2. About ManageEngine
Web 2.0 division with the
OEM / Telecom division is IT Management division most comprehensive
also the World’s #1 EMS with 55K + customers suite of SAAS
applications
3. About ManageEngine
ManageEngine Product Portfolio
Servers & Windows Event Log &
Network Desktop ServiceDesk Security
Applications Infrastructure Compliance
Network Server Desktop Active Windows Vulnerability
Helpdesk
Monitoring Monitoring Management Directory Event Logs Analysis
Application
NetFlow Asset ITIL Service Syslog Patch
Perf SQL Server
Analysis Management Desk Management Management
Monitoring
Software
Network End User Remote Exchange Firewall Log Password
License
Config Mgmt Experience Control Server Analyzer Management
Tracking
ManageEngine is an IT management vendor focused on bringing a complete IT
management to all types of enterprises
4. NetFlow Analyzer - Introduction
• An all software solution for bandwidth monitoring, traffic analysis
and network anomaly detection
• Single solution - Multiple monitoring technologies
NetFlow, sFlow, IPFIX, J-Flow, NetStream, Appflow - For bandwidth &
traffic analytics
Cisco NBAR for DPI based application recognition
Cisco QoS monitoring for policy validation
Cisco IPSLA - VoIP and WAN RTT performance reports
Cisco WAAS - WAN optimization reports
Cisco Medianet monitoring for media traffic performance reports
• Centralized monitoring options for distributed networks
5. NetFlow Analyzer – Working Architecture
Device with Flexible NetFlow, Cisco WAAS with WAAS
NBAR, QoS and IPSLA enabled CM 4.1 or higher
• NBAR, QoS, IPSLA, Medianet
Traffic and Mediatrace available only
for Cisco devices
• Non-Cisco devices export flows
SNMP to collect like sFlow or IPFIX for
NBAR, QoS and bandwidth and traffic reports
IPSLA stats
UDP NetFlow for
Traffic, NBAR and
Medianet reports Web Service
Management Via API for Cisco
Agent(WSMA) for WAAS stats
Cisco Mediatrace
NetFlow Analyzer NFA Web GUI
7. Bandwidth Monitoring / Traffic Analytics / Capacity Planning
• Bandwidth Monitoring
Real time bandwidth usage reports on a per interface/port basis
Reports available based on Volume, Speed, Utilization and Packets
• Traffic Analytics
Reports on Applications and Conversations with drill down options
Raw data which includes all flows stored for 30 days
Aggregated flow data based on Top N records stored forever
• Capacity Planning and Application Growth Reports
1 minute granular traffic reports available for upto last 1 year
Visualize traffic growth and application growth patterns
On-Demand billing option from capacity planning reports
8. Bandwidth Monitoring / Traffic Analytics / Capacity Planning
Who ? Source Port
Source IP Address What ?
Destination Port
Where ? Destination IP Address
Protocol
Volume
When ? Conversation Time Speed Usage ?
Flow Start and End time Utilization
Packet Count
ToS
QoS ? DSCP QoS ?
TCP Flags
NextHop
Input and Output Interface
Path ? Source AS Information Route ?
(ifindex)
Destination AS Information
13. IP Group / Billing / Alerts / Schedule Report
• IP Groups
Traffic grouping feature for customized reporting
Create ‘Groups’ based on
IP Address / IP Network / IP Range / Port / Port Range
IP and Port combination
• Usage based Billing
Volume & Speed based billing with alerts and automatic emailing
Chargeback customers / departments / projects for bandwidth usage
• Threshold Violation Alerts
Alert for traffic threshold violation on Interface, Application, Port, IP & DSCP
Alert options: SNMP Traps to any management product and Email Alerts
• Scheduled Report Emailing
Auto emailing of all reports based on user defined schedules
14. IP Group / Billing / Alerts / Schedule Report
• Ip group creation IP Group creation
15. IP Group / Billing / Alerts / Schedule Report
Creating ‘Bill’ plans
• Billing
16. IP Group / Billing / Alerts / Schedule Report
Alert configuration
Creating Schedule report
17. Cisco NBAR, Cisco QoS and Cisco IPSLA Reports
• Cisco NBAR Report
Reports applications identified by Cisco NBAR
Visibility into applications using dynamic ports or well-known ports
Identifies Worms, Peer to Peer apps, Skype, etc.
• Cisco QoS Reports
QoS policy performance validation
Pre and post policy statistics and queuing information
Per Match statement drop reports
• Cisco IPSLA – VoIP and WAN RTT Reports
VoIP performance and WAN RTT metrics
Monitor jitter, latency, packet loss and MoS for VoIP packets
Measure Round-Trip time and link availability for data packets
21. Cisco NBAR, Cisco QoS and Cisco IPSLA Reports
IPSLA - WAN RTT Reports
22. Advanced Security Analytics Module
• Leverages on flow data to detect network behavior anomalies
• Real-time pattern matching and event correlation using
Continuous Stream Mining Engine
• Identifies worms, viruses, suspicious traffic, scans and DoS attacks
• Detect and mitigate attacks that surpasses your firewalls and IDS
• In-depth reports with information on offenders, target and path
25. Product Editions and Add-Ons
Professional Edition
Real-time reports on: Bandwidth, application, port, protocol, host,
conversation, ToS, DSCP, TCP Flags.
Alerts based on threshold violations for interface, IP, port and DSCP
Automatic report scheduling, compare reports and custom dashboards
Extensive grouping options to help with department, network and IP wise
traffic categorization
30 days raw NetFlow data retention and forever storage of aggregated data
Cisco ASA NSEL, Cisco Medianet and Cisco WAAS reports
Professional Plus Edition
All features of Professional Edition
Cisco NBAR reports, Cisco QoS reports and Usage based Billing
Add-Ons for Professional and Professional Plus
Cisco IPSLA Module - Upto 100 monitors can be created and monitored
Advanced Security Analytics Module - Licensed for same number of
interfaces as the base license
26. Product Editions and Add-Ons
Enterprise Edition
Distributed architecture using central reporting server and flow collectors
Highly scalable – Supports 100,000 flows per second and 20,000 interfaces
Includes most ‘Professional Edition’ features for bandwidth monitoring and
traffic analytics
Ability to view and schedule reports in user defined “Time Zones”
30 days raw NetFlow data retention and forever storage of aggregated data
Add-Ons for Enterprise Edition
Usage based Billing
Speed and Volume based billing reports
Licensed for same number of interfaces as base license
Cisco QoS and NBAR
QoS policy validation and Cisco NBAR reports
Licensed for same number of interfaces as base license
Failover
High Availability and data redundancy using automatic failover
License for each central reporting server
27. Supported Devices
Vendor Flows Device List
Cisco NetFlow 800, 1700, 2600, 1800, 1900, 2800, 2900, 3660, 3800, 3900, 4500, 6500, 7200, 7600,
10000, 12000, Cisco ASA (IOS 8.2 onwards), Catalyst 4000, 4500, 6000, and 6500 series,
Nexus 7000, Cisco ASR and even more
Hewlett-Packard sFlow ProCurve series
Juniper Networks NetFlow, J-Flow Juniper SRX series, M10i series and more Juniper devices
Nortel IPFIX 5500 & 8600 Series
Adtran NetFlow NetVanta 3200, 3305, 4305, 5305, 1524, 1624, 3430, 3448, 3130, 340, and 344
3Com NetFlow 8800 Series Switches
Extreme Networks NetFlow Alpine 3800 series, BlackDiamond 6800 series, BlackDiamond 8800 series, BlackDiamond
10808, BlackDiamond 12804C , BlackDiamond 12804R ,Summit X450 Series , Summit i
series
Force10 Networks sFlow E series
Dell – Force 10 sFlow PowerConnect 6200 series, PowerConnect 8200 series
Networks
Huawei NetStream Huawei AR1200, NE40EX3 and more
For the complete list of supported devices visit:
http://www.manageengine.com/products/netflow/supported-devices.html
28. Customers
More than 5000 Enterprises worldwide use
ManageEngiNetFlow Analyzer
29. Contact Us
www.netflowanalyzer.com
Technical Support Team:
netflowanalyzer-support@manageengine.com
ManageEngine Sales:
sales@manageengine.com
NetFlow Analyzer Blogs:
https://blogs.netflowanalyzer.com
User Forums:
http://forums.netflowanalyzer.com
LinkedIn:
http://www.linkedin.com/groups?gid=4208806&trk=hb_side_g