CA Network Flow Analysis Office Hours Transcript - December 2015

Document created by Melanie_Giuliani Employee on Dec 3, 2015
Version 1Show Document
  • View in full screen mode

Chat transcript from which took place CA Network Flow Analysis (NFA) Office Hours: A Live Online Chat [December 2015]  on December 3, 2015.


Melanie Giuliani to Everyone: Alright everyone - let's get started! Please type your questions into the chat box, and be sure to "Send to: Everyone"

Matthias Lurschack to Everyone: In larger Environments (~700 routers per Harvester) we are seeking for ways to do a online backup avoiding to stop services and loose flow data when copying the data files. Besides the supported backup, what is planned to achieve a hot backup? Mysql should have the abilities to achieve this I assume. Thanks!

Christopher Walsh to Everyone: Hello @matthias we are well aware of this request and are actively working with development on providing better guidance on this.  Currently you can use the built in mysqldump utility to backup your databases

Christopher Walsh to Everyone: mysqldump doesn't require to stop services in order to backup your database

Christopher Walsh to Everyone: There was an idea submitted a while back that has gotten a lot of attention

Melissa Potvin to Everyone: Hi Everyone, we have support engineers and product management here ready for your questions. Who has a question?

Matthias Lurschack to Everyone: @Christopher: Hello, thanks - I know about the idea and I guess it could lead to troubles when doing a mysqldump when services are running. we have not tested - it is worth do to.

massoud shamsian to Everyone: i like the NAST replacement GUI but takes a bit to get used to. Is there a good write-up on how to use it?

Christopher Walsh to Everyone: @massoud that is a good idea, we can work on that for you. I will write something up on that and post it on the communities

from Justin Kulikowski to Everyone: w/ CAPC Integration, it would be great if the "Custom Reporting" and "Analysis" Group Selection displayed in a Nested fashion -- right now all Groups just display on a long list, and is confusing when there are groups named the same

Matthias Lurschack to Everyone: @Chris: I guess the idea was submitted by myself ;-)

Justin Kulikowski to Everyone: what is a "Site" in "Site to Site", and must I create a Site?  If I already have Device Groups made for Sites I would like to use those

Christopher Walsh to Everyone: @Matthias I understand we are actively working with development on better guidance on this

Justin Signa to Everyone: @Justin, a site is a specific group of devices from a particular site.  For example you might want to do a report on your New York site which would be all NY routers to an LA site which is all of your LA routers.

Matthias Lurschack to Everyone: Could anyone send me an updated Roadmap or upload to the community anywhere - we would like to know if it is planned to support the NFA Console on linux (Red Hat Enterprise Edition). Our customer plans to migrate OS from Windows to Linux. Except NFA, most of other tools in Alarm & Performance Mgmt field running on Red Hat already. Thanks!

Christopher Walsh to Everyone: @Justin that sounds like a great idea I would submit that as an Idea on the IM user communites

massoud shamsian to Everyone: Noticed the new "site-to-site" tab but haven’t had much time to reasearch it. Is that for latency site-to-site reporting or something entirely different?

mark to Everyone: Product Release question... what is the latest GA version, what is the next version, and when will the next version be released?

Tyler Peterson to Everyone: @Matthias We generally don't post the roadmap to the community, but we would be happy to meet with you individually to review the roadmap. 

Matthias Lurschack to Everyone: @Tyler: I understand ;-) ... on the other hand: do you consider the support the NFA Console on Red Hat Linux within the next releases? Thanks!

Justin Kulikowski to Everyone: @Justin -- right, so if I already have Device Groups created I would like to be able to select those "Group Selection" rather than needing to create a new Site that would seemingly contain the same thing -- Idea Submission?

Christopher Walsh to Everyone: Hello @mark 9.3.3 is the most current release. Next release should be first half of 2016

mark to Everyone: @Chris, thank you. 

Tyler Peterson to Everyone: @ Matthias it is certainly something to consider, have you had a roadmap review recently?  If not, we should sync up.

Justin Signa to Everyone: @Justin @Massoud here is more information on Site to Site Reports

Christopher Walsh to Everyone: @Justin yes that would be an idea submission

Josh Bovee to Everyone: Our security teams have been poking around various flow replicators lately.  Is there any work being done to enhance the one that comes with NFA?  Like being able to write rules to send specific flows to particular collectors?

Christopher Walsh to Everyone: @matthias For the Red Hat Console question there is an idea submitted on that

Matthias Lurschack to Everyone: @Chris: I know ;-) ... raised by my colleague. it is under review for >2y now and we would like to have a decision ;-) thanks!

Christopher Walsh to Everyone: @josh I have heard this discussed before, that would also make a great idea submission

Matthias Lurschack to Everyone: We run NFA (9.3.0) as a data source of CAPC (2.6). In larger environments you may have dozens of SNMP Profiles (Community Strings). Basically a few devices like Alcatel have CPU Protection function to block SNMP Requests with wrong community - that happens when "use by default" flag in CAPC is enabled and a Alcatel Router starts to sending flow to a harvester and is being queried by Harvester. Workaround is to disable "use by default" for all SNMP Profiles which causes more administrational effort when communities are changed or during the automatic device discovery! Since one of the patch releases after 9.3.0 I read that we can manage Users, Roles, Groups etc. in NFA Console. Could we manage also SNMP Profiles in NFA to get rid of the described issue? 

Tyler Peterson to Everyone: @Matthias I've just joined recently as the product manager for NFA, I will be taking a close link at the online backup and Linux console requests.  I appreciate the feedback.

massoud shamsian to Everyone: Also noticed something on a recent release note indicating NFA may now be able to autheticate by itself. does this mean if we choose to we can now dis-join from CAPC/NPC if we choose to and have NFA do all user authentication?

Matthias Lurschack to Everyone: @Tyler: nice to meet you - really looking forward working with you.

Tyler Peterson to Everyone: @Matthias likewise!

Justin Kulikowski to Everyone: @Tyler, please also consider Flow Cloner on Linux

Josh Bovee to Everyone: Welcome to the jungle Tyler!

mark to Everyone: Is there a general rule when to migrate from one Harvester to multiple Harvesters?

Christopher Walsh to Everyone: @massoud yes you can authenticate with just NFA.  So yes you can separate NFA from CAPC if you wish

Tyler Peterson to Everyone: @Justin thanks for pointing it out, will do.

Justin Signa to Everyone: @Matthias you can seperate NFA from CAPC after NFA 9.3.2 and manage users/roles/snmp profiles from NFA itself however you will no longer be a data source of CAPC.

Christopher Walsh to Everyone: Hello @mark yes there are some updating sizing guidelines in the NFA 9.3.3 documentation

Justin Kulikowski to Everyone: when will we see a API for NFA?

massoud shamsian to Everyone: @ CW  k ty  and assuming there a ability to migrate user settings from CAPC/NPC to NFA?

Christopher Walsh to Everyone: @mark you can use the new Flow Statistics page to tracking your flows per minute

Justin Kulikowski to Everyone: also OpenAPI would be awesome to see as well, given the success it’s had in CAPM

Matthias Lurschack to Everyone: @Justin: thanks! great, we will upgrade test system first and see how it goes ;-)

Christopher Walsh to Everyone: @massoud user settings should remain as they are stored in the NFA database

Justin Signa to Everyone: @Matthias feel free to open an issue with us to talk more about the pros and cons of that.

Christopher Walsh to Everyone: @justin there is an idea on the API I see you commented on

mark to Everyone: @Chris, thank you for the link.  Looking forward to use the new Flow Statistics page.

Tyler Peterson to Everyone: @Matthias going back to the Linux console question, what's driving the ask?  Are you an all-Linux shop, want off Windows, or is there something else you're concerned with?

Ken Adamson to Everyone: @All - Hello, its Ken Adamson (VP Product Management). Have any of you seen the UIM and NFA integration or are currently planning to use it? Would love to hear your feedback or plans to look at more closely

Christopher Walsh to Everyone: @mark and @massoud here is the link to the documentation on the flow stats

Justin Kulikowski to Everyone: @Tyler; for us Linux having everything on Linux makes it vastly easier to administer -- of all of the CA servers/products I'm responsible for I have 1 single Windows Server: the NFA Console

Matthias Lurschack to Everyone: @Justin: thanks, firstly we would need to look into this on Testsystem (unregister data source etc.). On the other hand, I heard about plans to "integrate" Enterprise Overview capability in CAPC (incl. multi tenancy support). That is because of the fact, that NFA's Enterprise Overview does not support multi-tenancy as we know. So as a service provider, our customer is not able to provide the Enterprise Overview for their business customers. The customers with larger amount of sites complain that they need to go through the interface overview pages to find top talkers, top interfaces etc. So if EOV is in CAPC, we cannot run NFA Console without CAPC ;-)

Melissa Potvin to Everyone: Hi Everyone, this is Melissa your CA Community Manager.  We are at the 1/2 hour mark.   if you are new to office hours - thanks for joining!  We have the support team and product management here ready to answer any questions you might have about NFA.

Tyler Peterson to Everyone: @Justin I understand, thank you! I will take this to R&D and discuss; of course it's a combination of factors that weigh into the prioritization of various features.

Kevin Ring to Everyone: Our Harvester (version 9.1.2) stops on a regular basis sporatically sometimes daily and sometimes more than once a day - services still show started.How do we detect and fix this issue?

Matthias Lurschack to Everyone: @Tyler: currently our customer has separate teams for WIN and RHL world. in terms of upgrades, patches, OS upgrade, maintenance ... they would have to talk to two teams always when running 4 harvesters on RHL and 1 console on WIN. currently they are running all on WIN - but the idea is running all their tools (eg Spectrum, CAMM, CAPM, ...) to RHL only.

Matthias Lurschack to Everyone: @Kevin: we seen the same (9.1.3); not sure about the root cause, but is this driven by watchdog capability ? our services stopped also sporadically - mostly during the night.

Matthias Lurschack to Everyone: * have seen the same

Christopher Walsh to Everyone: @Kevin I would recommend upgrading to NFA 9.3.3 as we have made lots of improvements to the Reaper service, which often was the common culprit in a harvester stopping to process files

Tyler Peterson to Everyone: @Matthias thank you for the extra info, makes sense.  We'll be considering it.

Matthias Lurschack to Everyone: @Tyler: thanks! ;-)

Justin Kulikowski to Everyone: are there any new features or improvements in upcoming releases you are able to communicate?

Christopher Walsh to Everyone: @Kevin here is doc on how to keep your reaper service running in the earlier versions

Christopher Walsh to Everyone: FYI to all there is a new Check UP Feature in the CA Remote Engineer that can help you identify and resolve issues on your own

Justin Signa to Everyone: @Matthias In NFA standalone Top Host and Top Protocol is not multi tenant aware however Top Interfaces is multi tenant aware. That would be an good feature request to make Top Host and Top Protocol multi tenant aware in NFA Standalone.

Kevin Ring to Everyone: Thank you Chris, we are upgrading next week - Do these issues go away?

Matthias Lurschack to Everyone: @Chris: I will work next week with customer to introduce the Checkup feature & install on testsystem. They are appreciating it even by reading only the community article so far ;-)

Christopher Walsh to Everyone: @Kevin, the reaper service problem in the document I sent has been resolved in 9.3.2

Tyler Peterson to Everyone: @Justin there are plenty of new features coming on the roadmap which I'd be happy to review with you - let's sync after this.

Christopher Walsh to Everyone: @mattias thank you for the feedback, I look forward to enhancing that tool over time

Matthias Lurschack to Everyone: @JustinS: you are right; interface are multi tenant aware now already. We have required multi tenant awareness in NFA for top hosts & top protocols a few months ago - my last status was that the approach is to introduce the capability first into CAPC. we are fine with this as the routers of a few external customers on NFA will be soon integrated also on DA (SNMP statistics polling).

Kevin Ring to Everyone: Thank you!!

Matthias Lurschack to Everyone: @Chris: thanks as well, valuable info.

Justin Signa to Everyone: @Matthias As far as getting that feature into CAPC and resolving your other issue with SNMP Profile exclusions (with not separating NFA from CAPC).. feel free to email me afterwards to talk about the progress on those issues. I can be reached at

Christopher Walsh to Everyone: One other FYI about the Remote Engineer, Starting with NFA 9.3.3 it is now built into NFA in the \CA\NFA\Tools\ directory and it will auto update each time you run it if your server has access to the internet, so you will no longer need to download it from  It helps us out greatly in resolving your issues quickly if you run this tool and upload the results when opening a support issue. 

mark to Everyone: @Christopher - Thank you for baking in the Remote Engineer with the product releases.  That will certain save time when needed.

Christopher Walsh to Everyone: Thanks @mark glad to hear that it helps

Matthias Lurschack to Everyone: @JustinS: thanks - in regards to the SNMP Profile exclusion stuff we have local CA resources in supporting us by reaching out internally and look for the possible solutions. But I appreciate any further help ;-)

Matthias Lurschack to Everyone: In the Harvester Logs we do not find out for which router & interface we see invalid flow - it makes troubleshooting not easier ;-) ... There is an idea raised on this one. Any timeline on this one? Thanks! 
Christopher Walsh to Everyone: @mattias I agree we would love to have this in support, do you have the link to that idea? It is something we have asked for internally

Justin Kulikowski to Everyone: is a Sprint/Beta program for NFA to get early-access to upcoming releases?

Matthias Lurschack to Everyone: @Chris: got it; - comment from Martin K: We are looking at this as part of our enhanced health and performance characterization initiative. We are delivering harvester reporting in 9.3.2 and will continue to evolve in future releases.

Tyler Peterson to Everyone: @justin it's something that's come up before; if there's significant demand for it we can look to stand one up.

Tyler Peterson to Everyone: @everyone quick show of hands, would you be interested if there was a beta program for NFA?

Matthias Lurschack to Everyone: @Tyler: yes!

Justin Kulikowski to Everyone: @Tyler -- yes!

Matthias Lurschack to Everyone: @all: I have to leave now, thanks for some new insights and quick help. Appreciated this session! Bye

Justin Signa to Everyone: @Matthias thank you Matthias!

Tyler Peterson to Everyone: @everyone great to meet you, look forward to many more discussions!

Melanie Giuliani to Everyone: Alright, that's it for today's session. Thank you everyone for your great questions! Keep an eye out in the IM community for the full transcript, which will be posted later today.