access the features they need to perform their duties. Roles also restrict access to features that operators and administrators do not need. The administrator who manages user accounts assigns roles in the Performance Center Console.
Single Sign-On
 
Single Sign-On
 is the authentication scheme that provides a one-time login to authenticate users in the suite of related products. Once users are authenticated, they can navigate among the products without signing in again.
SMTP
SMTP (Simple Mail Transfer Protocol)
 is the Transfer Control Protocol/Internet Protocol (TCP/IP) protocol that is used for sending and receiving e-mail in data networks.
SNMP
SNMP (Simple Network Management Protocol)
 is a network management protocol that is used almost exclusively in data networks. SNMP is a method for monitoring and controlling network devices, as well as managing configurations, statistics collection, performance, and security.
SNMP profiles
SNMP profiles
 are definitions that contain the information for using SNMP securely to query device MIBs (Management Information Bases). Each connection to a device is made by using an SNMP profile. Administrators create SNMP profiles as needed in the Performance Center Console. In a multi-tenant CA Performance Center environment, SNMP profiles are tenant-specific. In this type of environment, each Harvester uses one of the SNMP profiles that are set up for its parent tenant.
Summary views
Summary views
 provide an overview of high-level information, such as averages from groups of managed items. Summary views often provide drilldown paths to more detailed, related pages.
synchronization
Synchronization, 
or global synchronization, is a Performance Center process that exchanges configuration and other data with 
DX NetOps
. For example, if an administrator creates user accounts or SNMP profiles, the associated data is pushed down to the NFA console through synchronization. Synchronization occurs every 5 minutes automatically. Administrators also can perform a full or partial synchronization on demand.
threshold
threshold 
is a user-definable limit. Meeting or exceeding a threshold may trigger an alarm. Thresholds are also used in some views to determine the status colors for items. For example, the Interface Utilization view on the 
Enterprise Overview
 page uses user-definable utilization thresholds for the status colors of the top interfaces.
trap
trap 
is a message that indicates a threshold has been reached or that another user-defined condition has occurred. An SNMP agent sends traps to the NFA console or to a network management system (NMS). The Watchdog agent defines a number of traps for system and application management.
trend line
trend line
 is a projection of the future performance of an element that is based on data from past performance. 
DX NetOps
 constructs the trend line as the best straight line through the data points of the baseline period.
two-tier architecture
Two-tier architecture
 refers to a type of 
DX NetOps
 deployment. The components work together to collect, process, and store flow data; display the data in reports; and generate traps, events, and scheduled reports.
A two-tier architecture deployment consists of the NFA console and one or more Harvesters (Windows or Linux). These components may be located on separate servers or on a stand-alone server.
view
Views
, or 
data views
, present report data, usually as a bar graph, pie chart, table, trend chart, or stacked trend chart. A view is created on the fly when you display data in the NFA console or the Performance Center Console. For example, the 
Enterprise Overview
 page in the NFA console consists of a collection of views. In some cases, you can export the view data to a file in 
CSV
 format or create a PDF report from it.
Web user interface
The 
DX NetOps
 the web user interface appears as the NFA console, which lets an operator access 
DX NetOps
 views and reports from a web browser. Administrators for 
DX NetOps
 use this interface to perform a number of administrative functions.