Manage Engine Netflow Analyzer
In today’s networks, bandwidth consumption seems to expand to use up any available bandwidth. Demand can be driven by business use of cloud services, VOIP and Video, online applications, and centralized services. But, it can also be consumed by users with their own devices like iPads, Android Phones, and laptops; or for personal use of social media, video and photo sharing sites, and peer-to-peer networks.
Often, the solution is to throw more bandwidth at the problem – but that’s an expensive approach that doesn’t address the real issue. In time, critical applications are once again starved of needed bandwidth, and eventually slow down or stop working.
But there is a better way!
The Manage Engine NetFlow Analyzer helps by identifying exactly what types of traffic travel over the network. This allows administrators to take action that could save bandwidth, and delay or reduce the need for costly upgrades.
The Manage Engine Netflow Analyzer is installed on a server, and then network devices configured to send data to the Analyzer. Administrators access the Analyzer via an easy-to-use web console. Manage Engine supports “Flow” data from a large number of hardware vendors, so it can collect NetFlow, J-Flow, and sFlow, data.
Graphing and Reporting
Manage Engine Netflow Analyzer has a wide array of charts and graphs to help identify exactly what traffic is flowing on your network. Graphs are sorted by network devices, application types, or other custom groupings. It shows who the “top talkers” are on the network, and what kind of traffic they are generating.
Helpful dashboards, like the one below, show your network at a glance. The “Top Applications” graph shows what kind of applications use the most traffic – and Manage Engine Netflow Analyzer can identify most common application types so there’s little guesswork involved. “Top Conversations” shows which data flows and devices are generating the most traffic overall.
Identify Bandwidth Hogs
Device grouping allows administrators to create logical groups of devices or network subnets. This enables Manage Engine Netflow Analyzer to generate charts and reports sorted by those custom groups. So for example, administrators could create groups sorted for different branches to determine what kind of data needs a specific workgroup has. This could be useful for troubleshooting or move planning. Or, it could be easily used to monitor traffic for a group of application servers helping to show the network impact of new services.
Drill down to an IP group to see more detail, including Total traffic, and in/out utilization.
Next you could click on the “Capacity Planning” link to jump to a detailed usage report for that group. The report includes some of the information already covered, as well as a very useful Application Report. The Application Report shows top applications used by volume and by percentage of total traffic.
Data for the group can be displayed in several ways: by application, source, destination, or conversation to name a few. The screenshot below shows a conversation view.
Reports can be exported for use with other applications. Manage Engine Netflow Analyzer includes native support for emailing reports, exporting to PDF, or exporting to CSV to make it easier to mine through data in Excel.
Another useful feature is the ability to set Alerts. An alert can be created to trigger when specific IP addresses, subnets, applications, or port/protocol combinations exceed a threshold. Thresholds can be based on utilization, volume limits, speeds or packet rates.
If an alert is triggered, an email will alert administrators to the situation. Alerts can also be configured to only alert during business hours, though this appears to be a global setting and not configurable for individual alerts.
Manage Engine Netflow Analyzer can also help administrators to monitor network security with the add-on “Advanced Security Analytics Module.” Obviously this isn’t the same as running a dedicated security appliance, but rather it adds another layer of monitoring which is never a bad thing – and in fact might be just the right tool to complement existing security.
The Security Analytics module monitors all network flows for anomalies. If an unusual traffic flow is detected, it logs it and attempts to classify the behavior. This can be very helpful for detecting traffic generated by worms or DOS attacks.
The reporting module is where administrators can configure reports that are accessed regularly. A small range of application, conversation, source/destination, and other reports are available.
On the plus side, reports can be scheduled to run and be emailed on a regular schedule. But on the downside, the scheduling module doesn’t seem to talk to the report profiles – so setting up a schedule means that reports must be configured from scratch again. It would be great if the reporting module felt more integrated with the other great reporting capabilities of the tool.
The reporting UI can be a little frustrating to use. For instance when expanding a profile to select a report to view, after selecting the report the selection tree would disappear. So if you clicked on the wrong report, you need to expand the tree again to find another report.
But other than those few minor complaints, reporting works well and provides a wealth of information.
Pricing for all of this capability is surprisingly affordable. Prices for the “Professional” version start at $795 USD to monitor 10 network interfaces – which would be enough for most medium businesses to monitor their internet access and other key network devices. More information is available by requesting a quote
from their website.