Key Terms and Concepts
1-minute (high-resolution) data
1-minute (high-resolution) datais detailed information that is collected from each Harvester and is provided to the NFA console for display in views and reports. The data includes top protocols for each interface; traffic for the top hosts and conversations; top conversations for the top protocols; and top protocols, hosts, and conversations for the top ToS values. The 1-minute data is stored on the Harvester server in the
15-minute (historical) data
15-minute (historical) datais longer-range information that is collected for each interface. The information includes the protocols, hosts, and conversations for each interface. Summary data is also collected for the ToS, the top protocols for the top ToS values, and the top hosts and conversations for the top ToS values. The data is stored in the database.
dministrator,in the context of this document, is a person who is responsible for administering the product in the NFA console. An Administrator also manages elements in the Performance Center Console that are related to
DX NetOps, such as SNMP profiles, groups, users, and roles.
Application mappingis a rule-based technique for combining the traffic for an application to facilitate reporting for the application. Application mapping rules are based on factors that can include the traffic origin (host, subnet and mask, and/or port), ToS, and protocol.
Autonomous System(AS) refers to a connected group of Internet Protocol (IP) routing prefixes. The IP routing prefixes have a single, clearly defined routing policy and are controlled by one or more network operators. Meaningful AS data is available in reports only when routers and interfaces are configured to export it.
baselineis a record of typical behavior, which is computed from past behavior. Baselines help you compare changes over time and predict future data or performance. Comparing current values to baseline projections is useful for determining whether current values are typical. The baseline in a trend plot is computed by using data from the six weeks before the selected date range, excluding the data point already in the trend plot.
conversationis a session of subnet-to-subnet or user-to-user (host-to-host) traffic. The
DX NetOpsthe console displays conversation information, so you can find out whether a particular conversation is causing a traffic spike on an interface, for example. You can create and run reports to identify the top volume-based conversations.
custom virtual interface
custom virtual interface(CVI) is an abstract representation of a network interface, which corresponds to one or more subnets of actual physical interfaces. CVIs can give you visibility into network traffic for a carrier cloud. Set up CVIs for data center traffic that is transferred to subnets through an MPLS carrier cloud when the flow is enabled on the routers in the data center.
Dashboardsare dynamic report-building pages in the Performance Center Console. Dashboards are accessible from the
Dashboardstab (CA PC) or
Reportstab (NPC). Each dashboard is a collection of views that present data from registered data sources on a single web page. The layout, views, time interval, and group context of each dashboard can be customized.
Data sourcesare the products that provide data for display in the Performance Center Console. Data sources also provide some configuration data that is stored in the Performance Center.
DX NetOpsis designed to be a data source for Performance Center.
drilldown reportis a more detailed report that you display by clicking a link in a report. You can open a drilldown report by clicking an interface name in an Enterprise Overview page report, for example. Properly credentialed users also can drill down from Performance Center views to detailed reports in the NFA console.
drill downis to navigate from one data view to another, more detailed data view or context page. The new page displays data from the same time frame, for the same managed item or set of items. You can drill down to details in
DX NetOpsfrom views in Performance Center.
filterin a report is a set of selection criteria that are used to focus a report on the desired data.
firewallserver acts as a gateway between a local area network (LAN) and a large network that is not secure--such as the Internet. A firewall server typically runs a software package that inspects inbound and outbound packets, and decides whether to allow the packets to pass.
flowis a set of IP packets that pass a network observation point during a certain time interval. In
DX NetOps, flow may consist of NetFlow v5, v7, or v9 or one of the following flow types that conforms to the standards for NetFlow v5, v7, or v9: sFlow version 5; or IPFIX, J-Flow, cFlow, or Huawei NetStream flow.
For data from non-sampled flows to appear in reports of 15-minute (historical) data, these minimum fields are required:
- One of the following: 1 - IN_BYTES, 85 - IN_PERMANENT_BYTES, 231 - FW_INITIATOR_OCTETS, or 232 - FW_RESPONDER_OCTETS
- All of the following: 4 - PROTOCOL, 7 - L4_SRC_PORT, 8 - IPV4_SRC_ADDR, 10 - INPUT_SNMP, 11 - L4_DST_PORT, 12 - IPV4_DST_ADDR, and 14 - OUTPUT_SNMP
groupis a collection of managed items that are organized in a tree structure. A global administrator can use Performance Center to create custom groups of the managed items that an operator can see. These managed items can be applications, servers, networks, routers, and interfaces, for example.
Harvesteris a component in a distributed deployment of
DX NetOps, which collects raw flows from the routers. In a two-tier architecture deployment, the Harvester processes and stores the 1-minute and 15-minute data.
hostis a specific computer engaged in an exchange across the network. In some cases, a host represents a managed services provider whose IT staff manages and monitor the networks and systems of multiple customers. In
DX NetOps, hosts are identified by name or IP address. You can track host activity to find out whether a specific server or end-user system is responsible for significant traffic on an interface, for example. You can create and run reports about the traffic that is generated or is received by specified hosts.
IISis the Web server that is part of the Microsoft Windows Server application. IIS consists of several services, including Simple Mail Transfer Protocol (SMTP). In versions of IIS before 5.0, IIS is an abbreviation for Internet Information Server. In version 5.0 and later, IIS is an abbreviation for Internet Information Services.
interfaceis a point of connection, such as a Serial, Frame Relay, Fast Ethernet, ATM, or PVC interface.
DX NetOpsreports on any logical interface that is enabled on a supported router that has flow enabled. The NFA console displays the interfaces that are monitored in your environment.
IP domainsare logical collections of data from different devices and networks. Domains let your enterprise conduct separate monitoring of IP addresses with associated interfaces or monitor applications that belong to separate customer networks. A global administrator can monitor IP domains from a single Console, but operators view data only for the domains that they have permission to view. Administrators create custom IP domains in the Performance Center Console. Administrators can use the NFA console to assign Harvesters, routers, interfaces, CVIs, and some other elements to IP domains.
LDAP,or Lightweight Directory Access Protocol, is a software protocol for locating organizations, individuals, and other resources, such as files and devices in a network. LDAP is based on a client/server model. The LDAP client makes a Transmission Control Protocol (TCP) connection to an LDAP server, and then sends requests and receives responses over this connection.
NetFlowis a transaction between two hosts, which uses a unique pair of port numbers and IP addresses and which includes certain network traffic information. A Cisco router can be configured to export flow information by sending UDP packets that contain flow statistics to one or more collectors such as the Harvesters.
DX NetOpssupports NetFlow versions 5, 7, and 9 and sFlow version 5.
DX NetOpsalso supports IPFIX, J-Flow, cFlow, and Huawei NetStream that complies with the standards for NetFlow v5, v7, or v9.
NFA consoleis a component in a distributed deployment of
DX NetOps, which provides a web-based user interface for reports and for some administrative functions. The NFA console creates reports from Enterprise Overview data, which is stored locally and from the 1-minute resolution data and 15-minute resolution data that it retrieves from other components.
Performance Centeris a term this documentation uses to refer to CA Performance Center and CA NetQoS Performance Center collectively.
DX NetOpsis designed to be used with one of these programs. Page names or functions that are specific to a Performance Center version may be identified by the full program name or acronym.
CA PCis used as an acronym for CA Performance Center and
NPCis used for CA NetQoS Performance Center.
Permission groupsdefine the scope of the managed items that each user or operator can monitor. Administrators can create and assign custom groups of items to match each user’s area of responsibility, such as applications, servers, networks, routers, and interfaces. Administrators assign permission groups in Performance Center to give users access to default or custom groups.
product privilegeis a type of permission that is associated with a user account in Performance Center. The product privileges grant access to features in the Performance Center Console, the NFA console, and any other data sources. The administrators who manage user accounts assign product privileges in the Performance Center Console.
protocolis a standard for regulating communication between computers. Common protocols include: HTTP, SNMP, FTP, and VoIP. The information that is displayed may include the top protocols in and out for a particular interface. This information can help identify which application is causing network traffic. You can also create and run reports to determine which protocols and applications are used by different groups in your organization.
QoS (Quality of Service)
QoS (Quality of Service)is a defined level of performance--quality of transmission and service availability--in a data transmission system.
reportis a display of collected data, which you view in the NFA console from the
Site to Sitepages. You can print or save reports in PDF format. You can also export reports as comma-separated value (CSV) files. An Administrator can set up some reports to be sent by email at scheduled intervals.
reporting information base (RIB)
reporting information base (RIB)is a system of web services and XML files that describe and provide the data for views and dashboards in the CA Performance Center Console. This data originates from data sources, such as
DX NetOps. The RIB capability provides an operating environment for cross-product, federated, and third-party reporting. RIB uses a single data access web service with SQL-like capabilities.
reporting periodis a user-specified time range for data to be included in a
DX NetOpsreport. The time options vary with each report type, but the report period could consist of hours, days, weeks, or months.
Reserved Seatingis a rule-based technique for ensuring that reports include the traffic that interests you, even if the traffic volume or rate is low. The rules create ‘reserved seats’ in reports for data that matches the target ports and protocols.
rolecontrols access to product features in the NFA console and the Performance Center Console. In a well-planned deployment, roles let users access the features they need to perform their duties. Roles also restrict access to features that operators and administrators do not need. The administrator who manages user accounts assigns roles in the Performance Center Console.
Single Sign-Onis the authentication scheme that provides a one-time login to authenticate users in the suite of related products. Once users are authenticated, they can navigate among the products without signing in again.
SMTP (Simple Mail Transfer Protocol)is the Transfer Control Protocol/Internet Protocol (TCP/IP) protocol that is used for sending and receiving e-mail in data networks.
SNMP (Simple Network Management Protocol)is a network management protocol that is used almost exclusively in data networks. SNMP is a method for monitoring and controlling network devices, as well as managing configurations, statistics collection, performance, and security.
SNMP profilesare definitions that contain the information for using SNMP securely to query device MIBs (Management Information Bases). Each connection to a device is made by using an SNMP profile. Administrators create SNMP profiles as needed in the Performance Center Console. In a multi-tenant CA Performance Center environment, SNMP profiles are tenant-specific. In this type of environment, each Harvester uses one of the SNMP profiles that are set up for its parent tenant.
Summary viewsprovide an overview of high-level information, such as averages from groups of managed items. Summary views often provide drilldown paths to more detailed, related pages.
Synchronization,or global synchronization, is a Performance Center process that exchanges configuration and other data with
DX NetOps. For example, if an administrator creates user accounts or SNMP profiles, the associated data is pushed down to the NFA console through synchronization. Synchronization occurs every 5 minutes automatically. Administrators also can perform a full or partial synchronization on demand.
thresholdis a user-definable limit. Meeting or exceeding a threshold may trigger an alarm. Thresholds are also used in some views to determine the status colors for items. For example, the Interface Utilization view on the
Enterprise Overviewpage uses user-definable utilization thresholds for the status colors of the top interfaces.
trapis a message that indicates a threshold has been reached or that another user-defined condition has occurred. An SNMP agent sends traps to the NFA console or to a network management system (NMS). The Watchdog agent defines a number of traps for system and application management.
trend lineis a projection of the future performance of an element that is based on data from past performance.
DX NetOpsconstructs the trend line as the best straight line through the data points of the baseline period.
Two-tier architecturerefers to a type of
DX NetOpsdeployment. The components work together to collect, process, and store flow data; display the data in reports; and generate traps, events, and scheduled reports.
A two-tier architecture deployment consists of the NFA console and one or more Harvesters (Windows or Linux). These components may be located on separate servers or on a stand-alone server.
data views, present report data, usually as a bar graph, pie chart, table, trend chart, or stacked trend chart. A view is created on the fly when you display data in the NFA console or the Performance Center Console. For example, the
Enterprise Overviewpage in the NFA console consists of a collection of views. In some cases, you can export the view data to a file in
CSVformat or create a PDF report from it.
Web user interface
DX NetOpsthe web user interface appears as the NFA console, which lets an operator access
DX NetOpsviews and reports from a web browser. Administrators for
DX NetOpsuse this interface to perform a number of administrative functions.