OmniPeek CloudStats Plug-In

Moving services to hosted environments is viewed as a way to reduce costs by offloading the infrastructure management onto the hosting provider. However, one aspect of management should be maintained in-house: service level monitoring. Whether your server is located in a data center or in the cloud, network monitoring and analysis is still a crucial part of cloud-hosted network management; it just has a different role. The person in control of the network is now managing service availability and performance rather than managing their own company’s infrastructure. If cost was any factor in the decision to outsource, then it is absolutely critical to perform network analysis measurements to determine whether the costs justify the service levels.

However, network monitoring can be very challenging when moving to a cloud environment. Cloud typically leverages high levels of automation in service deployment to add and remove redundant load-balanced virtual instances. Rapid creation and retirement of VMs leads to IP address churn, which can make it very difficult for an analyst to track services by IP address.

With this in mind, we’ve created a special CloudStats plug-in that works in tandem with the existing network maintenance and monitoring benefits already provided by the OmniPeek network analyzer, making it easier to manage and monitor service availability and performance with cloud applications.

How does it work?
The CloudStats plug-in enables OmniPeek to display a cloud service by name, rather than IP address. Not only are names easier for people to recognize than numbers, the nature of Cloud and other web hosting techniques means that the network engineer does not control the IP addressing of the hosted services, and in fact the services’ underlying IP addresses may change between captures. The CloudStats plug-in allows this dynamic de-coupling of addresses and hostnames to occur, without any loss of clarity for a network analyst.

The CloudStats plug-in works by leveraging and extending the technology in OmniPeek’s Web views, extracting the host names directly from HTTP request packets in the “Host” header. Given that the “Host” header is created by the user’s web browser, the server name will correspond directly with the data returned in the HTTP response. The names are then automatically inserted into the OmniPeek nametable, so each cloud host name also appears in the OmniPeek nodes view, expert view, as well as any other feature in OmniPeek that displays nodes.

What else can you do with the CloudStats plug-in?
Beyond monitoring of externally hosted company services, the CloudStats plug-in is useful for analysis of any HTTP-based traffic.

When diagnosing problems with in-house web applications, it is now much easier to follow the logic flow split across multiple servers. Rather than trying to visually differentiate between a number of similar IP addresses in a contiguous range, packets are now clearly delineated by name as connections to the static image server, the SSO session initializer, the primary UI display formatter, and the data store.

When analysing single-PC issues, the CloudStats plug-in provides effortless propagation of website names. Gone is the uncertainty of a sea of unidentified external IP addresses. Web addresses are now automatically resolved, greatly speeding up the process of eliminating the unknown. This process will be appreciated when performing a security incident post-mortem: it’s far easier to focus on unknown servers when a significant portion of servers have hostnames in known and trusted domains.

Multi-PC captures will also be much easier to analyze, as servers will be auto-labeled with names, but clients will not.

Advanced usage: combining CloudStats with other plug-ins.
Sometimes the diagnostic need is to view traffic between the local network and the Internet, without worrying about which internal clients are connecting to which Internet services. The CloudStats plug-in is excellent at providing additional information about web servers. To reduce the clutter arising from multiple internal clients, the SubnetMap plug-in provides aggregated naming of subnets as single entities. The combined use of CloudStats and SubnetMap will transform the peer chart from a spaghetti tangle into a clean list of web connections, with all internal clients appearing as a single central chart entity.

For an expanded survey overview of internal servers and open services, combine the CloudStats plug-in with the Traffic Analyzer plug-in. The Traffic Analyzer plug-in provides a breakdown of open ports on hosts, for completely passive internal server port mapping. Combined with the CloudStats plug-in, each server IP address will additionally include the name pulled directly from the HTTP request.

Conclusion: Automatic name resolution, just like the Web.
Modern network deployments have reached the point where services can no longer rely on static IP addresses. The CloudStats plug-in enables modern network analysis using inline server name resolution.

One thought on “OmniPeek CloudStats Plug-In

Leave a Reply