You are on page 1of 439

Ipanema System

User Manual
5.2

Issue: June 2009

The information contained in this document is subject to change without notice.


The information and specifications contained in this document are not contractual. The information
contained in this document is sincerely considered by Ipanema Technologies to be accurate and
reliable, but implies no warranty, either explicit or implicit. Users are responsible for their personal use
of the information and specifications. Ipanema Technologies shall not be liable for any errors which may
appear in this document.
Reproduction in any form whatsoever, without the written authorization of Ipanema Technologies, is
strictly forbidden.
Ipanema, the Ipanema logo, Ipanema System, ip|boss, ip|true, ip|fast, ip|coop, ip|xcomp, ip|xtcp,
ip|xapp, smart|path, ip|sync, ip|reporter, smart|plan, ip|export and ip|engine are trademarks of
Ipanema Technologies
Any trademarks and trade names which may be used in this document refer to the entities which own
these trademarks and these trade names, or to their products.
Ipanema Technologies renounces all proprietary interest in trademarks and trade names other than its
own.
Copyright 2001/2009, Ipanema Technologies

All rights reserved

Contents

CONTENTS
INTRODUCTION ......................................................................... ..........
1. REVISIONS ......................................................................... ..........
2. LIST OF ASSOCIATED DOCUMENTS ............................... ..........
3. DOCUMENT ORGANIZATION ........................................... ..........
4. TERMS USED ..................................................................... ..........

1
1
2
2
3

CHAPTER 1 IPANEMA SYSTEM ............................................ ..........


1. OVERVIEW ......................................................................... ..........
1. 1. General ....................................................................... ..........
1. 2. System description ...................................................... ..........
2. GENERAL PRINCIPLES ..................................................... ..........
2. 1. System deployment .................................................... ..........
2. 2. Time synchronization .................................................. ..........
2. 3. Communication between system elements ................ ..........
2. 4. The QoS measurement service: ip|true ...................... ..........
2. 5. The real-time optimization service: ip|fast ................... ..........
2. 6. The compression service: ip|xcomp ............................ ..........
2. 7. The TCP acceleration service: ip|xtcp ......................... ..........
2. 8. The application acceleration service: ip|xapp ............. ..........
2. 9. The smart path service: smart|path ............................. ..........
2. 10. The smart planning service: smart|plan .................... ..........
2. 11. Functional architecture .............................................. ..........
2. 12. Monitoring ................................................................. ..........
2. 13. Measurement service ................................................ ..........
2. 14. Optimization service - functional architecture ........... ..........
2. 15. Security ..................................................................... ..........

1-1
1-1
1-1
1-4
1-5
1-5
1-7
1-8
1-11
1-12
1-12
1-13
1-13
1-14
1-14
1-15
1-16
1-17
1-19
1-23

CHAPTER 2 IPANEMA SYSTEM INSTALLATION ................. ..........


1. JAVA RUNTIME ENVIRONMENT ....................................... ..........
2. ip|uniboss SOFTWARE ....................................................... ..........
2. 1. Specifications for ip|uniboss server ............................. ..........
2. 2. ip|uniboss architecture ................................................ ..........
2. 3. Install ip|uniboss server on Windows .......................... ..........
2. 4. Start and stop ip|uniboss services/processes ............. ..........
2. 5. Install ip|uniboss client ................................................ ..........
2. 6. Uninstall ip|uniboss ..................................................... ..........
3. ip|boss SOFTWARE ............................................................ ..........
3. 1. Specifications for ip|boss server ................................. ..........
3. 2. ip|boss architecture ..................................................... ..........
3. 3. Install ip|boss server on Windows ............................... ..........
3. 4. Start and stop ip|boss service/process ....................... ..........
3. 5. Install ip|boss client ..................................................... ..........
3. 6. Uninstall ip|boss .......................................................... ..........
4. ip|uniboss AND ip|boss CLI CLIENTS ................................. ..........
4. 1. Install ip|uniboss and ip|boss CLI clients .................... ..........
4. 2. CLI client/server compatibility ..................................... ..........
5. ip|reporter SOFTWARE ....................................................... ..........
5. 1. Specifications for ip|reporter server ............................ ..........
5. 2. ip|reporter architecture ................................................ ..........
5. 3. Multi network interfaces .............................................. ..........
5. 4. Install/Uninstall ip|reporter on Windows ...................... ..........
5. 5. Backup and restore database on Windows ................ ..........
5. 6. Obtaining License key ................................................. ..........
5. 7. Reports templates ....................................................... ..........
6. ip|reporter WEB EDITION ................................................... ..........
6. 1. Install ip|reporter Web on Windows ............................ ..........

2-1
2-1
2-4
2-4
2-4
2-5
2-12
2-13
2-18
2-21
2-21
2-21
2-22
2-29
2-30
2-35
2-38
2-38
2-39
2-40
2-40
2-41
2-41
2-42
2-52
2-53
2-54
2-55
2-55

June 2009

Ipanema Technologies

Contents

6. 2. VistaPortal SE 4.0 SP1 directory structure ................. ..........


7. ip|export SOFTWARE ......................................................... ..........
7. 1. Specifications for ip|export server ............................... ..........
7. 2. ip|export architecture ................................................... ..........
7. 3. Install/Uninstall ip|export on Windows ......................... ..........
8. ip|engines ............................................................................ ..........
8. 1. Installing ip|engines ..................................................... ..........
8. 2. Upgrading ip|engines software ................................... ..........

2-66
2-68
2-68
2-68
2-68
2-72
2-72
2-72

CHAPTER 3 MANAGING DOMAINS ...................................... ..........


1. DOMAINS OVERVIEW ....................................................... ..........
2. ip|uniboss WEB CLIENT ..................................................... ..........
2. 1. Connection to ip|uniboss using the web client ............ ..........
2. 2. ip|uniboss web client main window ............................. ..........
3. ip|uniboss JAVA CLIENT ..................................................... ..........
3. 1. Connection to ip|uniboss using the Java client ........... ..........
3. 2. ip|uniboss Java client main window ............................ ..........
4. CREATE AN ip|boss SERVER ............................................ ..........
5. IMPORT A LICENSE ........................................................... ..........
6. CREATE AND MOVE A DOMAIN ....................................... ..........
6. 1. Create a Domain ......................................................... ..........
6. 2. Move a Domain ........................................................... ..........
7. CREATE RADIUS SERVERS ............................................. ..........
8. LOGS AND ISSUES ............................................................ ..........
8. 1. Log window ................................................................. ..........
8. 2. Issues window ............................................................. ..........
9. INVENTORY ........................................................................ ..........
9. 1. Domain inventory ........................................................ ..........
9. 2. Topology inventory ...................................................... ..........

3-1
3-1
3-2
3-2
3-3
3-6
3-6
3-7
3-8
3-10
3-11
3-11
3-17
3-18
3-20
3-20
3-21
3-22
3-23
3-24

CHAPTER 4 CONFIGURING SERVICES ............................... ..........


1. CONFIGURATION OVERVIEW .......................................... ..........
2. CONFIGURING SERVICES USING ip|boss WEB CLIENT ..........
2. 1. Connection to ip|boss using the web client ................. ..........
2. 2. ip|boss web client main window .................................. ..........
2. 3. ip|boss web client table view ....................................... ..........
2. 4. ip|boss web client creation form .................................. ..........
3. CONFIGURING SERVICES USING ip|boss JAVA CLIENT ..........
3. 1. Connection to ip|boss using the Java client ................ ..........
3. 2. ip|boss Java client main window ................................. ..........
3. 3. ip|boss Java client table view ...................................... ..........
3. 4. ip|boss Java client creation form ................................. ..........
4. ip|boss CLI CLIENT ............................................................. ..........
4. 1. CLI architecture ........................................................... ..........
4. 2. CLI language ............................................................... ..........
4. 3. Tabular input and output ............................................. ..........
5. ip|boss MAIN SCREEN DESCRIPTION ............................. ..........
5. 1. ip|boss tool bar ............................................................ ..........
5. 2. ip|boss status zone ..................................................... ..........
5. 3. ip|boss Java client menu bar ....................................... ..........
6. OPERATING PROCEDURE ............................................... ..........
7. CHANGE DOMAIN OR CHECK THE DOMAINS STATUS ..........
8. CREATE, OPEN, SAVE A CONFIGURATION .................... ..........
8. 1. Create a new configuration ......................................... ..........
8. 2. Open a configuration ................................................... ..........
8. 3. Save a configuration ................................................... ..........
8. 4. Undo a configuration modification ............................... ..........
9. SYSTEM PROVISIONING .................................................. ..........
9. 1. Configuring Coloring ................................................... ..........
9. 2. Configuring WAN Accesses ........................................ ..........
9. 3. Configuring ip|engines ................................................ ..........
9. 4. Configuring Topology subnets ..................................... ..........

4-1
4-1
4-2
4-2
4-3
4-4
4-8
4-9
4-9
4-10
4-10
4-11
4-12
4-12
4-12
4-13
4-14
4-15
4-19
4-24
4-25
4-35
4-36
4-36
4-36
4-36
4-37
4-38
4-38
4-42
4-46
4-54

June 2009

Ipanema Technologies

ii

Ipanema System

iii

9. 5. Configuring ip|sync (time synchronization) ................. ..........


9. 6. Importing objects ......................................................... ..........
9. 7. Tools ............................................................................ ..........
9. 8. Configuring smart|path (Tools / Advanced conf.) ........ ..........
10. APPLICATION PROVISIONING ....................................... ..........
10. 1. Configuring User subnets ......................................... ..........
10. 2. Configuring Types of service (TOS) .......................... ..........
10. 3. Configuring Applications ........................................... ..........
10. 4. Configuring QoS Profiles .......................................... ..........
10. 5. Configuring User Classes ......................................... ..........
10. 6. Applications mapping ................................................ ..........
10. 7. Configuring LTL (Local Traffic Limiting) ..................... ..........
11. REPORTING ..................................................................... ..........
11. 1. Configuring MetaViews ............................................. ..........
11. 2. Configuring Reports (ip|reporter) ............................... ..........
11. 3. Configuring Alarming ................................................. ..........
12. SUPERVISION OPTIONS ................................................. ..........
12. 1. Configuring Fault Management ................................. ..........
13. SYSTEM ADMINISTRATION ............................................ ..........
13. 1. Configuring User profiles .......................................... ..........
13. 2. Configuring Automatic reporting ............................... ..........
13. 3. Configuring Security .................................................. ..........

4-56
4-58
4-60
4-61
4-63
4-63
4-64
4-65
4-76
4-78
4-85
4-87
4-89
4-89
4-98
4-99
4-105
4-105
4-110
4-110
4-112
4-113

CHAPTER 5 IPANEMA SYSTEM SUPERVISION .................. ..........


1. STARTING AND CLOSING ip|boss CLIENT ....................... ..........
1. 1. Starting ip|boss web client application ........................ ..........
1. 2. Closing ip|boss web client application ......................... ..........
2. SUPERVISION .................................................................... ..........
2. 1. ip|boss main window (web client) ................................ ..........
2. 2. Domains (monitoring the Domains status) ................. ..........
2. 3. ip|engine status (monitoring ip|engines activity) ......... ..........
2. 4. Supervision Maps (monitoring ip|engines activity) ...... ..........
2. 5. Security (monitoring security certificate) ..................... ..........
3. SYSTEM PROVISIONING: TOOLS .................................... ..........
3. 1. Rebooting .................................................................... ..........
3. 2. Scripts ......................................................................... ..........
4. ip|boss LOGS ...................................................................... ..........

5-1
5-1
5-1
5-2
5-3
5-3
5-8
5-9
5-14
5-16
5-17
5-17
5-18
5-20

CHAPTER 6 USING SERVICES ............................................. ..........


1. STARTING AND STOPPING A SESSION .......................... ..........
1. 1. Starting a session ....................................................... ..........
1. 2. Stopping a session ...................................................... ..........
2. LOGIN: CHANGING USER PASSWORD ........................... ..........
3. DYNAMICALLY MODIFYING A SESSION ........................ ..........
3. 1. Update procedure ....................................................... ..........
3. 2. Transition .................................................................... ..........
4. SERVICE ACTIVATION ....................................................... ..........
4. 1. ip|true (measurement) ................................................. ..........
4. 2. ip|fast (optimization) .................................................... ..........
4. 3. ip|coop (virtual cooperation) ........................................ ..........
4. 4. ip|xcomp (compression) .............................................. ..........
4. 5. ip|xtcp (TCP acceleration) ........................................... ..........
4. 6. ip|xapp (application acceleration) ................................ ..........
4. 7. smart|plan ................................................................... ..........
5. HELPDESK ......................................................................... ..........
5. 1. Link supervision .......................................................... ..........
5. 2. Real-Time flows .......................................................... ..........
5. 3. Discovery .................................................................... ..........
5. 4. Helpdesk maps ........................................................... ..........
6. HELP ................................................................................... ..........

6-1
6-1
6-1
6-2
6-3
6-4
6-6
6-6
6-7
6-7
6-9
6-11
6-13
6-15
6-17
6-18
6-19
6-19
6-22
6-28
6-33
6-36

Ipanema Technologies

June 2009

Contents

CHAPTER 7 ANALYZING AND REPORTING TOOLS ........... ..........


1. MIB ACCESS ...................................................................... ..........
1. 1. MIB .............................................................................. ..........
1. 2. SNMP .......................................................................... ..........
2. ip|reporter ............................................................................ ..........
2. 1. Ipanema Architecture .................................................. ..........
2. 2. Ipanemas ip|reporter architecture .............................. ..........
2. 3. Terms .......................................................................... ..........
2. 4. Starting the system ..................................................... ..........
2. 5. Reports Management ................................................. ..........
3. HOW TO READ THE REPORTS ........................................ ..........
3. 1. IVreport ....................................................................... ..........
3. 2. Web client ................................................................... ..........
3. 3. Dynamic reading of the reports ................................... ..........
3. 4. Definitions ................................................................... ..........
4. IPANEMA SYSTEM VISTAVIEWS ...................................... ..........
5. SLM (SERVICE LEVEL MONITORING) REPORTS ........... ..........
5. 1. is - slm - service level evolution .................................. ..........
5. 2. is - slm - site summary ................................................ ..........
5. 3. is - slm - user class summary ...................................... ..........
5. 4. is - slm - user class summary per direction ................. ..........
5. 5. is - slm - application synthesis .................................... ..........
5. 6. is - slm - site synthesis ................................................ ..........
6. SLA (SERVICE LEVEL AGREEMENT) REPORTS ............ ..........
6. 1. is - sla - domain ........................................................... ..........
6. 2. is - sla - domain - overview ......................................... ..........
6. 3. is - sla - site exploitation .............................................. ..........
6. 4. is - sla - site customer ................................................. ..........
7. AM (APPLICATION MONITORING) REPORTS ................. ..........
7. 1. is - am - site summary - tcp ......................................... ..........
7. 2. is - am - user class summary - tcp .............................. ..........
7. 3. is - am - application summary - tcp ............................. ..........
7. 4. is - am - time evolution - tcp ........................................ ..........
8. PM (PERFORMANCE MONITORING) REPORTS ............. ..........
8. 1. is - pm - site summary ................................................. ..........
8. 2. is - pm - user class summary ...................................... ..........
8. 3. is - pm - user class summary per direction ................. ..........
8. 4. is - pm - application summary ..................................... ..........
8. 5. is - pm - application summary per direction ................ ..........
8. 6. is - pm - traffic topology ............................................... ..........
8. 7. is - pm - time evolution ................................................ ..........
8. 8. is - pm - detailed per application, per user class ......... ..........
9. PM COMPRESSION REPORTS ......................................... ..........
9. 1. is - pm - compression evolution .................................. ..........
9. 2. is - pm - user class compression synthesis ................. ..........
9. 3. is - pm - application compression synthesis ................ ..........
10. ACC (ACCELERATION) REPORTS ................................. ..........
10. 1. is - acc - acceleration evolution ................................. ..........
10. 2. is - acc - acceleration - site summary ........................ ..........
10. 3. is - acc - acceleration - uc summary - per dir. ........... ..........
10. 4. is - acc - acceleration - appli. summary - per dir. ...... ..........
11. VoIP REPORTS ................................................................. ..........
11. 1. is - voip - synthesis .................................................... ..........
11. 2. is - voip - time evolution ............................................. ..........
12. SA (SITE ANALYSIS) REPORTS ...................................... ..........
12. 1. is - sa - site summary ingress ................................... ..........
12. 2. is - sa - site summary egress .................................... ..........
12. 3. is - sa - site throughput ............................................. ..........
13. FI (FAULT ISOLATION) REPORTS ................................... ..........
13. 1. is - fi - availability - evolution ..................................... ..........
13. 2. is - fi - availability - overview ..................................... ..........

June 2009

Ipanema Technologies

7-1
7-1
7-1
7-1
7-2
7-2
7-4
7-5
7-7
7-16
7-25
7-25
7-26
7-28
7-29
7-31
7-37
7-37
7-39
7-41
7-43
7-45
7-49
7-52
7-52
7-54
7-56
7-58
7-60
7-60
7-62
7-64
7-66
7-68
7-68
7-70
7-72
7-74
7-76
7-78
7-83
7-86
7-88
7-88
7-90
7-94
7-97
7-97
7-99
7-100
7-102
7-104
7-104
7-106
7-108
7-108
7-110
7-112
7-114
7-114
7-117

iv

Ipanema System

14. SP (SMARTPLANNING) REPORTS ................................. ..........


14. 1. is - sp - profile ........................................................... ..........
14. 2. is - sp - synthesis ...................................................... ..........
15. ip|export REPORT ............................................................. ..........
15. 1. is - ip|export - report .................................................. ..........

7-119
7-119
7-121
7-123
7-123

CHAPTER 8 SOFTWARE LICENSE TERMS ......................... ..........


1. GRANT OF RIGHTS TO USE AND INTELLECTUAL
PROPERTY ........................................................................ ..........
2. OPEN SOURCE LICENSES ............................................... ..........
3. TERM AND TERMINATION ................................................ ..........
4. SOFTWARE MEDIA WARRANTY ...................................... ..........
5. SOFTWARE WARRANTY ................................................... ..........
6. DISCLAIMER ...................................................................... ..........
7. GOVERNING LAW .............................................................. ..........

8-1
8-1
8-1
8-1
8-2
8-2
8-2
8-3

CHAPTER 9 TECHNICAL SUPPORT ..................................... ..........


1. CUSTOMER TECHNICAL SUPPORT ............................... ..........

9-1
9-1

Ipanema Technologies

June 2009

INTRODUCTION
1. REVISIONS
Date of issue

Index

Chapter/
section
concerned

Subject

January 2001

All

Original

April 2001

All

in accordance with the V2.4 software version

September 2001

All

in accordance with the V2.5 software version

January 2002

All

in accordance with the V2.5.11 software version

March 2002

All

in accordance with the V2.6.1 software version

August 2002

All

in accordance with the V2.7.5 software version

October 2002

All

in accordance with the V2.7.6 software version

January 2003

Chapters 2,
3, 4 and 8

in accordance with the V2.8 software version

February 2003

Chapter 2

ip|reporter settings

April 2003

Chapter 2

About window

October 2003

All

in accordance with the V3.0 software version

July 2004

All

in accordance with the V3.2 software version

April 2005

All

in accordance with the V3.4 software version

November 2005

All

in accordance with the V4.0 software version

November 2005

Chapter 2

ip|boss Solaris installation

April 2006

All

in accordance with the V4.2 software version

August 2006

All

in accordance with the V4.3 software version

October 2006

Chapter 2

Domain creation, ip|reporter Solaris installation,


ip|reporter web 2.2

November 2006

Chapter 3

Alarming function

February 2007

All

manual organization; ip|reporters portmapper


port; ip|reporter multi network interfaces server;
Apache web server configuration for ip|reporter
web edition; BW tracking principles; configuring
ip|engines; ip|engine alarms description; removal
of a report

November 2007

All

in accordance with the V4.4 software version

January 2008

Chapters 2
and 7

ip|reporter web (no license key; user rights


definition); 7.3.2. How to read the reports;
periodicity of some reports (minor corrections)

April 2008

All

in accordance with the v5.0.0r8 software version

July 2008

Chapters 2
and 3

Solaris installation removed from this manual;


radius configuration

June 2009

Ipanema Technologies

Ipanema System

October 2008

All

in accordance with the v5.0.0r12 software


version

December 2008

All

in accordance with the v5.1 software version

January 2009

AA

Chapter 2

2.5.4. Install/Uninstall ip|reporter on Windows,


2.6.1. Install ip|reporter web on Windows

March 2009

AB

All

in accordance with the v5.2 software version

May 2009

AC

All

Minor corrections: 1. 2. 3. 5, 3. 6. 1 and 7.1.2:


SNMP port; 2.5.6.1: InfoVista license key;
2.6.1.8: Customizing VistaPortal SE; 4.5.3:
ip|boss Java client menu bar; 6.5.3: Helpdesk
maps colors
New: 2.3.3 install ip|boss using the CLI; 3.9:
note on Inventory printing; 4.9.7. Tools; 4.9.8.
smart|path advanced parameters; 4.10.5.4: User
class sensitivity; 4.11.3.1: Alarm severity; 6.5.1:
Link supervision

June 2009

AD

Chapters 2, 9

2.1 JDK is not required any longer; 9.1 Technical


Support contact information

2. LIST OF ASSOCIATED DOCUMENTS


For each range of ip|engine (10, 100 and 1000), there are two user manuals:

Directives and Regulations Manual


ip|engine Directives, Regulations and Certificates.
READ THE SAFETY INSTRUCTIONS BEFORE CONNECTING AN ip|engine TO THE
SUPPLY.
Configuration manual
Technical characteristics and ip|engines installation, configuration and set-up procedures;
troubleshooting.
This manual is intended for ip|engines integrators, administrators and users.

3. DOCUMENT ORGANIZATION
This document contains nine chapters:

Chapter 1 - Ipanema System: system overview.


Chapter 2 - Ipanema System Installation: software installation procedures for the Ipanema
System components.
Chapter 3 - Managing Domains: Domains creation and modification procedures.
Chapter 4 - Configuring Services: the different set-up and configuration procedures.
Chapter 5 - Ipanema System Supervision: system supervision procedures.
Chapter 6 - Using Services: system exploitation: step-by-step procedures for measure,
optimization and compression session.
Chapter 7 - Analyzing and reporting tools: description of the Ipanema reporting.
Chapter 8 - Ipanema software license terms.
Chapter 9 - Technical support: description of the Ipanema Support.

Ipanema Technologies

June 2009

4. TERMS USED
Aggregated flow:

an aggregated flow groups together IP micro-flows sharing


given common characteristics. It is specified by a source
subnet, a destination subnet and, where appropriate, a
protocol, an application and a client/server direction and a TOS.

Applications Dictionary:

the Applications Dictionary contains a list of the applications


recognized by the system. The applications are identified by
protocol, a TCP or UDP port number, a type of Codec, a URL
for HTTP, a published application for Citrix...

Application Quality Score:

Ipanema notation for the traffic Quality. From 0 (very bad) to


10 (very good). The notation is calculated according to the
expected behavior.

AQS:

Application Quality Score (see description above).

ASL:

Application Service Level.

BDP:

Bandwidth Delay Product.

Byte counting:

the system indicates the number of bytes in the IP packet,


including IP headers.

Congestion:

state of a network resource in which the traffic incident on the


resource exceeds its output capacity over an interval of time.

CoS:

Class of Service.

CPE:

Customers Premises Equipment.


Network access equipment located on the customers site. In
the case of an IP network this is usually an access router.

Delay variation:

Standard deviation of the delay on a given period.

DSCP:

DiffServ Code Point.

DstPort:

Destination Port.

Datagram:

block of data transmitted on the packet switched network.

D/J/L:

Delay/Jitter/Loss.

Domain of Measure or
Optimization:

a Domain of measure or optimization is composed of a set of


ip|engines making and exchanging observations and making
measures based on these. ip|engines are configured and
operated via the ip|boss central software. All elements in a
Domain of measure must be connected in the IP sense (each
element must have an IP address that can be routed on the
network).

Elementary observation:

measure of time, length, etc., performed by the ip|engine on


each measured packet.

Fragmentation:

the process of division of a datagram into several fragments (IP


packets), to facilitate traffic flow on low-speed links for example.

GPS:

Global Positioning System.


A positioning and synchronization system based on a satellite
constellation (currently 24) in medium altitude orbit. This
system covers practically the entire surface of the earth and
is highly accurate.

Goodput:

Number of bits per second at layer 4 level.

GUI:

Graphic User Interface.

HSRP:

Hot Standby Router Protocol.

ICMP:

Internet Control Message Protocol.

June 2009

Ipanema Technologies

Ipanema System

IP:

Internet Protocol.

IP micro-flow:

an IP micro-flow is specified by all packets identified by the


same IP source and destination address, the same protocol
and, where appropriate, the same TCP/UDP ports.

IPDR:

IP Data Records.

ITP:

Ipanema Time Protocol.

Jitter:

Standard deviation of the delay on a given period.

LAN:

Local Area Network.


The same geographical site may have several LANs
interconnected by a router.

LAN to LAN:

used for the measurement from the LAN port of the source
ip|engine to the LAN port of the destination ip|engine.

LTL:

Local Traffic Limiting.

Measure interface:

interface on the ip|engine giving access to the point of


measure.

Measure ticket:

the measure ticket groups together the elementary


observations made on an IP packet by an ip|engine.

MOS:

Mean Opinion Score


Standard Measure of the Quality of a Voice Call (notation
between 0 (very bad) to 5 (very good)).

MRE:

Multi Redundancy Elimination (synonymous with


Compression).

NAP:

Network Access Point

OWD:

One Way Delay.

Packets:

series of binary elements organized in a predefined format


and transferred as a whole.

Packet counting:

the system indicates the number of datagrams observed.


It is insensitive to fragmentation by routers, whether this
fragmentation occurred in the Domain of Measure (between
ip|engines) or outside the Domain (before the first ip|engine).

Packet loss:

the system indicates the number of datagrams lost. It is


therefore insensitive to fragmentation by routers, whether this
fragmentation occurred in the Domain of Measure (between
ip|engines) or outside the Domain (before the first ip|engine).

PBR:

Policy Base Routing.

Point of measure:

place of traffic acquisition where measures are made.

QoS:

Quality of Service.

Quality Index:

See Application Quality Score.

Router:

interconnection gateway between two IP networks.

Routing:

operation of determining the route to be taken through a


network by a data packet.

RTT:

Round Trip Time.

SALSA:

Scalable Application Level Service Architecture.

SLA:

Service Level Agreement.

SNMP:

Simple Network Management Protocol.

SrcPort:

Source port.

Ipanema Technologies

June 2009

SRT:

Server Response Time.

TCP:

Transmission Control Protocol.

Ticket Record:

groups measure tickets together for transmission between


ip|engines.

TOS:

Type Of Service.

TOS Dictionary:

the TOS Dictionary contains a list of TOS recognized by the


system. The TOS are identified by the field Type Of Service
in IP packet.

Traffic profile:

a description of the temporal properties of a traffic stream such


as rate and burst size.

Transfer delay:

the transfer delay of a packet between ip|engines is measured


when the last bit of the packet passes the measure points.
In the event of fragmentation of the datagram into several IP
packets, the measure is made when the last bit of the last
fragment passes.

Throughput:

Number of bits per second at the IP level.

UDP:

User Data Protocol.

UC:

User Class.

Vip:

Virtual ip|engine.

VoIP:

Voice over IP.

VPN:

Virtual Private Network.

VRF:

Virtual Routing and Forwarding.

WAN:

Wide Area Network.


Long distance network that allows data exchange between
remote sites.

WAN to WAN:

used for the measurement from the WAN port of the source
ip|engine to the WAN port of the destination ip|engine.

WFQ:

Weighted Fairness Queuing.

June 2009

Ipanema Technologies

CHAPTER 1. IPANEMA SYSTEM


Document organization

1. 1. OVERVIEW
1. 1. 1. General
The Ipanema System enables IP networks Quality of Service (QoS) to be measured, optimized and
compressed. It measures data transfer characteristics between access points and, in particular,
real-time performance (throughput, transfer delay, delay variation (jitter), loss rate, round trip time,
server response time and TCP retransmission ratio) of this transfer. Improving the QoS is a question
of finding the best match between user needs and network performance and optimizing allocation of
available bandwidth at network level. To be suitable for configuring and monitoring SLAs, measures
are made at IP level (level 3) allowing a clear breakdown between the network and the information
system. The compression allows to compress data in some cases.
QoS measure and optimization service features:
Users specify high-level business objectives through User Classes. Customer traffic is classified
using a mix of the users applications and organization data. User Classes attributes include:

business criticality,
QoS performance objectives (nominal bandwidth per application session, delay, jitter, packets
loss, RTT, SRT and TCP retransmission ratio),
compression capability,

The users objectives are the only input to the system. There is no need to set low-level, network
and device specific policy rules.
The individual measures are grouped and analyzed according to multiple criteria (IP address,
subnet address, application, User Class, etc.).
The results are presented in the form of real-time graphs and archived with periodic aggregation
(hourly, daily, weekly, monthly). They are made available for subsequent processing or reference.
Specific QoS measure service features (ip|true):

multiple QoS measures: measures include number of packets and bytes transmitted and
received, number of sessions, transfer delay, jitter, loss, RTT, SRT and TCP retransmission
ratio,
highly-accurate: from 100 s to 1 ms according to the type of ip|engine used. This relies on
synchronization from the network (NTP) or GPS system,
precise: measures are made on the actual data packets and not on test packets,
exhaustive: all packets are measured,
independent: measures are made at the IP level, independently of operator network access
and core technology,
confidential: the contents of user packets are not, at any time, stored, saved or even transmitted
between the different system components,
complete: packets are measured LAN to LAN and WAN to WAN.

Specific QoS optimization service features (ip|fast):

dynamic optimization, based on real-time measure of application demand and network capacity,
global bandwidth optimization, based on real-time detection of WAN access and End to End
(ingress and egress) congestion,

June 2009

Ipanema Technologies

1-1

Ipanema System

adaptive Policies management according to the QoS objectives and criticality of each
application,
IP packet marking (coloring) according to operator CoS, taking into account the QoS and
criticality objective of each application.
the ip|engine also handles the dynamic traffic conditioning according to adaptive policies. The
CPE only performs IP routing functions for network access.

Specific compression service features (ip|xcomp):

dynamic compression of traffic, according to User Class configuration,


the ip|engine handles the dynamic traffic conditioning according to the destination of the flows,
the ip|engine automatically creates the compression tunnels, when used (RAM-based
compression), with the destinations.

Specific TCP acceleration service features (ip|xtcp):

dynamic acceleration of TCP traffic, according to User Class configuration,


the ip|engine handles the dynamic traffic conditioning according to the destination of the flows.

Specific application acceleration service features (ip|xapp):

dynamic acceleration of CIFS traffic,


the ip|engine handles the dynamic traffic conditioning according to the destination of the flows.

Specific smart path service features (smart|path):

dynamic selection of traffic path, according to User Class and WAN access configuration,
the ip|engine handles the dynamic traffic conditioning according to the destination of the flows.

ip|reporter:
This service provided by an optional module of ip|boss produces full technical metric reports and
User Class high level reports.
An InfoVista run time licence is embedded in the ip|reporter module; this run time provides all user
functions in local, remote or client/server mode or with an HTML interface with VistaPortalSE.
All tasks about creation, deletion of reports are automatically made by ip|boss. The configuration
and use are very easy.
ip|export:
This service, provided by an optional module of ip|reporter, allows the user to generate data
records about IP network QoS, in text format or CSV format in order to integrate the data in Excel
for example.
ip|export is designed for seamless inter operability between network measurement systems and
Business Support Services systems (including Billing systems).
smart|plan:
This service, provided by an optional module of ip|reporter, provides easy-to-use data for Capacity
Planning optimization. Using information gathered from Ipanemas ip|engines performance
measurement and optimization functions, then aggregated by the ip|boss central management
software, smart|plan generates very high added value data enabling a complete analysis for
each network access of the relationship between bandwidth (resource) and delivered service
level (results). Using this automatically generated data, it is immediately possible to identify if
the access link is under-provisioned or over-provisioned in regard of the expected service level
per applications business criticality. The data generated by the smart|plan module are available
throughout all the Ipanema System components. ip|boss makes them available through the
SNMP interface, ip|reporter uses them to generate the appropriate easy to use reports and
ip|export aggregates and exports them in text format for post-processing.

1-2

Ipanema Technologies

June 2009

Ipanema System

Security:
Ipanema System provides robust security features to protect the system against break-in and
hostility threats. Authentication mechanisms to access to system elements and between system
elements are used to protect the system against unauthorized access. Communication encryption
between system elements protects the system against sniffing of configuration information or
measure results exchanged between system elements.

June 2009

Ipanema Technologies

1-3

Ipanema System

1. 1. 2. System description
The system consists of the following elements:

ip|engines: these units measure real-time traffic and dynamically adapt the QoS management
rules. ip|engines are non-intrusive and are generally located at the interface between the
enterprise network (LAN) and the access router to the operator network (WAN). They have
high-quality synchronization thanks to a time server (e.g. NTP) or thanks to an external GPS
receiver. The ip|engine runs the ip|agent, modules are:

ip|true for measurement,


ip|fast for optimization,
ip|coop for virtual ip|engines cooperative optimization (part of ip|fast),
ip|xcomp for compression,
ip|xtcp for TCP acceleration,
ip|xapp for application acceleration,
smart|path for smart path selection,
smart|plan for right sizing reports,
ip|sync for time synchronization.

ip|uniboss software: it ensures the creation and management of the Domains.


ip|boss software: it ensures different functions: system configuration management, fault
management, measurement collection and analysis, interface with reporting tools and
information system.
ip|reporter software: it ensures the reporting function coming from ip|boss system.

System architecture

1-4

Ipanema Technologies

June 2009

Ipanema System

1. 2. GENERAL PRINCIPLES
1. 2. 1. System deployment
ip|engines are positioned at the measure or optimization points. They are connected to the same
LAN as the access CPE.
A Domain is made up of a set of ip|engines that measure (ip|true), optimize (ip|fast, plus possibly
ip|coop), compress (ip|xcomp) and accelerate (ip|xtcp and ip|xapp) the network traffic and the
ip|boss software (the central software program), for configuration and exploitation of the Ipanema
System.
One Domain will be created by logical entity, using ip|uniboss client. ip|engines belonging to
the same Domain work together (measure, optimization, compression and acceleration), without
interacting with other ip|engines belonging to other Domains. Each Domain is managed by a
dedicated ip|boss instance.
To measure, optimize or accelerate flows on a site with no ip|engine, the user can configure (IP
address and alias) a virtual ip|engine in the configuration file, in the same way as for a real one.
To make it possible, physically existing ip|engines must be installed at the other ends of all flows to
be measured, optimized and accelerated. Unlike a physically existing ip|engine, a virtual ip|engine
does not measure one-way-delays, jitter and loss rates, and does not compress or decompress.

Ipanema System deployment


The system performs measures, optimization, compression and acceleration on the basis of
observed traffic in the users private IP addressing plan.
This addressing plan can be different from the public addressing plan (Public IP address). For
example, network tunnels encapsulate the packets of the different interconnected LANs with an
address in the operator plan. In this case, the Ipanema System recognizes only the addresses of
the LAN plan.
Each ip|engine recognizes the local network (LAN) traffic transmitted to and received from the
long-distance network (WAN).

June 2009

Ipanema Technologies

1-5

Ipanema System

The local networks have an IP address range expressed in the form a.b.c.d and a prefix, the length
of which is expressed by /p.
For correct system operation:

1-6

the ip|engines must have a fixed IP address,


the server running the ip|boss application must be accessible by all ip|engines. It must
therefore have an IP address, but the latter is not necessarily a fixed address (except if
ip|reporter server is installed on another station). The server is not necessarily on the
customer part of the network.

Ipanema Technologies

June 2009

Ipanema System

1. 2. 2. Time synchronization
ip|engines synchronization on the Domain is used for Delay/Jitter/Loss measurement (and
measurement only: optimization, compression, etc., do not require synchronization).
There are two synchronization levels:

Time servers
can be either ip|engines (with or without GPS), ip|boss or External NTP servers,
must be delivering a consistent time between each other,
if an ip|engine is a Time Server, it will use its local ITP configuration (GPS, local or an
external source).

Synchronization servers
must be Domain ip|engines,
will not use their local reference (even if a GPS receiver is connected),
share their clocks with their peers (all other synchronization servers).

This feature allows GPS-less Domains, out of Domain synchronization and short term no time
function (a Domain can be disconnected from its time servers, thus making higher resiliency).

June 2009

Ipanema Technologies

1-7

Ipanema System

1. 2. 3. Communication between system elements


1. 2. 3. 1. Communication between ip|engines
ip|engines exchange measures and control information.
To accomplish this, each ip|engine hosts a specific server reachable by all the other ip|engines
on predetermined ports (TCP and UDP).
An ip|engine also hosts a specific client, that transmits measures, optimization signals and
compressed data to the ip|engines servers. The source ports are dynamically selected by the
transmitting ip|engine.

1-8

Ipanema Technologies

June 2009

Ipanema System

1. 2. 3. 2. Communication between the management system and ip|engines


There are three types of channels between each ip|engine and the ip|boss software:

configuration and supervision,


measure reporting,
real-time measure reporting.

The configuration and supervision channel


Each ip|engine hosts an HTTPS server that is accessed by ip|boss for configuration and
supervision. This server is reached on the TCP/443 destination port (default value; another value
can be configured on request).
The periodic measure reporting channel
The HTTPS server embedded in the ip|engine is also used by ip|boss software to retrieve
measures (pull). This server is reached on the TCP/443 destination port (default value, another
value is configured on request).
The real-time measure reporting channel
Real-time measures are sent by the ip|engine on a unidirectional TCP connection to predefined
destination port (another value can be configured on request).
The TCP source port is dynamically selected (another value can be configured on request) by the
transmitting ip|engine.

June 2009

Ipanema Technologies

1-9

Ipanema System

1. 2. 3. 3. The communication channel Java Client-Server


The communications between the ip|boss server and the ip|boss Java client use the defined port
during the installation process of the server (by default TCP/9999) and some other dynamic TCP
ports by default (the ports can be configured on request).

1. 2. 3. 4. The communication channel Web Client-Server


The communications between the ip|boss server and the ip|boss web client use HTTPS port
(TCP/443).

1. 2. 3. 5. The communication channel between ip|boss and ip|reporter


Two kinds of communication channels exist between ip|boss and ip|reporter:

configuration and supervision channel,


collect channel (SNMP).

1. 2. 3. 5. 1. The configuration and supervision channel


ip|boss supervises and configures the reporting system via the InfoVista interfaces. The used
TCP ports are dynamic by default, but they can be fixed by configuration. These channels allow
the reports creation and deletion according to the configuration and the status supervision of
ip|reporter.

1. 2. 3. 5. 2. The collect channel (SNMP)


ip|boss software contains an SNMP agent used by ip|reporter (InfoVista) in order to collect the
measurement data (pull mode). This SNMP agent is reachable via the UDP port configured for
each Domain in ip|uniboss.

1-10

Ipanema Technologies

June 2009

Ipanema System

1. 2. 4. The QoS measurement service: ip|true


The basic measure obtained from accurate and detailed observation of all IP packets is assembled
and correlated to enable multi criteria analysis of QoS. This correlated measure can subsequently
be stored and processed to generate alarms, create reports and analyze long-term trends.

1. 2. 4. 1. Service level objectives


The SLAs have several Service Level Objectives (SLOs), such as availability, average throughput
per access line, maximum packet transfer time rates and losses. These SLOs satisfy certain
conditions: low load transfer time measure, end-to-end network operator property, etc. If the
network offers Classes of Service, SLOs are specified for each class.

1. 2. 4. 2. Traffic analysis by User Classes


QoS measurement can be aggregated according to different criteria: application, address, TOS,
source and destination, etc. This classification enables traffic to be analyzed according to the
defined criteria.
Users can specify their own aggregation criteria, and thus take into account enterprise organization
- the different departments, services and applications used. Aggregated measure according to User
Classes allows for in-depth analysis of enterprise traffic and even internal invoicing.

1. 2. 4. 3. Forecasting traffic and optimizing long-term policy


The measurement service enables generated traffic to be analyzed. These analyses can be used
to:

forecast future traffic development to estimate optimum network sizing,


policy management according to users objectives and results.

June 2009

Ipanema Technologies

1-11

Ipanema System

1. 2. 5. The real-time optimization service: ip|fast


End-to-end QoS depends on both network infrastructure (transmission lines, access lines, traffic
engineering policies) and user traffic.
QoS can be optimized by:

globally optimizing bandwidth allocation between all access points,


adapting QoS policies to current network performance and real user demand,
selecting, for each traffic flow, the right Class of Service (CoS) in terms of performance.

As the period of stability is short, policy settings need to change dynamically according to network
performance and users traffic variations.

1. 2. 5. 1. Global bandwidth optimization


Network bottlenecks result in congestion and, at times, limit optimum bandwidth to well below its
rated value. Transmitting more traffic will only result in increased transfer time and losses, thereby
degrading QoS and application "goodput".
Several access points may send data to the same destination and an access point may send data
to several others. This can then result in One-to-N or N-to-One type congestion.
ip|fast dynamically shares the GLOBAL network available bandwidth to all active sources, taking
into account the traffic demand, network bottlenecks and N-to-N congestions.

1. 2. 5. 2. Adapting QoS management rules


ip|fast adaptive policy management automatically finds out the best way of handling traffic based
on:

traffic requirements (criticality, QoS objectives),


traffic demand,
network performance.

1. 2. 5. 3. Automatic CoS operator selection


If an operator offers different Classes of Service, assigning a CoS to the traffic becomes difficult.
The Ipanema System automatically changes the coloring (or tagging) of the packets according to
the traffic requirements as defined by the User Class it belongs to (Criticality, QoS objectives). The
mode used is Color-Blind (in this mode, all packets are treated as if they were uncolored: they
are marked according to the selected coloring rule regardless of their initial color).

1. 2. 6. The compression service: ip|xcomp


End-to-end QoS also depends on the capacity of the links. For many reasons, it can be difficult to
increase the bandwidth of a link: cost, operator delay for instance. By compressing the packets, it
is possible to send much more data on the network. In most cases, compression is useful in one
way only (more often, from server to client). Not all types of packets accept compression.
Compression:

1-12

automatically creates tunnels from the compressing sites to the decompressing sites (described
in ip|boss),
compresses the packets according to the owning User Class (as defined in ip|boss),
the tunnels still depend on the optimization feature.

Ipanema Technologies

June 2009

Ipanema System

1. 2. 7. The TCP acceleration service: ip|xtcp


TCP was not designed for networks with a large BDP (Bandwidth-Delay Product, i.e. large RTT
and/or high available bandwidth) or with a significant Bit Error Rate:

slow-start overhead increases the latency of short transfers,


due to the BDP limitation, the TCP sessions cannot fully utilize the available bandwidth, and
error recovery is slow.

TCP acceleration is tightly coupled with optimization so that:

it does not break critical applications protection,


ip|fast precisely knows the available bandwidth per connection.

It uses two mechanisms, independent from each other:

speed-up the slow start (fast start),


overcome BDP limitations (over-bdp).

The key idea is, for each connection, to proactively enslave the TCP source rate to the ip|fast
computed rate for this connection.

1. 2. 8. The application acceleration service: ip|xapp


The ip|xapp service allows to accelerate CIFS traffic.
CIFS stands for Common Internet File System, also known as SMB (Server Message Block). It is
a proprietary Network protocol, the most common use of which is sharing files on a LAN... but also,
due to Data Server Consolidation, over the WAN.
The current CIFS version (or Dialect) is called NT LM 0.12 (it is the 8th since mid 1980s).
CIFS protocol

After the TCP connection to the Server (ports 445 and 139 are used), the NetBIOS Session
service is established (negotiation of a CIFS dialect, Username/Password, connection to the
resource - shared directory for instance).
File accesses are done within this NetBIOS session (open, read, write...; only ONE connection
from a Client to a Server for ALL file accesses).
All of this is using SMB messages within NetBIOS datagrams.
There is one SMB Response for each SMB Request (the next request is sent when the previous
response is received).

Deployment cases
CIFS Acceleration is a Client-side technology. So the typical deployment case uses ip|engines
installed near the CIFS clients, therefore mainly in branch offices.
CIFS acceleration and Compression
ip|xapp and ip|xcomp are compatible. It is possible to compress accelerated CIFS traffic, both
with RAM-based and Disk-based compressions, in one, the other or both directions:

compress only accelerated CIFS from the client to the Server,


compress only accelerated CIFS from the Server to the client,
do both.

This depends on the User Class CIFS is matching, and on the local and remote ip|engine
compression/decompression capacities.

June 2009

Ipanema Technologies

1-13

Ipanema System

1. 2. 9. The smart path service: smart|path


The smart|path service allows to combine multiple physical networks into one unified logical
network, maximizing both Quality of Experience & business continuity.
With this feature, the ip|engine connected to several network accesses (MPLS and Internet, two
different MPLS accesses, etc.) dynamically selects the best one, session by session.
This maximizes application performance, security and network usage based on:

network quality and availability,


application Performance SLAs,
sensitivity level of the information.

It maximize combined networks efficiency:

network capacity,
network availability,
network performance.

Typical deployment cases:

single router with multiple interfaces,


several routers with one interface (for example HSRP clustering).

These cases can be combined in a same site or in a same network.

1. 2. 10. The smart planning service: smart|plan


The bandwidth usage at a site does not reflect the actual users needs. Moreover, TCP uses as much
BW as it can (TCP elasticity), and TCP does not make any difference between a non critical FTP
transfer and an ERP critical flow, for example: although less critical, FTP will use more bandwidth
than the ERP.
As a consequence, usage based provisioning is always over-estimated:
usage based provisioning = over-provisioning.
There is also a drawback in increasing the bandwidth at a site (apart from the cost): the more
available bandwidth, the less its usage matches the business needs of the company:
more bandwidth attracts useless traffic!
The Ipanema system allows companies to size their networks at the best rather than
over-provisioning them:

by taking the actual needs of the flows into account,


by eliminating security margins (tempest of the century syndrome),
by being insensitive to the topology.

The smart planning leverages optimization features. To enable it:

you need a physical ip|engine on the site,


ip|fast must be enabled,
the smart|plan option must be enabled.

Thanks to the smart planning feature, the Ipanema system allows the best usage of the network
capacity according to the performance objectives, by enabling the user to select a cost /
performance compromise based on application service levels.

1-14

Ipanema Technologies

June 2009

Ipanema System

1. 2. 11. Functional architecture

Functional architecture

June 2009

Ipanema Technologies

1-15

Ipanema System

1. 2. 12. Monitoring
For the monitoring, the operations are performed by the:

ip|engine:
elementary observations,
correlation,
flow management.

ip|boss:

ip|engines configuration,
ip|engines alarm management,
monitoring,
analysis,
SNMP MIB update.

ip|uniboss:
Domains creation.

ip|reporter:
collection of SNMP data from ip|boss,
reports database management,
reports publishing.

1-16

Ipanema Technologies

June 2009

Ipanema System

1. 2. 13. Measurement service


The operations are performed by the:

ip|engine:
elementary observations,
correlation,
classification.

ip|boss:

ip|engines configuration,
ip|engines alarm management,
monitoring,
SNMP traps.

1. 2. 13. 1. Elementary observations

Measurement
Each IP packet observed by the ip|engines on their measure interface undergoes a series of
processing operations:

filtering of IP v4 packets,
classification and filtering of packets according to their type:

local traffic on the LAN,


ingress traffic (LAN to WAN traffic),
egress traffic (WAN to LAN traffic),
transit.

identification of the ip|engine associated with each packet. This ip|engine will subsequently
be responsible for correlating the different observations made on this packet - in practice this is
the "upstream" ip|engine (upstream with reference to the observed flow),
output of a measure ticket.

Tickets are grouped according to the corresponding ip|engine in compact Ticket Records. These
records are periodically sent to the ip|engine or stored locally if the ip|engine is itself associated
with the flow.

June 2009

Ipanema Technologies

1-17

Ipanema System

Measure traffic
The ip|engines send measure tickets to the correlator via the network.
The measure load generated by each ip|engine is approximately 2% of measured traffic for
datagrams with an average length of 300 bytes.
Datagram fragmentation
Transmitting large packets on the network can degrade the quality of service for applications,
particularly if access speed is low. IP protocol allows datagrams to be fragmented into several
packets (fragments). Fragmentation can be performed at different points, but is generally
performed:

by the access router (CPE) connected to a low-speed interface,


by an access or transit router in certain cases of congestion.

Fragments are not reassembled on the network or in the router, but by the end station.
To keep measures consistent without making assumptions on whether and where fragmentation
occurred (before or after the first ip|engine), the system performs measures on the datagrams.
This choice enables the classification mechanisms to operate correctly, even though port numbers
of the TCP/UDP protocol are present only in the first fragment of a datagram.
This choice is also consistent with applications behavior. In all cases, the datagram user application
must wait for the datagram to be reassembled before being able to use the data it contains. It is
therefore reception of the last fragment that is important.
A datagram is considered to be lost as soon as one or more of its fragments is lost. In this case,
the datagram is not delivered to the transport layer by the destination terminal.

1. 2. 13. 2. Correlation
The correlation function, shared by all ip|engines, produces Correlation Records that contain
measures grouped by aggregated flows (classification level is determined by configuration).
Correlation Records are generated at regular intervals and collected by ip|boss Collector.

1. 2. 13. 3. Classification
The software enables flow measures to be classified according to the following criteria:

address: subnet address ranges at flow source and destination according to the User subnets
directory,
application: according to the Level 7 Application dictionary, allowing in most cases the user
application to be identified,
TOS: the "TOS" field of the IP header identifying the Type of Service according to the TOS
dictionary.

1. 2. 13. 4. Monitoring
The monitoring function enables the operator to get a real-time view of the performance and activity
of the observed traffic in the form of graphs.

1. 2. 13. 5. SNMP Agent


Measures from Correlation Records can be provided in the form of a MIB.

1. 2. 13. 6. Analysis
Measures can undergo deferred analysis. Measures can be viewed in graph form.

1-18

Ipanema Technologies

June 2009

Ipanema System

1. 2. 14. Optimization service - functional architecture


An ip|engine has two roles:

to manage offer: for a given current network performance, an ip|engine will adapt
characteristics to achieve the best trade-off between QoS and goodput,
to manage demand: for a given current LAN to WAN traffic, LAN-to-LAN QoS and bandwidth
availability, an ip|engine will adapt the user traffic policy to share network capabilities among
the flows.

1. 2. 14. 1. Managing offer (resource driven optimization)


1. 2. 14. 1. 1. Egress bandwidth management (N-to-one)
This function provides dynamic sharing of the available egress (WAN to LAN) bandwidth of one
access of a VPN (virtual private network) between all the active ingress (LAN to WAN) network
accesses.
This control of egress congestion improves the quality of the access link by decreasing packet
delays, jitter and losses. Hence, it globally increases the end-to-end goodput of the network.
The principle is as follows:

each ingress ip|engine periodically advises each egress ip|engine of data it estimates it will
have to send them - quantity (min, max), time and loss constraints and criticality,
each egress ip|engine computes a fair-sharing scheme of its egress bandwidth, taking into
account the above parameters. It sends information to all active ingress ip|engines on the
amount of data they are allowed to send.

One can see that this mechanism is quite similar to a reservation scheme with the following main
differences:

bandwidth allocation is performed starting from a statistic view of the end-to-end traffic. This
facilitates statistic multiplexing among flows and limits the computing load (it is no longer related
to the number of flows),
network elements between ip|engines are not involved in the allocation mechanisms.

N (ingress) to One (egress) traffic


In this example, traffic to B will be shared between sites A, C and D, based on:

Bs egress capabilities,
A, C and Ds currently estimated traffic demand (quantity, time and loss sensitivity, criticality).

June 2009

Ipanema Technologies

1-19

Ipanema System

1. 2. 14. 1. 2. Ingress bandwidth management (One-to-N)


This function provides for dynamic sharing of the available ingress (LAN to WAN) bandwidth
between all the active egress (WAN to LAN) destinations of the VPN.
This control of ingress bandwidth use maximizes ingress link use. Hence, it globally increases the
QoS and the end-to-end goodput of the network.
The principle is to control the ingress traffic sent to the network by taking into account the reception
capabilities of the active egress links.

One (ingress) to N (egress) traffic


In the example, traffic A will be shared between destinations B, C and D, based on:

As ingress capabilities,
As traffic demand to destinations B, C and D (quantity, time and loss sensitivity, criticality),
B, C and Ds currently estimated egress traffic authorization (see N-to-one control).

1. 2. 14. 1. 3. CoS selection (QoS-to-CoS)


CoS selection control enables selection of operator network Classes of Service (CoS). This choice
is based on the following parameters:

1-20

QoS objectives of applications,


criticality level in accordance with the User Class.

Ipanema Technologies

June 2009

Ipanema System

1. 2. 14. 2. Managing demand (traffic driven optimization)


1. 2. 14. 2. 1. Class-based brokerage
The class-based broker manages access bandwidth by taking into account:

users specific traffic classification (per department, application, destination, etc.),


users class relationship and attributes,
current traffic usage,
current end-to-end capabilities and performance.

The features enhance the relevance of the goodput through provisioning of arbitration rules. The
total amount of information effectively transferred is equivalent, but the relative amount per User
Class is managed.

1. 2. 14. 2. 2. Criticality management


Criticality management enables selection of traffic that is authorized to be sent, taking into account
the following inputs:

criticality of applications,
instantaneous bandwidth requirements,
current end-to-end quality of service and traffic capabilities.

Applications may be characterized by their delay and loss sensitivity.

June 2009

Ipanema Technologies

1-21

Ipanema System

1. 2. 14. 3. Optimization with virtual ip|engines


Virtual ip|engines are introduced to easier customer acceptance, in case of hub-and-spoke traffic
matrix. This feature allows optimization of the traffic toward and from sites which are not equipped
with a physical ip|engine.
Virtual ip|engines are configured through ip|boss just the same as physical ip|engines. Then
optimization can classify and optimize the traffic from or toward these sites, according to the rules
defined through the User Classes. Traffic conditioning functions are automatically instantiated
upon traffic recognition
Typical case of deployment becomes:

physical ip|engines for central site and sites with meshed traffic,
virtual ip|engines for small branch offices and simple traffic pattern.

With ip|coop option, for each virtual ip|engine, a group of remote physical ip|engines cooperate
(Remote Coordination Group) to do what a local physical ip|engine would have done, namely:

it measures its usage (from its point of view),


it measures the demand,
it detects congestions and controls the flows according to their criticisms.

This Remote Coordination Group is made of up to 8 physical ip|engines (on the 8 most active sites
with this unequipped site) and is automatically and dynamically configured by ip|boss.
Thus, the contribution of each virtual ip|engine can be precisely estimated so that congestion to
and from the remote site can be managed (as through a proxy).
Limitation for use of virtual ip|engines:

no Delay/Jitter/Loss measurement,
neither measure nor optimization take shadow traffic (traffic between sites equipped with a
virtual ip|engine) into account,
End to End (E2E) bandwidth tracking is less efficient and reactive,
no limitation of egress UDP traffic.

When ip|coop option is enabled, the number of virtual ip|engines is controlled by ip|boss and
defined in the license file delivered to the customer. Without this option, the number is unlimited.

1-22

Ipanema Technologies

June 2009

Ipanema System

1. 2. 15. Security
Ipanema System security features are based on SSL and SSH protocol usage, plus tools for key
generation and distribution.

1. 2. 15. 1. ip|engine - Access Control (Console and Telnet/SSH)


A lot of security features regarding the ip|engine management access through the console or
through the network are implemented. They are listed below (however access to a particular
ip|engine is limited to a very small number of cases):

console access is secured with a full password management,


remote access to an ip|engine is secured. Different levels of security can be selected by the user
at installation time. The most advanced level implies the use of the SSH protocol for ip|engine
remote access,
commands limitation: when remotely accessing an ip|engine, the set of available user
commands is carefully restricted to a minimum set of commands used for troubleshooting.

1. 2. 15. 2. Secured ip|boss <-> ip|engine communications


SSL protocol is used for downloading the configuration file from ip|boss to ip|engines, monitoring
of ip|engines and measurement data collection from ip|engines, both authentication and
encryption are used.
Ipanema System allows for 3 different security levels to be implemented:

First level (default mode)


The customer uses the default factory certificate. Communications are secured. Nevertheless,
as the certificate is not unique to the customer, the security level is not at its maximum.

Second level
The customer defines his own certificate. This is done centrally from ip|boss or from a
customers certificate generator. Certificate installation on ip|engines is handled from ip|boss
and does not require local access to the ip|engines.
Communications are secured. Unauthorized people will not be able to enter the system nor to
read and interpret configuration or measurement data.

Third level
The customer defines his own certificate AND a passphrase. This requires not only an ip|boss
certificate installation, but also to have local access to all ip|engines in order to setup the
passphrase configuration.
Communications are secured. Combination of certificate and local passphrase provides the
highest level of security.

Important reminder 80% of the security breaches are internal to companies.

June 2009

Ipanema Technologies

1-23

CHAPTER 2. IPANEMA SYSTEM


INSTALLATION
Document organization

2. 1. JAVA RUNTIME ENVIRONMENT


To install ip|uniboss and ip|boss Java servers and Java clients, the Java Runtime Environment
5.0 Update 15 (JRE 1.5.0_15) must be installed on the station. This release is on the CD-ROM. It
must be installed on the station before installing ip|uniboss and ip|boss.
To check the Java software version, in a DOS / shell window enter java -version
command.
On a station running ip|uniboss or ip|boss web clients only, JRE is not required.

Install JRE on Windows


To install the Java Runtime Environment on Solaris, please refer to the installation
manual IPANEMA-IBS-INSTALL-V[x].PDF (IBS stands for ip|boss server).

To install the Java Runtime Environment 1.5.0 (if needed), in ip|uniboss/ip|boss CD-ROM go
to win32\java directory and launch jre-1_5_0_15-windows-i586-p.exe. Follow the onscreen
instructions.

Choose the Typical setup and click Accept.


JRE Installation then proceeds:

June 2009

Ipanema Technologies

2-1

Ipanema System

When installation is completed, a message is displayed. Click Finish:

Configure the JAVA_HOME environment variable, go to the Windows System properties:

Select Advanced tab, then Environment Variables:

2-2

Ipanema Technologies

June 2009

Ipanema System installation

Check if the JAVA_HOME variable is correctly defined in the System variables. If not,
click New (if the variable was not set) or Modify (if it was incorrectly set) in the System
variables and configure the JAVA_HOME environment variable (by default JAVA is installed
in C:\Program Files\Java\jre1.5.0_15).

Click OK three times.

June 2009

Ipanema Technologies

2-3

Ipanema System

2. 2. IP|UNIBOSS SOFTWARE
2. 2. 1. Specifications for ip|uniboss server
The software application runs on a server (or a workstation with enough power):

Windows 2000 Service Pack 4 or higher, Windows 2003 SP1 or higher, or


Solaris 9 or 10.

Please refer to the relevant Release note to check the minimum characteristics required.

2. 2. 2. ip|uniboss architecture
ip|uniboss runs in client/server mode. The server processes supervise the system. The client is
the Graphical User Interface (GUI).
The User can access the GUI of ip|uniboss with the ip|uniboss Java Client, which needs an
installation on his or her station, or with the ip|uniboss web Client via a web browser (Internet
Explorer or Mozilla Firefox). A CLI client is also available.

ip|uniboss server manages the Domains.


ip|uniboss server manages accesses to ip|boss, by authenticating and redirecting ip|boss
users.
ip|uniboss client should be on a different station (on the same or on a different LAN). It allows
to modify the Domains: creations, modifications and deletions.
ip|uniboss portal can be on a different station (preferably on the same LAN) refer to
Technical_Note_Portal_Integration.doc provided on the installation CD-ROM (/salsa/doc/). It
allows to access ip|uniboss server through a web client.
ip|uniboss server can run on the same machine as ip|boss server.

ip|uniboss / ip|boss architecture

2-4

Ipanema Technologies

June 2009

Ipanema System installation

2. 2. 3. Install ip|uniboss server on Windows


To install ip|uniboss server on Solaris, refer to the installation
IPANEMA-IUBS-INSTALL-V[x].PDF (IUBS stands for ip|uniboss server).

manual

To install ip|uniboss server, you must be connected as an administrator on the server


(installation of services).

Internet Information Services Web Server must be stopped.


Other services or applications using the port 443 must be stopped.
To install ip|uniboss server, the Java Development Kit 5.0 Update 11 (JDK
1.5.0_11) must be installed on the station (this release is on the CD-ROM; to check
the JDK software version, in a DOS window enter java -version command), and
the JAVA_HOME environment variable must be properly set. Refer to the JAVA
section at the beginning of this Chapter.
If JDK is not installed, ip|uniboss installation will not launch and the following
error message is displayed:

If the JDK installed is not in the right version, the following error message is
displayed during ip|uniboss installation:

If the JAVA_HOME environment variable is not properly set, the following


error message is displayed during ip|uniboss installation:

Procedure to install ip|uniboss server software on Windows:

Connect as administrator on the server,


insert the CD-ROM; the installation software will start automatically, otherwise launch the file
ipboss_setup.exe in the directory /win32/install:

June 2009

Ipanema Technologies

2-5

Ipanema System

Click Next, then indicate the directory of installation (C:\Program Files\salsa by default):

If the directory does not exist, it is created:

If the directory already exists, you are warned that existing files may be overwritten:

2-6

Ipanema Technologies

June 2009

Ipanema System installation

Select ip|uniboss and click Next:

ip|boss server can be installed at the same time and on the same station as
ip|uniboss server. Click both clickboxes if this is what you want to do.

Close the services window before continuing the installation:

Click Next to continue:

Select the Domains concentrator (uni_boss) location path:

June 2009

Ipanema Technologies

2-7

Ipanema System

The default path is C:\Program Files\salsa\uniboss\server.


The customers Domains will not be on that server, but on ip|boss server.
If ip|boss is installed at the same time, the default path is the one of ip|boss
(C:\Program Files\salsa\ipboss\server), and the customers Domains will be
on the same server, in the same path.

2-8

Click Next; the installation program then proceeds:

When finished, click Next to continue:

ip|uniboss services are installed and started; click Next:

Ipanema Technologies

June 2009

Ipanema System installation

Select a program group for the shortcuts and click Next:

When done, a success message is displayed; click Done:

The setup process of ip|uniboss server has created and started 2 new services (3 if ip|boss
was installed at the same time):
SALSA ipuniboss Server: manages the start of the different processes,
SALSA Web Server: used by the previous service,
(and SALSA ipboss Server if ip|boss was installed at the same time).

June 2009

Ipanema Technologies

2-9

Ipanema System

2-10

Configure the recovery mode (Restart the Service in the three fields) for each service (select
a service, menu Action / Properties, tab Recovery):

The setup process of ip|uniboss server has created the following directory tree:

Ipanema Technologies

June 2009

Ipanema System installation

Program Files\salsa\uniboss\server\domains only contains the Domains


concentrator (uni_boss); the customers Domains will not be installed here
they will be on ip|boss server.
If ip|boss server was installed at the same time, the default directory tree is the following:

In this case, the customers Domains will be installed in Program


Files\salsa\ipboss\server\domains, that is, in the same folder as the Domains
concentrator (uni_boss).
To create Domains with ip|uniboss, it is necessary to have a running license (refer to
the Section ip|uniboss license file).

June 2009

Ipanema Technologies

2-11

Ipanema System

2. 2. 4. Start and stop ip|uniboss services/processes


ip|uniboss server is made of 2 services/processes:

SALSA ipuniboss Server: manages the start of the different processes,


SALSA Web Server: used by the previous service.

ip|uniboss Services

2. 2. 4. 1. Start and stop ip|uniboss services on Windows


To start / stop / restart ip|uniboss services on Windows:

Connect as administrator on the server.


Select one of both ip|uniboss services:

ip|uniboss Windows Services

Click on:

to start the service (if stopped),

to stop the service (if started),

to restart the service (if started).

Repeat the operation for the second ip|uniboss service.

2. 2. 4. 2. Start and stop ip|uniboss processes on Solaris


To start / stop ip|uniboss processes on Solaris:

Connect as root on the server.


Launch the ipunibossd script:
/etc/init.d/ipunibossd start to start the 2 ip|uniboss processes,
/etc/init.d/ipunibossd stop to stop the 2 ip|uniboss processes.

2-12

Ipanema Technologies

June 2009

Ipanema System installation

2. 2. 5. Install ip|uniboss client


2. 2. 5. 1. Install ip|uniboss web client
For ip|uniboss web client, no installation is necessary.
Internet Explorer software version 6 SP1 and Mozilla Firefox are supported.

To connect to ip|uniboss server with a web client, enter the following URL:
https://x.x.x.x/ipuniboss_portal (where x.x.x.x is the IP address of ip|uniboss server). For security
reasons, the use of HTTPS is mandatory.
If a security warning window opens, click Yes.

Connection window
The connection window has two fields:

User name: the name of the user (administrator by default),


Password: with administrator account the default password is admin.

Click on Validate to access the main window:

June 2009

Ipanema Technologies

2-13

Ipanema System

ip|uniboss web client main window

2. 2. 5. 2. Install ip|uniboss Java client


This installation is useless if you use the web client only.

ip|uniboss Java client runs on:

Windows,
Solaris,
Linux.

It requires Java JRE 1.5.0.11. Refer to the JAVA section to install JRE if needed.
There must be no proxy installed:

2-14

check your web browser parameters (Tools / Internet Options / Connections / LAN
settings: click boxes must be blank (Windows));
check Java web start preferences
(C:\Program Files\Java\jre1.5.0_11\javaws\javaws.exe then File / Preferences /
General / Proxies: none (Windows)).

Launch your web browser (Internet Explorer / Mozilla / Netscape), and select the following URL:
https://x.x.x.x/ipuniboss_manager (where x.x.x.x is the IP address of ip|uniboss server; the
use of HTTPS is mandatory). A warning may tell you that the publisher is unknown; click Yes
to continue:

Ipanema Technologies

June 2009

Ipanema System installation

In order to launch the installation of ip|uniboss java client, click on Start ip|uniboss rich client.
Warning messages may appear. Click Yes and Run to continue:

The Java client is then loading:

June 2009

Ipanema Technologies

2-15

Ipanema System

A Java message may warn you that the digital signature has been verified. Click Run to run the
application:

You are asked if you want to create shortcuts for ip|uniboss. Click Yes if you want to accept:

Now ip|uniboss Java client is installed, the starting screen appears:

To launch the client complete the following fields in the Login window:
Server: IP address of ip|uniboss server
User name: administrator by default
Password: with administrator account the default password is admin

2-16

Ipanema Technologies

June 2009

Ipanema System installation

and click Validate.

ip|uniboss Java client main window

To create Domains, you need a running license. Refer to the Section ip|uniboss license
file.
if ip|uniboss server is upgraded, the software upgrade of ip|uniboss Java client is
automatically handled by the Java Web Start Software when launching ip|uniboss Java
client.

June 2009

Ipanema Technologies

2-17

Ipanema System

2. 2. 6. Uninstall ip|uniboss
The uninstallation of ip|uniboss consists in uninstalling the ip|uniboss server program on the
server, and if installed on the server the ip|uniboss Java Client.

2. 2. 6. 1. Uninstall ip|uniboss server on Windows


To uninstall ip|uniboss server on Solaris, refer to the installation manual
IPANEMA-IUBS-INSTALL-V[x].PDF (IUBS stands for ip|uniboss server).
To uninstall ip|uniboss server and the Domains, you must be connected as
administrator on the server.
If ip|uniboss and ip|boss servers are installed on the station, the installation procedure
will uninstall both.

Connect as administrator on the server.


ip|uniboss services must be stopped before uninstalling.

ip|uniboss Windows Services

If ip|boss server is also installed on the station, you must also stop ip|boss service
(SALSA ipboss Server).

2-18

Launch uninstall located in Start / Programs / ipboss.


Select Force the deletion of ~\Program Files\salsa and click Uninstall:

When done, click Quit:

Ipanema Technologies

June 2009

Ipanema System installation

After these steps, in order to remove ip|uniboss services in Windows, you have to
reboot the Windows server.

June 2009

Ipanema Technologies

2-19

Ipanema System

2. 2. 6. 2. Uninstall ip|uniboss Java client

Launch Java web start Application manager from the desktop, from the menu Start / Programs
/ Java Web Start or from the directory C:\Program Files\Java\jre1.5.0_11\bin\javaws.exe.

Click on ip|uniboss application and select the menu Application / Uninstall Shortcuts in order
to delete the shortcut on the desktop:

Select the menu Application / Remove Application in order to uninstall ip|uniboss Java client:

If you want to uninstall Java on the server, select the menu Settings / Control Panel,
select Add / Remove programs and choose Java in the program list.

2-20

Ipanema Technologies

June 2009

Ipanema System installation

2. 3. IP|BOSS SOFTWARE
2. 3. 1. Specifications for ip|boss server
The software application runs on a server (or a workstation with enough power):

Windows 2000 Service Pack 4 or higher, Windows 2003 SP1 or higher, or


Solaris 9 or 10.

Please refer to the relevant Release note to check the minimum characteristics required.

2. 3. 2. ip|boss architecture
ip|boss runs in client/server mode. The server processes supervise the system. The client is the
Graphical User Interface (GUI).
The User can access the GUI of ip|boss with the ip|boss Java Client, which needs an installation
on his or her station, or ip|boss web Client via a web browser (Internet Explorer or Mozilla Firefox).
A CLI client is also available.

ip|boss server manages the communications with the ip|engines: supervision, start, stop,
collect, SNMP interface, management of users requests (update for instance).
ip|boss client should be on a different station (on the same or on a different LAN). It allows to
modify the configuration: adds, deletions in the different dictionaries, start or stop order, display
of measurements in real-time, creation of Metaviews and reports.
ip|boss server can run on the same machine as ip|uniboss server.

ip|boss server is multi-access (max. 10 users), multi-profile in order to give some different rights
for each user (system administration, service activation, supervision, helpdesk, ....).

ip|boss architecture

June 2009

Ipanema Technologies

2-21

Ipanema System

2. 3. 3. Install ip|boss server on Windows


To install ip|boss server on Solaris, refer to the installation
IPANEMA-IBS-INSTALL-V[x].PDF (IBS stands for ip|boss server).

manual

To install ip|boss server using the Command Line Interface, refer to the relevant
Technical Note (only the standard procedure is described here).
To install ip|boss server, you must be connected as an administrator on the server
(installation of services).

Internet Information Services Web Server must be stopped.


Other services or applications using the port 443 must be stopped.
To install ip|boss server, the Java Development Kit 5.0 Update 11 (JDK 1.5.0_11)
must be installed on the station (this release is on the CD-ROM; to check the JDK
software version, in a DOS / shell window enter java -version command), and the
JAVA_HOME environment variable must be properly set. Refer to the JAVA section
at the beginning of this Chapter.
If JDK is not installed, ip|boss installation will not launch and the following
error message is displayed:

If the JDK installed is not in the right version, the following error message is
displayed during ip|boss installation:

If the JAVA_HOME environment variable is not properly set, the following


error message is displayed during ip|boss installation:

2-22

Ipanema Technologies

June 2009

Ipanema System installation

Procedure to install ip|boss server software on Windows:

Connect as administrator on the server,


insert the CD-ROM; the installation software will start automatically, otherwise launch the file
ipboss_setup.exe in the directory /win32/install:

Click Next, then indicate the directory of installation (C:\Program Files\salsa by default):

If the directory does not exist, it is created:

If the directory already exists, you are warned that existing files may be overwritten:

June 2009

Ipanema Technologies

2-23

Ipanema System

Select ip|boss and click Next:

ip|uniboss server can be installed at the same time and on the same station as
ip|boss server. Click both clickboxes if this is what you want to do.

Close the services window before continuing the installation:

Click Next to continue:

Select the Domains location path:

Default path is C:\Program files\salsa\ipboss\server.

2-24

Ipanema Technologies

June 2009

Ipanema System installation

This window does not appear if ip|uniboss was installed on the station before.
The Domains location path will then be the one selected on ip|uniboss installation
(C:\Program files\salsa\uniboss\server by default).

Click Next; the installation program then proceeds:

When finished, click Next to continue:

ip|boss service is installed and started; click Next:

June 2009

Ipanema Technologies

2-25

Ipanema System

Select a program group for the shortcuts:

When done, a success message is displayed; click Done:

The setup process of ip|boss server has created and started 1 new service (3 if ip|uniboss
was installed at the same time):
SALSA ipboss Server: manages the start of the different processes,
(and SALSA ipuniboss Server and SALSA Web Server if ip|uniboss was installed at
the same time).

2-26

Configure the recovery mode (Restart the Service in the three fields) for ip|boss service (for
the 3 services if ip|uniboss was installed at the same time): select a service, menu Action /
Properties, tab Recovery:

Ipanema Technologies

June 2009

Ipanema System installation

The setup process of ip|boss server has created the following directory tree:

If ip|uniboss server was installed at the same time, the default directory tree is the following:

June 2009

Ipanema Technologies

2-27

Ipanema System

In both cases, the customers


Files\salsa\ipboss\server\domains.

Domains

will

be

installed

in

Program

To start ip|boss, it is necessary to:

2-28

have a running license (refer to the Section IP|UNIBOSS SOFTWARE / ip|uniboss


license file),
have an active Domain (refer to the Chapter CREATING DOMAINS).

Ipanema Technologies

June 2009

Ipanema System installation

2. 3. 4. Start and stop ip|boss service/process


ip|boss server is made of 1 service/process:

SALSA ipboss Server: manages the start of the different processes.

ip|boss Service

2. 3. 4. 1. Start and stop ip|boss service on Windows


To start / stop / restart ip|boss service on Windows:

Connect as administrator on the server.


Select ip|boss service:

ip|boss Windows Service

Click on:

to start the service (if stopped),

to stop the service (if started),

to restart the service (if started).

2. 3. 4. 2. Start and stop ip|boss process on Solaris


To start / stop ip|boss process on Solaris:

Connect as root on the server.


Launch the ipbossd script:
/etc/init.d/ipbossd start to start ip|boss process,
/etc/init.d/ipbossd stop to stop ip|boss process.

June 2009

Ipanema Technologies

2-29

Ipanema System

2. 3. 5. Install ip|boss client


2. 3. 5. 1. Install ip|boss web client
For ip|boss web client, no installation is necessary.
Internet Explorer software version 6 SP1 and Mozilla Firefox are supported.

Launch Internet Explorer, and select the following URL: https://x.x.x.x/ipboss_portal (where x.x.x.x
is the IP address of ip|uniboss server ip|uniboss is the web portal for ip|boss; note that the
use of HTTPS is mandatory).
If a security warning window opens, click Yes.

ip|boss connection window


The connection window has two fields:

User name: the name of the user (administrator by default),


Password: with administrator account the default password is admin.

Click on Validate to access the main window:

2-30

Ipanema Technologies

June 2009

Ipanema System installation

ip|boss web client main window

June 2009

Ipanema Technologies

2-31

Ipanema System

2. 3. 5. 2. Install ip|boss Java client


This installation is useless if you use the web client only.

ip|boss Java client runs on:

Windows,
Solaris,
Linux.

JRE 1.5.0_11 is required. Refer to the JAVA section to install JRE if needed.
There must be no proxy installed:

check your web browser parameters (Tools / Internet Options / Connections / LAN
settings: click boxes must be blank (Windows));
check Java web start preferences
(C:\Program Files\Java\j2re1.4.2_10\javaws\javaws.exe then File / Preferences /
General / Proxies: none (Windows)).

Launch your web browser (Internet Explorer / Mozilla / Netscape), and select the following
URL https://x.x.x.x/ipboss_manager (where x.x.x.x is the IP address of ip|uniboss server
ip|uniboss is an authentication and redirection server for ip|boss; the use of HTTPS is
mandatory).

ip|boss Java client connection window


Click on Start ip|boss rich client.

A warning message may appear. Click Run:

2-32

Ipanema Technologies

June 2009

Ipanema System installation

The Java client is then loading:

Click Yes in the Create shortcuts window in order to create desktop and start menu shortcuts:

Now ip|boss Java Client is installed, the starting screen appears:

To launch the client complete the following fields in the Login window:
Server: IP address of ip|uniboss server (ip|uniboss is an authentication and redirection
server for ip|boss).
User name: administrator by default.
Password: with administrator account the default password is admin.

June 2009

Ipanema Technologies

2-33

Ipanema System

and click Ok. ip|boss Java client main window opens:

ip|boss Java client main window

To start ip|boss client, it is necessary to:

have a running license (refer to CHAPTER 3. MANAGING DOMAINS / 3.5. IMPORT


A LICENSE),
have an active Domain (refer to CHAPTER 3. MANAGING DOMAINS); otherwise a
message tells that you have no access to any domain:

If ip|boss server is upgraded, the software upgrade of ip|boss Java client is


automatically handled by the Java Web Start Software when launching ip|boss Java
client.

2-34

Ipanema Technologies

June 2009

Ipanema System installation

2. 3. 6. Uninstall ip|boss
The uninstallation of ip|boss consists in uninstalling the ip|boss server program on the server, and
if installed on the server the ip|boss Java Client.

2. 3. 6. 1. Uninstall ip|boss server on Windows


To uninstall ip|boss server on Solaris, refer to the installation
IPANEMA-IBS-INSTALL-V[x].PDF (IBS stands for ip|boss server).

manual

To uninstall ip|boss server, you must be connected as administrator on the server.

If ip|uniboss and ip|boss servers are installed on the station, the installation procedure
will uninstall both.

Connect as administrator on the server.


ip|boss service must be stopped before uninstalling.

ip|boss Windows Service

If ip|uniboss server is also installed on the station, you must also stop the 2
ip|uniboss services (SALSA ipuniboss Server and SALSA Web Server).

Launch uninstall located in Start / Programs / ipboss.


Select Force the deletion of ~\Program Files\salsa and click Uninstall:

When done, click Quit:

June 2009

Ipanema Technologies

2-35

Ipanema System

After these steps, in order to remove ip|boss service in Windows, you have to reboot
the Windows server.

2-36

Ipanema Technologies

June 2009

Ipanema System installation

2. 3. 6. 2. Uninstall ip|boss Java client

Launch Java web start Application manager from the desktop, from the menu Start / Programs
/ Java Web Start or from the directory C:\Program Files\Java\jre1.5.0_11\bin\javaws.exe.

Click on ip|boss application and select the menu Application / Uninstall Shortcuts in order
to delete the shortcut on the desktop:

Select the menu Application / Remove Application in order to uninstall ip|boss Java client:

If you want to uninstall Java on the server, select the menu Settings / Control Panel,
select Add / Remove programs and choose Java in the program list.

June 2009

Ipanema Technologies

2-37

Ipanema System

2. 4. IP|UNIBOSS AND IP|BOSS CLI CLIENTS


For detailed information concerning ip|boss and ip|uniboss Command Line Interface
clients, please refer to NO-10000249-Rev 3- ipboss v4.3Rx - CLI Reference
Manual.doc.
ip|boss and ip|uniboss have a specific GUI client each, that uses CORBA over SSL to
communicate with a dedicated client request handler.
Quite similarly, there is a CLI client for ip|boss and a CLI client for ip|uniboss. They communicate
exclusively with their respective CLI connector using CORBA over SSL. The best image to illustrate
what the CLI clients and CLI connectors are is to compare the CLI clients to Telnet clients and the
CLI connectors to remote shell services.

2. 4. 1. Install ip|uniboss and ip|boss CLI clients


The CLI clients can be downloaded from the ip|boss web server using the following URLs:

https://x.x.x.x/ipboss_cli for the ip|boss CLI client,


https://x.x.x.x/uniboss_cli for the ip|uniboss CLI client (where x.x.x.x is the IP address of the
ip|boss web server).

By clicking on the link (depending on your system), you will be asked to open or save a zip archive
named:

ipboss_cli_win32.zip, ipboss_cli_solaris.zip or ipboss_cli_linux.zip for ip|boss client,


ipuniboss_cli_win32.zip, ipuniboss_cli_solaris.zip or ipuniboss_cli_linux.zip for ip|uniboss
client.

These zip archives have some files in common. It is possible to unzip them in the same directory.
Unzip the archive you need, depending on your system, and launch the executable file it contains:

2-38

ipmcli.exe or ipmcli for ip|boss client,


ipmunicli.exe or ipmunicli for ip|uniboss client.

Ipanema Technologies

June 2009

Ipanema System installation

You are then prompted for:

the server address (127.0.0.1 will be used if you enter no value),


the port (9999 will be used if you enter no value),
the user (no default means you have to enter a value; the default user is administrator),
the password (the default password for the administrator account is admin).

A message tells you when you are logged in to ip|boss CLI client.
The prompt turns to ipmcli@<Domain_name> (ip|boss client) or ipmunicli@<Domain_name>
(ip|uniboss client).
The CLI clients currently use no external settings whatsoever, no startup file, no registry. Just
download the binaries to some directory, unzip the archive and make sure to have that directory in
your PATH.
For Solaris you will also need to add that directory to your LD_LIBRARY_PATH. As an
alternative, you can create a launcher script like:
#!/bin/sh
IPMCLI_DIR=<some directory>
# Use absolute path here
LD_LIBRARY_PATH=$IPMCLI_DIR:$LD_LIBRARY_PATH
export LD_LIBRARY_PATH
$IPMCLI_DIR/ipm[uni]cli $*
Call that script ipm[uni]cli and put it into any directory that is in your PATH (usually
/usr/local/bin). Make sure you add execute permissions to that script for anyone who is
to use it.

2. 4. 2. CLI client/server compatibility


The CLI client/server communication protocol, the CLI client and the CLI connector have been
designed with upwards and backwards compatibility in mind. As a consequence, it is safe to use
any CLI client with any CLI server, no matter the versions and/or platforms.
The client and the server exchange version information prior to the login request, and they
exchange protocol version offers in the login request itself. During protocol version negotiation,
the more recent peer is supposed to present itself as the most recent version of itself, the older
peer has knowledge of, that usually is the older peers version.
As a result, the client and the server version offer usually refer to the same protocol version.

June 2009

Ipanema Technologies

2-39

Ipanema System

2. 5. IP|REPORTER SOFTWARE
ip|reporter processes numerous high added value reports which leverage fully all the power of the
Ipanema System.
ip|reporter is powered by InfoVista.

It includes an embedded InfoVista runtime license which carries out all the user interface functions
locally, remotely in client/server mode, or through an HTML interface using VistaPortalSE
ip|reporter Web.
All the configuration tasks are carried out automatically by the ip|reporter module. Therefore, the
installation of the product is straightforward and its usage very simple.

2. 5. 1. Specifications for ip|reporter server


The software application runs on a server:

Windows 2000 Service Pack 4 or higher, Windows 2003 SP1 or higher, or


Sun Sparc Ultra 5, Solaris 9 or 10.

Memory, processor and disk requirements vary according to how you use InfoVista software,
notably in terms of database size. Please refer to the relevant Release note to check them.
Always install ip|reporter server on a dedicated machine (in case of a small
configuration ip|boss and ip|reporter can be on the same machine).

2-40

Ipanema Technologies

June 2009

Ipanema System installation

2. 5. 2. ip|reporter architecture
ip|reporter runs in client/server mode. The server processes (InfoVista) collect data from ip|boss
SNMP agent. The client (IVreport) is the GUI (graphical user interface) that allows to show the
reports.
The reports can also be visualized through a web client, using VistaPortal SEs web server (refer
to section ip|reporter web edition).

ip|reporter architecture

2. 5. 3. Multi network interfaces


In the case where you have a server with several network interfaces, CORBA uses the first network
interface it finds for the current host. You can change this:

by setting the usable host Ip address to IV_HOST_IPADDRESS


Example IV_HOST_IPADDRESS=10.1.12.248
This is the recommended way for version 3.1.
by setting ORBendPointPublishAllIFs to 1. This second solution makes the binding to all
the non-loopback interfaces of the host.

These settings must be made on the server machine.

June 2009

Ipanema Technologies

2-41

Ipanema System

2. 5. 4. Install/Uninstall ip|reporter on Windows


To install/uninstall ip|reporter server on Solaris, refer to the installation manual
IPANEMA-IRP-INSTALL-V[x].PDF (IRP stands for ip|reporter).

The installation of ip|reporter on Windows 2000 or 2003 system contains 3 steps:

1. install InfoVista; if InfoVista is already installed, it is not mandatory to reinstall it if the version
is identical (see the build number and the instructions of the release note):

insert the ip|reporter CD in the CD-ROM drive,


launch from the CD-ROM /infovista/win32/Setup.exe,
follow the on screen instructions;
if there is a hot fix folder in the ip|reporter package, you will have to install it;
in the event of a problem, refer to the README.TXT file in the CD-ROM directory
infovista.

Refer to the detailed installation procedure starting next page.


2. load Ipanemas VistaViews in InfoVista; refer to the procedure hereafter,
3. copy the description file of the reports templates (reports_desc.ipmsys) on ip|boss server (in
Program files/salsa/ipboss/server/conf).

Infovista software protection


The InfoVista server software and VistaViews are protected by a license key. This determines the
period of time you can access the server and the VistaViews:

For an evaluation or demonstration period, use the EVAL key. This allows you to access the
server for a period of 30 days starting from your first connection to the server,
For an extended evaluation or an unlimited period, you need a license key provided by Ipanema
Technologies. Refer to the Obtaining License key section below.
If you are using an evaluation key, you are unable to connect to the InfoVista server
and to access the reports in the VistaView after the evaluation period. However, the
collected data are not lost and new data continue to be collected. You are able to access
the reports again after entering a valid server and VistaView license key.

2-42

Ipanema Technologies

June 2009

Ipanema System installation

2. 5. 4. 1. Installation procedure
2. 5. 4. 1. 1. Prerequisites
Please note that to install InfoVista, you must have Administrator privileges because the installation
program installs Windows services.
The InfoVista server and client can be installed on systems running under Windows 2000 SP4
or higher and Windows 2003 SP1 or higher; additionally, the client can be installed on systems
running under Windows XP SP1 or higher.
For more information on Operating System requirements, refer to the Readme file. To open this
file, select Start/Programs/InfoVista/Readme/ InfoVista Readme.

2. 5. 4. 1. 2. Before installing
Before installing, and for optimal performance of InfoVista on a Windows server, it is important to
optimize your computer for applications and not for file sharing.
To optimize a Windows 2000 server for network applications:

use the dialog: Start/Settings/Control Panel/Network/Local Area Connection,


open the property sheet (properties button),
open the File and Printer Sharing for Microsoft Networks property sheet,
select the last option: Maximize data throughput for network applications.

There are two possible installation procedures:

first-time installation,
upgrade.

2. 5. 4. 1. 3. First-time installation
A first-time installation does the following:

installs the InfoVista software;


imports the pre-loaded VistaViews into the InfoVista server database;
installs the Perl Integration Toolkit (SDK).

2. 5. 4. 1. 3. 1. Procedure

Insert the ip|reporter CD into your CD-ROM drive.


To start the procedure:
either, from the Task bar:
select Run,
enter (this assumes the CD is in drive D:): D:\infovista\win32\setup
press Enter
or, in the Windows Explorer: double-click the Setup.exe program in the CD-ROM
directory \infovista\win32.

Follow the dialog displayed on the screen.

2. 5. 4. 1. 3. 2. User information dialog box


You are prompted to complete the following fields:
Name

any string of characters

Company Name

any string of characters

License key

if you have a license key, enter it here. If not, leave the evaluation key
EVAL, which allows you to use the software for 30 days

June 2009

Ipanema Technologies

2-43

Ipanema System

2. 5. 4. 1. 3. 3. Selecting components to install


The Select Components window allows you to specify which software components are to be
installed. To add a component, check the box to the left of its name. By default, all components
are checked. You can also specify a different destination disk or directory in this window.

the Server Components and Client Components software packages are both selected for
installation by default. To install only one or the other, uncheck the box to the left of the item
you do not wish to install,

the Online Documentation component copies to disk the InfoVista core documentation in
PDF format. These files can be opened (with Acrobat Reader software) in IVreport using the
Help/Contents option or alternatively Start/Programs/InfoVista/Documentation.

the Perl Integration Toolkit component installs a Perl scripting-language extension, which allows
you to include InfoVista commands in Perl scripts.

2. 5. 4. 1. 3. 4. Setting InfoVista Server Instance Name


(First installation only)
Set the name of the InfoVista Server instance to install (20 characters maximum). By default, the
first server instance you install is called iv1.
This name is used by the Service Manager and allows you to identify a given server instance when
multiple servers are installed.
2. 5. 4. 1. 3. 5. Setting InfoVista Server Directories
(First installation only)
You can modify the Manager and Collector database names and paths. Database names are based
on the server instance name defined in the previous step (manager_iv1.db and collector_iv1.db
by default).
You can also modify the name and path of the log directory (by default: <installdir>\log).
Default directories
The default installation directory is:
C:\Program Files\Infovista\Essentials
The installation directory is referred to as:
<installdir>
InfoVista software modules are installed in the following directories, by default:

2-44

Installation:

<installdir>\
This is the main directory. You can change it by clicking on the
Browse button in the Select Components window.

InfoVista Manager and


Collector:

<installdir>\data\
This directory contains the manager.db file, responsible for
updating the InfoVista Information System model and the
collector.db file, which stores polled data.
Note: Upgrades of existing 3.2 installations do not allow database
directory changes.

Ipanema Technologies

June 2009

Ipanema System installation

InfoVista log files:

<installdir>\log\
InfoVista log files are installed in this directory.
To change the location of the Manager/Collector database files
or the log directory, modify the paths displayed in the Server
directories window.
Note: Upgrades of 3.0 do not propose a change in the log
directory.

InfoVista Online
Documentation:

<installdir>\doc\
Acrobat PDF-format documentation files are copied here.
The installation of Acrobat Reader is not proposed
during the installation process, but the software
is provided on the CD-ROM. You must install this
software to be able to read PDF-format documentation
files provided with InfoVista. To install Acrobat
Reader (version 5), execute:win32acr-505.exe from
CD-R:\infovista\redist\acrobat\win32

2. 5. 4. 1. 3. 6. Setting InfoVista Server Instance endpoints


(First installation only)
For each InfoVista server endpoint, you can set a port number. If you leave the default (Automatic),
the system randomly chooses an appropriate endpoint.
If you use a multiple IV Server instance configuration, it is no longer mandatory to specify
the endpoint, except if you managed your servers with VistaCockpit 1.1.

Manager Endpoint (Port): the IP port number used to access the InfoVista Manager. By default,
this value is automatically generated by InfoVista.
Collector Endpoint (Port): the IP port number used to access the InfoVista Collector. By
default, this value is automatically generated by InfoVista.
Browser Endpoint (Port): the IP port number used to access the InfoVista Browser. By default,
this value is automatically generated by InfoVista.
If there is a firewall between the InfoVista client-server systems, it is necessary to use
a fixed port number. Consult your firewall administrator to determine an available port
number and enter it here.
With InfoVista Server 3.2 and 4.0, you can connect to a server with a connection string
using the instance name in the case of a multi-server installation. See the InfoVista
Server Users Guide, Communicating with the server for additional information.

2. 5. 4. 1. 3. 7. ObjectStore settings

Select Typical to proceed with a standard ObjectStore installation.


Select Custom to modify the location of the ObjectStore Transaction log file.

ObjectStore Transaction log file


All ObjectStore transactions are recorded in a log file which is, by default, stored in the same
location as the collector and manager databases:
<installdir>\data\ossvrtxn.log
2. 5. 4. 1. 3. 8. InfoVista Cockpit installation
The installer aks you if you want to install InfoVista Cockpit agent; do not click the box and proceed.

June 2009

Ipanema Technologies

2-45

Ipanema System

2. 5. 4. 1. 3. 9. Select Program Folder


The installer informs you that it will add the name InfoVista to your list of Program Folders. You
can, if you wish, modify this name or select another one from the list of existing Folders.
Files are copied to disk at this point.
2. 5. 4. 1. 3. 10. Path variable
The installer informs you that it will add InfoVistas home directory to your PATH environment
variable. This allows you to launch InfoVista executable files from the command line, simply by
typing their names.

Click Yes to modify the PATH variable and continue with installation.

2. 5. 4. 1. 3. 11. Perl installation


The Perl scripting language provides a convenient means to automate data import and export in
the InfoVista environment.
Perl 5.6.1 must be installed in the following directory:
<installdir>\perldist\v5.6.1
See the Readme file for more details on the installation of the Perl Software
Development Kit.

2. 5. 4. 1. 3. 12. Finishing the installation


Click Finish to complete the InfoVista installation. If you have made changes to certain system
parameters, the Setup asks if you wish to reboot. It is recommended to reboot for changes to be
taken into account.
2. 5. 4. 1. 3. 13. Hot fix
If there is a hot fix folder in the ip|reporter package, you have to install it.
2. 5. 4. 1. 3. 14. Installation Directories
After installation or upgrade, the following directories are created or upgraded in the installation
directory (\Infovista\essentials):

2-46

bin:

InfoVista binary executable

data:

ObjectStore databases

doc:

documentation in PDF format.

etc:

resources used by the ObjectStore executables

lib:

resources used by the executables

log:

InfoVista log files

mibs:

MIB files

migration:

libraries and executables needed to migrate a database from v2.3

sdk:

programming extensions for Perl and C. HTML documentation is included


for the Perl API

vviews:

the two automatically installed VistaView XML files (Core and Tuning)

Ipanema Technologies

June 2009

Ipanema System installation

2. 5. 4. 1. 4. Moving from InfoVista Server version 3.2 to version 4.0


The procedure is the same as the first time installation, except that some steps are skipped.

When going from InfoVista Server 3.2 to 4.0, there is no need for a migration of data. This is
an automatic upgrade that modifies the database schema, attributes, and model. It does not
impact the data.
See the InfoVista Server Users Guide or Ipanema Technical note (TN-010007510 how to
migrate from 4.3 to 5.1 version.pdf) for information about database migration.

Important recommendations

It is strongly recommended to make a backup of your databases before starting the installation
procedure. Refer to the "ObjectStore Management Guide" for details.
As the trap format has changed and more precisely the information provided (manager and
browser endpoints), it is mandatory to upload the new InfoVista Trap MIB in your trap receiver.
Following the upgrade, MIB variables corresponding to the old version of the InfoVista-Statistics
MIB are set to deprecated. They will not return any values. The old version of InfoVista Tuning
VistaView is not migrated and will not be available in the new manager.

June 2009

Ipanema Technologies

2-47

Ipanema System

2. 5. 4. 1. 5. Starting and Stopping InfoVista


The next step after installation or upgrade is to check that both the server and client are functioning
correctly.
2. 5. 4. 1. 5. 1. Starting the Server
The InfoVista server is started automatically after installation (and at each system reboot). However,
you may need to stop and start the server manually. The server requires the following services:

InfoVista Browser R4.0 iv1


InfoVista Collector R4.0 iv1
InfoVista Manager R4.0 iv1
InfoVista Port Mapper R4.0
ObjectStore Cache Manager R6.3
ObjectStore Server R6.3

Start and stop the services as follows

1. Select Start\Control Panel\Administrative Tools\Services.


2. Select each service in turn and click either the Start or Stop icon.

2. 5. 4. 1. 5. 2. Starting the Client


To start the InfoVista client select Start/Programs/ InfoVista/IVreport from the Task bar.
By default, the connection parameters are:
Server Name

name of the system running the InfoVista server. If the server is the
local system (the same system as the client), leave this parameter blank

User name

administrator

Password

blank. Change this password as soon as possible after startup

You can connect to a server with a connection string using the instance name. See
the InfoVista Server Users Guide, Communicating with the server for additional
information.
During a client connection attempt, the server license key is checked against the all
known MAC address on a NIC (Network Interface Card).

2-48

Ipanema Technologies

June 2009

Ipanema System installation

2. 5. 4. 1. 6. Installing VistaViews
This is the second step in installing / upgrading ip|reporter.
To install the Ipanema Technologies Vistaviews, you must use the graphical client InfoVista
IVreport:

Start the InfoVista graphic client.


Menu File/install VistaView.
Select all libraries located in one of the following directories (and one only) on ip|reporter
CD-ROM:
ivl/1m5m if the short and long reporting periods are the default ones, 1 and 5 minutes
respectively,
ivl/1m15m if the short reporting period is at 1 min and the long reporting period has
been increased to 15 min,
ivl/5m15m if the short and long reporting periods have been increased to 5 and 15 min
respectively.

(To read more information on the short and long reporting periods, refer to 3.6.1 Create a
Domain.)
Click on Install button.
Close.

2. 5. 4. 1. 7. Uninstalling VistaViews
When VistaViews are installed, InfoVista creates a library with the same name. To uninstall the
VistaView, delete the associated library as follows.

Start the InfoVista graphic client (IVreport).


In the left-hand pane of the main window, expand the Libraries node.
Select the library you want to delete.
Select command Edit/Delete.

2. 5. 4. 1. 8. Upgrading VistaViews
To upgrade the Ipanema Technologies Vistaview, you must load them with IVreport.

Start the InfoVista graphic client.


Menu File/install VistaView.
Select all libraries located in one of the following directories (and one only) on ip|reporter
CD-ROM:
ivl/1m5m if the short and long reporting periods are the default ones, 1 and 5 minutes
respectively,
ivl/1m15m if the short reporting period is at 1 minute and the long reporting period has
been increased to 15 minutes,
ivl/5m15m if the short and long reporting periods have been increased to 5 and 15
minutes respectively.

(To read more information on the short and long reporting periods, refer to 3.6.1 Create a
Domain.)
Click on the Install button.
Close.

The new versions of VistaViews are NOT automatically updated. To avoid holes in report graphs
at critical times, we recommended you perform the upgrade in off-peak hours.

June 2009

Ipanema Technologies

2-49

Ipanema System

2. 5. 4. 1. 9. Troubleshooting
2. 5. 4. 1. 9. 1. Windows services
The installation program sets the following Windows services to Automatic:

InfoVista Browser R4.0 iv1


InfoVista Collector R4.0 iv1
InfoVista Manager R4.0 iv1
InfoVista Port Mapper R4.0
ObjectStore Cache Manager R6.3
ObjectStore Server R6.3.

They are started automatically at system startup. After installation, if the services are not running,
start them manually.
After an upgrade, services are set to the status (stopped, started) and to the same startup type
(manual, automatic, disabled).
If you experience server problems, check the status of these services. If any of these them have
been stopped, you should restart it:

select Start\Settings\Control Panel\Administrative Tools\Services from the Task bar,


click the Start button for each service to be restarted.

2. 5. 4. 1. 9. 2. Windows Event Viewer


The Windows Event Viewer can be used to obtain more detailed incident information.
To access the Event Viewer:

2-50

select Start\Settings\Control Panel\Administrative Tools\Event Viewer from the Task bar.

Ipanema Technologies

June 2009

Ipanema System installation

2. 5. 4. 2. Uninstallation procedure
Before uninstalling InfoVista, close ivreport and ivstatus if they are running.

from the Task bar, select Start\Settings\Control Panel\Add\Remove Programs,


select InfoVista 4.0 from the programs listed in the Install/Uninstall tab page and click
Add/Remove (Change/Remove in Windows 2000/2003).
If you do not intend to reinstall InfoVista, manually delete the directory <installdir> and any
files remaining in it.

June 2009

Ipanema Technologies

2-51

Ipanema System

2. 5. 5. Backup and restore database on Windows


To backup and restore ip|reporter s database on Solaris, refer to the installation
manual IPANEMA-IRP-INSTALL-V[x].PDF (IRP stands for ip|reporter).

Regular backups of your database limits the quantity of data loss in the eventuality of hardware,
software, or human failures.
You can automate backups using the following tools:

NTBackup (Windows 2003 Server)


IVBackup binary provided for Solaris 9, 10
osbackup in all other cases in which the above do not apply (and ONLY in other cases).

InfoVista Server 4.0 provides backup tools to facilitate the backup of a database (however
voluminous) if that should become necessary or inevitable.
The backup tools work at the file system level. They use a point-in-time technology based on file
system technologies provided by Microsoft (Volume Shadow Copy), Sun (fssnap, delivered with
Solaris 9 and 10) and Veritas (fsckptadm, delivered with Veritas Storage Foundation Enterprise).
These technologies enable the performance of a point-in-time copy of data with minimal impact on
application. Basically it performs a snapshot of a partition in a few minutes. During that time, the
InfoVista server must maintain the databases consistent (i.e. no write operations performed).
The advantage of these backup tools are:

No report outages
Reports always available for viewing

To use the backup tools, it is mandatory that the manager and collector databases of an InfoVista
server instance are stored on the same partition.
Backup procedure overview
The following section gives a general guideline by which to proceed when performing a backup.
See the section addressing your specific platform for precise details.
Prerequisites
The new InfoVista backup tool uses the Volume Shadow Copy technology provided with Windows
2003. For older version of Windows, the only solution is to perform backup using osbackup.
Usage
When an InfoVista Server is started, it registers the manager and collector database as VSS aware
with the Volume Shadow Copy Service.
Following this startup, you can use NTBackup to perform the backup of InfoVista databases.
Simply create your NTBackup task and schedule it.
With InfoVista registered with the Volume Shadow Copy Service, when you start a backup,
InfoVista automatically performs a checkpoint of the corresponding server. It automatically
performs a checkpoint when the snapshot is complete, before it releases the server checkpoint.
In addition to NTBackup, you can also use any other backup tool that supports Volume Shadow
Copy technology to back up your InfoVista databases.

2-52

Ipanema Technologies

June 2009

Ipanema System installation

2. 5. 6. Obtaining License key


Associated information: Infovista software protection.

2. 5. 6. 1. Obtaining a full license key


To obtain a full license key, proceed as follows.

Step 1) Retrieve the MAC address of the server machine

Windows:

Under Windows 2000 or 2003, in the Task bar, select:


Start\Programs\Administrative Tools\Computer Management\System
Tools\System Information\ Components\Network\Adapter.
The MAC address is indicated in the column Values.

Solaris:

Login as: root


Enter: ifconfig -a
The MAC address is indicated in the line: ether: xx:xx:xx:xx:xx:xx
Alternatively, if the server has several network interfaces, you must use the ivsetkey
utility to know which MAC address to declare; the InfoVista software must be installed
first, using the EVAL license key, which is valid during 30 days.

Step 2) Answer Ipanema Technologies Supports email containing your ip|boss license and
indicate the MAC address in your answer (support@ipanematech.com).
Step 3) Ipanema Technologies generates and sends you the license key(s)
If you are requesting an unlimited key or you are moving or upgrading an existing unlimited
license, Ipanema Technologies generates and sends you the permanent key(s), which you
must enter in the software as described below.
It is possible to install the InfoVista software prior to obtaining the definitive license
key, using the 30-day evaluation EVAL key.

2. 5. 6. 2. Entering a new server license key


Use the IVSetkey utility to enter a new server license key.
Windows:

Solaris:

June 2009

On the server system, in the Task bar, select:


Start/Programs/InfoVista/ Set License Key.
Enter your new license key
Click Set Key.
On the server system, login as root.
Change directory to (for Solaris): /opt/InfoVista/Essentials/bin
Execute: ./ivsetkey
Enter your new license key
Click Set Key.

Ipanema Technologies

2-53

Ipanema System

2. 5. 7. Reports templates
To finish the installation of ip|reporter, it is necessary to copy the description file of reports
templates on ip|boss server.

2-54

On ip|boss server, start an explorer window,


insert the ip|reporter CD-Rom,
copy the file CD-Rom:/ipboss/reports_desc.ipmsys to ~/salsa/ipboss/server/conf.

Ipanema Technologies

June 2009

Ipanema System installation

2. 6. IP|REPORTER WEB EDITION


ip|reporter web edition is powered by InfoVista.

InfoVista VistaPortal Standard Edition is the web interface for viewing InfoVista reports.
The purpose of this chapter is to Install the VistaPortal SE version 4.0 SP1 on a Windows server
after uninstallation of the version 2.2, or just install the version 4.0.
To install VistaPortal SE server on Solaris, refer to the installation manual
IPANEMA-IRPWEB-INSTALL-V[x].PDF (IRPWEB stands for ip|reporter web).

2. 6. 1. Install ip|reporter Web on Windows


2. 6. 1. 1. Server requirements
Always install VistaPortal Standard Edition on a dedicated machine:

Windows 2000 Advanced Server SP4 or higher or Windows 2003 server SP1 or higher.
Minimum Processor frequency: 900 MHz.
Minimum RAM: 512 MB (2 GB minimum in production).
Minimum disk storage space: 1 GB.

The following elements are required on Windows and must be installed separately:

Web server - IIS or Apache


Microsoft IIS 6.0.
Note that IIS 6.0 needs to be configured manually after VistaPortal SE Installation in
order to be able to connect to the application (see section below).
Apache 2.2.x for Windows. Note that Apache is shipped on the VistaPortal CD-ROM and
needs to be installed and configured manually after VistaPortal Installation (see section
below). Also note that SSL support is not offered on Apache 2.2 for Windows.

InfoVista 3.1 SP1 (or up to InfoVista 4.0 SP1) software. The InfoVista server software can be
installed anywhere on your network. The InfoVista client software does not have to be installed
on the same machine as VistaPortal SE. To be fully functional InfoVista 4.0 is required.
DirectX 9.0c End-User Runtime
Microsoft GDI+ Detection Tool (KB873374)

These components can be downloaded directly from the Microsoft Website or via Windows Update.
Please consult http://search.microsoft.com/.
Optimize your computer for applications
For optimal performance of VistaPortal on Windows Server versions, you must ensure that your
computer is optimized for applications and not for file sharing (by default).
Use the dialog: Start/Settings/Control Panel/Network/Local Area Connection.

1. Open the property sheet ("properties" button)


2. Open the "File and Printer Sharing for Microsoft Networks" property sheet
3. Select the last option: "Maximize data throughput for network applications"

June 2009

Ipanema Technologies

2-55

Ipanema System

2. 6. 1. 2. Installation Procedure
Before Installing:

Execute the file "Disk1\InstData\windows\VM\setup.exe" if the installation does not start


automatically.
The installation procedure proposes the following default installation directory: C:\Program
Files\InfoVista\
Follow the instructions of the VistaPortal SE installation.

2. 6. 1. 3. Memory configuration
Recommended memory settings are proposed during the installation of the product. These
recommended settings depend on your servers memory.
You can however change values of Java server parameters after the installation in order to modify
the settings youve made at installation time.
This update shall also be made if youre adding memory to your VistaPortal SE Server. Note that
the maximum value supported by Java is 1024 MB on Windows server.
Offline Reporting
Change values of Java server parameters in the export script, as follows:

1. Open <installdir>/PortalSE/scripts/export.sh (or export.bat)


2. Edit the value of the variable JAVAMEMORY_FLAGS: -Xmx<NN>m
where the value of <NN> is determined according to the table below:
Installed RAM

<NN>

512MB

256

1024MB

512

2048MB

1024

3. Save and close the file.

Online and Mixed mode Reporting


Change values of Java server parameters.

1. Open <installdir>/PortalSE/wrapper/wrapper.conf
2. Locate the lines
# Maximum Java Heap Size (in MB)
wrapper.java.maxmemory=512

2-56

3. Modify the maxmemory value according to the table below:


Installed RAM

<NN>

512MB

256

1024MB

512

2048MB

1024

4. Save and close the file.


5. Restart the VistaPortal SE server for the new changes to take effect.

Ipanema Technologies

June 2009

Ipanema System installation

2. 6. 1. 4. Client requirements and configuration


In order to view VistaPortal SE reports, client machines must have a supported web browser
installed and properly configured.
The supported versions of Web Browsers and Java Plug-ins are:

Internet Explorer 6.0 SP2 or 7


Important information regarding the "Click to activate this control" message are available
at http://msdn2.microsoft.com/en-us/ie/bb969055.aspx.
With Internet Explorer the Microsoft Java Virtual Machine is no longer supported.

Firefox 2.0
Sun Java Plug-in: version 1.5.0_11 or 1.6.0_01

VistaPortal SE will remain fully functional with more recent releases of these Web Browsers and
Java Plug-ins, as long as no regressions or important changes are introduced by such releases.
However, until intensive testing has been carried out on any new releases, they will remain
unsupported.
The Web Browser must be configured to:

Accept Cookies,
Enable Java and JavaScript,
Enable Popups from the VistaPortal SE website,
If you wish to view PDF-format reports, you must install the Adobe Acrobat Reader software
(Acrobat Reader version 6 or above), available in the /redist/adobe directory of the VistaPortal
CD-ROM. To display PDFs in the Browser, the "Display PDF in Browser" option in the PDF
preferences has to be checked. If not, the PDF files will be opened in a separate Acrobat Reader
window.
If you wish to view Excel exports, Excel 2003 or greater must be installed.

Internet Explorer complementary settings

If the "Click to activate this control" messages appears in applets


Updates
are
available
from
Microsoft,
please
read
http://msdn2.microsoft.com/en-us/ie/bb969055.aspx
VistaPortal Standard Edition does not use Active X but instead only Java applets and Javascript;
nevertheless due to Microsoft implementation Active X execution has to be enabled:
Open the menu "Tools" / "Internet Options
In the Security tab, for the Internet zone select Custom Level button
Enable the option "ActiveX controls and plug-ins" -> "Script ActiveX controls marked
safe for scripting"
Check the parameter Use HTTP 1.1 through proxy connections in menu: "Tools /
Internet Options", Tab "Advanced", Section "HTTP 1.1"

If VistaPortal Standard Edition is installed using HTTPS, the web browser must allow encrypted
pages to be saved on disk in order to be able to save Report Data Exports (PDF, Txt, ...):
Open the menu "Tools" / "Internet Options"
Open the the "Advanced" tab
In the section "Security", uncheck "Do not save encrypted pages to disk".

Under Windows 2003 server, the VistaPortal Standard Edition website needs to be added in
the "Trusted Sites" list:

Open the menu "Tools" / "Internet Options"


In the Security tab, select the "Trusted Sites" icon
Click on the "Sites" button
Click on the Add button

In order to be able to display Excel exports when accessing VistaPortal Standard


Edition through the "Internet" zone, the following security setting must be enabled
(http://support.microsoft.com/kb/883255):
Open the menu Tools / Internet Options
In the Security tab, for the Internet zone select Custom Level button

June 2009

Ipanema Technologies

2-57

Ipanema System

Enable "Downloads -> Automatic prompting for file downloads" option

On Windows 2003 Server, Internet Explorer is setup by default not to play animations. No
animated images in VistaPortal Standard Edition are displayed. In order to see animations,
Internet Explorer must be set up with the following option:
Open the menu "Tools" / "Internet Options"
In the Advanced tab, for the Multimedia section check the Play animations in web
pages option.

2. 6. 1. 5. VistaPortal SE URLs
Assuming you accepted the default site name PortalSE, the URL of VistaPortal SE is:
http://localhost/PortalSE.
In the rest of this document, the installation directory will be referred to as <installdir>.
If you choose another directory, replace <installdir> with the name of your installation directory in
the rest of this document.

2. 6. 1. 6. VPSE V2.2 uninstallation


This step is necessary only for a software update (not for a first installation of VistaPortalSE).

Stop Apache or IIS service


Stop the 2 Jrun services
Via Add/remove program in the configuration panel, uninstall VistaPortalSE V2.2
Via Add/remove program in the configuration panel, uninstall Jrun 3.0
Via Add/remove program in the configuration panel, uninstall Apache v2.2 or IIS 5 or 6
Check if java v1.5.0_11 is installed, if yes uninstall it
Reboot the server.

2. 6. 1. 7. VPSE V4.0 Installation procedure on Windows


2. 6. 1. 7. 1. Apache 2.2 Installation

Insert the CD-ROM ip|reporter Web v2.2.


Run
apache_2.2.xx-win32-x86-no_ssl.exe
redist\apache2.0\win32.
Follow the onscreen instructions (default installation).

application

in

2. 6. 1. 7. 2. VPSE 2.2 Installation

2-58

Insert the CD-ROM ip|reporter Web v4.0 and run the setup.exe application in
InstData\windows\VM (normally auto-run launch it). The welcome screen appears.
Click Next. The License Agreement window appears. After you have read and agreed to the
license terms, Click I accept... and click Yes.
The Setup README FILE window appears. This file contains the latest release notes, which
we recommend that you read.
If needed, click the Open in Web browser button to direct the ReadMe to your favorite browser.
The information remains available in a separate window. Click Next.
The Select installation directory window appears to allow you to change the default installation
directory, if necessary. By default, VistaPortal is installed in C:\Program Files\InfoVista.
Click Next.
When the Install set window appears, check only Core components. Unclick the check box
Report samples. Click Next.

Ipanema Technologies

June 2009

Ipanema System installation

The VistaPortal SE Site Name window appears. Enter the name of the portal that users will
access as a URL. Our example uses the default name <PortalSE>. Click Next.
The Memory settings window appears. Available memory is automatically detected and a value
is proposed for both the VistaPortal and VistaPortal SE servers (= half of the physical memory
of the VistaPortal server. Maximum is 1GB (on Solaris systems the maximum is 2 GB). The
memory proposed for VistaPortal SE is half of the memory defined for VistaPortal). Click Next.

If you are upgrading to newer version of VistaPortal SE you can keep the existing
memory settings, or set the maximum memory allocated to VistaPortal. We
recommend that you keep the existing memory settings.

June 2009

Ipanema Technologies

2-59

Ipanema System

Unclick the check box install InfoVista Cockpit Agent in the window that appears. Click Next.

The Pre-Installation Summary page appears with summarized information about the parameters
you have entered. Click Next.
The installation starts. A progress bar indicates the progress of the installation.
The installer completes the installation of VistaPortal and displays a summary and message
that you have successfully installed VistaPortal SE.
Click Done to exit the installation window.

You can now connect to the default VistaPortal SE welcome page at


http://<vpsehost>/PortalSE and browse the site (the URL is case sensitive). Connect and
ensure that your VistaPortal SE has been correctly configured.
Installing JDK and Tomcat
Note that during the installation of VistaPortal SE 4.0 SP1, the setup automatically proceeds with
the installation of Java Development Kit components, JDK.
The installation continues with the installation of the Tomcat application server and the configuration
of the External Web Server.

2-60

Ipanema Technologies

June 2009

Ipanema System installation

2. 6. 1. 7. 3. Apache Web server Configuration


After the installation has finished, youll have to configure IIS 6.0 (see next section) or Apache 2.2.
To install Apache 2.2 on Windows with tomcat connectors, do the following:
Install Apache using the default installation options (a version is provided on the CD-ROM in
redist\apache2.2\win32).
Once installed, edit the httpd.conf file in the directory C:\Program Files\Apache
Software Foundation\Apache2.2\conf\
Locate the following section (from around line 160):
--------------------------------------------------------------------------# Dynamic Shared Object (DSO) Support
# To be able to use the functionality of a module which was built as a DSO
# you have to place corresponding LoadModule lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Please read the file README.DSO in the Apache 1.3 distribution for more
# details about the DSO mechanism and run apache -l for the list of
# already built-in (statically linked and thus always available) modules in
# your Apache binary.
# Note: The order in which modules are loaded is important. Dont change
# the order below without expert advice.
# Example:
# LoadModule foo_module modules/mod_foo.so
--------------------------------------------------------------------------

After this section, add the following line (note: in this example, VistaPortal was installed in
C:\Program Files\InfoVista\, which is noted ~):
--------------------------------------------------------------------------LoadModule jk_module "~/TomcatWebServerConnector/apache2.2/win32/mod_jk.so"
-------------------------------------------------------------------------- At the end of the configuration file, add the following lines (note: ~ stands for C:\Program
Files\InfoVista\):
--------------------------------------------------------------------------JkWorkersFile "~/TomcatWebServerConnector/conf/workers.properties"
JkMountFile
"~/TomcatWebServerConnector/conf/uriworkermap.properties"
JkLogFile
"~/TomcatWebServerConnector/logs/jk.log"
JkLogLevel emerg
JkShmFile
"~/TomcatWebServerConnector/logs/jk.shm"
-------------------------------------------------------------------------- Save the modifications.
Restart the Apache service.

2. 6. 1. 7. 4. IIS Web server Configuration


After the installation has finished, youll have to configure Apache 2.2 (see previous section) or IIS
6.0.
Create a Web Service Extension on IIS 6.0 (this step is required for any installation of VistaPortal
SE 4.0 on IIS 6.0):

Select Administrative Tools/Internet Information Services Manager in the Control panel.


Expand the left-hand pane and select your host name.
Expand Web Sites, and select the Default Web Site.
Right-click and select properties, then select the ISAPI filters tab.
Ensure that there only one jakarta filter is defined. If more than one is defined delete the other
filters and keep only one.
Click OK.
Select Web Service Extensions in the left-hand pane.
Right-click Add new web service extensions in the left-hand pane, then set jakarta for the
extension name.
Click Add and Browse to select the file isapi_redirect.dll in the directory
TomcatWebServerConnector\IIS which is at the installation level - C:\Program
Files\InfoVista\TomcatWebServerConnector\IIS\isapi_redirect.dll
Click OK to confirm.
Double-click the jakarta item in the left-hand pane, and select the required File tab.
Select the jakarta line in the list, right-click Allow.

June 2009

Ipanema Technologies

2-61

Ipanema System

Select your host name in the left-hand pane, then right-click and select All Tasks - > Restart IIS.

For more information on Tomcat connectors, please consult the documentation included in the
directory
/opt/InfoVista/TomcatWebServerConnector/doc
or
C:\Program Files\InfoVista\TomcatWebServerConnector\doc

2. 6. 1. 7. 5. Use of URLs
Assuming you accepted the default site name PortalSE, the URL of VistaPortal SE is:
http://localhost/PortalSE.
In the rest of this document, the installation directory will be referred to as <installdir>.
If you choose another directory, replace <installdir> with the name of your installation directory in
the rest of this document.

2. 6. 1. 8. Customizing
It is possible to set the Portal to ipanema colors, set the Online mode, add a help for the reports,
delete the unused buttons and modify some settings.
This customizing is done thanks to the ipreporterweb_setup.exe installer (provided on ip|reporter
web CD-ROM). Please refer to the Technical note How to Install VPSE for further details.
After this customizing has been set, open an Internet Explorer with the following URL to access
the Portal:
http://<@IPServerVPSE>/PortalSE

Click on the Connect button. A server connection form is then displayed:

2-62

Ipanema Technologies

June 2009

Ipanema System installation

Connection to ip|reporter server


The default Username is administrator, with no password (leave the field empty).

It is possible to logon automatically to the Infovista server; for this the


~/InfoVista/controls/portalsesetup.xml file must be modified (see infovista
documentation). In this case, the user can access directly to the reports.

June 2009

Ipanema Technologies

2-63

Ipanema System

The reports list is the same as in the Infovista client (IVreport). The report access can be defined
for each user with specific rules (see Infovista documentation.
A help can be accessed by clicking on the help button.

2-64

Ipanema Technologies

June 2009

Ipanema System installation

Report example

June 2009

Ipanema Technologies

2-65

Ipanema System

2. 6. 2. VistaPortal SE 4.0 SP1 directory structure


This section describes each directory and subdirectory in VistaPortal SE 2.2 SP1.

The PortalSE directory


The default installation procedure creates the \PortalSE subdirectory under the InfoVista directory.
For the purposes of this manual, the installation directory is referred to as <installdir>. By default,
this is C:\Program Files\InfoVista. The following subdirectories and files are used to create
online and offline reports.
The controls subdirectory
After installation, this subdirectory contains the exportctrl.txt and portalsesetup.xml files which are
used to configure report exports and display.
This directory also contains the security.policy file used to define access rights for a user or a group
of users.
The files subdirectory
This contains the subdirectories for report files exported to VistaPortal SE 2.2 SP1.
Sample InfoVista reports are stored in the default subdirectory. The default location
is:<installdir>\PortalSE\files\default
The logs subdirectory
This contains:

2-66

the installation log files,


the server log files (wrapper.log, portalse.YYYY-WW.log)
a sub folder for the offline export log files.

Ipanema Technologies

June 2009

Ipanema System installation

The scripts subdirectory


This contains the scripts used by VistaPortal SE to export reports and to encode user passwords.
The site subdirectory
This subdirectory contains the files used to run VistaPortal SE plus documentation, CSS and HTML
files for the VistaPortal SE interface.
The following subdirectories are located in the \site subdirectory.
classes

Contains the Java (JAR) files used to run the VistaPortal SE interface.

doc

Contains the VistaPortal SE Users Guide (this document) in PDF


format.

images

Contains all the default images used by the VistaPortal SE interface.

pages

Contains all of the HTML pages used in the VistaPortal SE interface.

styles

Contains the CSS files used by the VistaPortal SE interface and sub
folder with the default and customizable pages (welcome.htm).

Web-inf

Contains files which deal with security activation and application


settings.

June 2009

Ipanema Technologies

2-67

Ipanema System

2. 7. IP|EXPORT SOFTWARE
ip|export is an optional module of the ip|boss software suite, the use of this module is enabled by
ip|boss license file and requires the ip|reporter module.
ip|export is delivered on a dedicated CD-ROM, which contains the different software components
(VistaViews Ipanema, Task scheduler, and program about reports models).
All the configuration tasks are carried out automatically by the ip|export module. Therefore, the
installation of the product is straightforward and its usage very simple.

2. 7. 1. Specifications for ip|export server


ip|export is based on ip|reporter server (InfoVista). However, it is possible, if needed, to execute
the files export on an other machine.

2. 7. 2. ip|export architecture
ip|export adds a dedicated VistaViews in ip|reporter (InfoVista). This VistaView allows to create
some dashboard reports according to different filters. A task scheduler allows to export these
dashboard reports at a scheduled time (hour, day...) in Excel format.

2. 7. 3. Install/Uninstall ip|export on Windows


2. 7. 3. 1. Installation procedure
To install ip|export, you must be connected as an administrator on the server
(installation of Windows services).

Connect as administrator on the server,


insert the CD-ROM (the installation software will start automatically, otherwise, with Windows
explorer, execute setup.exe in the directory /win32/install),

Indicate the directory of installation,

2-68

Ipanema Technologies

June 2009

Ipanema System installation

Indicate the program group,

Valid when the installation is done,

Open a DOS window command line,


Execute the following command: ipm_cron /install in order to install the task scheduler.

After the installation of ip|export task scheduler, a new Windows service is created:

Windows service

Cron Service : scheduler service for export files.

Execute the following command: ipm_cron /start in order to launch the task scheduler.

June 2009

Ipanema Technologies

2-69

Ipanema System

the ip|export task scheduler service is started:

Windows service

Cron Service: scheduler service for export files.

Load the ip|export Vistaview to Infovista Server:


Start the IVreport client, and connect with administrator login,
Menu File/Install Vistaviews, and browse the VistaView directory on ip|reporter
CD-ROM, by default CD-R:\ivl\1m5m,
Select the VistaView Ipanema System-ip_export and click on install button

2. 7. 3. 2. Uninstallation procedure
ip|export uninstallation consists in unloading the Vistaview from Infovista server, deleting the task
scheduler service and uninstalling ip|export program.
To uninstall ip|export, you must be connected as administrator on the server (removal
of windows service).Cron service must be stopped before uninstalling.

Unload the ip|export Vistaview from Infovista Server:


Start the IVreport client, and connect with administrator login,
In the tab General, select Libraries/Ipanema System-ip_export,
Right-click and select Delete,

Open a DOS window command line,


Execute the following command: ipm_cron /uninstall in order to uninstall the task
scheduler.

2-70

Launch Start/Program/ipexport/uninstall

Ipanema Technologies

June 2009

Ipanema System installation

When done,

June 2009

Ipanema Technologies

2-71

Ipanema System

2. 8. IP|ENGINES
2. 8. 1. Installing ip|engines
For hardware installation, please refer to the ip|engines installation manuals
(Ipanema-ipeXXX_Directives_YY.pdf and Ipanema-ipeXXX_Configuration.pdf, where XXX
depends on the ip|engine model and YY depends on the language).

2. 8. 2. Upgrading ip|engines software


Operating procedure table: Management
ip|engines software (ip|agent) can be upgraded from the system manager ip|boss, or directly
from the ip|engines themselves. In the first case, an FTP server reachable by both ip|boss and
the ip|engines is mandatory; in the second case (direct upgrade from the ip|engines), the FTP
server only needs to be reachable by the ip|engines to be upgraded.
In ip|boss System provisioning Toolbar, select
tab.

Tools and go to the Software upgrade

The Software upgrade window is displayed:

Software upgrade window


This window is made of two frames:

the list of ip|engines to be upgraded (left frame),


the list of ip|agent software versions (right frame).

The procedure is as follows:

1. At opening, the list of physical ip|engines in the configuration is displayed in the left frame.
The Version column is not filled in. Select some ip|engines (or all with the Select all button
) and click on the Status button
the selected ip|engines.

2-72

to see the actual software versions and statuses of

Ipanema Technologies

June 2009

Ipanema System installation

The statuses can be:


upgraded: the ip|engine has the software release which is described in the field version,
download scheduled: the ip|engine will be upgraded, the scheduled Begin hour is
not passed,
install scheduled: the ip|engine is upgrading, the scheduled End hour is not passed,
error occurred: possible reason of failure:
No Space left for file: no more space on ip|engine to download the file,
Cant connect to server (check address/routes): FTP server is unreachable,
Access to server denied (check login/password): login/pw problem on FTP
server,
File not found: xxxxxxx: the file is not in the right directory on FTP server or the
directory is wrong,
Error while downloading: the connection between FTP server and the ip|engine
is broken,
No disk space left for file: no more space to uncompress the software package.

2. In the right frame, clisk on the Get catalog button


FTP server that contains the catalog:

. A new window opens, to specify the

It contains the following fields:

Hostname: IP address of the FTP server (IP address),


Directory: the FTP server directory containing the ip|agent software files,
Login: user name to use to get the files,
Password: password of the user,
Confirm password.

The list of ip|agent software versions on the FTP server is displayed:

This table is made of two columns:


ip|agent version: list of the available software versions,
Current version compatibility: shows the compatibility with the running version of
ip|boss (compatible or not compatible).

June 2009

Ipanema Technologies

2-73

Ipanema System

3. Select the ip|engines to be upgraded in the left frame and the ip|agent software version in
the right frame, and click on the Upgrade button

A message confirms that the selected ip|engines have received the upgrade order.
allows to cancel the upgrade request. Cancelling an upgrade is possible
A Cancel button
before or during the FTP download of the new version of ip|agent, but before the ip|engine
has started swapping.

4. A scheduling window opens, that allows to schedule the upgrade (during the night for
example), or launch it immediately by clicking on Ok without specifying any date or time:

This window is made of the following fields:


Start time: enter the start date and time for upgrade (this must be a future date, not the
current date). The Start time corresponds to the date when the downloading ip|engine
from the FTP server will be started. The chronological sequence of downloads is
managed automatically by the system,
End time: enter the end date and time of the upgrade (this must be a future date, not
the current date). The End time corresponds to the date when ip|engines downloading
will end and reboot for the new version to be applied,
Mode:
Differential: download only files necessary to upgrade the current version to the
new version,
Total: download all files.
Click on Ok when done. The restart of ip|engines after upgrade is automatically performed at
the date/time specified by the "End time" field.
If the Start time and End time fields are empty, the upgrade starts immediately on the selected
ip|engines.

5. Check that the upgrade has been completed correctly by selecting the concerned ip|engines
and by clicking on the Status button

2-74

Ipanema Technologies

June 2009

CHAPTER 3. MANAGING DOMAINS


Document organization

3. 1. DOMAINS OVERVIEW
After ip|uniboss and ip|boss servers installation, you have to create a Domain to use the system.
A Domain is a coherent set of elements:

ip|boss,
ip|engines.
The Domains are hermetic, an ip|engine of a Domain cannot dialog with an ip|engine
of another Domain. An ip|boss server can manage several Domains; one instance per
Domain should be created.
The creation of a Domain is done only on the server.

To create a Domain launch ip|uniboss web client or Java client (a CLI client is also available).

June 2009

Ipanema Technologies

3-1

Ipanema System

3. 2. IP|UNIBOSS WEB CLIENT

All configuration operations described in this section are performed from Mozilla Firefox 2.0 as
a web GUI on the workstation.

3. 2. 1. Connection to ip|uniboss using the web client


To connect to ip|uniboss server, enter the following URL: https://<Server>/ipuniboss_portal (where
<Server> is used to indicate which ip|uniboss server you want to connect to IP address or DNS
name).
For security reasons, the use of HTTPS is mandatory.

ip|uniboss web client connection window


The connection window has two fields:

User name: the name of the user (administrator by default),


Password: with administrator account the default password is admin.

Click on Validate to access the main window.

3-2

Ipanema Technologies

June 2009

Managing Domains

3. 2. 2. ip|uniboss web client main window

ip|uniboss web client main window (with no Domain created yet)

The main window is divided into 5 parts:


A title bar, with the logo of Ipanema Technologies; closes all open windows when you
click on it.
A tool bar, on the left: it is composed of icons which give access to the different screens
of the software.
A menu bar, on the top: it is composed of five menus, File, Edit, Display, Actions
and ?.
A tab bar, below the menu bar: it shows all the open windows and allows to select any of
them without needing to reload it from the tool bar. The active windows tab is highlighted
in blue.

ip|uniboss web client with two windows open


The working table, that is subdivided into two parts:
A tool bar, composed of icons which allow to read, create, modify and delete
objects (Domains, etc.).
The list of created objects (Domains, etc.).

The buttons of the main toolbar are the following:

June 2009

(Update): updates the configuration; flashes when an update is necessary.

(ip|boss servers): opens the ip|boss servers window.

(Radius): opens the Radius window.

(Password modification): allows to change the password.

(Log): shows the logged events.

Ipanema Technologies

3-3

Ipanema System

(Issues): shows the issues.

(Inventory): shows the inventory.

(Domains): comes back to the Domains window.

(About): shows information about ip|uniboss version and license information, and
allows to import a license.

(Quit): quits ip|uniboss client.

The buttons of the working tables are the following:

(consult): to consult an object (without modification capability),

(new): to create a new object,

(clone): to create an object from another one,

(modify): to modify one or more objects,

(delete): to delete one or more objects.

The menus are the following:


File
New: to create a new object,
Print list: to print a list of objects,
Close: to close the window.
Edit: you can select an object by clicking on its line. To select other objects, you have to
click on their lines while pressing the Ctrl key. The Edit/Select all allows to select all the
objects on the list. The Edit/Unselect all allows to unselect all the selected objects. In
the status bar, the number of selected objects and the total number of objects is shown.
Search: to search for objects; opens a dialog box which allows to find all the
objects with an attribute containing the specified text. The navigation between
the found objects is made with the menus Edit/Next and Edit/Previous.,
Next: to jump to the next found object,
Previous: to jump to the previous found object,
Select all: to select all the objects,
Unselect all: to unselect all the objects.
Display
Sort: to sort objects; by clicking on the header of a column, you sort the list
according to this column (by clicking again on the column, you change the order
ascending-descending). By clicking on several columns while pressing the Ctrl
key, you make a sort on multi-columns. These functions are also available with
the menu Display/Sort.
Filter: you can create some filters on the list which display only the filtered
objects according to the criteria. A simple filter works with only one field whereas
an extended filter is a combination of simple filters. When a filter is active, the
number of displayed objects and the total number of objects is written on the
status bar.

New filter: to create a new simple filter,


New extended filter: to create a new extended filter,
Modify filter: to modify an existing filter,
Extend filter: to extend an existing filter,
Active filter: to activate or deactivate the selected filter.

Choose columns: to choose the columns to display,

3-4

Ipanema Technologies

June 2009

Managing Domains

Preferences:
Save: to save the active filter (and column display),
Delete: to delete a filter (and column display).
Actions: allows to make all the actions achieved through the corresponding buttons:

Consult,
Clone,
Modify,
Delete.

?
About: shows the software version and license information (the same as the
About button).

In the table, the LED on the left gives the objects operational states; for the Domains, it can be:

green (Started),

grey (n/a: disabled),

amber (Starting),

red (the number of ISUs exceeds the total ISU credit),

small and dark (when the Domain has just been created, before an Update has been
applied).

It can be displayed by moving the mouse upon it:

Domains operational state

June 2009

Ipanema Technologies

3-5

Ipanema System

3. 3. IP|UNIBOSS JAVA CLIENT


All configuration operations described in this section are performed from a Graphic User Interface
on the workstation which can be a workstation with a Java Virtual Machine and ip|uniboss Java
client.
To install ip|uniboss Java client, refer to CHAPTER 2 IPANEMA SYSTEM
INSTALLATION.

There are 3 ways to launch ip|uniboss Java client:

Launch Internet Explorer, select the following URL: https://x.x.x.x/ipuniboss_manager (where


x.x.x.x is the IP address of the ip|uniboss server) and click on Start ip|uniboss rich client; this
method is the only one available on the first use of ip|uniboss Java client.

Use the shortcut


on your desktop (if you accepted its creation when asked on the first use
of ip|uniboss Java client).
Use the Start menu (Windows), then select Programs / ipuniboss_manager.

Launching ip|uniboss Java client through a web browser

3. 3. 1. Connection to ip|uniboss using the Java client

Connection window

The connection window has three fields:


Server : this field is used to indicate which ip|uniboss server you want to connect to.
You give the IP address and the port number with the format: X.X.X.X:Z, where X.X.X.X
is the IP address of the ip|uniboss server and Z the port number (9999 by default; it
can be modified in the ip_uniboss.conf file),

3-6

Ipanema Technologies

June 2009

Managing Domains

If the server is setup with the default port number 9999, the port number is
not mandatory.
User name: name of the user (administrator by default),
Password: the password of the user (admin by default).
Click Validate. When done, you are logged in ip|uniboss.

3. 3. 2. ip|uniboss Java client main window

ip|uniboss Java client main window

The main window is divided into four parts:


A menu bar, that gives access to the generic actions of the GUI (creation, deletion,
sort...).
A title bar with the logo of Ipanema Technologies and the name of the application.
A tool bar, composed of icons which give access to the different screens of the software.
A working table that is subdivided into three parts:
A title (Domains in the example above),
A tool bar, composed of icons which allow to read, create, modify and delete
objects,
The list of created objects (Domains, etc.).

The menu bar in the main window has the 6 menus File, "Windows, Edit, Display, Actions
and ?:
File, Edit, Display and ? are the same as described above (web client),
Windows allows to close all windows,
Action allows to make all the actions achieved through the corresponding buttons
(Consult, Clone, Modify, Delete), as in the web client, plus it gives an access to the tools
(Update, ip|boss servers, Password modification, Log, Issues, Inventory).

Toolbar and table view: refer to the description above (web client).

June 2009

Ipanema Technologies

3-7

Ipanema System

3. 4. CREATE AN IP|BOSS SERVER


These procedures are based on ip|uniboss web client.
Before you can create a Domain, you first need to create an ip|boss server.

Open the ip|boss servers table


The ip|boss servers table can be displayed by clicking on
Toolbar:

ip|boss servers in ip|uniboss

ip|boss servers table

Create an ip|boss server


in the ip|boss servers window. Only
To create a new ip|boss server, click on the New icon
the host name (or the IP address) needs to be entered, all other information (ip|boss version,
OS version and JRE version) will be polled from the server:

ip|boss server creation window


You need to click on Validate or Apply:
The Ok button creates the object and closes the window.
The Apply button create the object and keeps the window open. This is useful when
you want to create several objects.
The Cancel button closes the window without creating an object. Use Cancel after an
Apply.
In the servers table, the LED on the left shows the compatibility status of the server; it can be:

3-8

green (Compatible) if the server is reachable and compatible with ip|boss; ip|boss
version, OS version and JRE version are polled and displayed:

Ipanema Technologies

June 2009

Managing Domains

Compatible ip|boss server

grey (Unreachable) if the server is not reachable,

small and dark (when the server has just been created, before an Update has
been applied: an Update
into account).

June 2009

is mandatory for the changes to be saved and taken

Ipanema Technologies

3-9

Ipanema System

3. 5. IMPORT A LICENSE
To create Domains, the license file license.ipmsys must be installed.
To get your license file, please contact the Ipanema Support service at the e-mail address
support@ipanematech.com or license@ipanematech.com.
In the Toolbar, select

About:

It shows the software version and license information (maximum number of Domains, total ISU
credits (Ipanema Software Units), maximum number of physical and virtual ip|engines, authorized
features, etc.):

About menu
The total number of ISUs (Ipanema Software Units) can be allocated in a flexible way accross
different Domains; refer to the Create a Domain section below.
To import a license, click on the Import button, browse your folders and select the proper license
file (license.ipmsys).
(The license file is copied:

In the directory uni_boss\conf:


if ip|uniboss and ip|boss are installed on separate servers: on ip|uniboss server, in
the directory ~\salsa\uniboss\server\domains\uni_boss\conf.
if both ip|uniboss and ip|boss are installed on the same server: on ip|uniboss / ip|boss
server, in the directory ~\salsa\ipboss\server\domains\uni_boss\conf.

3-10

In each Domains directory (if Domains were already existing, for example when upgrading
from a version to a new one): ~\salsa\ipboss\server\domains\<Domain>\conf (on
ip|boss server).)

Ipanema Technologies

June 2009

Managing Domains

3. 6. CREATE AND MOVE A DOMAIN


These procedures are based on ip|uniboss web client.
The Domains window is opened when you start ip|uniboss client.

If other windows have been opened and if the Domains window is not the active one, click on
the Domains tab.

If the Domains window has been closed, in the Toolbar, select

Domains.

3. 6. 1. Create a Domain
Operating procedure table: service ip|reporter

An ip|boss server must be created first. Refer to the previous section.


A running license is required. Otherwise an error window is displayed when
committing a new Domain.

ip|uniboss Domains window

June 2009

Ipanema Technologies

3-11

Ipanema System

In the Domains window, click on the New button

A creation window opens where you can indicate your Domains characteristics:

Domain creation window

The fields with a bold legend are mandatory.

The Domains parameters can be read in the Domains window and in the Inventory window.

3-12

Ipanema Technologies

June 2009

Managing Domains

The window for Domain creation is made of 7 frames.


The first frame contains the following global parameters:

Domain creation: first frame

Name: to specify the name of the Domain (characters string),


Description: to give additional information, if needed,
Administrative state: to Enable or Disable the whole Domain
When a Domain is disabled, all the functions (measure, optimisation, compression,
acceleration, etc.) of all ip|engines of the Domain are stopped.

Access port: port used by the client for that Domain (set 0 for a dynamic port).

The second frame, ip|boss server, contains the following parameter:

ip|boss server

ip|boss server: to choose the server that will manage the Domain (from a drop-down list).
In display mode, ip|boss version, OS version, JRE version and the Compatibility
status are polled from the server and displayed:

The third frame, Domain ISU, contains the following parameter:

Domain ISU

Allocated ISUs: to specify the number of Ipanema Software Units that are needed on that
Domain. Each function requires a certain number of ISUs, that can be purchased from Ipanema
(a new license file is then provided; refer to the Import a license section above). The number
of consumed ISUs and available ISUs for each Domain is displayed in the Domains windows.

June 2009

Ipanema Technologies

3-13

Ipanema System

In display mode, the Credit ISUs (as a percentage of the total number of ISUs
accross all Domains), the consumed ISUs (according to the activated services and
WAN accesses bandwidths) and the number of Available ISUs (= Allocated
Consumed) are computed and displayed:

The fourth frame, SNMP Parameters, allows to configure the SNMP agent of ip|boss:

SNMP Parameters

SNMP Port: to specify the port number of the SNMP agent,


Each Domain (on the same server) must use its own SNMP port, different from the
SNMP port of the other Domains.

SNMP IP Address: to specify the SNMP agent (ip|boss) to be polled by the SNMP Manager
(ip|reporter) in case of a servers cluster only, so that the polling can continue after a switch,
Community name: to specify the community name (Public by default).

The fifth frame, ip|reporter parameters, allows to configure the ip|reporter parameters in order to
supervise and to create/delete reports in Infovista Server:

ip|reporter parameters

3-14

Server: IP address of the ip|reporter server (InfoVista server),


Login: login to the ip|reporter server (administrator by default),
ip|reporter password: password of the ip|reporter server (no password by default),
Manager port: TCP port configured in the InfoVista Server for the manager service,
Collector port: TCP port configured in the InfoVista Server for the collector service,
Browser port: TCP port configured in the InfoVista Server for the browser service,

Ipanema Technologies

June 2009

Managing Domains

the 3 previous fields are optional (used in firewall environment)


Portmapper port: port used by the services based on Remote Procedure Call (RPC) which do
not listen for requests on a well-known port, but rather pick an arbitrary port when initialized;
they then register this port with a Portmapper service running on the same machine. Default
value for ip|reporter is 1275.
Logo URL: to customize the logo in the reports (one logo per Domain). The size of the logo
should not exceed 150 x 80 pixels; most common formats are supported (gif, jpg and png). This
logo will be visible only through a web access.

The sixth frame, Tuning, allows to configure the maximum number of User classes and USer
subnets, the HTTP timeout and the data collection periods between ip|boss and the ip|engines
and between ip|reporter and ip|boss, and used as the reporting polling period:

Tuning

Maximum number of User classes: the administrator can limit the number of User Classes;
-1 (default value) allows an infinite number,
Maximum number of User subnets: the administrator can limit the number of User subnets;
-1 (default value) allows an infinite number,
HTTP timeout: the timeout (in seconds) used on HTTP (or HTTPS) request; the time entered
must be consistent with the network (more than the max. RTT for the most distant ip|engine),
Supervision: the polling period of ip|engine updated status (default values should be used):
1 mn: every minute, ip|boss collects the supervision status (default value),
5 mn: every 5 minutes, ip|boss collects the supervision status,
15 mn: every quarter, ip|boss collects the supervision status.

Collect: the elementary period of the Correlation Records generation (packets collected during
the specified time) and collect period for ip|boss (default values should be used):
1 mn: a CR is made by the ip|engine every minute of traffic (default value),
5 mn: a CR is made by the ip|engine every 5 minutes of traffic,
15 mn: a CR is made by the ip|engine every quarter of traffic.
This parameter is used for the maps and real time flows window updates.

Short reporting: update period for clients of collector service (SNMP agent, ip|export) for short
period reports (default values should be used):
1 mn: the SNMP data are updated by ip|boss every minute (default value),
5 mn: the SNMP data are updated by ip|boss every 5 minutes,
15 mn: the SNMP data are updated by ip|boss every quarter .
This parameter is used for some reports in Ipanema Libraries like Time Evolution,
Detailed per Application, Detailed per User class, ....

June 2009

Ipanema Technologies

3-15

Ipanema System

Long reporting: update period for clients of collector service (SNMP agent, ip|export) for long
period reports (default values should be used):
1 mn: the SNMP data are updated by ip|boss every minute ,
5 mn: the SNMP data are updated by ip|boss every 5 minutes (default value),
15 mn: the SNMP data are updated by ip|boss every quarter .
This parameter is used for some reports in Ipanema Libraries like dashboard, Site
Talker/Listener, Subnet Talker/Listener....

The last frame, User management, allows to configure ip|boss in order to use centralized user
management:

User management

Radius: to enable or disable the RADIUS (Remote Authentication Dial-In User service) server(s)
refer to the Create Radius servers section below.

When done, you need to click on Validate or Apply:

The Ok button creates the Domain and closes the window.


The Apply button creates the Domain and keeps the window open. This is useful when you
want to create several Domains.
The Cancel button closes the window without creating any Domain. Use Cancel after an Apply.
An Update is mandatory for the changes to be saved and taken into account: click on
the Update button

3-16

Ipanema Technologies

June 2009

Managing Domains

After a Domain creation (HMS in the example below) the following directory tree is created on
ip|boss server (by default in ~\salsa\ipboss\server\domains\):

3. 6. 2. Move a Domain
Refer to the document DomainMove.pdf provided on the CD-ROM, in the \doc directory.

June 2009

Ipanema Technologies

3-17

Ipanema System

3. 7. CREATE RADIUS SERVERS


The Radius feature allows the user to:

Define several Radius servers,


Distinguish accounting servers from authentication servers,
Select the server selection algorithm.

The Radius configuration is common to all Domains. For each Domain, the Radius management
can be activated or not (refer to the Create a Domain section above).
If the Radius management is not activated, or if all declared Radius servers are unreachable, we
automatically fall back to the embedded ip|boss users management mode.
The Radius window can be displayed by clicking on

Radius in ip|uniboss Toolbar:

Radius window
This window contains three tabs: Configuration, Authentication servers and Accounting
servers.

Configuration

This tab contains two frames:

Authentication: allows to configure the authentication parameters:


Retry: number of times the server will attempt to contact the Radius servers before
falling down to the embedded ip|boss users management mode; default value is 3;
Timeout: time interval in seconds to wait for the Radius server to respond before a
timeout; default value is 10 seconds;
Dead time: duration between two accesses to an unreachable Radius server (a server
is considered unreachable when the configured number of retries has been reached
without receiving a response within the specified timeout); value 0 means that a server
is never removed from the list of available servers; default value is 10 minutes;
Selection algorithm: allows to choose between a serial and a round-robin algorithm to
select the server, when there are several ones:
serial: the available servers are used one after the other, using the configured
timeout and retry. The order is based on the priority attribute: the lower priority
value is taken first.
round robin: the available servers are used randomly, using the configured
timeout and a retry set to 1. When all servers have been tried, a second loop
is done, and so on depending on the retry value. The order is based on the
priority attribute: the lower priority value is taken first.

3-18

Ipanema Technologies

June 2009

Managing Domains

Accounting: allows to configure the accounting parameters, which are the same as in the
Authentication frame above.

Authentication servers

This tab allows to create, modify or delete Authentication servers.


Click on the New icon

in the Authentication tab to create a new Authentication server.

Authentication server creation window


The Authentication server creation window contains 5 fields:

Priority: value between 0 and 32767 used to define different priority levels between the different
servers, when there are several ones; the higher the value, the lower the priority; default value
is 10,
Name: name you want to give to the server (50 characters max); names must be unique accross
the servers dictionnary,
Host name: IP address or host name of the server (50 characters max),
Port: port on which the server is listening to authentication requests (1645 by default),
Shared secret: shared secret for Radius authentication; it must consist of 15 or fewer printable,
non space, ASCII characters; it should have the same qualifications as a well-chosen password.

Accounting servers

This tab allows to create, modify or delete Accounting servers.


Click on the New icon

in the Accounting tab to create a new Accounting server.

The Accounting server creation window contains the same fields as the Authentication server
creation window (see above) (note: the Port on which the server is listening to accounting requests
is 1646 (UDP) by default).

June 2009

Ipanema Technologies

3-19

Ipanema System

3. 8. LOGS AND ISSUES


3. 8. 1. Log window
In the Toolbar, select

Log:

ip|uniboss Log window is displayed.

ip|uniboss Log window


This window contains:

3-20

the list of system events (on ip|uniboss server) with a time stamping,
the list of connections/disconnections to/from ip|uniboss with a time stamping.

Ipanema Technologies

June 2009

Managing Domains

3. 8. 2. Issues window
In the Toolbar, select

Issues (the icon is greyed when there is no issue to display):

The Issues window is displayed.

Issues window
This window contains a list of issues that may require a users action:

For the Domains:

non
non
non
non
non

created Domains,
deleted Domains,
started Domains,
configured Domains,
reachable Domains.

For ip|boss servers:


non configured servers,
non compatible servers,
non reachable servers.

As long as there is an issue in the Issues window, the Issues icon


blinks. When there is no issue to display, the icon is greyed.

June 2009

Ipanema Technologies

in ip|uniboss tool bar

3-21

Ipanema System

3. 9. INVENTORY
In the Toolbar, select

Inventory:

The Inventory window is displayed.

Inventory window
This window is made of two frames:

Domain inventory,
Topology inventory. This frame is contextual: if no Domain is selected in the previous frame,
it displays all Domains topologies; if one (or several) Domain(s) is (are) selected, it displays its
(their) topology(ies) only.
The
Print button prints all the columns of the selected Domain(s),
whereas the Action / Print menu prints the selected columns of all the Domains.

3-22

Ipanema Technologies

June 2009

Managing Domains

3. 9. 1. Domain inventory
This frame contains the following information:

Name: Name of the Domain


Enabled: Yes / No
ip|boss server: IP address of ip|boss server
Access port: port used by the client on that Domain (0 = dynamic)
SNMP agent (refer to the section Create a Domain above):
Port
Address
C.N.: Community Name

ip|reporter (refer to the section Create a Domain above):

Periods (refer to the section Create a Domain above):

Server
Manager port
Collector port
Browser port
Portmapper port

Supervision
Collect
Reporting short
Reporting long

User management (refer to the section Create a Domain above):


Radius: Yes / No

Domain services: shows if the following services are started (Yes) or not (No):

ip|true
ip|fast
ip|coop
ip|xcomp
ip|xtcp
ip|xapp
smart|plan
ip|reporter
ip|export
smart|path

Number of: shows the number of the following objects, with their totals on the last line:

June 2009

Physical ip|engines
Virtual ip|engines
Automatic metaview
On demand metaview
Automatic reports
On demand reports
User class
Topology subnet
User subnet
Applications

Ipanema Technologies

3-23

Ipanema System

3. 9. 2. Topology inventory
This frame contains:

Domain name
ip|boss server
ip|engine (software version, model and IP addresses are polled from the ip|engine; if it has
not been reachable, the field is blank):

WAN Access:

max ingress bandwidth


min ingress bandwidth
max egress bandwidth
min egress bandwidth

Server
Manager port
Collector port
Browser port
Portmapper port

Domain: shows if the following services are started (Yes) or not (No):

3-24

Total
Total
Total
Total

ip|reporter:

Name
Main public IP address
Main private IP address
Auxiliary public IP address
Auxiliary private IP address
LAN MAC address
Physical: Physical (Yes) or Virtual (No) ip|engine
Enabled: Enabled (Yes) or disabled (No)
Software version
Hardware
ip|true: Yes / No
ip|fast: Yes / No
ip|xcomp compress: Yes / No
ip|xcomp uncompress: Yes / No
ip|xtcp: Yes / No
ip|xapp: Yes / No
smart|plan: Yes / No

ip|true
ip|fast
ip|coop
ip|xcomp
ip|xtcp
ip|xapp
smart|plan
ip|reporter
ip|export

Ipanema Technologies

June 2009

CHAPTER 4. CONFIGURING SERVICES


Document organization

4. 1. CONFIGURATION OVERVIEW
Once your Domain has been created (refer to the previous Chapter) and before starting a
measurement, optimization or compression session, you have to parameter your configuration
(one configuration per Domain).
This configuration uses:

general settings for all functions (measurement, optimization, compression, acceleration and
smart planning) ensuring:
configuration of the Domains ip|engines,
configuration of the topology subnets associated with the ip|engines,
selection of applications, TOS and User subnets assigned to the session, according to
the specific features of the traffic to be measured, optimized, compressed or accelerated,

specific settings that depend on customers requests, for measurement, optimization,


compression and acceleration features:

WAN accesses characteristics settings,


Quality of Service (QoS profiles) settings,
Coloring settings,
User Classes settings,
Metaviews settings.

These data are grouped in a configuration file in the directory


~\salsa\ipboss\server\domains\<Domain_name>\config
named:
__active__.ipmconf
Three clients are available:

a Web client through a Web browser,


a Java client,
a CLI client (Command Line Interface).

June 2009

Ipanema Technologies

4-1

Ipanema System

4. 2. CONFIGURING SERVICES USING IP|BOSS WEB CLIENT

All configuration operations described in this section are performed from Mozilla Firefox 3.0 as
a web GUI on the workstation.

4. 2. 1. Connection to ip|boss using the web client


To connect to the ip|boss server, enter the following URL:
https://<ip|uniboss_server>/ipboss_portal (ip|uniboss is the web portal for ip|boss).
For security reasons, the use of HTTPS is mandatory.

Connection screen

The connection window has two fields:


User name: the name of the user,
Password: the password of the user.
The user administrator with password admin is defined by default.

4-2

Ipanema Technologies

June 2009

Configuring services

4. 2. 2. ip|boss web client main window

ip|boss web client main window

The main window is divided into four parts:


A title bar with the logo of Ipanema Technologies; it closes all opened windows when
you click on it.
A status bar, at the top: it gives the status and statistics on the system; it is possible
to have some details by clicking on the LEDs ip|boss, ip|engine, ip|reporter and
services
A tool bar, on the left: it is composed of menus and icons which give access to the
different functions of the software. It depends on the profile of the connected user.
A working space.

June 2009

Ipanema Technologies

4-3

Ipanema System

4. 2. 3. ip|boss web client table view

Typical window with a table view

A table view shows a list of objects. All the table views give:
A menu bar,
A tool bar,
A list of objects.

Selection: you can select an object in the list by clicking on its line. To select other objects, you
have to click on their lines while pressing the Alt key. To select an interval of objects, you select
the first then the last by clicking while pressing the Shift key. The Edit menu (see below) allows to
select/unselect all the objects on the list. In the status bar, the number of selected objects and the
total number of objects is shown.
Sort: you can sort the list according to one column by clicking on this columns header (by clicking
on the header a second time, you change the order ascending-descending). By clicking on several
columns while pressing the Ctrl key, you make a sort on multi-columns. These functions are also
available through the Display/Sort menu (see below).

The menu bar contains:


The File menu, which allows to:
New: create an object,
Export: export the list of objects,
Import: import a list of objects (Import); this function is not available for all
objects,
Print list: print the list of objects,
Close: close the window.
The Edit menu, which allows to:
Search: open a contextual dialog box which allows to find all the objects with
an attribute containing the specified text. The first matchnig object is highlighted
in the table below. The navigation between the found objects is made with the
menu Edition/Next and Edition/Previous.

4-4

Ipanema Technologies

June 2009

Configuring services

Search contextual dialog box

Next: go to the next found object,


Previous: go to the previous found object,
Select all: select all objects,
Unselect all: unselect all objects.

The Display menu, which allows to:


Sort: by clicking on the header of a column, you sort the list according
to this column (by clicking again on the column, you change the order
ascending-descending). By clicking on several columns while pressing the Ctrl
key, you make a sort on multi-columns. These functions are also available with
the menu Display/Sort.
sort the data (by any field or combination of multiple fields; other features in the
Sort menu are Invert sort (global), Sort by status (global) and Invert sort by status
(global)),

Sort dialog box

June 2009

Ipanema Technologies

4-5

Ipanema System

Filter: create filters on the list which display only the filtered objects according
to the selected criteria.
There are two kinds of filters:

A simple filter (New Filter) works with only one field:

Simple filter
An extended filter (New Extended Filter) is a combination of simple filters
(using AND, OR, NOT logical operators). When a filter is active, the
number of displayed objects and the total number of objects is written
on the status bar. You can activate/deactivate a filter by double-clicking
on the icon of the status bar.

Extended filter
Choose columns: choose the columns to display.
Preferences: save or delete the display mode (filters and selected columns).

4-6

Ipanema Technologies

June 2009

Configuring services

The Actions menu, which allows to consult, clone, modify, delete and change the
administrative state of the objects. The list of actions is the same as you get through
the context menu of the list.
The ? menu, which gives an access to the About menu.

The tool bar contains often the same icons:

(Consult): to consult an object (without modification capability),

(New): to create a new object,

(Clone): to create an object from another one,

(Modify): to modify one or more objects,

(Delete): to delete one or more objects,

June 2009

(Change administrative state): to change the administrative state of one or more


objects.

(Export): to export in a text file the content of the list.

(Help): to go to the help page.

Ipanema Technologies

4-7

Ipanema System

4. 2. 4. ip|boss web client creation form

Typical creation form

4-8

Some fields have tips (


): when you move the mouse on the icon, a message is displayed. In
case of error, the field is displayed in red.
Some fields are related to other objects (example: WAN access).
The Ok button creates the object and closes the window.
The Apply button creates the object and keeps the window opened. This is useful when you
want to create several objects.
The Cancel button closes the window without creating any object.

Ipanema Technologies

June 2009

Configuring services

4. 3. CONFIGURING SERVICES USING IP|BOSS JAVA CLIENT


All configuration operations described in this section are performed from a Graphic User Interface
on the workstation which can be a workstation with a Java Virtual Machine and ip|boss Java client.
To install ip|boss Java client, refer to CHAPTER 2 IPANEMA SYSTEM
INSTALLATION.

There are 3 ways to launch ip|boss Java client:

Launch Internet Explorer, select the following URL: https://x.x.x.x/ipboss_manager (where


x.x.x.x is the IP address of ip|uniboss server ip|uniboss is an authentication and redirection
server for ip|boss), and click on Start ip|boss rich client; this method is the only one available
on the first use of ip|boss Java client.

Use the shortcut


on your desktop (if you accepted its creation when asked on the first use
of ip|boss Java client).
Use the Start menu (Windows), then select Programs and ipboss_manager.

Launching ip|boss Java client through a web browser

4. 3. 1. Connection to ip|boss using the Java client

Connection screen

The connection window has three fields:


Server: name or address of ip|uniboss. You give the IP address and the port number
with the form: X.X.X.X:Z, where Z is the port number (9999 by default),

June 2009

Ipanema Technologies

4-9

Ipanema System

If the server is setup with the default port number 9999, the port number is
not mandatory.
User name: name of the user (administrator by default),
Password: the password of the user (admin by default).

4. 3. 2. ip|boss Java client main window

ip|boss Java client main window

The main window is divided into four parts:


Menu bar: the menu is generic and is in all windows. It gives access to the generic
actions of the GUI (creation, deletion, sort...),
A title bar with the name of the application and the name of the Domain.
A tool bar composed of icons that give access to the different functions of the software.
An overview: it gives the status and statistics on the system.

4. 3. 3. ip|boss Java client table view

Typical window with a table view

A table view shows a list of objects. All the table views give:
A menu bar,
A tool bar,
A list of objects.

4-10

Ipanema Technologies

June 2009

Configuring services

They are the same as in the web client. Refer to the web client description above for more
details.
The Display menu contains one additional function to the web client:

Fix columns: to fix the columns: this keeps the left columns unaffected by an horizontal
scrolling.

4. 3. 4. ip|boss Java client creation form

Typical creation form


Creation forms are the same as in the web client. Refer to the web client description above for
more details.

June 2009

Ipanema Technologies

4-11

Ipanema System

4. 4. IP|BOSS CLI CLIENT


For detailed information concerning ip|boss and ip|uniboss Command Line Interface
clients, please refer to NO-10000249-Rev 3- ipboss v4.3Rx - CLI Reference
Manual.doc.

4. 4. 1. CLI architecture
ip|boss and ip|uniboss have a specific GUI client each, that uses CORBA over SSL to
communicate with a dedicated client request handler (called the Leonardi connector because
of the underlying technology).
Quite similarly, there is a CLI client for ip|boss and a CLI client for ip|uniboss. They communicate
exclusively with their respective CLI connector using CORBA over SSL. The best image to illustrate
what the CLI clients and CLI connectors are is to compare the CLI clients to Telnet clients and the
CLI connectors to remote shell services.
The CLI client/server protocol relies on three verbs:

Login
Logout
Execute

The client and the server exchange version information prior to the login request. This allows either
side to adapt to an older peer.
In its current version, the ip|boss CLI connector forwards login and logout requests to the targeted
Domains Leonardi connector, besides establishing its own session information and setting up
a session specific command parser that will process execute requests. If no specific Domain is
targeted, the ip|boss CLI connector will use the naming service to get a list of all running Domains
and will connect to the first available Domain (in alphabetical order) the provided credentials are
valid for.
The ip|uniboss CLI connector will forward the login and logout requests to the ip|uniboss Leonardi
connector.
Once the session is established, the CLI client acts a transparent upstream pipe between the client
systems keyboard or input file and the CLI connector and a transparent downstream pipe between
the CLI connector and the client systems display or output file.

4. 4. 2. CLI language
The ip|boss Leonardi connector essentially maps a Domains configuration to a set of object
classes and objects within each class. The ip|uniboss Leonardi connector does the same at a
higher level, where Domains are objects in a class. (This is very much akin to tables and rows we
are used to in DBMSes such as Oracle for example.)
The CLI language builds on this paradigm. The language basics are the same for ip|boss CLI and
ip|uniboss CLI. The difference currently only lies in the underlying schema - names of tables and
columns.
A CLI script is a (possibly empty) list of statements. A statement is always terminated by a ";"
(semicolon) character. The semicolon is not a statement separator but a statement terminator. The
difference is important, particularly for parser robustness sake. Having the semicolon act as a
statement terminator and not anything else makes error recovery much easier: eat and discard
input until you see the next semicolon and try to parse more statements from there.
CLI statements currently fall into 2 categories:

Data Manipulation Language (DML)


Session Control Language (SCL)

CLI DML is very much akin to SQL DML.

4-12

Ipanema Technologies

June 2009

Configuring services

With DML you can perform essentially 4 operations on objects:

Create ( or insert),
Modify ( or update),
Delete,
List ( or select).

But there are not only similarities, there are differences too. CLI DML statements act on one table
or object class at a time, there is no such thing as a join. Future releases of CLI will make it easy
to clone objects, just overriding a few columns with specific values. That is not easy in SQL.
CLI offers fine grained control over error handling and logging because it is mainly targeted at
procedure automation versus ad hoc queries.
For the same reason, CLI not only produces tabular output but can also use tabular input in
statements

4. 4. 3. Tabular input and output


CLI can be used for procedure automation in environments where the ipanema solution fits into a
bigger, centrally managed solution. This means that the primary databases are not inside ip|boss,
but somewhere outside, no matter the format.
As a consequence, it is important to make it easy to resynchronize the ipanema solution with
external databases. Hence the choice of a bulk operation centric approach.
With tabular input and output we simply mean that CLI produces output and accepts input such as:
name|public_ip_address|virtual
Out of domain|240.0.0.0|1
ipe_0001|10.1.1.1|0
ipe_0002|10.1.2.1|0
ipe_0003|10.1.3.1|0
ipe_0004|10.1.4.1|0
ipe_0005|10.1.5.1|0
That is easy to obtain from Excel and easy to feed into Excel, or any database (the | (pipe)
character can be changed to something else via a command line option, including the semicolon).
The CLI language has been designed with bulk operations in mind. Below is an example of a valid
statement that creates 5 ip|engines at a time:
CREATE ip_engine FROM STREAM
name|public_ip_address|virtual
ipe_0001|10.1.1.1|0
ipe_0002|10.1.2.1|0
ipe_0003|10.1.3.1|0
ipe_0004|10.1.4.1|0
ipe_0005|10.1.5.1|0
;

June 2009

Ipanema Technologies

4-13

Ipanema System

4. 5. IP|BOSS MAIN SCREEN DESCRIPTION


All the configuration operations of this section are made through the web client GUI. This graphical
user interface is presented hereafter.

Working space
The main window gives access to all features of the system.

4-14

Ipanema Technologies

June 2009

Configuring services

4. 5. 1. ip|boss tool bar


The content of the Tool bar depends on the profile of the connected User.

Toolbar
The buttons give a direct access to the functions. The tool bar is separated into 7 areas:
Global tools
: gives access to the user settings modification,

: gives access to another Domain and allows to check the status of all Domains at a glance
(this icon is only visible if you have an access to several Domains),

: updates the configuration on the ip|engines; flashes when an update is necessary,

: allows to activates the services:

global Start /Stop of ip|true (measurement) on the ip|engines,


global Start/Stop of ip|fast (optimization) on the ip|engines,
global Start/Stop of ip|xcomp (compression) on the ip|engines,
global Start/Stop of ip|coop (virtual cooperation),
global Start/Stop of ip|xtcp (TCP acceleration),
global Start/Stop of ip|xapp (application acceleration),
global Start/Stop of smart|plan (Smart planning reports),

: refreshes the view (on the web client only; on the Java client, the view is automatically
refreshed every minute),

: allows to undo last modifications,

: gives access to the online help,

June 2009

(About): shows information about ip|boss version and license information,


(Quit): quits ip|boss client.

Ipanema Technologies

4-15

Ipanema System

System administration
Click on System administration to access the System administration functions:

: gives access to the user management (creation, deletion of users),

: gives access to the automatic reporting,

: gives access to the security configuration

System provisioning
Click on System provisioning to access the System provisioning functions:

: configures the ip|engines,

: configures the topology subnet addresses,

: configures the WAN accesses,

: configures the coloring of packets,

: configures the time and synchronization servers,

: starts the ip|engines management features:

4-16

software upgrade
reboot
scripts
security status
advanced configuration

Ipanema Technologies

June 2009

Configuring services

Application provisioning
Click on Application provisioning to access the Application provisioning functions:

: configures the User subnet addresses,

: configures the applications,

: configures the ToS values,

: configures the User Classes,

: configures the application mapping,

: configures the QoS Profiles,

: configures the limiting rules (LTL),

Supervision
Click on Supervision to access the Supervision functions:

:shows the status of the ip|engines,

: shows the status map of the ip|engines within a map,

: displays the log window,

: gives access to the different options (mail, SNMP trap) of the system,

June 2009

Ipanema Technologies

4-17

Ipanema System

Helpdesk
Click on Helpdesk to access the Helpdesk functions:

: shows the flows behavior within a Topological map,

: shows the flows behavior within an Applicative map,

: shows the flows behavior within a VoIP map,

: lists the sites links usage and quality,

: starts the discovery features on the ip|engines,

: lists the flows in real-time,

Reporting
Click on Reporting to access the Reporting functions:

4-18

: configures the Metaviews,

: configures the reports of ip|reporter,

: configures the Alarming.

Ipanema Technologies

June 2009

Configuring services

4. 5. 2. ip|boss status zone


The status zone gives instantaneous information on the state of the system.
It is one source of supervision information: in case of errors, the dedicated indicators are lighted in
red or amber. More details can be obtained by clicking on the LEDs.

Status zone
The status zone is made of the Domain name, two bargraphs and four LEDs.

Bargraphs:
Active flows: gauge displaying the current active flows (max number for each collection)
measured by all enabled ip|true agents of the Domain (left figure) over the peak flows
measured since the session start-up (right figure),
Total throughput (Mbps): gauge displaying the current total throughput measured by
all enabled ip|true agents of the Domain (left figure) over peak throughput measured
since the session start-up (right figure).

LEDs:
Discovery: indicates when a Discovery agent is running on an ip|engine (amber color).
Limiting: indicates when a Local Traffic Limiting rule is active on an ip|engine (amber
color).
ip|boss: shows the overall status of ip|boss,
ip|engine: shows the overall status of the physical ip|engines,
The color of the indicator can be:

green: the services are started and the ip|engines are up,
yellow: one or more ip|engines are down,
red: all ip|engines are down,
grey: the services are stopped or no information,

ip|reporter: shows the overall status of ip|reporter,


services: shows the activated services.
Those LEDs are green when all the activated services are up and running, amber in case of a
minor problem or during an update, red in case of a serious problem.
More detailed information can be obtained by clicking on those LEDs: use the back icon
to go back to the main status screen:
With the Java client, all the bargraphs and LEDs are displayed on the main screen.

June 2009

Ipanema Technologies

4-19

Ipanema System

ip|boss: shows the state of the system with two colored indicators:

Connection: shows the status of the connection between the client and the ip|boss
server:
Indicator color
Green

the server is reachable

Red

the server is unreachable


License: shows the license status:

Indicator color
Green

the license is respected

Red

the license is not respected (the number of ISUs exceeds the total
ISU credit)
With the Java client, two additional LEDs are available:

Collector: collect of measures from ip|engines,


Indicator color
Green

active and up

Red

active but down


SNMP agent: shows the state of the SNMP agent of ip|boss.

Indicator color

4-20

Green

active and up

Red

active but down

Ipanema Technologies

June 2009

Configuring services

ip|engine: shows the status of the ip|engines:

Reachable: displays the number of ip|engines currently reachable upon the total
number of ip|engines activated.
Indicator color
Green

all ip|engines are reachable

Red

some ip|engines are unreachable


Overload: displays the number of ip|engines currently overloaded upon the total
number of ip|engines reachable.

Indicator color
Green

no ip|engine is overloaded

Red

some ip|engines are overloaded


Synchronized: displays the number of ip|engines currently synchronized upon the total
number of ip|engines reachable.

Indicator color
Green

service start-up and the server is OK (*); all ip|engines are


synchronized

Yellow

the server is OK (*) and one or several ip|engines are not


synchronized

Red

the server is down (*) and no ip|engine is synchronized

Grey

service is switched off or the status is not available


(*) ITP case.

With the Java client, two additional LEDs show:


GPS: display of the number of ip|engines synchronized by GPS,
ITP: display of the number of ip|engines synchronized by Ipanema Time
Protocol.

June 2009

Ipanema Technologies

4-21

Ipanema System

ip|reporter: shows the state of ip|reporter with two colored indicators:

Database: shows the state of the InfoVista Database:


Indicator color
Green

The InfoVistas database is up

Yellow

synchronization of Infovistas database is running (temporary state)

Grey

error happened during last synchronization of Infovistas database

Red

no access to the reports description (in the reports_desc.ipmsys


file in ~/salsa/ipboss/server/conf on ip|boss server), or the reports
description does not match the installed library (VistaViews loaded
from ip|reporter CD-ROMs ivl directory)
Server: shows the state of the ip|reporter server (InfoVista):

Indicator color
Green

The InfoVistas services (manager, collector and browser) are up

Yellow

one of the InfoVistas services (manager or browser) is down

Red

all InfoVistas services are down (or the server is unreachable)

services: shows the services that have been activated:

ip|true: displays the number of ip|engines currently measuring (ip|true agent running)
upon the total number of ip|engines activated.
Indicator color
Green

service start-up and all ip|true agents are operational

Yellow

one or several ip|true agents are not operational

Red

none of the ip|true agents are operational

Grey

service is switched off or the status is not available


ip|fast: displays the number of ip|engines currently optimizing (ip|fast agent running)
upon the total number of measuring ip|engines having ip|fast activated.

Indicator color

4-22

Green

service start-up and all enabled ip|fast agents are operational

Yellow

one or several enabled ip|fast agents are not operational

Ipanema Technologies

June 2009

Configuring services

Red

none of the enabled ip|fast agents are operational

Grey

service is switched off or the status is not available


ip|xcomp compress: displays the number of ip|engines currently compressing
(ip|xcomp compress agent running) upon the total number of optimizing ip|engines
having ip|xcomp activated:

Indicator color
Green

service start-up and all enabled Compressing agents are


operational

Yellow

one or several enabled Compressing agents are not operational

Red

none of the enabled Compressing agents are operational

Grey

service is switched off or the status is not available


ip|xcomp decompress: displays the number of ip|engines currently decompressing
(ip|xcomp decompress agent running) upon the total number of optimizing ip|engines
having ip|xcomp activated.

Indicator color
Green

service start-up and all enabled Decompressing agents are


operational

Yellow

one or several enabled Decompressing agents are not operational

Red

none of the enabled Decompressing agents are operational

Grey

service is switched off or the status is not available


ip|xtcp: displays the number of ip|engines currently accelerating TCP (ip|xtcp agent
running) upon the total number of optimizing ip|engines having ip|xtcp activate.

Indicator color
Green

service start-up and all enabled ip|xtcp agents are operational

Yellow

one or several enabled ip|xtcp agents are not operational

Red

none of the enabled ip|xtcp agents are operational

Grey

service is switched off or the status is not available


ip|xapp: displays the number of ip|engines currently accelerating applications (ip|xapp
agent running) upon the total number of optimizing ip|engines having ip|xapp activate.

Indicator color
Green

service start-up and all enabled ip|xapp agents are operational

Yellow

one or several enabled ip|xapp agents are not operational

Red

none of the enabled ip|xapp agents are operational

Grey

service is switched off or the status is not available

June 2009

Ipanema Technologies

4-23

Ipanema System

4. 5. 3. ip|boss Java client menu bar


The menu bar in the ip|boss Java client main window has four menus, File, Windows, Actions
and ?:

ip|boss Java client menu bar

File is used only to exit the GUI,


Windows is used to close all the opened windows,
Actions allows to make all the actions achieved through the corresponding icons,
? allows to see information about ip|boss and ip|reporter versions, license and maximum
number of User Classes and User Subnets (if limited on the Domains creation with ip|uniboss).
It is the same as the

About icon in ip|boss web client:

ip|boss web client About window

4-24

Ipanema Technologies

June 2009

Configuring services

4. 6. OPERATING PROCEDURE
The operating procedure consists of the following phases:

choosing a Domain,
creating a configuration or using an archived configuration, that is, specifying all ip|engines and
Domain settings (topology subnets, applications, User Classes, Qos Profiles, MetaViews....),
running a measure, optimization, compression or virtual cooperative session, applied to the
Domain,
analyzing the results in real-time,
reporting configuration of measures and optimization (optional).

Table: operating procedure


The tables below show operations in their chronological order for a Domain, once it has been
chosen (

June 2009

Domain).

Ipanema Technologies

4-25

Ipanema System

Operations to be
performed

Commands

ip|
true

ip|
fast

(1)

Making configuration settings


Create a new configuration

Manual procedure

Start with an existing


configuration

Manual procedure

Define automatic reporting


Automatic reporting

Configure operator coloring


characteristics

Coloring

Configure the WAN


accesses

WAN access

Declare ip|engines of the


Domain

ip|engines

Declare the topology


subnets associated with
each ip|engine

Topology Subnets

Define User subnets


User Subnets
Add, modify or remove
TOS in the dictionary
Add, modify or remove
applications in the
dictionary

TOS
Applications

Define QoS profiles


QoS profiles
Define User Classes
User Class
Define Metaviews
Metaview
Define reports
ip|reporter
Define Alarming
Alarming
Save the configuration
Automatic procedure
(1) M = Mandatory, O = Optional, X = Applied

4-26

Ipanema Technologies

June 2009

Configuring services

Operations to be
performed

Commands

ip|
true

ip|
fast

(1)

ip|true service: measurement


Start a session

Service activation, ip|engines: on


Enable ip|true, for all
ip|engines

Service activation, ip|engines: on

Analyze links

X
Link supervision
X

Analyze real-time flows


Real-time
Real-time Maps
Modify the topology subnets
associated with each
ip|engine

X
Topology Subnets
X

Modify aggregation rules:


TOS
TOS
Applications
Applications
User Subnets
User Subnets
Modify QoS profiles and
User Classes

X
QoS profiles
User Class

Modify automatic reporting


Automatic reporting
X

Modify Metaview settings


Metaview

Modify reports
ip|reporter

Modify Alarming settings


Alarming

Modify the session


dynamically

Update

Disable ip|true, for all


ip|engines

Service activation, ip|engines: off

Stop a session
Service activation, ip|engines: off

June 2009

Ipanema Technologies

4-27

Ipanema System

Operations to be
performed

Commands

ip|
true

ip|
fast

(1)

ip|fast service: optimization


Enable ip|fast for all
ip|engines

Service activation, ip|fast: on

Disable ip|fast for all


ip|engines

Service activation, ip|fast: off

X
X

Start a session

Service activation, ip|engines: on


Analyze optimized links

X
Link supervision

Analyze real-time optimized


flows

X
Real-time
Real-time Maps

Optimize flow management


by adjusting settings:
ip|engines, QoS profiles,
User subnets and UCs

X
ip|engines
X
QoS profiles
User Class
User Subnets
X

Modify aggregation rules:


TOS
TOS
Applications
Applications

Modify coloring policies


characteristics

Coloring

Modify the attached WAN


access

WAN access

X
X

Create, modify, delete LTLs


LTL
Modify the session
dynamically

X
Update
X

Stop the session


Service activation, ip|engines: off

4-28

Ipanema Technologies

June 2009

Configuring services

Operations to be
performed

Commands

ip|
true

ip|
fast

(1)

ip|coop service: virtual cooperation


Enable ip|coop for all
ip|engines

Service activation, ip|coop: on

Disable ip|coop for all


ip|engines

Service activation, ip|coop: off

X
X

Start a session

Service activation, ip|engines: on


Analyze links with virtual
ip|engines

Link supervision

Analyze real-time flows for


virtual ip|engines

Real-time

X
Real-time Maps
X

Modify the session


dynamically

Update
X

Stop the session


Service activation, ip|engine: off
Operations to be
performed

Commands

ip|
true

ip|
fast

(1)

ip|xcomp service: compression


Enable ip|xcomp for all
ip|engines

Service activation, ip|xomp: on

Disable ip|xcomp for all


ip|engines

Service activation, ip|xcomp: off

X
X

Start a session

Service activation, ip|engines: on


Analyze compressed links

X
Link supervision

Analyze real-time
compressed flows

X
Real-time
Real-time Maps

Management by adjusting
compression settings: User
Class

User Class

Management by adjusting
compression direction
settings: ip|engines

ip|engines

Modify the session


dynamically

X
Update
X

Stop the session


Service activation, ip|engines: off

June 2009

Ipanema Technologies

4-29

Ipanema System

Operations to be
performed

Commands

ip|
true

ip|
fast

(1)

ip|xtcp service: TCP acceleration


Enable ip|xtcp for all
ip|engines

Service activation, ip|xtcp: on

Disable ip|xtcp for all


ip|engines

Service activation, ip|xtcp: off

X
X

Start a session

Service activation, ip|engines: on


Analyze accelerated links

X
Link supervision

Analyze real-time
accelerated flows

X
Real-time
Real-time Maps

Management by adjusting
acceleration settings: User
Class

User Class

Management by adjusting
acceleration settings:
ip|engines

ip|engines

Modify the session


dynamically

X
Update
X

Stop the session


Service activation, ip|engines: off

4-30

Ipanema Technologies

June 2009

Configuring services

Operations to be
performed

Commands

ip|
true

ip|
fast

(1)

ip|xapp service: application acceleration


Enable ip|xapp for all
ip|engines

Service activation, ip|xapp: on

Disable ip|xapp for all


ip|engines

Service activation, ip|xapp: off

X
X

Start a session

Service activation, ip|engines: on


Analyze accelerated links

X
Link supervision

Analyze real-time
accelerated flows

X
Real-time
Real-time Maps

Management by adjusting
acceleration settings:
ip|engines
Modify the session
dynamically

ip|engines
X
Update
X

Stop the session


Service activation, ip|engines: off

June 2009

Ipanema Technologies

4-31

Ipanema System

Operations to be
performed

Commands

ip|
true

ip|
fast

(1)

smart|path service
Start a session
Service activation, ip|engines: on
Management by adjusting
smart path settings: User
Class

User Class

Management by adjusting
smart path settings: WAN
access

WAN access

Management by adjusting
smart path settings:
ip|engines

ip|engines

Management by adjusting
smart path advanced
parameters: Tools

Tools

Modify the session


dynamically

X
Update
X

Stop the session


Service activation, ip|engines: off

Operations to be
performed

Commands

ip|
true

ip|
fast

(1)

smart|plan service
Enable smart|plan for all
ip|engines

Service activation, smart|plan: on

Disable smart|plan for all


ip|engines

Service activation, smart|plan: off

X
X

Start a session

Service activation, ip|engines: on


Modify the session
dynamically

X
Update
X

Stop the session


Service activation, ip|engines: off

4-32

Ipanema Technologies

June 2009

Configuring services

Operations to be
performed

Commands

ip|
true

ip|
fast

(1)

Commands

ip|
true

ip| fast

(1)

Domain creation

ip|sync service: Synchronization


Synchronization
ip|sync
Modify the session
dynamically

Operations to be
performed

Update

ip|reporter: reporting
Define InfoVista server
settings
Define automatic reporting
Automatic reporting
Define Metaview settings
Metaview
Define reports
ip|reporter

June 2009

Ipanema Technologies

4-33

Ipanema System

Operations to be
performed

Commands

ip|
true

ip| fast

(1)

ip|boss: management
Supervision management
settings (mail, SNMP trap)

Options

Log window
Log
Create/Delete users
Users
User password modification
Login
Security configuration
Security
Certificate generation tab enerate the
keys and the certificates
Configuration tab hoose the encryption
algorithm
ip|engine status
ip|engine status
ip|engine status map
Security status
Tools, Status tab: displays the
security status of ip|engines
Discovering of applications,
subnets.....

Discovery

Send results of script to


Ipanema support

Tools, Script tab

Upgrade ip|engines
software

Tools, Software Upgrade tab

Reboot ip|engines
Tools, Reboot tab
Quit the application
File/Exit

4-34

Ipanema Technologies

June 2009

Configuring services

4. 7. CHANGE DOMAIN OR CHECK THE DOMAINS STATUS


Operating procedure table
In the Toolbar, select
Domain to change Domain or check the status of all the Domains you
have an access to at a glance.
The Domain button is displayed only if you have an access to several Domains.

Domain window

To change Domain, click on the corresponding Domains line and click on the Connect Domain
.
button
The name of the selected Domain appears in the status zone:

Status zone

The colors of the lines show the global status of the Domains:
A blank line is either a fully operational Domain (all activated functions run normally) or
a deactivated Domain (the ip|engines have not been enabled globally).
An orange line is a Domain with some down status (but not all).
A red line shows a Domain with all status down.
When selected, a line turns blue, whatever the Domains status (and the lines previous
color).

For each Domain, a synthesis of the status of the ip|engines, measurement (ip|true),
optimization (ip|fast), compression and decompression (ip|xcomp), TCP acceleration
(ip|xtcp), application acceleration (ip|xapp) and synchronization (ip|sync) is displayed, as
well as the total throughput on the Domain and the total number of active flows.

June 2009

Ipanema Technologies

4-35

Ipanema System

4. 8. CREATE, OPEN, SAVE A CONFIGURATION


4. 8. 1. Create a new configuration
Operating procedure table
The name of the configuration file is fixed. This file is in the directory
~\salsa\ipboss\server\domains\<Domain_name>\config
and
its
name
is
__active__.ipmconf (double underscore before and after). It contains all the
configuration parameters of the Domain. During the start and the update, this file is
sent to the ip|engines.
To create a new configuration file from the default parameters, you must:

Stop the current configuration with the ip|boss client (GUI)


Quit the ip|boss client (GUI)
Stop ip|boss services in Windows control panel
In the directory ~\salsa\ipboss\server\domains\<Domain_name>\config, copy the file
__new__.ipmconf then name it __active__.ipmconf
Start ip|boss services in Windows control panel
Start the ip|boss client (GUI) and create your configuration for the Domain

4. 8. 2. Open a configuration
Operating procedure table
The name of the configuration file is fixed. This file is in the directory
~\salsa\ipboss\server\domains\<Domain_name>\config
and
its
name
is
__active__.ipmconf. It contains all the configurations parameters of the Domain.
During the start and the update, this file is sent to the ip|engines.
To work with an existing configuration file, you must:

Stop the current configuration with the ip|boss client


Quit the ip|boss client
Stop ip|boss services in Windows control panel
Copy your file <my_domain>.ipmconf and rename it __active__.ipmconf in the directory
~\ipboss\server\domains\<Domain_name>\config
Start ip|boss services in Windows control panel
Start the ip|boss client then start the session

4. 8. 3. Save a configuration
Operating procedure table
The configuration file of the Domain __active__.ipmconf which is stored in the directory
~\salsa\ipboss\server\domains\<Domain_Name>\config is automatically applied and saved
on the following actions:

ip|engines activation (Service activation, ip|engines: on),

Update/Save
In case of necessity (for backup), you should make the backup of this file from your
server to the media of your choice (do not backup the file while an update is pending
on the ip|engines).

Important reminder it is advisable to backup your configuration file in a different directory than
that used for installation in order to avoid deleting files during subsequent install.

4-36

Ipanema Technologies

June 2009

Configuring services

4. 8. 4. Undo a configuration modification


Operating procedure table
The 50 last configuration modifications can be undone by clicking on

By choosing a configuration in the Undo table and clicking on


to the selected one is restored.

Undo in the Toolbar.


, the configuration previous

Undo table

If a modification has been carried out by another user in the interval, undo will not
operate.

June 2009

Ipanema Technologies

4-37

Ipanema System

4. 9. SYSTEM PROVISIONING
4. 9. 1. Configuring Coloring
Operating procedure table: settings, ip|fast service
The Coloring Policy is used with optimization. It is the capability to modify the TOS or DiffServ field
in the IP header with a new value according to the type and criticality of the packet.
The mode used is Color-Blind (in this mode, all packets are treated as if they were uncolored:
they are marked according to the selected coloring rule, regardless of their initial color).
ip|fast must be enabled.

In the System provisioning Toolbar, select

Coloring:

The Coloring window is displayed.

Coloring list window

By clicking on the New button

, the creation window of a new coloring rule is displayed.

Coloring rule creation window (unspecified by default)

4-38

Ipanema Technologies

June 2009

Configuring services

Coloring directory with TOS selection

Coloring directory with DiffServ selection

June 2009

Ipanema Technologies

4-39

Ipanema System

This window defines the coloring policies to apply at the access to WAN (you can create as many
Colorings as you want). The coloring parameters specify the type of service, the TOS or DSCP
values function of the traffic type and criticality level. It comprises:

input fields:
Name: to identify the coloring policy (string of characters). By default , the name none is
defined associated with an unspecified service type. The name is used to identify the
Coloring policy,
Service type: to select the type of coloring policy to set-up. The service is selected from
a drop-down list. The values offered are:
TOS: the TOS field of the frame is set to the value specified by the Code point
setting. It then contains the value of the IP PRECEDENCE and the TOS specified
for the Class of Service,
DiffServ: "Differentiated Service" type service. The TOS field of the frame is
set at the value specified by the PHB Group (DSCP) setting, in accordance
with RFC 2474 (definition of the Differentiated Services Fields (DS Field) in the
IPv4 and IPv6 headers), RFC 2597 (Assured Forwarding PHB group), RFC 2598
(Express Forwarding PHB group)
unspecified: not specified,

a Coloring zone: to define or modify the coloring for type of Traffic and Criticality level:
PHB Group (DSCP): when DiffServ is the Service Type selected, the value for each
peer (type of Traffic and criticality level) is selected with drop-down list,
Precedence/TOS (b0b7): when ToS is the Service Type selected,

a display zone in the form of a table corresponding to the data previously entered.

Type of traffic & Criticality level


Type of traffic
Real time

Service type

PHB
group

DSCP
value

TOS value

Top

Express
Forwarding

EF

101110

EF

101110

Medium

EF

101110

Low

EF

101110

AF11

001010

AF12

001100

Medium

AF21

010010

Low

AF22

010100

BE

000000

High

BE

000000

Medium

BE

000000

Low

BE

000000

Top
High

Background

ToS default
setting

Criticality
level
High

Transactional

DiffServ default setting

Top

Assured
Forwarding

Best Effort

Configuration: DiffServ and TOS default setting


By default, the coloring is named none and the Service Type is unspecified.
The entered values should correspond with the Class of Service of the Operator.

4-40

Ipanema Technologies

June 2009

Configuring services

Coloring rules can also be created by importing them from a configuration file. Refer to
section Importing objects.

June 2009

Ipanema Technologies

4-41

Ipanema System

4. 9. 2. Configuring WAN Accesses


Operating procedure table: settings, ip|fast service , smart|path service .
The WAN access describes the WAN line(s) connected to the CPE on the WAN side of an
ip|engine.
In the System provisioning Toolbar, select

WAN access:

The WAN access window is displayed.

The WAN access list window

By clicking on the New button

, the creation window of a new WAN access is displayed.

The WAN access window


This window contains the following input fields:

Name: character string used to identify the WAN access.


The bandwidth of the WAN access is an important factor for optimization. It is
therefore advisable to mention it in its name (e.g.: ADSL 2048).

4-42

Ingress (LAN to WAN) max Bandwidth: maximum ingress throughput allocated at the WAN
interface of the CPE (in kbps),
Ingress (LAN to WAN) min Bandwidth: minimum ingress throughput that the tracking function
(see below) can track down (in kbps); if no value is entered, it will be set to 0,
Egress (WAN to LAN) max Bandwidth: maximum egress throughput allocated at the WAN
interface of the CPE (in kbps),
Egress (WAN to LAN) min Bandwidth: minimum egress throughput that the tracking function
(see below) can track down (in kbps); if no value is entered, it will be set to 0,
Coloring: selection, from a drop-down list, of the Coloring policy created in the Coloring
directory, to be applied. If there is no specific coloring (LS, Best effort), select "none". The
default display is none.

Ipanema Technologies

June 2009

Configuring services

Trust level: Routine or Business: in case of smart|path, defines which type of traffic is allowed
to go through the Network Access Point (Routine and Business sensitivity levels are also defined
for each User class, where they are used in the path decision to route traffic to a NAP with at
least the same Trust Level).
Report key: this field is optional. A report key field is used for ip|export, SNMP and
ip|reporter and allows to define regrouping of WAN accesses. A WAN access belongs to
only one regrouping.
For example, this field can be used to gather WAN accesses according to:
the type of network (all WAN accesses to an MPLS backbone, all WAN accesses to
the Internet, etc.)
the type of access line (all WAN accesses with an access line at 64 kbps, 128 kbps, ....)

June 2009

Ipanema Technologies

4-43

Ipanema System

Bandwidth tracking
Congestion detection is key to know when and where to manage flows. Network available capacity
may also vary in time. Bandwidth Tracking learns the available network capacity:

Bandwidth Tracking
Bandwidth tracking principles:

One independent BW tracker per potential congestion point.


Fast increase (real time), slow decrease (20 seconds steps; for example, it takes approximately
5 minutes to detect an HSRP switch from a 2 Mbps line to a 1 Mbps backup line).
Inputs:
Always: Usage profile (throughput) at potential congestion points.
When available: end-to-end QoS (delay, jitter, loss).

Output:
Available bandwidth for each potential congestion point.

4-44

Ipanema Technologies

June 2009

Configuring services

ip|engines manage three potential congestion points between any pair of sites:

Potential congestion points between any pair of sites


Bandwidth tracking activation:

By setting a minimum bandwidth lower than the maximum bandwidth, the tracking function will
detect the actual value of the bandwidth between those two values:

Bandwidth tracking activated (between 1000 and 2000 kbps)

By setting a minimum bandwidth equal to the maximum bw, the tracking function will not trigger:

Bandwidth tracking deactivated (constant bandwidth of 2000 kbps)

WAN accesses can also be created by importing them from a configuration file. Refer
to section Importing objects.

June 2009

Ipanema Technologies

4-45

Ipanema System

4. 9. 3. Configuring ip|engines
Operating procedure table, ip|fast service, ip|xcomp service, ip|xtcp service, ip|xapp service,
smart|path service.
In the System provisioning Toolbar, select
displayed:

ip|engines. The ip|engines list window is

ip|engines list window

By clicking on the New button

, the creation window of a new ip|engine is displayed:

ip|engine creation window

The number of virtual and physical ip|engines which can be created are limited by the
license. This number is displayed in the About window.
ip|engines can also be created by importing them from a configuration file. Refer to
section Importing objects.

4-46

Ipanema Technologies

June 2009

Configuring services

The creation window of a new ip|engine contains two tabs:

the General tab is made of three frames: General, WAN Access and Services.
the Advanced tab is made of two frames: Compression type and Navigation.

General tab
1. The General frame contains the following input fields and click boxes:

General frame

Name: character string used to identify the ip|engine (50 alphanumeric characters max),
Main public IP address (mandatory): IP address of the ip|engine visible by ip|boss server for
management purposes (configuration, collection of the correlation records, supervision),
Main private IP address (option if only the Main public address is declared, then the Main
private address is automatically allocated the same value): IP address of the ip|engine as it
has been locally configured (with the ipconfig command).
- In most cases (VPN, flat addressing, ...) only the Main public address is needed.
- In case of NAT, the two addresses must be different.

According to the MGT port being used or not, the Main addresses can be allocated to either the
LAN-to-WAN bridge (if the MGT port is not used in band management), or to the MGT port, if
used (out of band management):

In band mgt: Main IP address allocated to the LAN-to-WAN bridge

June 2009

Ipanema Technologies

4-47

Ipanema System

Out of band mgt: Main IP address allocated to the MGT port

IP addresses are not mandatory for a virtual ip|engine.

Auxiliary public IP address (mandatory when the MGT port is used; must not be declared
otherwise): IP address of the ip|engine visible by other ip|engines for measurement (ip|true),
optimization (ip|fast), compression (ip|xcomp, signalling + tunnel), TCP acceleration (ip|xtcp),
application acceleration (ip|xapp) and synchronization (ITP/NTP) purposes; it allows for out of
band management (using the Main address) but in band inter-ip|engines messages (using the
Auxiliary address),
Auxiliary private IP address (option if only the Aux. public address is declared, then the
Aux. private address is automatically allocated the same value): IP address of the ip|engine as
it has been locally configured (with the ipconfig command) for the LAN-to-WAN bridge.

The Auxiliary addresses are allocated to the LAN-to-WAN bridge, when the MGT port is used (in
this case, the Main addresses are allocated to the MGT port). Refer to the second diagram above.
If no Auxiliary address is declared, the inter-ip|engines messages use the Main
address.
- In most cases (VPN, flat addressing, ...) only the Auxiliary public address is needed.
- In case of NAT, the two addresses must be different.

Report key: this field is optional. A report key field is used for ip|export, SNMP and ip|reporter
and allows to define regrouping of ip|engines. An ip|engine belongs to only one regrouping.
For example, this field can be used to gather ip|engines according to:
a geographical criteria (all ip|engines in Europe, North America, Asia, Africa...).
the type of access line (all ip|engines with an access line at 64 kbps, 128 kbps, ....)

4-48

Auto-reporting: to allow (yes) or not (no) the reports created with the Automatic reporting
function to be added for this ip|engine. Refer to the Automatic reporting section.
Type: physical or virtual ip|engine. If the selected ip|engine is virtual, it is characterized by an
alias and an IP address; if no IP address is defined ip|boss randomizes a virtual IP address
with a 240.x.x.x prefix.

Ipanema Technologies

June 2009

Configuring services

2. The WAN Access frame allows to configure the WAN access(es) on the Network Access
Point(s); it contains the following input fields:

WAN Access frame

Path Selection: when enabled (TOS clicked), allows to configure up to three WAN accesses
(if there are several NAPs on the site and if the smart|path feature is allowed in the license). It
is Disabled by default (one WAN access on one NAP only); optimize must be checked in the
Services frame to enable it.
WAN access 1: name of the NAPs WAN access (mandatory)

When the TOS click box is checked (optimize must be clicked in the Services frame first), the
WAN Access frame contains the following input fields after Path Selection:

WAN Access frame with the TOS click box checked

WAN access 1: name of the first NAPs WAN access (mandatory).


Marking value 1: allows to mark the packets that are to be sent on WAN access 1 with this
value, which can be chosen from a drop down list (xxxx01xx, xxxx10xx or xxxx11xx); the CPE
router has to be configured with the corresponding PBR rules, to route the packets accordingly.
WAN access 2 and Marking value 2: the same for the second WAN access.
WAN access 3 and Marking value 3: the same for a third WAN access, if used (the second
WAN access must be configured first).
The bandwidth is an important factor for optimization: make sure the WAN access(es)
is (are) correctly defined.

June 2009

Ipanema Technologies

4-49

Ipanema System

3. The Services frame allows to define the ip|engines capabilities. It contains the following click
boxes:

Services frame

Administrative State: measurement service (ip|true) selection:


enable: ip|engine activated,
disable: ip|engine deactivated.

ip|fast: optimization service selection, if checked;


optimization will be running only if ip|fast service is activated from the Service activation
window;
this service is also available for virtual ip|engines.

ip|xcomp compress: compression service selection, if checked;


ip|xcomp decompress: decompression service selection, if checked;
For both compression and decompression services:
ip|fast must be checked first;
(de)compression will be running only if ip|xcomp service is activated from the Service
activation window;
this service is not available for virtual ip|engines.

ip|xtcp: TCP acceleration service selection, if checked;


ip|fast must be checked first;
TCP acceleration will be running only if ip|xtcp service is activated from the Service
activation window;
this service is not available for virtual ip|engines.

ip|xapp: application acceleration service selection, if checked;


ip|fast must be checked first;
application acceleration will be running only if ip|xapp service is activated from the
Service activation window;
this service is not available for virtual ip|engines.

smart|plan: Smart Planning service selection, if checked);


ip|fast must be checked first;
Smart Planning reports will be running only if smart|plan service is activated from the
Service activation window;
this service is not available for virtual ip|engines.

4-50

Ipanema Technologies

June 2009

Configuring services

Advanced tab

ip|engine creation window, Advanced tab


1. The Compression type frame contains two click boxes:

Compression type frame

RAM: RAM-based compression is enabled.


Disk: Disk-based compression is enabled.

By default, both types of compression are enabled (when compress is checked in the Services
frame in the General tab).
We do not recommand to change the default settings without advice from the Ipanema
Support.

June 2009

Ipanema Technologies

4-51

Ipanema System

2. The Navigation frame contains two fields:

Navigation frame

Folder name for level 1,


Folder name for level 2.

These two fields allow to navigate in the reports (in ip|reporter) in different ways:

The first browsing method does not use these two fields: by selecting Folders in the drop-down
list in ip|reporters main window, you can access the reports with the following file system tree
(4 hierarchical levels):
<Domain> / <type of MetaView> / <MetaView> / <time level, public/private>

ip|reporters Folders file system tree

The second browsing method allows to navigate in the sites reports with two additional
hierarchical levels, defined by these two fields: by selecting Navigation in the drop-down list
in ip|reporters main window, you can access the sites reports with the following file system
tree (6 hierarchical levels):
<Domain> / Navigation / <Folder name for level 1> / <Folder name for level 2> /
<MetaView> / <time level, public/private>
(the <type of MetaView> level disappears, as this method is valid to access the sites reports
only).
This method is very helpful on larges networks, with hundreds or thousands of sites.
In the example below, Folder name for level 1 was used to group sites per continents, and
Folder name for level 2 was used to group sites per countries. The ip|engines created without
filling those fields are grouped under the Unknown folder name:

4-52

Ipanema Technologies

June 2009

Configuring services

ip|reporters Navigation file system tree

June 2009

Ipanema Technologies

4-53

Ipanema System

4. 9. 4. Configuring Topology subnets


Operating procedure table: settings,ip|true service
This directory is mainly dedicated to the measurement, in order to describe the network topology.
In the System provisioning Toolbar, select

Topology Subnets:

The Topology Subnets list window is displayed.

Topology Subnets list window

The Topology subnets are used by the ip|engines to classify, measure and optimize
the traffic peer to peer. These subnets match the IP subnets of the sites where the
ip|engines are installed. All of them must be declared (in the example above, two
Topology subnets are declared on the Datacenter, 10.2.1.0/24 and 10.2.4.0/24). Use
the Discovery agent and the SA Site throughput report to check if no one is missing.
The traffic from/to a Topology subnet is described as coming from/to the User subnet
Other. To report it with a specific name, see the User subnet paragraph.

By clicking on the New button

, the creation window of a new Topology subnet is displayed.

Configuring measured Topology subnets

4-54

Ipanema Technologies

June 2009

Configuring services

It contains the following input fields:

Name: string of characters used to identify the Topology subnet,


Network prefix: Topology subnet prefix,
Prefix length: length of the prefix of the Topology subnet,
Associated ip|engines: defines the ip|engines for this subnet. Selection is from the list on the
left, the window on the right displays the selected ip|engines. Two command icons allow to add
(

) or remove (

) associated ip|engines from the list (all ip|engines can be added or

removed with
and
buttons).
Several physical ip|engines can be associated to a same subnet in case of clustering. The
clustering function defines the subnet partition for several ip|engines (for example Central site
with backup routers). At a time, a session belongs to only one ip|engine of the cluster.
Cluster solution works with a Hot Standby Router, load sharing per session but not
load sharing per packet.

Clustering
Clustering configuration:
Subnets

Associated ip|engines

This diagram

VLAN 1, VLAN 2, Subnet_LAN

ip|e A, ip|e B

Topology Subnets list window


above

LAN_HQ

HQ1, HQ2

Administrative state:
Enable: Topology subnet taken into account,
Disable: Topology subnet not taken into account.
The ip|engines associated with a Topology subnet must be upstream from the data
flows of this subnet.
Topology subnets can also be created by importing them from a configuration file. Refer
to section Importing objects.

June 2009

Ipanema Technologies

4-55

Ipanema System

4. 9. 5. Configuring ip|sync (time synchronization)


Operating procedure table: ip|sync service
ip|sync is used for the time synchronization of the ip|engines through the network, and time
synchronization is used for delays measurements. An ip|engine is synchronized when the offset
with its source is less than 10 ms (by default; this value can be changed).
Time synchronization uses three levels:

A Time server, which can be an external clock reference (NTP) or an ip|engine of the Domain,
is used as the main synchronization source,
Synchronization servers, which are ip|engines of the Domain (use several for redundancy
reasons), get their synchronization from the Time server and propagate it to all the other
ip|engines of the Domain,
All other ip|engines of the Domain get their synchronization from the Synchronization servers
(without any out of Domain connection).

This architecture allows GPS-less Domains, out of Domain synchronization and short term no
time function (a Domain can be disconnected from its Time server, the Synchronization servers
will remain synchronized to each other, thus making higher resiliency).

Time servers

can be either ip|engines (with or without GPS), ip|boss or External NTP servers,
must be delivering a consistent time between each other,
if an ip|engine is a Time Server, it will use its local ITP configuration (GPS, local or an external
source).
if a Time server is an external NTP server, the ITP port must be tuned to 123 (Sentry
Tuning section in the __active__.ipmconf ip|boss configuration file).

Synchronization servers

must be Domain ip|engines,


will not use their local reference (even if a GPS receiver is connected),
share their clocks with their peers (all other synchronization servers).
An ip|engine can be declared as both a time server and a synchronization server.

4-56

Ipanema Technologies

June 2009

Configuring services

Configuration
In the System provisioning Toolbar, select

ip|sync:

The Time and Synchronization servers window is displayed.

Time and Synchronization servers window


This window is made of two frames:

The Time server directory gives the list of all ITP servers. It includes:
a Server field: allows to enter the IP address of a time server (several ones can be
declared).
an ip|engine field: allows to select an ip|engine as a time server (select only one).
Declare a Server or an ip|engine.
the zone on the right displays the selected time servers for the Domain.

The Synchronization server directory gives the list of all ip|engines that can be used as ITP
servers. It includes:
an ip|engine field: allows to select ip|engines as ITP servers (choose two or three, for
redundancy reasons). They do not need GPS antennas.
the zone on the right displays the selected ITP servers for the Domain.

June 2009

Ipanema Technologies

4-57

Ipanema System

4. 9. 6. Importing objects
The following objects can be created by importing them from a configuration file: Coloring rules,
WAN accesses, ip|engines and Topology subnets.
As the procedure is the same for all those objects, we will consider one case only.
An existing configuration file in raw format (.res) can be imported:

In the Coloring rules window, the WAN accesses window, the ip|engines window or the

or select the File menu, then Import:


Topology subnets window, select the Import icon
In the Import window, select the field(s) to be imported and the file path and name, then click
on Ok.

Import window

To import a file, its first line must be the description of the fields. This line is present
if the file was made with an export:

Exported file (the first line wrapped in the example is the description of the fields)

In the Import window that opens, click on Import all, or select the objects to import then click
on Import selection.

Import window

4-58

Ipanema Technologies

June 2009

Configuring services

A message tells you how many objects could be successfully imported; click on Ok.

Click on Ok in the Import window to commit the changes.


A message tells you how many objects could be successfully committed, and the imported
objects are added to the existing ones. Click on Ok.

If the Import file contains an object that already exists (same name), it will update it; an
update icon warns you:

If objects could not be created (already existing IP address for an ip|engine, for
example), an error message warns you:

June 2009

Ipanema Technologies

4-59

Ipanema System

4. 9. 7. Tools
The System provisioning Toolbar provides a

Tools menu, with five functions.

Tools
They are described in the following sections:

4-60

Software upgrade:
2.8.2. (INSTALLATION / ip|engines / Upgrading ip|engines software).
Reboot:
5.3.1. (SUPERVISION / SYSTEM PROVISIONING: TOOLS / Rebooting).
Scripts:
5.3.2. (SUPERVISION / SYSTEM PROVISIONING: TOOLS / Scripts).
Security status:
5.2.5. (SUPERVISION / SUPERVISION / Security).
Advanced configuration:
4.9.8. (CONFIGURING SERVICES / SYSTEM PROVISIONING / Configuring smart|path).

Ipanema Technologies

June 2009

Configuring services

4. 9. 8. Configuring smart|path (Tools / Advanced conf.)


Operating procedure table: smart|path
smart|path fully supports asymmetric routing. Path selection is based packet per packet, so a
single session can use several Ingress WAN accesses and several Egress WAN accesses. Yet,
there can be constrains (e.g. stateful firewalls) to:

always use the same Ingress WAN access,


always use the same Egress WAN access as Ingress WAN access (remote sites).

Tools, then the Advanced configuration tab.


In the System provisioning Toolbar, select
The smart|path advanced configuration window is displayed:

smart|path advanced configuration window


It contains three parameters:

Sticky choice:

- per packet:

decision is made packet per packet (different packets


from a single session can use different paths).

- per session
(default
value):

always use the same Ingress WAN access (all


following packets of the same session will re-use the
initially chosen WAN access)

Slave return:

- no:

both half-connections are independent (from


smart|path perspective) and can use different WAN
accesses.

- yes
(default
value):

always use the same Egress WAN access as


Ingress: Ingress half-connection (SYN+ACK) will
use the observed WAN access for the peer Egress
half-connection (SYN).

June 2009

Ipanema Technologies

4-61

Ipanema System

Sensitivity policiy: matching User classes sensitivities with WAN accesses Trust Levels
depends on a policy which can be changed here.
This parameter can be overwritten for each User class, thanks to the User class
configuration windows Advanced tab.

Sensitivity policies allows to choose between four policies:


- Preferred
(default
value):

- Strict:

- Protected:

- Ordered:

4-62

a Business UC will be sent on a Business


WAN access, and
a Routine UC will be sent on a Routine WAN
access preferably...
... except when connectivity is down or when
Qos/BW criteria cannot be met;
there is a decision threshold based on
QoS/BW evaluation.
a Business UC will be sent on a Business
WAN access, and
a Routine UC will be sent on a Routine WAN
access (always);
there is no possible backup.
a Business UC will be sent on a Business
WAN access preferably, but it may fall back
on a Routine WAN access if other criteria are
not met;
a Routine UC will be sent on a Routine WAN
access (always);
this is a way to protect Business traffic.
a Routine UC will be sent on a Routine or on
a Business WAN access, according to which
is the best;
the WAN access must offer at least the same
trust level than required in the UC (a Business UC cannot be sent on a Routine WAN
access).

Ipanema Technologies

June 2009

Configuring services

4. 10. APPLICATION PROVISIONING


4. 10. 1. Configuring User subnets
Operating procedure table: settings, ip|true service, ip|fast service
This directory can be used also for the measurement and optimization, in order to measure and/or
optimize some specific subnets or Hosts.
Create User subnets only in case of specific subnets or Hosts.

The User Subnets are used by the system for services configuration (ip|true, ip|fast and
ip|reporter). These user subnets identify hosts, servers or subnets on which measure,
optimization or reporting is requested by the system. These user subnets are used in the
application, User class and metaview definitions.
In the Application provisioning Toolbar, select

User subnets:

The User subnets list window is displayed (it is empty by default).


By clicking on the New button

, the creation window of a new user subnet is displayed.

Configuring User subnets


It contains the following input fields and check boxes:

Name: string of characters used to identify the user subnet,


Network prefix: user subnet prefix,
Prefix length: length of the prefix of the user subnet,
Administrative state:
Enable: user subnet taken into account,
Disable: user subnet not taken into account,

June 2009

Ipanema Technologies

4-63

Ipanema System

4. 10. 2. Configuring Types of service (TOS)


Operating procedure table: settings, ip|true service, ip|fast service
TOSs can be added to, removed from or modified in this dictionary. This dictionary is useful only
when the packets are colored by the source (IP-Phone for instance).
This dictionary can be used for the measurement ip|true and the optimization ip|fast.
In the Application provisioning Toolbar, select

TOS:

The Types Of Service window is displayed (it is empty by default).


By clicking on the New button

, the creation window of a new TOS is displayed.

Configuring TOS
TOS that are not explicitly named in the dictionary are implicitly grouped into the Other category.
The TOS window contains the following input fields and click boxes:

Name: to identify a specific TOS value (string of characters),


Mode: to select TOS field mode of use:
TOS: specifies the Type of Service,
DSCP: specifies the "Code point" for a DiffServ type of service,

According to the selected mode (TOS or DSCP):


TOS/CP: 8 bits field, value: 0, 1, X (dont care),
DSCP: 6 bits field, value: 0, 1, X (dont care).

4-64

Ipanema Technologies

June 2009

Configuring services

4. 10. 3. Configuring Applications


Operating procedure table: settings, ip|true service , ip|fast service
A default applications dictionary is available for each configuration. Applications can be added to,
removed from or modified in this dictionary.
This dictionary is used by the ip|true and ip|fast functions.
In the Application provisioning Toolbar, select

Applications:

The applications window is displayed.

Applications window
This window is made of two frames:

The recognized protocols are displayed on the left


The Applications dictionary is displayed on the right.

The Applications dictionary specifies the applications that are recognized.

June 2009

Ipanema Technologies

4-65

Ipanema System

4. 10. 3. 1. Application recognition


Ipanema System recognizes the application flows ever since the ip|engine has seen the open
packets of the Client / Server session and the response. In case not, it will turn down on RFC 1700
("well known" ports).
The order of recognition is the following:

1. declared port,
2. syntax engine,
3. well-known port (RFC 1700).

Applications that are not recognized or enabled in the dictionary are implicitly grouped on the lower
layer protocol (e.g. TCP or UDP).

4. 10. 3. 2. Applications recognized by the syntax engine


A

B
C

F
G

4-66

AIM

= AOL Instant Messenger

AOL Instant Messenger

Audiogalaxy

BGP

Border Gateway Protocol

Bittorrent

Citrix

and Citrix published applications

Corba

= GIOP

COTP

Connection Oriented Transfer Protocol (ISO)

CUPS

Common Unix Printer System

DCERPC

Distributed Computing Environment Remote Procedure Call

DHCP

Dynamic Host Configuration Protocol

DICT

Dictionary Server Protocol

DirectConnect

DNS

Domain Name Service

Edonkey

EIGRP

Enhanced Interior Gateway Routing Protocol

End Point Mapper

Exchange

= MAPI

FTP

File Transfer Protocol

FTPS

Secure FTP

G711a

audio/PCMA; RTP/RTCP attribute

G711u

audio/PCMU; RTP/RTCP attribute

G723

audio/G723; RTP/RTCP attribute

G729

audio/G729; RTP/RTCP attribute

GIOP

General Inter-ORB Protocol (Corba)

Gnutella

GoBoogy

GRE

Generic Routing Encapsulation

Ipanema Technologies

June 2009

Configuring services

J
K
L

GTP

GPRS Tunneling Protocol

H225

HSRP

Cisco Hot Standby Router Protocol

HTTP

HyperText Transfer Protocol

HTTPS

Secure HTTP

ICMP

Internet Control Message Protocol

ICQ

I seek you

Identification protocol

IGMP

Internet Group Management Protocol

IMAP

Internet Message Access Protocol v4

IMAPS

Secure IMAP

IPP

Internet Printing Protocol

IPSec

IP Secure

IRC

Internet Relay Chat

IRCS

Secure IRC

ISAKMP

Internet Security Association and Key Management Protocol

Jabber

JetDirect

Kazaa

Kerberos

L2TP

Level 2 Tunneling Protocol

LDAP

Lighweight Directory Access Protocol

LDAPS

Secure LDAP

LoadBalancing

Lotus Notes

LPR

Line Printer Daemon

MAPI

MS Exchange Mail API

MCS

Multipoint Communication Service

MGCP

Media Gateway Control Protocol

MMS

Microsoft Multimedia Streaming

Mount

MS_SQL

= TDS

MS Exchange

= MAPI

MSN

MSN Messenger

Mute

MySQL

Napster

NARP

NBMA Address Resolution Protocol

June 2009

Ipanema Technologies

4-67

Ipanema System

Q
R

4-68

Netbios

NetFlow

Network Lock Manager

NFS

Network File System

NNTP

Network News Transport Protocol

NNTPS

Secure NNTP

NSPI

Name Service Provider Interface

NTP

Network Time Protocol

Open FT

Oracle - SQL Net

Transparent Network Service

OSPF

Open Short Path First

PCAnywhere

PIM

Protocol Independant Multicast

POP3

Post Office Protocol v3

POP3S

Secure POP3

PortMapper

Postgres

PPP

Point-to-Point Protocol

PPTP

Point-to-Point Tunneling Protocol

Printer_ipp

= IPP

Q931

Quake

(game)

RADIUS

Remote Authentication Dial-In User Service

RDP

Remote Desktop Protocol (Windows Terminal Server)

Remote Shell

RFB

Remote Frame Buffer (VNC)

RIP ng1, v1, v2

Routing Internet Protocol

RLogin

Remote Login

RLP

Resource Location Protocol

RPC

Remote Procedure Call

RQuota

RSH

= Remote Shell

RStat

RSVP

ReSerVation Protocol

RSync

Remote synchronous (file transfer)

RTP/RTCP

Real Time (Control) Protocol

RTSP

Real Time Streaming Protocol

RUsers

Ipanema Technologies

June 2009

Configuring services

SAP

SIP

Session Initiation Protocol

Skinny Client Control


Protocol

Skype

SLP

Service Location Protocol; = SrvLoc

SMB

Server Message Block (Windows File Server)

SMTP

Simple Mail Transfer Protocol

SMTPS

Secure SMTP

SNMP

Simple Network Management Protocol

SOAP

Simple Object Access Protocol

Socks

Sockets

Soulseek

SrvLoc

Service Location Protocol

SSDP

Simple Service Discovery Protocol

SSH

Secure Shell

SSL

Secure Socket Layer

Sync

Syslog

TCP

Transmission Control Protocol

TDS

Tabular Data Stream, or MS SQL

Telnet

TelnetS

Secure Telnet

TFTP

Trivial File Transfer Protocol

TNVIP

UCP

Universal Computer Protocol

UDP

User Datagram Protocol

URL

Uniform Resource Locator, as an HTTP attribute

VMWare

VNC

= RFB

VRRP

Virtual Router Redundancy Protocol

WINMX

X11

XOT

X25 over TCP

Yahoo Messenger

YPPasswd

Yellow Pages Password

YPServ

Yellow Pages Server

June 2009

Ipanema Technologies

4-69

Ipanema System

YPUpdate

Yellow Pages Update

Recognized applications in alphabetical order

Client/Server

Corba (GIOP), SOAP, Socks

Internet

ActiveX, FTP, IP, TCP, UDP, IRC, NNTP, SSH, SSL, TFTP, HTTP,
HTTPS, URL, Remote Shell, Socks

Security

IPSec, SSL, HTTPS, FTPS, NNTPS, LDAPS, TelnetS, IMAPS, IRCS,


POP3S, ISAKMP

ERP

SAP, Oracle

Database

MS SQL, My SQL, Postgres, Oracle

Directory Service

DHCP, DNS, Ident, Identification Protocol, Kerberos, RADIUS, LDAP

Messenger,
Groupware

IMAP, Lotus Notes, MS Exchange (MAPI), POP3, SMTP, LDAP,


Kerberos, NSPI

Network Service

Syslog, RPC, Yellow pages, Mount, rquota, rusers, DCERPC, rsync,


RLP, X.25 over TCP, SSDP, SrvLoc

Chat

AIM, Yahoo Messenger, MSN Messenger, IRC, Jabber

File server

Netbios, NFS, SMB

Terminal

Telnet, SSH, RSH, Rlogin, VNC (RFB), XWindows (X.11), VIP

Time

NTP

Game

Quake

Remote Client

Citrix, Citrix Published Applications, VNC (RFB), RDP, PC Anywhere,


VMWare, Rlogin

Peer to peer

Audiogalaxy, Bittorent, Directconnect, Edonkey, Gnutella, GoBoogy,


Kazaa, Mute, Napster, OpenFT, Soulseek

Tunneling

GRE, GTP, PPP, L2TP, PPTP

Audio/Video, VoIP

RTP/RTCP (G711a, G711u, G723, G729), RTSP, H.225, Q.931, SIP,


MGCP, MMS, Skype, Skinny Client Control Protocol, ICQ

Routing

RIP ng1, RIP v1, RIP v2, EIGRP, IGMP, PIM, OSPF, BGP, HSRP,
Load Balancing

Network Management

SNMP, RSVP, ICMP, Netflow

Printing

LPR, IPP, CUPS, JetDirect


Recognized applications per type

4-70

Ipanema Technologies

June 2009

Configuring services

4. 10. 3. 3. Creating new applications


New applications can be created, described by a protocol plus an attribute:

The system recognizes about 180 protocols (HTTP, ICMP, FTP, RTP/RTCP, H.225, SAP, Citrix,
Skype, VMWare....; refer to the comprehensive list in the tables above).
Attributes depend on protocols:
for HTTP: it is possible to distinguish the URL name (www.ipanematech.com for
example)

Syntax:
?

a unique character

any character string (included empty)

shortest word (non empty, separated by spaces)

longest word (non empty, separated by spaces)

separator in a list

Examples:
www.google.fr

any URL of the site

www.google.*

all google incarnations (.fr, .com, .de .... )

www.google.*/*.gif

all .gif documents in any page of any google

*/*.gif

all .gif documents in any page of any server

*/*
www.ipanematech.*/web_germany/*

well, everything (should better not use this attribute)


all German pages on our site

Specific cases:
host/*

"any" URI

host/

empty URI

*/full/uri

"any" HOST

/full/uri

empty HOST

for Citrix: it is possible to distinguish published applications (Word, Excel for example)
when the applications are not multiplexed on the same TCP session,
for RTP/RTCP: Codec type (choose from a drop-down list),
for TCP/UDP: port number, list of ports or range of ports, subnet or list of subnets
for others: no information is necessary.
Applications that are not explicitly named and enabled in the dictionary are implicitly grouped on
the lower layer protocol (e.g. TCP or UDP).

June 2009

Ipanema Technologies

4-71

Ipanema System

By clicking on the New button

, the creation window of a new application is displayed.

Creation of a standard application


The Application window contains the following input fields:

Name: character string used to identify the application,


Administrative State:
Enable: application taken into account,
Disable: application not taken into account,

Protocol: protocol is to choose from a drop list,


Attribute: depends on the protocol; this field is enabled or not and allows the access to a list
or free fields,
URL (for HTTP protocol): it is possible to distinguish the URL name

Creation of an HTTP application

Do not start the URL by http://.


You can put a URL like *.ipanematech.* (see above).
Application(s) (for Citrix Protocol): name of a published application,

4-72

Ipanema Technologies

June 2009

Configuring services

Creation of a citrix application


Codec (for RTP/RTCP Protocol): list of Codecs that can be selected to describe an
RTP/RTCP application.

Creation of an RTP/RTCP application


Port(s) (for TCP or UDP Protocol): port number as it will appear in the Server port
(source or destination) fields of TCP/UDP headers. This field can contain several values
and be filled in with a combination of values (; separator) and ranges (- separator) (for
TCP/UDP),

June 2009

Ipanema Technologies

4-73

Ipanema System

Creation of a TCP application

User Subnets filter: this optional parameter can be used to identify an application by the IP
address of a server or client, or list of servers or clients (ex: SAP). It is possible to choose the
server or client from a drop-down list of the User subnets, or directly:
User Subnets List: choose the user subnet or server in the drop-down list of user
subnets to be associated with the application,
Prefix/Length: set the subnet with the following notation X.X.X.X/Y where X.X.X.X is
the IP address and Y the length integer between 0 and 32; a list of IP addresses can be
configured (; separator).
C/S Side: specify if the application must be recognized on the server side or on the client
side.

Creation of an application dedicated to a list of servers

4-74

Ipanema Technologies

June 2009

Configuring services

4. 10. 3. 4. Order of recognition


When describing different applications using the same protocol (e.g. for HTTP: Intranet (=
intranet.company.com), Internet corporate (= *.company.com) and Internet (= the rest of http)),
place the specific application first (the Intranet, then Internet corporate in the example) and the
generic one after (the Internet), so that the specific one can be recognized as such. This ordering
is achieved thanks to the up and down arrows, on top of the protocol list (left frame).

Intranet , Internet corporate and Internet must be ordered in the Protocols frame...

... like this

June 2009

Ipanema Technologies

4-75

Ipanema System

4. 10. 4. Configuring QoS Profiles


Operating procedure table: settings, ip|true service , ip|fast service
This dictionary is used for the measurement (ip|true) and for the optimization (ip|fast).
In the Application provisioning Toolbar, select

QoS profiles:

The QoS Profiles list window is displayed.

QoS Profiles list window


The settings made in this window enable to define the QoS objectives. A QoS objective associated
with a User Class is used by the system to measure (ip|true) and optimize (ip|fast) the traffic
according to the application requirements.
By clicking on the New icon

, the creation window of a new QoS Profile is displayed.

QoS Profiles window

4-76

Ipanema Technologies

June 2009

Configuring services

This window contains the following input fields:

Name: to identify the QoS profile (character string),


Type: to characterize application flow type:
real-time: real-time flow (VoIP, video) sensible to delay, jitter and loss,
transactional: transactional flow (SAP, Telnet), sensible to delay,
background: other than those listed above,

Session B/W (kbps): to specify the bandwidth per session; the value is used by ip|fast,
Obj. (objective): nominal bandwidth per session.
The objective bandwidth per session is operational during the congestion
step.
Max. (maximum): maximum bandwidth allowed per session.
The maximum bandwidth per session is always operational (even without
congestion).
The maximum bandwidth per session cannot be more than 20 x session
B/W objective for any kind of traffic.

Delay (ms), Jitter (ms), Packet loss (%), SRT (server response time, ms), RTT (round trip
time, ms), TCP retrans. (%): to specify, for each flow, the Objective and Maximum values for
that QoS profile. These parameters are enabled or not by checking the click box or not,
These information can be used by the User Class reporting to control the QoS associated with
each User Class.
all values <

Obj.

< at least 1 value <

Max.

< at least 1 value

acceptable

Correct

unacceptable

Interpretation of Obj. and Max. criteria for Delay, Jitter, Loss, SRT, RTT and TCP retrans.
Name

Type

Session
BW
(kbps)

Delay
(ms)

Default

Bg

30-600

File transfer

Bg

Business

Jitter
(ms)

Packet
Loss
(%)

SRT
(ms)

RTT (ms)

TCP
retrans.
(%)

200-1000

1-10

0-0

400-2000

1-10

50-1000

500-1000

1-10

0-0

1000-2000

1-10

Tr

50-500

200-500

1-5

0-0

400-1000

1-5

Thin client

Tr

40-400

100-500

1-5

0-0

200-1000

1-5

Mail

Bg

50-1000

500-2000

1-10

0-0

1000-4000

1-10

Net services

Bg

20-200

100-500

1-10

0-0

200-1000

1-10

Web

Tr

40-400

200-1000

1-10

0-0

400-2000

1-10

G711

RT

90-120

100-200

50-100

0-2

0-0

200-400

0-2

G723

RT

20-30

50-150

50-100

0-1

0-0

100-300

0-1

G729

RT

30-45

50-150

50-100

0-1

0-0

100-300

0-1

Video streaming

RT

150-200

200-1000

50-100

1-5

400-2000

1-5

Ex. of QoS Profiles (Bg: background, Tr: transactional, RT: real-time; in each column: obj.-max.)

June 2009

Ipanema Technologies

4-77

Ipanema System

4. 10. 5. Configuring User Classes


Operating procedure table: settings, ip|true service , ip|fast service , ip|xcomp service , ip|xtcp
service , smart|path service
Users specify high-level business objectives through User Classes. The Customer traffic is
classified using a mix of the users applications and organization data. The User Class attributes
include:

business criticality,
QoS performance objectives (nominal bandwidth per application session, delay, jitter, packet
loss, SRT, RTT and TCP retransmission),
the enabling of compression.

The users objectives are the only input to the system. There is no need to set low-level, network
and device specific policy rules.
The Ipanema System performs:

the configuration of high-level QoS objectives (ip|boss),


the specific reporting to User Class (ip|engine, ip|reporter),
the optimization of the network in accordance with the User Classes (ip|fast).
the compression of the flows in accordance with the User Classes (ip|xcomp).
the TCP acceleration of the flows in accordance with the User Classes (ip|xtcp).
the smart path selection for the flows in accordance with the User Classes (smart|path).

User Classes are independent of ip|true, ip|fast, ip|xcomp, ip|xtcp, smart|path and smart|plan
services.
User Classes are given in a tree structure, each User Class is characterized by:

a name,
filters to define the rules of traffic classification corresponding to the User Class,
a criticality level to define the level of criticality associated to the application(s) in this User Class,
a QoS profile that enables QoS objectives for the application(s) in this User Class,
the capability to be compressed.
tjhe capability to be accelerated.
The position of the User Classes in the tree structure is important, it determines the
classification of the packets. The classification is performed by running the structure
tree downwards. The packet is classified with the first applicable classification met.
Other, included the whole classifications, is at the end of the tree.

The configuration of the User Classes is necessary for the good behavior of the optimization agent,
ip|fast.

4-78

Ipanema Technologies

June 2009

Configuring services

In the Application provisioning Toolbar, select

User classes:

The User Class window is displayed:

User Class window


This window contains:

A User Classes zone which shows the tree of User Classes,


A Properties zone which shows the configuration of the selected User Class,
A table zone which summarizes all the User Classes.

June 2009

Ipanema Technologies

4-79

Ipanema System

By clicking on the New icon

, the creation window of a User Class is displayed.

New User Class window


This window contains:

A zone with four tabs:

Dictionary filters,
Subnet filters,
ip|engine filters,
Advanced

The selection areas at the bottom of the window depend on the selected tab (see below).
A zone displaying the characteristics of the selected User Class:

Name of the User Class,


Business criticality: top, high, medium or low,
Compress: the compression capability for the flows belonging to the User Class,
Accelerate: the TCP acceleration capability for the flows belonging to the User Class,
QoS profile: the QoS profile that will apply to this User class (the QoS profile contains
the Type of traffic, the Bandwidth objective and maximum values, the D/J/L, RTT, SRT
and TCP retransmit objective and maximum values),
Sensitivity, Routine or Business: when the sites are connected through various
networks (e.g. MPLS and Internet), or use various Networks Access Points to the same
network, the Sensitivity is used in the path decision to route traffic to a NAP with at least
the same Trust Level (defined on the WAN accesses). The smart|path option must be
activated in the license.

A zone with multiple selection areas, that depend on the selected tab at the top of the window:
the first area (on the left) shows a list of elements of the Dictionaries (Applications,
ToS values), Subnets (source and destination) or ip|engines (ingress and egress) as
described in the system and managed by ip|boss
the second area (on the right) shows the selected elements for the User Class.
- A logical Or is applied for the different elements inside a filter (for example filter
Applications: HTTP or HTTPS).
- A logical And is applied for the different types of filters (for example Applications:
HTTP or HTTPS and subnet-src=LAN-192).

4-80

Ipanema Technologies

June 2009

Configuring services

Arrows are used to move the selected data from one area to the other (one by one or all at a
time).

4. 10. 5. 1. Dictionary filters tab

Dictionary filters tab


The tab comprises the filters which define the rules of traffic classification corresponding to the
User Class.
The tab contains:

an Application area: displays the list of the applications dictionary,


a TOS area: displays the list of the TOS dictionary.
Another way of mapping applications within User Classes is described in 4.10.6.
Applications mapping.
Description of the two areas of the tab: see description above.

June 2009

Ipanema Technologies

4-81

Ipanema System

4. 10. 5. 2. Subnet filters tab

Subnet filters tab


The tab comprises the filters which define the rules of traffic classification corresponding to the
User Class. It contains:

a Sources area: displays the list of User subnets directory,


a Destinations area: displays the list of User subnets directory.
Description of the two areas of the tab: see description above.

By selecting Subnets with this tab, you create local rules that will apply only to
those Subnets! Do this only if really needed. Otherwise, use global parameters only
(Dictionary filters).

4-82

Ipanema Technologies

June 2009

Configuring services

4. 10. 5. 3. ip|engine filters tab

ip|engine filters tab


This tab allows to configure the User Class per site (ip|engine) and per direction. It contains:

an Ingress zone: displays the ip|engines list as described in the directory (include the virtual
ip|engines),
an Egress zone: displays the ip|engines list as described in the directory (include the virtual
ip|engines),
Description of the two areas of the tab: see description above.

By selecting ip|engines with this tab, you create local rules that will apply only to
those ip|engines! Do this only if really needed. Otherwise, use global parameters only
(Dictionary filters).

June 2009

Ipanema Technologies

4-83

Ipanema System

4. 10. 5. 4. Advanced tab

Advanced tab
This tab contains two additional frames:

Compression type (the two options appear only if Compress is clicked):


RAM (or Zero Delay, according to the version): RAM-based compression is enabled.
Disk (or Standard, according to the version): Disk-based compression is enabled.
By default:,
only RAM-based compression is enabled for Real time and Transactional traffic (as
Disk-based compression can create a small latency),
both types of compressions are enabled for Background traffic.
We do not recommand to change the default settings without advice from the
Ipanema Support.

Smart|path: matching User classes sensitivities with WAN accesses Trust Levels depends on
a policy which can be changed for each User class thanks to this parameter:
Sensitivity policies allows to choose between different policies.
Refer to 4.9.7. System provisioning / Tools / Advanced configuration for a comprehensive
description of each one.
Default: the policy selected in System provisioning / Tools / Advanced
configuration will apply.
Preferred: the policy selected in System provisioning / Tools / Advanced
configuration will be overwritten by the Preferred policy for this User class.
Strict: the policy selected in System provisioning / Tools / Advanced configuration
will be overwritten by the Strict policy for this User class.
Protected: the policy selected in System provisioning / Tools / Advanced
configuration will be overwritten by the Protected policy for this User class.
Ordered: the policy selected in System provisioning / Tools / Advanced
configuration will be overwritten by the Ordered policy for this User class.

4-84

Ipanema Technologies

June 2009

Configuring services

4. 10. 6. Applications mapping


Mapping applications within User Classes can be achieved in two different ways:

Using the Dictionary filters tab when configuring User Classes, as described above.
Using the Application mapping functionality.

To access the Application mapping functionality, in the Application provisioning Toolbar, select
Application mapping.
The Mapping of applications within User classes window is displayed.

Mapping of applications within User classes


The maps show the behavior of the whole network at a glance. These graphical views use squares
with a size depending on the throughput and a color code depending on the quality of the flows (the
Application Quality Score is calculated from weighted colors: Red = 0, Orange = 5, Green = 10).
At each collect from the ip|engines, the map is refreshed.

This window contains the map itself plus the following buttons:

: no access,

: to export in a text file the list of the flows,

: to move the application to another User class,

: to get the list of flows corresponding to the square area in the window (refer to the real
time flows list below),

June 2009

Ipanema Technologies

4-85

Ipanema System

: to zoom in the map,

: to zoom out of the map,

: to reset the zoom (zooms out to the top level),

: to show the label inside the squares,

: to show the label on top of the squares,

: to show the help.

At the first zoom level, the map displays the full traffic with a main square per User class and a
sub-square per application.
The zoom in, zoom out and reset zoom functions can be accessed using the right
button on the mouse on the ip|boss Java Client.

By moving the mouse on a square, a contextual text shows the description of the square:

Contextual text

4-86

User class: User class of the application,


Application: name of the application,
Volume: number of bytes exchanged by the application,
AQS: the Application Quality Score is calculated with the SLA defined in the QoS profiles; the
notation is calculated with weighted colors (Red = 0, Orange = 5, Green = 10).

Ipanema Technologies

June 2009

Configuring services

4. 10. 7. Configuring LTL (Local Traffic Limiting)


Operating procedure table: ip|fast service
The LTLs (Local Traffic Limiting) allow traffic limiting rules to be configured for each site, when
this is necessary. These rules take the enterprise organization, user subnets and the applications
implemented between these different entities into account. They are used by ip|fast (optimization).
These rules are defined for outgoing (LTL Ingress) or incoming (LTL Egress) traffic on the selected
site.
LTLs are used to:

limit the bandwidth used by the different networks of the departments, services (user subnets)
or applications according to specific criteria taking the following constraints into account:

source subnet,
remote subnet,
applications,
TOS/CP values.

Traffic Limiting is given in a tree structure, each LTL is characterized by:

a name,
filters to define the rules to classify the traffic corresponding to the LTL,
a limit on the bandwidth that can be used by the class.
The LTL rules are enabled only if ip|fast is activated on the ip|engine.

In the Application provisioning Toolbar, select

LTL.

The Local Traffic Limiting Tree window is displayed.

Local Traffic Limiting Tree window


This window contains an LTL tree structure per ip|engine.
To create a new policy, select the ip|engine, the direction (ingress or egress), then by clicking on
the New icon

June 2009

, the creation window of a new LTL is displayed:

Ipanema Technologies

4-87

Ipanema System

Local Traffic Limiting window

This window contains the following input boxes:


Name: Name of the LTL policy,
Local Traffic Limiting:
Maximum bandwidth (kbps): to specify the limit bandwidth for a LTL,
If the value 0 is specified, in this case all the traffic is dropped.

Limited: to enable or disable the limiting rule,


Filters: to specify filtering rules for traffic that are associated with an LTL:
Source user subnet: to filter traffic according to source User subnet. It is
selected from a drop-down list corresponding to the "User subnets" directory,
Destination user subnet: to filter traffic according to destination User subnet. It
is selected from a drop-down list corresponding to the "User subnets" directory,
Application: to filter traffic according to application(s). It is selected from a
drop-down list corresponding to the "Applications" dictionary,
TOS/CP: to filter traffic according to the value of the TOS field. This value
specified in the "TOS/CP" dictionary, is selected from a drop-down list.

4-88

Ipanema Technologies

June 2009

Configuring services

4. 11. REPORTING
4. 11. 1. Configuring MetaViews
Operating procedure table: settings, service ip|true, service ip|reporter
The Metaviews are objects used to show the data according to your criteria (topology,
applications...) in order to be used by external reporting tools (including ip|reporter) and to
trigger logs, traps or e-mails when certain thresholds are surpassed (Alarming). The MIB will be
populated according the settings of the Metaviews.
Metaviews show information about the traffic or availability according to the following criteria:

In the Configuration tab:

a (list of) source site(s),


a (list of) source site(s) and a (list of) destination site(s),
a (list of) source ip|engine report key(s),
a (list of) source ip|engine report key(s) and a (list of) destination ip|e report key(s),
a (list of) source Network Access Point(s),
a (list of) source NAP(s) and a (list of) destination NAP(s),
a (list of) source WAN access report key(s),
a (list of) source WAN access report key(s) and a (list of) destination WAN access report
key(s),

In the User subnets tab:


a (list of) source user subnet(s),
a (list of) source user subnet(s) and a (list of) destination user subnet(s),

In the Traffic classification tab:


a (list of) application(s),
a (list of) User Class(es),
a (list of) criticality(ies),

and any complex definition with the previous parameters, using several fields and, possibly,
several tabs.

For example, a Metaview can aggregate the data on the Domain (no filter), but another metaview
could detail the behavior between 2 subnets and a particular application.
ip|reporter uses the Metaviews for the reports creation and data collection.
Two modes of Metaview creation are available:

unitary mode: allows to create Metaviews one by one with your own naming rules. This mode
can be used in order to create a troubleshooting Metaview with complex filters (for example a
destination site, a source site and a specific application),
wizard mode: allows to create a big number of Metaviews with automatic naming rules and
simple filter (for example: one Metaview for each user subnet of the Domain).
Metaviews for the Domain, the Physical sites, the Virtual sites and the User classes are
automatically created by the system (as soon a new Domain, a new Physical site, a
new Virtual site or a new User class is created, respectively).
As a consequence, only one Metaview needs to be created manually in the window
below (the one that will be used to troubleshoot Telnet between Factory and
Headquarters, on the sixth line).

The Metaview name is used by ip|reporter to name the instances of the reports.

June 2009

Ipanema Technologies

4-89

Ipanema System

In the Reporting Toolbar, select

Metaview.

The Metaview window is displayed.

Metaview list window


This window contains the Metaview list created and the parameters for each one.

4-90

Ipanema Technologies

June 2009

Configuring services

4. 11. 1. 1. Metaview creation in unitary mode


By clicking on the New icon

, the creation window is displayed

Metaview creation window


This window contains:

The Name of the Metaview, used by ip|reporter to name the instances of the reports,
The Type: as this function is used to create a Metaview on demand, the field always displays
on demand.
Used for ip|export: the data collected for this Metaview will be provided to ip|export, if clicked.
A zone with three tabs:
Configuration,
User Subnets,
Traffic classification.

Each tab contains two areas:

the first area (on the left) shows a list of elements (ip|engines, Keys, User subnets, Applications,
User Classes, etc.), as described in the system and managed by ip|boss
the second area (on the right) shows the selected elements for the Metaview.
A logical Or is applied for the different elements inside a filter.
A logical And is applied for the different types of filters.

Some arrows are used to move the selected data from one area to the other, one by one (using
the single arrows) or all at a time (using the double arrows).

June 2009

Ipanema Technologies

4-91

Ipanema System

4. 11. 1. 1. 1. "Configuration" Tab

Configuration tab
This tab comprises the filters which define the rules of traffic topologies corresponding to the
Metaview (from Site A to Site B, etc.). It contains the following areas:

Site A: displays the ip|engines list as described in the configuration (includes the virtual ones),
Reminder: Metaviews for the Sites are automatically created by the system.

Site B: displays the ip|engines list as described in the directory (includes the virtual ones),
This list is available only if at least one site in Site A is selected.

4-92

Engine Report Key A: displays the ip|engine report key list as described in the configuration,

Ipanema Technologies

June 2009

Configuring services

Engine Report Key B: displays the ip|engine report key list as described in the configuration,
This list is available only if at least one ip|engine report key in Engine Report Key
A is selected.

NAPid A: displays the Network Access Points list as described in the configuration,
NAPid B: displays the Network Access Points list as described in the configuration,
This list is available only if at least one Network Access Point in NAPid A is selected.

WAN Access Report Key A: displays the WAN Access report key list as described in the
configuration,
WAN Access Report Key B: displays the WAN Access report key list as described in the
configuration,
This list is available only if at least one WAN Access report key in WAN Access
Report Key A is selected.

4. 11. 1. 1. 2. "User Subnets" Tab

User Subnets Tab


This tab comprises the filters which define the rules of traffic topologies corresponding to the
Metaview (From User Subnet A to User Subnet B). It contains the following areas:

User Subnet A: displays the User subnets list as described in the configuration,
User Subnet B: displays the User subnets list as described in the configuration.
This list is available only if at least one subnet in User Subnet A is selected.

June 2009

Ipanema Technologies

4-93

Ipanema System

4. 11. 1. 1. 3. "Traffic classification" Tab

Traffic classification Tab


This tab comprises the filters which define the rules of traffic classification corresponding to the
Metaview. It contains the following areas:

Application: displays the applications list as described in the configuration,


User Class: displays the User Classes list as described in the configuration,
Reminder: Metaviews for the User classes are automatically created by the system.

4-94

Criticality: displays the criticality list as described in the configuration (from Top to Low).

Ipanema Technologies

June 2009

Configuring services

4. 11. 1. 2. Metaview creation in wizard mode


By clicking on the Wizard icon

, the multiple creation window of Metaviews is displayed.

Wizard Metaview window


This window contains:

A zone with three tabs:


Configuration,
User Subnets,
Traffic Classification.

Each tab contains two areas:

the first area (on the left) shows a list of elements (ip|engines, Keys, User Subnets, User
Classes, etc.) as described in the system and managed by ip|boss,
the second area (on the right) shows the selected elements for the Metaviews.

Some arrows are used to move the selected data from one area to the other (one by one or all at
a time).
By selecting several elements in each list, the system will create the Metaviews
according to combinative selected criteria.

The wizard mode automatically manages the naming rules (the name varies according to the
selected elements).

June 2009

Ipanema Technologies

4-95

Ipanema System

4. 11. 1. 2. 1. "Configuration" Tab

Configuration Tab
Configuration Tab window: see above.
This tab comprises the filters which define the rules of traffic topologies corresponding to the
Metaviews (From/to Site A, from/to Key ). It contains the following areas:

4-96

Site: displays the ip|engines list as described in the configuration (includes the virtual ones),
Reminder: Metaviews for the Sites are automatically created by the system.
Key: displays the ip|engines report keys list as described in the configuration,
NAP id: displays the Network Access Points as described in the configuration,
Network report key: displays the WAN access report keys as described in the configuration.

Ipanema Technologies

June 2009

Configuring services

4. 11. 1. 2. 2. "User subnets" Tab

User Subnets Tab


This tab comprises the filters which define the rules of traffic topologies corresponding to the
Metaview (From/to User Subnets). It contains the following area:

User Subnets: displays the User subnets list as described in the configuration.

4. 11. 1. 2. 3. "Traffic classification" Tab

Traffic classification Tab


This tab comprises the filters which define the rules of traffic classification corresponding to the
Metaviews. It contains the following areas:

Application: displays the applications list as described in the configuration,


User Class: displays the User Classes list as described in the configuration,
Reminder: Metaviews for the User classes are automatically created by the system.

Criticality: displays the criticality list as described in the configuration (from Top to Low).

June 2009

Ipanema Technologies

4-97

Ipanema System

4. 11. 2. Configuring Reports (ip|reporter)


Refer to Chapter 7, 7.2.5. Reports Management.

4-98

Ipanema Technologies

June 2009

Configuring services

4. 11. 3. Configuring Alarming


Operating procedure table: settings, service ip|true
The Alarming feature uses the Metaviews for the alarms creation.
In the Reporting Toolbar, select

Alarming.

The Alarming window is displayed:

Alarming window
This window contains three frames:

Rule <Domain name>: the list of created rules on the Domain,


Alarm: the list of created alarms based on those rules,
Help: available metrics: the metrics and operators to be used in the rules.

An alarm is the instantiation of a rule (when does the alarm trigger/rearm?) on a Metaview (on what
objects - sites, User classes, etc. - does the rule apply?).
Creating an alarm is achieved in three steps:

creating a rule,
associating a rule to a Metaview,
activating logs and/or mails and/or traps on alarming events.

June 2009

Ipanema Technologies

4-99

Ipanema System

4. 11. 3. 1. Rule creation


By clicking on the New button

in the Rule frame, the AlarmRule creation window is displayed:

AlarmRule creation window


This window contains an input zone with the following fields:

Name: name of the rule; it must be unique.


Actions: 3 click boxes to activate (when the boxes are checked):
a Log
and/or a Mail
and/or a Trap

when an alarm triggers or rearms.


Severity: to choose the severity of the alarm from a drop-down list:

Information: informational messages,


Clear: establishment of a normal status,
Warning: possible error or incident; e.g. good (but not excellent) quality (AQS < 9),
Minor: low-priority error or incident; e.g. average quality (AQS < 8.4),
Major: high-priority error or incident; e.g. poor quality (AQS < 7),
Critical: very high-priority error or incident; e.g. unacceptable quality (AQS < 5).

Description: text description of the alarm.


2 frames:
Trigger: to define the rule that will trigger the alarm:
Trigger threshold: the threshold that will trigger the alarm,
Trigger occurrences: the number of consecutive collects (by default, 1 collect
= 1 minute; refer to section 3.5.1. Create a Domain) that are necessary for this
threshold to be reached before triggering the alarm.
Rearm: to define the rule that will rearm the alarm:
Rearm threshold: the threshold that will rearm the alarm,
Ream occurrences: the number of consecutive collects (by default, 1 collect =
1 minute) that are necessary for this threshold to be reached before rearming
the alarm.

When a rule is created, an Identifier is automatically attributed to it by the system, that can be seen
in the Alarming window (Ident).

4-100

Ipanema Technologies

June 2009

Configuring services

Rules syntax
The description of a threshold must respect the following grammar:
exp ::= prefixexp
exp ::= number
exp ::= exp binop exp
exp ::= unop exp
prefixexp ::= var | ( exp )
Examples:
lan_ingress_packet_loss > 5
wan_egress_throughput > 1000
wan_ingress_throughput > 0.2 * ingress_wan_access_ingress

Numbers can be integers or decimals. Examples: 0; 3; 3.14156; 10


Variables (var) represent the metrics.
Metrics naming rule: [lan/wan]_[ingress/egress]_metric

Name

Unit

Name

Unit

ingress_tcp_rtt_min

ms

lan_egress_min_delay

ms

ingress_tcp_rtt_avg

ms

lan_egress_avg_delay

ms

ingress_tcp_rtt_max

ms

lan_egress_max_delay

ms

egress_tcp_rtt_min

ms

lan_egress_jitter

ms

egress_tcp_rtt_avg

ms

lan_egress_sessions

number

egress_tcp_rtt_max

ms

wan_ingress_throughput

kbps

ingress_tcp_srt_min

ms

wan_ingress_packet_loss

ingress_tcp_srt_avg

ms

wan_ingress_min_delay

ms

ingress_tcp_srt_max

ms

wan_ingress_avg_delay

ms

egress_tcp_srt_min

ms

wan_ingress_max_delay

ms

egress_tcp_srt_avg

ms

wan_ingress_jitter

ms

egress_tcp_srt_max

ms

wan_egress_throughput

kbps

ingress_tcp_retransmit

wan_egress_packet_loss

egress_tcp_retransmit

wan_egress_min_delay

ms

lan_ingress_throughput

kbps

wan_egress_avg_delay

ms

lan_ingress_goodput

kbps

wan_egress_max_delay

ms

lan_ingress_packet_loss

wan_egress_jitter

ms

lan_ingress_min_delay

ms

quality_ingress

010

lan_ingress_avg_delay

ms

quality_egress

010

lan_ingress_max_delay

ms

mos_ingress

05

lan_ingress_jitter

ms

mos_egress

05

lan_ingress_sessions

number per s

ingress_wan_access_ingress

kbps

lan_egress_throughput

kbps

ingress_wan_access_egress

kbps

lan_egress_goodput

kbps

egress_wan_access_ingress

kbps

lan_egress_packet_loss

egress_wan_access_egress

kbps

Metrics used

June 2009

Ipanema Technologies

4-101

Ipanema System

Binary and unary operators (binop and unop) consist of arithmetical, relational and logical
operators.
arithmetical operators are:

addition

multiplication

modulo

subtraction

division

negation (unary)

relational operators are:


==

equal to

<

less than

<=

less than or equal to

~=

different from

>

greater than

>=

greater than or equal to

logical operators are:


or

and

not (unary)

priorities between operators are (from low priority to high priority):

1.
2.
3.
4.
5.
6.

or
and
< > <= >= ~= ==
+*/%
not - (unary)

A rule is validated when committed; a mistake will trigger an Error message window.

4-102

Ipanema Technologies

June 2009

Configuring services

4. 11. 3. 2. Alarm creation in unitary mode


By clicking on the New button
displayed:

in the Alarm frame, the single Alarm creation window is

Single Alarm creation window


This window contains an input zone with the following fields:

Rule: drop-down list, to choose the rule to apply.


Metaview: drop-down list, to choose the Metaview on which the rule will apply.
Administrative state: to enable or disable the selected rule on the selected Metaview.

4. 11. 3. 3. Alarm creation in wizard mode


This creation mode allows to create a package of alarms for several Metaviews. This mode could
be used in the initial creation step (instead of the unitary mode).

By clicking on the Wizard icon


displayed:

in the Alarm frame, the multiple creation window of Alarms is

Alarm creation Wizard window


This window contains:

a zone with multiple selection for the Alarm rules,


a zone with multiple selection for the Metaviews.

The first area (on the left) shows the list of elements (Alarm rules and Metaviews), the second
area (on the right) shows the selected elements.
Some arrows are used to move the selected data from one area to the other.
By selecting several elements in each list, the system will create the Alarms according to
combinative selected criteria.

June 2009

Ipanema Technologies

4-103

Ipanema System

4. 11. 3. 4. Enabling logs/mails/traps


So that alarming events can be logged and/or sent by e-mail and/or trapped, according to the
selected Actions, Log and/or Mail and/or Trap must be enabled in the Options window (see
OPTIONS - FAULT MANAGEMENT below).

4. 11. 3. 5. Operation
Using the alarms triggered by ip|boss is achieved with external tools, according to the selected
Actions:

text editor or script for the logs,


e-mail client for the mails,
SNMP manager for the traps.

When an alarm is triggered or rearmed, the following information is available (in a log, an e-mail or
a trap):

the name of the Domain,


the rule identifiers (Ident and Name),
the MetaView (Ident and Name),
the ip|engine (Name and public IP address),
the rule with the value of the metrics; for example, if the rule wan_egress_throughput > 1000
triggered an alarm because its value is 2000, it is displayed like this: wan_egress_throughput
[2000] > 1000.

Alarms are sent by pair: trigger when the first threshold is reached, rearm when the second is.

In the logs and trap, one line is generated per alarm.


For the mail, only one mail is sent, containing all the alarms.

SNMP trap: example

4-104

Ipanema Technologies

June 2009

Configuring services

4. 12. SUPERVISION OPTIONS


4. 12. 1. Configuring Fault Management
Operating procedure table
In the Supervision Toolbar, select

Options.

The Options window is displayed:

The Options list window


This window contains three tabs:

Activation: specify how to manage the Supervision events and the Traffic alarming events.
Mail (e-mail): Supervision and/or Traffic alarming events can be mailed to a list of recipients
configured in ip|boss; it uses its own mailing command.
Trap (SNMP Trap): Fault management traps generated by ip|boss on Supervision and/or Traffic
alarming events are sent to configured SNMP managers.

It gives access to the fault management parameters.

June 2009

Ipanema Technologies

4-105

Ipanema System

You can manage the Supervision events. They consist of an alarm (log, mail or trap) in case of
system events like:
LicenseExpiration

ip|boss license expiration will occur

Start

ip|boss has been started

Stop

ip|boss has been stopped

Update

ip|boss has been updated

Upgrade

an ip|engine has received upgrade order

Reboot

an ip|engine has been rebooted

BeginOfDownStatus

an ip|engine is down

EndOfDownStatus

an ip|engine is up after a previous down status

BeginOfSynchronizationLoss

an ip|engine has lost its synchronization

EndOfSynchronizationLoss

an ip|engine is up after a previous synchronization loss

CertificateExpiration

ip|boss X509 certificate expiration will occur

RestartByRecover

ip|boss has been restarted by recover mode

IpReporterManagerIsDown

ip|reporter Manager service is down

IpReporterCollectorIsDown

ip|reporter Collector service is down

IpReporterBrowserIsDown

ip|reporter Browser service is down

IpReporterManagerIsUp

ip|reporter Manager service is up

IpReporterCollectorIsUp

ip|reporter Collector service is up

IpReporterBrowserIsDown

ip|reporter Browser service is down

IpReporterBrowserIsUp

ip|reporter Browser service is up

BeginOfNotReachableStatus

an ip|engine is physically down (network link is down)

EndOfNotReachableStatus

an ip|engine is physically up after a previous physical down status

MetaViewColors

the MetaView is green

BeginOfCompressDownStatus

an ip|engine has compression down

EndOfCompressDownStatus

an ip|engine has compression up

BeginOfUncompressDownStatus

an ip|engine has uncompression down

EndOfUncompressDownStatus

an ip|engine has uncompression up

BeginOfLanLinkDownStatus

an ip|engine has LAN interface down

EndOfLanLinkDownStatus

an ip|engine has LAN interface up

BeginOfWanLinkDownStatus

an ip|engine has WAN interface down

EndOfWanLinkDownStatus

an ip|engine has WAN interface up

Events (ip|engines are identified with Alias, IP Address and Domain name)
You can manage the Traffic alarming events. They consist of an alarm (log, mail or trap) in case
of an alarm triggered or rearmed (see CONFIGURING ALARMING above).

4-106

Ipanema Technologies

June 2009

Configuring services

The Options window contains three tabs:

4. 12. 1. 1. "Activation" tab

The Activation tab


The tab contains three frames:

Log: to enable or disable the log of events:


Supervision events (see above):
Enable: to log the Supervision events in ip|boss log file,
Disable: not to log the Supervision events.
Traffic alarming events (see above):
Enable: to log the Alarming events in ip|boss log file,
Disable: not to log the Alarming events.

Mail:
Supervision events:
Enable: to send e-mails on Supervision events,
Disable: not to send e-mails on Supervision events.
Traffic alarming events:
Enable: to send e-mails on Alarming events,
Disable: not to send e-mails on Alarming events.

Trap:
Supervision events:
Enable: to trap the Supervision events,
Disable: not to trap the Supervision events.
Traffic alarming events:
Enable: to trap the Alarming events,
Disable: not to trap the Alarming events.

June 2009

Ipanema Technologies

4-107

Ipanema System

4. 12. 1. 2. "Mail" tab

The Mail tab


The tab contains:

Sender address: to define the sender e-mail address; must be enquired,


Outgoing mail server (SMTP): to define the outgoing mail server,

Recipients: to see the list of destinations (use the New button

to add some entries).

E-Mail: e-mail address of the destination.


An alarm message gives the following data:

Subject: ip|boss, the Origin (see table above) and the alarm type,
Alarm timestamp (time when alarm was detected),
description: optional comments on the alarm.

The Origin and Type fields are included in the subject of the mail. The Description field is included
into the body of the mail. The Field format is <Domain><Type><Origin><Events>.
Mail examples:
Object : HMS : ip|boss - OSS - Cold Start
Date : 26/03/02 13:42:42 Paris, Madrid
From: ipboss@ipanematech.com
To: support@ipanematech.com
ip|boss System has been started by DOC on 26/03/2002 at 13:43:47.
Configuration file is: C:\program files\server\domains\HMS\config\__active__.ipmconf.
Object : HMS : ip|boss - OSS - Stop
Date : 26/03/02 13:43:52 Paris, Madrid
From: ipboss@ipanematech.com
To: support@ipanematech.com
ip|boss System and ip|engine have been stopped by DOC on 26/03/2002 at 13:45:11.
Object : HMS : ip|boss - ip|engine - End of ip|fast down status
Date : 26/03/02 14:06:25 Paris, Madrid
From: ipboss@ipanematech.com
To: support@Ipanematech.com
ip|fast is up on following ip|engine on 26/03/2002 at 14:07:43 : - HQ (192.169.0.100)

4-108

Ipanema Technologies

June 2009

Configuring services

4. 12. 1. 3. "Trap" tab

The Trap tab


The tab contains the following field:

Hostname: IP address of the SNMP manager (use the New button

June 2009

Ipanema Technologies

to add some entries).

4-109

Ipanema System

4. 13. SYSTEM ADMINISTRATION


4. 13. 1. Configuring User profiles
Operating procedure table: Management,
When starting ip|boss client, the user must authenticate in order to connect on the Domain. In
order to allow many users to work with the Ipanema System, it is possible to create several users
with different profiles.
In the System administration Toolbar, select

User:

The User list window is displayed.

User list window


The settings made in this window enable for each user some specific rights.
After a standard installation, only the account administrator is created (default
password: admin).
Authentication is made by a login and a password, these login and password are specific
parameters for each Domain.
During the authentication step, if a user is already connected to ip|boss, then a
message is displayed and proposes to disconnect the user:

Yes: forces the disconnection of the previous user,


No: stops the connection step to ip|boss.

A resource is released when the update operation is made by the user.

By clicking on the New button

4-110

, the creation window of a new User is displayed.

Ipanema Technologies

June 2009

Configuring services

User window
This window contains input fields:

Name: login name (character string),


Password: password associated to the user login name (character string),
Confirm Password: confirm the password associated to the user login name (character string),
a click box zone to define the user profile, that is his or her rights (no access / read only /
read/write) for the 7 functions of the system:
A user profile can cumulate several function, for example Service activation +
Supervision + Application provisioning.

Functions

Rights

System Administration

Users
Automatic reporting
Security

Service activation

Start/stop ip|engines (measurement, ip|true)


Start/stop ip|fast (optimization)
Start/stop ip|coop (cooperative optimization of the virtual ip|engines)
Start/stop ip|xcomp (compression)
Start/stop ip|xtcp (TCP acceleration)
Start/stop ip|xapp (application acceleration)
Start/stop smart|plan

Supervision

ip|engines status
Supervision map
Log file
Options (Mail, SNMP trap)

Helpdesk

Maps
Discovery
Real time flows

Reporting

Metaviews
ip|reporter (reports)
Alarming

June 2009

Ipanema Technologies

4-111

Ipanema System

Application provisioning

Users Subnets
Applications
ToS (type of service)
User Class
QoS profile
LTL (local traffic limiting)

System provisioning

ip|engines
Topology Subnets
WAN access
Coloring
ip|sync
Tools (upgrade, script, reboot, security status)
User Profile

4. 13. 2. Configuring Automatic reporting


Refer to Chapter 7, 7.2.5. Reports Management.

4-112

Ipanema Technologies

June 2009

Configuring services

4. 13. 3. Configuring Security


Ipanema System security features are based on SSL and SSH protocols, plus tools for key
generation and distribution. ip|boss to ip|engines communications are secured.
SSL protocol is used for downloading the configuration file from ip|boss to ip|engines,
monitoring of ip|engines by ip|boss and collecting the measurement data from ip|engines. Both
authentication and encryption are used. The HTTPS protocol is used for the exchanges.
Ipanema System allows for three different security levels to be implemented.

4. 13. 3. 1. First level (default mode)


The customer uses the default factory certificate (Qosmart). Communications are secured.
Nevertheless, as the certificate is not unique to the customer, the security level is not at its
maximum.
To start Ipanema System, just make the configuration and start the session.

4. 13. 3. 2. Second level


The customer defines his own certificate. This is done centrally from ip|boss or from a customers
certificate generator. Certificate installation on ip|engines is handled from ip|boss and does not
require a local access to the ip|engines.
Communications are secured. Unauthorized people will not be able to enter the system nor to read
and interpret configuration or measurement data.
Procedure
This procedure requires ip|boss Java client.

1. In the Toolbar, select


Security and go the Certificate generation tab.
2. Define the key/certificate name and its characteristics in the Certificate generation window.
The Validity Period parameter is displayed in the About window.
3. Select the tab Configuration.
4. Define the encryption (algorithm) in Configuration window. Click on OK.
5. The key/certificate file are recorded in the directory ~/ipboss/server/
domains/<Domain_Name>/Security. It is recommended to make a backup on an
external media.
6. The second level of security is taken into account. Several minutes are necessary to activate
it on the ip|engines.
7. The customer can see the ip|engines status by selecting Tools in the Toolbar tab Security
status .

4. 13. 3. 3. Third level


The customer defines his own certificate AND a passphrase. This requires not only an ip|boss
certificate installation, but also to have local access to all ip|engines in order to setup the
passphrase configuration.
Communications are secured. Combination of certificate and local passphrase provides for highest
level of security, provided that passphrase is properly managed.
Procedure
This procedure requires ip|boss Java client.

1. The procedure (steps 1 to 5) is similar to the procedure of the second level, except that the
customer selects and defines a passphrase in Security/Certificate Generation window.

June 2009

Ipanema Technologies

4-113

Ipanema System

2. Configure the associated ip|engines. THE SAME PASSPHRASE MUST BE USED for the
ip|boss and the ip|engine to allow the SSL connections between ip|boss and ip|engine. This
passphrase should be configured on all ip|engines of the Domain.
3. Before using this command, check the system Administrator to obtain the same
passphrase as ip|boss.

Command usage:
sslpassphrase
usage: sslpassphrase set
sslpassphrase reset
Copyright (c) Ipanema Technologies 2000-2005
Set the passphrase:
sslpassphrase set
Enter old SSL passphrase:
Enter new SSL passphrase: *******************
Confirm new SSL passphrase: ******************
Passphrase has been changed
Do you want to restart HTTP Server with new passphrase now [y/n]?
y

4. 13. 3. 4. Configuring ip|boss-ip|engines security


Operating procedure table: Management
This procedure requires ip|boss Java client.

In the System administration Toolbar, select

Security.

The security of ip|boss-ip|engines communication is managed by ip|boss and is defined by:

the keys and certificates generation,


the algorithm (security level according to the laws) selection,

To secure these communications, the user:

step 1) defines the certificate name. Under this name, 4 files are generated:
the private key: <alias>.isk (Ipanema Server Key) in the Security directory
(~/ipboss/server/domains/<Domain Name>/Security). If a passphrase was provided,
the key has been encoded with the passphrase in the file,
The same passphrase should be also entered on all ip|engines of the
Domain.

the certificate: <alias>_isc.crt (Ipanema Server Certificate) in the Security directory


(~/ipboss/server/domains/<Domain Name>/Security) corresponding with the created
key,
the private key: <alias>.ick (Ipanema Client Key) in the Security directory
(~/ipboss/server/domains/<Domain Name>/Security),
the certificate signed by the key: <alias>_icc.crt (Ipanema Client Certificate) in the
Security directory (~/ipboss/server/domains/<Domain Name>/Security) corresponding
to the created key,

4-114

step 2) defines the algorithm (encoding mode or not) used for communication encryption
between ip|boss and ip|engines,

Ipanema Technologies

June 2009

Configuring services

ip|boss adds the ip|engine certificate in the authorized certification list.

4. 13. 3. 4. 1. "Security certificates generation" tab


Operating procedure table: Management
In the Toolbar, select

Security and go to the Security certificate generation tab.

The Security certificate generation is displayed.

Security certificate generation window


This window contains:

Certificate group box with the Name: name (without extension) of the key/certificate,
Key group box with:
the field Size: choice of the key size: 512, 1024 (by default), 2048,
the field Passphrase: to enter the passphrase. The selection displays the Security
Generation dialog box.

If used, the same passphrase must be used for ip|boss and all the
ip|engines of the Domain.

June 2009

Ipanema Technologies

4-115

Ipanema System

Identification group box with:

Country name (2 letter code)


State or province name (full name)
Locality name (eg. city)
Organization name (eg. company)
Organization unit name (eg. section)
Common name (eg. YOUR name)
Email address
Validity period (in month): choice of the validity period of the security certificate: 6, 12,
18 (by default), 24, always (until 2037)
All the fields should be fulfilled.

and command buttons:


Ok: to generate the private and public keys (Server and Client) with the associated
certificates Server and Client), recorded in files stored in the Security directory,
Close: to cancel any changes made,

4. 13. 3. 4. 2. "Configuration" tab


Operating procedure table: Management
In the Toolbar, select

Security and go to the Configuration tab.

The Configuration window is displayed.

Configuration window
The configuration specifies to ip|boss which certificate of the Security directory to use and which
algorithm to associate in SSLv3 with RSA authentication. This window defines the encryption
applied to the communications.
The window contains:

4-116

Certificate group box with the Name: name (without extension) of the key/certificate to choose
in the drop-down list. With this name, ip|boss finds the .isk, .isc, .isk and .icc files.
Algorithm group box: click in the corresponding case (Selection) to select the encryption
algorithms to be applied between ip|boss and the ip|engines.
The algorithms are listed in security level order, NULL SHA is selected by default.

Ipanema Technologies

June 2009

CHAPTER 5. IPANEMA SYSTEM


SUPERVISION
Document organization
This chapter gives system software application procedures: starting/closing the applications,
ip|engines and security supervision, upgrading software version, rebooting ip|engines and
launching script.

5. 1. STARTING AND CLOSING IP|BOSS CLIENT


5. 1. 1. Starting ip|boss web client application
To start ip|boss web client, enter the following URL: https://<ip|uniboss_server>/ipboss_portal
(ip|uniboss is the web portal for ip|boss).
For security reasons, the use of HTTPS is mandatory.

Connection screen

The connection window has two fields:


User name: the name of the user,
Password: the password of the user.

June 2009

Ipanema Technologies

5-1

Ipanema System

The user administrator with password admin is defined by default.

Multiple user access


Several users can access for consultation the ip|boss server at the same time.
If two or more users make one of the following operations:

Create
Set
Delete

Then the resource is granted to the first user that attempts the operation and a message is sent to
the other users to inform them that the resource is busy.
Thus, the second or other user can:

Abort the operation and try later when the resource is available
OR
Preempt the resource.

When the resource is preempted by a user then the first used is automatically disconnected.
A resource is released when the update operation is made by the user.

5. 1. 2. Closing ip|boss web client application


Operating procedure table
From the Main window, select the

Quit button to close the client application.

On the Java client, select the File menu, then the Quit option.

A dialog box appears for confirmation. If changes were made without being saved, it tells you.

5-2

If you select Yes : you quit the client application but the ip|boss server is still processing.
However, modifications will be lost if you do not save or update the configuration.
If you select No : you stay in the client application.

Ipanema Technologies

June 2009

Ipanema System supervision

5. 2. SUPERVISION
5. 2. 1. ip|boss main window (web client)

ip|boss main window (web client)


The Ipanema System supervision is accessible from the Main window. Refer to 4.5.2 Status zone
in 4.5 ip|boss main screen description.
Depending on license rights, some zones may be greyed out.
In case of an error the concerned indicator light is displayed in amber or red.
Table: status information

June 2009

Ipanema Technologies

5-3

Ipanema System

Indicator
lights

Service
status

Agent status

Causes

Discovery
Connection

Grey
Yellow

off or status
not available
on

No Discovery in process or
status is not available
Discovery in process

Limiting
Connection

Grey

off or status
not available

No Local Traffic Liming in


process or status is not
available

Yellow

on

One LTL rule (or more) is


enabled

Green

on

The server is reachable

Red

on

The server is unreachable

Green

on

The license is respected

Red

on

The license is not respected

ip|boss

Connection

License

Network connectivity problem


between ip|boss server and
ip|boss client, or: ip|boss
server is down
The number of ISUs exceeds
the total ISU credit

On the Java client, two additional LEDs are available:


Collector

SNMP
agent

Green

on

The collect of measures from


ip|engines is running

Red

on

The collect of measures from


ip|engines is active, but
down

Green

on

ip|boss SNMP agent is


active and up

Red

on

ip|boss SNMP agent is


active, but down

Green

on

All ip|engines are reachable

Yellow

on

Minimum one ip|engine is


not reachable

ip|engines

Reachable

5-4

Ipanema Technologies

Network connectivity problem


between ip|boss and
ip|engine (firewall, WAN
link breakdown, ip|engine
power off or failure)

June 2009

Ipanema System supervision

overload

Synchronized

Red

on

Grey

off

Grey

off

No ip|engine is overloaded

Red

on

Minimum one ip|engine is


overloaded

Green

on

Server OK and all ip|engines


are synchronized

Yellow

on

Server OK and at least one


ip|engine is not synchronized

Synchronization in progress,
temporary synchronization
loss

Red

on

Server NOK or all ip|engines


are not synchronized

Synchronization in progress,
temporary synchronization
loss or server not available

Grey

off or status
not available

Indeterminate

Service stopped, status not


available

All ip|engines are


unreachable

Network connectivity problem


between ip|boss and
ip|engines (firewall, WAN
link breakdown..)
Service stopped, status not
available
The ip|engine WAN
throughput exceeds the
specification of the hardware

ip|reporter

Database

server

June 2009

Green

on

The database is operational

Yellow

on

Synchronization running
between ip|boss and
Infovista

Grey

off

ip|reporter not available in


the license file

Red

on

no access to the reports


description (in the
reports_desc.ipmsys file
in ~/salsa/ipboss/server/conf
on ip|boss server), or the
reports description does not
match the installed library
(VistaViews loaded from
ip|reporter CD-ROMs ivl
directory)

Green

on

All activated services


are operational (InfoVista
Collector and Manager)

Yellow

on

At least one activated service


is not operational (InfoVista
Manager is Down)

Ipanema Technologies

Problem with the InfoVista Manager, see the


log file .../InfoVista/Essentials/log/manager.log

5-5

Ipanema System

Red

on

All activated services are


not operational (InfoVista
Collector and Manager are
Down)

Grey

off

ip|reporter not available in


the license file

Green

on

All activated agents are


operational

Yellow

on

One activated agent is not


operational

Agents not configured yet,


configuration refused or
failure

Red

on

All activated agents are not


operational

Agents not configured yet,


configuration refused or
failure

Grey

off or status
not available

Infovista Server unreachable


or problem with the InfoVista
Manager and Collector, see
the log file .../InfoVista/Essentials/log/manager.log
and .../InfoVista/Essentials/log/collector.log

Services

ip|true

ip|fast

ip|xcomp

Compress

ip|xcomp
Decompress

5-6

Service stopped, status not


available

Green

on

All activated agents are


operational

Yellow

on

One activated agent is not


operational

Agents not yet configured,


configuration refused or
failure

Red

on

All activated agents are not


operational

Agents not configured yet,


configuration refused or
failure

Grey

off or status
not available

Service stopped or status is


not available

Service stopped, status not


available

Green

on

All activated agents are


operational

Yellow

on

One activated agent is not


operational

Agents not configured yet,


configuration refused or
failure

Red

on

All activated agents are not


operational

Agents not configured yet,


configuration refused or
failure

Grey

off or status
not available

Service stopped or status is


not available

Service stopped, status not


available

Green

on

All activated agents are


operational

Yellow

on

One activated agent is not


operational

Ipanema Technologies

Agents not configured yet,


configuration refused or
failure

June 2009

Ipanema System supervision

ip|xtcp

ip|xapp

Red

on

All activated agents are not


operational

Agents not configured yet,


configuration refused or
failure

Grey

off or status
not available

Service stopped or status is


not available

Service stopped, status not


available

Green

on

All activated agents are


operational

Yellow

on

One activated agent is not


operational

Agents not configured yet,


configuration refused or
failure

Red

on

All activated agents are not


operational

Agents not configured yet,


configuration refused or
failure

Grey

off or status
not available

Service stopped or status is


not available

Service stopped, status not


available

Green

on

All activated agents are


operational

Yellow

on

One activated agent is not


operational

Agents not configured yet,


configuration refused or
failure

Red

on

All activated agents are not


operational

Agents not configured yet,


configuration refused or
failure

Grey

off or status
not available

Service stopped or status is


not available

Service stopped, status not


available

Status information

June 2009

Ipanema Technologies

5-7

Ipanema System

5. 2. 2. Domains (monitoring the Domains status)


In the Toolbar, select
Domain to change Domain or check the status of all the Domains you
have an access to at a glance.
This icon is displayed only for users who have an access to several Domains.

The Domain window is displayed.

Domain window

Clicking on a line selects the corresponding Domain.


The colors of the lines show the global status of the Domains:
A blank line is either a fully working Domain or a deactivated Domain (the ip|engines
have not been enabled globally).
An orange line is a Domain with some down status (but not all).
A red line shows a Domain with all status down.
The color of a selected line turns blue (whatever its previous color).

5-8

For each Domain, a synthesis of the status of the ip|engines, measurement (ip|true),
optimization (ip|fast), compression and decompression (ip|xcomp) and synchronization
(ip|sync) is displayed, as well as the total throughput on the Domain and the total number of
active flows.

Ipanema Technologies

June 2009

Ipanema System supervision

5. 2. 3. ip|engine status (monitoring ip|engines activity)


Operating procedure table: Management
In the Supervision Toolbar, select

ip|engine Status.

The ip|engine Status window is displayed.

ip|engine Status window

5. 2. 3. 1. ip|engine status window


The ip|engine Status window gives the following information on each ip|engine:

ip|engine: name of the ip|engine,


Status: administrative status of each ip|engine:
up: the ip|engine is operational,
down: the ip|engine is not operational:
down - unreachable: the system cannot see the ip|engine, it is periodically
interrogated,
down - not configured: the ip|engine can be seen, but it has not been
configured. Periodic attempts of reconfiguration are made,
down - not started: the ip|engine can be seen but has not started correctly. It
is periodically restarted,

Optimization: optimization status:


up: the optimization service is operational for the ip|engine,
down: the optimization service is not operational,
nothing: the optimization service is not available,

Compress: compress status:


up: the compression service is operational for the ip|engine,
down: the compression service is not operational,
nothing: the compression service is not available for the ip|engine,

Decompress: Decompress status:


up: the decompression service is operational for the ip|engine,
down: the decompression service is not operational,
nothing: the decompression service is not available for the ip|engine,

Discovery: discovery status:


up: the discovery agent is running on the ip|engine,
nothing: no discovery agent is not running,

Synchronized: time synchronization status:


yes: the ip|engine is synchronized,
no: the ip|engine is not synchronized,

Overload: overload status:


yes: the ip|engine is overloaded, the WAN traffic exceeds the ip|engine specifications
(see the ip|engine characteristics),
no: the ip|engine is not overloaded,

June 2009

Ipanema Technologies

5-9

Ipanema System

CPU (%): ip|engine load average during the last collect period,
Satellites: number of satellites seen and used for synchronization,
Source: synchronization source (GPS or ITP (Ipanema Time Protocol)),
Server: name of the synchronization server or n/a (not available),
LAN status: LAN interface status of ip|engine:
up: Ethernet interface is link Up,
down: Ethernet interface is link Down.

WAN status: WAN interface status of ip|engine:


up: Ethernet interface is link Up,
down: Ethernet interface is link Down.
Its possible to modify the columns displayed by the menu Display/Choose columns.

5-10

Ipanema Technologies

June 2009

Ipanema System supervision

5. 2. 3. 2. ip|engine supervision details


By double clicking on the ip|engine line in the status window, the window ip|engine Status is
displayed.

ip|engine status details window


This window gives the following information for the selected ip|engine:

ip|engine : name of the ip|engine,


Status: administrative status of the ip|engine :
up: the ip|engine is operational,
down: the ip|engine is not operational:
down - unreachable: the system cannot see the ip|engine, it is periodically
interrogated,
down - not configured: the ip|engine can be seen, but it has not been
configured. Periodic attempts of reconfiguration are made,
down - not started: the ip|engine can be seen but has not started correctly. It
is periodically restarted,

Optimization: optimization status:


up: the optimization service is operational for the ip|engine,
down: the optimization service is not operational,

June 2009

Ipanema Technologies

5-11

Ipanema System

nothing: the optimization service is not available,

Compress: compress status:


up: the compression service is operational for the ip|engine,
down: the compression service is not operational,
nothing: the compression service is not available for the ip|engine,

Decompress: Decompress status:


up: the decompression service is operational for the ip|engine,
down: the decompression service is not operational,
nothing: the decompression service is not available for the ip|engine,

Discovery: synchronization status:


yes: a discovery agent is running on the ip|engine,
nothing: no discovery agent is running on the ip|engine,

Overload: overload status:


yes: the ip|engine is overloaded, the WAN traffic exceeds the ip|engine specifications
(see the ip|engine characteristics),
no: the ip|engine is not overloaded,

CPU (%): ip|engine load average during the last collect period,
Satellites: number of GPS satellites seen and used for the time synchronization,
Version : ip|agent software version and type release of the ip|engine,
Source: synchronization source (GPS or ITP (Ipanema Time Protocol)),
Server: name of the synchronization server on n/a (not available),
Offset (ms): estimated synchronization offset from GPS and ITP server (time difference
between synchronizing and synchronized units),
Delay (ms): average round trip delay between the ip|engine and ITP server,
Frequency (ppm): local oscillator free running frequency difference with the synchronization
source,
LAN status: LAN interface status of ip|engine:
up: Ethernet interface is link Up,
down: Ethernet interface is link Down,

LAN (configured type): Ethernet configuration of the LAN interface of ip|engine:


auto, 10HD, 10FD, 100HD, 100FD, 1000FD,

LAN (detected type): Ethernet current state of the LAN interface of ip|engine (it should be
compatible with the previous field):
auto, 10HD, 10FD, 100HD, 100FD, 1000FD,

LAN (received bytes): number of bytes received on the LAN interface of the ip|engine,
LAN (sent bytes): number of bytes sent on the LAN interface of the ip|engine,
LAN (received packets): number of packets received on the LAN interface of the ip|engine,
LAN (sent packets): number of packets received on the LAN interface of the ip|engine,
LAN (collisions): number of collisions on the LAN interface of the ip|engine,
LAN (error frames) : number of frames error on the LAN interface of the ip|engine,
WAN status: WAN interface status of the ip|engine:
up: Ethernet interface is link Up,
down: Ethernet interface is link Down,

WAN (configured type): Ethernet configuration of the WAN interface of the ip|engine:
auto, 10HD, 10FD, 100HD, 100FD, 1000FD,

WAN (detected type): Ethernet current state of the WAN interface of the ip|engine (it should
be compatible with the previous field and with the LAN detected type):
auto, 10HD, 10FD, 100HD, 100FD, 1000FD,

5-12

Ipanema Technologies

June 2009

Ipanema System supervision

WAN (received bytes): number of bytes received on the WAN interface of the ip|engine,
WAN (sent bytes): number of bytes sent on the WAN interface of the ip|engine,
WAN (received packets): number of packets received on the WAN interface of the ip|engine,
WAN (sent packets): number of packets received on the WAN interface of the ip|engine,
WAN (collisions): number of collisions on the WAN interface of the ip|engine,
WAN (error frames): number of frame errors on the WAN interface of the ip|engine,
Measure (diagnostics): last diagnostic message of ip|true of the ip|engine (Alarm in the
real-time flows list is at yes):
OutOfTicket: there are no more up tickets,
OutOfBuffer: the driver is overloaded,
WanOverload: the packets received by the ip|engine on its WAN interface are more
than it is capable of handling,
TooManyFlow: the maximum number of sessions has been reached (depends on the
ip|engine range),
PktOverload: Ethernet RX overrun,
CPUOverload: CPU overrun,
LanIntfDown: the LAN interface of the ip|engine is down,
WanIntfDown: the WAN interface of the ip|engine is down
OutOfAppCnx: the maximum number of sessions of the application recognition syntax
engine has been reached.

Optimization (diagnostics) : last diagnostic message of ip|fast of the ip|engine (Alarm in the
real-time flows list is at yes):
ip|fast unreachable from ip|true: ip|fast is not working (transitory state),
ip|engine set in parallel mode: ip|fast was started on an ip|engine set in parallel mode,
current state is xxxx (where xxxx can be Initial, Configuring, Configured, Stopping,
Resetting or Unknown): ip|fast has not been started while it should have been; ip|true
tries to start it until it succeeds (transitory state).

Compression (diagnostics): there is no diagnostic message of ip|xcomp Compress to


date.
Decompression (diagnostics): there is no diagnostic message of ip|xcomp Decompress
to date.
Discovery (diagnostics): there is no diagnostic message of the Discovery function to date.
Synchronization (diagnostics): there is no diagnostic message of ip|sync to date.
Alarm (diagnostics): this field will always be empty.
The counters show the delta between two polls (by default 1 minute), its not a
cumulative value
if the ip|engine is connected in parallel mode, only the LAN counters are significant.

June 2009

Ipanema Technologies

5-13

Ipanema System

5. 2. 4. Supervision Maps (monitoring ip|engines activity)


Operating procedure table: Management
In the Supervision Toolbar, select

Supervision maps.

The ip|engine Supervision Maps window is displayed.

ip|engine Supervision Maps window


The supervision maps show in a glance the behavior of all ip|engines. These graphical views use
squares with a size depending on the ip|engine model (depending on their hardware capabilities),
and a color depending on the supervision status.
At each collect from the ip|engines, the map is refreshed.

This window contains:

the map itself, with a square for each ip|engine, the size depends on the ip|engine hardware
model, and a color in order to give a quick synthetic view of the supervision status:
Red: when Status is down (ip|engine not reachable), or when one of the following
functions: Measure, Optimization, Compression, Decompression is down, not
started, not configured or not updated (after three trials of update),
Yellow: when not Synchronized, and/or Overloaded and/or Updating (update of
configuration running),
Green: all status are OK (Status, Measure, Optimization if used, Compression if used,
Decompression if used and Synchronization).

5-14

: to consult the global supervision status,

: to export in a text file the list of supervision status,

: to consult the detailed supervision status (refer to the supervision details above),

: to zoom in the map,

: to zoom out of the map,

: to reset the zoom (zooms out to the top level),

Ipanema Technologies

June 2009

Ipanema System supervision

: to show the label inside the squares,

: to show the label on the top of the squares,

: to show the help.

By moving the mouse on the square, a contextual text shows the supervision status:

ip|engine Supervision Maps window

ip|engine: host name,


Model: ip|engine range,
Status: reachability of ip|engine,
Measure: status of ip|true function,
Optimization: status of ip|fast function,
Compression: status of ip|xcomp function for compression,
Decompression: status of ip|xcomp function for decompression,
Acceleration: status of ip|xtcp function,
Protocol acceleration: status of ip|xapp function,
Discovery: status of discovery function,
Synchronization: status of ip|sync function.
Overload: status of ip|engine usage, if overload the ip|engine WAN throughput exceeds the
specification of the hardware.

June 2009

Ipanema Technologies

5-15

Ipanema System

5. 2. 5. Security (monitoring security certificate)


Operating procedure table: Management
In the System provisioning Toolbar, select

Tools and go to the Security status tab.

The Security status is displayed:

Security status window


Click on the Status button to see the certificate name in use on the ip|engines.
This window contains the list of ip|engines and the Certificate name containing the security
elements applied on them. These files are those created in the Security Configuration window.
Unreachable means that the ip|engine is not reachable.

5-16

Ipanema Technologies

June 2009

Ipanema System supervision

5. 3. SYSTEM PROVISIONING: TOOLS


5. 3. 1. Rebooting
Operating procedure table: Management
In the System provisioning Toolbar, select

Tools and go to the Reboot tab.

The Reboot window is displayed:

Reboot window
This window contains:

the list of ip|engines,


the following command buttons:
Select all: selects all the ip|engines,
Reboot: all the selected ip|engines receive a reboot order.

June 2009

Ipanema Technologies

5-17

Ipanema System

5. 3. 2. Scripts
Operating procedure table: Management
This tool is to be used with the Ipanema Technologies Support.
In the System provisioning Toolbar, select

Tools and go to the Scripts tab.

Scripts window
The window comprises the input fields:

ip|engine: list of all ip|engines of the Domain,


Script: list of the available scripts. These scripts are in the directory ~/ipboss/server/scripts
commands buttons:
Launch: to send up the script to the selected ip|engines of the list. A confirmation
window is displayed. According to the number of selected ip|engines, a message
appears This can take a long time... . The results will be located in the directory
~/salsa/ipboss/server/domains/<Domain Name>/temp/ipanema-dump/<date-time>,
after the Launch button is pressed and confirmed, no information is available
to know if the script is executed on the ip|engines or not; for this, check on
the result directory.
Close: close the window.
The name of the script files are suffixed .ipmscp.
The name of the result files are suffixed .ipmres.

The result files are given in a tree structure where the root is
~/salsa/ipboss/server/domains/<domain_name>/temp/Ipanema-dump/<date-time>
format: yymmdd-hhmm).
Three sub-directories are created for each Launch:

5-18

(date-time

ipboss: contains the current configuration and the log file of ip|boss,

Ipanema Technologies

June 2009

Ipanema System supervision

ipengine: contains the result file (format: <alias or @ip address of the ipengine>.ipmres),
script: contains the used script file. This file is encoded (.ipmscp). An ipengine.txt is associated
to the script file and contains the list of dumped ip|engines (alias+@ip).

The user can send these directories in a zipped file (by E-mail or FTP to Ipanema Technologies
support (support@ipanematech.com)).
Different script files are available. The main ones are :

default.ipmscp: dumps all information in the ip|engine, reserved for the support,
flows.ipmscp: dumps all flows in the ip|engine,
gpsinfo.ipmscp: dumps the synchronization information about the GPS receiver,
ipconfig.ipmscp: dumps information about the IP and Ethernet settings of the ip|engine,
check iptrue.ipmscp: dumps information about ip|true, reserved for the support,
check ipfast.ipmscp: dumps information about ip|fast, reserved for the support,
check ipxcomp.ipmscp: dumps information about ip|xcomp, reserved for the support,
check itp.ipmscp: dumps information about ip|sync synchronization, reserved for the support,
restart iptrue.ipmscp: restarts ip|true agent, reserved for the support,
restart ipfast.ipmscp: restarts ip|fast agent, reserved for the support,
restart ipxcomp.ipmscp: restarts ip|xcomp agent, reserved for the support,
restart itp.ipmscp: restarts ip|sync agent, reserved for the support,
process.ipmscp: dumps information about the process running, reserved for the support.

June 2009

Ipanema Technologies

5-19

Ipanema System

5. 4. IP|BOSS LOGS
Operating procedure table: Management
In the Supervision Toolbar, select

Log.

The Log window is displayed.

Log window
This window contains:

5-20

the list of Supervision events (on ip|engines, ip|reporter server....) with a time stamping,
the list of Traffic alarming events (on Metaviews) with a time stamping (only if it has been
activated in Options / Activation).

Ipanema Technologies

June 2009

CHAPTER 6. USING SERVICES


Document organization
To run a measure or optimization session, you must start ip|boss.
For more information, refer to table "Operating procedure".
A session can be started or stopped whatever the service used - ip|true (measurement), ip|fast
(optimization), ip|coop (virtual cooperation), ip|xcomp (compression), ip|xtcp (TCP acceleration),
ip|xapp (application acceleration) and smart|plan (smart planning reports).

6. 1. STARTING AND STOPPING A SESSION


6. 1. 1. Starting a session
Operating procedure table: ip|true service, ip|fast service, ip|coop service, ip|xcomp service,
ip|xtcp service, ip|xapp service, smart|path service, smart|plan service.
From the Toolbar, select

Service activation.

In the Service activation window that opens, select ip|engines: on:

The start of a session of measurement, optimization, compression or acceleration begins by a


check of the configuration. In case of error, ip|boss shows a warning.
Check that the indicator lights in the Main window turn green (after a few seconds), refer to Table:
status information for information on the meaning of indicator lights that remain red.
When a session starts, ip|true (measurement) is automatically activated on the
ip|engines of the Domain.

June 2009

Ipanema Technologies

6-1

Ipanema System

in case of failure of ip|boss or of the server, at the next start of ip|boss, the session
will be on the same state (automatic restart if it was started, or stop if it was stopped).

6. 1. 2. Stopping a session
Operating procedure table: ip|true service, ip|fast service, ip|coop service, ip|xcomp service,
ip|xtcp service, ip|xapp service, smart|path service, smart|plan service.
A session can be stopped on the ip|engines by the Toolbar,

Service activation.

In the Service activation windows that opens, select ip|engines: off:

Stopping a session will stop all functions of the system (ip|true (measurement), ip|fast,
ip|xcomp, ip|coop, ip|xtcp, ip|xapp, smart|path, smart|plan).

Check that the indicator lights on the status zone turn to black.

6-2

Ipanema Technologies

June 2009

Using services

6. 2. LOGIN: CHANGING USER PASSWORD


Operating procedure table: Management
The user can modify his password by the Toolbar,

User settings.

The User settings window is displayed:

User settings window


This window contains:

Password: user password for the current session,


New password: new password for the next session,
Confirm New password: confirm the new password for the next session,

June 2009

Ipanema Technologies

6-3

Ipanema System

6. 3. DYNAMICALLY MODIFYING A SESSION


The user can dynamically modify some current session settings without stopping the system.
The table below lists the ip|boss system components and services that are accessible with the
current configuration running, where:

A: means that the modifications made by a user of the service are automatically applied,
U: means that the user has to use Update to apply the modifications made.

Table Dynamically modifying a session: ip|true service, ip|fast service, ip|xcomp service,
ip|coop service, ip|xtcp service, ip|xapp service.
Components

Services

Dynamic

Login

Login/User Settings

Update

Help

User

Automatic reporting

Security/Generation

Security/Configuration

ip|engines

Topology Subnets

WAN access

Coloring

ip|sync

Other

Manager
System

System
Administration

System
provisioning

Tools/Software
grade

6-4

up-

Not available with the system


shut down

None cannot be suppressed

Tools/Reboot

Tools/Script

Tools/Security status

Ipanema Technologies

June 2009

Using services

Components

Services

Dynamic

Other

Service activation

Enable ip|engines

start the session

Disable ip|engines

stop the session

Enable ip|fast

Disable ip|fast

Enable ip|xcomp

Disable ip|xcomp

Enable ip|coop

Disable ip|coop

Enable ip|xtcp

Disable ip|xtcp

Enable ip|xapp

Disable ip|xapp

ip|engines status

Supervision map

Log

Options/Activation

Options/Mail

Options/Trap

User subnets

Applications

TOS

User Class

other cannot be suppressed

QoS profile

Default cannot be suppressed

Local Traffic Limiting

Maps

Realtime

Discovery

Metaview

ip|reporter

Alarming

Supervision

Application
provisioning

Helpdesk

Reporting

Whether for a Start or an Update, the configuration is checked to inform the user that resources
(Domains and services) are referenced even though they are not configured in the directories or
dictionaries. As long as the check is not OK, no Start or Update operation can be performed on
ip|engines. The check operation accepts configurations with empty dictionaries or directories.

June 2009

Ipanema Technologies

6-5

Ipanema System

6. 3. 1. Update procedure
Operating procedure table: ip|true service, ip|fast service, ip|coop service, ip|xcomp service,
ip|xtcp service, ip|xapp service, smart|path service, smart|plan service, ip|sync service.
In the Toolbar, select

Update.

The Update option performs the following steps:

checks the configuration,


archives the old configuration (__active__.ipmconf.bak) with its date and time and user
in the file name (__active__.<YYYYMMDDhhmmss>.<User>.undo.ipmconf; the 50 most
recent archives are kept),
saves the current configuration (__active__.ipmconf) as the old configuration
(__active__.ipmconf.bak),
saves the new configuration as the current configuration (__active__.ipmconf),
releases the locked resources (during an edit of it),
applies the new configuration to each ip|engine with an immediate application request.
applies the new configuration to ip|reporter (if some reporting modifications were made).

If some ip|engines do not apply the new configuration, ip|boss automatically reconfigures these
ip|engines. The status indicator is yellow and shows either:

not configured: some ip|engines refuse the new configuration,


not updated: some ip|engines have received the new configuration, but refused it.

ip|boss systematically sends a complete configuration file to the ip|engines of the Domain.

6. 3. 2. Transition
In the ip|engines reconfiguration phase, some ip|engines must measure, optimize and compress
on the basis of different configurations. In addition, as an SNMP agent must take the new
configuration into account (after Update), it may receive measurement results for the previous
configuration. Different problems can arise:

an application dictionary entry is suppressed,


a TOS dictionary entry is suppressed,
an ip|engine directory entry is suppressed,
a subnet directory entry is suppressed.

For suppressed dictionary entries, reports on the previous configuration (i.e. with old aggregate
application or TOS values) are automatically classified in other by ip|boss. There is no retroactive
effect on measurement data that may have been saved in ip|reporter.
For suppressed subnet directory entries, reports on the previous configuration (i.e. with old subnet
values) are automatically rejected by ip|boss.
For suppressed ip|engine directory entries, reports on the previous configuration (i.e. with old
ip|engine values) are automatically rejected by ip|boss.
For suppressed ip|engine directory entries, the ip|engines that have disappeared are stopped.
However, the stop signal may not reach the ip|engines concerned after 10 attempts spaced out
over the recovery interval configured in the system, the stop operation is abandoned by the
manager and the user is informed.

6-6

Ipanema Technologies

June 2009

Using services

6. 4. SERVICE ACTIVATION
6. 4. 1. ip|true (measurement)
Operating procedure table: ip|engines Enabled, ip|engines Disabled
Stopping ip|true will stop all other functions of the system (ip|fast, ip|xcomp, ip|coop,
ip|xtcp, ip|xapp, smart|path, smart|plan). Refer to the section Stopping a session.

The measurement mechanisms are designed to measure precisely all flows crossing the
ip|engines and to provide comprehensive metrics (volume and quality).
ip|true is enabled, if:

Administrative stare: enable is checked in the ip|engines creation window (Services frame):

ip|engine creation window, Services frame


(The display window shows a green tip in front of the line:)

ip|engines display window

ip|engines are enabled in the Service activation window


session):

(refer to the section Starting a

Service activation window

June 2009

Ipanema Technologies

6-7

Ipanema System

Modifying quality (AQS) measurement settings


Depending on the results obtained, you can modify some settings. To access the options, refer to
the table Dynamically modifying a session. The settings you may need to modify are:

Applications

User Subnets

QoS profiles

Metaviews

User Classes

Reports

TOS

6-8

Ipanema Technologies

June 2009

Using services

6. 4. 2. ip|fast (optimization)
Operating procedure table: optimization Enabled, optimization Disabled
The optimization mechanisms are designed to find the best compromises to reach QoS objectives
and take express customer requirements into account:

QoS objectives are expressed in terms of "physical" constraints (delay, jitter, loss rate, etc.),
customer policies are expressed in terms of classes, defining relative traffic criticality.

ip|fast is enabled, if:

ip|fast is enabled in the license file,


ip|fast is checked in the ip|engines creation window ( Services frame):

ip|engine creation window, Services frame


(The ip|engines display window shows yes in the optimization column:)

ip|engines display window

the User Classes have been configured,


not mandatory, the Coloring offered by the operator has been configured (only for a network
with Classes of Service),
ip|engines have been started (Service activation window, ip|engines: on),

optimization is activated in the Service activation window:

ip|fast: on:

Service activation window


At this stage, optimization is performed according to the specified QoS objectives.

June 2009

Ipanema Technologies

6-9

Ipanema System

Modifying optimization settings


Depending on the results obtained, you can modify some settings. To access the dictionaries, see
the table Dynamically modifying a session. The settings you may need to modify are:

6-10

Applications

User Subnets

QoS profiles

LTL

User Classes

Coloring

TOS

WAN access

Ipanema Technologies

June 2009

Using services

6. 4. 3. ip|coop (virtual cooperation)


Operating procedure table: cooperation Enabled, cooperation Disabled
The cooperation mechanisms are designed to optimize the traffic to a site which is not equipped
with a physical ip|engine as efficiently as possible. To achieve this, a remote coordination group
(RCG), that contains the main sources of traffic to that site, is automatically and dynamically
configured by ip|boss; the RCG can contain up to 8 physical ip|engines. Each virtual ip|engine
has its own RCG.
ip|coop is enabled, if:

ip|coop is enabled in the license file,


ip|fast is checked in the ip|engines creation window ( Services frame):

ip|engine creation window, Services frame


(The ip|engines display window shows yes in the optimization column:)

ip|engines display window

If ip|fast is not checked for a virtual ip|engine, the latter will be optimizing (as long as
ip|fast is enabled globally), as it is the remote physical ip|engines which actually do
it, but without ip|coop (that is, without the remote physical ip|engines cooperating
to optimize the site with the virtual one).

ip|engines have been started (Service activation window, ip|engines: on),


optimization has been started (Service activation window, ip|fast: on),

ip|coop is activated in the Service activation window:

ip|coop: on.

Service activation window

June 2009

Ipanema Technologies

6-11

Ipanema System

If ip|coop is not enabled, virtual ip|engines will still measure and optimize the traffic,
with the following restriction:

measure: the traffic will be measured and reported exactly the same,
optimization: the traffic will be optimized with no Remote Coordination Group, each
physical ip|engine managing the flows to and from the unequipped sites on its own,
without coordination with the other physical ip|engines communicating with this site.

Modifying virtual cooperation settings


There are no settings that are specific to ip|coop (table Modifying a session dynamically).

6-12

Ipanema Technologies

June 2009

Using services

6. 4. 4. ip|xcomp (compression)
Operating procedure table: compression Enabled, compression Disabled
The compression mechanisms are designed to use as much bandwidth as possible, but still taking
the optimization parameters into account.
ip|xcomp is enabled, if:

ip|xcomp is enabled in the license file,


ip|xcomp compress and/or ip|xcomp decompress is/are checked in the ip|engines window
(Services frame ip|fast must be checked first):

ip|engine creation window, Services frame


(The ip|engines display window shows yes in the compress and/or decompress columns:)

ip|engines display window

the User Classes have been configured (Compress must be checked),

User class creation window

ip|engines have been started (Service activation window, ip|engines: on),


optimization has been started (Service activation window, ip|fast: on),

compression is activated in the

June 2009

Service activation window: ip|xcomp: on:

Ipanema Technologies

6-13

Ipanema System

Service activation window


At this stage, compression is performed according to the User class set up.
Modifying compression settings
Depending on the results obtained, you can modify some settings. To access to the dictionaries,
see the table Modifying a session dynamically. The settings you may need to modify are:

ip|engines

6-14

User Classes

Ipanema Technologies

June 2009

Using services

6. 4. 5. ip|xtcp (TCP acceleration)


Operating procedure table: TCP acceleration Enabled, TCP acceleration Disabled
The TCP acceleration mechanisms are designed to accelerate the traffic between sites with a high
RTT and/or a high available bandwidth.
ip|xtcp is enabled, if:

ip|xtcp is enabled in the license file,


ip|xtcp is checked in the ip|engines creation window (Services frame ip|fast must be
checked first):

ip|engine creation window, Services frame

the User Classes have been configured (Accelerate must be checked):

User class creation window

ip|engines have been started (Service activation window, ip|engines: on),


optimization has been started (Service activation window, ip|fast: on),

TCP acceleration is activated in the Service activation window:

ip|xtcp: on:

Service activation window

June 2009

Ipanema Technologies

6-15

Ipanema System

Modifying acceleration settings


Depending on the results obtained, you can modify some settings. To access to the dictionaries,
see the table Modifying a session dynamically. The setting you may need to modify is:

ip|engines

6-16

User Classes

Ipanema Technologies

June 2009

Using services

6. 4. 6. ip|xapp (application acceleration)


Operating procedure table: application acceleration Enabled, application acceleration Disabled
The application acceleration mechanisms are designed to accelerate CIFS traffic between sites
with a high RTT and/or a high available bandwidth.
ip|xapp is enabled, if:

ip|xapp is enabled in the license file,


ip|xapp is checked in the ip|engines creation window (Services frame ip|fast must be
checked first):

ip|engine creation window, Services frame

ip|engines have been started (Service activation window, ip|engines: on),


optimization has been started (Service activation window, ip|fast: on),

application acceleration is activated in the Service activation window:

ip|xapp: on:

Service activation window


Modifying acceleration settings
Depending on the results obtained, you can modify some settings. To access to the dictionaries,
see the table Modifying a session dynamically. The setting you may need to modify is:

ip|engines

June 2009

Ipanema Technologies

6-17

Ipanema System

6. 4. 7. smart|plan
Operating procedure table: Smart Planning Enabled, Smart Planning Disabled
Ipanema Technologies Smart planning reports provide easy-to-use data for Capacity Planning
optimization. Smartplanning generates very high added value data enabling a complete analysis
for each network access of the relationship between Traffic (resource) and delivered service
level (results). Using this automatically generated data, it is immediately possible to identify if the
access link is under-provisioned or over-provisioned in regard of the expected service level per
applications business criticality.
smart|plan is enabled, if:

smart|plan is enabled in the license file,


smart|plan is checked in the ip|engines creation window (Services frame ip|fast must be
checked first):

ip|engine creation window, Services frame

ip|engines have been started (Service activation window, ip|engines: on),


optimization has been started (Service activation window, ip|fast: on),

smart|plan is activated in the Service activation window:

smart|plan: on:

Service activation window

6-18

Ipanema Technologies

June 2009

Using services

6. 5. HELPDESK
6. 5. 1. Link supervision
Operating procedure table: ip|true service, ip|fast service, ip|xcomp service, ip|coop service,
ip|xtcp service, ip|xapp service.
In the Helpdesk Toolbar, select

Link supervision.

The Link supervision window is displayed:

Link supervision window


This window contains:

a table, with each sites link shown on a separate line,


the following buttons:

: to consult information on the selected sites link (highlighted) in a pop up window,

: to open the real time monitored flows list for the selected sites link (highlighted),
in both directions, in a new tab,

: to open the real time monitored flows list for the selected sites ingress link
(highlighted), in a new tab,

: to open the real time monitored flows list for the selected sites egress link
(highlighted), in a new tab,

: to switch between average and worst AQS (color) in the Usage bars,

: to export in a text file the list of sites links,

: to show the help.


,

June 2009

and

: refer to Analyzing Real-Time monitored flows below.

Ipanema Technologies

6-19

Ipanema System

Table columns description (the order is the default one; it can be changed using the Display menu):
Site

if only one WAN access is declared on the ip|engine monitoring the link,
the name of the Site is the name of the ip|engine
if several WAN accesses are declared, the name of the Site is the
association of the name of the ip|engine with the identifier of the link
(NAP Id)

Ingress WAN Access

maximum ingress throughput allocated at the WAN interface of the CPE


(in kbps), as defined in the WAN access Ingress (LAN to WAN) max
Bandwidth field

Ingress Usage

percentage of used ingress bandwidth during the last minute; the color of
the bar indicates the quality (AQS, see below): green = good, yellow =
average, red = bad, grey = not computed

Ingress AQS

Application Quality Score of the ingress link: notation (over 10 points),


calculated as an average balance on the color volume percentage, each
color being weighted differently:

Green: 10 points
Yellow: 5 points
Red: 0 point

The AQS can take any value in between 0 and 10 (e.g. 9.87), and can be
interpreted like this:

This is only a typical interpretation of the AQS with typical


parameters it may vary according to the users sensibility and
according to the QoS profile parameters.
100 is a reserved value used when the AQS cannot be computed.
The quality of a flow cannot be computed when ALL three following
conditions are met:

6-20

it is a real time flow (the bandwidth is not a criteria) or the bandwidth


objective of the flow is not met (the quality is measured thanks to the
other parameters),
the flow is not qualified (D/J/L cannot be measured),
the flow runs over UDP (RTT, TCP retransmission and SRT cannot be
measured either) or those parameters are not activated in the QoS profile.

Egress WAN Access

maximum egress throughput allocated at the WAN interface of the CPE


(in kbps), as defined in the WAN access Egress (WAN to LAN) max
Bandwidth field

Egress Usage

percentage of used egress bandwidth during the last minute; the color of
the bar indicates the quality (AQS, see below): green = good, yellow =
average, red = bad, grey = not computed

Egress AQS

Application Quality Score of the egress link (AQS definition: see Ingress
AQS above)

Ipanema Technologies

June 2009

Using services

Columns that can be added through the Display / Choose column menu:
ip|engine

name of the ip|engine monitoring the link

napId

Network Access Point identifier: when only one WAN access is declared on
a Site, it will always be 1; when several WAN accesses are declared (up to
three), the napId identifies them (the value, 1, 2 or 3, corresponds to WAN
access 1, WAN access 2 and WAN access 3 respectively, as declared
in the ip|engine creation window)

Ingress Usage Max

maximum percentage of used ingress bandwidth since ip|boss was last


started

Egress Usage Max

maximum percentage of used egress bandwidth since ip|boss was last


started

June 2009

Ipanema Technologies

6-21

Ipanema System

6. 5. 2. Real-Time flows
During a session, the operator can analyze real-time flows (optimized or not), via the Helpdesk
Toolbar,

Real-time.

6. 5. 2. 1. Analyzing Real-Time monitored flows


Operating procedure table: ip|true service, ip|fast service, ip|xcomp service, ip|coop service,
ip|xtcp service, ip|xapp service.
In the Helpdesk Toolbar, select

Real-time.

The Real-time monitored flows window is displayed:

Real-time monitored flows window


This window contains:

a table, with each active flow shown on a separate line. A flow becomes active and is shown in
the window as soon as a packet belonging to it is detected during the session,
the following buttons:

: to get information on the selected flow (highlighted) in graph form,


/

: to show all the flows (active and past) / the active flows only,

: to export in a text file the list of flows,

: to go to the previous page.

: to go to the next page.

: to show the help.

The color of the first column indicates the quality (AQS, see below): yellow = average, red = bad.
The parameter (delay, jitter, loss, etc.) that triggered an average or a bad quality is also highlighted
with the same color, so that one can easyly find which parameters objective was not met (yellow)
or which parameters maximum was exceeded (red).
Table columns description (the order is the default one; it can be changed using the Display menu):

6-22

Ipanema Technologies

June 2009

Using services

The same metrics are used in the reports, with the same definitions. Yet, in the
reports, other metrics and symbols are also used: you can find their definitions in 7.3.4.
Definitions.

Last updated

UTC date for the most recently monitored packet

Ingress

name of the ip|engine upstream of the flow

Egress

name of the ip|engine downstream of the flow

Source

source subnet name (according to the User Subnet directory)

Destination

destination subnet name (according to the User Subnet directory)

Application

application name

TOS/CP

TOS name

User class

User class in which the flow is classified

Criticality

criticality level for the flow

Compression

compression state of the flow

AQS

Application Quality Score of the flow: notation (over 10 points), calculated


as an average balance on the color volume percentage, each color being
weighted differently:

Green: 10 points
Yellow: 5 points
Red: 0 point

The AQS can take any value in between 0 and 10 (e.g. 9.87), and can be
interpreted like this:

This is only a typical interpretation of the AQS with typical


parameters it may vary according to the users sensibility and
according to the QoS profile parameters.
100 is a reserved value used when the AQS cannot be computed.
The quality of a flow cannot be computed when ALL three following
conditions are met:

LAN Throughput

June 2009

it is a real time flow (the bandwidth is not a criteria) or the bandwidth


objective of the flow is not met (the quality is measured thanks to the
other parameters),
the flow is not qualified (D/J/L cannot be measured),
the flow runs over UDP (RTT, TCP retransmission and SRT cannot be
measured either) or those parameters are not activated in the QoS profile.

level 3 flow, all IP packets (in kbps) sent on upstream side (measured on
the LAN port of the source ip|engine)

Ipanema Technologies

6-23

Ipanema System

LAN Goodput

level 4 flow, measure of effective transmitted throughput (in kbps)


received on the downstream side (payload of the TCP and UDP packets;
retransmitted, out of sequence and lost packets are not counted)

LAN Packet loss

rate of instantaneous loss (in %) (measured between the LAN port of the
source ip|engine and the LAN port of the destination ip|engine)

LAN Min delay

minimum LAN-to-LAN transit time (in ms)

LAN Avg delay

average LAN-to-LAN transit time (in ms)

LAN Max delay

maximum LAN-to-LAN transit time (in ms)


the LAN delay (= LAN-to-LAN transit time) is the transit time (in ms)
measured between the LAN port of the source ip|engine and the LAN
port of the destination ip|engine.

LAN Jitter

delay variation (in ms) (measured between the LAN port of the source
ip|engine and the LAN port of the destination ip|engine)

LAN Sessions

number of sessions, represented by the averaged activity for the duration


of the Correlation Record (by default: T = 1 minute).
For example, 2 sessions running during T plus 3 sessions running during
half this period of time will give 3.5 sessions (2 x 1 + 3 x 0.5).
A session is identified by the following parameters:

for TCP or UDP: source address, destination address, protocol (TCP or


UDP), source port and destination port.
for others protocols over IP (for example ICMP): source address,
destination address, protocol.

WAN Throughput

level 3 flow, all IP packets (in kbps) sent on upstream side (measured on
the WAN port of the source ip|engine)

WAN Packet loss

rate of instantaneous loss (in %) (measured between the WAN port of the
source ip|engine and the WAN port of the destination ip|engine)

WAN Min delay

minimum WAN-to-WAN transit time (in ms)

WAN Avg delay

average WAN-to-WAN transit time (in ms)

WAN Max delay

maximum WAN-to-WAN transit time (in ms)


the WAN delay (= WAN-to-WAN transit time) is the transit time (in ms)
measured between the WAN port of the source ip|engine and the WAN
port of the destination ip|engine

WAN Jitter

delay variation (in ms) (measured between the WAN port of the source
ip|engine and the WAN port of the destination ip|engine)

Accuracy

precision of the current measure: high (synchronized), low (not


synchronized),

Alarm

this field indicates, when at yes, the presence of an alarm on the upstream
ip|engine. Check its status for further information. In case of alarm, the
correlation records are ignored.
This table is refreshed about every minute (according to the
ip|engine collect period option) if it is not frozen.

SRT Min

6-24

shortest Server Response Time

Ipanema Technologies

June 2009

Using services

SRT Avg

average Server Response Time

SRT Max

longest Server Response Time


the Server Response Time measures the delay (in ms) between the last
packet sent by the client (PSH) and the acknowledgement to the first
packet received from the server (ACK) both measured from the client to
the server and reported to ip|boss by the ip|engine located on the client
side; the latter must see the two ways of the TCP connection

RTT Min

fastest Round Trip Time

RTT Avg

average Round Trip Time

RTT Max

longest Round Trip Time


the Round Trip Time is the time of establishment of a TCP connection
(3way handshake: SYN, SYN+ACK, ACK): it measures the delay (in ms)
between the SYN and the ACK both measured from the client to the
server and reported to ip|boss by the ip|engine located on the client side;
the latter must see the two ways of the TCP connection

TCP Retransmission

June 2009

number of TCP retransmissions

Ipanema Technologies

6-25

Ipanema System

6. 5. 2. 2. Graph Statistics Real-time


Select one flow in the real time window and click the
and is refreshed regularly (every 10 seconds).

icon, a new empty graph is displayed

The graph window contains four tabs, and each tab is made of 4 graphs, displayed simultaneously:
Tab

Graphs

Additional information

LAN

Delay (ms)

max (red), avg (blue), min (green)

Jitter (ms)

Packet loss (%)

Throughput (kbps)

layer 3 (blue), layer 4 (green)

Delay (ms)

max (red), avg (blue), min (green)

Jitter (ms)

Packet loss (%)

Throughput (kbps)

Avg. delay (ms)

LAN (blue), WAN (orange)

Avg. sessions

Packet loss (%)

LAN (blue), WAN (orange)

Throughput (kbps)

LAN (blue), WAN (orange)

SRT (ms)

max (red), avg (blue), min (green)

RTT (ms)

max (red), avg (blue), min (green)

Retransmission

Throughput (kbps)

layer 3 (blue), layer 4 (green)

WAN

LAN/WAN

TCP

6-26

Ipanema Technologies

June 2009

Using services

Example of tab

In case of optimization and/or compression, the differences between LAN and WAN
values might be very different.
Not all graphs are displayed for a virtual ip|engine.

If the upstream or downstream ip|engine is not synchronized, the delay, jitter and packet
loss are not displayed.

June 2009

Ipanema Technologies

6-27

Ipanema System

6. 5. 3. Discovery
Operating procedure table
In the Helpdesk Toolbar, select

Discovery.

The indicator light Discovery becomes yellow in the Main window when the Discovery is started.
The discovery function consists in creating one discovery agent for one ip|engine (one agent
maximum per ip|engine). According to the configuration rules this discovery agent will send to
ip|boss:

number of ingress packets,


number of ingress bytes,
number of ingress sessions,
number of egress packets,
number of egress bytes,
number of egress sessions,
Total percentage per throughput, packets or sessions.

detailed by:

source network address (local),


destination network address (remote),
application.

Discovery window
In addition to the other windows, some extra buttons allow to:
: start the selected discovery agent on the ip|engine,
: stop the selected discovery agent on the ip|engine,

6-28

Ipanema Technologies

June 2009

Using services

6. 5. 3. 1. Discovery agent creation


By clicking on the New button

, the creation window of Discovery agent is displayed.

Discovery agent creation window


The window contains an input zone with these fields:

ip|engine : selects the ip|engine (site) on which the Discovery agent will be running,
Name : name of the Discovery agent (not mandatory),
Network filter: a set of parameters in order to filter the information sent by the Discovery agent:
Local : radio button (according to the choice, the following fields will be enabled),
user subnet: to select a user subnet declared in the configuration,
prefix/length: to specify a subnet address not in the configuration file (for
example a host),

Name: selects in the drop-down list the user subnet in the configuration,
prefix: enter the subnet X.X.X.X,
length: subnet mask associated to the prefix (integer between 0 and 32),
out of local config.: check box; if checked, allows to display the traffic which does not
belong to the local configuration only (e.g. in transit, locally rerouted, etc.), that is, which
is not measured by the ip|engine (nor reported, except in volume in the report SA Site throughput); if the box is unchecked, all the traffic that crosses the ip|engine is
displayed,
Remote: radio button (according to the choice, the following field will be enabled),
ip|engine: to select a destination ip|engine,
user subnet: to select a destination user subnet declared in the configuration,
prefix/length: to specify a user subnet address not in the configuration file (for
example a host),

Name: selects in the drop-down list the ip|engine or user subnet in the configuration,
prefix: enter the subnet X.X.X.X,
length: subnet mask associated to the prefix (integer between 0 and 32),

June 2009

Ipanema Technologies

6-29

Ipanema System

Application filter: a set of parameters in order to filter the information sent by the Discovery
agent in terms of applications:
Type: radio button (function of the choice, the following field will be enable):
Name: to select an application declared in the configuration,
Protocol/ports: to specify a port number or a range over the protocol TCP or
UDP.
Name: selects in the drop-down list the application in the configuration,
Protocol/ports: enter the protocol and port number or range with the following format
UDP/456, UDP/456789, TCP/456 or TCP/456789 (the port can be Out of config),
Out of config: check box, allows to discover the port number classified in other for the
application.

6-30

Ipanema Technologies

June 2009

Using services

6. 5. 3. 2. Using Discovery agents


In the Toolbar, select

Discovery.

Discovery window
In the Discovery agents zone, to start an agent, select the line(s) in the list and click on the Start
button

. The status indicator (on the left of the selected line(s)) becomes green.

In the Results zone, the results of the selected and started agent(s) are displayed.
The following command buttons allow to:
: export the Results zone to a text file,

: freeze the Results zone (the new result coming from the ip|engine are not updated),

: refresh the Results zone (send a request to the ip|engine),

According to the display parameters selected in the bottom of the Results zone:

Local: source subnets


hide: the source IP addresses are not displayed (all IP addresses will be merged),
show: the source IP addresses are displayed,

Remote: destination subnets


hide: the destination IP addresses are not displayed (all IP addresses will be merged),
show: the destination IP addresses are displayed,

Application: applications
hide: the detailed applications are not displayed (all applications will be merged) ,
show: the detailed applications are displayed,

Direction: sort the traffic by direction (ingress or egress) on the ip|engine where the discovery
agent is running:
Ingress: ingress traffic (LAN -> WAN),
Egress: egress traffic (WAN -> LAN),

Sorted by: this parameter defines the sort criteria for the Top N results:
Throughput: Top N by maximum throughput usage,

June 2009

Ipanema Technologies

6-31

Ipanema System

packets: Top N by maximum packets number,


sessions : Top N by maximum sessions number,

Top : this parameter defines the maximum number of entries to display in the results zone:
20,
50,
100,

Period: refresh period:


10 seconds,
1 minute,
5 minutes.

The Discovery function displays the following results (the counter are cleared at each start of the
agent):

Local: local network subnet,


Remote: remote network subnet,
Application: application, with the following format:

Example

Meaning

Recognized by

When

HTTP (http)

application according to ip|boss


dictionary (application according to the
syntax engine dictionary)

syntax engine

on the
session start
(handshake)

HTTP (tcp)

application according to ip|boss


dictionary (layer 4 protocol)

declared or
well-known port

on the
session start
(handshake)

IMAP
(established)

application according to ip|boss


dictionary (established)

declared or
well-known port

after the session


start

TCP/0-19999
TCP/19999-0

TCP (or UDP) / 0 - remote server port


TCP (or UDP) / local server port - 0
Note: if the handshake is missed, the
direction of the flow is unknown and the
reported port may be the clients.

not recognized

The order of recognition is the following:


1. declared port,
2. syntax engine,
3. well-known port (RFC 1700).

Ingress packets: number of ingress packets sent (LAN to WAN),


Ingress bytes: number of ingress bytes sent (LAN to WAN),
Ingress sessions: number of ingress sessions opened (LAN to WAN),
Egress packets: number of egress packets received (WAN to LAN),
Egress bytes: number of egress packets received (WAN to LAN),
Egress sessions: number of egress sessions opened (WAN to LAN),
% : percentage of traffic (according to the parameter Sorted by).
The indicator light Discovery becomes yellow in the Main window when a Discovery
is running, to remind you not to let agents running for ever (they generate traffic).

6-32

Ipanema Technologies

June 2009

Using services

6. 5. 4. Helpdesk maps
Operating procedure table: ip|true service, ip|fast service, ip|coop service, ip|xcomp service,
ip|xtcp service, ip|xapp service.
In the Helpdesk Toolbar, select

Topology map,

Applicative map or

VoIP map.

The corresponding Map window is displayed.

Map example
The maps show in a glance the behavior of the whole network. These graphical views use squares
with:

a size depending on the throughput,


a color code depending on the quality of the flows: from Red (very bad quality) to Green (very
good quality) (the Application Quality Score is calculated from weighted colors: Red = 0, Orange
= 5, Green = 10). When the quality cannot be computed, the color is Grey (refer to the AQS
description in 6.5.1.1. above).

They are divided in main blocks and sub-blocks inside. Those blocks depend on the type of map
(see below) and level of zoom.
By moving the mouse on the square, a contextual text shows the description of the blocks:

description of the main block (for example: Ingress site),


description of the sub-block (for example: Egress site),
Total throughput of the sub-block (in kbps),
AQS (Application Quality Score) of the sub-block.

This window contains the map itself plus the following buttons:

: no access,

: to export in a text file the list of the flows,

: to get the list of flows corresponding to the square area in the real time window,

June 2009

: to zoom in the map,

Ipanema Technologies

6-33

Ipanema System

: to zoom out of the map,

: to reset the zoom (zooms out to the top level),

: to show the label inside the squares,

: to show the label on top of the squares,

: to switch between average and worst AQS (color) for a square,

: to switch between ingress and egress traffic.


The zoom in, zoom out and reset zoom functions are made by using the right button
of the mouse on ip|boss Java Client

Three types of maps are available in the system:

Topology map: to show the behavior with a topology point of view (sites, sites to sites),

Applicative map: to show the behavior with a criticality, User class point of view,

VoIP map: to show the behavior of the Voice over IP.


These maps can be used in a large screen on the supervision system.

6. 5. 4. 1. Topology Map
By clicking on

Topology map, the Topology map is displayed.

Zoom levels:

Top level: at the first level, the map displays the full traffic with a main block per source (ingress)
ip|engine and a sub-block per destination (egress) ip|engine.
Zoom in level 1: by zooming in a Site block, you can see a sub-block per User class from
site to site.
Zoom in level 2: by zooming in a User Class block, you can see a sub-block from site to site
by User Class.

6. 5. 4. 2. Applicative Map
By clicking on

Applicative map, the Applicative map is displayed.

Zoom levels:

6-34

Top level: at the first level, the map displays the full traffic with a main block per criticality and
a sub-block per User Class.
Zoom in level 1: by zooming in a criticality block, you can see a sub-block for all User Classes
in the selected criticality level and the ingress site for each User Class.
Zoom in level 2: by zooming in a User Class block, you can see a sub-block for all ingress
sites in the selected User Class, and the egress sites for each ingress site.
Zoom in level 3: by zooming in a Site block, you can see a sub-block for the selected User
Class between ingress site and egress site.

Ipanema Technologies

June 2009

Using services

6. 5. 4. 3. VoIP Map
By clicking on

VoIP map, the VoIP map is displayed.

Unlike the other maps, the VoIP map does not show the AQS, but the MOS (mean opinion score)
of the voice calls.

MOS Definition
Zoom levels:

Top level: at the first level, the map displays the full traffic with a main block per source (ingress)
ip|engine and a sub-block per destination (egress).
Zoom in level 1: by zooming in a Site block, you can see a sub-block from site to site, and
per Codec for each site.
Zoom in level 2: by zooming in a Codec block, you can see a sub-block from site to site by
Codec.

June 2009

Ipanema Technologies

6-35

Ipanema System

6. 6. HELP
In the Toolbar, select

Help:

The Help window is displayed.

Help window
This window contains the documentation of Ipanema System.

6-36

Ipanema Technologies

June 2009

CHAPTER 7. ANALYZING AND REPORTING


TOOLS
Document organization
This chapter describes capabilities for communication with external systems via an SNMP agent.
This function allows measures to be archived on an external system, whether they are optimized
or not.
The data available via the MIB depend on the Metaviews configured in the system.

7. 1. MIB ACCESS
7. 1. 1. MIB
The description file is available in the directory of ip|boss:
~/salsa/ipboss/server/interface/ipanema-technologies.mib
~/salsa/ipboss/server/interface/ipanema-technologies-notifications.mib

7. 1. 2. SNMP
Measures can be used via a MIB access thanks to an SNMP agent included in the ip|boss software.
The UDP port used by this agent must be configured, Domain per Domain (a different port must
be declared for each Domain), in ip|uniboss.
Access to the agent is read-only with SNMPv2c protocol. The Community name is public (default
value, can be configured by user).
The SNMP agent instantiates the system and SNMP groups as well as a private MIB.
The SNMP agent is updated every Short reporting period (as defined in the Domain configuration
see chapter 3).

June 2009

Ipanema Technologies

7-1

Ipanema System

7. 2. IP|REPORTER
This section describes the reporting system, ip|reporter, made by Ipanema Technologies.

7. 2. 1. Ipanema Architecture
The Ipanema solution architecture is composed of the following system elements:

ip|boss is the centralized management software for the Ipanema performance management
system which runs on a standard Solaris or Windows platform. Through the ip|boss, business
objectives are communicated to ip|engines and measurement data are collected.

ip|engines are software/hardware appliances that automatically measure and optimize


network and application performance. Using the business objectives defined by the company,
ip|engines work together as a real-time system to measure network performance and
utilization, and to manage application service levels. GPS time synchronization enables them
to deliver the most accurate measurement possible.

ip|reporter is a full-service report generating utility. It provides a global view of service levels
for each application, as well as detailed, metrics based reports for problem diagnostics.
The ip|reporter is a reporting tool powered by InfoVista and based on OEM agreement.

InfoVista can operate with real-time data or deferred-time data. Real time, such as SNMP data,
is retrieved from the ip|boss at regular intervals by polling the resource and requesting it for
specific information about the behavior of the resource. These data give up to date information
about IS behavior.
Deferred-time data is external to the SNMP world. It has its source in existing log files (a web
site log file, for example) or databases. It is batch-loaded onto the InfoVista server as some time
after it was generated. InfoVista uses these data to calculate Indicators in the same way as it
handles real time data. And, in fact, when the data is displayed on a report, the origin of the
resource data is totally transparent to the user.

7-2

SNMP (System MIB) Collect of measurement. Interfaced with SNMP agent of ip|boss.

Ipanema Technologies

June 2009

Analyzing and reporting tools

Ipanema architecture

June 2009

Ipanema Technologies

7-3

Ipanema System

7. 2. 2. Ipanemas ip|reporter architecture


Ipanema Technologies ip|reporter is the easy to use report generating component of Ipanemas
service level management system. Using information gathered from ip|engines performance
measurement and optimization appliances, and aggregated by the ip|boss management software,
ip|reporter generates sophisticated reports showing network performance and utilization. These
reports summarize real-time as well as historic data that an enterprise can use to appropriately
size a network, thus reducing WAN operating costs significantly, while improving or maintaining
application performance levels. ip|reporter includes embedded report generation software which
handles all user interface functions.
Ipanemas ip|reporter is powered by InfoVista. ip|reporter can be purchased without InfoVista
software, if an enterprise already owns the software package. ip|reporter can run on the same
server as the ip|boss management software, or it can run on a separate server.

7-4

Ipanema Technologies

June 2009

Analyzing and reporting tools

7. 2. 3. Terms
7. 2. 3. 1. The Instance
Each monitored resource in the network is represented by an Instance object (equivalent to a
Metaview in ip|boss) . An Instance can represent any logical or physical element in the network
such as an ip|engine source, an ip|engine destination, a subnet source, a subnet destination, an
application, a Key A, a Key B, a User Class, a criticality.
The Instance consists of values and identify and characterize the resource (for example, the alias
for an application). These characteristics are called Property and the values assigned to them are
called Property Values.
The data is displayed on a Graph. The Instance is mapped to the Graph via a report.

7. 2. 3. 2. The Vista
You create each Instance object from a template object called the Vista. The Vista indicates which
Properties each Instance should have. You can create any number of Instances from the same
Vista. In this way, you define each type of equipment only once and when you create Instances of
this equipment, you simply supply the values of the Properties.
InfoVista is installed with a number of standard, pre-configured Vistas which allow you to get up
and running immediately.
For example:

the Vista IpNode has the Property ip (IP Address).

the Vista SNMP node has the Properties snmprd (SNMP community read) and snmpwr (SNMP
community write).
Rules can be defined to create relationships between Vistas. They are not immediately
visible in the object model but they are exploited by several Vistas you use. For example,
one of the standard Rules states that All Routers are SNMP nodes. The result is that
the Vista Router automatically inherits all the Properties of the Vista SNMP node as
well as its own intrinsic Properties.

7. 2. 3. 3. The Indicator
An Indicator is a measurement. It tells us something about the operation of a resource. Examples
are data traffic or quality of service. InfoVista calculates the values of Indicators from the source
data, which it collects from the monitored resource.
Standard, pre-configured Indicators exist for the most common situations that you encounter (and
for some of the more difficult ones, too).

7. 2. 3. 4. The Report
An InfoVista report shows one or more Graphs and possibly some decorative text or bitmaps. Each
Graph shows the values of a set of Indicators for a set of Instances (the monitored resources).

7. 2. 3. 5. The Report Template


Each Report is derived from a template object called the Report Template. The Report Template
represents a typical report layout. It does not contain data, it just shows the Graphs that are used
and the visual layout of the report.
The same template can be used by any number of Reports. You can therefore define a typical
report template once, and each time you create a report from this template, your work is reduced
to specifying which Instances the report will monitor.
InfoVista is installed with a number of standard, pre-configured Report Templates.

June 2009

Ipanema Technologies

7-5

Ipanema System

Typical Report Template names:

Short/Long reporting: SNMP agent polling period.


Display Rate: The time interval between two consecutive values of an Indicator. Each Report
Template may be provided with several different display rates (select from the list: hourly, daily,
weekly and monthly).
Time Span: The time period over which the Graph must display data. The Time Span value is
not subject to any limitations, though typically it is set to a simple multiple of the display rate.
For example, if the display rate is 1 day and the time span is set to 1 week, the graph is scaled
to display 7 consecutive Indicator values.
Life Time: The Life Time is one of the factors used by the system to calculate and reserve the
necessary buffer space for storing the Indicator values. When the data becomes older than this
Life Time it is considered to be obsolete and is gradually purged from the system.
Hourly: Specifies that the display period is one hour.
Ingress: name of the ip|engine upstream of the flow (from LAN to WAN).
Egress: name of the ip|engine downstream of the flow (from WAN to LAN).

7. 2. 3. 6. The Report Folder


A Report Folder is a list of Reports. The Reports in a folder may be derived from different Report
Templates. The folder provides a way of grouping the Reports together:

either to simplify readability in the object tree

or to provide common access rights to a number of Reports.

You can also create sub-folders, if necessary, to organize your working environment.

7. 2. 3. 7. Libraries
A Library (supplied by InfoVista or third parties, or created by you) is used to group together objects
such as Vistas, Indicators, etc. in order to obtain logical units.

7-6

Ipanema Technologies

June 2009

Analyzing and reporting tools

7. 2. 4. Starting the system


7. 2. 4. 1. Starting the server application
Normally, the InfoVista server is started automatically, after installation, and each system reboot.
A message such as:
Manager/Collector server not found

Manager service

Collector service
or
Client-Server communication failure

Browser service
Which may be displayed after trying to connect to a server, means that the InfoVista
server has not started correctly. If you have a problem, refer to chapter 1 section
Troubleshooting.

June 2009

Ipanema Technologies

7-7

Ipanema System

7. 2. 4. 2. Starting client application


WINDOWS SPECIFIC (Windows NT 4.0/Windows 2000/Windows 2003)
In the Windows Task bar, click on Start/Programs/InfoVista/IVreport.

Starting IVreport
UNIX SPECIFIC
The InfoVista software is installed in:
/opt/InfoVista/Essentials/bin (Solaris)
(The path should be included in the PATH variable)
To start the client, execute:
./ivreport &

7-8

Ipanema Technologies

June 2009

Analyzing and reporting tools

7. 2. 4. 3. Connecting to a server
After startup, the Connection dialog box is displayed. Enter the parameters requested and click on
OK.

Startup window

InfoVista Server Connection

Server name: Name of the system running the InfoVista server or IP address. If the server is on
the same machine as the client application, leave this field blank or put the loop back address
(127.0.0.1).
Several instances of InfoVista can be installed on the same server. In this case the
syntax is the following: <instance_name>@x.x.x.x (where x.x.x.x is the IP address
of InfoVista server).
In a firewall environment, the endpoints for Manager, Collector and
Browser services can be fix. In this case the syntax is the following:
x.x.x.x:ManagerPort:CollectorPort:BrowserPort (where x.x.x.x is the IP address of
InfoVista server). The endpoints ports can be setup using ip|reporter rich client
(IVreport):

June 2009

Ipanema Technologies

7-9

Ipanema System

InfoVista Endpoint Setup

7-10

User name: Enter administrator.


Password: The default value is blank. To reconnect to the same server or to another server,
select the command File/Connect to Server in the InfoVista Main window.

Ipanema Technologies

June 2009

Analyzing and reporting tools

7. 2. 4. 4. InfoVista main window


After connection, the InfoVista Main window is displayed. The left-hand panel displays the objects
of the InfoVista model in the form of a tree structure.

InfoVista Main window


The root of the tree (at the top) is the InfoVista server system. If the name of the server is local,
this means that the server is on the same system as the client application.
or a

Nodes in the tree are indicated by a


expanded. It may contain subfolders. A

.A

indicates that the branch has not been

indicates that the node is already expanded.

Click a

Click a

Click a branch or object name to select the item.

Double-click the name of an object to open the Property sheet or List view window of the object
(shortcut for Edit/Open).

June 2009

node to expand the branch.


node to collapse the branch.

Ipanema Technologies

7-11

Ipanema System

The right-hand pane of the window displays the list of sub-objects of the object that is currently
selected in the object tree.

Click the square symbol

in front of an object to display the next level of sub-object.

Double-click an object name to open the Property sheet of the object (shortcut for Edit/Open).

The tool bar contains buttons which provide shortcuts for the more frequently used menu
commands.

Create a new object of the selected type (shortcut for Edit/Add).

Copy the selected object to the clipboard (shortcut for Edit/Copy).

Paste an object from the clipboard (shortcut for Edit/Paste)

Delete the selected object (shortcut for Edit/ Delete).

Open the Property sheet of the selected object (shortcut for Edit/Open).

Find objects by name or description (shortcut for Edit/Find).

Schedule report-related actions (shortcut for Reports/Schedule)

Create a new report with the Instant Report wizard (shortcut for
Reports/Instant Report).

Filter reports based on specified criteria (shortcut for Reports/Filter).

7-12

Ipanema Technologies

June 2009

Analyzing and reporting tools

7. 2. 4. 5. The Report Viewer


Use the viewer to view or print a Report. This paragraph describes the manipulation of the Report
viewer.

Report viewer

Report/Periodical Refresh/Stop

Report/Periodical Refresh/Start
The report template is configured to update the data display in function of the display rate value.

While the report is running, inhibit Periodical Refresh (click the


and wait a few minutes. Note
that the data in the reports stops being updated and the Report Reference Time, displayed at the
top right of the viewer also becomes fixed. The reference time indicates the timestamp of the last
data sample displayed in the Report (in other words, the timestamp of the last update of data).
After a few minutes, enable Periodical Refresh again (click the button). You will see the data
updated immediately, one new point on the Traffic graph for every period you wait. You also see
the reference time updated to display the current time again.

Graph/Refresh/Data if a graph is selected.

File/Print While a Report is open, you can print it with this command. The report is printed
on your systems default printer.

Edit/Copy

Graph/Properties if a graph is selected

Toggle Information Mode (not in a menu) When depressed, displays a tool tip over graphic
objects, indicating the Metric name, Vista name and acquisition rates, time span and the objects
Description attribute.

June 2009

Ipanema Technologies

7-13

Ipanema System

Reference Time slider

Use the reference Time slider to adjust the reference time of the report:

either drag the slider

or click on the arrow buttons

or click on the time or date, edit with the keyboard and press Enter to validate

click on the latest button


to set the reference time to the current date and time (equivalent
to dragging the slider all the way to the right)

For more information, please refer to the InfoVista Reference Manual.

7-14

Ipanema Technologies

June 2009

Analyzing and reporting tools

7. 2. 4. 6. ip|reporter web client


The default path to access ip|reporter web is http://<ip|reporter web>/PortalSE.
The user is prompted for a login and password. Different accesses can be defined
with different user rights (unlike for the users of IVreport, who always have
access to all the reports managed by the server). Refer to the Technical note
TN-0200011-04__how_to_configure_report_access_with_VPSE2.pdf.

ip|reporter web client

June 2009

Ipanema Technologies

7-15

Ipanema System

7. 2. 5. Reports Management
Operating procedure table: settings (automatic reporting), settings (define reports), service ip|true
(automatic reporting), service ip|true (modify reports), service ip|reporter (automatic reporting),
service ip|reporter (define reports)
The reports are managed in the ip|boss interface, thanks to ip|reporter or to the Automatic
reporting tool.
ip|boss manages the Instances creation and deletion in InfoVista according to the configuration
parameters.
ip|boss is the reference for the reports and Instances for infovista. If some reports described in
ip|boss configuration file are not present in Infovista database, then ip|boss takes in charge to
create the missing reports. At the opposite, if some reports exist (for the Domain) in Infovista
database and not in ip|boss configuration, then ip|boss takes in charge to delete these reports.
ip|reporter uses the Metaviews for the reports creation and filling.
Three kinds of reports creation are available:

7-16

ip|reporter, unitary mode: one report is created on one Metaview. This mode is to use to add a
specific report on a specific Metaview, or to create some reports that cannot be created in the
Wizard mode.
ip|reporter, automatic mode (Wizard): several reports can be created on several Metaviews in
one operation. For example: 8 given reports on all physical sites.
automatic reporting: reports are automatically created for the Domain, for all Physical sites, for
all Virtual sites or for all User classes, and will automatically be added when new Physical sites,
new Virtual sites or new User classes are created.

Ipanema Technologies

June 2009

Analyzing and reporting tools

7. 2. 5. 1. Automatic reporting
This tool allows to create reports for the Domain, for all Physical sites, for all Virtual sites or for all
User classes.
The selected reports are automatically added for existing Physical sites*, Virtual sites* and User
classes, and will be automatically added when new Physical sites*, new Virtual sites* or new User
classes are created.
* For the sites (physical or virtual), the selected reports are created only if
Auto-reporting is at yes in the ip|engine parameters.

In the System administration Toolbar, select

Automatic reporting.

The Automatic reporting window is displayed.

Automatic reporting window


This window contains four tabs:

Domain,
Physical sites,
Virtual sites,
User classes.

within any tab, the automatic report creation window is displayed


By clicking on the New button
(Domain, Physical sites, Virtual sites or User classes automatic reports creation window, according
to the selected tab):

Domain automatic reports creation window


This window contains an input zone with the following field:

Report template: drop-down list of available report templates, to choose the reports attached
to the selected tab.

June 2009

Ipanema Technologies

7-17

Ipanema System

four click boxes allow to define which time aggregation can be created for the report:

Hour,
Day,
Week,
Month.

a click box that allows to define the level of confidentiality for the report:
Public (unclicked by default):
when clicked, the reports are stored in the hour / day / week / month folders
in IVreport, and an access to the reports can be given to all users using the web
client;
otherwise, the reports are stored in the hour private / day private
/ week private / month private folders in IVreport, and the
access to the reports can be restricted, for the users using the
web client, to authorized users only (refer to the Technical note
TN-0200011-04__how_to_configure_report_access_with_VPSE2.pdf).

7-18

Ipanema Technologies

June 2009

Analyzing and reporting tools

7. 2. 5. 2. Reports creation in unitary mode (ip|reporter)


In the Reporting Toolbar, select

ip|reporter.

The ip|reporter window is displayed:

ip|reporter window
This window contains the list of reports created on each instance with the specific parameters.
By clicking on the New button

, the report creation window is displayed.

reports creation window


This window contains an input zone with the following fields:

Metaview: drop-down list of Metaviews, to choose the Metaview on which the reports will be
created.
Report template: drop-down list of available report templates, to choose the reports attached
to the selected Metaview.
4 click boxes allow to define which time aggregation can be created for the report:

Hour,
Day,
Week,
Month.

a click box that allows to define the level of confidentiality for the report:
Public (unclicked by default):
when clicked, the reports are stored in the hour / day / week / month folders
in IVreport, and an access to the reports can be given to all users using the web
client;
otherwise, the reports are stored in the hour private / day private
/ week private / month private folders in IVreport, and the
access to the reports can be restricted, for the users using the
web client, to authorized users only (refer to the Technical note
TN-0200011-04__how_to_configure_report_access_with_VPSE2.pdf).

June 2009

Ipanema Technologies

7-19

Ipanema System

7. 2. 5. 3. Reports creation in wizard mode (ip|reporter)


This creation mode allows to create a big number of reports. It allows to create a package of reports
for several Metaviews. This mode could be used in the initial creation step.
In the Reporting Toolbar, select

ip|reporter.

The ip|reporter window is displayed:

ip|reporter window

By clicking on the Wizard icon

, the multiple creation window of Reports is displayed.

Reports Wizard window


This window contains:

a zone with multiple selection for the Metaviews,


a zone with multiple selection for the Report template . The list is modified according to the
type of Metaview selected.
4 click boxes, that allow to define which time aggregation can be created for the report:

7-20

Hour,
Day,
Week,
Month.

Ipanema Technologies

June 2009

Analyzing and reporting tools

a click box that allows to define the level of confidentiality for the report:
Public (unclicked by default):
when clicked, the reports are stored in the hour / day / week / month folders
in IVreport, and an access to the reports can be given to all users using the web
client;
otherwise, the reports are stored in the hour private / day private
/ week private / month private folders in IVreport, and the
access to the reports can be restricted, for the users using the
web client, to authorized users only (refer to the Technical note
TN-0200011-04__how_to_configure_report_access_with_VPSE2.pdf).

The first zone (on the left) shows the list of elements (Metaviews and Report templates) as
described in the system and managed by ip|boss, the second area (on the right) shows the
selected elements.
Some arrows are used to move the selected data from one area to another.
By selecting several elements in each list, the system will create the reports according to
combinative selected criteria.

7. 2. 5. 4. Reports Deletion
To delete some reports in the Infovista database, just suppress the reports in the list accessible by
ip|reporter. After the validation of the deletion and update of the configuration, the reports
are definitively deleted, the reports and their data cannot be accessed anymore.
It is possible to suppress several reports by selection with the keyboard.

Another way to remove the reports is by clicking on the icon


reports is displayed.

, the multiple deletion window of

If the reports were created with the Automatic reporting function


, they will be
automatically re-created after deletion, so they must be deleted with this funciton (be
aware that suppressing a report with this function will impact all the concerned objects
ip|engines or User classes).

June 2009

Ipanema Technologies

7-21

Ipanema System

7. 2. 5. 5. Update in InfoVista
After creation or deletion of reports, click on the flashing Update button
in order to update the
Infovista Database with ip|boss configuration. After you have confirmed you want to update the
configuration in ip|reporter, this step is identified by the Database LED (in the ip|reporter status
screen) in amber during the synchronization (this can last several minutes, or several hours if you
created a large number of reports at a time).

Warning before configuration update

ip|boss status zone during database update

7. 2. 5. 6. Force synchronize
If InfoVista suffers a Database synchronization problem, it is possible to force the synchronization
using ip|reporters menu Actions / Force synchronize.
This function should not be used under normal circumstances. Use it only in case
of synchronization problem. A synchronization problem can be checked in the
logs, and thanks to the Database LED above (grey: an error happened during last
synchronization; red: error in the reports description; amber is a normal color during
synchronization, but it should be a temporary state: if the LED remains amber for an
abnormaly long time, this can also be due to a synchronization problem).

ip|reporter Force synchronize menu


As this can last several minutes, or several hours if you created a large number of reports, a warning
message is displayed:

Warning before forced synchronization

7-22

Ipanema Technologies

June 2009

Analyzing and reporting tools

Click OK to confirm you want to force synchronization, Cancel if you wan to abort.

June 2009

Ipanema Technologies

7-23

Ipanema System

7. 2. 5. 7. Recommended reports
Ipanema recommends that the following reports are created:
Report

Dom

Phy

Vir

UC

other

AM - Time evolution - TCP

PM - Compression Evolution

PM - Compression Synthesis - appli

PM - Compression Synthesis - UC

PM - Time Evolution

X
X

PM - Site Summary
PM - Appli. Summary (per dir.)

X
(x)

PM - UC Summary (per direction)

PM - Detailed per UC

(x)

PM - Detailed per application - Top

SLM - User class Summary

SLM - Site Summary (per direction)

SLM - Site Synthesis

SLM - Application Synthesis

SA - Site Throughput
SA - Site Summary (ingress/egress)

FI - Availability Overview

FI - Availability Evolution

where Dom stands for Domain, Phy for Physical sites, Vir for Virtual sites, UC for User classes,
and other should be created for a specific occasion only (troubleshooting...), then removed.

7-24

Ipanema Technologies

June 2009

Analyzing and reporting tools

7. 3. HOW TO READ THE REPORTS


Reports can be read either using IVreport (InfoVista rich client) or InfoVista web client.

7. 3. 1. IVreport
To open a report using IVreport, launch IVreport (default login / password are administrator /
(no password)), open the Reports tab, open the following folders: Report folders / <Domain>
/ <MetaView> / <Level of aggregation, level of confidentiality>, then double-click on the reports
name.

If the Public click box was clicked on the reports creation, it can be found in the hour / day
/ week / month folders;
otherwise, it can be found in the hour private / day private / week private / month private
folders.

Reports directory structure in IVreport

June 2009

Ipanema Technologies

7-25

Ipanema System

7. 3. 2. Web client
Using the web client, the directory structure is similar, but users may not have an access to all
reports (for example, the access may be limited to the Public reports only), according to their rights
(refer to the Technical note TN-0200011-04__how_to_configure_report_access_with_VPSE2.pdf).

ip|reporter web client


There are two ways to navigate in the reports:

by selecting Folders in the drop-down list in ip|reporters main window, you can access the
reports with the following file system tree (4 hierarchical levels):
<Domain> / <type of MetaView> / <MetaView> / <time level, public/private>

ip|reporters Folders file system tree

7-26

Ipanema Technologies

June 2009

Analyzing and reporting tools

The second browsing method allows to navigate in the sites reports with two additional
hierarchical levels, defined by the ip|engines Navigation fields Folder name for level 1 and
Folder name for level 2: by selecting Navigation in the drop-down list in ip|reporters main
window, you can access the sites reports with the following file system tree (6 hierarchical
levels):
<Domain> / Navigation / <Folder name for level 1> / <Folder name for level 2> /
<MetaView> / <time level, public/private>
(the <type of MetaView> level disappears, as this method is valid to access the sites reports
only).
This method is very helpful on larges networks, with hundreds or thousands of sites.
In the example below, Folder name for level 1 was used to group sites per continents, and
Folder name for level 2 was used to group sites per countries. The ip|engines created without
filling those fields are grouped under the Unknown folder name:

ip|reporters Navigation file system tree

June 2009

Ipanema Technologies

7-27

Ipanema System

7. 3. 3. Dynamic reading of the reports


The reports show graphs and tables:

Report example

The graphs show the history of the values.


Click on the graphs (IVreport) or move your mouse on them (web client) to read detailed values
in a popup.
The values in the tables are measured over the last display period.
Click successively on any column header to sort the table by increasing or decreasing values.

On the client you can use the time slider (IVreport) or specify the date and time (both clients) to see
the previous values of each indicator. This presents you with a historical view of each resource
for any moment during the lifetime of the report.

7-28

Ipanema Technologies

June 2009

Analyzing and reporting tools

7. 3. 4. Definitions
Here is a definition of the symbols and specific metrics that are used in the reports (for the definition
of the standard metrics, such as AQS, Delay, Jitter, Loss rate, RTT, SRT, TCP retrans., etc.), please
refer to 6.5.1.1 Analyzing Real time monitored flows):
=>

Represents the LAN => WAN - or ingress - direction,

<=

Represents the WAN => LAN - or egress - direction.

Session

A session is identified:

For TCP or UDP by the following parameters: source IP address,


destination IP address, protocol (TCP or UDP), source port and
destination port.
For other protocols over IP (for example: ICMP) by the following
parameters: source IP address, destination IP address, protocol.

Qualified
(sessions,
throughput,
goodput)

Traffic between synchronized physical ip|engines; delay, jitter and packet


loss are measured.

Non qualified
or Unqualified
(throughput,
goodput, sessions)

Traffic between non synchronized ip|engines (most of the time between


a physical ip|engine and a virtual ip|engine); delay, jitter and packet
loss cannot be measured.

MOS
(1 to 5)

Mean Opinion Score. The MOS is based on the ipanema metrics Losses,
Delay, Jitter and Codec in use, and calculated over a scale between 1 and
5, with the following signification:

Overactivity
(%)

Percentage of time when the Right Size (computed by Smart planning) is


higher than the WAN access for Top and High traffic.

Evolution
(Volume, Quality,
Activity)
(++/+/0/-/- -)

Evolution, according to the following symbols, as compared to the


average value of the 3 last periodicity levels (3 hours, 3 days, 3 weeks or
3 months, according to the time scale of the report):

June 2009

++: the metric has increased a lot (by more than +20%),
+: the metric has slightly increased (between +5 and +20%),
o: the metric is stable (between 5% and +5%),
- : the metric has slightly decreased (between 5 and 20%),
- -: the metric has decreased a lot (by more than 20%).

Ipanema Technologies

7-29

Ipanema System

Color Management

7-30

Ipanema Technologies

June 2009

Analyzing and reporting tools

7. 4. IPANEMA SYSTEM VISTAVIEWS


The following sections (7.5 to 7.15) correspond to each Vistaview, and each section is further
divided into sub-sections that correspond to each report template. A report sub-section includes
an overview of the report features, a graphical representation of the report, a detailed description
of the report, and finally a suggested way of using the report.

Ipanema VistaViews

Some of these VistaViews are available only if you have purchased the corresponding
options and if they are enabled in the license file.

June 2009

Ipanema Technologies

7-31

Ipanema System

core

Used to collect all information by querying ip|boss SNMP agent.

Acceleration

Metrics and Indicators for TCP acceleration.

Acceleration - en

English Template Reports used to display the TCP acceleration


metrics (namely the acceleration factor).

Application Monitoring

Metrics and Indicators for the AM.

Application Monitoring - en

English Template Reports used to display the AM.

CIFS

Metrics and Indicators for CIFS acceleration.

CIFS - en

English Template Reports used to display the CIFS acceleration.

Compression (option)

Used to collect all Compression metrics by querying the SNMP


agent.

Compression - en

Used to display the Compression metrics of all incoming or outgoing


traffic with the compression ratio.

Fault Isolation

Metrics and Indicators for the Ipanema system status.

Fault Isolation - en

English Template Reports used to display the IS status.

ip_export (option)

Used to collect the ipanema metrics via the SNMP interface.

Performance Monitoring

LAN-to-LAN metrics and Indicators for the PM.

Performance Monitoring - en

English Template Reports used to display the PM.

Performance Monitoring WAN

WAN-to-WAN metrics and Indicators for the PM.

Performance Monitoring WAN - en

English Template Reports used to display the PM.

Service Level Monitoring

Metrics and Indicators for the SLM.

Service Level Monitoring - en

English Template Reports used to display the SLM.

Site Analysis

Metrics and Indicators for the SA used for troubleshooting

Site Analysis-en

English Template Reports used to display the SA used for


troubleshooting

SLA

Metrics and Indicators for the SLA.

SLA - en

English Template Reports used to display the SLA.

Smartplanning (option)

Used to collect all smartplanning metrics by querying the SNMP


agent.

Smartplanning - en

Used to display the smartplanning metrics of all incoming or


outgoing traffic by criticality level (top, high, medium and low) on a
site.

VoIP

Used to collect all Voice Over IP metrics by querying the SNMP


agent.

VoIP-en

English Template Reports used to display the Voice Over IP metrics


of all incoming or outgoing VoIP traffic.
Ipanema System VistaViews

7-32

Ipanema Technologies

June 2009

Analyzing and reporting tools

The statistics generated by the different functions are available throughout the whole Ipanema
System:

ip|boss aggregates the data gathered from ip|engines performance measurement,


optimization and compression functions, and makes them available through the SNMP
interface.
ip|reporter uses them to generate the appropriate easy-to-use reports, that provide a complete
analysis for each network access.

All reports can be created with ip|reporter using the single or the wizard mode (unless otherwise
specified).
The reports on the Domain, on Physical or Virtual sites, and on User classes can also be created
with the Automatic reporting tool.
The available periodicity levels for the reports are the following (unless otherwise specified):

Hourly,
Daily,
Weekly,
Monthly.

The Ipanema System library contains the following report templates, with the following
abbreviations being used:

in What is measured: App: Application; Crit: Criticality; D/J/L: Delay/Jitter/Loss; Ses: number
of sessions; Tput: Throughput; Gput: Goodput; (un)qual: (un)qualified; UC: User class; Vol:
volume; evol: evolution
Filters: D: Domain; P: Physical Sites; V: Virtual sites; K: Keys; S: User Subnets; U: User classes;
A: Applications; C: Criticality
Legend in the Filters:
X: the report is available for Metaviews that contain this object.
Example: is - slm - site summary is available on the Domain.
L: the report is available for Metaviews that contain a list of this object.
Ex.: is - slm - site synthesis is not available on a single Physical site, but it is if the
Metaview contains a list of Physical sites.
o: the report is available for Metaviews that contain this object, but only if the Metaview
also contains objects with an X.
Ex.: is - slm - user class summary per direction is not available on a User class, but it is
if the Metaview is a combination of a Physical Site AND a User class.

SLM (Service Level Monitoring)


Report template
(is - slm -)

What is measured

service level
evolution

AQS, qual. and unqual. ses., Tput, Gput

site summary

AQS, D/J/L, RTT, SRT, TCP retrans.,


ses., Tput.

uc summary

AQS, D/J/L, RTT, SRT, TCP retrans.,


ses., Tput.

uc summary per
direction

D P

app. synthesis

Vol. & AQS evol. per crit., Ingress &


Egress Tput, vol. & vol. evol. per UC,
AQS & AQS evol. per UC, vol. per app.
(top 10), site activity, global evol.

site synthesis

Vol. & AQS evol. per crit., Total Tput, vol.


& vol. evol. per site, AQS & AQS evol.
per site.

June 2009

Filters

Ipanema Technologies

7-33

Ipanema System

SLA (Service Level Agreement)


Report template
(is - sla -)

What is measured

Filters

domain

AQS per UC, AQS per site, over activity


per site

domain overview

Vol., AQS, MOS, over activity per UC,


per site

site exploitation

AQS, MOS, vol., ses., over activity

site customer

AQS, MOS, vol., ses., over activity

D P

D P

AM (Application Monitoring)
Report template
(is - am -)

What is measured

Filters

site summary - tcp

SRT, RTT, Packet retrans., Tput, ses.

user class
summary - tcp

SRT, RTT, Packet retrans., Tput, ses.

application
summary - tcp

SRT, RTT, Packet retrans., Tput, ses.

time evolution - tcp

SRT, RTT, Packet retrans., Tput, ses.

D P

PM (Performance Monitoring)
Report template
(is - pm -)

What is measured

Filters

site summary

D/J/L; qual. packet size, ses. & Tput;


total packet size, ses. & Tput

uc summary

D/J/L; qual. ses., packet size & Tput;


total ses., packet size & Tput

uc summary per
direction

D/J/L; qual. ses., packet size & Tput;


total ses., packet size & Tput

app. summary

D/J/L; qual. ses., packet size & Tput;


total ses., packet size & Tput

app. summary per


direction

D/J/L; qual. ses., packet size & Tput;


total ses., packet size & Tput

traffic topology

Total & qual. traffic, Traffic profile


(kbps/%time), packet%/delay, Tput per
site, ingress & egress

time evolution

D/J/L, Tput, ses.

detailed per uc

Throughput

detailed per app. top


detailed per app.

7-34

Ipanema Technologies

June 2009

Analyzing and reporting tools

PM (Performance Monitoring) Compression


Report template
(is - pm -)

What is measured

compression
evolution

Total LAN Tput. (without compr.), total


WAN Tput (with compr.), compressed
Tput, saved Tput.

compression
synthesis - uc

For each UC and each way: compressed,


saved, total LAN, total compressible and
total compressed volumes; compr. factor
and ratio

compression
synthesis application

Filters
D P

ip|reporters wizard mode is not available for those reports.

ACC (Acceleration)
Report template
(is - acc -)

What is measured

acceleration
evolution

Filters
D P

Compr., TCP & Acceleration factors, nb


of new & current sessions

acceleration - site
summary

Nb of new & current sessions, compr.,


TCP & Acceleration factors

acceleration - uc
summary - per
direction

For each way: nb of new & current


sessions; compr., TCP & Acceleration
factors

acceleration
- application
summary - per
direction
VoIP
Report template
(is - VoIP -)

What is measured

Filters

synthesis

MOS distribution

time evolution

MOS, D/J/L, sessions

Report template
(is - sa -)

What is measured

Filters
K

site summary
ingress

Tput: To physical ip|e, No correlation, To


virtual ip|e, To Out of Domain, Transit,
Other, Locally rerouted, Non IPv4 WAN,
Ignored LAN

D P

SA (Site Analysis)

June 2009

D P

Ipanema Technologies

7-35

Ipanema System

site summary
egress

Tput: From physical ip|e, No correlation,


From virtual ip|e, From Out of Domain,
Transit, Other, Locally rerouted, Non
IPv4 WAN, Ignored LAN

site throughput

Tput: IPv4, Apple Talk, IPX, SNA, IPv6,


Ignored LAN. IPv4 Thr.: To/From physical
ip|e, No correlation, To/From virtual ip|e,
To/From Out of Domain, Transit, Other,
Locally rerouted

FI (Fault Isolation)
Report template
(is - fi -)

What is measured

availability evolution

Status down, Status up, synchro. loss,


highest CPU load, WAN overload

Filters
D P

availability overview

With ip|reporter, FI reports can only be created using the unitary mode.

Smart planning
Report template
(smartplanning -)

What is measured

profile

Throughput, Right Size

synthesis

Current, trend 3 months, trend 1 year

Filters
D P

X
X

This report is only available on


a daily basis.

ip|export
Report template
(is - ip export -)

What is measured

type 1

ingress/egress unqual. and qualified


bytes, red bytes, yellow bytes, green
bytes, ses., D/J/L

Filters
D P

ip|reporters wizard mode is not available for this report.

7-36

Ipanema Technologies

June 2009

Analyzing and reporting tools

7. 5. SLM (SERVICE LEVEL MONITORING) REPORTS


7. 5. 1. is - slm - service level evolution
Service Level Monitoring Table

Service Level Monitoring - service level evolution

June 2009

Ipanema Technologies

7-37

Ipanema System

What can it do?


Monitored resource

This template is available for the following Metaviews:


A Domain .
A Site or a list of sites.
A Key or a list of keys.
A Subnet or a list of subnets,
An Application or a list of applications,
A User Class or a list of User Classes,
A Criticality or a list of criticality levels.
AQS, number of sessions (qualified and unqualified), throughput
(qualified and unqualified), goodput (qualified and unqualified).
From data collected every Short reporting period.

What is measured
How it is measured
Type of report

Hourly

Daily

Weekly

Monthly

Display rate

Short reporting

5 minutes

1 hour

4 hours

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

The graphs present the following information:


AQS graph
This graph represents the evolution of the AQS over the period of time.
Sessions graph
This graph represents the evolution of the number of sessions over the period of time:

number of qualified sessions,


number of unqualified sessions (the top of the curve (that sits above the Qualified sessions)
indicates the total sessions (qualified + unqualified)).

Throughput graph
This graph represents the evolution of the Throughput over the period of time:

7-38

Throughput: the surface indicates the non qualified throughput only, whereas the top of the curve
(that sits above the Qualified throughput) indicates the total throughput (qualified + unqualified)
Qualified throughput
Goodput: the surface indicates the non qualified goodput only, whereas the top of the curve
(that sits above the Qualified goodput) indicates the total goodput (qualified + unqualified)
Qualified goodput

Ipanema Technologies

June 2009

Analyzing and reporting tools

7. 5. 2. is - slm - site summary


Service Level Monitoring Table

Service Level Monitoring - site summary


What can it do?
Monitored resource

This template is available for the following Metaviews:


A Domain ,
A Site or a list of sites,
A Key or a list of keys,
A Subnet or a list of subnets,
An Application or a list of applications,
A User Class or a list of User Classes,
A Criticality or a list of criticality levels.
AQS, delay, jitter, packet loss, RTT, SRT, TCP retrans., sessions,
throughput.
From data collected every Long reporting period.

What is measured
How it is measured
Type of report

Hourly

Daily

Weekly

Monthly

Display Rate

1 hour

1 day

1 week

1 month

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

June 2009

Executive officers

Ipanema Technologies

7-39

Ipanema System

The table
The table presents the following information (note: for color and symbol explanation see the Color
Management picture in Definitions):
Site

Name of the Site (ip|engine).

Average AQS

Weighted average of the ingress AQS and egress AQS of the site.
In the following columns,

7-40

=> represents the LAN => WAN - or ingress - direction,


<= represents the WAN => LAN - or egress - direction.

AQS

Application Quality Score of the site for one direction.

D/J/L

Symbolic representation for Delay, Jitter and packet Loss to show the
metrics causing color during a display period of time.

RTT/SRT/Retrans

Symbolic representation for RTT, SRT and TCP Retrans. to show the
metrics causing color during a display period of time.

Average sessions

Average number of sessions per second.

Average
throughput
(kbps)

Average number of kbits per second at IP level (on physical and/or virtual
ip|engines).

Ipanema Technologies

June 2009

Analyzing and reporting tools

7. 5. 3. is - slm - user class summary


Service Level Monitoring Table

Service Level Monitoring - user class summary


What can it do?
Monitored resource

This template is available for the following Metaviews:


A Domain .
An Application or a list of applications,
A User Class or a list of User Classes,
A Criticality or a list of criticality levels.
AQS, delay, jitter, packet loss, RTT, SRT, TCP retrans., sessions,
throughput.
From data collected every Long reporting period.

What is measured
How it is measured
Type of report

Hourly

Daily

Weekly

Monthly

Display Rate

1 hour

1 day

1 week

1 month

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

The table
The table present the following information (note: for color and symbol explanation see the Color
Management picture in Definitions):
User class

Name of the User class.

Criticality

Criticality level of the User class.

AQS

Application Quality Score of the User class.

D/J/L

Symbolic representation for Delay, Jitter and packet Loss to show the
metrics causing color during a display period for ingress and egress
directions.

RTT/SRT/Retrans

Symbolic representation for RTT, SRT and TCP Retrans. to show the
metrics causing color during a display period for ingress and egress
directions.

June 2009

Ipanema Technologies

7-41

Ipanema System

7-42

Average sessions

Average number of sessions per second for ingress and egress directions.

Average
throughput
(kbps)

Average number of kbits per second at IP level for ingress and egress
directions.

Ipanema Technologies

June 2009

Analyzing and reporting tools

7. 5. 4. is - slm - user class summary per direction


Service Level Monitoring Table

Service Level Monitoring - user class summary per direction


What can it do?
Monitored resource

This template is available for the following Metaviews:

A Domain.
Per Application or a list of applications.
Per User Class or a list of User Classes.
Per Criticality or a list of criticality levels.

A Site or a list of sites.


Per Application or a list of applications.
Per User Class or a list of User Classes.
Per Criticality or a list of criticality levels.

A Key or a list of keys.


Per Application or a list of applications.
Per User Class or a list of User Classes.
Per Criticality or a list of criticality levels.

What is measured
How it is measured

A Subnet or a list of subnets.

Per Application or a list of applications.


Per User Class or a list of User Classes.
Per Criticality or a list of criticality levels.
AQS, delay, jitter, packet loss, RTT, SRT, TCP retrans., sessions,
throughput (kbps).
From data collected every Long reporting period.

Type of report

Hourly

Daily

Weekly

Monthly

Display Rate

1 hour

1 day

1 week

1 month

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

June 2009

Executive officers

Ipanema Technologies

7-43

Ipanema System

The table
The table presents the following information (note: for color and symbol explanation see the Color
Management picture in Definitions):
User class

Name of the User class.

Criticality

Criticality level of the User class.

Average AQS

Weighted average of the ingress AQS and egress AQS.


In the following columns,

7-44

=> represents the LAN => WAN - or ingress - direction,


<= represents the WAN => LAN - or egress - direction.

AQS

Application Quality Score of the User class for one direction.

D/J/L

Symbolic representation for Delay, Jitter and packet Loss to show the
metrics causing color during a display period for ingress and egress
directions.

RTT/SRT/Retrans

Symbolic representation for RTT, SRT and TCP Retrans. to show the
metrics causing color during a display period for ingress and egress
directions.

Average sessions

Average number of sessions per second for ingress and egress directions.

Average
throughput
(kbps)

Average number of kbits per second at IP level for ingress and egress
directions.

Ipanema Technologies

June 2009

Analyzing and reporting tools

7. 5. 5. is - slm - application synthesis


Service Level Monitoring Table
Service Level Monitoring - application synthesis

June 2009

Ipanema Technologies

7-45

Ipanema System

What can it do?


Monitored resource

This template is available for the following Metaviews:


A Domain.
A Site or a list of sites.
A Key or a list of keys.
A Subnet or a list of subnets.
An Application or a list of applications.
A User Class or a list of User Classes.
A Criticality or a list of criticality levels.
Volume evolution per criticality, Quality evolution, Ingress
throughput, Egress throughput, Volume per User Class (percentage
MB, evolution), Quality per User Class (AQS, evolution), Volume
per application (Top 10), site activity, global evolution.
From data collected every Long reporting period.

What is measured

How it is measured

Volume evolution and Quality evolution graphs


Type of report

Hourly

Daily

Weekly

Monthly

Display rate

1 hour

1 day

1 week

1 month

Time Span

24 hours

1 week

5 weeks

12 months

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

LAN->WAN throughput and WAN->LAN throughput graphs


Type of report

Hourly

Daily

Weekly

Monthly

Display rate

15 minutes

15 minutes

1 hour

4 hours

Time Span

2 hours

2 days

2 weeks

2 months

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

User Class Volume, application volume Top 10, site activity and global evolution Tables
Type of report

Hourly

Daily

Weekly

Monthly

Display rate

1 hour

1 day

1 week

1 month

Time Span

1 hours

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

The graphs
The graphs present the following informations:
Volume Evolution (GB) graph
This graph shows the volume evolution on the last 24 hours, 7 days, 5 weeks or 12 months
according to the periodicity level by criticality.

7-46

Ipanema Technologies

June 2009

Analyzing and reporting tools

Quality Evolution (%) graph


This graph represents quality evolution on the last 24 hours, 7 days, 5 weeks or 12 months
according to the periodicity level in percentage of volume with different colors:

%
%
%
%

green volume
yellow volume
red volume
grey volume when quality cannot be computed

LAN => WAN throughput (kbps) graph


This graph shows the ingress throughput evolution on the last 2 hours, 2 days, 2 weeks or 2 months
according to the periodicity level, for the following indicators: average throughput and maximum
throughput.

Average (Throughput)
Number of Kbits per second at layer 3 level during a display rate.
Max (Peak throughput)
The peak throughput curve displays the maximum encountered value during a display rate.

WAN => LAN throughput (kbps) graph


This graph shows the egress throughput evolution on the last 2 hours, 2 days, 2 weeks or 2 months
according to the periodicity level, for the following indicators: average throughput and maximum
throughput.

Average (Throughput)
Number of kbits per second at layer 3 level during a display rate.
Max (Peak throughput)
The peak throughput curve displays the maximum encountered value during a display rate.
For LAN => WAN throughput (kbps) and WAN => LAN throughput (kbps), the
average and maximum throughputs are calculated on the following periods:

Periodicity

Average (throughput)

Maximum (Peak throughput)

Hour

15 minutes

15 minutes

Day

15 minutes

15 minutes

Week

1 hour

15 minutes

Month

4 hours

15 minutes

The tables
The tables present the following information:
User Class table
User Class

Name of the User Class.

Criticality

Criticality level according to the User Class name.

Volume (%)

Percentage of total volume used by the User Class.

Volume (MB)

Volume used by the User Class in Mega bytes.

Volume Evolution
(++/+/0/-/- -)

Volume evolution for the 3 last periodicity levels.

AQS (0 to 10)

Application Quality Score.

Quality Evolution
(++/+/0/-/- -)

Quality evolution for the 3 last periodicity levels.

June 2009

Ipanema Technologies

7-47

Ipanema System

Application TOP 10 table


Application

Name of the Application.

User class

User class name corresponding to the application classification.

Volume (%)

Percentage of total volume used by the Application.

Site Activity table

7-48

Site activity

This indicator displays the availability of the site in percentage of time


during the periodicity level.

Evolution
(++/+/0/-/- -)

Availability evolution for the 3 last periodicity levels.

Ipanema Technologies

June 2009

Analyzing and reporting tools

7. 5. 6. is - slm - site synthesis


Service Level Monitoring Table

Service Level Monitoring- site synthesis


What can it do?
Monitored resource

This template is available for the following Metaviews:


A Domain.
A list of Sites.
A list of Keys.
A list of Subnets.
Volume evolution per criticality, Quality evolution, Total throughput,
Volume per site (percentage, MB, evolution), Quality per site (AQS,
evolution)
From data collected every Long reporting period.

What is measured
How it is measured

June 2009

Ipanema Technologies

7-49

Ipanema System

Volume evolution and Quality evolution graphs


Type of report

Hourly

Daily

Weekly

Monthly

Display rate

1 hour

1 day

1 week

1 month

Time Span

24 hours

1 week

5 weeks

12 months

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

Throughput graph
Type of report

Hourly

Daily

Weekly

Monthly

Display rate

15 minutes

15 minutes

1 hour

4 hours

Time Span

2 hours

2 days

2 weeks

2 months

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

Site table
Type of report

Hourly

Daily

Weekly

Monthly

Display rate

1 hour

1 day

1 week

1 month

Time Span

1 hours

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

The graphs
The graphs present the following informations:
Volume Evolution (GB) graph
This graph shows the volume evolution on the last 24 hours, 7 days, 5 weeks or 12 months
according to the periodicity level by criticality.
Quality Evolution (%) graph
This graph represents quality evolution on the last 24 hours, 7 days, 5 weeks or 12 months
according to the periodicity level in percentage of volume with different colors:

%
%
%
%

green volume
yellow volume
red volume
grey volume when quality cannot be computed

Throughput (kbps) graph


This graph shows the total throughput evolution (ingress + egress) on the last 2 hours, 2 days, 2
weeks or 2 months according to the periodicity level, for the following indicators: average throughput
and maximum throughput.

7-50

Average (Throughput)
Number of kbits per second at layer 3 level during a display period.
Max (Peak throughput)
The peak throughput curve displays the maximum encountered value during a display period.

Ipanema Technologies

June 2009

Analyzing and reporting tools

For the Throughput (kbps), average and maximum throughput are calculated on the
following periods:

Periodicity

Average (throughput)

Maximum (Peak throughput)

Hour

15 minutes

15 minutes

Day

15 minutes

15 minutes

Week

1 hour

15 minutes

Month

4 hours

15 minutes

The table
The Site table presents the following information:
Site

Name of the Site (ip|engine).

Volume (%)

Percentage of total volume used by the site.

Volume (MB)

Volume used by the site in Mega bytes.

Volume Evolution
(++/+/0/-/- -)

Volume evolution for the 3 last periodicity levels.

AQS (0 to 10)

Application Quality Score of the sites.

Quality Evolution
(++/+/0/-/- -)

Quality evolution for the 3 last periodicity levels.

June 2009

Ipanema Technologies

7-51

Ipanema System

7. 6. SLA (SERVICE LEVEL AGREEMENT) REPORTS


7. 6. 1. is - sla - domain
Service Level Agreement Table

Service Level Agreement - Domain


What can it do?
Monitored resource
What is measured
How it is measured

7-52

This template is available for the following Metaviews:


A Domain .
AQS per critical User class (Top and High), AQS per site for critical
User classes, Over activity per site (%).
From data collected every Long reporting period.

Ipanema Technologies

June 2009

Analyzing and reporting tools

Type of report

Hourly

Daily

Weekly

Monthly

Display Rate

1 hour

1 day

1 week

1 month

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

The graphs
Used to display in a graph an overall view of the service level agreement supplied by the network.
Presents the following information:
User class graph
This graph represents the AQS during no over activity, per critical User Class (Top and High).
Site graph
This graph represents the AQS during no over activity of the 10 worst Sites, for the critical User
Classes (Top and High).
Over activity per site (%) graph
This graph represents the percentage of time when the Right Size (computed by Smart planning)
is higher than the WAN access for Top and High traffic.

June 2009

Ipanema Technologies

7-53

Ipanema System

7. 6. 2. is - sla - domain - overview


Service Level Agreement Table

Service Level Agreement - Domain - overview


What can it do?
Monitored resource

This template is available for the following Metaviews:


A Domain .
Volume, AQS, MOS, Over activity per critical User class (Top
and High), per site for critical User classes.
From data collected every Long reporting period.

What is measured
How it is measured
Type of report

Hourly

Daily

Weekly

Monthly

Display Rate

1 hour

1 day

1 week

1 month

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

The tables
The tables present the following information:

7-54

User class

Name of the User Class.

Criticality

Criticality of the User Class (Top and High only).

Volume (%)

Percentage of volume represented by the User Class.

AQS

Application Quality Score during no over-activity.

MOS

Mean Opinion Score during no over-activity.

Overactivity (%)

Percentage of time when the Right Size (computed by Smart planning) is


higher than the WAN access for Top and High traffic.

Ipanema Technologies

June 2009

Analyzing and reporting tools

Site

Name of the Site (ip|engine).

Volume (%)

Percentage of volume represented by the Site for the critical User classes
(Top and High).

AQS

Application Quality Score during no over-activity.

MOS

Mean Opinion Score during no over-activity.

Overactivity (%)

Percentage of time when the Right Size (computed by Smart planning) is


higher than the WAN access for Top and High traffic.

June 2009

Ipanema Technologies

7-55

Ipanema System

7. 6. 3. is - sla - site exploitation


Service Level Agreement Table

Service Level Agreement - site exploitation

7-56

Ipanema Technologies

June 2009

Analyzing and reporting tools

What can it do?


Monitored resource

This template is available for the following Metaviews:

What is measured

A Site or a list of sites.


AQS, MOS, Volume, Sessions density, Over activity.

How it is measured

From data collected every Short reporting period.

Type of report

Hourly

Daily

Weekly

Monthly

Display rate

Short reporting

5 minutes

1 hour

4 hours

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

The graphs
The graphs present the following information:
AQS graph
This graph represents the Application Quality Score during no over activity, per critical User Class
(Top and High).
MOS graph
This graph represents the Mean Opinion Score during no over-activity, per User Class.
Volume (MBytes) graph
This graph represents the volume of data (MBytes) exchanged by each critical User Class (Top
and High) and for all non critical ones (Medium and Low).
Session density graph
This graph represents the number of sessions for each critical User Class (Top and High) and for
all non critical ones (Medium and Low).
Overactivity (%) graph
This graph represents the percentage of time when the Right Size (computed by Smart planning)
is higher than the WAN access for Top and High traffic.

June 2009

Ipanema Technologies

7-57

Ipanema System

7. 6. 4. is - sla - site customer


Service Level Agreement Table

Service Level Agreement - site customer

7-58

Ipanema Technologies

June 2009

Analyzing and reporting tools

What can it do?


Monitored resource

This template is available for the following Metaviews:

What is measured

A Site or a list of sites.


AQS, MOS, Volume, Sessions, Over activity

How it is measured

From data collected every Long reporting period.

Type of report

Hourly

Daily

Weekly

Monthly

Display Rate

1 hour

1 day

1 week

1 month

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

The graphs
The graphs present the following information:
AQS graph
This graph represents the Application Quality Score during no over activity, per critical User Class
(Top and High).
MOS graph
This graph represents the Mean Opinion Score during no over-activity, per User Class.
Volume (MBytes) graph
This graph represents the volume of data (MBytes) exchanged by each critical User Class (Top
and High) and for all non critical ones (Low and Medium).
Session density graph
This graph represents the number of sessions for each critical User Class (Top and High) and for
all non critical ones (Low and Medium).
Overactivity (%) graph
This graph represents the percentage of time when the Right Size (computed by Smart planning)
is higher than the WAN access for Top and High traffic.
The table
The table presents the following information:
User class

Name of the User Class.

Criticality

Criticality of the User Class (Top and High only).

AQS

Application Quality Score during no over-activity.

MOS

Mean Opinion Score during no over-activity.

Overactivity (%)

Percentage of time when the Right Size (computed by Smart planning) is


higher than the WAN access for Top and High traffic.

Volume (%)

Percentage of volume represented by the User Class.

June 2009

Ipanema Technologies

7-59

Ipanema System

7. 7. AM (APPLICATION MONITORING) REPORTS


7. 7. 1. is - am - site summary - tcp
Application monitoring Table

Application Monitoring - Site Summary - TCP


What can it do?
Monitored resource

This template is available for the following Metaviews:


A Domain.
A Site or a list of sites.
A Key or a list of keys.
A Subnet or a list of subnets.
An Application or a list of applications.
A User Class or a list of User Classes.
A Criticality or a list of criticality levels.
Packet retransmission, SRT, RTT, Non TCP sessions, TCP
sessions, Goodput, Non TCP Throughput, TCP Throughput.
From data collected every Long reporting period.

What is measured
How it is measured

7-60

Type of report

Hourly

Daily

Weekly

Monthly

Display Rate

1 hour

1 day

1 week

1 month

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Ipanema Technologies

Executive officers

June 2009

Analyzing and reporting tools

The table
The table is used to display the following indicators concerning the Site traffic:
Site

Name of the Site (ip|engine).


In the following columns,

=> represents the LAN => WAN - or ingress - direction,


<= represents the WAN => LAN - or egress - direction.

Packet
retransmission

Percentage of retransmitted TCP segments between ip|engines.

SRT

Server response time (in ms).

RTT

Round trip time (in ms).

Non TCP
sessions

Number of non TCP sessions per second.

TCP sessions

Number of TCP sessions per second.

Goodput

Number of kbits per second at layer 4 level.

Non TCP
Throughput

Number of non TCP segments per second (in kbps) measured at IP


level), between ip|engines.

TCP Throughput

Number of TCP segments per second (in kbps, measured at IP level),


between ip|engines.

June 2009

Ipanema Technologies

7-61

Ipanema System

7. 7. 2. is - am - user class summary - tcp


Application monitoring Table

Application Monitoring - User Class Summary - per direction - TCP


What can it do?
Monitored resource

This template is available for the following Metaviews:


A Domain.
A Site or a list of sites.
A Key or a list of keys.
A Subnet or a list of subnets.
An Application or a list of applications.
A User Class or a list of User Classes.
A Criticality or a list of criticality levels.
Packet retransmission, SRT, RTT, Non TCP sessions, TCP
sessions, Goodput, Non TCP Throughput, TCP Throughput.
From data collected every Long reporting period.

What is measured
How it is measured
Type of report

Hourly

Daily

Weekly

Monthly

Display Rate

1 hour

1 day

1 week

1 month

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

User Classes table


Used to display in a table the following indicators concerning the User Class traffic.
User Class

Name of the User Class.


In the following columns,

7-62

=> represents the LAN => WAN - or ingress - direction,


<= represents the WAN => LAN - or egress - direction.

Packet
retransmission

Percentage of retransmitted TCP segments between ip|engines.

SRT

Server response time (in ms).

RTT

Round trip time (in ms).

Ipanema Technologies

June 2009

Analyzing and reporting tools

Non TCP
sessions

Number of non TCP sessions per second.

TCP sessions

Number of TCP sessions per second.

Goodput

Number of kbits per second at layer 4 level.

Non TCP
Throughput

Number of non TCP segments per second (in kbps) measured at IP


level), between ip|engines.

TCP Throughput

Number of TCP segments per second (in kbps, measured at IP level),


between ip|engines.

June 2009

Ipanema Technologies

7-63

Ipanema System

7. 7. 3. is - am - application summary - tcp


Application monitoring Table

Application Monitoring - Application Summary - per direction - TCP


What can it do?
Monitored resource

This template is available for the following Metaviews:


A Domain.
A Site or a list of sites.
A Key or a list of keys.
A Subnet or a list of subnets.
An Application or a list of applications.
A User Class or a list of User Classes.
A Criticality or a list of criticality levels.
Packet retransmission, SRT, RTT, Non TCP sessions, TCP
sessions, Goodput, Non TCP Throughput, TCP Throughput.
From data collected every Long reporting period.

What is measured
How it is measured

7-64

Ipanema Technologies

June 2009

Analyzing and reporting tools

Type of report

Hourly

Daily

Weekly

Monthly

Display Rate

1 hour

1 day

1 week

1 month

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

Application table
Used to display in a table the following indicators concerning the Application traffic.
Application

Name of the Application.


In the following columns,

=> represents the LAN => WAN - or ingress - direction,


<= represents the WAN => LAN - or egress - direction.

Packet
retransmission

Percentage of retransmitted TCP segments between ip|engines.

SRT

Server response time (in ms).

RTT

Round trip time (in ms).

Non TCP
sessions

Number of non TCP sessions per second.

TCP sessions

Number of TCP sessions per second.

Goodput

Number of kbits per second at layer 4 level.

Non TCP
Throughput

Number of non TCP segments per second (in kbps) measured at IP


level), between ip|engines.

TCP Throughput

Number of TCP segments per second (in kbps, measured at IP level),


between ip|engines.

June 2009

Ipanema Technologies

7-65

Ipanema System

7. 7. 4. is - am - time evolution - tcp


Application monitoring Table

Application Monitoring - time evolution - tcp

7-66

Ipanema Technologies

June 2009

Analyzing and reporting tools

What can it do?


Monitored resource

This template is available for the following Metaviews:


A Domain.
A Site or a list of sites.
A Key or a list of keys.
A Subnet or a list of subnets.
An Application or a list of applications.
A User Class or a list of User Classes.
A Criticality or a list of criticality levels.
SRT, RTT, packet retransmission, Throughput (TCP and non TCP),
Goodput (TCP), sessions.
From data collected every Short reporting period.

What is measured
How it is measured
Type of report

Hourly

Daily

Weekly

Monthly

Display rate

Short reporting

5 minutes

1 hour

4 hours

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

The graphs
The graphs present the following information:
SRT (ms) graph
This graph represents:

max: the maximum Server response time (in ms) (Red).


avg: the average Server response time (in ms) (Blue).
min: the minimum Server response time (in ms) (Green).

RTT (ms) graph


This graph represents:

max: the maximum Round trip time (in ms) (Red).


avg: the average Round trip time (in ms) (Blue).
min: the minimum Round trip time (in ms) (Green).

Packet retransmission graph


This graph represents the percentage of retransmitted TCP segments between ip|engines.
Throughput graph
This graph represents:

TCP: the number of TCP segments per second (in kbps, measured at IP level), between
ip|engines (dark blue).
non TCP: the number of non TCP segments per second (in kbps) measured at IP level),
between ip|engines (light blue).
Goodput: the number of kbits per second at layer 4 level (Virtual ip|engines) (green).
Peak: the maximum encountered value during a display period (red).

Sessions graph
This graph represents:

TCP: the number of TCP sessions per second (dark green).


non TCP: the number of non TCP sessions per second (light green).

June 2009

Ipanema Technologies

7-67

Ipanema System

7. 8. PM (PERFORMANCE MONITORING) REPORTS


7. 8. 1. is - pm - site summary
Performance Monitoring Table

Performance Monitoring - site summary


What can it do?
Monitored resource

This template is available for the following Metaviews:


A Domain.
A Site or a list of sites.
A Key or a list of keys.
A Subnet or a list of subnets.
An Application or a list of applications.
A User Class or a list of User Classes.
A Criticality or a list of criticality levels.
LAN-to-LAN and WAN-to-WAN average delay, packet loss and
throughput, total sessions.
From data collected every Long reporting period.

What is measured
How it is measured
Type of report

Hourly

Daily

Weekly

Monthly

Display Rate

1 hour

1 day

1 week

1 month

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

Site table
Used to display in a table the following indicators concerning the Site traffic.

7-68

Ipanema Technologies

June 2009

Analyzing and reporting tools

Site

Name of the Site (ip|engine).


In the following columns,

=> represents the LAN => WAN - or ingress - direction,


<= represents the WAN => LAN - or egress - direction.

LAN average
delay (ms)

LAN-to-LAN average delay of packets (in ms).

WAN average
delay (ms)

WAN-to-WAN average delay of packets (in ms).

LAN packet loss


(%)

Percentage of IP packets lost between the LAN interfaces of the


ip|engines.

WAN packet loss


(%)

Percentage of IP packets lost between the WAN interfaces of the


ip|engines.

LAN total
throughput
(kbps)

Number of kbits per second at the IP level measured on the LAN interface
of the ip|engine.

WAN total
throughput
(kbps)

Number of kbits per second at the IP level measured on the WAN


interface of the ip|engine.

Total sessions

Total number of sessions (on physical and/or virtual ip|engines).

June 2009

Ipanema Technologies

7-69

Ipanema System

7. 8. 2. is - pm - user class summary


Performance Monitoring Table

Performance Monitoring - User class summary


What can it do?
Monitored resource

This template is available for the following Metaviews:


A Domain.
An Application or a list of applications.
A User Class or a list of User Classes.
A Criticality or a list of criticality levels.
Qualified sessions, qualified throughput, total sessions, total
throughput, delay, jitter, packet loss, total packet size, qualified
packet size
From data collected every Long reporting period.

What is measured
How it is measured
Type of report

Hourly

Daily

Weekly

Monthly

Display Rate

1 hour

1 day

1 week

1 month

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

User class table


Used to display in a table the following indicators concerning the User class traffic.

7-70

User Class

Name of the User Class.

Qualified
sessions

Number of qualified sessions per second (between physical ip|engines)


for ingress and egress directions.

Qualified
throughput
(kbps)

Number of qualified kbits per second at IP level (between physical


ip|engines) for ingress and egress directions.

Total sessions

Total number of sessions (on physical and/or virtual ip|engines) for


ingress and egress directions.

Total throughput
(kbps)

Total number of kbits per second at IP level (on physical and/or virtual
ip|engines) for ingress and egress directions.

Average delay
(ms)

Average delay of packets delay (in ms) for ingress and egress directions.

Jitter (ms)

Delay variation (in ms) for ingress and egress directions.

Ipanema Technologies

June 2009

Analyzing and reporting tools

Packet loss (%)

Percentage of IP packet lost for ingress and egress directions.

Packet size
(bytes)

Average packet size in bytes (on physical and/or virtual ip|engines) for
ingress and egress directions.

Packet size
qualified (bytes)

Average qualified packet size in bytes (between physical ip|engines)


for ingress and egress directions.

June 2009

Ipanema Technologies

7-71

Ipanema System

7. 8. 3. is - pm - user class summary per direction


Performance Monitoring Table

Performance Monitoring - User class summary per direction


What can it do?
Monitored resource

This template is available for the following Metaviews:

A Domain.
Per Application or a list of applications.
Per User Class or a list of User Classes.
Per Criticality or a list of criticality levels.

A Site or a list of sites.


Per Application or a list of applications.
Per User Class or a list of User Classes.
Per Criticality or a list of criticality levels.

A Key or a list of keys.


Per Application or a list of applications.
Per User Class or a list of User Classes.
Per Criticality or a list of criticality levels.

What is measured
How it is measured

7-72

A Subnet or a list of subnets.

Per Application or a list of applications.


Per User Class or a list of User Classes.
Per Criticality or a list of criticality levels.
Delay, jitter, packet loss, qualified packet size, qualified sessions,
total throughput, total packet size, total sessions, qualified
throughput
From data collected every Long reporting period.

Ipanema Technologies

June 2009

Analyzing and reporting tools

Type of report

Hourly

Daily

Weekly

Monthly

Display Rate

1 hour

1 day

1 week

1 month

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

User class table


Used to display in a table the following indicators concerning the User class traffic.
User Class

Name of the User Class.

Criticality

Criticality level according to the User Class name.


In the following columns,

=> represents the LAN => WAN - or ingress - direction,


<= represents the WAN => LAN - or egress - direction.

Average delay
(ms)

Average delay of packets (in ms).

Jitter (ms)

Delay variation (in ms).

Packet loss (%)

Percentage of lost IP packet.

Qualified Packet
size (bytes)

Average qualified packet size in bytes (between physical ip|engines).

Qualified
sessions

Number of qualified sessions per second (between physical ip|engines).

Total throughput
(kbps)

Total number of kbits per second at IP level (on physical and/or virtual
ip|engines).

Packet size
(bytes)

Average packet size in bytes (on physical and/or virtual ip|engines).

Total sessions

Total number of sessions (on physical and/or virtual ip|engines).

Qualified
throughput
(kbps)

Number of qualified kbits per second at IP level (between physical


ip|engines).

June 2009

Ipanema Technologies

7-73

Ipanema System

7. 8. 4. is - pm - application summary
Performance Monitoring Table

Performance Monitoring - Application summary


What can it do?
Monitored resource

This template is available for the following Metaviews:


A Domain.
An Application or a list of applications.
A User Class or a list of User Classes.
A Criticality or a list of criticality levels.
Qualified sessions, qualified throughput, total sessions, total
throughput, delay, jitter, packet loss, total packet size, qualified
packet size
From data collected every Long reporting period.

What is measured
How it is measured
Type of report

Hourly

Daily

Weekly

Monthly

Display Rate

1 hour

1 day

1 week

1 month

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

User class table


Used to display in a table the following indicators concerning the User class traffic:

7-74

Application

Name of the Application.

Qualified
sessions

Number of qualified sessions per second (between physical ip|engines)


for ingress and egress directions.

Qualified
throughput
(kbps)

Number of qualified kbits per second at IP level (between physical


ip|engines) for ingress and egress directions.

Total sessions

Total number of sessions (on physical and/or virtual ip|engines) for


ingress and egress directions.

Ipanema Technologies

June 2009

Analyzing and reporting tools

Total throughput
(kbps)

Total number of kbits per second at IP level (on physical and/or virtual
ip|engines) for ingress and egress directions.

Average delay
(ms)

Average delay of packets (in ms) for ingress and egress directions.

Jitter (ms)

Delay variation (in ms) for ingress and egress directions.

Packet loss (%)

Percentage of lost IP packet for ingress and egress directions.

Packet size
(bytes)

Average packet size in bytes (on physical and/or virtual ip|engines) for
ingress and egress directions.

Packet size
qualified (bytes)

Average qualified packet size in bytes (between physical ip|engines)


for ingress and egress directions.

June 2009

Ipanema Technologies

7-75

Ipanema System

7. 8. 5. is - pm - application summary per direction


Performance Monitoring Table

Performance Monitoring - application summary per direction


What can it do?
Monitored resource

This template is available for the following Metaviews:

A Domain.
Per Application or a list of applications.
Per User Class or a list of User Classes.
Per Criticality or a list of criticality levels.

A Site or a list of sites.


Per Application or a list of applications.
Per User Class or a list of User Classes.
Per Criticality or a list of criticality levels.

A Key or a list of keys.


Per Application or a list of applications.
Per User Class or a list of User Classes.
Per Criticality or a list of criticality levels.

What is measured
How it is measured

7-76

A Subnet or a list of subnets.

Per Application or a list of applications.


Per User Class or a list of User Classes.
Per Criticality or a list of criticality levels.
Delay, jitter, packet loss, qualified packet size, qualified sessions,
qualified throughput, total packet size, total sessions, total
throughput
From data collected every Long reporting period.

Ipanema Technologies

June 2009

Analyzing and reporting tools

Type of report

Hourly

Daily

Weekly

Monthly

Display Rate

1 hour

1 day

1 week

1 month

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

User class table


Used to display in a table the following indicators concerning the User class traffic.
Application

Name of the Application.

Criticality

Criticality level according to the User Class name associated to the


application.
In the following columns,

=> represents the LAN => WAN - or ingress - direction,


<= represents the WAN => LAN - or egress - direction.

Average delay
(ms)

Average delay of packets (in ms).

Jitter (ms)

Delay variation (in ms).

Packet loss (%)

Percentage of lost IP packet.

Qualified Packet
size (bytes)

Average qualified packet size in bytes (between physical ip|engines).

Qualified
sessions

Number of qualified sessions per second (between physical ip|engines).

Qualified
throughput
(kbps)

Number of qualified kbits per second at IP level (between physical


ip|engines).

Packet size
(bytes)

Average packet size in bytes (on physical and/or virtual ip|engines).

Total sessions

Total number of sessions (on physical and/or virtual ip|engines).

Total throughput
(kbps)

Total number of kbits per second at IP level (on physical and/or virtual
ip|engines).

June 2009

Ipanema Technologies

7-77

Ipanema System

7. 8. 6. is - pm - traffic topology
Performance Monitoring Table

Performance Monitoring - traffic topology

7-78

Ipanema Technologies

June 2009

Analyzing and reporting tools

What can it do?


Monitored resource

This template is available for the following Metaviews:


A Domain.
A Site or a list of sites.
A Key or a list of keys.
A Subnet or a list of subnets.
An Application or a list of applications.
A User Class or a list of User Classes.
A Criticality or a list of criticality levels.
Total traffic, qualified traffic, Traffic profile (kbps/%time),
packet%/delay threshold, sites and their ingress and egress
throughputs.
From data collected every Long reporting period.

What is measured
How it is measured
Type of report

Hourly

Daily

Weekly

Monthly

Display Rate

1 hour

1 day

1 week

1 month

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

The Tables
The tables present the following information:
Total traffic table
Used to display in a table the following indicators concerning the ip|engine traffic or the Domain
traffic:
Packet size

Average packet size (in bytes).

Sessions

Number of sessions during a display period.

Throughput

Average throughput during a display period (kbps).

Volume

Total number of bytes (in MBytes).

Qualified traffic table


Average delay

Average delay of total packets between ip|engines (in ms).

Jitter

Average delay variation (in ms).

Packet loss

Percentage of lost IP packets during a display period.

Packets size

Average packet size (in bytes).

Sessions

Number of qualified sessions during a display period.

Throughput

Number of qualified bits per second at IP level (kbps).

Volume

Total of number of qualified bytes during a display period (in MB).

The graphs
The graphs present the following information:
Traffic profile (kbps / % time) graph

June 2009

Ipanema Technologies

7-79

Ipanema System

Maximum bandwidth reached during the Time percentage:


10

Bandwidth reached during 90% of time during the display period.

30

Bandwidth reached during 70% of time during the display period.

50

Bandwidth reached during 50% of time during the display period.

67

Bandwidth reached during 33% of time during the display period.

80

Bandwidth reached during 20% of time during the display period.

90

Bandwidth reached during 10% of time during the display period.

95

Bandwidth reached during 5% of time during the display period.

98

Bandwidth reached during 2% of time during the display period.

99

Bandwidth reached during 1% of time during the display period.

100

Peak rate reached during the display period.


This representation is very useful to get a view of the bandwidth usage.
Case 1: If all values are about the same at 100 kbps this means that during time
throughput is constant and always very close to 100 kbps. If the line is a leased line
of 512 kbps, then this line is over dimensioned and can be reduced at least down to
256 kbps.
Case 2: On the other hand, let us suppose that values are almost all equal to zero
except the 100 value which is very close to 450 kbps: that means the line is used 1%
of the time. We should check the reason of this peak usage.
This representation is useful because it is still meaningful when observed over a long
period of time. A time evolution representation could have masked the bursty behavior
of the line in case 2.

7-80

Ipanema Technologies

June 2009

Analyzing and reporting tools

Packet % / Delay threshold (ms) graph


This graph shows the packet delay distribution:
<10

Percentage of packets that had a latency (delay) under 10 ms.

<20

Percentage of packets that had a latency (delay) between 10 and 20 ms.

<50

Percentage of packets that had a latency (delay) between 20 and 50 ms.

<100

Percentage of packets that had a latency (delay) between 50 and 100 ms.

<200

Percentage of packets that had a latency (delay) between 100 and 200 ms.

<500

Percentage of packets that had a latency (delay) between 200 and 500 ms.

<1000

Percentage of packets that had a latency (delay) between 500 and 1000 ms.

<2000

Percentage of packets that had a latency (delay) between 1000 and 2000 ms.

June 2009

Ipanema Technologies

7-81

Ipanema System

Sites table

7-82

Site

List of sites communicating with the resource monitored


in this report.

Throughput ratio LAN=>WAN (%)

The Throughput ratio from this site to the resource


monitored in this report, in percentage.

Throughput ratio WAN=>LAN (%)

The Throughput ratio from the resource monitored in


this report to this site, in percentage.

Ipanema Technologies

June 2009

Analyzing and reporting tools

7. 8. 7. is - pm - time evolution
Performance Monitoring Table

Performance Monitoring - time evolution

June 2009

Ipanema Technologies

7-83

Ipanema System

What can it do?


Monitored resource

This template is available for the following Metaviews:

What is measured

A Domain.
A Site or a list of sites.
A Key or a list of keys.
A Subnet or a list of subnets.
An Application or a list of applications.
A User Class or a list of User Classes.
A Criticality or a list of criticality levels.
Delay, jitter, packet loss, throughput, number of sessions.

How it is measured

From data collected every Short reporting period.

Type of report

Hourly

Daily

Weekly

Monthly

Display rate

Short reporting

5 minutes

1 hour

4 hours

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

The graphs
The graphs present the following information:
Delay (ms), Jitter (ms) graph
This graph represents:

LAN average delay: the average LAN-to-LAN delay of total packets (in ms) (Blue).
WAN average delay: the average WAN-to-WAN delay of total packets (in ms) (Orange).
LAN jitter: the average LAN-to-LAN delay variation (in ms) (Light blue).
WAN Jitter: the average WAN-to-WAN delay variation (in ms) (Purple).

Packet loss (%) graph


This graph represents:

LAN packet loss : the percentage of lost IP packets between the LAN interfaces of the physical
ip|engines (Red).
WAN packet loss : the percentage of lost IP packets between the WAN interfaces of the
physical ip|engines (Pink).

Peak Throughput graph


This graph represents:

LAN peak throughput: the maximum encountered LAN-to-LAN throughput during a display
period (Blue).
WAN peak throughput: the maximum encountered WAN-to-WAN throughput during a display
period (Orange).

LAN Throughput graph


This graph represents:

Throughput: the number of kbits per second at layer 3 level (light blue).
Goodput: the number of kbits per second above layer 4 level (light green).
Qualified throughput: the number of qualified kbits per second at layer 3 level (dark Blue).
Qualified goodput: the number of qualified kbits per second above layer 4 level (dark green).

Sessions graph

7-84

Ipanema Technologies

June 2009

Analyzing and reporting tools

This graph represents the number of sessions per second.

June 2009

Ipanema Technologies

7-85

Ipanema System

7. 8. 8. is - pm - detailed per application, per user class


A group of reports is used to display the throughput of the flows grouped by application and user
class.
The following reports are included in this group:

is - pm - detailed per user class


Performance Monitoring Table
Layer 3 throughput distribution for flows by user class in ingress and egress directions.
is - pm - detailed per application - top
Performance Monitoring Table
Layer 3 throughput distribution for flows by type of application in ingress and egress directions.
is - pm - detailed per application
Performance Monitoring Table
Layer 3 throughput distribution for flows by type of application in ingress and egress directions.

Performance Monitoring-detailed per application

7-86

Ipanema Technologies

June 2009

Analyzing and reporting tools

What can they do?


Monitored resource

These templates are available for the following Metaviews:

What is measured

A Domain.
A Site or a list of sites.
A Key or a list of keys.
A Subnet or a list of subnets.
An Application or a list of applications.
A User Class or a list of User Classes.
A Criticality or a list of criticality levels.
Throughput.

How it is measured

From data collected every Short reporting period.

Type of report

Hourly

Daily

Weekly

Monthly

Display rate

Short reporting

5 minutes

1 hour

4 hours

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

The graph
The Throughput graph represents the layer 3 throughput distribution for the flows per application
or User class in kbps.

June 2009

Ipanema Technologies

7-87

Ipanema System

7. 9. PM COMPRESSION REPORTS
7. 9. 1. is - pm - compression evolution
Compression Table

Compression Evolution
What can it do?
Monitored resource

This template is available for the following Metaviews:


A Domain.
A Site or a list of sites.
A Key or a list of keys.
A Subnet or a list of subnets.
An Application or a list of applications.
A User Class or a list of User Classes.
A Criticality or a list of criticality levels.
Total LAN throughput (without compression), total WAN throughput
(with compression), compressed throughput, saved throughput.
From data collected every Short reporting period.

What is measured
How it is measured

7-88

Ipanema Technologies

June 2009

Analyzing and reporting tools

Type of report

Hourly

Daily

Weekly

Monthly

Display rate

Short reporting

5 minutes

1 hour

4 hours

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

The graphs
The graphs present the following information:
Ingress Throughput (compress) graph:

LAN Throughput : the Total throughput (in kbps) before compression (Blue curve), on the LAN
interface of the ip|engine.
WAN Throughput: the Total throughput (in kbps) after compression (Orange curve), on the
WAN interface of the ip|engine for all flows (compressed and non-compressed flows).
Compressed: the Throughput of the compressed flows (flows classified in User Class enabled
for compression and going to a physical ip|engines) (Orange area).
Saved: the Throughput saved on the compressed flows (flows classified in User Class enabled
for compression and going to a physical ip|engines) (Blue area).

Egress Throughput (decompress) graph

LAN Throughput : the Total throughput (in kbps) before compression (Blue curve), on the LAN
interface of theip|engine.
WAN Throughput: the Total throughput (in kbps) after compression (Orange curve), on the
WAN interface of the ip|engine for all flows (compressed and non-compressed flows).
Compressed: the Throughput of the compressed flows (flows classified in User Class enabled
for compression and going to a physical ip|engines) (Orange area).
Saved: the Throughput saved on the compressed flows (flows classified in User Class enabled
for compression and going to a physical ip|engines) (Blue area).

June 2009

Ipanema Technologies

7-89

Ipanema System

7. 9. 2. is - pm - user class compression synthesis


Compression Table

Compression Synthesis UC

7-90

Ipanema Technologies

June 2009

Analyzing and reporting tools

What can it do?


Monitored resource

This template is available for the following Metaviews:

What is measured
How it is measured

A Domain.
A Site or a list of sites.
A Key or a list of keys.
A Subnet or a list of subnets.
An Application or a list of applications.
A User Class or a list of User Classes.
A Criticality or a list of criticality levels.

Volume per User class (compressed, saved), LAN input, Comp.


input, Comp. output, Comp. factor, Comp. ratio.
From data collected every Long reporting period.

Type of report

Hourly

Daily

Weekly

Monthly

Display Rate

1 hour

1 day

1 week

1 month

Time Span

1 hour

1 day

1 week

1 month

June 2009

Ipanema Technologies

7-91

Ipanema System

Life Time

24 hours

7 days

Audience

Network analysts

5 weeks

12 months

Executive officers

The graphs
The graphs present the following information:
Ingress Volume (compress) graph:

Compressed volume (MB): for each User Class, the total compressed volume (flows classified
in User Class enabled for compression and going to a physical ip|engines) in MB for the ingress
way (Orange area).
Saved Volume (MB): for each User class, the total saved volume (flows classified in User Class
enabled for compression and going to a physicalip|engines) in MB for ingress way (Blue area).

Egress Volume (decompress) graph

7-92

Compressed volume (MB): for each User Class, the total compressed volume (flows classified
in User Class enabled for compression and going to a physical ip|engines) in MB for the egress
way (Orange area).
Saved Volume (MB): for each User class, the total saved volume (flows classified in User Class
enabled for compression and going to a physicalip|engines) in MB for egress way (Blue area).

Ipanema Technologies

June 2009

Analyzing and reporting tools

The tables
The tables present the following information:
Ingress Volume (compress) and Egress Volume (decompress) by User Class table
Used to display for each User Class, for all traffic in ingress and egress directions, the volume (in
MB) before and after compression, and the compression ratio.
In each column of the table,

=> represents the LAN => WAN - or ingress - direction,


<= represents the WAN => LAN - or egress - direction.

LAN Volume (MB)

For each User Class, the total volume of flows classified in User Class in
MB (compressed and non-compressed flows); this volume is measured
on the LAN interface of the ip|engine.

Comp. input (MB)

For each User Class, the total compressible volume (flows classified in
User Class enabled for compression and going to a physical ip|engine) in
MB before compression; this volume is measured on the LAN interface
of the ip|engine.

Comp. output
(MB)

For each User Class, the total compressed volume (flows classified in
User Class enabled for compression and going to a physical ip|engines)
in MB after compression; this volume is measured on the WAN interface
of the ip|engine.

Comp. factor

For each User Class, the compression factor is calculated by the formula:
Comp. input/Comp. output).

Comp. ratio (%)

For each User Class, the compression ratio represents the percentage
of compression.

Ingress Volume (compress) and Egress Volume (decompress) table


Used to display the total of volume for all traffic in the ingress and egress directions, the volume
(in MB) before and after compression, and the compression ratio. For the parameters see the
explanation in the table above.

June 2009

Ipanema Technologies

7-93

Ipanema System

7. 9. 3. is - pm - application compression synthesis


Compression Table

Compression Synthesis Application

7-94

Ipanema Technologies

June 2009

Analyzing and reporting tools

What can it do?


Monitored resource

This template is available for the following Metaviews:


A Domain.
A Site or a list of sites.
A Key or a list of keys.
A Subnet or a list of subnets.
An Application or a list of applications.
A User Class or a list of User Classes.
A Criticality or a list of criticality levels.
Volume per application (compressed, saved), LAN input, Comp.
input, Comp. output, Comp. factor, Comp. ratio.
From data collected every Long reporting period.

What is measured
How it is measured
Type of report

Hourly

Daily

Weekly

Monthly

Display Rate

1 hour

1 day

1 week

1 month

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

The graphs
The graphs present the following information:
Ingress Volume (compress) graph:

Compressed volume (MB): for each Application, the total compressed volume (flows classified
in User Class enabled for compression and going to a physical ip|engine) in MB for the ingress
way (Orange area).
Saved Volume (MB): for each Application, the total saved volume (flows classified in User Class
enabled for compression and going to a physical ip|engine) in MB for ingress way (Blue area).

Egress Volume (decompress) graph

Compressed volume (MB): for each Application, the total compressed volume (flows classified
in User Class enabled for compression and going to a physical ip|engine) in MB for the egress
way (Orange area).
Saved Volume (MB): for each Application, the total saved volume (flows classified in User Class
enabled for compression and going to a physical ip|engine) in MB for egress way (Blue area).

June 2009

Ipanema Technologies

7-95

Ipanema System

The tables
The tables present the following information:
Ingress Volume (compress) and Egress Volume (decompress) by Application table
Used to display for each Application, for all traffic in ingress and egress directions, the volume (in
MB) before and after compression, and the compression ratio.
In each column of the table,

=> represents the LAN => WAN - or ingress - direction,


<= represents the WAN => LAN - or egress - direction.

LAN Volume (MB)

For each Application, the total volume of flows classified in User Class in
MB (compressed and non-compressed flows); this volume is measured
on the LAN interface of the ip|engine.

Comp. input (MB)

For each Application, the total compressible volume (flows classified in


User Class enabled for compression and going to a physical ip|engine) in
MB before compression, this volume is measured on the LAN interface
of the ip|engine.

Comp. output
(MB)

For each Application, the total compressed volume (flows classified in


User Class enabled for compression and going to a physical ip|engine)
in MB after compression, this volume is measured on the WAN interface
of the ip|engine.

Comp. factor

For each Application, the compression factor is calculated by the formula:


Comp. input/Comp. output).

Comp. ratio (%)

For each Application, the compression ratio represents the percentage


of compression.

Ingress Volume (compress) and Egress Volume (decompress) table


Used to display the total volume for all traffic in the ingress and egress directions, the volume (in MB)
before and after compression, and the compression ratio. For the parameters see the explanation
in the table above.

7-96

Ipanema Technologies

June 2009

Analyzing and reporting tools

7. 10. ACC (ACCELERATION) REPORTS


7. 10. 1. is - acc - acceleration evolution
Acceleration Table

Acceleration Evolution
What can it do?
Monitored resource

This template is available for the following Metaviews:


A Domain.
A Site or a list of sites.
A Key or a list of keys.
A Subnet or a list of subnets.
An Application or a list of applications.
A User Class or a list of User Classes.
A Criticality or a list of criticality levels.
Compression factor, TCP factor, Acceleration factors, number of
new sessions, number of current sessions
From data collected every Short reporting period.

What is measured
How it is measured

June 2009

Ipanema Technologies

7-97

Ipanema System

Type of report

Hourly

Daily

Weekly

Monthly

Display rate

Short reporting

5 minutes

1 hour

4 hours

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

The graphs
The graphs present the following information:
Acceleration factors graph:

Compression factor: the compressible volume (measured on the LAN interface of the
ip|engine, before compression) / compressed volume (measured on the WAN interface of the
ip|engine, after compression).
TCP factor: the response time that would have been measured without acceleration (computed
with the following hypotheses: TCP window size equal to 64 Kbytes and MSS equal to 1400
bytes) / Response time of the accelerated sessions.
Acceleration factor: the acceleration factor is calculated by the formula: Compression factor
x TCP factor.

Accelerated session:

7-98

Number of new sessions: number of new sessions.


Number of current sessions: number of current sessions.

Ipanema Technologies

June 2009

Analyzing and reporting tools

7. 10. 2. is - acc - acceleration - site summary


Acceleration Table

Acceleration - Site summary


What can it do?
Monitored resource

This template is available for the following Metaviews:


A Domain.
A Site or a list of sites.
A Key or a list of keys.
A Subnet or a list of subnets.
An Application or a list of applications.
A User Classor a list of User Classes.
A Criticality or a list of criticality levels.
Current sessions, new sessions, comp. factor, TCP factor, Acc.
factor
From data collected every Long reporting period.

What is measured
How it is measured
Type of report

Hourly

Daily

Weekly

Monthly

Display Rate

1 hour

1 day

1 week

1 month

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

The table
Used to display for ip|engines (in the Domain, list of sites, list of keys) the information concerning
the following indicators:
Site

Name of the Site (ip|engine).

Current sessions

Number of current sessions.

New sessions

Number of new sessions.

Comp. factor

Compressible volume (measured on the LAN interface of the ip|engine,


before compression) / compressed volume (measured on the WAN
interface of the ip|engine, after compression).

TCP factor

Response time that would have been measured without acceleration


(computed with the following hypotheses: TCP window size equal to 64
Kbytes and MSS equal to 1400 bytes) / Response time of the accelerated
sessions.

Acc. factor

The Acceleration factor is calculated by the formula: Compression factor


x TCP factor.

June 2009

Ipanema Technologies

7-99

Ipanema System

7. 10. 3. is - acc - acceleration - uc summary - per dir.


Acceleration Table

Acceleration - User Class summary - per direction


What can it do?
Monitored resource

This template is available for the following Metaviews:

What is measured

A Domain.
A Site or a list of sites.
A Key or a list of keys.
A Subnet or a list of subnets.
An Application or a list of applications.
A User Classor a list of User Classes.
A Criticality or a list of criticality levels.
New sessions, Cur. sessions, Comp. factor, TCP factor, Acc. factor

How it is measured

From data collected every Long reporting period.

Type of report

Hourly

Daily

Weekly

Monthly

Display Rate

1 hour

1 day

1 week

1 month

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

The table
Used to display for User Classes (in the Domain, list of User Classes) the information concerning
the following indicators:

7-100

User class

Name of the User Class.

New sessions

Number of new sessions.

Cur. sessions

Number of current sessions.

Comp. factor

Compressible volume (measured on the LAN interface of the ip|engine,


before compression) / compressed volume (measured on the WAN
interface of the ip|engine, after compression).

Ipanema Technologies

June 2009

Analyzing and reporting tools

TCP factor

Response time that would have been measured without acceleration


(computed with the following hypotheses: TCP window size equal to 64
Kbytes and MSS equal to 1400 bytes) / Response time of the accelerated
sessions.

Acc. factor

The Acceleration factor is calculated by the formula: Compression factor


x TCP factor.

June 2009

Ipanema Technologies

7-101

Ipanema System

7. 10. 4. is - acc - acceleration - appli. summary - per dir.


Acceleration Table

Acceleration - User Class summary - per direction


What can it do?
Monitored resource

This template is available for the following Metaviews:

What is measured

A Domain.
A Site or a list of sites.
A Key or a list of keys.
A Subnet or a list of subnets.
An Application or a list of applications.
A User Classor a list of User Classes.
A Criticality or a list of criticality levels.
New sessions, Cur. sessions, Comp. factor, TCP factor, Acc. factor

How it is measured

From data collected every Long reporting period.

Type of report

Hourly

Daily

Weekly

Monthly

Display Rate

1 hour

1 day

1 week

1 month

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

The table
Used to display for Applications (in the Domain, list of User Classes, User Class) the information
concerning the following indicators:

7-102

Application

Name of the Application.

New sessions

Number of new sessions.

Cur. sessions

Number of current sessions.

Comp. factor

Compressible volume (measured on the LAN interface of the ip|engine,


before compression) / compressed volume (measured on the WAN
interface of the ip|engine, after compression).

Ipanema Technologies

June 2009

Analyzing and reporting tools

TCP factor

Response time that would have been measured without acceleration


(computed with the following hypotheses: TCP window size equal to 64
Kbytes and MSS equal to 1400 bytes) / Response time of the accelerated
sessions.

Acc. factor

The Acceleration factor is calculated by the formula: Compression factor


x TCP factor.

June 2009

Ipanema Technologies

7-103

Ipanema System

7. 11. VOIP REPORTS


Ipanema Technologies VoIP reports provide easy-to-use data for Voice over IP. Using information
gathered from ip|engines performance measurement function, then aggregated by the ip|boss
central management software, VoIP reports generate for Voice over IP per Codec specific metrics
like the MOS (Mean Opinion Score).
The MOS is based on the ipanema metrics Losses, Delay, Jitter and Codec in use, and calculated
over a scale between 15, with the following signification:

MOS Definition
The data generated by the VoIP module is available throughout the whole Ipanema System.
ip|boss makes them available through the SNMP interface, ip|reporter uses them to generate
the appropriate easy to use reports.

7. 11. 1. is - voip - synthesis


VoIP Table

VoIP Synthesis

7-104

Ipanema Technologies

June 2009

Analyzing and reporting tools

What can it do?


Monitored resource

This template is available for the following Metaviews:

What is measured

A Domain .
A Site or a list of sites.
A Key or a list of keys.
A Subnet or a list of subnets,
MOS distribution ingress and egress direction per Codec

How it is measured

From data collected every Long reporting period.

Type of report

Hourly

Daily

Weekly

Monthly

Display rate

1 hour

1 day

1 week

1 month

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

The graphs
The graphs present the following information:
MOS distribution graph
MOS range reached in percentage of Time.
[1,3]

MOS between 1 and 3 in percentage of time during the display period.

[3,3.5]

MOS between 3 and 3.5 in percentage of time during the display period.

[3.5,4]

MOS between 3.5 and 4 in percentage of time during the display period.

[4,4.5]

MOS between 4 and 4.5 in percentage of time during the display period.

[4.5,5]

MOS between 4.5 and 5 in percentage of time during the display period.
This representation is very useful to get a view of Voice over IP quality.

MOS example

June 2009

Ipanema Technologies

7-105

Ipanema System

7. 11. 2. is - voip - time evolution


VoIP Table

VoIP Time Evolution

7-106

Ipanema Technologies

June 2009

Analyzing and reporting tools

What can it do?


Monitored resource

This template is available for the following Metaviews:


A Domain.
A Site or a list of sites.
A Key or a list of keys.
A Subnet or a list of subnets.
MOS, delay, jitter, packet loss, sessions for ingress and egress
direction
From data collected every Short reporting period.

What is measured
How it is measured
Type of report

Hourly

Daily

Weekly

Monthly

Display rate

Short reporting

5 minutes

1 hour

4 hours

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

The graphs
The graphs present the following information:
MOS graph:

Maximum MOS: the maximum MOS (Red) per Codec.


Average MOS: the average MOS (Blue) per Codec.
Minimum MOS: the minimum MOS (Green) per Codec.
Jitter: the average delay variation (in ms) (Yellow).

Delay (ms), Jitter (ms) graph:

Delay (ms): the average delay (in ms) (Blue) per Codec.
Jitter: the average delay variation (in ms) (Yellow) per Codec.

Packet loss (%) graph


This graph represents the percentage of lost IP packets between physical ip|engines per Codec.
Sessions graph:

Sessions: the number of sessions per second in direction of Virtual ip|engines (light blue).
Qualified sessions: the number of qualified sessions per second (between physical
ip|engines) (dark Blue).
Peak sessions: the peak sessions curve displays maximum encountered value during a display
rate.

June 2009

Ipanema Technologies

7-107

Ipanema System

7. 12. SA (SITE ANALYSIS) REPORTS


This chapter is divided into sections that correspond to each report template. A report description
includes an overview of the report features, a graphical representation of the report, a detailed
description of the report, and finally a suggested way of using the report.

7. 12. 1. is - sa - site summary ingress


Site Analysis Table

Site Analysis - site summary ingress


What can it do?
Monitored resource

This template is available for the following Metaviews:

What is measured

A Domain.
A list of Sites.
A Key or a list of Keys.
Throughput to physical ip|engine, no correlation, to virtual
ip|engine, to Out of Domain, transit, other, locally rerouted, Non
IPv4 WAN, ignored LAN
From data collected every Long reporting period.

How it is measured
Type of report

Hourly

Daily

Weekly

Monthly

Display Rate

1 hour

1 day

1 week

1 month

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

The table
Used to display for ip|engines (in the Domain, list of sites, list of keys) the information concerning
the following indicators:

7-108

Site

Name of the Site (ip|engine).

To physical ipe
(kbps)

Ingress throughput in kbps to physical ip|engines.

No correlation
(kbps)

Ingress throughput in kbps with No correlation, if the throughput is a


major part of the total traffic it may be a configuration error in the subnet,
or some flows are not seen end to end between physical ip|engines.

To Virtual ipe
(kbps)

Ingress throughput in kbps to virtual ip|engines.

To out of Domain
(kbps)

Ingress throughput in kbps to subnet 0.0.0.0/0 (Out Of Domain subnet).

Ipanema Technologies

June 2009

Analyzing and reporting tools

Transit (kbps)

Ingress throughput in kbps for transit flows.

Other (kbps)

Ingress throughput in kbps for Other traffic; in fact Other traffic contains
Multicast traffic, Broadcast traffic, local traffic.

Locally rerouted
(kbps)

Ingress throughput in kbps for rerouted traffic.

Non ipv4 WAN


(kbps)

Ingress throughput in kbps for non IPv4 traffic (Apple Talk, IPX, SNA,
IPv6).

Ignored LAN
(kbps)

Ingress throughput in kbps for Ignored LAN traffic (BPDU, Spanning


tree, loopback, ARP frames...).

June 2009

Ipanema Technologies

7-109

Ipanema System

7. 12. 2. is - sa - site summary egress


Site Analysis Table

Site Analysis - site summary egress


What can it do?
Monitored resource

This template is available for the following Metaviews:

What is measured

A Domain.
A list of Sites.
A Key or a list of keys.
Throughput from physical ip|engine, no correlation, from virtual
ip|engine, from Out of Domain, transit, other, locally rerouted, Non
IPv4 WAN, ignored LAN
From data collected every Long reporting period.

How it is measured
Type of report

Hourly

Daily

Weekly

Monthly

Display Rate

1 hour

1 day

1 week

1 month

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

The table
Used to display for ip|engines (in the Domain, list of sites, list of keys) the information concerning
the following indicators:

7-110

Site

Name of the Site (ip|engine).

To physical ipe
(kbps)

Egress throughput in kbps to physical ip|engines.

No correlation
(kbps)

Egress throughput in kbps with No correlation; if the throughput is a


major part of the total traffic may be a configuration error in the subnet, or
some flows are not seen end to end between physical ip|engines.

To Virtual ipe
(kbps)

Egress throughput in kbps to virtual ip|engines.

To out of Domain
(kbps)

Egress throughput in kbps to subnet 0.0.0.0/0 (Out Of Domain subnet).

Transit (kbps)

Egress throughput in kbps for transit flows.

Other (kbps)

Egress throughput in kbps for Other traffic; in fact Other traffic contains
Multicast traffic, Broadcast traffic, local traffic.

Locally rerouted
(kbps)

Egress throughput in kbps for rerouted traffic.

Ipanema Technologies

June 2009

Analyzing and reporting tools

Non ipv4 WAN


(kbps)

Egress throughput in kbps for non IPv4 traffic (Apple Talk, IPX, SNA,
IPv6).

Ignored LAN
(kbps)

Egress throughput in kbps for Ignored LAN traffic (BPDU, Spanning


tree, loopback, ARP frames...).

June 2009

Ipanema Technologies

7-111

Ipanema System

7. 12. 3. is - sa - site throughput


Site Analysis Table

Site Analysis - site throughput


What can it do?
Monitored resource
What is measured

How it is measured

7-112

This template is available for the following Metaview:


A Site.
Ethernet throughput: IPv4, Apple Talk, IPX, SNA, IPv6, ignored
LAN.
IPv4 throughput: to/from physical ip|engine, no correlation, to/from
virtual ip|engine, to/from Out of Domain, transit, other, locally
rerouted, Non IPv4 WAN
From data collected every Short reporting period.

Type of report

Hourly

Daily

Weekly

Monthly

Display rate

Short reporting

5 minutes

1 hour

4 hours

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Ipanema Technologies

Executive officers

June 2009

Analyzing and reporting tools

The graphs
Used to display for each ip|engine the information concerning the following indicators:
Ethernet-Throughput (kbps) graphs:

IPv4 (kbps): Ingress or egress throughput in kbps for IPv4 traffic.


Apple Talk (kbps): Ingress or egress throughput in kbps for Apple Talk traffic..
IPX (kbps): Ingress or egress throughput in kbps for IPX traffic.
SNA (kbps): Ingress or egress throughput in kbps for SNA traffic.
IPV6 (kbps): Ingress or egress throughput in kbps for IPv6 traffic.
Ignored LAN (kbps): Ingress or egress throughput in kbps for Ignored LAN traffic (BPDU,
Spanning tree, loopback, ARP frames...).

IPv4 -Throughput (kbps) graphs:

To physical ipe (kbps): Ingress or egress throughput in kbps to physical ip|engines.


No correlation (kbps): Ingress or egress throughput in kbps with No correlation, if the
throughput is a major part of the total traffic may be a configuration error in the subnet, or some
flows are not seen end to end between physical ip|engines.
To Virtual ipe (kbps): Ingress or egress throughput in kbps to virtual ip|engines.
To out of Domain (kbps): Ingress or egress throughput in kbps to subnet 0.0.0.0/0 (Out Of
Domain subnet).
Transit (kbps): Ingress or egress throughput in kbps for transit flows.
Other (kbps): Ingress or egress throughput in kbps for Other traffic, in fact Other traffic
contains Multicast traffic, Broadcast traffic, local traffic.
Locally rerouted (kbps): Ingress or egress throughput in kbps for rerouted traffic.

June 2009

Ipanema Technologies

7-113

Ipanema System

7. 13. FI (FAULT ISOLATION) REPORTS


7. 13. 1. is - fi - availability - evolution
Fault Isolation Table

Fault Isolation - availability - evolution

7-114

Ipanema Technologies

June 2009

Analyzing and reporting tools

What can it do?


Monitored resource

This template is available for the following Metaviews:


A Domain.
A Site or a list of sites.
A Key or a list of keys.
Status down, Status up, synchronization loss, highest CPU load,
WAN overload (%).
From data collected every Short reporting period.

What is measured
How it is measured
Type of report

Hourly

Daily

Weekly

Monthly

Display rate

Short reporting

5 minutes

1 hour

4 hours

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

The graphs
Used to display for ip|engines the information concerning the following indicators:
Status Down graph
This graph represents the Unavailability status of the ip|engine seen by the management system:

100%: All ip|engines detected as unavailable.


xx %: the percentage of ip|engines detected as unavailable.
0%: No ip|engine detected as unavailable.

Status Up graph
This graph represents the Availability status of the ip|engine seen by the management system:

100%: All ip|engines detected as available.


xx %: the percentage of ip|engines detected as available.
0%: No ip|engine detected as unavailable.

Synchronization loss graph


This graph represents the Synchronization loss status of the ip|engine:

100%: All ip|engines not synchronized.


xx %: percentage of ip|engines detected as not synchronized.
0%: All ip|engines synchronized.

Highest CPU load graph


This graph represents the highest CPU load of all ip|engines in percent if the reports is instantiated
on a list of ip|engines, or CPU load of the selected ip|engine in percent if the report is instantiated
on a single ip|engine.
WAN Overload graph
This graph represents the Overload status of the ip|engine (the WAN throughput exceeds the
capacity of the ip|engine):

100%: All ip|engines overloaded.


xx %: percentage of ip|engines detected as overload.
0%: no overloaded ip|engine.

June 2009

Ipanema Technologies

7-115

Ipanema System

The availability and/or unavailability is linked to the managers ability to reach an


ip|engine in the Domain.

7-116

Ipanema Technologies

June 2009

Analyzing and reporting tools

7. 13. 2. is - fi - availability - overview


Fault Isolation Table

Fault Isolation - Availability - Overview


What can it do?
Monitored resource

This template is available for the following Metaview:


A Domain .
Site, Status down (%), Status up (%), synchronized (%), highest
CPU load, WAN overload (%).
From data collected every Long reporting period.

What is measured
How it is measured
Type of report

Hourly

Daily

Weekly

Monthly

Display Rate

1 hour

1 day

1 week

1 month

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

The table
Used to display for each ip|engine the information concerning the following indicators:
Site

Name of the Site (ip|engine).

Down Status (%)

Unavailability status of the ip|engine seen by the management system.

Up Status (%)

Availability status of the ip|engine seen by the management system.

June 2009

100%: the ip|engine is detected as unavailable during a whole display


period.
xx %: the percentage of time during which the ip|engine is detected as
unavailable during a display period.
0%: the ip|engine is not detected as unavailable during a display
period.

100%: the ip|engine is detected as available during a whole display


period.
xx %: the percentage of time during which the ip|engine is detected as
available during a display period.
0%: the ip|engine is not detected as available during a display period.

Ipanema Technologies

7-117

Ipanema System

Synchronization
loss (%)

Synchronization status of the ip|engine.

100%: the ip|engine is not synchronized during a display period.


xx %: the percentage of time during which the ip|engine is detected as
not synchronized during a display period.
0%: the ip|engine is synchronized during a whole display period.

Highest CPU load

Highest CPU load of ip|engines in percent if the reports is instantiated on


a list of ip|engines, or CPU load of an ip|engine in percent if the report is
instantiated on a single ip|engine, during a display period.

WAN Overload
(%)

Overload status of the ip|engine (the WAN throughput exceeds the


capacity of the ip|engine)

100%: the ip|engine is overloaded during a whole display period.


xx %: the percentage of time during which the ip|engine is detected as
overload during a display period.
0%: the ip|engine not overloaded during a display period.

The availability and/or unavailability is linked to the managers ability to reach an


ip|engine in the Domain.

7-118

Ipanema Technologies

June 2009

Analyzing and reporting tools

7. 14. SP (SMARTPLANNING) REPORTS


7. 14. 1. is - sp - profile
Smartplanning Table

Smartplanning Profile
What can it do?
Monitored resource

This template is available for the following Metaviews:

What is measured

A Site,
Throughput (kbps), Right Size (kbps)

How it is measured

From data collected every Long reporting period.

Type of report

Hourly

Daily

Weekly

Monthly

Display rate

1 hour

1 day

1 week

1 month

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

June 2009

Executive officers

Ipanema Technologies

7-119

Ipanema System

The graphs
Used to display, for each site (ip|engine) in the Domain, for all traffic in the ingress and egress
direction, the throughput (in kbps) and right size (in kbps), by criticality level (top, high, medium
and low) per percentage of time.

The bargraph top shows the bandwidth for top critical flows.
The bargraph high shows the bandwidth for top and high critical flows.
The bargraph medium shows the bandwidth for top, high and medium critical flows.
The bargraph low shows the bandwidth for top, high, medium and low critical flows.

On a flow per flow basis, smartplanning takes into account the traffic demand (the per-session
objective bandwidth, as set in corresponding User Class), the actual network usage (from
measurement function) and the existence, or not, of local or distant congestions (from the
optimization function). Flows elasticity is also estimated and taken into account.

Then smartplanning aggregates this data according to access and criticality, and produces the
following information:

the actual traffic usage (what has been exchanged on the network) per percentage of time;
the right size value (estimated access size to match objectives, including correction for
end-to-end congestions and flows elasticity) per percentage of time.

Smartplanning generates two metrics:

7-120

The actual usage Throughput (in kbps) is carried out by the measurement module of the
Ipanema System. The original data produced is processed to be aggregated by criticality level
and by access.
The access right size Right Size (in kbps) presents for the site per criticality refined estimate
of the necessary access bandwidth to match the service level according to the percentage of
time, taking into account the flow matrix, end-to-end congestions as well as characteristics of
the flows. Depending on actual traffic nature and congestion status, it can be equal to or smaller
than the traffic demand.

Ipanema Technologies

June 2009

Analyzing and reporting tools

7. 14. 2. is - sp - synthesis
Smartplanning Table

Smartplanning Synthesis

June 2009

Ipanema Technologies

7-121

Ipanema System

What can it do?


Monitored resource

This template is available for the following Metaviews:


A Domain.
A list of Sites.
A Key or a list of keys.
Throughput (kbps), Estimated bandwidth for the next 3 months
(kbps), Estimated bandwidth for the next year (kbps)
From data collected every Long reporting period.

What is measured
How it is measured
Type of report

Daily

Display rate

1 day

Time Span

1 day

Life Time

1 day

Audience

Executive officers

The tables
A table is provided per each level of criticality you want to take into account (top top and high
top, high and medium top to low).
Used to display for each site (ip|engine) in the Domain, per selected level of criticality for all traffic
in the ingress and egress directions, the throughput (in kbps), and the trends for the next 3 months
and for the next year per percentile of time.
For each level of criticality, 2 tables are provided:

The bandwidth and its trends for the next 3 months and next year,
The right size and its trends for the next 3 months and next year,

On a flow per flow basis, smartplanning takes into account the traffic demand (the per-session
objective bandwidth, as set in corresponding User Class), the actual network usage (from
measurement function) and the existence, or not, of local or distant congestions (from the
optimization function). Flows elasticity is also estimated and taken into account.
Then smartplanning aggregates these data according to access and criticality, and produces the
following information:

the actual traffic usage (what has been exchanged on the network) per percentage of time;
the estimated traffic value (estimated access size to match objectives, including correction for
end-to-end congestions and flows elasticity) for the next 3 months and for the next year per
percentage of time.

Smartplanning generates three metrics:

7-122

The actual usage Throughput (in kbps) is carried out by the measurement module of the
Ipanema System. The original data produced is processed to be aggregated by criticality level
and by access.
The estimated Throughput (in kbps) for the next 3 months according to the network activity
of the past 3 months.
The estimated Throughput (in kbps) for the next year according to the network activity of the
past year.

Ipanema Technologies

June 2009

Analyzing and reporting tools

7. 15. IP|EXPORT REPORT


7. 15. 1. is - ip|export - report
ip export Type 1 Table

ip export Type 1
What can it do?
Monitored resource

This template is available for the following Metaviews:


A Domain .
A Site or a list of sites.
A Key or a list of keys.
A Subnet or a list of subnets.
An Application or a list of applications.
A User Class or a list of User Classes.
A Criticality or a list of criticality levels.
ingress/egress unqualified bytes, ingress/egress qualified
bytes, ingress/egress red bytes, ingress/egress yellow
bytes, ingress/egress green bytes, ingress/egress sessions,
ingress/egress delay, ingress/egress losses, ingress/egress jitter
From data collected every Long reporting period.

What is measured

How it is measured
Type of report

Hourly

Daily

Weekly

Monthly

Display rate

1 hour

1 day

1 week

1 month

Time Span

1 hour

1 day

1 week

1 month

Life Time

24 hours

7 days

5 weeks

12 months

Audience

Network analysts

Executive officers

This table is not made to use in Infovista, BUT to generate Excel files with these
values in order to make some off line treatment like Billing system.

June 2009

Ipanema Technologies

7-123

Ipanema System

The table
Used to generate for each site (ip|engine), per subnet and User Class the information concerning
the following indicators:
ip|export table
Site

Name of the Site (ip|engine).

Subnet

Name of the Subnet.

User Class

Name of the User Class.

Criticality

Criticality level according to the User Class name.

IUB

Ingress Unqualified Bytes: number of bytes for ingress direction to virtual


sites

EUB

Egress Unqualified Bytes: number of bytes for egress direction from virtual
sites

IQB

Ingress Qualified Bytes: number of bytes for ingress direction to physical


sites

EQB

Egress Qualified Bytes: number of bytes for egress direction from physical
sites

IRB

Ingress Red Bytes: number of bytes for ingress direction to physical sites,
when one or several metrics (average delay, jitter and/or packet loss)
exceed the maximum objectives:

ERB

Egress Red Bytes: number of bytes for egress direction from physical
sites, when one or several metrics (average delay, jitter and/or packet loss)
exceed the maximum objectives:

IYB

when the average delay is between the delay objective and the maximum
delay objective,
when the jitter is between the jitter objective and the maximum jitter
objective,
when the packet loss is between the packet loss objective and the
maximum packet loss objective.

Egress Yellow Bytes: number of bytes for egress direction from physical
sites, when one or several metrics (average delay, jitter and/or packet loss)
are between the nominal and the maximum objectives:

7-124

when the average delay exceeds the maximum delay objective,


when the jitter exceeds the maximum jitter objective,
when the packet loss exceeds the maximum packet loss objective.

Ingress Yellow Bytes: number of bytes for ingress direction to physical sites,
when one or several metrics (average delay, jitter and/or packet loss) are
between the nominal and the maximum objectives:

EYB

when the average delay exceeds the maximum delay objective,


when the jitter exceeds the maximum jitter objective,
when the packet loss exceeds the maximum packet loss objective.

when the average delay is between the delay objective and the maximum
delay objective,
when the jitter is between the jitter objective and the maximum jitter
objective,
when the packet loss is between the packet loss objective and the
maximum packet loss objective.

Ipanema Technologies

June 2009

Analyzing and reporting tools

IGB

Ingress Green Bytes: number of bytes for ingress direction to physical


sites, when all metrics (average delay, jitter and packet loss) are better
than the objectives:

EGB

when the average delay is lower than delay objective,


when the jitter is lower than jitter objective,
when the packet loss is lower than packet loss objective.

Egress Green Bytes: number of bytes for egress direction from physical
sites, when all metrics (average delay, jitter and packet loss) are better
than the objectives:

when the average delay is lower than delay objective,


when the jitter is lower than jitter objective,
when the packet loss is lower than packet loss objective.

IS

Ingress Sessions: total number of sessions (on physical and/or virtual sites)
for ingress direction.

ES

Egress Sessions: total number of sessions (on physical and/or virtual sites)
for egress direction.

ID

Ingress Delay: average delay for ingress direction for all packets to physical
sites.

ED

Egress Delay: average delay for egress direction for all packets from
physical sites.

IL

Ingress Losses: percentage of losses for ingress direction to physical sites.

EL

Egress Losses: percentage of losses for egress direction from physical sites.

IJ

Ingress Jitter: average jitter for ingress direction for all packets to physical
sites.

EJ

Egress Jitter: average jitter for egress direction for all packets from physical
sites.

June 2009

Ipanema Technologies

7-125

CHAPTER 8. SOFTWARE LICENSE TERMS


Document organization
To use the Ipanema software modules (the Software), the End User must be granted a license
(the License) directly by Ipanema Technologies (Ipanema) or through a duly authorized reseller
(the Reseller). This License is defined by the following terms:

8. 1. GRANT OF RIGHTS TO USE AND INTELLECTUAL


PROPERTY
The rights granted to the End User to use the software is non-exclusive, non-transferable,
non-convertible and restricted to the use of the software for the exclusive purpose of installation
and operation of the Ipanema System in accordance with the recommendations and instructions of
Ipanema, issued in any form including the Ipanema technical documentation (theDocumentation).
Ipanema owns and shall retain all rights, title and interest in and to the Software and the
Documentation, and any copies, customized versions, corrections, bug fixes, updates,
enhancements, new versions, or other modifications to the Software, including all copyrights,
patents, trade secret rights, trademarks and other intellectual property rights therein. The license
granted under this Agreement does not provide the End User with title to, ownership of or any
proprietary right to the software and the documentation, but only a right of limited use according
to the terms of this License.
The right to use the Software does not include the right for copying, modifying, disassembling,
de-compiling, decoding, reverse engineering, or any derivative usage of the products, to the extent
permitted by applicable law.
According to software modules, the right to use is associated either with either a specific Ipanema
System configuration or by a certain number of ISUs (Ipanema Software Units) as described in
the commercial proposal or the contract.
The right to use software modules bound to ISUs within an Ipanema System can be transferred by
the End User to other such modules in the same Ipanema System as long as the corresponding total
number of ISUs is not exceeded. Any other modification of the configuration will modify the already
granted right to use and must be described in a subsequent commercial proposal or contract.

8. 2. OPEN SOURCE LICENSES


Some components of the Ipanema software may be covered under one or more of the open source
licenses below. The Ipanema warranty for these modules apply as they are used embedded in
the entire product. For licenses that require it, machine readable copies of modifications made
by Ipanema are available upon request. Complete license texts can be found at the following
addresses or by connecting to ip|engines (using the license command at login):

Apache License The Apache Software Licence, Version 1.1 and 2.0 http://www.apache.org
BSD 1.0 License http://opensource.org
GNU General Public License (GPL) Version 2, June 1991 http://www.fsf.org
GNU Lesser General Public License (LGPL) Version 2.1, February 1999 http://www.fsf.org

8. 3. TERM AND TERMINATION


The grant of this License is dependent on payment of the Initial Software License Fee, and shall
be effective as of the shipment date of the Software license key.
Should the End User fail to comply with any of the terms and conditions of this License, Ipanema
or its Reseller shall be entitled to terminate the License. Such termination shall be effective fifteen

June 2009

Ipanema Technologies

8-1

Ipanema System

(15) days after formal demand requiring correction of the breach shall have been sent by registered
post with return receipt requested without the breach having been so corrected.
In the event of termination of this license, the End User shall:

immediately de-install the Ipanema software;


pay to Ipanema or its Reseller all sums remaining due as at the date of termination.

8. 4. SOFTWARE MEDIA WARRANTY


Ipanema warrants that original data supports are free from defects in materials and workmanship,
assuming normal use, for a period of ninety (90) days from date of shipment.
Ipanemas sole and exclusive liability and the End Users sole and exclusive remedy under this
limited warranty shall be to replace the defective media on which the Software is recorded free of
charge. This remedy is available only if Ipanema is promptly notified in writing, within the warranty
period, upon discovery of the defect by the End User.

8. 5. SOFTWARE WARRANTY
Ipanema warrants that the software performs substantially according to its documentation for a
period of ninety (90) days from date of shipment of the software license key.
Ipanemas sole and exclusive liability and the End Users sole and exclusive remedy under this
limited warranty shall be, at Ipanemas election, to provide corrective maintenance services to
correct the Ipanema software if it doesnt perform as warranted within the warranty period or to
replace it free of charge with a corrected version.
The limited warranty set forth in this article shall not apply to any non conformity that is caused
by: (a) the End Users misuse or improper use of the software, including, without limitation, the
use or operation of the software with an application or in an environment other than that specified
by Ipanema, or introduction of data into any data structures or tables used by the software by any
means other than use of the software; (b) any third party software or hardware; (c) any modifications
or alterations of or additions to the software performed by parties other than Ipanema; or (d) the
End Users failure to implement all problem corrections and new releases.

8. 6. DISCLAIMER
THE EXPRESS REPRESENTATIONS, WARRANTIES AND CONDITIONS OF IPANEMA
SET FORTH IN THIS DOCUMENT ARE IN LIEU OF ALL OTHER REPRESENTATIONS,
WARRANTIES AND CONDITIONS, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED
TO, IMPLIED REPRESENTATIONS, WARRANTIES AND CONDITIONS OF MERCHANTABLE
QUALITY, MERCHANTABILITY, TITLE, DURABILITY OR FITNESS FOR A PARTICULAR
PURPOSE AND THOSE ARISING BY STATUTE OR OTHERWISE IN LAW OR FROM A COURSE
OF DEALING OR USAGE OF TRADE. IPANEMA DOES NOT REPRESENT OR WARRANT
THAT: (A) THE SOFTWARE WILL MEET END USERSS BUSINESS REQUIREMENTS; (B)
THE OPERATION OF THE SOFTWARE WILL BE ERROR-FREE OR UNINTERRUPTED; OR
(C) THAT ALL PROGRAMMING ERRORS CAN BE FOUND AND CORRECTED. THE END
USER IS RESPONSIBLE FOR TAKING PRECAUTIONARY MEASURES TO PREVENT THE
LOSS OR DESTRUCTION OF THE END USERS DATA, INCLUDING WITHOUT LIMITATION,
MAKING REGULAR BACKUPS AND VERIFYING THE RESULTS OBTAINED FROM USING THE
SOFTWARE, AND IPANEMA SHALL HAVE NO OBLIGATIONS OR LIABILITY WHATSOEVER
WITH RESPECT TO SUCH LOSS, DESTRUCTION OR USE UNLESS CAUSED BY THE
WILFUL MISCONDUCT OF IPANEMA.
WITHOUT LIMITING THE GENERALITY OF THE FOREGOING DISCLAIMERS, IPANEMA
EXPRESSLY DISCLAIMS ANY REPRESENTATIONS, WARRANTIES AND CONDITIONS
REGARDING THE PERFORMANCE CHARACTERISTICS OF THE SOFTWARE, INCLUDING
RESPONSE TIMES, MACHINE USAGE AND OTHER OPERATING CHARACTERISTICS, ON
ANY PARTICULAR COMPUTER EQUIPMENT. IPANEMA SHALL HAVE NO RESPONSIBILITY
FOR THE SELECTION, INSTALLATION AND MAINTENANCE OF THE COMPUTER
EQUIPMENT ON WHICH THE PROGRAMS AND THIRD PARTY SOFTWARE ARE TO
OPERATE.

8-2

Ipanema Technologies

June 2009

software license terms

FOR ANY BREACH OF THIS AGREEMENT OR ANY OTHER CLAIM ARISING FROM OR
RELATED TO THIS AGREEMENT GIVING RISE TO LIABILITY, IPANEMAS ENTIRE LIABILITY
SHALL BE LIMITED TO THE END USERS ACTUAL DIRECT, PROVABLE DAMAGES IN AN
AMOUNT NOT TO EXCEED IN THE AGGREGATE, THE TOTAL LICENSE FEES PAID BY THE
END USER FOR THE SOFTWARE THAT IS THE SUBJECT MATTER OF THE CLAIM.
IN NO EVENT SHALL IPANEMA OR ITS RESELLER BE LIABLE FOR LOSS OF PROFITS, LOSS
OF BUSINESS REVENUE, LOSS OF DATA, FAILURE TO REALIZE EXPECTED PROFITS OR
SAVINGS OR ECONOMIC LOSS OF ANY KIND, OR FOR ANY INDIRECT, CONSEQUENTIAL,
SPECIAL, INCIDENTAL OR PUNITIVE LOSSES OR DAMAGES, OR FOR ANY CLAIM AGAINST
END USER BY ANY OTHER PERSON, EVEN IF IPANEMA OR ITS RESELLER HAS BEEN
ADVISED OF OR COULD REASONABLY FORESEE THE POSSIBILITY OF ANY SUCH
DAMAGE OCCURRING.
THE LIMITATIONS SHALL APPLY REGARDLESS OF THE FORM OF ACTION, WHETHER
BASED ON CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR
OTHER LEGAL OR EQUITABLE THEORY, INCLUDING A BREACH OF A CONDITION OR
FUNDAMENTAL TERM OR FUNDAMENTAL BREACH OR BREACHES. THE LIMITATIONS
SHALL NOT APPLY TO CLAIMS FOR PERSONAL INJURY OR BODILY HARM CAUSED BY
EITHER PARTY, OR PAYMENT OF AMOUNTS OWING BY THE END USER TO IPANEMA OR
ITS RESELLER.

8. 7. GOVERNING LAW
This License is governed by French law and any proceedings arising out of or in connection with
this License shall be submitted to the Commercial Court of Paris, France.
If any provision hereof is held invalid, the remainder shall continue in full force and effect.

June 2009

Ipanema Technologies

8-3

CHAPTER 9. TECHNICAL SUPPORT


Document organization

9. 1. CUSTOMER TECHNICAL SUPPORT


Do not attempt to repair the equipment yourself. Do not remove ip|engine covers
and casings. This will void any warranty.

Please refer to the support and maintenance contract for specific information about these services.
Should you have any problem with your system, please contact your supplier for technical
assistance.
In any case, you can get support and information by logging on Ipanemas Support web site:
https://support.ipanematech.com,
where you can access the Public Knowledge Database, find Technical notes and FAQs, be informed
of the latest developments and updates, download all the Ipanema software, create and track
tickets, and find other relevant information relating to the Ipanema System.
An account will be created on demand.
Other contact information:
E-mail: support@ipanematech.com
Phone: +(33)1 55 52 15 22
Fax: +(33)1 55 52 15 01
In the event of a technical problem, please supply as much information as possible, in particular:

your name, address, telephone number and the name of your company,
your Ipanema Technologies license number, see window about in ip|boss field reference,
the names, versions and serial numbers of the products you are using,
the version: Windows (2000 / 2003) or Solaris of operating system for ip|boss,
a description of the installed configuration and the configuration files,
a detailed description of the problem you have encountered.

June 2009

Ipanema Technologies

9-1