Home > SolarWinds Lab Episode 77: Orion Maps 2.0, New Alerting, and Palo Alto Networks Monitoring

SolarWinds Lab Episode 77: Orion Maps 2.0, New Alerting, and Palo Alto Networks Monitoring

In this episode of SolarWinds Lab, the team breaks down one of our largest, multi-product feature releases to date. Between the new Orion Maps 2.0 engine, reboot of the status engine for roll ups and alert filtering, and the reveal of the #1 THWACK member-requested Network Insight for Palo Alto module for Network Performance Monitor – we know you’ll have plenty of questions. Join Senior Manager of Product Strategy Chris O'Brien, network products guru Abigail Norman, and of course, Head Geeks Patrick Hubbard and Leon Adato as they cover major changes to NPM, NTA, NCM, IPAM, VNQM, and more.

Back to Video Archive

Episode Transcript

Hello and welcome back to SolarWinds Lab and it's always great to have you with us, especially when it's an episode as large as this one. We've got a ton to go over, especially three new main features, which are the Orion Maps 2.0, we're going to talk about status and a huge simplification of status-- That's very important. Rollups and, of course, how that's going to affect alerting for you. We think it's going to make it a lot easier. And then last is Network Insight for Palo Alto, which we think you're really, really going to like. And Chris, it's always great to have you with us. Yeah, thanks for having me. You know, every time we build a Network Insight, we try to get to the essence of the value the function that device provides to the network and provides to the business that it's in. And as part of that, we tend to need several technologies. We need config, we need poll data, API data, CLI data, all of this different data and it, traffic analysis is another one, and so it tends to be that we have to deliver that through several of our tools, so we release them all at once, so you can get all of it at once. Right, so that one feature drove changes in NPM-- Yep. NTA, NCM, UDT, and the Orion Platform itself. The Orion Platform, yep. And while we were at it, we also did upgrade revisions for IPAM and VNQM. Yeah, it's a lot. We have even more than that. In fact, it's a matter of, you know, when we have 10 or 20 tools, if we release those all separately, people would have to upgrade 20 times a year. No one wants to spend their time doing only upgrades. So instead, we bundle it all together, you only have to upgrade once. So joining us will be Abigail Norman who leads our product marketing team for networking tools and she'll go through all the other additional features that you're going to get. That's awesome, so why don't we go ahead and start with the Orion Maps 2.0 and the new status updates? [electronic buzzing] All right, so we'll start with maps. I like maps, do you like maps? Everyone loves maps. Yeah, it's kind of hard to manage an environment without maps. And for years, you've been using and, in some cases, creating hundreds of Atlas maps. And here's an example showing an Exchange environment. So I basically have servers and some of the services that are related. Yeah, so Network Atlas is our most popular mapping tool. It can be used to visualize all sorts of data in the Orion Platform. But what people told us is they don't want to log in to a server and run an application, they want to be able to build maps in the web browser. Right, and then the other thing that you do is a lot of you will, let's say, if I clicked on one of these Exchange servers and I clicked on the little map icon on the left-hand side, you would get a dynamic map of everything that we know about that object. Yeah, so this is a web-based maps, this is all, in our first release of web-based mapping, we built contextual maps, so no matter where I am in Orion, in my environment, there's always a contextual map that was built for me. Because no one has the time to build maps. Exactly, and it's taking advantage of all the data that drives AppStack and PerfStack to create that association view. Yeah. So what was missing? Yeah, so people want to be able to extend these maps to show, beyond the contextual area, large parts of their network. So in this release, we're introducing that ability to edit and extend maps manually, place things manually, add things manually and save them, all of that so you can visualize that large chunk of your environment. And we're also adding the ability to show any of these web-based maps in a widget, so you can put it on dashboards. Oh, you mean like that? Yeah, so now you can place all of those maps on a dashboard along with the other mechanisms, the other widgets, that we have to visualize and roll up data. So for example, I can take my Exchange environment, pull in maps so I can understand it logically, roll up status from nodes in other things into one of these, put maybe the top three metrics that indicate the health and performance of that environment, and I've got one screen to sort of give me a full view into my Exchange environment. Yup, and you've also got rollups here, so you got maps of maps, effectively, across the top. And then what I really like, too, is this now is responsive so that they're actually going to change sizes as need be. And if you look over here, a series of NOC views, so if I want to make this a NOC view of what would normally be any part of a summary view, I can do that with these maps as well. Yeah, so you can add your Exchange map, also add your WAN circuits map, maybe you have a couple other applications that are super critical, maybe you've got the exec watch list, you can take a look at all their statuses, their services, and really have that full view that includes not only the status and the performance stuff but the visual to sort of understand what that means. So how do we create one of these? Yeah, so there's a couple of different ways to do it, but the most straightforward way is to go to one of your existing contextual maps and go up here in the top right, click view. This will bring you into the full screen view if you wanted to really inspect and drill down, add contextual things, but there's now a new option where you can edit this map. OK, so it starts with a view that looks a lot like the existing detail view, like the drill down view, but in this case it's just isolated and then you're going to decide where you're going to-- Yeah, the maps view on nodes or interfaces or many other locations, you go into that map and you can edit. OK, but the editing is going to be very familiar to you if you're already using the drill down maps. Yeah, you'll notice that the contextual sort of contextual these are the related entities on the right moves over to the left and these are all of your entities now that you can drag and drop onto the map, similar to Network Atlas. And PerfStack. That's right. So show me how we're going to edit this. Now I can manually move these, that's brand new. There's a snap to grid function, as you would expect. But the benefit here's all of this is still leveraging that relationship data from AppStack, from all of the network topology we discover, all of those things. So if I look over on the right, if I drag and drop one of these elements onto the screen, it will drop the node and then tell me what all the relationships are. So you don't have to say, "Connect now." It already knows. Yeah, it already knows. So once I've done that, of course, all of this is live data. So as we get more information about these entities, they just appear, the status. In fact, one of the things, one of the reasons why we re-did status is when you visualize data like this, it becomes really apparent when your status isn't quite as perfect as it should be. Right. OK, so we had to put that, we had to fix the status roll up so that now your maps make sense. Ah, OK. Yep. And, of course, when all of these connections are made, depending on the type of connection, we'll have pillboxes that give you information that's relevant to that connection site. So between these lab switches, we'll have data about how much bandwidth is going through and the packet loss amount. And it makes it really handy because when you're sort of dynamically building these relationship charts, you're going to want to start where the pain is, right? Yep. So there's no sense on fleshing out all the connections to everything that's green. Start with the things that are yellow or that are red. Yeah, and we can do a lot automatically on maps, but there's certain components that you need a human to tell you how they think about it. So for example, you saw that we had this sort of orientation like this. Maybe in my head, the entry point for this location is specifically these two things, so I want to put these together as a pair, move this a little bit further away, and to me, that makes sense. Now I can make that edit, do the manual adjustment, save it, and all my peers get that view as well. OK, so you're done editing it right here in the web, then you're going to click save, that's going to save it as a named map, and then you're just going to embed that, what, as a map widget on summary view. Yeah, so that's what we saw in these views, so you can use those widgets anywhere you want or go back directly to that map in the full screen view, whatever you want. So one of the really important things to get right here, as I mentioned, was status. So let's talk a little bit more about status. Yeah, let's talk about that, because there were more than just a few. So [sighs] there were 22 statuses in the Orion Platform in the previous release. Which is fine, unless you're using status as a rollup value that then is going to affect top level status or maybe alerts. What color should status number 18 be? It's complete-- It's fuchsia? Yeah, it's going to be-- There's too many colors. It's going to depend on the context. Yeah, so we really had to get the statuses consolidated. Once we got them consolidated, we had to think much more about rollups so you wouldn't so frequently go into a device that was reporting healthy status and then see a child entity or some other metric on this device that you consider essential to the health of that device, be red. And not just for maps in this case, but maybe even just the list of application statuses, for example. Yeah, so it turns out status is pretty important when you're doing monitoring so powering things like both the maps, also just navigating around the GUI, alerting, which people like in monitoring, reporting, all of that stuff. Status is important. Basic things like node status. Yeah, and the more intelligent we get about analyzing a device and determining its health or un-health based on more advanced metric comparison, all this sort of stuff, you want that to roll up into the status because status should tell the story of that device's health, despite how complexly we calculate that story. So give us an example of how it's different. So, for example, on this map, we see this top node is green. The second node is not green, there's some sort of problem here. Hovering over shows us percent memory used is over threshold. Historically, that would not have changed the status, so you would see it green and you would see this awful metric and you'd be like, "That's not healthy, though." So you wouldn't want it to be green. That's solved. So if you had an alert set for that, before you wouldn't have gotten an alert-- Another example, yeah. It wouldn't have gone into yellow state. And where I like it, too, especially, is for groups, which is where you see it a lot. So, for example, here we've got this Hyper-V group on the bottom and then this AD group on the top. And one of the things that you'll notice is that this Hyper-V group, you know, has things that you would expect. It's got some volumes, it's got a couple of hosts. But then underneath it, there's a couple of maps. And so when you get those map statuses, rollup gets to be really important, especially if that rollup is then going to set the overall status for the group. Yeah, and what we saw people doing is, to get the status of all those child entities to roll up to the top, what they would do is add all of the nodes and then add the child entities to the group too, even though the child entity was of the node in the group already, like, this is crazy. So people would have these wildly long lists of groups just so that they could get this rollup sort of fake done for them. Right. Not so great. So now you just, like you see at the top here, you just put the nodes in, we'll do that rollup for you. That's great, all right, so that's new maps, that's status update, so what else in this release? You can now deploy to native Azure SQL. Yeah, that's pretty cool. So this is not monitoring of Azure SQL databases, we already had that. This is, you can take your Orion database, instead of running that on-premises, on MS SQL, now you can deploy that into Azure's DB. So the same thing, basically, as AWS-- RDS. RDS, right. Yep, so now we support both. OK, so both of those are supported. Let's see, what else? Agents got some upgrades in the way that they're handled. Yeah, we have an upgrade, the agent deployment, we also have, we cover dynamic nodes better now, we have increased, enhanced the capabilities of the SDK. We also updated the configuration wizard. So a whole bunch of other stuff. The best place to look at all the specifics is, of course, the release notes in the training we have, which is available at support.solarwinds.com, where you'll find the Customer Success Center. Customer Success Center, self-paced training, instructor-led training and everything else to help pick up other features for all of these new releases. OK, let's talk about the third, and the biggest, chunk of new features that were added, that actually drove all of this, again, is Network Insight for Palo Alto. You know who really would want to talk about that? I want to, it's the headliner feature. Well of course you do, and I like talking about it, and they are talking about it, but Leon Adato in particular-- OK. Really wants to talk about this. Especially because we had a little bit of a disagreement about whether it is a piece of network gear or it is, in fact, application-focused. Which side were you on? You can probably guess. I'm on the network side. Yeah, you're right, he's wrong. Yeah, so we had to sort this out, so we took a quick tour of the server room to get an answer. [electronic buzzing] So here we are and in the server room, here in the Austin data center. And, you know, they keep asking, "Can we see more of the data center?" So hey, we had to come back here. Here we are. OK, so we are at the beating heart of SolarWinds, at least the Austin office. In the-- In the data center. But this rack is the core-- It's our core network rack, yes. However, OK, just for a little bit of a tour, we've got our distribution switches here, we got our 6800s, we got a pair of them, left and right, we go up to our routers and everything, and then at the top, we have the two Palo Altos. Because there can only be two. There can only, there must always be two, right, exactly. And, yes, I know what you're going to say, that this is a network rack, however, it's so much more than that because what you have is, I mean, the fact is that everything flows on the network, we've got that, but the Palo Altos are dealing with, fundamentally, with application traffic. And it's dealing with VPNs and it's dealing with security and it has-- Users, who actually need to be protected, that you're concerned that they may not know what they're doing. And it's managed with a GUI and it has an API and it looks a lot like, sort of, a server-based thing, and it's dealing, fundamentally, with how the application flows. But we have been asked at many, many trade shows over the years, "When is Palo Alto going to be available inside of Orion beyond just basic node management?" Yeah. And so, the answer was it turned out that we had to make fundamental extensions and upgrades for how many products? OK, we had to do four and yes, they were part of our network pillars. So it was NPM, NCM, NetFlow or NTA, and UDT. However, I could argue that NetFlow is fundamentally an application tool, even though we categorize it under the network stop. It's an application traffic tuning tool. It's an application traffic tuning tool. And again, the Palo Altos are fundamentally interested in the application traffic and how users interact with application traffic. And I would say that that all boils down to why network monitoring by itself wasn't good enough for the Palo Altos, that it had to be Network Insight, that we needed to be able to understand not just the network flow but how it was dealing with all the traffic and the nuances of that traffic, all the way up to the top layer of the OSI model. In the same way that F5 doesn't automatically snap in and ASAs don't automatically, that each one of those needed Network Insight, and this was the same thing. Right. Being able to extend it to NCM and then you get into configs and being able to diff-- Yes. I'm kind of getting ahead of myself here, but we should probably go and actually show them how to use this in these products and how to take advantage of everything that's in Network Insight for Palo Alto because it's not really like anything we've ever done before. Right. And I think we ought to do that. Yeah, so I'll see you back there. Well, on the way out, do you want to kick any of those fiber connectors there at the bottom? I feel like hashtag last thing I did, you know, before I got fired. Things overheard being walked out? Fired, fired, so fired. Yeah, all right, so let's go back. [electronic buzzing] All right, it's always fun to visit the server room, but I don't think I could record an entire episode in there. No, it's pretty loud. So before we go into too much more, I think we need to define how Network Insights are fundamentally different than regular network monitoring. Right, so they're network monitors for not exactly networking things. OK, fair enough, and I think the other thing that makes it important is that it is both deep insight into that special device and also broad because those devices tend to do more than one highly significant, highly specialized thing for a business. Right, like, so the F5 load balancer one for Network Insight, that would be pool membership by applications, so things like ASA would be, "Is that tunnel actually down for VPN or is it collapsed because there's no traffic?" So VPN concentrated and your security contacts, and also, and your firewall rules and things like that. So, right, it's broad, doing a lot of things, but very deep insight. Exactly. And so this one actually took a little bit of time, and thank you all so much for all of you who participated in the UX sessions for this because it turned out that we actually needed to extend four different products to really do it the right way. Let's go through them. Yeah, let's go through them. So I'm here on just the regular front page, and this is just a lab system that's running downstairs. Actually, running back there in the server room. And you can see here I've got Palo Alto. And normally, if you clicked into a Palo Alto device, you would get just kind of a regular view of that device, right? Right, you'd have SNMP MIBs that you could collect, but obviously, Network Insight gives you more. Right, so here, first of all, now you get a full standard view that you would expect, node details information, you're going to get CPU utilization, port, the rest of it. Now, some of the details in this port view are actually coming from UDT and I'm going to get into that in a second. But if you're familiar with the ASA view, some of these look really familiar. So if I want to go in and look at my site-to-site VPNs, if I want to go in and actually look at remote access, to be able to drill into the VPN functions that we would expect, we can get to those, too. But let's go in and take a look at the policies here. So this, again, is something specific to this Palo Alto config. And you would normally be configuring this with a GUI, but we need to be able to show this along with the rest of our network and application gear, so I can actually look at the policies that are defined on that system and I can, you know, slice and dice in the way that you would expect. And again, we're just doing a brief overview of this. The last Lab episode, last month, we actually went into a lot of this in greater detail, but you can check that out. But I'm going to drill into my company policy here. And the first thing that you're going to notice is over here, I can actually see the configuration of that policy. So that's actually coming directly from the device that required another API extension to get that. I can also do some things like I can look at policy changes for example, so I'm going to do view diff and I'm going to get almost an NCM-like view of the history-- Of that policy. For changes on that policy. And if, so that's fantastic and it's very helpful for network engineers, but if you go back to that previous screen, the other piece of this, and this is all pieces of a mental puzzle, is that you're also looking at how the NetFlow, specifically for this policy, is flowing. And that was what we showed last month in the last Lab, was that I'm not just looking at NetFlow for general, this is the NetFlow specific to this policy. So you can see that those changes that we were just looking at a second ago, this is what was affected, and this is maybe what we were trying to improve is, the NetFlow, we weren't getting the flow of the data that we wanted to the places that we wanted it. Right, well, and actually this is sort of a side benefit. The first thing that we needed to do was to be able to actually have it as a flow source. So in the new version of NTA, you can see that we've actually added that Palo Alto device as a flow source, that was something that we didn't have before, along with-- The local stores on Windows devices, it's crazy. Yeah, you've got to see last month's Lab-- You really have to watch that. So watch that. But the other way that I think about this, too, is you remember if you're looking at CBQOS, so for those of you who are using Cisco CBQOS classes, one of the things that the CBQOS view actually offers, in addition to the details of the policy, is it's essentially giving you sort of traffic in, traffic out as you get that policy tuned in. Because the ideal policy never actually works in production, you have to tune it. And the only way you can do that is you can actually watch the effects of the traffic. Well since you're going to spend a lot of your time actually managing those policies on that Palo Alto device, we realized that we could actually put, we could take the NetFlow data that we're already collecting as a part of NTA on the Orion Platform and use that side by side with the actual policies so that you could tune your policies looking at actual data. Exactly. Right? So the last thing, just to prove that it is actually true, it does show up in User Device Tracker and the reason for adding it to User Device Tracker is-- We couldn't get things with show CDP neighbor, so we actually had to pull all this data through the-- CLI. CLI. The CLI, right, so we added it there as well. If you don't have UDT, then it won't necessarily light up for you, but where it is going to be really handy is if you want to actually create a map, remember? These are the dynamically created maps. So in this case, normally there would be two, this is a lab machine and so I can see the elements on it, but this gives you, essentially, that sort of functional topology view of how it's connected and then application traffic and the rest of it-- And then, and in a real environment, not a lab environment, you'd see it's connected to this and it's connected to that, and you could continue to build out those maps. OK so that, in about three minutes, is Network Insight for Palo Alto. We just have so much to cover in this release. There are so many products in this release, this Lab would otherwise go for two hours and I don't think any of you want to see that, so. So we have to get back to the rest of the episode. Yeah, it's great to see ya. It's good to see you, too. [electronic buzzing] OK, I have to admit, that was really fun. And you have asked us over and over again in live chat to go back to the server room, so we just had to do that when Leon was here because who else are we going to take into the server room? So should I let him convince me that Network Insight for Palo Alto is because it is a hybrid application, network device or it's, no, it's network gear. I think you said it yourself, Patrick: it's a Network Insight. It is Network Insight. So it's joining a lineup of other Network Insight capabilities for F5 load balancers, for Cisco ASA and for Nexus, right? So why are those different? Why is Palo Alto like those other network, other devices that need Network Insight? These devices have really specific jobs. It's, in order to have a real understanding of whether they're doing the job that they need to do, you have to have better visibility into all of the pieces that are being delivered. So that's why these Network Insights span several of our modules. You see Network Insight for Palo Alto come in in NPM, NCM, NTA, UDT because it takes different pieces of information from across the network environment to really understand if it's fully doing the job that it needs to do. So it's part of that perception a lot of times that devices like that, or more complex, not so much that they do have some extra costs, a lot of times they're a little bit more expensive. I mean, a Nexus is, what? I mean, it's additional layers, so a Nexus is $250,000, too. It has the core capabilities of a switch or a router but then an extra layer of intelligence on top of that to do more stuff. Right, so, but a lot of it, a lot of times, that automatically makes you assume that it's more complex, but the reality is, it's, a lot of times for the team, just having two different tools. Maybe you have the vendor-specific version of the tool to manage it and then you're using the Orion Platform and NPM for everything else, so by bringing a Network Insight module in for Palo Alto, it lets everyone on the team be able to use it and sort of, it doesn't exactly make complexity disappear, it just reminds you it's not really all that complex, it's just additional capability that otherwise you can't take advantage of. That's exactly right. So you might be an expert in it, you might have people on your team who are experts in these devices, and that may work OK for you, but if you, by having these Network Insights, it'll still make your job easier because it'll bring it in and integrate it with the rest of your monitoring. And for those people who are wearing a lot of different hats and just don't have the time to become an expert in everything, then it'll make it easier for them as well. Well, I know that I can't. So another thing that people don't need to be experts in is upgrades. So any time we do something like a new Network Insight module, or on the application side, under SAM, Server & Application Monitor, that'd be an AppInsight module. It gives us a chance to do, usually, several upgrades at the same time. So this is another one of those cases where, in one upgrade cycle, not only are you getting these, sort of, top three additions that are part of this release, but there's also a host of other network or module-specific upgrades that happen along the way as well. That's right, and we mentioned that Palo Alto is the number one Network Insight that you requested, but you asked us for a lot of other things as well, and so we've put some of those into some of these additional updates at the same time. OK well, let's take a look at some of those. Yeah, let's talk about NTA. So NTA contributed all of the traffic analysis stuff for Network Insight for Palo Alto, but we've also got a couple other things. So IPv6 port is finally coming to NTA, it's here. I believe that was another one of your number one requests. Yeah, it's been a little while, but we have it now so that you can see the IPv6 data along with your IPv4 data in one spot where you would expect it to be. And so whether you have Palo Alto or not, it's going to be just another flow source. That's absolutely right. So it's also cool, we have a new capability where, particularly if you're trying NTA in a new environment, or you're showing someone NTA, you can use a local NetFlow source. So the main polling engine will have an agent that captures traffic and exports that via NetFlow and we can see that data in NTA. So a new way to sort of explore your data. This is primarily for people that are trying NTA for the first time, but it's an interesting capability. Who knows where that will go? Well if you want to hear more about that, our previous Lab episode was all about the new version of NTA and we actually got into that a little bit more, so definitely check out that other episode, it'll go in-depth into both IPv6 and local sources. Yeah, so let's talk about UDT next. So User Device Tracker contributed user and device tracking for Network Insight for Palo Alto, so if you have one of these, people will often have a Palo Alto deployed at remote branch offices and some of these branch offices, they don't have a lot of people at them, so you plug directly into a switch, the switch directly into the Palo Alto. Now, with Network Insight for Palo Alto, we can discover those devices connected to your Palo Alto and do the same sort of user device tracking you would expect anywhere else. Because ARP and nearest neighbor wouldn't be able to find it. That's right, so now, in addition to that, UDT is bringing new discovery support to Nexus and CLI-based polling. So sometimes, we couldn't get that user device tracking, the data we needed for that in terms of MAC addresses, ARP tables, these sorts of things, through SNMP, some devices don't expose that. So now we get it from those devices via CLI. OK, so what else? IPAM got a bunch of updates. That's right, IPAM got some updates, and it's another example of where we're delivering what you've been asking for, which is an expansion of the IP request form. This is the whole episode of most requested features, all delivered at the same time, isn't it? That's right. So it's very easy to be a PM at SolarWinds, you just deliver what the people ask for. [laughing] So let's take a look at that. Here, you navigate through My Dashboards, IP addresses, and request IP address. So we had this capability before, but what you guys told us is in production, you found you needed little enhancements to really make sure all of your workflows were fully automated. So we addressed that by adding delegation. You can now, users can go through this entire web request flow, there's an approval workflow, and that gets them through the whole thing. That is just really handy. I like it because it is a lot like using the change request form in NCM as well. So the last module that got an update that we're going to talk about here would be Voice & Network Quality Monitor, VNQM. For CUCM environments, we added visibility for SIP trunks and border elements as well. And I think the thing that you like most about that is real time polling. Real time polling, so that little rocket ship in PerfStack that you can click on to go from your standard five or ten minutes polling over to one second polling because I need it right now. That is now enabled for SIP utilization in VNQM. It's actually a separate polling technology, we built that just for that one second polling. And that's to make SIP trunk troubleshooting a lot easier. Yeah. OK, so that really was an awful lot to try to jam into one episode. It was a lot, we have updates to NPM, NTA, NCM, UDT, IPAM, VNQM, Maps 2.0, reformed status, and Network Insight for Palo Alto. And we haven't touched on systems management or EOC, which also received a lot of updates. OK, that is way more than would fit in any episode, and if you think about it, even, we had a whole episode just on the NTA changes that we talked about here, so definitely go check that out, that was the last episode. And you can find our whole back catalog of SolarWinds Lab episodes at our homepage, which is lab.solarwinds.com. Especially check for the schedule for upcoming episodes so you can be with us live. And you'll know whether you're live with us or not because if you don't see a chat box up here where you're talking to us during the episode, then you're not live. Check the schedule and be with us next time. Well, Abigail and Chris, thank you so much for being a part of this episode. Thank you. I had a great time. Cool. Well, we'll see you again on SolarWinds Lab. [electronic buzzing] [upbeat electronic music]