User Guide for Cisco Performance Monitor 3.3 - Introduction [Cisco Security Manager]

Table Of Contents

Introduction

What Is Performance Monitor?

Understanding Basic Concepts

Performance Monitor and FCAPS

Supported Services and Platforms for Monitoring and Reports

Integration with CiscoWorks Common Services

Introduction

Performance Monitor is a browser-based tool that monitors and troubleshoots the health and performance of services that contribute to enterprise network security. Supported service types are remote-access VPN, site-to-site VPN, firewall, web server load-balancing, and proxied SSL.

Tip To learn more about important security concepts, technologies, and service types, see Cisco.com.

The following topics provide an overview of Performance Monitor:

•What Is Performance Monitor?

•Understanding Basic Concepts

•Performance Monitor and FCAPS

•Supported Services and Platforms for Monitoring and Reports

•Integration with CiscoWorks Common Services

What Is Performance Monitor?

Performance Monitor is a component of the Cisco Security Management Suite. It enables you to increase service availability by isolating, analyzing, and troubleshooting significant events in your network as they occur. See Figure 1-1 to understand the tabs from which you access all features and functions of Performance Monitor.

Figure 1-1 GUI Tabs

1

Summary tab options enable you to:

•Display a list of known critical problems (P1 and P2) in your network, or display graphs and charts that summarize the health and performance of any supported service in your network.

•Open a dashboard (a compact summary), or open an event browser with no set filters.

Note To understand dashboards and event browsers, see Table 1-1.

4

Devices tab options enable you to:

•Import and validate device attributes manually or from a CSV file.

•View hardware, software, and network descriptions for devices.

•Learn when Performance Monitor most recently updated the tables and graphs under the Monitor tab, and to what extent.

•Edit device SNMP settings.

•Enable or disable device polling.

•Navigate in device groups (system-defined and user-defined) and view their properties.

•Create device groups and edit their properties.

•Delete user-defined device groups and delete references to specific devices.

2

Monitor tab options provide real-time monitoring for supported services on supported devices¹, such as:

•VPN (RAS or site-to-site) and firewall devices and services, including multi-conext (virtual firewalls).

•Load-balancing services from content-switching service modules.

•SSL proxy services.

5

Admin tab options enable you to configure event management and system parameter settings, review logs, develop customized online help content for your organization, and specify the default page.

•Event management options are:

–Generate events based on SNMP traps, Syslog data, or crossed thresholds.

–Use default or user-configurable thresholds.

–Configure notification through email, SNMP traps, and Syslog.

System parameter settings control polling intervals, truncation intervals, and the intervals after which Performance Monitor deletes its records of historical data.

3

Options under the Reports tab enable you to:

•Configure, generate, and view reports about usage, throughput, performance, and failures.

•Schedule the automatic creation and email distribution of reports.

•Display reports for the remote-access VPN sessions of any user or all users.

•Review up to a year's worth of report data, in which the data points occur at hourly, daily, weekly, or monthly intervals.

•Export report data in CSV, XML, or PDF formats.

¹See Supported Devices and Software Versions for Performance Monitor 3.3 on Cisco.com.

Understanding Basic Concepts

Table 1-1 describes basic concepts that you must understand in order to use Performance Monitor successfully.

Table 1-1 Performance Monitor Concepts

Concept

Description

critical problems

Critical problems are abnormal (P1 or P2) conditions that occur when a system component exceeds a performance threshold or functions improperly. Critical problems can cause network service disruptions and outages.

dashboard

The dashboard is a small browser window in which you isolate summary graphs for one or more supported services. The graphs refresh at an interval that you specify and summarize the performance of as many services as you select. If you select multiple services, the dashboard cycles through them in sequence, displaying graphs for one service at a time every time the dashboard display is refreshed.

You open the dashboard when you click a detach icon (see Figure 3-2 on page 3-5) in a page under the Summary tab.

events

An event is a notification that a managed device or component has an abnormal condition. Multiple events can occur simultaneously on a single monitored device or service module. To display events, you open an event browser.

event browsers

An event browser organizes events into two event classes:

•Failure — Shows events in which a monitored component or service failed to operate as expected.

•Performance — Shows events in which a monitored component or service exceeded acceptable thresholds.

An event browser enables you to browse events generally or by type and to sort events by criteria that you choose. You can filter events by event class, service type, device type, severity, state, or description, and you can search for an event by its assigned event ID number. You can also accept responsibility for resolving the events that you view.

Each monitored service has its own dedicated event browser. The information in an event browser typically applies only to the service from which you started it. To display events for one service only, you must open the relevant event browser.

Tip To open an event browser that displays unfiltered events of every type for every service, select Summary > Event Browser.

summaries

Summary graphs and tables show the most recent 8 hours of service activity, based on polling that recurs at a configurable interval. Click hyperlinked graphs and table entries to see more detailed information.

Performance Monitor and FCAPS

In an effort to provide a clear focus and strategy for running a network safely and efficiently, the International Organization for Standardization (ISO) developed an network management model known as the FCAPS model. This model identifies five key areas of network management: Fault management, Configuration management, Accounting, Performance management, and Security.

•Fault management is concerned with detecting, diagnosing, and correcting network and system faults (outages and degradations). Fault management products typically provide for alert handling and event management functions, and can include the diagnostic tools needed to isolate faults to facilitate corrective or alternative actions.

•Configuration management is concerned with the installation, identification, inventory removal, and configuration of hardware (including components such a cards, modules, memory, and software), software, firmware, and services. Configuration management also provides for monitoring and managing the deployment status of a device. The configuration management functional area includes software management, change control, and inventory management.

•Accounting management is concerned with tracking the use of resources in a network An example would be the allocation of billing costs for both time and services rendered by a service provider. Accounting management also addresses billing for utilization of communications and computing facilities, as well as tracking user access to networks and the resources accessed by those users. Accounting management systems typically include knowledge of tariff structures.

•Performance management is concerned with the measurement and analysis of both short-term and long-term network and system statistics related to utilization, response time, availability, and error rates. Performance management is also used to determine whether there are any outages on a network. Ideally, performance data can be used to prevent future failures by helping network planners identify trends that suggest capacity utilization or other problems before such problems affect users or services. Performance management tools are also used to assist in planning, design, and performance-tuning for improved network and systems efficiency.

•Security management is concerned with controlling access to network resources and preventing unauthorized use of or tampering with the network. Security management tools can address user access rights, data privacy, alarms and audit trails of security attacks/breaches, the management of security mechanisms, and password distribution.

The capabilities of the Performance Monitor application are in the fault management and performance management categories (see Table 1-2).

Table 1-2 Organization of the FCAPS Model

Fault Management

Configuration Management

Accounting Management

Performance Management

Security Management

Handle alarms

System turn-up

Track service usage

Collect data

Control network element (NE) access

Detect trouble

Provisioning

Bill for services

Generate reports

Enable NE functions

Correct trouble

Autodiscovery

Service level agreements

Analyze data

Access logs

Test and acceptance

Backup and restore

Monitor performance

Network recovery

Database handling

Forward alarms

Manage inventory

Filtering

Supported Services and Platforms for Monitoring and Reports

See Table 1-3 to understand which services this Performance Monitor release can monitor, and can issue reports for, on each supported Cisco platform.

Table 1-3 Supported Services and Platforms for Monitoring

Platform¹, ²

Monitored Service Type³, ⁴

VPN

Firewall

Other

DMVPN

Easy VPN

Remote Access

Site-to-Site

Firewall

Multicontext

Load Balancing

SSL

Adaptive Security Appliances 5500 Series

NA

NA

NA

Catalyst 6500 Series Switches

Content-switching Services Modules

NA

NA

NA

NA

NA

NA

NA

Firewall Services Modules

NA

NA

NA

SSL Services Modules

NA

NA

NA

NA

NA

NA

NA

VPNSMs

NA

—

—

NA

NA

NA

VPN SPAs

NA

—

—

NA

NA

NA

VSPAs

NA

—

—

NA

NA

NA

Cisco IOS Routers

—

NA

NA

NA

PIX Security Appliances (known commonly as PIX Firewalls)

NA

NA

NA

VPN 3000 Concentrator Series

NA

NA

NA

NA

NA

¹Cisco no longer sells VPNSM for Catalyst 6500 Series switches. We encourage you to migrate to VPN SPA, which supports DES and 3DES, as well as 128-, 192-, and 256-bit AES keys. See: http://www.cisco.com/en/US/products/hw/switches/ps708/products_data_sheets_list.html.

²Supported services that vary for specific software or device versions:
·  PIX OS 7.0 and later support Easy VPN services, but not RAS clustering for Easy VPNs.
·  PIX OS 7.0 and later support Easy VPN, RAS VPN, site-to-site VPN, and virtual (multicontext) firewall services.
·  PIX OS 7.0 and later support RAS VPN and site-to-site VPN services in routed single context mode only.
·  FWSM versions 2.2 and later support virtual (multicontext) firewall services.
·  FWSM versions 3.1 and later support RAS VPN and site-to-site VPN services in routed single context mode only.
·  Cisco ASA Software Version 7.0 and later support Easy VPN, RAS VPN, site-to-site VPN, and virtual (multicontext) firewall services.

³Performance Monitor neither monitors nor offers reports for the load balancing of Cisco VPN 3000 concentrators or supported ASA appliances that you organize in virtual clusters. The Load Balancing column in this table refers exclusively to the web server load balancing services associated with supported content switching services modules in Catalyst 6500 series switches.

⁴In this table:
·  NA describes a service that the specified platform does not provide.
·  The em-dash character ( — ) describes a service that Performance Monitor does not monitor on the specified platform.

Integration with CiscoWorks Common Services

Performance Monitor requires Common Services 3.2, which supplies essential server-side components and manages some functions on behalf of Performance Monitor. For more information, see the Common Services online help.