CA Network Flow Analysis
Release Notes Release 9.1.3
This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the “Documentation”) is for your informational purposes only and is subject to change or withdrawal by CA at any time. This Documentation may not be copied, transferred, reproduced, disclosed, modified or duplicated, in whole or in part, without the prior written consent of CA. This Documentation is confidential and proprietary information of CA and may not be disclosed by you or used for any purpose other than as may be permitted in (i) a separate agreement between you and CA governing your use of the CA software to which the Documentation relates; or (ii) a separate confidentiality agreement between you and CA. Notwithstanding the foregoing, if you are a licensed user of the software product(s) addressed in the Documentation, you may print or otherwise make available a reasonable number of copies of the Documentation for internal use by you and your employees in connection with that software, provided that all CA copyright notices and legends are affixed to each reproduced copy. The right to print or otherwise make available copies of the Documentation is limited to the period during which the applicable license for such software remains in full force and effect. Should the license terminate for any reason, it is your responsibility to certify in writing to CA that all copies and partial copies of the Documentation have been returned to CA or destroyed. TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS DOCUMENTATION “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT WILL CA BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY LOSS OR DAMAGE, DIRECT OR INDIRECT, FROM THE USE OF THIS DOCUMENTATION, INCLUDING WITHOUT LIMITATION, LOST PROFITS, LOST INVESTMENT, BUSINESS INTERRUPTION, GOODWILL, OR LOST DATA, EVEN IF CA IS EXPRESSLY ADVISED IN ADVANCE OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. The use of any software product referenced in the Documentation is governed by the applicable license agreement and such license agreement is not modified in any way by the terms of this notice. The manufacturer of this Documentation is CA. Provided with “Restricted Rights.” Use, duplication or disclosure by the United States Government is subject to the restrictions set forth in FAR Sections 12.212, 52.227-14, and 52.227-19(c)(1) - (2) and DFARS Section 252.227-7014(b)(3), as applicable, or their successors. Copyright © 2013 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Contact CA Technologies
Contact CA Support
For your convenience, CA Technologies provides one site where you can access the information that you need for your Home Office, Small Business, and Enterprise CA Technologies products. At http://ca.com/support, you can access the following resources: ■ Online and telephone contact information for technical assistance and customer services ■ Information about user communities and forums ■ Product and documentation downloads ■ CA Support policies and guidelines ■ Other helpful resources appropriate for your product
Providing Feedback About Product Documentation
If you have comments or questions about CA Technologies product documentation, you can send a message to [email protected].
To provide feedback about CA Technologies product documentation, complete our short customer survey which is available on the CA Support website at http://ca.com/docs.
Contents
Chapter 1: Welcome 7 Product Documentation ...... 7 Third Party Acknowledgment and License Agreements ...... 8
Chapter 2: System Requirements 9 Deployment Options ...... 9 Version Compatibility ...... 10 System Requirements and Recommendations (Windows) ...... 11 System Requirements and Recommendations (Linux) ...... 12 Language Support ...... 13
Chapter 3: New Features and Enhancements 15 Anomaly Detector ...... 15 Expanded Support for Upgrades ...... 16 Flow Cloner ...... 17 Changing Router Tenant and Domain Assignments ...... 17 Quick Installation for Any Future Updates ...... 19 Documentation Bookshelf ...... 19
Chapter 4: Locating Information About Known Issues 21
Contents 5
Chapter 1: Welcome
Welcome to CA Network Flow Analysis 9.1.3. Review these notes before you install or upgrade the CA Network Flow Analysis software.
This document contains important information, including the following topics: ■ Availability of product documentation ■ System specifications
■ Deployment options
■ Software version compatibility
■ New features and enhancements
■ Version compatibility
■ How to locate information about known issues ■ How to locate Third Party Acknowledgment and License Agreements
This section contains the following topics: Product Documentation (see page 7) Third Party Acknowledgment and License Agreements (see page 8)
Product Documentation
CA provides a full set of technical documentation in the CA Network Flow Analysis Documentation Bookshelf. The following list shows some of the guides that are available for CA Network Flow Analysis: ■ Administrator Guide ■ Operator Guide
■ Installation Guide
■ Release Notes
■ Single Sign-On User Guide
■ Upgrade Guide ■ Use Cases
Chapter 1: Welcome 7
Third Party Acknowledgment and License Agreements
You can open the guides in PDF and HTML format from the Documentation Bookshelf. Access the bookshelf from the Help menu in the CA Network Flow Analysis or CA Performance Center user interface.
The documentation may have been updated since its release. To be sure you have the latest documentation updates, download the bookshelf and Readme files from CA Support.
The Readme contains the most recent list of known issues and workarounds.
The Localization Status Readme identifies any differences between the English and localized versions of the product documentation and user interface.
To view the documentation PDF files, make sure that Adobe Reader is installed. You can download the Reader from http://get.adobe.com/reader/.
Third Party Acknowledgment and License Agreements
Third-party software was used in the creation of CA Network Flow Analysis. All third-party software has been used in accordance with the terms and conditions for use, reproduction, and distribution as defined by the applicable license agreements.
Information about third-party license agreements is provided in the following document, which is installed automatically with the CA Network Flow Analysis software:
8 Release Notes
Chapter 2: System Requirements
This section contains the following topics: Deployment Options (see page 9) Version Compatibility (see page 10) System Requirements and Recommendations (Windows) (see page 11) System Requirements and Recommendations (Linux) (see page 12) Language Support (see page 13)
Deployment Options
You can install all CA Network Flow Analysis components on a standalone system or can distribute the components among multiple servers: ■ A standalone system consists of a single, dedicated server or virtual machine that is used to install both the NFA console and the Harvester. ■ A two-tier distributed deployment has the NFA console and one or more Harvesters installed on separate dedicated servers or virtual machines. ■ A three-tier distributed deployment has the NFA console, one or more Harvesters, and one or more Data Storage Appliances (DSAs) installed on separate dedicated servers or virtual machines.
The current version of CA Network Flow Analysis supports the following operating systems: ■ Microsoft Windows Server 2008 R2, Standard Edition on a 64-bit processor or Microsoft Windows Server 2003, Standard Edition on a 32-bit processor--on any of the installation servers. ■ Red Hat Enterprise Linux 5.5 or 5.6 on a 64-bit processor--for a Harvester in a distributed deployment ■ English, Chinese (Simplified), French (France), or Japanese language
Chapter 2: System Requirements 9
Version Compatibility
Version Compatibility
CA Network Flow Analysis 9.1.3 supports upgrades from the following previous software versions:
FROM Version TO Version RA 9.0.161 Standalone 3-tier NFA 9.1.3 Standalone 2-tier* NPC 6.1.194 NPC 6.1.194, Distributed 3-tier CA PC 2.2.x, or CA PC 2.3.x Distributed 3-tier (re-registered)
NFA 9.1.00 Standalone 2-tier NFA 9.1.3 Standalone 2-tier CA PC 2.0.x Distributed 2-tier CA PC 2.2.x or 2.3.x Distributed 2-tier NFA 9.1.1 Standalone 2-tier NFA 9.1.3 Standalone 2-tier CA PC 2.0.x or 2.1.x CA PC 2.2.x or 2.3.x Distributed 2-tier Distributed 2-tier
NFA 9.1.2 Standalone 2-tier NFA 9.1.3 Standalone 2-tier CA PC 2.2.x CA PC 2.2.x or 2.3.x Distributed 2-tier Distributed 2-tier
* You have one of the following configurations after an upgrade from CA NetQoS ReporterAnalyzer 9.0.1: ■ Standalone 2-tier architecture ■ Distributed 3-tier architecture All other types of upgrades result in a 2-tier architecture deployment.
CA Network Flow Analysis 9.1.3 is compatible with CA Performance Center 2.2.x and 2.3.x. If you upgrade from CA NetQoS ReporterAnalyzer 9.0.1, you also have the option to continue using CA NetQoS Performance Center 6.1.194.
10 Release Notes
System Requirements and Recommendations (Windows)
System Requirements and Recommendations (Windows)
If you purchase servers from CA, the servers have the software already installed. If you purchase software only, verify that your hardware meets the specifications that are noted here, in the CA Network Flow Analysis Installation Guide, and in the CA Network Flow Analysis Upgrade Guide. For the latest version of the documentation, visit CA Support Online.
Setting or Component Description
Operating System ■ Microsoft Windows Server 2008 R2, Standard Edition on a 64-bit processor ■ Microsoft Windows Server 2003, Standard Edition on a 32-bit processor Language English, Chinese (Simplified), French (France), or Japanese language The appropriate language packs are required for localized deployments.
Operating System Updates Latest service pack and all important updates installed Install only important Windows updates and service packs. Do not install Microsoft Internet Explorer version 9.
Disk Space C: drive with 40 GB of available space for the operating system We recommend installing CA Network Flow Analysis on a separate drive that is dedicated to CA Network Flow Analysis. Verify that the drive contains the following disk space available: ■ 41 GB for the installation files ■ Console or standalone server: 200 GB or more available space for data ■ Harvester or DSA server: 1 TB of available space for data
CPU Two 2.26-GHz quad core processors
Memory 12 GB RAM
Hard drives ■ Console or standalone server: Three 300-GB, 10,000-RPM SAS hard drives in RAID5 configuration ■ Harvester or DSA server: Six 300-GB, 10,000-RPM SAS hard drives in RAID5 configuration
Ports ■ Console or standalone server: 1-Gb LAN port ■ Harvester or DSA server: 1-Gb Ethernet port
Screen resolution Minimum display resolution of 1024x768 (XGA)
Chapter 2: System Requirements 11
System Requirements and Recommendations (Linux)
Setting or Component Description Web browser A web browser is recommended for the NFA console or standalone server. A web browser is required for servers that access the NFA console user interface. We recommend that you install Microsoft Internet Explorer version 8. Some other browsers or browser versions may work with CA Network Flow Analysis, but have not been tested. Microsoft Internet Explorer version 10 is not supported. Note: To work with CA Network Flow Analysis in the CA Performance Center Console, use Internet Explorer version 8 with compatibility mode turned off. To work in the NFA console, you can use Internet Explorer with compatibility mode turned on or off. If you have Internet Explorer 8 Developer Tools installed, press F12 on your keyboard to determine whether compatibility mode is used. If the main menu reads ‘Browser Mode: IE 8 Compatibility View,’ click this menu item and select Internet Explorer 8. This change affects only the current browser session.
Features, settings, and ■ .NET Framework 3.5 SP1 additional software ■ Java Runtime Engine (JRE) 1.6u41, which is included with the ISO files from CA Technical Support. ■ Operating system configured as described in the Installation Guide or Upgrade Guide Console and standalone servers: ■ ASP.NET 2.0, including COM+ network access, IIS, and ASP ASP.NET 2.0 comes with .NET Framework 3.5. ■ Adobe Flash Player for viewing parts of the user interface, including the Administration System Status page ■ Adobe Acrobat Reader on any server that is used to display product documentation
System Requirements and Recommendations (Linux)
If you install the Harvester on a Linux system, verify that your hardware meets the recommendations and requirements that are noted here, in the CA Network Flow Analysis Installation Guide, and in the CA Network Flow Analysis Upgrade Guide. For the latest version of the documentation, visit CA Support.
Setting or Component Description
Operating System Red Hat Enterprise Linux 5.5 or 5.6 on a 64-bit processor
12 Release Notes
Language Support
Setting or Component Description
Language English, Chinese (Simplified), French (France), or Japanese language The appropriate language packs are required for localized deployments. Disk Space Root partition that contains 40 GB of available space Partition for CA Network Flow Analysis that contains the following amounts of available space: ■ 41 GB for the installation files ■ 1 TB for data
CPU Two 2.26-GHz quad core processors
Memory 12 GB RAM
Hard drives Six 300-GB, 10,000-RPM SAS hard drives in RAID5 configuration
Ports 1-Gb Ethernet port
Screen resolution Minimum display resolution of 1024x768 (XGA)
Features, settings, and ■ Java Runtime Engine (JRE) 1.6u41 additional software ■ SNMP configured as described in the Installation Guide ■ Level 3 and 5 iptables disabled ■ Adobe Acrobat Reader for any server that is used to display product documentation
Language Support
The present version of CA Network Flow Analysis supports the following locales: ■ Chinese (Simplified) ■ English (US) ■ French (France) ■ Japanese
Additional languages might be supported in the future. A few known issues relate to language support. For more information, see the Localization Status Readme file, which is available on the product page on the CA Support website.
Chapter 2: System Requirements 13
Chapter 3: New Features and Enhancements
CA Network Flow Analysis 9.1.3 includes the following new features:
This section contains the following topics: Anomaly Detector (see page 15) Expanded Support for Upgrades (see page 16) Flow Cloner (see page 17) Changing Router Tenant and Domain Assignments (see page 17) Quick Installation for Any Future Updates (see page 19) Documentation Bookshelf (see page 19)
Anomaly Detector
CA Network Flow Analysis 9.1.3 supports operation with an updated version of Anomaly Detector, in concert with CA NetQoS Performance Center 6.1.194.
Anomaly Detector monitors data sources for anomalous behaviors that may indicate misconfiguration, malicious attacks, poor application delivery, or other problems. Anomaly Detector searches for anomalies and sends alerts for up to 27 types of suspicious patterns or packet types. The program performs its monitoring with minimal configuration and with no need for ongoing data entry.
Anomaly Detector observes and learns from your network: It uses dynamic algorithms to create and continually improve a profile of the network. This profile is used in combination with mathematical analysis to determine whether network traffic is anomalous.
Report views are shown in the CA NetQoS Performance Center Console, where you can integrate them into an enterprise-wide perspective on your network's performance and health. You also use the Console to perform most administrative tasks.
Anomaly Detector can collect, analyze, and report on data from multiple data sources: ■ NetFlow data distillation by CA Network Flow Analysis ■ SNMP collection by CA NetVoyant ■ TCP application performance from CA Application Delivery Analysis (SuperAgent) ■ Voice and video performance from CA NetQoS Unified Communications Monitor
Upgrades are supported for previous installations of Anomaly Detector version 2.2.16.
Chapter 3: New Features and Enhancements 15
Expanded Support for Upgrades
You can access the documentation in several ways: ■ Click Help in the CA NetQoS Performance Center Console, then click the documentation links. ■ Click Help in the CA Network Flow Analysis console, then click the documentation links in the Bookshelf that opens. ■ Download the latest documents from the CA Support product page.
Expanded Support for Upgrades
CA Network Flow Analysis 9.1.3 supports upgrades for a wider range of deployments: ■ If your CA Network Flow Analysis deployment includes Windows Server 2003 servers, you do not have to upgrade the operating system on those servers. ■ If you upgrade from CA NetQoS ReporterAnalyzer 9.0.1 (9.0 update 1), you have the option to continue to use CA NetQoS Performance Center 6.1.194. You also can switch to using CA Performance Center 2.2.x or 2.3.x.
For enterprises that have either of these options in place, upgrades are simplified, the risk of data loss is reduced, and reconfiguration is minimized.
The following lists show some of the options that are supported for upgrades: ■ Operating System – Windows Server 2008 R2 Standard edition (any installation server) – Windows Server 2003 Standard edition (any installation server) – Red Hat Enterprise Linux 5.5 or 5.6 (Harvester servers)
■ CA Performance Center – Operation with CA Performance Center 2.2.x or 2.3.x – Operation with CA NetQoS Performance Center 6.1.194
For more information about upgrade support, see Version Compatibility (see page 10).
16 Release Notes
Flow Cloner
Flow Cloner
The Flow Cloner feature is re-introduced for CA Network Flow Analysis 9.1.3. You can use the Flow Cloner feature to forward flow data from a Windows-based Harvester to another collection device, such as a Harvester in a different deployment. You can send the same data to two collection devices without burdening your routers with sending the data twice. For example, you could use the Flow Cloner to send flows to an Intrusion Detection System (IDS).
To learn how to install, configure, and run the Flow Cloner, see the CA Network Flow Analysis Administrator Guide topics under "Set Up Flow Cloning."
Changing Router Tenant and Domain Assignments
You can now use the NFA console to change the tenant / domain assignments for routers in a multi-domain deployment that is registered as a data source for CA Performance Center. The tenant / domain setting affects routers and interfaces in the following ways: ■ The router's current tenant assignment determines which SNMP profiles are available for polling the router interfaces. ■ The interface's domain setting determines which operators and reports have access to the interface data. Each one of a router's interfaces can be assigned to a different domain.
When you first add a Harvester and configure its routers and interfaces to export flow data, the routers and interfaces inherit the Harvester's current tenant / domain setting. If you change the router's tenant / domain setting, any newly active interfaces are added to the new domain. The existing interfaces remain in the previous domain by default.
Note: Tenant settings are applicable only if your CA Network Flow Analysis deployment is registered as a data source for CA Performance Center. You can edit a router's domain setting in a CA Network Flow Analysis deployment that is registered as a data source for CA NetQoS Performance Center, but you cannot change the router's tenant.
How to Change the Tenant / Domain Setting for Routers
You can change the tenant / domain setting for routers in the NFA console.
Follow these steps: 1. Log into the NFA console as an Administrator. 2. Click Administration. 3. Select Interfaces: Physical from the menu on the left.
Chapter 3: New Features and Enhancements 17
Changing Router Tenant and Domain Assignments
4. Locate and select the router or routers that you want to edit on the Active Interfaces page that opens. 5. Click Edit.
6. Use the Edit Router dialog that opens to assign a different tenant / domain combination to the router or routers. The Domain option is visible only in an environment that has multiple domains.
7. (Optional) Assign an SNMP profile from the drop-down list. If you have changed the router tenant, the list of SNMP profiles is updated to reflect the new tenant.
8. Click Save. Your changes are applied. Any new interfaces that start generating flow data inherit the domain setting that you specified.
How to Administer SNMP Profiles for Tenants
You can view and manage the SNMP profiles that apply to each tenant in the CA Performance Center Console.
Note: To perform this task, your CA Network Flow Analysis deployment must be registered as a data source for CA Performance Center. This task is not applicable to CA NetQoS Performance Center.
Follow these steps: 1. Log into the CA Performance Center Console as an Administrator who has access to All Groups. An Administrator who has access to All Groups can review and manage the SNMP profiles for any tenant. Tenant Administrators can access only the SNMP profiles for their own tenants.
2. Select Admin, Tenants. The Manage Tenants page opens and displays the existing tenants.
3. Select the check box next to a single tenant name. 4. Click Administer. The Manage Users for
5. Select Admin, SNMP Profiles. The Manage SNMP Profiles for
18 Release Notes
Quick Installation for Any Future Updates
6. Review, add, edit, or delete the SNMP profiles as needed. 7. Save your changes. As soon as CA Performance Center synchronizes data with CA Network Flow Analysis, your changes affect any SNMP profiles that are In use. If you add an SNMP profile, it is available for assignment when you edit routers in the tenant domains. If you delete an SNMP profile that is in use, any affected routers list their assigned SNMP profile as
Quick Installation for Any Future Updates
If an updated version of CA Network Flow Analysis 9.1.3 is released in the future, you will be able to install the updated software without uninstalling your existing CA Network Flow Analysis 9.1.3 software.
As always when you modify the software, first perform a backup of your data and configuration files as described in the CA Network Flow Analysis Upgrade Guide section titled "Finishing the Upgrade Preparations."
Documentation Bookshelf
CA Network Flow Analysis 9.1.3 has an expanded document set, which is accessible through the CA Bookshelf. To display the bookshelf, click Help in the NFA console. To be sure you have the latest documentation updates, download the bookshelf and Readme files from CA Support.
The hew Bookshelf includes the documentation for CA Anomaly Detector.
Chapter 3: New Features and Enhancements 19
Chapter 4: Locating Information About Known Issues
Known issues for the current version of CA Network Flow Analysis are described in the Readme, which is located in your installation directory.
See the Localization Scope Readme for detailed information about language support issues.
The documentation may have been updated since its release. To be sure you have the latest documentation updates, download the bookshelf and Readme files from CA Support.
Chapter 4: Locating Information About Known Issues 21