Skip navigation
Share:|

***NOTE***

This page has been permanently moved toCONNECT WITH EUEM WEBINAR SERIES as of Tuesday, September 15th, 2015.

***NOTE***

 

The EUEM team announces the 'Connect with EUEM' webinar series to provide Basic and Advanced training including best practices that will enable you to unleash the full power of EUEM.

 

Each month we will offer 90 minute Basic Navigation training and 90 minute Advanced configuration training session.  To sign up for a class, please click the date you wish to attend and it will open up an email for your request.  Please include your company name and support id (if you have this id available) in the email  You will be signed up and sent the info needed to attend the class.  You will be sent a PDF version of the slide deck shown for reference - no need to keep notes during the session!

 

Basic Navigation Class Info:

This class will cover the theory behind EUEM, cover the metrics collected and introduce you to the User Interface.  This class is a great start to get a strong background into HTTP(s) monitoring.

 

Advanced Configuration Training info:

This class should be taken after attending the Basic Navigation Training.  You will be shown in great detail how to setup your EUEM system for monitoring:  creating watchpoints, report mailouts, AIM configuration, deeper explanation of Session detection and page building (and more)

 

During all classes you are able to ask any questions you have regarding your Web Application monitoring.  These sessions are meant to answer your questions and provide a stronger background when using EUEM.

 

***NOTE:  All times are in EST (Eastern Standard Time)

 

Schedule:

September:

BMC EUEM Basic Navigation Training

1:30 pm Wednesday September 23rd, 2015

 

BMC EUEM Advanced Configuration Training

1:30 pm Thursday September 24th, 2015


August:

BMC EUEM Basic Navigation Training

2:00 pm Tuesday August 11th, 2015

1:30 pm Thursday August 27th, 2015

 

ADDED NEW CLASS!!!!  2:00 pm Tuesday August 18th, 2015

 

BMC EUEM Advanced Configuration Training

1:30 pm Wednesday August 19th, 2015

 

July:

BMC EUEM Basic Navigation Training

1:30 pm Tuesday July 7th, 2015

1:30 pm Thursday July 23rd, 2015

 

BMC EUEM Advanced Configuration Training

1:30 pm Wednesday July 15th, 2015

 

May:

BMC EUEM Basic Navigation Training

1:30 pm Tuesday May 12th, 2015

1:30 pm Thursday May 28th, 2015

 

BMC EUEM Advanced Configuration Training

1:30 pm Wednesday May 20th, 2015

 

March:

BMC EUEM Basic Navigation Training

1:30 pm Tuesday March 10th, 2015

9:30 pm Thursday March 17th, 2015

1:30 pm Thursday March 26th, 2015

 

BMC EUEM Advanced Configuration Training

1:30 pm Wednesday March 18th, 2015

9:30 pm Thursday March 19th, 2015

 

February:

BMC EUEM Basic Navigation Training

1:30 pm Tuesday Feb. 10th, 2015

1:30 pm Thursday Feb. 26th, 2015

9:30 pm Thursday Feb. 26th, 2015

 

BMC EUEM Advanced Configuration Training

1:30 pm Wednesday Feb. 18th, 2015

7:00 pm Wednesday Feb. 18th, 2015

 

January:

BMC EUEM Basic Navigation Training

1:30 pm Tuesday January 13th, 2015

1:30 pm Thursday January 29th, 2015

 

***NEW NIGHT CLASS ADDED***

9:30 pmThursday January 29th, 2015

 

BMC EUEM Advanced Configuration Training

1:30pm Wednesday January 21st, 2015

 


Click on Following In button from right navigation pane of this Blog to receive updates when there are updates for New Webinar events.

Following In.png

Share:|

I'm starting a new series called the Power of APM.  On a semi-regular basis I'll share some of the new features and interesting ways to leverage our product to monitor your web application all the way from the end user, through you infrastructure to the web application on your web server (and even the back end).

 

Today I'm going to share a new virtual system available to EUEM customer called APM Central.

 

The idea of the APM Central is to combine all the separate components:  Collect, Analyzer, PAE and Console into one VM.  This new VM is meant to simplify localized deployments.  It can also be used in a QA or Dev environment where you do not need multiple collects/analyzers to monitor your data.

 

In the downloads section of the BMC support site the file you are looking for is called:  to-2.6.68.311-vmdk.zip  (or you can download the iso if you wish to deploy it in Hyper-v)

 

I've created a short video that describes from beginning to end the deployment of this VM as well as how to setup a separate port group within VMWare in promiscuous mode.

Share:|

Thank you all for joining this Webinar.

 

When?          October 9th

What time?   1-2:30 pm EST (1 1/2 hour)

 

Best practices for monitoring Remedy

 

This webinar will cover the ‘how to’ setup EUEM to monitor performance and availability for Remedy.

 

Target Audience:

1) System Administrator: Configure solution to monitor company web application

2) Operator (Application support Analyst): Ensure Quality and availability of an application

3) Application Developer:  Understand if new version or update performs better and whether it affect performance

4) Network Administrator:  Ensure quality of network is adequate for volume and monitors network ‘health’

 

Agenda:

 

1) Quick review of webapps                                     15 mins

2) Metrics to expect                                                  15 mins

3) Concepts and caveats monitoring Remedy         15 mins

4) Primitive Custom Fields to extract backchannel  30 mins

5) Sessionization                                                      5 mins

6) Analyzer watchpoints                                           20 mins

7) Reporting and viewing the data                           10 mins

8) Q/A                                                                       10 mins

 

Webex details:

Topic:EUEM Monitoring Remedy Webinar
Date:Thursday, October 9, 2014
Time:1:00 pm, Eastern Daylight Time (New York, GMT-04:00)
Meeting Number:753 270 177

 

 

Recording details were corrupted.

We unfortunately cannot attach anything if you missed the live event

 

Looking forward to the next Webinar

Share:|

EUEM is fully capable of being install on Hyper-V (2008 R2 and 2012 versions) but there is a catch:

 

An EUEM collector installed as a virtual machine on a Hyper-V host is unable to capture traffic on the wire, even though checks on the host system validate traffic is present.

 

You can install (using the iso downloads of EUEM) the APMC(Application Performance Management Console), PAE (Performance Analytics Engine), Analyzer and Collector but you are limited to what this collector can see due to the fact that currently, Hyper-V does not support promiscuous mode.

 

There are options however:

1.  If you are using a GRE or ERSPAN tunnel to feed traffic, the EUEM collector still supports this, and these do not require promiscuous mode.  While untested, F5 clonepools should also work due to the fact that it will span data to a specific ip.

2.  You can install the EUEM Cloud Probe as a service on the Windows host.  Once running, it can be configured to send its data to the EUEM Collector running as a VM.

3.  You can contact your sales team to look into acquiring a hardware appliance to run as a collector instead, or run the collector on one of our other supported platforms.

 

Have any comments regarding this?  Feel free to ask!

Share:|

TRAFFIC VERIFICATION:

 

There are many ways to send data to the Collector:

  1. Collector listens in with capture port on vSwitch that is in promiscuous mode.  Traffic that you wish to monitor is on the same vSwitch.
  2. Span to ip from Load balancer clone pool.  In this method the load balancer is set to span traffic that is being load balanced to a specific ip.
  3. GRETunnel/ERspan.  In this method, a switch that has the capability can span traffic to a destination ip.
  4. Cloud Probe.  This is an installable agent on the web application server (or any end point for HTTP/HTTPS traffic).  It passively captures traffic destined for the server and sends it to a EUEM Collector.
  5. CDN such as Akamai.  A CDN (Content Delivery Network) will package up timings on delivery content into a receipt file and post them to a server that EUEM Collector is capturing traffic on.  The Collector recognizes the receipt, opens it up and process the hits as if it were on the wire.

 

You EUEM Collector is now deployed and is setup using one or more of the above ways to capture the traffic– how do you verify that this traffic is being captured on the collector?

 

Ensure that the Analyzer and collector are sync’d up in time (NTP is set during setup wizard) and that the Analyzer is configured to properly communicate to the Collector.

 

From the UI of the Analyzer, navigate to Administration-->Data flow settings-->Analyzer & Collectors management and select Collectors feeds settings.  Click on ‘Add a collector feed’ and enter the information needed:

 

add_collector.png

 

Once the configuration is saved, click on the ON button.  You should the connection button turn green meaning there is a proper connection between the analyzer and collector.

 

collector connected.png

 

There are a few screens located in the UI of the collector that show stats on traffic capture.

 

Main screen --> HOME

 

This screen shows Traffic capture rate, Excluded traffic rate, sampling rate, Packet loss, SSL decryption status and Broken hits status.  If the collect is properly communicating with the Analyzer, you will see a Delivery rate.

 

Home collector screen.png

Administration -->Device status --> System information and licenses.

 

On the upper left hand side of this screen you can cycle through the LCD display and it will show you the Kbytes/second and packets/second.

 

lcd1.png

Clicking again on the ‘Cycle LCD’ will give you Traffic kilo-bytes/second, # of packets /second and hits/second:

 

lcd2.png

 

Administration --> Device status --> Traffic capture statistics:

 

This is another screen that shows more of a breakdown on the traffic that the collector is capturing over last 5 minutes:

 

traffic_capture_statistics.png

Broken traffic on this screen is explained more using the cli command:

 

CLI Commands:

The cli also has commands to show/troubleshoot traffic capture.  A customer can use a terminal program such as Putty (default username/password clisystem/coradiant) to ssh into the system to run these commands:

 

Trafficstatus:

(gives last 5 minute breakdown of traffic collected -the kknowledge article describing trafficstatus output: KA382501 (attached sample output)

trafficstatus.png

trafficstatus

********************************************************************************

Time period : 2012/10/31-13:05:35 - 2012/10/31-13:11:00

********************************************************************************

all IP traffic seen by Ethernet card:

Number of packets received and processed : 1452941       (100%)  TCP Packets

Number of packets dropped                   : 0                                 (0%) Should be zero - if not, too much traffic

Number of TCP-SYN packets                     : 15555                           Stats on tcp 3 way handshake

Number of TCP-SYN-ACK packets                             : 15013                           Stats on tcp 3 way handshake

Traffic direction check                             : PASS Check one direction traffic (tcp syn-syn/ack. if not full handshake - assumed to be one direction traffic)

********************************************************************************

Number of HTTP/HTTPS hits:               A hit is data from client to server with an HTTP method detected(not necessarily processed by system)

-> Succesfully processed                                            : 83583            (99%) 

-> Discarded because of sweeping                          : 0                     (0%)          Exclusion rules

-> Discarded because of sampling : 0                     (0%)          Excess in traffic

-> Discarded because of rate-limiting                     : 0                     (0%)          License limit on monolithic

-> Discarded because they are broken                   : 340                 (0%) (Breakdown below)

: --------

-> Total:                                             : 83923

********************************************************************************

Processed hits breakdown:

-> Number of HTTP (clear text) hits                        : 83583           (100%)      The sum of http(s) must add up to successfully processed hits above 

-> Number of HTTPS (SSL encrypted) hits             : 0                     (0%)

********************************************************************************

Broken hits breakdown per error type: (discarded because they are broken)

-> Broken packet detected                                       : 0            (0%)          System unable to parse packet properly at http(s) level

-> Chunked encoding numbering is wrong           : 2            (0%)          # of bytes don't match chunk length sent from server http(s)

-> Duplicate TCP session detected                         : 0            (0%)          System sees syn for existing tcp session

-> HTTP headers exceed our buffer size                : 0            (0%)           Information on headers exceed 9K (system limit)

-> Error in HTTP pipelining detected                      : 0            (0%)           Limit reached for requests in pipeline

-> IP fragmentation detected (unsupported)       : 3            (0%)            EUEM does not support IP fragmentation - tcp segmentation only

-> TCP session has no HTTP or HTTPS payload    : 80           (23%)         Syn-Syn/Ack-Syn--->Fin  (tcp session opened and closed with no data)

-> Traffic is not HTTP or HTTPS                                : 0            (0%)            'Other' traffic (FTP, SMTP ETC)

-> Packet loss detected                                   : 117 (34%)          Missing Packets (ie. client sends packet with sequence # 1, then 2 and (missing TCP sequence number)                                                                   server send response with Ack # 4 but not 1 or 2)

-> Wrong SSL key is configured for host              : 0            (0%)              System unable to decrypt using installed SSL key

-> Unsupported SSL version detected                  : 0            (0%)              Supported are:  SSLV2, SSLV3, TLS1.0, TLS1.1, TLS 1.2)

-> Decompression at SSL layer failed                   : 0            (0%)              SSL decompression failed for unknown reason

-> Ephemeral SSL session key detected               : 0            (0%)              System does not support server changing symetric session key (server                                                                                                            changes mid-session)

-> Error occurred during SSL decryption                : 0 (0%)             System fails when attempting decryption (unknown error)

-> Internal error occurred while processing SSL  : 0 (0%)             Mal-formed SSL record (corruption of SSL record)

-> SSL key is configured as OFF for host                 : 0            (0%)            System configuration

-> Resuming SSL session fail (not in cache)           : 0            (0%)             Information needed for SSL resume not available in system cache

-> Non-RSA key detected                                          : 0            (0%)             System only supports RSA keys

-> Missing SSL key for host                                        : 0 (0%)            System does not have key to decrypt traffic for a particular host

-> Unrecognized SSL handshake record detected  : 0 (0%)          System supports a set of SSL Handshake record types

-> Unrecognized SSL record detected                       : 0            (0%)          System supports a set of SSL record types

-> Unrecognized certificate format detected          : 0            (0%)          System fails when parsing certificate sent from server

-> Unsupported CipherSuite detected                      : 0            (0%)          System supports a set of ciphersuites.

-> TCP session was reused (ran out of TCP struct) : 138        (40%)        System can track 16K concurrent tcp sessions

-> Unknown HTTP version detected                           : 0            (0%)         System supports HTTP 0.9, 1.0 & 1.1

********************************************************************************

Number of POST from Akamai containing receipts      : 0      

Number of Akamai receipts:

-> Successfully Processed                                              : 0            (0%)  

-> Discarded because of sweeping                              : 0            (0%)          Exclusion rules

-> Discarded because of sampling                               : 0            (0%)          Excessive traffic

-> Discarded because of rate-limiting                         : 0            (0%)          License limited with monolithic

-> Discarded because they are proxied                      : 0            (0%)          System sees same hit from origin and in receipt

-> Discarded because they are cache refreshes       : 0            (0%)          System sees same hit from origin and in receipt

-> Discarded because they are broken                       : 0            (0%)           Parsing receipt string falis for a hit.

: --------

-> Total : : 0

 
Getstats:

Running this command from the cli will give you an output that is refreshed every 5 seconds

getstats.png

For you this command, you can verify that there is a feed Mbit/s, bytes/second, ring buffer drops, syn and synack/second.  You can also see if there are http and well as https packets.

 

Packettrace:

This command allows the customer to capture data being fed to the capture sports and give the ability to download and analyzer with an offline analyzer such as wireshark.  Syntax can be found packetrace –h

 

packettrace.png

 

Once the packetrace has completed, the customer can download it by clicking the link from the following screen:

Administrator-->Device status-->System information and license:

dl_packettrace.png

Share:|

Hardware requirements for Virtual Machines

Server hardware and hypervisors must support 64-bit guests. Each instance of the various BMC Real End User Experience Monitoring components has the following minimum resource requirements:

Minimum resource requirements per component instance

Component

Processor

Memory

Disk

Number of network interfaces

BMC Application Performance Management Console

1 vCPU

4 GB

20 GB

1

Real User Analyzer

2 vCPU

8 GB

16 GB1

1

Real User Collector

2 vCPU

8 GB

28 GB

2

Performance Analytics Engine

2 vCPU

4 GB

10 GB

1

 

 

  The Above chart shows the minimum requirements needed to deploy the APM VM’s.    Each component requirements will be discussed in the preceding pages.  At the end of this document will be procedure how to adjust these settings in a VMWare environment

 

APM Console:  The console will not need more than 20 GB of hard disk space as it does not hold information in databases, it provides a ‘window’ into the data collected by its components.  It will run on 1vCPU and 4 GB but as more users are logged into the console at the same time, the responsiveness will decrease.  Less than or equal to 5 users can run with minimum requirements and above 5 users, more CPU and RAM should be allocated.  Also, more dashlets and dashboards being used by the current user at the same time will also demand more resources.  Best practice is to give minimum 2vCPU, 4-8GB of RAM and increase resources when you start to experience slowness when using the Console.

 

Real User Analyzer: The 1st Analyzer hard drive will never need to be greater than 16GB in size.  This hard drive is used for the OS of the Analyzer.  The 2nd hard drive added to the Analyzer is used to increase the data retention of the session browser database.  Using only the built in 16GB and not adding a 2nd hard drive will yield only a 1GB of session browser database storage.  The 2nd hard drive should be added with a minimum size of 100GB up unto a maximum size of 570GB.

Data Drive Size / Session Browser Size
570GB / 394GB (maximum)
200GB / 132GB
100GB / 61GB (minimum)

Memory and CPU:

Size

Processor

Memory

Disk

Expected volume of traffic

Low

2 vCPU

8 GB

16 GB *

900 to 2,000 hits per second

Medium

4 vCPU

16 GB

16 GB *

1,500 to 3,500 hits per second

High

8 vCPU

24 GB

16 GB *

2,500 to 7,500 hits per second

 

The analyzer vm has been tested against different resource allocations and it has been rated to handle the amount of traffic as mentioned in the chart above.  It should be mentioned that the chart above does not reflect all traffic scenarios. It is more of a guideline.  All deployments handle different volumes and density of web traffic.  If you have low number of hits but the traffic itself has very large cookies or other attributes that make it ‘fat’ the amount of hits per second that your analyzer will be able to process will decrease.  The hardware itself also has a huge effect on the amount of HPS (hits per second) it can handle.  Old CPU’s or RAM that run at a lower clock frequencies  will not be able to compete against newer processors and RAM that are rated to handle more  calculations or bytes per second.  A huge potential bottleneck for an analyzer is disk IO.  In order to store all of the hits that it is processing for the session browser, enough IO bandwidth is needed so as to not to delay processing while waiting to write to disk.  Another factor is analyzer configuration.  Custom field configurations, AIM and other configurations will also drain resources.

Best practices for Analyzer deployment:

CPU and RAM

If your traffic calls for 8 vCPU and 24GB of RAM to process your traffic and you are deploying on a host that has 8vCPU and 24GB of RAM, it is important to note that the Hyper-Visor will need to ‘steal’ some cpu and ram in order to run the vm.  It is best practice to deploy an Analyzer with 8vCPU and 24GB RAM requirements on a host that has more than the requirements of the VM – i.e.: 12vCPU and 32GB of RAM.

Reservation vs. Allocation:

The whole idea behind virtualization is to share resources and make the most of them. That being said, if you are using EUEM in a high traffic environment, it needs to have plenty of resources and waiting to get the resources needed can lead to a slow-down of the system.  If processing is needed to be as real-time as possible and the traffic rate is high, reserving the resources is the best practice.

Disk:

The Analyzer is very write intensive on its database. High IO bandwidth is needed in order not to cause back pressure on the processing of pages and objects in the form of ‘data delay’.  Best practices for the Disk are multi-disk Raid 10 with a large RAM cache on the controller card with a battery backup.  Multiply disk raid 10 provide more spindles for writing to and a fail-safe should one of the disk fail.  The large RAM cache on the controller card  provides high bandwidth IO for the large traffic spikes and the battery backup provides a safety measure should power loss occur.

 
Real User Collector:  The Collector hard drive requirement is 28GB.  It will never use more or less than 28GB.  The collector only uses 1 hard drive.  It can supply data to 12 different analyzers on the data it collects at one time.  It will store data for up to 2 hours or 1GB whichever threshold is hit first for each data feed.  The 2 hour time is dependent on a configuration on the analyzer.

 

Memory and CPU:

Size

Processor

Memory

Disk

Expected volume of traffic

Low

2 vCPU

8 GB

28 GB

900 to 2,000 hits per second

Medium

4 vCPU

16 GB

28 GB

1,500 to 3,500 hits per second

High

8 vCPU

24 GB

28 GB

2,500 to 7,500 hits per second

 

The collector vm has also been tested against the different resource allocations and it has been rated to handle the amount of traffic mentioned in the chart above.  There are many scenarios that can dictate the amount of traffic a collector can process. As in the case of the Analyzer, the hardware itself also has a huge effect on the amount of HPS (hits per second) it can handle.  Old CPU’s or RAM that run at a lower clock frequencies  will not be able to compete against newer processors and RAM that are rated to handle more  calculations or bytes per second. 

Other factors that can eat resources of the collector are the amount of traffic the collector must decrypt, the amount of traffic it receives that is not HTTP/HTTPS (this traffic has to processed in order to decide if it is HTTP/HTTPS or not).

A high amount of retransmits or a slow network can also lower the amount of HPS a collector can handle.

 

Best practices for Analyzer deployment:

CPU and RAM

The same rule goes when deploying a collector.  The Hyper-Visor host should have more than the resource being allocated to the VM itself. If resources are to be shared on a host with another vm such as the Analyzer, performance will decrease during higher peak traffic rates.

 

Reservation vs. Allocation:

The whole idea behind virtualization is to share resources and make the most of them. That being said, if you are using EUEM in a high traffic environment, it needs to have plenty of resources and waiting to get the resources needed can lead to a slow-down of the system.  If processing is needed to be as real-time as possible and the traffic rate is high, reserving the resources is the best practice.

The Collector is not IO intensive and does not have a requirement for a high IO bandwidth for disk.

 

Performance Analytics Engine:  The PAE 1st hard drive will only need to be 10GB in size.  A 2nd hard drive added to the vm or a share can be used for PAE storage.  Although there is no hard limit of the amount of analyzers that the pae can connect to for data collection, it is recommended that no more than 3 be analyzers be used to store data for the PAE that is using minimum requirements (shown in chart below).

 

Memory and CPU:

Size

Processor

Memory

Disk

Low

2 vCPU

4 GB

10 GB

Medium

4 vCPU

8 GB

10 GB

High

8 vCPU

24 GB

10 GB

 

 

When determining hardware requirements for a Performance Analytics Engine instance, use the following considerations in your estimates:

Typical disk throughput is 50 megabytes per second. However, depending on your traffic, the amount of content that you are capturing, and the number of custom fields that you have defined, daily throughput could range from 100 gigabytes to 1 terabyte.

 

Best practices for PAE deployment:

The PAE will work with minimum requirements but the amount of users accessing it to perform queries will determine the responsiveness of the query.  Disk IO is a major factor for PAE performance.  Although it is possible to add an NFS or CIFS share to store the data, it is recommended that you add storage by way of adding a 2nd hard drive to the PAE vm – even if this disk is on a share.  Part of the PAE operation is to determine when to roll data and determining this becomes more difficult on network shares.  Adding storage as a local hard disk allows for a quicker determination when to roll data (less cycles spent trying to figure this out).

 

 

How to adjust VM resources:

 

To reserve CPU and RAM for a VM:

Open up VSphere, locate and right click the vm you wish to modify the resources on and select edit settings:

 

edit vm.png

In the following window, select the Resources tab:

resource_Tab.png

 

You can adjust the amount of CPU to reserve by moving the slider bar to the right.  Moving it all the way means that your vm is guaranteed the amount of CPU’s assigned to it. The same method is used to reserve RAM – click the Memory Settings on left and adjust slider on right.

 

To increase the amount of CPU and RAM for a VM:

 

 

In order to add more CPU’s or Memory, you will first have to power off the VM.  Once powered off, you can edit the hardware properties by right clicking the vm (as described previous page – right click and select edit):

adjust CPU and Memory.png

 

Once you have selected Memory or CPUs, you can adjust on the right hand side (increase from 512 MB to desired amount)

When this is complete, power on the vm.

Share:|

Before EUEM there was Truesight.  There is a way to migrate over to EUEM with your original configuration from the legacy system.  This process can also be done to copy configuration from one device to another.  It is also possible to migrate the summary data over from one system to another but you will need to work with EUEM support to achieve this.

 

Step 1:  Download configuration files

To download the configuration from a legacy system:

Navigate to the Administration page of the UI by clicking on the Administration button

download configuration.png

Using the Manage configuration button on the right hand side, select and download each of the following: Download settings of all users; Download device configuration; Download security configuration.

 

Step 2:  Upload configuration files

On the newly deployed EUEM (or TS-4200 if migrating to a new hard drive device), use the same Administration page to upload the configuration files previous downloaded in step 1.

These same files are uploaded to the Analyzer and each collector.  The system will take what is needed from the files.

 

Step 3:  Add collector feed to Analyzer

The configuration files downloaded do not contain all necessary information needed to bring the Virtual EUEM to a running state.  You will have to configure the analyzer to communicate with the collector.

  1. From the UI of the Analyzer, navigate to Administration--->Data flow settings-->Analyzer & Collectors management and select Collectors feeds settings.  Click on ‘Add a collector feed’ and enter the information needed:

add_collector.png

configure collector.png

 

Once the configuration is saved, click on the ON button.  You should the connection button turn green meaning there is a proper connection between the analyzer and collector.

collector connected.png

Step 4:  upload SSL keys to collector

For security reasons, it is not possible to download the SSL keys off a system.  It is necessary to upload these keys to the new Virtual collector. The uploaded configuration file will include the IP mappings from the original system.  

  1. To load the SSL keys on the collector, navigate to Administration-->Security settings-->Key management.

Using the Action button, select Add key:

ssl key.png

 

Enter the key information and click save:

ssl key adding.png

The three types of keys you can upload are PEM, DER and PFX.  The system can store up to 500 keys.

 

After the key is uploaded, the last step is to provide an IP Mapping.  The easiest mapping is all IP addresses to all keys.  They system will try all keys to decrypt the incoming traffic. Example below:

map keys.png

 

If no key can decrypt the traffic, the information will be displayed in IPs with no keys.

 

no ssl keys.png

Share:|

There are many ways that a collector can capture HTTP/HTTPS traffic for Analysis; you can span it, tap it, gre-tunnel / erspan it, use Akamai to post receipt data and you can also setup a switch -virtual or physical to be in promiscuous mode to allow the traffic capture.  What if the traffic is in a cloud and all of these other mentioned methods of gathering traffic are not available to you?  You guessed it - the Cloud Probe may be your answer.

 

Cloud Probe is an agent that you install on a web application server you are interested in monitoring.  It collects and sends the HTTP(s) data to an EUEM collector for processing.

 

I recently worked with a customer to capture traffic from servers that were being hosted in the Amazon cloud.  There were many rules and restrictions limiting monitor-ability in this cloud but with cloud probes installed on the servers, it allowed the capture of  traffic needed to show End User Experience.

 

You have the option to manually or 'silent' install the Cloud Probe.  The manual way offers a GUI and the silent install allows for scripting installs.

Once installed and the service is running, you will see it check in with the collector:

cp_on_collector.jpg

 

The APM Console can also show the cloud probe status and capture rate.  If you have many Cloud Probes deployed communicating with different collectors, you can see them all from the same UI:

cp.jpg

Current supported installs for the cloud probe are:

  • Operating system:
    • Red Hat Enterprise Linux 5.8 (64-bit)
    • Red Hat Enterprise Linux 6.1 (64-bit) (Basic Server or Minimal installations)
    • Red Hat Enterprise Linux 6.3 (64-bit)
    • Windows 2008 Server (R2)
    • Windows Server 2012
    • Windows Win 7 (64-bit)
    • Windows Win 8 (64-bit)

If you are running server not seen on the list, feel free to 'create an idea'!

Share:|

I was recently asked what a clear definition of a HTTP request was.  I thought that it was such a good question that I'd share it with the communities.

 

The basic building block of EUEM is the object.  The object is a complete request/respond pair.  In the object below, I've highlighted the referrer in blue, request in red and the response in green. 

 

http://www.bmc.com/

 

GET / HTTP/1.1

Host: www.bmc.com

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Cookie: s_pers=%20s_nr%3D1380731561884%7C1383323561884%3B%20s_lv%3D1382020889374%7C1476628889374%3B%20s_lv_s%3DMore%2520than%25207%2520days%7C1382022689374%3B%20gpv_p8%3Ddocs.bmc.com%253Adocs%253Adisplay%253Ateam%253AInstallation-deployment%252Bprocess%252Bdoc%252Breview%252Bto%252Bidentify%252Bgaps%7C1382022689769%3B; __utma=246752535.1106976559.1328021376.1363878091.1381165442.51; s_vi=[CS]v1|2793FFBF851D355D-4000010420124D13[CE]; __utmz=246752535.1381165442.51.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Connection: keep-alive

If-Modified-Since: Mon, 07 Oct 2013 15:23:25 GMT

 

HTTP/1.1 200 OK

Last-Modified: Mon, 04 Nov 2013 20:27:02 GMT

Content-Encoding: gzip

X-Server-Name: la-c1-r2-u22-b2

Content-Type: text/html;charset=utf-8

Server: Apache

Vary: Accept-Encoding

Date: Wed, 06 Nov 2013 02:28:04 GMT

Content-Length: 8065

Age: 0

Via: 1.1 localhost.localdomain

 

The requests coming from a particular customer does not represent all the clicks being performed - it represents all of the resources the browser is requesting to display a page or to navigate through the site.  As you know, a user will have one session, many pages and many more objects on these pages.

In EUEM - the icons look like:

 

iconology.jpg

 

 

An Object watchpoint will gather metrics for all objects matching the filter expression defined for the watchpoint.

A Page watchpoint will gather metrics for a group of objects that form a page.

 

To find out the number of users (sessions) for a particular application, you can create an object or page watchpoint and run a report against that watchpoint with the metric of session arrivals. This will give a report for number of users (sessions) during the report period chosen.

 

session arrivals.jpg

 

It is possible to have a request and no response.  EUEM reports this back to you to show that there was a server side error - ie. a 500 error.  EUEM sees the request, but no response.  It isn't a complete object but rather an errored object which can be important for end user experience and there is an error report generated by EUEM for trouble shooting. EUEM also has the ability to email or fire out snmp traps.

In this below example I show a report for errors by category and circled the server errors (500's) in red.  This report was against all pages but you can create a separate watchpoint to only look at 500 errors.

errors.jpg

Share:|

A question that comes up frequently when setting up the collector portion of EUEM is if it can handle traffic feeds larger than 1Gbyte.  The virtual and hardware option both have this capability.

 

Virtual Collector:

When deployed, the default nic driver is set to E1000.  Before powering the collector on for the first time, you have the ability to the virtual nics attached to the vm and install new virtual nics using the VMXNET3 driver.  This driver uses less resources on the ESXi host and supports 10 Gbyte traffic  This driver can also be changed at anytime during the use of the collector but to remove/install new nics, the vm will need to be powered off.

***Note:  if you choose to change the management nic driver, the collector will need to be re-licensed.

vmxnet3.jpg

From VMWare:

  • VMXNET 3: The VMXNET 3 adapter is the next generation of a paravirtualizedNIC designed for performance, and is not related to VMXNET or VMXNET 2. It offers all the features available in VMXNET 2, and adds several new features like multiqueue support (also known as Receive Side Scaling in Windows), IPv6 offloads, and MSI/MSI-X interrupt delivery. For information about the performance of VMXNET 3, see Performance Evaluation of VMXNET3 Virtual Network Device. Because operating system vendors do not provide built-in drivers for this card, you must install VMware Tools to have a driver for the VMXNET 3 network adapter available.

 

***Note: VMWare tools are already embedded in the BMC EUEM Collector OS

 

Hardware device TS-4200

https://docs.bmc.com/docs/x/T2eeEw

 

The TS-4200 series has the following network ports on the front of the device:

  • Four capture ports dedicated to traffic capture.
    Note
    For 10 Gb traffic feeds, you must use a port that supports 10 Gb traffic.
  • One management port for managing the device; for example, to perform initial configuration tasks via the CLI. You must also use this port to feed external devices which rely on system data.
  • One spare port that can be configured as either a traffic capture port or a management port using the spareniccommand in the system CLI.

TS-4200 series network ports

ts4200_serialPorts.png

Share:|

APM Console 2.0 now has the ability to verify and install available updates for Collectors, Analyzers and PAE components as well as the ability to update itself.

After logging into the APM Console, navigate to System Deployment and select system update.

update1.jpg

 

On the next screen, you can choose 'check for updates'

update2.jpg

After selecting this, the APM Console will check the updates that are available for your components.  The APMConsole must be allowed to connect to the Internet and download the updates to it's own repository.  Unlike system updates in the past, there is nothing downloaded to your desktop.

 

update3.jpg
You can now choose which updates to download to the APM Console.  Make sure you checkmark these downloads and then click on the 'Download' button.

 

update4.jpg

The APM Console is now ready to perform the selected updates. Clicking the Install button will immediately start this process.  You also have the option to select an express installation (red arrow shown above) or a full install (drop down option to select blue arrow show above).

Express install:  migrates summary data (Analyzers only)

Full Install:        migrates summary and session browser data (Analyzers only)

 

NOTE:  A full install requires more time than an express install.  The amount of time depends on how large the session browser database is.

Share:|

I work in Customer Support and am starting to blog on topics that are most valuable to our customers.  I've been getting a lot of quesitons regarding the latest release of PAE "Performance Analytics Engine" and what this new release has to offer.

 

Version 1.0 of PAE enabled users to quickly perform a deep dive in the pages and objects collected from the Analyzer.  From the results you can choose to restart the quick query using a subset of the data (and then more subsets if you wish).  In version 2.0, there is a new feature that allows you to drill into the sessions:

List of sessions retrieved by a query

pae query.jpg

Format of Query Results

pae sessions.jpg

Clicking the drop box allows for further drill-down or to download the session details (session/pages/objects) in csv format.

Tools for Analyzing a Session

pae pages.jpg

pae object.jpg

Storage:  It is now possible to use datastore the PAE is connected to as a hard drive to store your pages and objects.  Previously an external share was needed (NFS/CIFS).

 

I'd love to here your thoughts on our new PAE release.  Feel free to add comments beleow!

Share:|

I support EUEM and recently received a great question regarding what traffic our product monitors.

 

The goal of EUEM is to aid in monitoring your web traffic (performance &availability) and give you the end user experience using REAL end user data.  This is metrics on live data from real people.  The question came if we can accept traffic on ports other than 80 or 443.  The short answer is yes.  We can passively process traffic seen on all ports - as long as it is HTTP or HTTPS traffic.  Of course, we'll need the ssl keys to decrypt the HTTPS traffic

 

EUEM also has the ability to be configured to only listen for traffic on ip's or ports or both.

 

Have any questions regarding this?  - feel free to ask!

 

-Chris

Share:|

EUEM is fully capable of being install on Hyper-V (2008 R2 and 2012 versions) but there is a ctach:

 

You can install (using the iso downloads of EUEM) the APMC (Application Performance Management Console), PAE (Performance Analytics Engine), Analyzer and Collector but you are limited to what this collector can see due to the fact that currently, Hyper-V does not support promiscuous mode.

 

There are options however:

1.  If you are using a GRE or ERSPAN tunnel to feed traffic, the EUEM collector still supports this, and these do not require promiscuous mode.  While untested, F5 clonepools should also work due to the fact that it will span data to a specific ip.

2.  You can install the EUEM Cloud Probe as a service on the Windows host.  Once running, it can be configured to send its data to the EUEM Collector running as a VM.

3.  You can contact your sales team to look into acquiring a hardware appliance to run as a collector instead, or run the collector on one of our other supported platforms.

 

Hyper-V and the Collector workaround due to lack of promiscuous mode:

 

An EUEM collector installed as a virtual machine on a Hyper-V host is unable to capture traffic on the wire using promiscuous mode even though checks on the host system validate traffic is present.  The reason for this is that Microsoft Hyper-V does not support promiscuous mode yet.

It does support port mirroring.  There are other ways to send traffic to the collector capture port:  If you have a load balancer or network device that can span the traffic you wish to monitor to a destination ip, you can use Hyper-V but you will need to set an ip address on the capture port of the collector.

 

Instructions on setting an ip on a collector capture port:

1)  SSH into the collector

2)  Use the capturegre command to assign an ip to the capture port.

 

The syntax you are looking for is:

capturegre -p capture -t gre -a <ipaddress> -m <mask>   (you fill in he ipaddress and mask of the capture port)

 

Even though we are setting it as a gretunnel - it works the same for the F5 clone pool you are setting up.

Filter Blog

By date:
By tag: