- What is the general functionality and main components of Teldat’s solution?
- What are the advantages of Teldat’s solution compared to other Netflow collectors?
- What licenses are required?
- What configuration is needed?
- What server deployment options are available?
- In which Public Cloud is deployed Teldat Visualizer?
- Is Teldat Visualizer a scalable and reliable solution?
- How are the devices identified in the platform?
- Is Teldat Visualizer integrated with CNM?
- What protocols are used?
- What is the security level for exported data?
- How many different dashboards can you create and use?
- Are there any proactive options you can use to detect specific or unusual traffic conditions?
- Can you get periodic reports on network visibility?
- What inspections possibilities are possible when SAP is used?
- What inspections possibilities are possible when Citrix is used?
- It is possible to identify public cloud applications such as Salesforce, Microsoft365, Facebook, YouTube, WhatsApp, Instagram, Skype, Snapchat, Twitter, Spotify, Goolge+, Telegram, LinkedIn, Viber, Pinterest, Flickr and so forth (from mobiles or PCs)?
A: Each device in the network exports traffic information to the visibility server using Netflow. All of the data is then added to a Big Data engine and presented to the user in an intuitive graphical interface with multiple filter options and visualization modes.
A: The Netflow standard identifies traffic based on source and destination addresses, which creates a problem because, depending on the direction of traffic, the source becomes the destination and vice versa, hindering traffic analysis and filtering. With Teldat’s solution, traffic is marked as internal and external regardless of the direction in which it is travelling. Other advantages include a powerful Big Data engine capable of complex analysis, almost instantaneous filtering, fully customizable dashboards, report and alarm options, and an intuitive user interface.
A: Network devices require a Deep Packet Inspection (DPI) license to export level 7 data, but no license to export level 1-4- data. In the server: a license is needed for every device that is going to export visibility data for processing. It follows the same license model as Cloud NetManager, because both tools share the license server.
A: In remote devices you need to enable Netflow on the WAN interface and configure the Netflow parameters of the server to which traffic is to be exported. Optionally, Access Control Lists associated with route-maps and labels in the Netflow protocol to label different traffic categories and enabling level-7 application detection when there is a DPI license. In the server, optional Dashboard generation to present information according to user preferences.
A: Teldat Visualizer is deployed in Google Cloud, in a German Datacenter.
A: Only a SaaS version at the moment. An on-premises version will be available shortly.
A: Yes, as mentioned before, Teldat Visualizer is deployed over Google Cloud Platform. Teldat Visualizer design is based on containers, so the software architecture is divided in functional blocks, and each block is deployed as a container.
This solution increases the reliability of the platform, because each container is functionally independent from the rest, so they can be individually deployed in a high availability architecture.
Additionally, the Kubernetes service allows to scale the solution by containers, so in case of overload of one of the components, it’s only needed to scale the overloaded functional block.
A: The Teldat devices are identified with the Serial Number and the Digital Verification Code (DVC), to assure that malicious devices can’t be connected to Teldat Visualizer.
A: Yes, Teldat Visualizer is highly integrated in Cloud NetManager solution. Although they are deployed in different Cloud Providers, both tools share the license server, to be able to manage licenses from a unique point.
The tools share the same user hierarchy, to manage and control in different levels the group of customers.
Additionally, both share the mail server which is used to send the notifications to the users.
A: Network devices export using standard Netflow v10 (IPFIX).
A: Under development encrypted according to IPFIX standard interoperable procedures and soon to be available.
A: As many as you need. There is no limit.
A: You can use filters to set alarms based on traffic thresholds. The filters can work on any combination of the exported parameters and, when an alarm is triggered, the result is memorized in the system and an email alert generated as well.
Based on this notification capabilities, Teldat Visualizer will include in the future AI (Artificial Intelligence) technologies, to analyze which is the traffic pattern in a customer and send notifications when the traffic behavior is out of this pattern. This will allow to our customer to detect incidents before they affect to the service.
A: Yes, you can use the report option to set up the system to automatically email dashboards periodically.
A: SAP’s proprietary application uses a known port (3200), so identification is easy. For SAP service mode, please see the question below on identifying public cloud applications.
A: Citrix allows inspection at two levels of granularity. The first level involves identifying the different applications, while the second level involves identifying the different priority levels that may be necessary to transport application information in a single application (Citrix provides 4 priority levels: “Very High” for audio, “High” for the visual user interface, “Medium” for MediaStream, and “Low” for printers and serial/parallel ports). This last type of classification is the most interesting, since it provides greater granularity and ensures the necessary priority according to the criticality of the data transmitted. This second level is supported by the DPI license (note, it requires configuring ICA in Multi-Stream mode, which implies carrying each priority level in a separate TCP session).
Q: Is it possible to identify public cloud applications such as Salesforce, Microsoft365, Facebook, YouTube, WhatsApp, Instagram, Skype, Snapchat, Twitter, Spotify, Google+, Telegram, LinkedIn, Viber, Pinterest, Flicker and so forth (from mobiles or PCs)?
A: Identifying these applications is complex because they often distribute processes between multiple connections simultaneously, connecting to a variety of IP addresses and domain names which must all be identified. For example, with Salesforce, the various provider services are identified at the IP layer, as indicated here; for Microssoft365 identification is based on domain names and IP addresses and is available here; and by and large, the information is available from the same sources and third parties, for instance, for Facebook traffic.