HealthCheck Specific Documentation
RISC Networks HealthCheck has some features that are not applicable to the rest of the RISC Networks platform. The following sections cover those features or description accordingly:
RISC Networks’ TrafficSim engagements require the use of RISC Networks’ virtual appliance to simulate and evaluate the performance of real time traffic on the network. Virtual (or physical) RN50 appliances must be deployed and register with the RN150 appliance. These RN50 end points operate as the termination points of a simulation.
CISCO Unified Communications
The Cisco Unified Communications Analytics engagement requires a Unified Communications Manager AXL username and password. Although this username and password combination can be a user within the ‘Super Users Group’ only ‘AXL API Access Group’ is required for CUCM 5.X and later. It is recommended to setup a temporary AXL user where possible which then can be deleted at the
completion of the Analytics engagement.
Cisco Unified Communications credentials entered on the appliance web interface are encrypted and handled in the same manner as Windows and SNMP credentials. All are maintained on the virtual appliance for the duration of the assessment and until the virtual appliance is deleted.
RISC Networks’ Traffic Analytics module is used to capture actual network traffic and report on traffic profiles within the network. The two methods of deploying traffic analytics, embedded and virtual appliance based.
Embedded Traffic Analytics involves the deployment of Cisco NetFlow within a Cisco environment. This deployment is done via SNMP Write strings which are required in order to deploy embedded Traffic Analytics. RISC Networks does not support user deployed NetFlow configurations. Cisco NetFlow technology provides accounting records only for traffic. No user traffic is captured. Only a record of the
traffic (source and destination IP, source and destination port, protocol, bytes, duration, etc) is available.
Virtual appliances capture traffic through a span port on a switch. The virtual appliance does not record any user payload information for use in its analysis. Deep packet analysis that is required is done on the virtual appliance itself as part of a protocol decoder and is used only for statistical analysis. For example an HTTP GET followed by an HTTP 200 OK message would represent the duration of a web site download. This level of analysis may be performed by the virtual appliance but the details of the web page itself, including user input data or return data, are not reported to the virtual appliance for processing. The raw captures of the details are overwritten every 5 minutes on the virtual appliance and are permanently lost after power cycling the virtual appliance.
Data Center Analytics
Data Center Analytics are included in your IT HealthCheck assessment. These add VMware inventory and performance data as well as Fibre Channel inventory and performance data as additional data sets. For VMware, RISC Networks utilizes the VMware published vSphere API in order to collect information from vCenter and individual ESX servers. For ESX servers, the root password is normally required to access the vSphere API. Access to the vSphere API can be tested by pointing a web browser to: https://x.x.x.x/mob
This URL will return a login prompt that will verify the credentials required to access the vSphere API. RISC Networks does NOT use root credentials to log onto ESX or vCenter servers. The API is the only access that RISC Networks has to the VMware environment.
SNMP is used to collect information from Fibre Channel switches. RISC Networks does NOT directly access the Fibre Channel network via taps or any other sniffing tools. SNMP read-only access to Fibre
Channel infrastructure is required for RISC Networks to collect information.
CISCO Discovery Services
RISC Networks utilizes Cisco Discovery Services (CDS) in order to obtain more specific information regarding Cisco infrastructure at a customer site. RISC Networks , Cisco and Cisco partners respect that customers are concerned about their privacy and network security and may be apprehensive about allowing an engineer to use a network assessment tool to discover data from their network and subsequently upload the data to Cisco using Cisco Discovery Service (CDS) for data analysis.
Cisco and RISC Networks have implemented several mechanisms to ensure customer data security. In addition, you will be required to accept an “Authorization to Proceed” (ATP) agreement before RISC Networks will upload data to Cisco CDS. An ATP helps ensure protection of customer data and specifically prohibits the dissemination of such data, providing assurance that neither Cisco nor RISC Networks will share or divulge customer data. Customers should be advised that data will be used only for the purpose of network analysis.
Show Commands used for Cisco Discovery Services:
- Show version
- Show inventory
- Show diag
- Show hardware
- Show module
- Show IDPROM all
- Show mls qos
- Show mls qos interface
- Show mls qos interface statistics
- Show policy-map interface
- Show running-config
- Show configuration
Once inventory data is collected by RISC Networks, if requested by the customer, it will be uploaded to Cisco Systems’ CDS application at the following URL: https://wsgx.cisco.com.
Transferring the Data – If utilizing CDS for analysis, customer network data is transferred from RISC Networks’ virtual assessment to Cisco using a secure HTTPS protocol to an internal Cisco CDS web service gateway where it is processed to provide detailed EoX, PSIRT, field notice and service coverage analysis.
Before transferring data to Cisco for analysis, passwords and security credentials are stripped from the data. To view a list of password scrubbing commands, please click here. SNMP data does not contain passwords or other sensitive configuration information. Instead of using IP addresses or host names to identify a device, a generic Device ID will be assigned. After processing, the analyzed data is transferred back to RISC Networks virtual assessment onsite at the customer using the same secure HTTPS protocols. It is then uploaded to the RISC Networks’ NAC as part of normal data upload procedures and used to generate the network analytics reports.
Storing the Data – The raw discovery data and analyzed XML report data are stored in a secure Cisco database behind Cisco’s firewall. The data is accessible only to CDS administrators for troubleshooting purposes. Other Cisco personnel may have limited access to high level transaction reporting that does not include customer inventory details.
All data is stored and eventually archived unless purging is specifically requested by the customer. The customer’s data is only accessible by Cisco or the partner who initiated the engagement.
Data for “Know the Network” (KTN), or service coverage reports, if requested, is also securely stored in
Cisco databases behind the firewall. KTN reports are available only to the engineer who initiated the
engagement and the Cisco service account team.
Purging Customer Data from Cisco Databases – The data obtained in the discovery process and uploaded to Cisco for processing can be deleted from Cisco’s database if requested by the Customer.
If service coverage reports were requested, the KTN data and reports need to be purged separately from the KTN portal (http://tools.cisco.com/ktn/). KTN data can be deleted from the report view.
Partner-Specific Security Issues – Discovery information will not be sold or distributed to anyone outside of Cisco, or used for direct marketing purposes.