Skip navigation
All Places > CA APM > Blog
1 2 3 Previous Next

CA APM

261 posts

Thank you for joining today's community webcast: How to Build Trust in your APIs with Runscope 

Please follow your presenters today:  saybar and JohnCBenbow

 

Presentation (is attached)

Start a Free Trial --> API Monitoring · Runscope API Monitoring 

Watch the Recording --> Webcast Replay: How to Build Trust in your APIs with Runscope 

Introduction

This for the first time in one place, captures the important areas to investigate before opening an APM TIM SSL case.

 

I've visited some of these ideas in:
https://communities.ca.com/community/ca-apm/blog/2017/12/01/tech-tip-66-drat-why-cant-i-record-in-apm-ce-cem -- Why can't I record?

https://communities.ca.com/message/99822745#99822745 -- Private keys

 

Question #1: Are there issues with my network setup?
Very often, network and SSL issues are interrelated. If the network traffic is one-way, filtered out, empty or small packets, having dropped and out of order packets, then SSL traffic may not appear correctly or at all.

 

See the above links for possible next steps as well as https://support.ca.com/us/knowledge-base-articles.tec1122441.html SSL Decode failures.

 

Question #2 Are my private key and passphrase in order?
Often, APM admins are given private keys from their web server, firewall, and load balancer admins.However, they must trust that they received the right key in the correct format with the correct passphrase (including if in upper, lower, or mixed case). This may not be the case. To verify, compare the modulus of the certificate from the server with the private key that you were given. See How do I verify that a private key matches a certificate? (OpenSSL) .

 

Question #3 Am I using a supported TLS ciphersuite or TLS extension/feature?
If you get an unsupported cipher suite message in the TIM log, compare the ciphersuite number against a list such as https://www.thesprawl.org/research/tls-and-ssl-cipher-suites/ to learn more about the specific ciphersuite. 

 

Also see for further details
https://support.ca.com/us/knowledge-base-articles.tec1667615.html -- Supported TLS cipher suites
https://support.ca.com/us/knowledge-base-articles.TEC1926892.html -- Master secret
https://support.ca.com/us/knowledge-base-articles.TEC610516.html -- SSL session ticket

 

Question #4: Am I using TLS 1.1/1.2?
Your application may use TLS 1.1/1.2. APM TIM supports this feature with all current releases. But sometimes people forget to set explicitly DisableTLS11And12RecordsProcessing to 0 (Enable). Note by default this is implicitly set to 1 (Disable).

 

Next steps

By having gone through these four questions, you know that you are not having common networking and SSL issues. At this point, it is time to open a case providing such items as a HTTP/HTTPS trace (pcap, Fiddler trace, or equivalent), a TIM log with SSL. HTTP Components/Parameters, and networking addresses trace settings enabled. Ideally these should be both at the same time to perform event correlation.

 

Please let me know some other common questions that you ask and future CEM topics that you want to see.

Introduction:

The sun has come out today after experiencing the infrequent event of heavy snow in Tidewater, Virginia. So, now seems like a good time to get my first blog out for the year. And I want to revisit an old topic.

 

Favorite TIM Debugging Tools

From time to time, I get asked for a list of helpful tools for TIM debugging. Here are some of those utilities have found useful. The list is always changing. These should not be considered an official endorsement of the software by myself or CA Technologies.

 

1. APMscripts

     The ultimate utility scripts created by Joerg Mertin to gather the all-important info to analyze TIM performance and health. You can get from  https://github.com/CA-APM/cem-healthcheck-scripts . It is covered in APM Tech Tip -- The Missing Manual Part 3: Tim Monitoring 2 (apm-scripts) 

2. TIM Logs with Trace options enabled  . See APM Tech Tip: TIM Trace Options -- The Missing Pages Part 1 covers when to use which trace option.The same reference covers 

3. Wireshark for network data quality issues including checking if there is two way traffic, SSL cipher suites, HTTP servers and statements, missing packets, etc..

4. Transaction Inspection for overlapping definition issues Resolving APM CE Business Transaction/Defect Count Issues talks about this. Seeing which definition matches will show if it is the one that you expect.

5. To split large pcaps by size or IP address, splitcap is invaluable

6. Wikidpad for my personal CEM knowledgebase. Useful for searches.

7. Agent Ransack for analyzing and counting strings in a log. Supports regular expressions.
8. timconfigtool or any xml viewer to read domainconfig.xml. It is covered in APM Tech Tip -- The Missing Manual Part 1: TIM Analysis, Monitoring, and Other Tools  This is an internal tool

9. The TIM logs with SSL trace option on to see SSL cipher suites and SSL Decode errors (10.5 and later)

 

Questions for You:
- What other tools do you use for TIM debugging and for what situations?

- What other TIM topics do you want to see? 

CA's Education Program Director, Diana Parks shares some of the enhancements made to CA APM over time in her latest blog post -  view an excerpt below to see some of the new features: 

 

"In true education manner – we’ve developed this engaging (and short) microlearning video. It will take you through the new enhancements in the latest version of CA APM, as well as, the many prior amazing features added over the past year." 

 

Start your learning experience by watching this short video:

 

View the full blog here to learn more. 

Thank you for attending last weeks community event [DEMO] How to build a world-class digital experience 

Don't forget to follow your presenter Audel Moradi, CA Technologies Presales: morau01

Addressing the agilecentral defect DE136282 with this KB article.

When I install the Enterprise Manager (EM), the installation sometimes fails because the Postgres installation hangs. There are two reasons this might happen:

Postgres Database Installation Timeout

Symptom

When I installed Enterprise Manager, the installation completes with database creation failures. Upon investigation, I found that the installer got timed out due to Postgres database installation taking longer than acceptable. On further investigating I found that the Postgres Database eventually started, but APM DB schema is not created.

Solution

Manually uninstall the partial installation of the Postgres database, so that any instance of Postgres is removed from your server. Now install the Postgres database using the CA APM installer by selecting the DB Only installation option in the Choose the install Set screen.

Postgres Database Installation Stuck

Symptom

When I installed Enterprise Manager, the installation never completes. Upon investigation, I found that the installer hangs due to the Postgres database installer. On further investigating I found that the EM installation hangs due to Postgres database installation stuck running validateuser.exe process.

Solution

Manually end both Postgres and Enterprise Manager installation processes from the Task Manager and restart CA APM installer again.

Thank you to those that joined our Community Webcast on December 7: Learn more about Runscope API Monitoring   

Watch the Replay:

Webcast Replay - Learn More about Runscope API Monitoring 

 

 

Start a Free Trial Today!

API Monitoring · Runscope API Monitoring 

Introduction

   It has been around a year since I've written a tech tip. Instead I've focused on APM & Community Blogs. 

   Support has seen a slight rise in the number of APM CE (CEM) recording cases. Why is this? 

 

Contributing Factors to Non-Recording 

   Here are typical factors impacting recording.

  #1 More Complex Networking Environments 

      o Traffic may not be as clean as needed resulting in packet loss

      o Complex environments means it is quite possible to "miss something" in setting up HTTP/HTTPS traffic to the TIM.

      o Traffic may not be two way or have round trip server affinity for a transaction
      o Customer is using a networking feature (GRE tunnelling) , a network card or issues with OS/network interface setup (DNS, host file, ifcfg file etc.) 

   #2 Evolving Server SSL Setups 

      o Release of cipher suites that may not be supported. See for details: 

         https://support.ca.com/us/knowledge-base-articles.tec1667615.html -- Which Cipher Suites are supported CEM/TIM for decoding SSL hosted applications and how can I check those against the Ciphers installed on my web servers?

         https://support.ca.com/us/knowledge-base-articles.TEC1271109.html -- TIM Unable to decode TLS_RSA_WITH_AES_128_GCM_SHA256 SSL Cipher Suite.

        https://support.ca.com/us/knowledge-base-articles.TEC1419466.html  -- After disabling Diffie-Hellman and GCM ciphers TIM SSL Server Status page still shows many unsupported cipher suite decode failures with unsupported ECDH and AES GCM ciphers visible in TIM logs.

         https://support.ca.com/us/knowledge-base-articles.tec1667615.html -- Which Cipher Suites are supported CEM/TIM for decoding SSL hosted applications and how can I check those against the Ciphers installed on my web servers?


      o Evolution of SSL functionality such as TLS Session tickets and Extended Master Secret Plugin 

      o And the basics

         - Using the wrong IP/URL to access application.. 

        - Incorrect browser configuration including proxy, language etc. 
        - Web server/hardware filters not added to TIM/MTP.

        - Transaction already enabled (Transaction Discovery) 

  #3  Not checking TIM/MOM/TIM Collector status/log while recording

     o Wrong script recorder arguments or being sent to wrong EM.
     o Time is not synchronized between EMs, database, and TIMs.
     o EM in Unknown state due to MOM properties file misconfiguration.
     o Recording Service not running or started.

 

How to resolve

 

I basically start looking in this order

Switch>Tim (NIC/OS/SSL/Filters)>Tim Logs>Tim Collector Mom Log/Configuration

 

  For TIM, I start with the steps outlined in TIM Readiness Guide 
or the TIM Success Guide . If the TIM is seeing two-way unencrypted traffic, then I check it is showing up in the TIM log. If not, I look at SSL, web server/hardware filters etc,

Debug logging an be turned on as well for apmpacket  and Transaction discovery

 

If all the above fails, please consider opening a case.

 

Other sources

https://communities.ca.com/thread/99969035 -- CA Tuesday Tip: Top APM CE Misconfigurations and Their Impacts 

https://communities.ca.com/message/22049399#22049399 --The APM Script Recorder and a 404 Error

https://communities.ca.com/message/67186402#67186402 --CA Tuesday Tip: CEM Recording System Decision Matrix & https://support.ca.com/us/knowledge-base-articles.tec600296.html

https://support.ca.com/us/knowledge-base-articles.TEC1545243.html  --Agent Recording

https://docops.ca.com/ca-apm/10-5/en/extending/transaction-definition/recording-transaction-signatures  ---Recording Overview

 

Points for Discussion

 1. Do you think these are the major factors impacting successful recording

 2. Are there other factors that you have encountered? 

 3. Are there other TIM topics that you would like to see in future blogs?

Introduction
During this past Thanksgiving, I took the time to visit a local tourist attraction. It was something that I was very much looking forward to. This meant stopping by a public garden associated with a particular ancient structure and walking through the carefully kept grounds. 

 

But it was not meant to be. The garden was still there.  Unexpectedly, it was roped off and closed until it could grow back. (Which for the hedges may mean some years to come.)

 

What Happened?

I asked around why this sad state came to be. In learning the unfortunate details, it reminded me of what an online community should avoid if not wanting a swift decline.

 

Taking things for granted and assuming that things will always be the same.

Visitors always assumed that the garden would always be there and be opened to all. But gardens are delicate and will not thrive if not properly treated by visitors. Like all of us, it takes time to heal if under distress.


Not seeing the beauty of it all.
Some of those that traversed this striking patch of earth failed to see the value of it. So they treated it accordingly. Hopefully this does not happen to other public gardens or any online community. A garden (or a community) is dependent on proper use and care by dedicated resources. As a result, it is becomes a beautiful place to visit. 

 

For example, suppose if there are a lot of duplicate or wrong community posts. Then those posts were not moved or transferred. Then they would accumulate making it harder to find the appropriate posts. If people did not try to help each other, then possible users would seek elsewhere for answers. If new blogs on best practices are not shared due to lack of interest and contributors, the attraction to a community is far less.

 

Taking shortcuts

But the real killer was some inconsiderate garden temporary dwellers taking multiple shortcuts throughout the garden to move along faster. Sadly, this ruined it for all. And that's why it is closed today.

 

The interaction in a community can be impacted by those that ask questions which are unclear, incomplete, and without environment information or screenshots. This results in some back and forth posts for others to determine their true query. 

 

Conclusion

As long as the roots are not severed, all is well. And all will be well in the garden. Being There 

 

After taking an "after" photo, I will not soon forget what I've seen. It is my fervent wish that we all do what we can to keep this community healthy for years to come. Hoping that you agree!!!

The Product Compatibility Matrix (PCM) went live a few months ago. This is a great tool to quickly search for requirements data for your deployment.

 

Recently, it's come to our attention that the tool will come back with no results when using the search criteria dropdowns. JMertin has kindly clarified on how to use the search feature of this tool.

 

After choosing your product at the initial page, ignore the dropdown boxes and only use the checkboxes in the "limit results to" section and the search filter box just above the results section. This will yield the results you're looking for.

 

If you have any questions or concerns, please feel free to leave a comment or enhancement request on the community.

We’re proud to announce the service availability of CA App Synthetic Monitor (ASM) 10.0 – the first step to a completely transformed synthetic monitoring solution. In this release, we have made several enhancements to improve user experience including updates to the look and feel of the product.  

The release updates include:  

 

Updated menu navigation  

In this release, we have taken the first step in our phased approach to update the product UI. The menu navigation has moved to the left side of the screen, with menu options re-arranged to better fit standard user flows.  

 

Revamped monitor configuration  

As a part of the UI updated, we have also updated the configuration of monitors to clearly display the type of monitors ASM supports.  

 

Once a monitor type is selected, configuration is now broken down into categories allowing for quick and simple monitor creation. Monitors will be automatically validated by default (if needed, you can override this step and activate a monitor directly).  

 

 

 

Support for JMeter 3.3   

We have now added support for JMeter version 3.3, while continuing to support older versions. Script version is automatically detected and the appropriate JMeter version is used. With this update, CA BlazeMeter scripts are now compatible in CA App Synthetic Monitor.  

We can now also provide partial results for monitor timeouts, proving you with insight into the exact step that failed, along with this there will also be an assertion at the end of your script indicating what went wrong and why.  

*To leverage JMeter 3.3 support, you’ll need to update your On-Premise monitoring stations (OPMS).  

 

More flexible ad-hoc maintenance windows  

Ad-hoc maintenance windows now have more flexibility. You can now select the folder in the list of monitors and set a single occurrence and duration of a planned maintenance window in the future. 

 

Report improvement 

You can now build report previews for custom periods as well. This feature allows you to see report for today’s data or past weeks. You are no longer restricted to pre-set time periods. 

 

 

SAML support (available in Beta mode)   

In Public Beta mode, we are introducing SAML support. If you are interested in a single sign-on through your own identity provider, please contact our support team.  

 

Not using CA App Synthetic Monitor? Start your free trial today.  

If you’re not a current user of CA App Synthetic Monitor, no worries! You can get started with a 30-day free trial today and test these new features for yourself.  

 

 

Introduction
      Imagine if you were the proud owner of an old all-wooden house. While climbing up the steps to the entrance, you are greeted by numerous swarming bees. They hover around and fly uncomfortably close to you. In the past, you had a bad encounter with some bees and lived in mortal fear of them ever since. You freeze up in reaction and don't know what to do.

 

   Fortunately, a nature lover and all-around nice person is taking their afternoon walk nearby and immediately sizes up your situation. "Oh there is nothing to worry about. They are just carpenter bees. See, there is no yellow stripe like bumble bees. And the male bees do not sting. Just annoy you a little. "

 

   Suddenly, you don't feel as threatened. You learn to walk slowly around them and not mind their hovering. You start to move in and made a new friend along the way.

 

Perceptions : Overview
   Perceptions are our conduit to comprehending life situations. These are our impressions based on what our senses show us. From this input, our mind may race to a conclusion that could later be incorrect. This can impact our ability to resolve a situation, solve a problem, or deal with another person

 

So what can we do instead to keep us on track?
1. Have a reflective mind
Our minds are very clever in creating perpetual emotional dramas and it is far too easy to be trapped "in mind." Rather than react, observe, observe some more, reflect then act. A sense of calm and spaciousness typically follows doing this. You might even feel your body starting to relax.

 

2. Ask questions/Investigate if needed before jumping to conclusions, It is very easy when seeing an error message on a screen to get concerned. But looking further may show it to be a one-time occurrence due to unique circumstances.

 

3. Turn off a sense. In the movie Shallow Hal (no relation to the character or the actor Jack Black), the protagonist eyes/judgments cause them to perceive incorrectly a person's worth. Something just listening to a person or touching an object may produce a different response and thought pattern.

 

4. Patience and Persistence. All of the above includes a process of persistent investigation and reflection. And just as important, being patient with yourself and not be so outcome-driven. Understanding the true nature of a situation is a lifetime voyage of discovery

 

Your Turn
We all had our misconceptions of various things and sometimes learned the hard way how to do things better. Feel free to share what worked for you in these situations. We are all learners in this life and can pick up a useful tip or two from one another.

Thank you for attending our community webcast today.  If you missed today's presentation please listen to the recording and 'like' if you felt useful. 

 

 

* For customers interested to join the Beta for ASM, they will have to signup @ validate.ca.com.

Once done, they can simply contact Ales Lopata --> lopal05  requesting access to the ASM Beta environment.

 

Our presenters and event coordinators for today's event, please follow them:

LeoAnez

AshleyGeorge

Chaitan_Shet

Introduction

So, for several months I've done a series of blogs on how to create and maintain a vibrant community. And during the same time, our APM Community has become a little more active. But I see one area that each of us may consider changing to enrich ourselves and this community.

 

Step 1: Start Following More People

What I noticed that most people in this Community are following few people or have few followers. That means that all of us are missing potentially out on:

-Useful new documents

-Helpful new ideas

-Invaluable new questions/discussions or responses

-Tremendous new videos and webinars

-Making a key connection.

 

Step 0: Determine Which People to Follow

But you see that I uncharacteristically jumped the gun above.

How can you follow someone if you don’t know which someone to follow? Good point.

So here are some possible “following candidate” strategies

-Search for topics/environments that are important to you. And see which community members are contributing articles in that area.

-Look for peers at similar product levels. If a new customer, then search for other new customers

-Seek geographical colleagues

-You are only limited by your imagination! Wild and crazy guys? Large site administrators? Cat fanciers liking APM Scheduled Reports? Seek out your own birds of a feather!  

 

Step 3: Gaining Followers/Increasing Following

The reason for doing this should be not to say proudly to someone, “I have two thousand followers/following five hundred members in the APM Community.”  Instead, the focus should be linking to other kindred spirits to see how they are living their lives and dealing with technical/personal challenges that may be like your own! And be among the first to find out about their contributions as well them finding out about yours.

 

Your Turn

I've said what I wanted to say. Now it is your turn.

Please drop a line to Hallett.german@ca.com or respond below on following/followers, "following candidate strategies", and if you want to see more of these types of blogs.

We’re all familiar with these axioms:

 

  • Familiarity breeds complacency
  • Ignorance is bliss
  • What you don’t know won’t hurt you

 

While this axiom is not as familiar as the ones above, it’s just as important for us techies:

  • Alarm fatigue (also known as alert fatigue) results from exposure to frequent alarms (alerts) and leads to desensitization, which causes longer response times and/or missing important alarms.

 

Alarm fatigue also occurs in many other industries, including construction and mining (where backup alarms sound so frequently that they become senseless background noise) and healthcare (where monitors tracking vital signs sound alarms so frequently and for such minor reasons that they lose the urgency and attention-grabbing power they ought to have).

 

It’s as if Waldo was the only real alarm in a huge crowd of fake alarms.  

 

To use another analogy, it’s like the little boy who cried wolf: False alarms rob real alarms of their value.

 

In performance management, alarm/alert fatigue and desensitization present real dangers to people whose job is keeping apps running 24x7, meeting SLAs, and reaching financial targets. If monitoring teams get lazy or comfortable and start to ignore alarms, they could miss an important alert.

 

In one of my previous blogs, “APM Monitoring Governance: The Jurassic Park Conundrum,” I discuss the disadvantages of monitoring too much “stuff” in an application. Application performance can be affected by the monitoring tool itself, so we need to place limits on the number of monitors, using key performance indicators as a guide in selecting monitors. Monitoring governance and alarm/alert fatigue are different fields, but they’re more closely related than some may think. Too many metrics with no governance can also lead to an overabundance of alerts, many of which are ignored. Too many alerts can cause performance degradation in the application as well as the monitoring tool.

 

In my visits to customers using CA APM, I often notice that when many alerts are triggered, notifications are sent and promptly ignored, and no action is taken other than acknowledging the alarm. What are the reasons for that behavior?  We could speculate that:

  • The alerts were set up with good intentions but their frequency drove those who monitor them into desensitization via alert fatigue
  • Thresholds were set incorrectly, causing false positives
  • The metric causing the alert is minor and doesn’t affect performance
  • The monitored metrics are mandated by corporate policy
  • The application team wants to see everything possible and the ops team has not worked with them to define and take actions relevant to a particular alert

 

If these or other reasons result in ignored alerts, we must ask, “Why monitor that metric at all?” The danger of desensitization through alert fatigue is real when people responsible for monitoring are swamped with frequent alerts that mean little or nothing to them. The constant action of clicking to close or acknowledge an alert will eventually result in frustration—perhaps even disabling an alert. This could spell disaster if a real alert is missed and a crash results.

 

CA APM provides early warnings on events that can cause crashes or application inconsistencies that can affect user experience. Alerts, to be meaningful, should spur operations or support personnel into action. They may take action themselves based on runbook entries, or pass off actions to developers, DBAs or the network team. The point is that alerts, to be useful, should result in some form of action. Without that basic premise, monitoring loses significance and value. Planning ahead, collaborating with application teams, and working with monitoring experts, such as those in CA Services, can lead to fewer and more meaningful alerts and corrective actions that prevent catastrophic failures.

 

Now that’s an axiom we can all learn to love.