Post on 13-Jan-2017
transcript
Cross Domain Solutions for SolarWinds® from Sterling Computers
Presented By:
Ed BenderSolarWinds Worldwide, LLCSenior Federal SE Manager ed.bender@solarwinds.com410-286-3060 (office)
Ben ChernicoffSterling Computers Corp.Software ArchitectBen.Chernicoff@sterlingcomputers.com503-926-6513(office)
VIEW AND NAVIGATE STATUS OF NETWORKS ON A SINGLE SCREEN
2
Agenda
•Need for Cross Domain Solution
•SolarWinds Overview
•Orion® Solution Overview and Demonstration
•Orion Architecture and Scalability
•SolarWinds Enterprise Operations Console (EOC) Demonstration
•Sterling Computers’ Cross Domain Solution
•Questions and Answers
3
Need for Cross Domain Solution (CDS) for SolarWinds Deployments
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED
4
CDS for NIPR, SIPR, JWICS and More
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED
USE CASES SUPPORTED BY A CROSS DOMAIN SOLUTION
•Enterprise operations staff that manage enterprise assets in multiple security domains desire to have a single operations console showing the status of all assets within all domains
•Networks in different security domains are not directly connected through ordinary means leading to each network having an independent network monitoring infrastructure
• Each network uses one or more SolarWinds Orion servers to poll the assets that are being monitored; SolarWinds Enterprise Operations Console (EOC) aggregates Orion servers to provide a single dashboard view of multiple Orions servers, but it can’t reach across to Orion servers running in another security domain
• EOC uses a “pull” model to communicate with Orion; that doesn’t work with one-way-transfer Cross Domain Solutions and the protocol is not supported by existing two-way-transfer CDSs.
5
SolarWinds Overview
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED
6
SolarWinds Federal
•Provide enterprise-class network, systems, security, virtualization, and storage resource management software that is powerful, easy-to-use, and affordable
• Over 425 of the Fortune 500 • 35% of the Global 2000• Businesses of ALL Sizes in 170
Countries• Every branch of DOD and virtually
every Civilian and Intelligence agency
•Founded – 1999•Headquarters – Austin, TX•Federal Office – Herndon, VA•Worldwide Offices – 11•Employees – 1,800+•Customers – Over 150,000+ worldwide•Revenue – $428.7 million 2014
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED
GOVERNMENT CUSTOMERS
THE BASICS - WHO
7
Our Vision
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
• Regardless of where the applications and underlying infrastructure are deployed
• Regardless of where our management tools need to be deployed
• While continuing to take a user-centric approach – only buy what you need, when you need it
Manage All Things IT…
MANAGE ALL THINGS IT IN A HYBRID WORLD
Use Case: Troubleshooting IT & App Performance
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 8
My app is really slow!
Is it the app?
Is it the network?
Is it the database?
Is it the server?
Is it a VM?
Is it the storage?
monitor, alert, troubleshoot and resolve
Our products:Make the invisible, visible
9
Product Mission: Enable IT & DevOps pros to proactively and reactively monitor, alert, troubleshoot and resolve issues quicklyProduct Principles: Fast (accessible immediately), Easy (best in class UX) and Affordable (starting price for agencies of all sizes)
What We Offer Today
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Network Management
Performance
Configuration
IP Address
VoIP
Systems andApp Management
Servers & Apps
Virtualization
Storage
Database Management
Database Performance
Tools
Remote Troubleshooting
Web Help Desk®
Topology Mapping
Security Management
Log & Event
Patch
Configuration• SQL®
• Oracle®
• DB2®
• Sybase®
• AWS®
Device Tracking Secure File Transfer
Web Performance
BUILDING TOWARD OUR VISION
10
SolarWinds Product Portfolio
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
ACROSS THE IT ENTERPRISE
WEB HELP DESK/WHD *FREE* ALERT CENTRAL
SERVER & APPLICATION MONITOR/SAM
VIRTUALIZATION MANAGER/VMAN
STORAGE RESOURCE MONITOR/SRM
WEB PERFORMANCE MONITOR/WPM
DATABASE PERFORMANCE ANALYZER/DPA
NETWORK PERF MONITOR/NPM
NETWORK TRAFFIC ANALYZER/NTA
NETWORK CONFIG MANAGER/NCM
IP ADDRESS MANAGER/IPAM
VOIP & NTWK QUALITY MGR/VNQM USER DEVICE TRACKER/UDT
LOG & EVENT MANAGER/LEM
SERV-U® MFT SERVER/SERV-U PATCH MANAGER/PATCH
ENGINEER’S TOOLSET/ETS
NETWORK TOPOLOGY MAPPER/NTM
KIWI SYSLOG®
CATTOOLS®
TOOLS
MOBILE ADMIN®
DAMEWARE® REMOTE SUPPORT/DRS
ENTERPRISE OPERATIONS CONSOLE/EOC
SYSTEMS MGMT
NETWORK MGMT SECURITY MGMT
DATABASE MGMT
CROSS-PRODUCT VISIBILITY
TOOLS
11
Orion Solution Overview
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED
12
SolarWinds Orion Product Suite
•Network Performance Monitor•NetFlow Traffic Analyzer•Network Configuration Manager•IP Address Manager•User Device Tracker•VoIP and Network Quality Manager•Server & Application Monitor•Web Performance Monitor•Storage Resource Monitor – new•Integrated Products
–Virtualization Manager –Database Performance Analyzer – new–Patch Manager–Engineer’s Toolset
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED
COMPREHENSIVE PLATFORM FOR IT INFRASTRUCTURE VISIBILITY
13
SolarWinds Orion Product Suite
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED
ORION WEB CONSOLE
14
The Orion Core Architecture
•Orion Core Functional Architecture–Information Service – web console–Alerting Engine–Reporting Engine–Network Atlas – Mapping–Scheduled Device Discovery–Database
•Orion Core Hardware Requirements–Application Server–Database Server–Flow Storage Server – optional–VMAN Application Server - optional–Polling Engines – optional–Web Server – optional
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED
•Additional Details–Orion components can be installed stand alone and
establish their own Core–All or combinations of products can install on a single
Core–There are NINE Orion Core products–Four more SolarWinds products can integrate with an
Orion Core installation–The Orion Core offers visibility to IT infrastructure with
the capabilities of up to 14 products in a single intuitive and customizable web console
–This greatly simplifies hardware requirements and sustainment of monitoring and management tools
–Improves operational efficiency with a single pane of glass and lowers total cost of ownership vs. point products
THE PLATFORM FOR INFRASTRUCTURE MONITORING & MANAGEMENT
15
SolarWinds Orion Demonstration
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED
IT MANAGEMENT TOOLS THAT SCALE FOR THE ENTERPRISE
16
Orion Architecture and Scalability
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED
17
The Orion Core Architecture
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED
CORE PRODUCTS AND PRIMARY INTEGRATIONS
NPMInterfaces, Wireless, Virtualization, UCS…
ORION CORE Primary Polling Engine and Common Services:
Nodes, Volumes, Alerts, Events, Reports, Discovery, Syslogs, Traps, Maps, APIOrion
Core DB
IPAMIP add. Mgmt.
NTAIP Flows
PRIMARY WEB SERVER
SAMServers andApplications
MORE Network - Servers
ApplicationsStorage
ADDITIONAL POLLING ENGINE +
NCMConfig. Mgmt.
NetSec
UDTPort
Monitor.NetSec
VNQMVoIP
Monitor
WPMWeb
Monitor
VMANVirtualInfra.
Monitor
SRMStoragMonitor
PatchUpdateMgmt.
SysSec
ToolsetReal-timeTrouble
Shooting
FlowStorage
DB
Network - ServersApplications
Storage
DPADB
Perf.
18
SolarWinds Orion Simple Deployment
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Scales to:• 12,000 Network Elements• 20,000 Server/Application
Elements• 50,000 Flows Per Second• 20+ Concurrent Users
One or more Orion products installed on Orion Server: NPM, NTA, NCM, UDT,
IPAM, VNQM, SAM, SRM, WPM, Patch, Tools, VMAN
Web Browser: Internet Explorer®, Firefox®, Chrome™
NTA Flow Storage Database (FSDB)*
MS SQL Server®
IT devices and apps being monitored
(switches, routers, servers, hosts, SANs,
apps, websites)
SolarWinds Orion Server
*Only needed if NTA is installed on Orion Server
SIMPLEST DEPLOYMENT SCENARIO
19
Orion Data Collection with Additional Polling Engine
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
This Configuration with multiple Additional Polling Engines can Scale to:• 100,000 Network Elements• 150,000
Server/Application Elements
• 300,000 Flows Per Second• 20+ concurrent users (Can
scale higher with Additional Web Servers)
SolarWinds Orion Server
MS SQL Server
NTA Flow Storage Database (FSDB)
Polling Engine
Up to 75 additional polling engines can be installed locally
and/or remotely
IT devices and apps being monitored by additional
polling engine in a remote office
MONITOR AND MANAGE MORE IT DEVICES
20
Enterprise Operations Console (EOC) with Multiple Orion Servers
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
This Configuration with multiple Orion instances with Additional Polling Engines can Scale to:• 75 Orion instances• 1,000,000 total Elements
(Network, Server/Application)
Orion Server
Orion Server
Orion Server
SolarWinds Enterprise
Operations Console
Web Browser: Internet Explorer, Firefox, Chrome Up to 75 remote and/or
local Orion Servers can be monitored by a single
EOC
EOC collects, displays and alerts on real-time operational status
of all IT devices monitored by all Orion Servers
MS SQLServer
AUTOMATED HIGH LEVEL SITUATIONAL AWARENESS
21
SolarWinds EOC Demonstration
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED
22
Sterling Computers’ CrossWatch for SolarWinds
CrossWatch for SolarWinds Deployment Architecture
EOC
Multi-Level User Experience
Orion Server
Low Side
High SideHTTP
SOAP
CrossWatch
SmartXD SWIS SWIS
XML
SOAP
CrossWatch
SmartXDSWIS
XML
Orion Server
One Way
CDS
CrossWatch adds cross domain aware components into the SolarWinds deployment to provide a multi-level monitoring capability
What is SmartXD?
•A cross-domain guard abstraction layer that simplifies building multi-level applications and capabilities
•It’s NOT a guard!–Utilizes existing approved cross domain transfer solutions–Tightly integrates with: AFRL ISSE, NSA Cloud Security Gateway, BAE XTS Guard,
and Tresys XD Bridge–Generically supports any streaming TCP/IP, FTP, or other file-transfer based guard
•XML messages are transferred across the guard–XML message are defined by a strict XML schema, which can be installed on the
guard and used to validate messages in transit
•Platform independent; i.e. runs on Windows, Linux, Solaris, etc.•Written in Java and runs in Apache Tomcat •Common Core of other products in this briefing
What is CrossWatch?
•CrossWatch is a type of store-and-forward system that adapts the “pull” model used by the EOC into a cross-domain “push” model where results are pushed from a low domain to a high domain
•CrossWatch on the low domain implements the SolarWinds Information Service (SWIS) protocol and executes SWIS queries on a periodic basis against the low-side Orion server; these results are sent to SmartXD where they are formatted and packaged into well defined XML messages that are suitable for cross domain transfer. The messages are then transmitted to the guard
•On the high side the messages are received and processed by SmartXD and forwarded to CrossWatch where they are cached; the high side EOC polls CrossWatch and the results are delivered; to the EOC, the high-side CrossWatch component appears to be the low-side Orion server
•Some EOC queries include time ranges, so CrossWatch contains algorithms to correctly match the results cached from the low side Orion to the queries executed by the high side EOC
•CrossWatch also handles conditions such as missed polling intervals (for example, if either the EOC or Orion go down, or the cross domain transfer rejects a payload), and insures the cache does not grow without bound
CrossWatch and EOC Example Screen
Data retrieved from the EOC handler will display within the EOC as usual
Orion Instances from multiple
domains
EOC Behavior
• On some pages EOC has hyperlinks that would normally redirect the user to the Orion server; direct linking to a low-side Orion doesn’t work in the same way in a low-to-high only cross domain deployment
• The EOC handler implements a proxy web server that will return a web page stating that the Orion server is located in a different network and what the user must do to that network to access that Orion server; likewise, operations in the EOC that perform on-demand operations to Orion, such as reports and alert acknowledgements will not work. More sophisticated behavior is possible in a two-way-transfer scenario
•Sterling has technology that will allow the high side EOC to directly launch web pages in the low side Orion server; the high side EOC handler intercepts the web page redirect and relays a small control message through a two-way cross domain solution to the low side Orion handler; the low side Orion handler then opens the correct web page on the local Orion server; again, this transfer is covered later
•If the user has a cross domain access solution (multi-level desktop) such as AFRL SecureView at the site, the result is that the low side Orion web page opens on the same screen as the high side EOC; everything would work just like it does within a single network; a screen shot of this is on the next slide
Multi-level CrossWatch UX using CDS Access Solution
CrossWatch for SolarWindsDemonstration
30
CDS for NIPR, SIPR, JWICS and More
•Better situational awareness of IT across the enterprise–Many missions depend on fully operational IT systems in multiple security domains
(e.g. NIPR, SIPR, JWICS)–Senior leadership wants to see the status of all their critical IT systems without having
to look at two or three separate reports or dashboards•For “IT dashboard watchers” this can add up to significant time savings•Status of all IT in support of a mission needs to be displayed on one dashboard and map
•More efficient utilization of enterprise IT operations staff–IT operators need to track status of different networks by looking at different screens
in the Network Operations Center–Consolidating IT status across all security domains into a single screen allows smaller
IT staff to track operational status across more of the IT Enterprise•Less “swiveling” between multiple monitors to keep track of multiple networks simultaneously•More time available to resolve issues and less time just looking for what the status is
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED
USE CASES SUPPORTED BY A CROSS DOMAIN SOLUTION
Thank YouQUESTIONS?
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED
32
Contact Information
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
LET US KNOW HOW WE CAN HELP YOU
DLT
Phone: 800-262-4DLT (4358)Email: solarwinds@dlt.comWeb: www.dlt.com/brands/solarwinds
SolarWinds Federal
Phone: 877-946-3751Email: federalsales@solarwinds.comWeb: http://www.solarwinds.com/federal
Sterling Computers
Phone: 877-242-4000Email: smartxd@sterlingcomputers.com Web: www.sterlingcomputers.com
33
Additional Resources
DLT
•Follow us on Twitter: https://twitter.com/DLTSolutions •Follow us on LinkedIn®: https://www.linkedin.com/company/dlt-solutions •Subscribe to Technically Speaking by clicking here
SolarWinds
•Watch a short demo video: http://www.solarwinds.com/sedemo
•Download a free trial: http://www.solarwinds.com/downloads/
•Download our Scalability whitepaper by clicking here
•Download our Cybersecurity Survey Summary by clicking here
•Visit our thwack® government group: https://thwack.solarwinds.com/groups/federal-and-government
•Follow us on LinkedIn®: https://www.linkedin.com/company/solarwinds-government
Sterling
•Download: –CrossWatch Overview: http://www.sterlingcomputers.com/crosswatchoverview.pdf
–CrossWatch CONOPS: http://www.sterlingcomputers.com/CrossWatchCONOPS.pdf
–SmartXD Overview: http://www.sterlingcomputers.com/smartxdoverview.pdf
–SmartXD CONOPS: http://www.sterlingcomputers.com/smartxdwhitepaper.pdf
•Follow us on LinkedIn®: https://www.linkedin.com/company/sterling-computers
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
LET US KNOW HOW WE CAN HELP YOU
34
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
The SOLARWINDS and SOLARWINDS & Design marks are the exclusive property of SolarWinds Worldwide, LLC, and its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or
pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks, registered or pending registration in the United States or in other countries. All other trademarks mentioned herein are used for identification purposes only and may be or are trademarks or
registered trademarks of their respective companies.