SIGN IN YOUR ACCOUNT TO HAVE ACCESS TO DIFFERENT FEATURES

FORGOT YOUR PASSWORD?

FORGOT YOUR DETAILS?

AAH, WAIT, I REMEMBER NOW!
Need Help? Email [email protected]
  • LOGIN

E-SPIN Group

CONTACT US / GET A QUOTE
  • No products in cart.
  • HOME
  • PROFILE
    • Corporate Profile
    • About us
    • Customer Overview
    • Investor Relations
    • Procurement
  • GLOBAL THEMES
    • Artificial Intelligence (AI)
    • Big Data
    • Blockchain
    • Cloud Computing
    • Cognitive Computing
    • Cyber Security
    • DevSecOps
    • Digital Transformation (DT)
    • Modern Workplace
    • Internet of Things (IoT)
    • Quantum Computing
  • SOLUTIONS
    • Application Security
    • DevSecOps
    • Digital Forensics
    • IT Operations Management (ITOM)
    • Malware Analysis and Reverse Engineering
    • Network Management System (NMS)
    • Network Operation (NetOps)
    • Network Performance Monitoring and Diagnostics (NPMD)
    • Penetration Testing
    • Secure Development
    • Security Information & Event Management (SIEM)
  • INDUSTRIES
    • Aerospace & Defense
    • Automotive
    • Banking & Financial Markets
    • Chemical & Petroleum
    • Commercial and Professional Services
    • Construction & Real Estate
    • Consumer Products
    • Education
    • Electronics
    • Energy & Utilities
    • Food & Beverage
    • Information Technology
    • Insurance
    • Healthcare
    • Goverment
    • Telecommunications
    • Transportation
    • Travel
    • Manufacturing
    • Media & Entertainment
    • Mining & Natural Resources
    • Life Sciences
    • Retail
  • PRODUCTS
    • Brand Overview
      • Acunetix
      • E-Lock
      • Hex-Rays
      • Immunity
      • Progress | Ipswitch
      • Metageek
      • Qualys
      • Parasoft
      • Tenable
      • Titania
      • Veracode
    • Rest of Brands
      • Adobe
      • BeyondTrust
      • Core Security
      • DefenseCode
      • HCL
      • ImmuniWeb
      • LiveAction
      • McAfee
      • Micro Focus
      • Microsoft
        • Microsoft Surface
      • Netsparker
      • Nutanix
      • Paessler
      • PECB
      • Portswigger
      • Red Hat
      • Riverbed
      • RSA
      • Solarwinds
      • TamoSoft
      • Trend Micro
      • TSFactory
      • Trustwave
      • VMware
      • VanDyke
      • Visiwave
    • Services Overview
    • Line Card
  • e-STORE
    • e-STORE
    • eSTORE Guide
    • SUPPORT
  • CAREERS
    • Careers
    • Culture, Values and CSR
    • How We Hire
    • Job Openings
  • BLOG / NEWS
    • Blogs and News
    • Resources Library
    • Calendar of Events
  • CONTACT
  • Home
  • Product
  • SolarWinds NetFlow Traffic Analyzer (NTA)
From DevOps Shift Left Testing to DevSecOps Shift Left Security
0
E-SPIN
Monday, 27 April 2020 / Published in Product, SolarWinds

SolarWinds NetFlow Traffic Analyzer (NTA)

SolarWinds NetFlow Traffic Analyzer (NTA) is a multi-purpose tool useful for a wide range of bandwidth monitoring and management purposes. It integrates with SolarWinds Network Performance Monitor (NPM) to provide a comprehensive network monitoring tool.

NTA collects two kinds of data: interface-level flow data and Class Based Quality of Service data. It then looks at the performance data NPM collects from SNMP and WMI sources and combines the two data streams to produce one set of data you can analyze and examine. This data can be processed into graphs and reports, so you can have complete visibility into your network, in both a historical sense and in terms of its current status.

Features

Now let’s look at the key features of NTA. Network Traffic Analyzer has several utilities to help with network traffic monitoring, each of which has a special function and key focus regarding network flows.

Bandwidth monitoring

Monitor bandwidth use by application, protocol, and IP address group. View both IPv4 and IPv6 flow records. Monitor Cisco NetFlow, Juniper J-Flow, sFlow, Huawei NetStream, and IPFIX flow data identifying the applications and protocols consuming the most bandwidth.

Application traffic alerting

Get alerted if application traffic suddenly increases, decreases, or disappears completely. Be able to quickly act if there’s an unusual change in application traffic. You can also set alerts to be notified if a device stops sending flow data, so you can efficiently remediate the problem.

Network traffic analysis

Analyze network traffic patterns over months, days, or minutes by drilling down into any network element. NetFlow Traffic Analyzer collects traffic data, correlates it into a useable format, and presents it to the user in a web-based interface for monitoring network traffic.

Performance analysis dashboard

PerfStack™ cross-stack network data correlation. Accelerate identification of root cause by dragging-and-dropping network performance metrics on a common timeline for immediate visual correlation across all your network data and NetFlow analytics.

Advanced application recognition

Identify which applications and categories consume the most bandwidth for better network traffic visibility with NBAR2 support. Cisco NBAR2 support gives you visibility into HTTP (port 80) and HTTPS (port 443) traffic without the need for additional probes, spanning ports, etc.

Customizable network traffic reports

Create, schedule, and deliver in-depth network traffic analysis and bandwidth reports with just a few clicks. Don’t spend money on additional bandwidth if it’s not needed. NetFlow software can help you review historical data to identify peak bandwidth usage and adjust policies for better management.

WLC traffic monitoring

Monitor Wireless LAN Controller traffic to keep tabs on applications and clients utilizing bandwidth on your wireless network. In today’s mobile world, it’s important to keep your wireless network running smoothly. With WLC network traffic analysis, you can easily see what’s using your wireless bandwidth.

Cisco Meraki wireless monitoring

View traffic data on Cisco Meraki interfaces. Visualize the traffic flows on your Cisco Meraki MX and Z series interfaces for better monitoring of the bandwidth use in your Cisco Meraki wireless environment.

CBQoS policy optimization

Measure the effectiveness of pre- and post-policy traffic levels per class map to determine if QoS policies are working as planned. If your business relies on VoIP, e-commerce, or other cloud-based applications, the NetFlow analyzer software will help confirm that prioritized traffic passes smoothly through the network.

Malicious or malformed traffic flow identification

Increase security with visibility into malicious or malformed traffic with port 0 monitoring. TCP/UDP monitoring of port 0 traffic highlights any flows directed to port 0 so you can quickly identify intrusive traffic.

Benefits

  • Identifies which users, applications, and protocols are consuming the most network
    bandwidth and highlights the IP addresses of the top talkers on the network
  • Monitors network traffic by capturing flow data from network devices, including
    Cisco® NetFlow v5 or v9, Juniper® J-Flow, IPFIX, and sFlow®
  • Maps the traffic arriving from designated ports, source IPs, destination IPs, and even
    protocols, to application names you can easily recognize
  • Delivers an instant alert notification, including a list of top talkers, when an interface
    exceeds its utilization threshold
  • Performs Class-Based Quality of Service (CBQoS) monitoring to ensure that your
    traffic prioritization policies are effective
  • Enables you to quickly drill-down into traffic on specific network elements, using
    multiple views to get the perspective you’re looking for
  • Generates network traffic reports with just a few clicks
  • Facilitates investigation of fault, performance, and configuration issues thanks to
    complete integration with Orion NPM and Orion NCM

New features and improvements in NTA

Release date: November 5, 2019

These release notes describe the new features, improvements, and fixed issues in NetFlow Traffic Analyzer 2019.4. They also provide information about upgrades and describe workarounds for known issues.

New features and improvements in NTA 2019.4

NTA 2019.4 offers the following new features and improvements compared to previous releases of NTA.

Process flow data from Meraki MX devices

As of NTA 2019.4, you can view flow data from Cisco Meraki MX devices. The data are associated with SNMP-managed interfaces from NPM. Certain devices use different Interface IDs when polled by SNMP and different Interface IDs in NetFlow. Due to this discrepancy, traffic cannot be correctly bound to the interface. This issue is solved by mapping between Flow Interface ID and SNMP Interface ID.

  • You must have Meraki firmware version MX 14.7 or later to get the correct bytes values. SolarWinds NTA supports flow processing for earlier versions and it will not block outdated firmware, but NTA will display incorrect traffic volumes for the bytes counter.
  • You must have Meraki firmware version 15.13 or later to get correct packet values. Earlier versions of Meraki MX show an incorrect packet number, as the counter is not providing increments but total values with each flow.
  • For Huawei and Alcatel devices, the flow must be processed on the same polling engine where SNMP data are polled.
  • After changing the polling engine, mapping is generated for the new polling engine but kept on the old one. The mapping for the node is removed from all polling engines on cleanup (by default, every 60 minutes) when you disable the node through NetFlow Sources.
  • Starting with Meraki MX 15.14 or later, the interface mapping is corrected and the feature will be disabled automatically on the NTA side, or you can disable it manually through NTA Settings.

To start monitoring data from Cisco Meraki MX devices, you must add the device to SolarWinds NPM and configure it to export flows to the Main or Additional Polling Engine. The mapping is generated automatically when NTA receives the first flow traffic from the relevant Meraki device. Mapping is kept in the Orion database in separate tables for each polling engine. Mapping is valid until you manage the node, enable flow processing, and the NetFlow Service receives flow data.

Enable or disable the Meraki MX mapping feature

You can enable the Meraki mapping feature through NTA Settings in the Orion Web Console. If you are monitoring devices running Meraki firmware version MX 15.14 or later, you can disable the mapping feature completely.

  1. In the Orion Web Console, click Settings > All Settings.
  2. Under Product Specific Settings, click NTA Settings.
  3. Under NetFlow Management, select Process flow data from Meraki MX 15.13 and earlier to enable the feature, and clear the option to disable it.
    • SolarWinds NTA uses autodetection per device for new Meraki firmware. Processing therefore works correctly with Meraki firmware 15.14 or later and this option enabled.
    • If you disable this option through NTA Settings, the changes are global for all devices.
    • If you have devices with Meraki firmware MX 15.13 or later, you see data on the wrong intefaces.

Flow Sources Management and CBQoS Polling Management pages

This section provides procedures for adding and deleting flow sources and selecting CBQoS-enabled devices for monitoring.

If NPM is monitoring network devices that are configured to export flow data, and if automatic addition of flow sources is enabled in NTA Settings, NTA automatically detects and adds the flow sources under NetFlow Sources.

Access the Flow Sources Management page and select interfaces for NetFlow monitoring

  1. Click Settings > All Settings.
  2. Under Product Specific Settings, click NTA Settings.
  3. Click Flow Sources Management.
    This page provides a list of flow-enabled nodes and interfaces.If you do not see any NetFlow sources, confirm that the following is true for your configuration:

    • NetFlow devices must be configured to send NetFlow data to the NTA collector. Devices and interfaces must be managed by SolarWinds NPM before they can be recognized in SolarWinds NTA.
    • Confirm that the SolarWinds NetFlow Service starts in Windows Services.
  4. Use the Filters to find the devices to display.
  5. Use the Search function to filter the list further.
  6. Select nodes and interfaces for NetFlow monitoring.
  7. Click Store traffic.

Access the CBQoS Polling Management page and select interfaces for CBQoS monitoring

  1. Click Settings > All Settings.
  2. Under Product Specific Settings, click NTA Settings.
  3. Click CBQoS polling Management.This page provides a list of all nodes and interfaces in SolarWinds NPM.CBQoS-enabled devices must be configured to allow CBQoS polling. Devices and interfaces must be managed by SolarWinds NPM before they can be recognized in SolarWinds NTA.
  4. Use the Filters to find the devices to display.
  5. Use the Search function to filter the list further.
  6. Select nodes and interfaces for CBQoS monitoring.
  7. Click Enable.

New features and improvements in Orion Platform 2019.4

Orion Platform 2019.4 offers new features and improvements compared to previous releases of Orion Platform.

Native SolarWinds Service Desk Integration

Generate Service Desk incidents from Orion Alerts.

You can integrate Orion Platform products with the following IT Service Management solutions:

  • ServiceNow® (Orion Platform 2016.1 or later)
  • SolarWinds Service Desk (starting with Orion Platform 2019.4)

Integrating an alerting solution with the Orion Platform means that triggering an alert in the Orion Platform creates a new incident in the integrated alerting instance and vice versa.

Configure the integration

To make the integration of the Orion Platform and your alerting system work, complete the following steps.

Step 1: Set up the system to integrate with the Orion Platform.

  • ServiceNow
  • SolarWinds Service Desk

Step 2: Create an instance for the system in the Orion Platform.

Step 3: Configure Orion Platform alerts to create an incident (ServiceNow or SolarWinds Service Desk) as the alert action.

Configure the instance

    1. Log in to the Orion Web Console using an account with administrator rights.
    2. Click Settings > All Settings, and then click Manage Alert Integration Instances.
    3. Click Add Instance and select your instance type.
      • To add a ServiceNow instance, select Service now, and complete the configuration.
      • To add a ServiceDesk instance, select Service Desk, and complete the configuration.

The new instance displays on the Manage Alert Integration Instances page. You can now use Create ServiceNow Incident or Create SolarWinds Service Desk incident as an alert action.Operational states

Once you configure the integration, you can go to Settings > Manage Alert Integrations and view a list of all integrated instances.

Operational states describe how the integration of your alerting system and the Orion Platform works:

  • Enabled: new or updated alerts in the Orion Web Console create or update incidents in the integrated instance, and the other way around.
  • Restricted: incidents in the integrated instances are updated and closed. Changes in Orion are reflected in the integrated instance (ServiceNow or SolarWinds Service Desk), and the other way around, but no new incidents are created.
  • Restricted by system: applies only to ServiceNow. If the number of ServiceNow incidents created in a five-minute period reaches 100, the instance is automatically switched to Restricted state.
  • Disabled: incidents cannot be created and updated in the integrated instance based on Orion Platform alerts.

Orion Maps enhancements

Entity Library enhancements

  • Filter and refine your entity list based on any property.
  • Bulk-select entities to add them to the canvas.
  • Quickly identify contextual relationships through the entity library without leaving the editor.

Bulk Administration

  • Multi-select from the canvas to move or delete multiple objects in groups.
  • Undo and redo options within the Editor.

Custom Images

  • Add custom images and backgrounds to enhance the map.

Manual Topology Connections

  • Define topology between any two entities directly from the Map Editor.

Customizable map refresh rate

  • From the Advanced Configuration Settings, specify the map refresh rate – in minutes – for the Orion Maps Viewer and Widgets.

Orion Maps are a troubleshooting feature that displays a map of physical and logical relationships between entities monitored by the Orion Platform products you have installed. Orion Maps help you quickly isolate and identify critical health and performance issues.

Orion Map types

Auto-generated Orion Maps

Orion Maps automatically generate contextual maps that display critical relationships for monitored entities in the Orion Platform. Go to an entity details page and click the Map subview to display a map of relationships relevant for the entity.

Custom Orion Maps

Starting with Orion Platform 2019.2, you can create custom Orion Maps. Select entities to map and the Orion Maps feature displays physical and logical relationships between them. You can add the custom map on any Orion Web Console view using the Orion Map widget.

Auto-generated Orion Maps

The auto-generated Orion Maps open in the Orion Web Console as a subview and display both physical and logical relationships between entities.

Auto-generated Orion Maps are created without any user intervention: entities are added or removed as changes occur in the environment.

To access auto-generated Orion Maps, go to an entity Details view and click the Map subview in the menu on the left.

1 Map icon: Click the icon to view the Orion Map.
2 Canvas: Displays the map of relationships of the entity.
3 Seed object: The entity whose relationships the map displays. This is the entity from which you accessed the map.

The color or the ring around the entity signifies the entity health, based on thresholds set for the entity.

For more details about an entity on the map, click the entity. The map adjusts accordingly and details about the entity are displayed in the Inspector Panel (7).

4 Healthy topology connection: For topology connections, the line width represents the interface bandwidth. T

 

5 Metric pill: By default, it displays the outbound traffic and percent utilization. If polled values for the metric exceed the threshold, the pill displays errors and discards.Hover over the metric pill to show which metric it displays.
6 Connection with issues: The color signifies that a threshold has been exceeded. Yellow means warning and red signifies a critical threshold.

Click the connection to see details in the Inspector Panel (8).

7 Tools to adjust the map: Zoom in, zoom out, pan, or change layout.
8 Inspector Panel: Displays details about the entity or connection selected on the map, according to the active navigation bar.

When you open the Map from an entity details page, the Inspector Panel only displays the entity name, IP, vendor, and machine type.

  • To show more details about an entity, click the navigation bars in the Inspector Panel (8, 9, 10, 11).
  • To show more details about a connection, select it on the map. The details displayed in the Inspector Panel depend on the connection type.
  • To show all entities on the map, click into the map. The Inspector Panel displays a list of all entities on the map called the Map Summary.
9 Related: Click this button to display entities related to the selected entity in the Inspector Panel: descendants, ancestors, and dependencies.

To add a related entity to the map, select the check box in front of the entity, and click Apply.

10 Connected: Click this button to display entities connected to the selected entity by a protocol-based relationship or actual data flow, such as topology (NPM) or Application Dependency Connections (SAM), in the Inspector Panel.

To add a connected entity to the map, select the check box in front of the entity, and click Apply.

11 Alerts: Click this button to display a list of active alerts associated with the entity in the Inspector Panel.
12 Recommendations (only with VMAN): If you have VMAN installed, this section presents recommendations for the entity.

Custom Orion Maps

Starting with Orion Platform 2019.2, you can create Orion Maps either based on the auto-generated maps, or from scratch.

  • Maps summary view
  • Edit Mode
  • View Mode
  • Orion Map widget

View a list of maps, create maps, and edit maps from the Maps view

To access Orion Maps created by users, click My Dashboards > Orion Maps in the Home section.

1 List of maps: Review available Orion Maps. By default, the list shows maps created by you. If you have Administrator rights, you can display Orion Maps created by other users (4).

Click a map name to view the map (View mode).

2 Button bar: Create a new map, or select a map in the list (1) and edit or delete it.
3 Sort, filter, and search controls: Use the filter and search options to find Orion Maps. Sort maps by name, time since last update, or creation date.
4 All Users: Toggle to display all maps or only maps created by you. This toggle is available only to administrators.

Add entities or adjust connections in Edit mode

Edit mode is where you create or edit maps. To enter Edit mode:

  • On the Maps view, select a map and click Edit.
  • In View mode, click More > Edit.
1 Entity Library: Drag entities from the library to the canvas.
2 Canvas: Place entities in the correct position. If there are relationships between entities on the map, the connections are automatically added to the map as well.
3 Button bar: Save the map or use commands in the More menu, such as create a new map, save the map under another name, delete the map, or switch to View mode.
4 Map controls: Zoom in, zoom out, and center and adjust the map to the view.

Shortcut Explanation
= Zoom in.
– Zoom out.
Ctrl + Mouse wheel up Zoom in.
Ctrl + Mouse wheel down Zoom out.
Space bar + Click + Drag Pan the map in the viewport.
Map Editor Only
Del Remove the selected object(s) from the map. Excludes auto-discovered connections.
Ctrl + S Save the map.
Ctrl + Shift + S Save the map under a new name.
Esc Clears object selection.
Arrows Nudge the selected object.
Shift + arrows Move the selected object.
Ctrl + Z Undo previous map modification
Ctrl + Y Redo previously undone map modification

View popups and display details on mapped entities in View mode

View mode displays a full screen view of user-created maps for easy troubleshooting and investigation.

1 Entity: Click an entity to display details in the Inspector Panel.
2 Inspector Panel: Displays details about the entity or connection selected on the map.

  • Click inside the canvas to review mapped entities on the Map Summary.
  • Click an entity to view related and connected entities.
  • Review alerts.
  • If you have VMAN installed, review VMAN recommendations.

In the View mode, you cannot add related entities to the map. Entities in the Inspector Panel do not have check boxes. This is only available from the auto-generated map subviews.

3 Popup: Hover over an entity to see additional details.

You can also execute commands from the command menu, such as go to details view, edit the entity, mute alerts for the entity, or unmanage the entity.

4 Button bar: Click Share to copy the map address to the clipboard, click More > Edit to switch to Edit mode.
5 Map controls:

= Zoom in.
– Zoom out.
Esc Remove entity selection.

Orion Map widget

When you create a custom Orion Map, you can add it to a view in the Orion Map widget.

Click an entity on the map to go to the entity details view.

Hover over an entity to display a popover, or to run commands for the entity from the Commands drop-down.

What can you do with Orion Maps?

  • View details for entities on mapped entities, such as the Map Summary, connected entities, dependent entities, related alerts, or VMAN recommendations
  • View connections between displayed entities, such as topology connections, application dependency connections, or Orion dependency connections
  • Customize the auto-generated maps, such as add/remove related entities, create a group from mapped entities
  • Adjust the auto-generated map by zooming in, zooming out, or panning
  • Create a custom Orion Map, add entities, adjust their position, and save the map
  • Add the Orion Map to your views as a widget
  • Create a custom alert based on the Orion Maps entity
  • Send mapped objects via email as a report and send the Orion Map as a PDF

System Requirements

NetFlow Traffic Analyzer 2019.4 System Requirements

Polling engine requirements

The following requirements ensure the scalability benefits of SolarWinds NTA:

Type Requirements
Operating system Microsoft Windows Server 2016

Microsoft Windows Server 2019

SolarWinds NPM Version 2019.4

SolarWinds NTA requires an appropriate SolarWinds NPM version hosted on the same server.

Databases NTA and Orion Platform use two databases – the Orion database and the NTA SQL Flow Storage database. The Orion database stores SolarWinds Orion configuration data and all collected performance and syslog data. The NTA Flow Storage database is where SolarWinds NTA stores your flow data.

The NTA SQL Flow Storage database requires an instance of Microsoft SQL Server 2016 SP1 or later. Both databases can be collocated on one SQL server.

In case you decide to use separate SQL servers for the Orion database and the NTA SQL Flow Storage database, the Orion database requires Microsoft SQL Server 2014 and later.

A connection to Orion SQL database is required because CBQoS data and some additional low level details are still stored in Orion SQL database.

SQL server requirements

SolarWinds NTA 4.4 and later utilizes two SQL databases:

  • The Orion database
  • The NTA SQL Flow Storage database

SolarWinds supports both the Orion database and the NTA SQL Flow Storage database in the same SQL server instance, as long as that instance is SQL Server 2016 SP1 or later. See sections below for Orion database requirements and the NTA SQL Flow Storage database requirements.

You cannot install Orion Platform products on the same server as SolarWinds Access Rights Manager (ARM).

NTA Flow Storage database requirements

  • SolarWinds NTA requires SQL Server 2016 SP1 or later to run the NTA SQL Flow Storage database.
  • For production environments, SolarWinds recommends using the Standard or Enterprise edition of the SQL server for the NTA SQL Flow Storage database.
    Deploying the NTA Flow Storage database on SQL Server 2016 SP1 Express is not recommended in a production environment due to performance and other limitations. For more information about SQL server Express, see Editions and supported features of SQL Server 2016 (© 2017 Microsoft, available at https://docs.microsoft.com, obtained on February 20th, 2018).
  • SolarWinds supports both the Orion database and the NTA SQL Flow Storage database in the same SQL server instance, as long as that instance is SQL Server 2016 SP1 or later.

Orion database requirements

The table below lists software and hardware requirements for your SolarWinds Orion database server using SolarWinds NPM license levels.

  • Multiple SolarWinds Orion server installations using the same database are not supported.
  • If you install on a virtual machine, you must maintain your SQL Server database on a separate, physical drive.
Requirements SL100, SL250, SL500 SL2000 SLX
SQL server SolarWinds supports Express, Standard, or Enterprise versions of the following:

  • SQL Server 2016, 2016 SP1, or 2016 SP2
  • SQL Server 2017

SolarWinds strongly recommends using the 64-bit version of SQL Server.

  • Due to latency effects, SolarWinds does not recommend installing your SQL Server and your Orion server or additional polling engine in different locations across a WAN.
  • You can set the database recovery model to Full Recovery if you use Always On Availability. SolarWinds recommends Simple database recovery mode to ensure best performance.
SQL Server collation
  • English with collation setting SQL_Latin1_General_CP1_CI_AS
  • German with collation setting German_PhoneBook_CI_AS
  • Japanese with collation setting Japanese_CI_AS
  • Simplified Chinese with collation setting Chinese_PRC_CI_AS

We support CI database on an CS SQL Server.

We do not support case-sensitive databases.

CPU speed Quad core processor or better Dual quad core processor or better Dual quad core processor or better
Hard drive space 20 GB minimum

40 GB recommended

50 GB minimum

100 GB recommended

100 GB minimum

400 GB recommended

SolarWinds recommends the following configuration:

  • A hardware RAID Controller with a battery backed-up write back cache
  • Disk Subsystem 1 Array 1: 2x 146 GB 15K disks RAID 1 (mirroring) for the OS
  • Disc Subsystem 2 Array 2: 2x 146 GB 15K disks RAID 1 (Pagefile + Extra Storage)
  • Disk Subsystem 3 Array 3: with 6x 15k 146 GB or 300 GB disks configured in a RAID 1+0 array for your SQL MDF and FILEGROUPS.
  • Disk Subsystem 4 Array 4: with 4x 15k 146 GB or 300 GB disks configured in a RAID 1+0 array for your SQL LDF Transaction LOG file
  • Disk Subsystem 5 Array 5: with 4x 15k 146 GB or 300 GB disks configured in a RAID 1+0 array for your tempdb data file
  • Disk Subsystem 6 Array 6: with 4x 15k 146 GB or 300 GB disks configured in a RAID 0 array for your tempdb log file
  • Due to intense I/O requirements, a RAID 1+0 drive is strongly recommended for the SolarWinds database, data, and log files with a dedicated drive for the server operating system and tempdb files.
  • Other RAID configurations can negatively affect your SQL Server’s performance.
  • Mirrored drives for the OS and RAID 1+0 for database data files are recommended.
  • Solid state drives (SSD) are recommended for all components.

Per Windows standards, some common files may need to be installed on the same drive as your server operating system. You may want to move or expand the Windows or SQL temporary directories.

Memory SL100

8 GB minimum

16 GB recommended

16 GB minimum

64 GB recommended

64 GB minimum

128 GB recommended

SL250 &SL500

8 GB minimum

16 GB recommended

Authentication Either mixed-mode or Windows authentication. If you require SQL authentication, you must enable mixed mode on your SQL server.
Other software If you are managing your SolarWinds Orion database, SolarWinds recommends you install the SQL Server Management Studio component.

The Installation wizard installs the following required x86 components if they are not found on your Orion database server:

  • SQL Server System Common Language Runtime (CLR) Types. Orion products use secure SQL CLR stored procedures for selected, non-business data operations to improve overall performance.
  • Microsoft SQL Server Native Client
  • Microsoft SQL Server Management Objects

Cloud instance requirements for the NTA SQL Flow Storage database in Azure

Instance Details Medium (SL2000) Large (SLX)
Instance type D12_v2 D15_v2
CPU 4 CPU 16 CPU
RAM 30.5 GB RAM 122 GB RAM
Disk System SSD 80 GB (included in D12_v2) + Data Azure Storage Disk Volume 500 GB (8 GB for every received sustained 1000 Flows/s with 30-days retention period) System SSD 320 GB (included in D12_v2) + Data Azure Storage Disk Volume 2.5 TB (2.5 TB is Flow Storage, 300k FPS with 30-days retention, Azure Storage Disk with Provisioned IOPS recommended)

Virtual machine requirements

SolarWinds NTA may be installed on VMware Virtual Machines and Microsoft Virtual Servers if the following conditions are met in your virtual environment:

  • Each virtual machine needs to meet the SolarWinds NPM requirements for virtual machines.
  • Each installation of NPM should have its own dedicated network interface controller.

SolarWinds NPM uses SNMP to monitor your network. SNMP traffic is generally assigned low priority, and thus you can experience gaps in monitoring data.

Port requirements

The following table lists ports that SolarWinds NetFlow Traffic Analyzer uses to communicate with other devices and servers.

Port Protocol Service/Process Direction Description
80 TCP World Wide Web Publishing Service Bidirectional Port used for web console and any other web servers.
137 UDP NetBIOS Outbound Port for outbound traffic if NetBIOS name resolution is turned on.

When NTA is trying to resolve the NetBIOS names of servers in their conversations, you may find a large amount of outbound UDP 137 traffic from the NTA collector to a number of external addresses. You can confirm the traffic by using the Flow Navigator to match the outbound connections to existing conversations.

This is normal behavior when NetBIOS is enabled. An easy way to demonstrate the behavior is to disable NetBIOS in NTA and watch all outbound connections terminate.

161 UDP

TCP

SolarWinds Job Engine v2 Outbound Port used for sending and receiving SNMP information, including polling CBQoS-enabled devices.
1433 TCP SolarWinds NetFlow Service

SolarWinds NetFlow Storage Service

Outbound Port used for communication between the NetFlow Service and the existing SQL server.
1434 UDP SolarWinds NetFlow Service

SolarWinds NetFlow Storage Service

SQL Browse Service

Outbound The port used for communication between the NetFlow Service and the Orion database. This port is required only if your SQL Server is configured to use dynamic ports.
2055 UDP SolarWinds NetFlow Service Inbound Port for receiving flows on any SolarWinds NTA collector.
5671 TCP RabbitMQ Bidirectional Rabbit MQ messaging.
17777 TCP SolarWinds Information Service Bidirectional Port for sending and receiving traffic between SolarWinds NPM and other Orion Modules.

Port used for communication between remote Flow Storage Database and NTA Main Poller.

17778 HTTPS and TCP SolarWinds Information Service Bidirectional Open to access the SolarWinds Information Service API and agent communication.
17791 TCP SolarWinds Agent Bidirectional Open for agent communication on any SolarWinds Orion server running Windows Server 2016.
Device-specific Any port required by a specific device.

 

 

 

Tagged under: Solarwinds

What you can read next

Vulnerability Management explained in E-SPIN Vulnerability Management Wheel model
Vulnerability Management explained in E-SPIN Vulnerability Management Wheel model
Qualys Secure Seal Product Overview by E-SPIN
Veracode Greenlight Product Overview by E-SPIN
HiKey 960 Development Board – 4GB RAM Version

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • The future of work after COVID-19

    Let’s get real, despite the vaccine rolli...
  • Retail trends for 2021 and beyond

    After a year long of COVID-19 pandemic, lockdow...
  • AppSec Lab AppUse Pro product discontinued notice

    For all the business partners and customers, Be...
  • Linux dominance DevSecOps

    Whether from the DevOps to modern DevSecOps, Li...
  • Artificial Intelligence (AI)

    AI computer be the most of people boss

    A lot of people focus on artificial intelligenc...

Recent Comments

  • Dorai M on 5 Common ML Challenges Data Scientists Face

Archives

  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • March 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • January 2015
  • December 2014
  • October 2014
  • September 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • February 2012
  • July 2011
  • June 2011
  • February 2009
  • July 2008

Categories

  • Acunetix
  • Adobe
  • Aerospace and Defence
  • AppSec Labs
  • Automotive
  • Banking and Financial Markets
  • BeyondTrust
  • Brand
  • Chemical and petroleum
  • Codified Security
  • Commercial and Professional Services
  • Construction and Real Estate
  • Consumer products
  • Contact Us
  • Core Impact
  • Core Security
  • DefenseCode
  • E-Lock
  • Education
  • Electronics
  • Energy and utilities
  • FAQ
  • Food and Beverage (F&B)
  • GFI
  • Global Themes and Feature Topics
  • Government
  • HCL
  • Healthcare
  • Hex-Rays
  • IBM
  • Immunity
  • ImmuniWeb
  • Industries
  • Information Technology
  • Insurance
  • Ipswitch
  • Job
  • Life Science
  • LiveAction
  • Logpoint
  • Manufacturing
  • McAfee
  • Media and Entertainment
  • Metageek
  • Micro Focus
  • Microsoft
  • Mining and Natural Resources
  • Nessus
  • Netsparker
  • News
  • Nutanix
  • Paessler
  • Parasoft
  • PECB
  • PortSwigger
  • Pradeo
  • Product
  • Qualys
  • Rapid7
  • RedHat
  • Retail
  • Retina
  • Riverbed
  • RSA
  • Security Innovation
  • Security Roots
  • Services
  • SILICA
  • Smart City
  • Soft Activity
  • SolarWinds
  • Solution
  • Symantec
  • TamoSoft
  • Telecommunications
  • Tenable
  • Titania
  • Transportation
  • Travel
  • Trend Micro
  • Trustwave
  • TSFactory
  • Uncategorized
  • Vandyke
  • Veracode
  • Videos
  • VisiWave
  • VMware
  • Webinar Archive

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

CORPORATE

  • Profile
  • About us
  • Careers
  • Investor Relations
  • Procurement

SOLUTIONS & PRODUCTS

  • Industries
  • Solutions
  • Products
  • Brand Overview
  • Services

STORE & SUPPORT

  • Shop
  • Cart
  • Checkout
  • My Account
  • Support

PRODUCTS & SERVICES

  • Industries
  • Solutions
  • Products
  • Brand Overview
  • Services

FOLLOW US

  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn
  • YouTube
  • WordPress Blog
© 2005 - 2021 E-SPIN Group of Companies | All rights reserved.
  • Contact
  • Privacy
  • Terms of use
TOP