Ipanema System User Manual 7.0.2

Ipanema System
User Manual
7.0.2
Issue: March 2012
Headquarters, France
Ipanema Technologies, 28 rue de la Redoute, 92260 Fontenay-aux-Roses
email: info@ipanematech.com
tel: +33 1 55 52 15 00
Technical support
email: support@ipanematech.com
tel: +33 1 55 52 15 22
Belgium
Ipanema Technologies, Av. du Bourg. Etienne Demunter, 3 1090 Bruxelles
tel: +32 498 17 95 09
Germany
Ipanema Technologies GmbH, Gustav-Stresemann-Ring 1, 65189 Wiesbaden
tel: +49 611 97774 285
Italy
Ipanema Technologies, Via Senigallia 18/2, 20161 Milano
tel: +39 02 64672319
Singapore
Ipanema Technologies, Suntec, Centennial Tower, 3 Temasek Avenue, Singapore 039190
tel: +65 65497181
Spain
Ipanema Technologies, Plaza Pablo Ruiz Picasso 1, Torre Picasso, 28020 Madrid
tel: +34 670 450 205
Switzerland
Ipanema Technologies, Zollikerstrasse 153, CH-8008 Zurich
tel: +41 (0)43 488 45 06
The Netherlands
Ipanema Technologies, Vaartserijnstraat 16, 3523 Utrecht
tel: +31 30 890 6570
UK
Ipanema Technologies Ltd, Abbey House, Wellington Way, Weybridge, Surrey, KT13 0TT
tel: +44 1932 268 380
USA
Ipanema Technologies Corp., 200 Fifth Avenue, Waltham, MA 02451
tel: +1 781 890 8008
Technical support
email: support@ipanematech.com
tel: +1 617 862 0033
toll free number: 888 485 4884
The information contained in this document is subject to change without notice.

The information and specifications contained in this document are not contractual. The information
contained in this document is sincerely considered by Ipanema Technologies to be accurate and
reliable, but implies no warranty, either explicit or implicit. Users are responsible for their personal use
of the information and specifications. Ipanema Technologies shall not be liable for any errors which may
appear in this document.
Reproduction in any form whatsoever, without the written authorization of Ipanema Technologies, is
strictly forbidden.
Ipanema, the Ipanema logo, Ipanema System, ip|uniboss, ip|boss, ip|true, ip|fast, ip|coop,
ip|xcomp, ip|xtcp, ip|xapp, smart|path, ip|sync, ip|reporter, smart|plan, ip|export and ip|engine
are trademarks of Ipanema Technologies
Any trademarks and trade names which may be used in this document refer to the entities which own
these trademarks and these trade names, or to their products.
Ipanema Technologies renounces all proprietary interest in trademarks and trade names other than its
own.
Copyright 2001/2012, Ipanema Technologies
All rights reserved
Contents
CONTENTS
INTRODUCTION ......................................................................... ..........
1. REVISIONS ......................................................................... ..........
2. LIST OF ASSOCIATED DOCUMENTS ............................... ..........
3. DOCUMENT ORGANIZATION ........................................... ..........
4. TERMS USED ..................................................................... ..........
1
1
3
3
4
CHAPTER 1 IPANEMA SYSTEM ............................................ ..........

1. OVERVIEW ......................................................................... ..........
1. 1. General ....................................................................... ..........
1. 2. System description ...................................................... ..........
2. GENERAL PRINCIPLES ..................................................... ..........
2. 1. System deployment .................................................... ..........
2. 2. Time synchronization .................................................. ..........
2. 3. Communication between system elements ................ ..........
2. 4. The QoS measurement (or Visibility) service: ip|true .. ..........
2. 5. The real-time QoS & control service: ip|fast ................ ..........
2. 6. The redundancy elimination service: ip|xcomp ........... ..........
2. 7. The TCP acceleration service: ip|xtcp ......................... ..........
2. 8. The CIFS acceleration service: ip|xapp ...................... ..........
2. 9. The Dynamic WAN Selection service: smart|path ....... ..........
2. 10. The right sizing service: smart|plan ........................... ..........
2. 11. Functional architecture .............................................. ..........
2. 12. Security ..................................................................... ..........
1-1
1-1
1-1
1-4
1-6
1-6
1-8
1-9
1-11
1-12
1-12
1-13
1-13
1-14
1-14
1-15
1-23
CHAPTER 2 UNIFIED ACCESS TO THE IPANEMA SYSTEM

(SALSA CLIENT) ................................................................... ..........
1. UNIFIED USER MANAGEMENT ........................................ ..........
2. SALSA ARCHITECTURE .................................................... ..........
3. SALSA URLs ....................................................................... ..........
3. 1. LDAP Users URLs ...................................................... ..........
3. 2. External Users URLs .................................................. ..........
3. 3. Legacy Users URLs .................................................... ..........
4. LDAP AUTHENTICATION ................................................... ..........
5. VISTAPORTAL AND VPSE CONSIDERATIONS ................ ..........
5. 1. VistaPortal considerations ........................................... ..........
5. 2. VistaPortal SE considerations ..................................... ..........
2-1
2-1
2-5
2-6
2-6
2-6
2-6
2-7
2-7
2-7
2-7
CHAPTER 3 MANAGING DOMAINS, USERS AND LICENSES

(IP|UNIBOSS) ........................................................................ ..........
1. DOMAINS OVERVIEW ....................................................... ..........
2. ip|uniboss WEB CLIENT ..................................................... ..........
2. 1. Connection to ip|uniboss using the web client ............ ..........
2. 2. ip|uniboss web client main window ............................. ..........
3. ip|uniboss JAVA CLIENT ..................................................... ..........
3. 1. Connection to ip|uniboss using the Java client ........... ..........
3. 2. ip|uniboss Java client main window ............................ ..........
4. IMPORT A LICENSE ........................................................... ..........
5. SYSTEM PROVISIONING .................................................. ..........
5. 1. Create an ip|boss server ............................................. ..........
5. 2. Domains ...................................................................... ..........
5. 3. Radius ......................................................................... ..........
6. REPORTING PROVISIONING ............................................ ..........
6. 1. ip|reporter web portals (VF0 and VF4) ........................ ..........
6. 2. VistaMart (VF4 only) ................................................... ..........
6. 3. Server Group (VF4 only) ............................................. ..........
6. 4. IV Server ..................................................................... ..........
3-1
3-1
3-2
3-2
3-3
3-7
3-8
3-8
3-10
3-11
3-11
3-13
3-19
3-21
3-22
3-24
3-26
3-27
March 2012
Ipanema Technologies
Contents
7. SYSTEM ADMINISTRATION .............................................. ..........

7. 1. Users ........................................................................... ..........
7. 2. Local administrator password ..................................... ..........
8. SUPERVISION .................................................................... ..........
8. 1. Inventory ..................................................................... ..........
8. 2. Logs ............................................................................ ..........
8. 3. Issues .......................................................................... ..........
3-29
3-29
3-33
3-34
3-34
3-37
3-38
CHAPTER 4 CONFIGURING SERVICES (IP|BOSS) ............. ..........

1. CONFIGURATION OVERVIEW .......................................... ..........
2. CONFIGURING SERVICES USING ip|boss WEB CLIENT ..........
2. 1. Connection to ip|boss using the web client ................. ..........
2. 2. ip|boss web client main window .................................. ..........
2. 3. ip|boss web client table view ....................................... ..........
2. 4. ip|boss web client creation form .................................. ..........
3. CONFIGURING SERVICES USING ip|boss JAVA CLIENT ..........
3. 1. Connection to ip|boss using the Java client ................ ..........
3. 2. ip|boss Java client main window ................................. ..........
3. 3. ip|boss Java client table view ...................................... ..........
3. 4. ip|boss Java client creation form ................................. ..........
4. ip|boss CLI CLIENT ............................................................. ..........
4. 1. CLI architecture ........................................................... ..........
4. 2. CLI language ............................................................... ..........
4. 3. Tabular input and output ............................................. ..........
5. ip|boss MAIN SCREEN DESCRIPTION ............................. ..........
5. 1. ip|boss tool bar ............................................................ ..........
5. 2. ip|boss status zone ..................................................... ..........
5. 3. ip|boss Java client menu bar ....................................... ..........
6. OPERATING PROCEDURE ............................................... ..........
7. CREATE, OPEN, SAVE A CONFIGURATION .................... ..........
7. 1. Create a new configuration ......................................... ..........
7. 2. Open a configuration ................................................... ..........
7. 3. Save a configuration ................................................... ..........
7. 4. Undo a configuration modification ............................... ..........
8. EXPORTING AND IMPORTING OBJECTS ........................ ..........
8. 1. Exporting objects ........................................................ ..........
8. 2. Importing objects ......................................................... ..........
9. SYSTEM PROVISIONING .................................................. ..........
9. 1. Configuring Coloring ................................................... ..........
9. 2. Configuring WAN Accesses ........................................ ..........
9. 3. Configuring ip|engines ................................................ ..........
9. 4. Configuring Topology subnets ..................................... ..........
9. 5. Configuring ip|sync (time synchronization) ................. ..........
9. 6. Tools ............................................................................ ..........
9. 7. Configuring smart|path (Tools / Advanced conf.) ........ ..........
10. APPLICATION PROVISIONING ....................................... ..........
10. 1. Configuring User subnets ......................................... ..........
10. 2. Configuring Types of service (TOS) .......................... ..........
10. 3. Configuring Applications ........................................... ..........
10. 4. Configuring QoS Profiles .......................................... ..........
10. 5. Configuring Application Groups ................................ ..........
10. 6. Applications mapping ................................................ ..........
10. 7. Configuring LTL (Local Traffic Limiting) ..................... ..........
11. REPORTING ..................................................................... ..........
11. 1. Configuring MetaViews ............................................. ..........
11. 2. Configuring Reports (ip|reporter) ............................... ..........
11. 3. Configuring Alarming ................................................. ..........
12. SUPERVISION OPTIONS ................................................. ..........
12. 1. Configuring Fault Management ................................. ..........
13. SYSTEM ADMINISTRATION ............................................ ..........
13. 1. Configuring User profiles .......................................... ..........
4-1
4-1
4-2
4-2
4-4
4-5
4-10
4-11
4-11
4-12
4-13
4-14
4-15
4-15
4-15
4-16
4-17
4-18
4-23
4-27
4-28
4-38
4-38
4-38
4-38
4-39
4-40
4-40
4-41
4-44
4-44
4-48
4-53
4-61
4-63
4-65
4-66
4-68
4-68
4-69
4-70
4-82
4-84
4-92
4-94
4-96
4-96
4-105
4-105
4-111
4-111
4-116
4-116
March 2012
ii
Ipanema System
iii
13. 2. Configuring Automatic reporting ............................... ..........

13. 3. Configuring Security .................................................. ..........
4-117
4-118
CHAPTER 5 IPANEMA SYSTEM SUPERVISION (IP|BOSS) . ..........

1. CHECK THE DOMAINS STATUSES .................................. ..........
2. ip|boss MAIN WINDOW ...................................................... ..........
3. SUPERVISION .................................................................... ..........
3. 1. ip|engine status (monitoring ip|engines activity) ......... ..........
3. 2. Supervision Maps (monitoring ip|engines activity) ...... ..........
3. 3. Security (monitoring security certificate) ..................... ..........
4. SYSTEM PROVISIONING: TOOLS .................................... ..........
4. 1. Rebooting .................................................................... ..........
4. 2. Scripts ......................................................................... ..........
4. 3. ip|engine software upgrade ......................................... ..........
5. ip|boss LOGS ...................................................................... ..........
5-1
5-1
5-3
5-4
5-4
5-9
5-11
5-12
5-12
5-13
5-15
5-19
CHAPTER 6 USING IPANEMA SERVICES (IP|BOSS) .......... ..........

1. STARTING AND STOPPING A SESSION .......................... ..........
1. 1. Starting a session ....................................................... ..........
1. 2. Stopping a session ...................................................... ..........
2. LOGIN: CHANGING USER PASSWORD ........................... ..........
3. DYNAMICALLY MODIFYING A SESSION ........................ ..........
3. 1. Update procedure ....................................................... ..........
3. 2. Transition .................................................................... ..........
4. SERVICE ACTIVATION ....................................................... ..........
4. 1. ip|true (measurement) ................................................. ..........
4. 2. ip|fast (QoS & control) ................................................. ..........
4. 3. ip|coop (virtual cooperation) ..................................... ..........
4. 4. ip|xcomp (redundancy elimination) ............................. ..........
4. 5. ip|xtcp (TCP acceleration) ........................................... ..........
4. 6. ip|xapp (CIFS acceleration) ......................................... ..........
4. 7. smart|plan ................................................................... ..........
5. HELPDESK ......................................................................... ..........
5. 1. Link supervision .......................................................... ..........
5. 2. Real-Time flows .......................................................... ..........
5. 3. Discovery .................................................................... ..........
5. 4. Helpdesk maps ........................................................... ..........
6. HELP ................................................................................... ..........
6-1
6-1
6-1
6-2
6-3
6-4
6-6
6-6
6-7
6-7
6-10
6-13
6-15
6-17
6-19
6-20
6-21
6-21
6-24
6-31
6-37
6-40
CHAPTER 7 NETWORK VIEW (IP|DASHBOARD) ................ ..........

1. CONNECTION TO ip|dashboard ......................................... ..........
2. PRESENTATION OF ip|dashboard GUI .............................. ..........
2. 1. ip|dashboard windows and menus .............................. ..........
2. 2. Reading ip|dashboard contents .................................. ..........
2. 3. Access to the reports .................................................. ..........
3. USING ip|dashboard ........................................................... ..........
3. 1. Domains view .............................................................. ..........
3. 2. Sites view .................................................................... ..........
3. 3. Single Site view ........................................................... ..........
7-1
7-1
7-3
7-3
7-5
7-7
7-8
7-8
7-11
7-12
CHAPTER 8 ANALYZING AND REPORTING TOOLS

(IP|REPORTER) .................................................................... ..........
1. MIB ACCESS ...................................................................... ..........
1. 1. MIB .............................................................................. ..........
1. 2. SNMP .......................................................................... ..........
2. ip|reporter ............................................................................ ..........
2. 1. Ipanema Architecture .................................................. ..........
2. 2. Ipanemas ip|reporter architecture .............................. ..........
2. 3. Terms .......................................................................... ..........
2. 4. Starting the system ..................................................... ..........
2. 5. Reports Management ................................................. ..........
8-1
8-1
8-1
8-1
8-2
8-2
8-4
8-6
8-8
8-18
March 2012
Contents
3. HOW TO READ THE REPORTS ........................................ ..........

3. 1. IVreport (VF0) ............................................................. ..........
3. 2. Web client (VF0) ......................................................... ..........
3. 3. Web client (VF4) ......................................................... ..........
3. 4. Dynamic reading of the reports ................................... ..........
3. 5. Definitions ................................................................... ..........
4. IPANEMA SYSTEM VISTAVIEWS ...................................... ..........
5. SLM (SERVICE LEVEL MONITORING) REPORTS ........... ..........
5. 1. is - slm - service level evolution .................................. ..........
5. 2. is - slm - site summary ................................................ ..........
5. 3. is - slm - application group summary .......................... ..........
5. 4. is - slm - application group summary per direction ...... ..........
5. 5. is - slm - application synthesis .................................... ..........
5. 6. is - slm - site synthesis ................................................ ..........
6. SLA (SERVICE LEVEL AGREEMENT) REPORTS ............ ..........
6. 1. is - sla - domain overview - graph ............................... ..........
6. 2. is - sla - domain overview - table ................................ ..........
6. 3. is - sla - domain - aqs summary .................................. ..........
6. 4. is - sla - domain - mos summary ................................. ..........
6. 5. is - sla - site summary ................................................. ..........
6. 6. is - sla - site exploitation .............................................. ..........
6. 7. is - sla - site customer ................................................. ..........
7. AM (APPLICATION MONITORING) REPORTS ................. ..........
7. 1. is - am - site summary - tcp ......................................... ..........
7. 2. is - am - application group summary - tcp ................... ..........
7. 3. is - am - application group summary - per dir. - tcp ..... ..........
7. 4. is - am - application summary - tcp ............................. ..........
7. 5. is - am - application summary - per direction - tcp ...... ..........
7. 6. is - am - time evolution - tcp ........................................ ..........
8. PM (PERFORMANCE MONITORING) REPORTS ............. ..........
8. 1. is - pm - site summary ................................................. ..........
8. 2. is - pm - application group summary ........................... ..........
8. 3. is - pm - application group summary per direction ...... ..........
8. 4. is - pm - application summary ..................................... ..........
8. 5. is - pm - application summary per direction ................ ..........
8. 6. is - pm - traffic topology ............................................... ..........
8. 7. is - pm - time evolution ................................................ ..........
8. 8. is - pm - detailed per application, per app. group ........ ..........
8. 9. is - pm - top host application on volume ..................... ..........
9. PM COMPRESSION REPORTS ......................................... ..........
9. 1. is - pm - compression evolution .................................. ..........
9. 2. is - pm - application group compression synthesis ..... ..........
9. 3. is - pm - application compression synthesis ................ ..........
10. ACC (ACCELERATION) REPORT .................................... ..........
10. 1. is - acc - acceleration evolution ................................. ..........
11. CIFS REPORT ................................................................... ..........
11. 1. is - cifs - time evolution .............................................. ..........
12. VoIP REPORTS ................................................................ ..........
12. 1. is - voip - synthesis ................................................... ..........
12. 2. is - voip - time evolution ............................................ ..........
13. SA (SITE ANALYSIS) REPORTS ...................................... ..........
13. 1. is - sa - site summary ingress ................................... ..........
13. 2. is - sa - site summary egress .................................... ..........
13. 3. is - sa - site throughput ............................................. ..........
14. FI (FAULT ISOLATION) REPORTS ................................... ..........
14. 1. is - fi - availability - evolution ..................................... ..........
14. 2. is - fi - availability - overview ..................................... ..........
15. SP (SMARTPLANNING) REPORTS ................................. ..........
15. 1. is - sp - profile ........................................................... ..........
15. 2. is - sp - synthesis ...................................................... ..........
16. EXPORTING THE REPORTS DATA WITH ip|export ....... ..........
March 2012
8-26
8-26
8-27
8-29
8-34
8-35
8-37
8-44
8-44
8-46
8-48
8-50
8-52
8-56
8-59
8-59
8-61
8-63
8-65
8-67
8-69
8-71
8-73
8-73
8-75
8-77
8-79
8-81
8-83
8-85
8-85
8-87
8-89
8-91
8-93
8-95
8-98
8-100
8-102
8-104
8-104
8-106
8-109
8-112
8-112
8-114
8-114
8-116
8-117
8-119
8-121
8-121
8-123
8-125
8-127
8-127
8-130
8-132
8-132
8-134
8-136
iv
Ipanema System
16. 1. ip|export output files and directory ............................ ..........

16. 2. ip|export log file ......................................................... ..........
16. 3. ip|export command usage ......................................... ..........
16. 4. ip|export output file formats ....................................... ..........
8-136
8-137
8-137
8-138
CHAPTER 9 SOFTWARE LICENSE TERMS ......................... ..........

1. GRANT OF RIGHTS TO USE AND INTELLECTUAL
PROPERTY ........................................................................ ..........
2. OPEN SOURCE LICENSES ............................................... ..........
3. TERM AND TERMINATION ................................................ ..........
4. SOFTWARE MEDIA WARRANTY ...................................... ..........
5. SOFTWARE WARRANTY ................................................... ..........
6. DISCLAIMER ...................................................................... ..........
7. GOVERNING LAW .............................................................. ..........
9-1
9-1
9-1
9-1
9-2
9-2
9-2
9-3
CHAPTER 10 TECHNICAL SUPPORT ..................................... ..........

1. CUSTOMER TECHNICAL SUPPORT ............................... ..........
10-1
10-1
March 2012
INTRODUCTION
1. REVISIONS
Date of issue
Index
Chapter/
section
concerned
Subject
January 2001
All
Original
April 2001
All
in accordance with the V2.4 software version
September 2001
All
January 2002
All
in accordance with the V2.5.11 software version
March 2002
All
August 2002
All
October 2002
All
January 2003
Chapters 2,
3, 4 and 8
February 2003
Chapter 2
ip|reporter settings
April 2003
Chapter 2
About window
October 2003
All
July 2004
All
April 2005
All
November 2005
All
November 2005
Chapter 2
ip|boss Solaris installation
April 2006
All
August 2006
All
October 2006
Chapter 2
Domain creation, ip|reporter Solaris installation,

ip|reporter web 2.2
November 2006
Chapter 3
Alarming function
February 2007
All
manual organization; ip|reporters portmapper

port; ip|reporter multi network interfaces server;
Apache web server configuration for ip|reporter
web edition; BW tracking principles; configuring
ip|engines; ip|engine alarms description; removal
of a report
November 2007
All
January 2008
Chapters 2
and 7
ip|reporter web (no license key; user rights

definition); 7.3.2. How to read the reports;
periodicity of some reports (minor corrections)
April 2008
All
in accordance with the v5.0.0r8 software version
July 2008
Chapters 2
and 3
Solaris installation removed from this manual;

radius configuration
March 2012
Ipanema System
October 2008
All
in accordance with the v5.0.0r12 software

version
December 2008
All
in accordance with the v5.1 software version
January 2009
AA
Chapter 2
2.5.4. Install/Uninstall ip|reporter on Windows,

2.6.1. Install ip|reporter web on Windows
March 2009
AB
All
May 2009
AC
All
Minor corrections: 1. 2. 3. 5, 3. 6. 1 and 7.1.2:

SNMP port; 2.5.6.1: InfoVista license key;
2.6.1.8: Customizing VistaPortal SE; 4.5.3:
ip|boss Java client menu bar; 6.5.3: Helpdesk
maps colors
New: 2.3.3 install ip|boss using the CLI; 3.9:
note on Inventory printing; 4.9.7. Tools; 4.9.8.
smart|path advanced parameters; 4.10.5.4: User
class sensitivity; 4.11.3.1: Alarm severity; 6.5.1:
Link supervision
June 2009
AD
Chapters 2, 9
2.1 JDK is not required any longer;

9.1 Technical Support contact information
November 2009
AE
Chapters 2,
4, 7
2.8.2 software upgrade (FTP)

4.9.3 and 4.10.5.4 RAM-based and Disk-based
compression are replaced by Zero Delay and
Standard Redundancy Elimination (ZRE, SRE)
4.10.3.2 applications list
7. several report updates in version 5.2 had not
been reflected in the manual
November 2009
AF
Chapters 2,
4, 6, 7
2.2.3 and 2.3.3 minor corrections

4.9 Export / Import objects
4.10.8 and 4.11.5.4 new smart|path parameter in
v5.2.2
6.5.2 freeze the view in the real time flows list
7.6.3, 7.6.4 and 7.6.5 three new SLA reports
March 2010
AG
All
May 2010
AH
Chapter 1
A bug in the documentation system, which

replaced chapter 1 by chapter 10, has been
fixed.
August 2010
AI
Chapters 1,
2, 4, 5 and 8
1.2.3.2 minor correction

2.7 and 8.16 (mainly) ip|export has been
completely redesigned
December 2010
AJ
Chapter 8
8.8.11.1 minor correction
August 2011
AK
All
Virtual ip|engines are now called

tele|engines.
The optimization feature is now called QoS &
control.
2.5 reports_desc.impsys and Vistaviews are now
automatically installed with ipreporter_setup.exe;
Solaris 9 is not supported any longer; Windows
2008 is supported
Chapter 2
November 2011
AL
All

installation is now described in a separate
manual
March 2012
December 2011
AM
All
Chapter 1 - Ipanema System was missing in rev.

AL
March 2012
AN
All
in accordance with the v7.0.2 software version

major changes: User Classes are renamed
Application Groups; report pm top host
application on volume is restored
2. LIST OF ASSOCIATED DOCUMENTS

The system installation on Windows is described in a separate document:
Ipanema System Installation Manual
For each range of ip|engine (10, 100 and 1000), there are two user manuals:
Directives and Regulations Manual

ip|engine Directives, Regulations and Certificates.
READ THE SAFETY INSTRUCTIONS BEFORE CONNECTING AN ip|engine TO THE
SUPPLY.
Configuration manual
Technical characteristics and ip|engines installation, configuration and set-up procedures;
troubleshooting.
This manual is intended for ip|engines integrators, administrators and users.
3. DOCUMENT ORGANIZATION
This document contains 10 chapters:
Chapter 1 - Ipanema System: system overview.

Chapter 2 - Unified access to the Ipanema system (SALSA client): how to access a Domain
with the various components of the system.
Chapter 3 - Managing Domains, Users and Licenses (ip|uniboss): Domains and Users
creation and modification procedures, Licenses management.
Chapter 4 - Configuring Services (ip|boss): the different set-up and configuration procedures.
Chapter 5 - Ipanema System Supervision (ip|boss): system supervision procedures.
Chapter 6 - Using Ipanema Services (ip|boss): system exploitation: step-by-step procedures
for all features.
Chapter 7 - Network view (ip|dashboard): system exploitation: step-by-step procedures for
all features.
Chapter 8 - Analyzing and reporting tools (ip|reporter): description of the Ipanema reporting.
Chapter 9 - Software license terms.
Chapter 10 - Technical support: description of the Ipanema Support.
March 2012
Ipanema System
4. TERMS USED
AG:
Application Group (new name for a User Class as of SALSA

v7.0.2.).
Aggregated flow:
an aggregated flow groups together IP micro-flows sharing

given common characteristics. It is specified by a source
subnet, a destination subnet and, where appropriate, a
protocol, an application and a client/server direction and a TOS.
Applications Dictionary:
the Applications Dictionary contains a list of the applications

recognized by the system. The applications are identified by
protocol, a TCP or UDP port number, a type of Codec, a URL
for HTTP, a published application for Citrix...
Application Quality Score:
Ipanema notation for the traffic Quality. From 0 (very bad) to

10 (very good). The notation is calculated according to the
expected behavior.
AQS:
Application Quality Score (see description above).
ASL:
Application Service Level.
BDP:
Bandwidth Delay Product.
Byte counting:
the system indicates the number of bytes in the IP packet,

including IP headers.
Congestion:
state of a network resource in which the traffic incident on the

resource exceeds its output capacity over an interval of time.
CoS:
Class of Service.
CPE:
Customers Premises Equipment.

Network access equipment located on the customers site. In
the case of an IP network this is usually an access router.
Delay variation:
Standard deviation of the delay on a given period.
DSCP:
DiffServ Code Point.
DstPort:
Destination Port.
Datagram:
block of data transmitted on the packet switched network.
D/J/L:
Delay/Jitter/Loss.
Domain:
a Domain is composed of a set of ip|engines making and

exchanging observations and making measurements based on
these. ip|engines are configured and operated via the ip|boss
central software. All elements in a Domain must be connected
in the IP sense (each element must have an IP address that
can be routed on the network).
Elementary observation:
measure of time, length, etc., performed by the ip|engine on

each measured packet.
Fragmentation:
the process of division of a datagram into several fragments (IP

packets), to facilitate traffic flow on low-speed links for example.
GPS:
Global Positioning System.

A positioning and synchronization system based on a satellite
constellation (currently 24) in medium altitude orbit. This
system covers practically the entire surface of the earth and
is highly accurate.
Goodput:
Number of bits per second at layer 4 level.
GUI:
Graphic User Interface.
HSRP:
Hot Standby Router Protocol.
March 2012
ICMP:
Internet Control Message Protocol.
IMA:
Ipanema Mobile Agent.
IP:
Internet Protocol.
IP micro-flow:
an IP micro-flow is specified by all packets identified by the

same IP source and destination address, the same protocol
and, where appropriate, the same TCP/UDP ports.
IPDR:
IP Data Records.
ITP:
Ipanema Time Protocol.
Jitter:
Standard deviation of the delay on a given period.
LAN:
Local Area Network.

The same geographical site may have several LANs
interconnected by a router.
LAN to LAN:
used for the measurement from the LAN port of the source
ip|engine to the LAN port of the destination ip|engine.
LTL:
Local Traffic Limiting.
Measure interface:
interface on the ip|engine giving access to the point of

measure.
Measure ticket:
the measure ticket groups together the elementary

observations made on an IP packet by an ip|engine.
MOS:
Mean Opinion Score

Standard Measure of the Quality of a Voice Call (notation
between 0 (very bad) to 5 (very good)).
MRE:
Multi Redundancy Elimination (synonymous with

Compression).
NAP:
Network Access Point
OWD:
One Way Delay.
Packets:
series of binary elements organized in a predefined format

and transferred as a whole.
Packet counting:
the system indicates the number of datagrams observed.

It is insensitive to fragmentation by routers, whether this
fragmentation occurred in the Domain of Measure (between
ip|engines) or outside the Domain (before the first ip|engine).
Packet loss:
the system indicates the number of datagrams lost. It is

therefore insensitive to fragmentation by routers, whether this
fragmentation occurred in the Domain of Measure (between
ip|engines) or outside the Domain (before the first ip|engine).
PBR:
Policy Base Routing.
Physical site:
Site equipped with an ip|engine.
Point of measure:
place of traffic acquisition where measures are made.
QoS:
Quality of Service.
Quality Index:
See Application Quality Score.
Router:
interconnection gateway between two IP networks.
Routing:
operation of determining the route to be taken through a

network by a data packet.
RTT:
Round Trip Time.
SALSA:
Scalable Application Level Service Architecture.
March 2012
Ipanema System
SLA:
Service Level Agreement.
SNMP:
Simple Network Management Protocol.
SrcPort:
Source port.
SRE:
Standard Redundancy Elimination (AKA Disk-based

compression).
SRT:
Server Response Time.
TCP:
Transmission Control Protocol.
Ticket Record:
groups measure tickets together for transmission between

ip|engines.
TOS:
Type Of Service.
TOS Dictionary:
the TOS Dictionary contains a list of TOS recognized by the

system. The TOS are identified by the field Type Of Service
in IP packet.
Traffic profile:
a description of the temporal properties of a traffic stream such

as rate and burst size.
Transfer delay:
the transfer delay of a packet between ip|engines is measured

when the last bit of the packet passes the measure points.
In the event of fragmentation of the datagram into several IP
packets, the measure is made when the last bit of the last
fragment passes.
Throughput:
Number of bits per second at the IP level.
UDP:
User Data Protocol.
UC:
User Class: old name for an Application Group (< SALSA

v7.0.2.).
Virtual ip|engine:
Old name for a tele|engine (< SALSA v6).
Virtual site:
Site with a tele|engine.
VoIP:
Voice over IP.
VPN:
Virtual Private Network.
VRF:
Virtual Routing and Forwarding.
WAN:
Wide Area Network.

Long distance network that allows data exchange between
remote sites.
WAN to WAN:
used for the measurement from the WAN port of the source
ip|engine to the WAN port of the destination ip|engine.
WFQ:
Weighted Fairness Queuing.
ZRE:
Zero delay Redundancy Elimination (AKA RAM-based

compression).
March 2012
CHAPTER 1. IPANEMA SYSTEM

Document organization
1. 1. OVERVIEW
1. 1. 1. General
The Ipanema System enables IP networks Quality of Service (QoS) to be measured and
guaranteed. It measures data transfer characteristics between access points and, in particular,
real-time performance (throughput, transfer delay, delay variation (jitter), loss rate, round trip
time, server response time and TCP retransmission ratio) of this transfer. Improving the QoS
is a question of finding the best match between user needs and network performance and
optimizing allocation of available bandwidth at network level. To be suitable for configuring and
monitoring SLAs, measures are made at IP level (level 3) allowing a clear breakdown between
the network and the information system. Redundancy elimination allows to compress the data,
and acceleration allows to accelerate the traffic, in some cases.
QoS measurement and Qos & control features:
Users specify high-level business objectives through Application Groups. Customer traffic is
classified using a mix of the users applications and organization data. Application Groups
attributes include:
business criticality,
QoS performance objectives (nominal bandwidth per application session, delay, jitter, packets
loss, RTT, SRT and TCP retransmission ratio),
redundancy elimination capability,
acceleration capability.
The users objectives are the only input to the system. There is no need to set low-level, network
and device specific policy rules.
The individual measures are grouped and analyzed according to multiple criteria (IP address,
subnet address, application, Application Group, etc.).
The results are presented in the form of real-time graphs and archived with periodic aggregation
(hourly, daily, weekly, monthly). They are made available for subsequent processing or reference.
Specific QoS measure service features (ip|true):
multiple QoS measures: measures include number of packets and bytes transmitted and
received, number of sessions, transfer delay, jitter, loss, RTT, SRT and TCP retransmission
ratio,
highly-accurate: from 100 s to 1 ms according to the type of ip|engine used. This relies on
synchronization from the network (NTP) or GPS system,
precise: measures are made on the actual data packets and not on test packets,
exhaustive: all packets are measured,
independent: measures are made at the IP level, independently of operator network access
and core technology,
confidential: the contents of user packets are not, at any time, stored, saved or even transmitted
between the different system components,
complete: packets are measured LAN to LAN and WAN to WAN.
March 2012
1-1
Ipanema System
Specific QoS & control service features (ip|fast):
dynamic control, based on real-time measure of application demand and network capacity,
global bandwidth control, based on real-time detection of WAN access and End to End (ingress
and egress) congestion,
adaptive Policies management according to the QoS objectives and criticality of each
application,
IP packet marking (coloring) according to operator CoS, taking into account the QoS and
criticality objective of each application.
the ip|engine also handles the dynamic traffic conditioning according to adaptive policies. The
CPE only performs IP routing functions for network access.
Specific redundancy elimination feature (ip|xcomp):
dynamic compression of traffic, according to Application Group configuration,

the ip|engine handles the dynamic traffic conditioning according to the destination of the flows,
the ip|engine automatically creates the compression tunnels, when used (ZRE), with the
destinations.
Specific TCP acceleration feature (ip|xtcp):
dynamic acceleration of TCP traffic, according to Application Group configuration,

the ip|engine handles the dynamic traffic conditioning according to the destination of the flows.
Specific CIFS acceleration feature (ip|xapp):
dynamic acceleration of CIFS traffic,

Specific Dynamic WAN Selection feature (smart|path):
dynamic selection of traffic path, according to Application Group and WAN access configuration,
ip|reporter:
This service provided by an optional module of ip|boss produces full technical metric reports and
Application Group high level reports.
An InfoVista run time licence is embedded in the ip|reporter module; this run time provides all user
functions in local, remote or client/server mode or with an HTML interface with VistaPortalSE.
All tasks about creation, deletion of reports are automatically made by ip|boss. The configuration
and use are very easy.
ip|export:
This service, provided by an optional module of ip|reporter, allows the user to automatically and
dynamically export any data from the reports in text, CSV or Excel formats.
ip|export is designed for seamless inter operability between network measurement systems and
Business Support Services systems.
smart|plan:
This service, provided by an optional module of ip|reporter, provides easy-to-use data for Capacity
Planning optimization. Using information gathered from Ipanemas ip|engines performance
measurement and QoS & control functions, then aggregated by the ip|boss central management
software, smart|plan generates very high added value data enabling a complete analysis for
each network access of the relationship between bandwidth (resource) and delivered service
level (results). Using this automatically generated data, it is immediately possible to identify if
the access link is under-provisioned or over-provisioned in regard of the expected service level
1-2
March 2012
Ipanema System
per applications business criticality. The data generated by the smart|plan module are available
throughout all the Ipanema System components. ip|boss makes them available through the
SNMP interface, ip|reporter uses them to generate the appropriate easy to use reports and
ip|export exports them in text or Excel format for post-processing.
Security:
Ipanema System provides robust security features to protect the system against break-in and
hostility threats. Authentication mechanisms to access to system elements and between system
elements are used to protect the system against unauthorized access. Communication encryption
between system elements protects the system against sniffing of configuration information or
measure results exchanged between system elements.
March 2012
1-3
Ipanema System
1. 1. 2. System description
The system consists of the following elements:
ip|engines: these units measure users traffic in real time and dynamically adapt the QoS
management rules. ip|engines are non-intrusive and are generally located at the interface
between the enterprise network (LAN) and the access router to the operator network (WAN).
They have high-quality synchronization thanks to a time server (e.g. NTP) or thanks to an
external GPS receiver. The ip|engine runs ip|agent software, the modules of which are:
ip|true for measurement,

ip|fast for QoS & control,
ip|coop for tele|engines cooperative control (part of ip|fast),
ip|xcomp for redundancy elimination,
ip|xtcp for TCP acceleration,
ip|xapp for CIFS acceleration,
smart|path for Dynamic WAN Selection,
smart|plan for right sizing reports,
ip|sync for time synchronization.
SALSA (Scalable Application Level Service Architecture): this is the Central Management
Software; it is composed of:
ip|uniboss software: it ensures the creation and management of the Domains, Unified
User Management and Licenses management.
ip|boss software: it ensures different functions: system administration, system
configuration (system provisioning, application provisioning and reports), service
activation, real time helpdesk, supervision, collect of the Correlation Records on the
ip|engines every minute (according to the parameters) to analyse and display the
measured traffic in real time, interface with ip|reporter.
ip|reporter software: it ensures the reporting function coming from ip|boss system.
ip|reporter is powered by InfoVista and can be provided with two different
InfoVista VistaFoundation platforms: VF0 (provided to most Ipanema
customers) and VF4 (provided for MSPs/NSPs or customers with very large
networks only). Only VF0 platform is described in this document. For VF4
information, please refer to the relevant Technical notes.
1-4
March 2012
Ipanema System
System architecture
March 2012
1-5
Ipanema System
1. 2. GENERAL PRINCIPLES
1. 2. 1. System deployment
ip|engines are positioned at the measurement or control points. They are connected to the same
LAN as the access CPE.
A Domain is made up of a set of ip|engines that measure (ip|true), control (ip|fast, plus possibly
ip|coop), compress (ip|xcomp) and accelerate (ip|xtcp and ip|xapp) the network traffic and the
ip|boss software (the central software program), for configuration and exploitation of the Ipanema
System.
One Domain will be created by logical entity, using ip|uniboss software. ip|engines belonging
to the same Domain work together (measurement, QoS & control , redundancy elimination and
acceleration), without interacting with other ip|engines belonging to other Domains. Each Domain
is managed by a dedicated ip|boss instance.
To measure, control or accelerate flows on a site with no ip|engine, the user can configure (IP
address and alias) a tele|engine in the configuration file, in the same way as for a real ip|engine.
To make it possible, physically existing ip|engines must be installed at the other ends of all flows
to be measured, controlled and accelerated. Unlike a physically existing ip|engine, a tele|engine
does not measure one-way-delays, jitter and loss rates, and does not compress or decompress
traffic. Other measurements on a site with a tele|engine are carried out by the remote ip|engines.
Ipanema System deployment

The system performs measurement, control, redundancy elimination and acceleration on the basis
of observed traffic in the users private IP addressing plan.
This addressing plan can be different from the public addressing plan (Public IP address). For
example, network tunnels encapsulate the packets of the different interconnected LANs with an
address in the operator plan. In this case, the Ipanema System recognizes only the addresses of
the LAN plan.
1-6
March 2012
Ipanema System
Each ip|engine recognizes the local network (LAN) traffic transmitted to and received from the
long-distance network (WAN).
The local networks have an IP address range expressed in the form a.b.c.d and a prefix, the length
of which is expressed by /p.
For correct system operation:
the ip|engines must have a fixed IP address,

the server running the ip|boss application must be accessible by all ip|engines. It must
therefore have an IP address, but the latter is not necessarily a fixed address (except if
ip|reporter server is installed on another station). The server is not necessarily on the
customer part of the network.
March 2012
1-7
Ipanema System
1. 2. 2. Time synchronization
ip|engines synchronization on the Domain is used for Delay/Jitter/Loss measurement (and
measurement only: control, redundancy elimination, etc., do not require synchronization).
There are two synchronization levels:
Time servers
can be either ip|engines (with or without GPS), ip|boss or External NTP servers,
must be delivering a consistent time between each other,
if an ip|engine is a Time Server, it will use its local ITP configuration (GPS, local or an
external source).
Synchronization servers
must be Domain ip|engines,
will not use their local reference (even if a GPS receiver is connected),
share their clocks with their peers (all other synchronization servers).
This feature allows GPS-less Domains, out of Domain synchronization and short term no time
function (a Domain can be disconnected from its time servers, thus making higher resiliency).
1-8
March 2012
Ipanema System
1. 2. 3. Communication between system elements

1. 2. 3. 1. Communication between ip|engines
ip|engines exchange measures and control information.
To accomplish this, each ip|engine hosts a specific server reachable by all the other ip|engines
on predetermined ports (TCP and UDP).
An ip|engine also hosts a specific client, that transmits measures, control signals and compressed
data to the ip|engines servers. The source ports are dynamically selected by the transmitting
ip|engine.
March 2012
1-9
Ipanema System
1. 2. 3. 2. Communication between the management system and ip|engines

There are three types of channels between each ip|engine and the ip|boss software:
configuration and supervision,

measure reporting,
real-time measure reporting.
The configuration and supervision channel

Each ip|engine hosts an HTTPS server that is accessed by ip|boss for configuration and
supervision. This server is reached on the TCP/443 destination port (default value; another value
can be configured on request).
If remote connections (SSH and/or Telnet) on ip|engines are to be established from ip|boss (not
mandatory, but very helpful), then ports 22 (SSH) and/or 23 (Telnet) are also used. (By default,
SSH is enabled on ip|engines, and Telnet is disabled.)
If ip|boss is used as an FTP server to download ip|enginess software agents, then ports TCP/20
and 21 are also used (they are not otherwise; the FTP server used to download ip|enginess
software agents can be on other devices, such as an external server or ip|engines).
The periodic measurement reporting channel
The HTTPS server embedded in the ip|engine is also used by ip|boss software to retrieve
measures (pull). This server is reached on the TCP/443 destination port (default value, another
value is configured on request).
The real-time measurement reporting channel
Real-time measures are sent by the ip|engine on a unidirectional TCP connection to predefined
destination port (another value can be configured on request).
The TCP source port is dynamically selected (another value can be configured on request) by the
transmitting ip|engine.
1-10
March 2012
Ipanema System
1. 2. 3. 3. The communication channel Java Client-Server

The communications between ip|boss server and ip|boss Java client use the defined port during
the installation process of the server (by default TCP/9999) and some other dynamic TCP ports by
default (the ports can be configured on request).
1. 2. 3. 4. The communication channel Web Client-Server

The communications betweenip|boss server and ip|boss web client use HTTPS port (TCP/443).
1. 2. 3. 5. The communication channel between ip|boss and ip|reporter

Two kinds of communication channels exist between ip|boss and ip|reporter:
configuration and supervision channel: ip|boss supervises and configures the reporting
system via the InfoVista interfaces. The used TCP ports are dynamic by default, but they can
be fixed by configuration. These channels allow the reports creation and deletion according to
the configuration and the status supervision of ip|reporter.
collect channel (SNMP): ip|boss software contains an SNMP agent used by ip|reporter
(InfoVista) in order to collect the measurement data (pull mode). This SNMP agent is reachable
via the UDP port configured for each Domain in ip|uniboss.
1. 2. 4. The QoS measurement (or Visibility) service: ip|true

The basic measure obtained from accurate and detailed observation of all IP packets is assembled
and correlated to enable multi criteria analysis of QoS. This correlated measure can subsequently
be stored and processed to generate alarms, create reports and analyze long-term trends.
1. 2. 4. 1. Service level objectives

The SLAs have several Service Level Objectives (SLOs), such as availability, average throughput
per access line, maximum packet transfer time rates and losses. These SLOs satisfy certain
conditions: low load transfer time measure, end-to-end network operator property, etc. If the
network offers Classes of Service, SLOs are specified for each class.
1. 2. 4. 2. Traffic analysis by Application Groups

QoS measurement can be aggregated according to different criteria: application, address, TOS,
source and destination, etc. This classification enables traffic to be analyzed according to the
defined criteria.
Users can specify their own aggregation criteria, and thus take into account enterprise organization
- the different departments, services and applications used. Aggregated measure according to
Application Groups allows for in-depth analysis of enterprise traffic and even internal invoicing.
1. 2. 4. 3. Forecasting traffic and optimizing long-term policy

The measurement service enables generated traffic to be analyzed. These analyses can be used
to:
forecast future traffic development to estimate optimum network sizing,

policy management according to users objectives and results.
March 2012
1-11
Ipanema System
1. 2. 5. The real-time QoS & control service: ip|fast

End-to-end QoS depends on both network infrastructure (transmission lines, access lines, traffic
engineering policies) and user traffic.
QoS can be guaranteed by:
globally controlling bandwidth allocation between all access points,

adapting QoS policies to current network performance and real user demand,
selecting, for each traffic flow, the right Class of Service (CoS) in terms of performance.
As the period of stability is short, policy settings need to change dynamically according to network
performance and users traffic variations.
1. 2. 5. 1. Global bandwidth control

Network bottlenecks result in congestion and, at times, limit optimum bandwidth to well below its
rated value. Transmitting more traffic will only result in increased transfer time and losses, thereby
degrading QoS and application "goodput".
Several access points may send data to the same destination and an access point may send data
to several others. This can then result in One-to-N or N-to-One type congestion.
ip|fast dynamically shares the GLOBAL network available bandwidth to all active sources, taking
into account the traffic demand, network bottlenecks and N-to-N congestions.
1. 2. 5. 2. Adapting QoS management rules

ip|fast adaptive policy management automatically finds out the best way of handling traffic based
on:
traffic requirements (criticality, QoS objectives),

traffic demand,
network performance.
1. 2. 5. 3. Automatic CoS operator selection

If an operator offers different Classes of Service, assigning a CoS to the traffic becomes difficult. The
Ipanema System automatically changes the coloring (or tagging) of the packets according to the
traffic requirements as defined by the Application Group it belongs to (Criticality, QoS objectives).
The mode used is Color-Blind (in this mode, all packets are treated as if they were uncolored:
they are marked according to the selected coloring rule regardless of their initial color).
1. 2. 6. The redundancy elimination service: ip|xcomp

End-to-end QoS also depends on the capacity of the links. For many reasons, it can be difficult to
increase the bandwidth of a link: cost, operator delay for instance. By compressing the packets, it is
possible to send much more data on the network. In most cases, redundancy elimination is useful
in one way only (more often, from server to client). Not all types of packets accept redundancy
elimination.
Redundancy elimination:
1-12
automatically creates tunnels, when needed, from the compressing sites to the decompressing
sites (described in ip|boss),
compresses the packets according to the owning Application Group (as defined in ip|boss),
the tunnels still depend on the QoS & control feature.
March 2012
Ipanema System
1. 2. 7. The TCP acceleration service: ip|xtcp

TCP was not designed for networks with a large BDP (Bandwidth-Delay Product, i.e. large RTT
and/or high available bandwidth) or with a significant Bit Error Rate:
slow-start overhead increases the latency of short transfers,

due to the BDP limitation, the TCP sessions cannot fully utilize the available bandwidth, and
error recovery is slow.
TCP acceleration is tightly coupled with QoS & control so that:
it does not break critical applications protection,

ip|fast precisely knows the available bandwidth per connection.
It uses two mechanisms, independent from each other:
speed-up the slow start (fast start),

overcome BDP limitations (over-bdp).
The key idea is, for each connection, to proactively enslave the TCP source rate to the ip|fast
computed rate for this connection.
1. 2. 8. The CIFS acceleration service: ip|xapp

The ip|xapp service allows to accelerate CIFS traffic.
CIFS stands for Common Internet File System, also known as SMB (Server Message Block). It is
a proprietary Network protocol, the most common use of which is sharing files on a LAN, but also,
due to Data Server Consolidation, over the WAN.
The current CIFS version (or Dialect) is called NT LM 0.12 (it is the 8th since mid 1980s).
CIFS protocol
After the TCP connection to the Server (ports 445 and 139 are used), the NetBIOS Session
service is established (negotiation of a CIFS dialect, Username/Password, connection to the
resource - shared directory for instance).
File accesses are done within this NetBIOS session (open, read, write...; only ONE connection
from a Client to a Server for ALL file accesses).
All of this is using SMB messages within NetBIOS datagrams.
There is one SMB Response for each SMB Request (the next request is sent when the previous
response is received).
Deployment cases
CIFS Acceleration is a Client-side technology. So the typical deployment case uses ip|engines
installed near the CIFS clients, therefore mainly in branch offices.
CIFS acceleration and Redundancy elimination
ip|xapp and ip|xcomp are compatible. It is possible to compress accelerated CIFS traffic, both
with ZRE and SRE, in one, the other or both directions:
compress only accelerated CIFS from the client to the Server,

compress only accelerated CIFS from the Server to the client,
do both.
This depends on the Application Group CIFS is matching, and on the local and remote ip|engine
compression/decompression capacities.
March 2012
1-13
Ipanema System
1. 2. 9. The Dynamic WAN Selection service: smart|path

The smart|path service allows to combine multiple physical networks into one unified logical
network, maximizing both Quality of Experience & business continuity.
With this feature, the ip|engine connected to several network accesses (MPLS and Internet, two
different MPLS accesses, etc.) dynamically selects the best one, session by session.
This maximizes application performance, security and network usage based on:
network quality and availability,

application Performance SLAs,
sensitivity level of the information.
It maximize combined networks efficiency:
network capacity,
network availability,
network performance.
Typical deployment cases:
single router with multiple interfaces,

several routers with one interface (for example HSRP clustering).
These cases can be combined in a same site or in a same network.
1. 2. 10. The right sizing service: smart|plan

The bandwidth usage at a site does not reflect the actual users needs. Moreover, TCP uses as much
BW as it can (TCP elasticity), and TCP does not make any difference between a non critical FTP
transfer and an ERP critical flow, for example: although less critical, FTP will use more bandwidth
than the ERP.
As a consequence, usage based provisioning is always over-estimated:
usage based provisioning = over-provisioning.
There is also a drawback in increasing the bandwidth at a site (apart from the cost): the more
available bandwidth, the less its usage matches the business needs of the company:
more bandwidth attracts useless traffic!
The Ipanema system allows companies to size their networks at the best rather than
over-provisioning them:
by taking the actual needs of the flows into account,

by eliminating security margins (tempest of the century syndrome),
by being insensitive to the topology.
The smart planning leverages QoS & control features. To enable it:
you need a physical ip|engine on the site,

ip|fast must be enabled,
the smart|plan option must be enabled.
Thanks to the smart planning feature, the Ipanema system allows the best usage of the network
capacity according to the performance objectives, by enabling the user to select a cost /
performance compromise based on application service levels.
1-14
March 2012
Ipanema System
1. 2. 11. Functional architecture
Functional architecture
1. 2. 11. 1. Monitoring
For the monitoring, the operations are performed by the:
ip|engine:
elementary observations,
correlation,
flow management.
ip|boss:
ip|engines configuration,
ip|engines alarm management,
monitoring,
analysis,
SNMP MIB update.
ip|uniboss:
Domains creation.
ip|reporter:
collection of SNMP data from ip|boss,
March 2012
1-15
Ipanema System
reports database management,

reports publishing.
1-16
March 2012
Ipanema System
1. 2. 11. 2. Visibility service

The operations are performed by the:
ip|engine:
elementary observations,
correlation,
classification.
ip|boss:
ip|engines configuration,
ip|engines alarm management,
monitoring,
SNMP traps.
1. 2. 11. 2. 1. Elementary observations
Measurement
Each IP packet observed by the ip|engines on their measure interface undergoes a series of
processing operations:
filtering of IP v4 packets,
classification and filtering of packets according to their type:
local traffic on the LAN,

ingress traffic (LAN to WAN traffic),
egress traffic (WAN to LAN traffic),
transit.
identification of the ip|engine associated with each packet. This ip|engine will subsequently
be responsible for correlating the different observations made on this packet - in practice this is
the "upstream" ip|engine (upstream with reference to the observed flow),
output of a measure ticket.
Tickets are grouped according to the corresponding ip|engine in compact Ticket Records. These
records are periodically sent to the ip|engine or stored locally if the ip|engine is itself associated
with the flow.
March 2012
1-17
Ipanema System
Measure traffic
The ip|engines send measure tickets to the correlator via the network.
The measure load generated by each ip|engine is approximately 2% of measured traffic for
datagrams with an average length of 300 bytes.
Datagram fragmentation
Transmitting large packets on the network can degrade the quality of service for applications,
particularly if access speed is low. IP protocol allows datagrams to be fragmented into several
packets (fragments). Fragmentation can be performed at different points, but is generally
performed:
by the access router (CPE) connected to a low-speed interface,

by an access or transit router in certain cases of congestion.
Fragments are not reassembled on the network or in the router, but by the end station.
To keep measures consistent without making assumptions on whether and where fragmentation
occurred (before or after the first ip|engine), the system performs measures on the datagrams.
This choice enables the classification mechanisms to operate correctly, even though port numbers
of the TCP/UDP protocol are present only in the first fragment of a datagram.
This choice is also consistent with applications behavior. In all cases, the datagram user application
must wait for the datagram to be reassembled before being able to use the data it contains. It is
therefore reception of the last fragment that is important.
A datagram is considered to be lost as soon as one or more of its fragments is lost. In this case,
the datagram is not delivered to the transport layer by the destination terminal.
1. 2. 11. 2. 2. Correlation
The correlation function, shared by all ip|engines, produces Correlation Records that contain
measures grouped by aggregated flows (classification level is determined by configuration).
Correlation Records are generated at regular intervals and collected by ip|boss Collector.
1. 2. 11. 2. 3. Classification
The software enables flow measures to be classified according to the following criteria:
address: subnet address ranges at flow source and destination according to the User subnets
directory,
application: according to the Level 7 Application dictionary, allowing in most cases the user
application to be identified,
TOS: the "TOS" field of the IP header identifying the Type of Service according to the TOS
dictionary.
1. 2. 11. 2. 4. Monitoring
The monitoring function enables the operator to get a real-time view of the performance and activity
of the observed traffic in the form of graphs.
1. 2. 11. 2. 5. SNMP Agent

Measures from Correlation Records can be provided in the form of a MIB.
1. 2. 11. 2. 6. Analysis
Measures can undergo deferred analysis. Measures can be viewed in graph form.
1-18
March 2012
Ipanema System
1. 2. 11. 3. QoS & control service

An ip|engine has two roles:
to manage offer: for a given current network performance, an ip|engine will adapt
characteristics to achieve the best trade-off between QoS and goodput,
to manage demand: for a given current LAN to WAN traffic, LAN-to-LAN QoS and bandwidth
availability, an ip|engine will adapt the user traffic policy to share network capabilities among
the flows.
1. 2. 11. 3. 1. Managing offer (resource driven control)

Egress bandwidth management (N-to-one)
This function provides dynamic sharing of the available egress (WAN to LAN) bandwidth of one
access of a VPN (virtual private network) between all the active ingress (LAN to WAN) network
accesses.
This control of egress congestion improves the quality of the access link by decreasing packet
delays, jitter and losses. Hence, it globally increases the end-to-end goodput of the network.
The principle is as follows:
each ingress ip|engine periodically advises each egress ip|engine of data it estimates it will
have to send them - quantity (min, max), time and loss constraints and criticality,
each egress ip|engine computes a fair-sharing scheme of its egress bandwidth, taking into
account the above parameters. It sends information to all active ingress ip|engines on the
amount of data they are allowed to send.
One can see that this mechanism is quite similar to a reservation scheme with the following main
differences:
bandwidth allocation is performed starting from a statistic view of the end-to-end traffic. This
facilitates statistic multiplexing among flows and limits the computing load (it is no longer related
to the number of flows),
network elements between ip|engines are not involved in the allocation mechanisms.
N (ingress) to One (egress) traffic

In this example, traffic to B will be shared between sites A, C and D, based on:
Bs egress capabilities,
A, C and Ds currently estimated traffic demand (quantity, time and loss sensitivity, criticality).
March 2012
1-19
Ipanema System
Ingress bandwidth management (One-to-N)

This function provides for dynamic sharing of the available ingress (LAN to WAN) bandwidth
between all the active egress (WAN to LAN) destinations of the VPN.
This control of ingress bandwidth use maximizes ingress link use. Hence, it globally increases the
QoS and the end-to-end goodput of the network.
The principle is to control the ingress traffic sent to the network by taking into account the reception
capabilities of the active egress links.
One (ingress) to N (egress) traffic

In the example, traffic A will be shared between destinations B, C and D, based on:
As ingress capabilities,
As traffic demand to destinations B, C and D (quantity, time and loss sensitivity, criticality),
B, C and Ds currently estimated egress traffic authorization (see N-to-one control).
CoS selection (QoS-to-CoS)

CoS selection control enables selection of operator network Classes of Service (CoS). This choice
is based on the following parameters:
1-20
QoS objectives of applications,

criticality level in accordance with the Application Group.
March 2012
Ipanema System
1. 2. 11. 3. 2. Managing demand (traffic driven control)

Class-based brokerage
The class-based broker manages access bandwidth by taking into account:
users specific traffic classification (per department, application, destination, etc.),

users class relationship and attributes,
current traffic usage,
current end-to-end capabilities and performance.
The features enhance the relevance of the goodput through provisioning of arbitration rules.
The total amount of information effectively transferred is equivalent, but the relative amount per
Application Group is managed.
Criticality management
Criticality management enables selection of traffic that is authorized to be sent, taking into account
the following inputs:
criticality of applications,
instantaneous bandwidth requirements,
current end-to-end quality of service and traffic capabilities.
Applications may be characterized by their delay and loss sensitivity.
March 2012
1-21
Ipanema System
1. 2. 11. 3. 3. QoS & control with tele|engines

tele|engines are introduced to easier customer acceptance, in case of hub-and-spoke traffic
matrix. This feature allows to control the traffic toward and from sites which are not equipped with
an ip|engine.
tele|engines are configured through ip|boss just the same as ip|engines. Then QoS & control can
classify and control the traffic from or toward these sites, according to the rules defined through
the Application Groups. Traffic conditioning functions are automatically instantiated upon traffic
recognition
Typical case of deployment becomes:
ip|engines for central site and sites with meshed traffic,

tele|engines for small branch offices and simple traffic pattern.
With ip|coop option, for each tele|engine, a group of remote ip|engines cooperate (Remote
Coordination Group) to do what a local ip|engine would have done, namely:
it measures its usage (from its point of view),

it measures the demand,
it detects congestions and controls the flows according to their criticisms.
This Remote Coordination Group is made of up to 8 physical ip|engines (on the 8 most active sites
with this unequipped site) and is automatically and dynamically configured by ip|boss.
Thus, the contribution of each tele|engine can be precisely estimated so that congestion to and
from the remote site can be managed (as through a proxy).
Limitation for use of tele|engines:
no Delay/Jitter/Loss measurement,
neither measurement nor control take shadow traffic (traffic between sites equipped with
tele|engines) into account,
End to End (E2E) bandwidth tracking is less efficient and reactive,
no limitation of egress UDP traffic.
When ip|coop option is enabled, the number of tele|engines is controlled by ip|boss and defined
in the license file delivered to the customer. Without this option, the number is unlimited.
1-22
March 2012
Ipanema System
1. 2. 12. Security
Ipanema System security features are based on SSL and SSH protocol usage, plus tools for key
generation and distribution.
1. 2. 12. 1. ip|engine - Access Control (Console and Telnet/SSH)

A lot of security features regarding the ip|engine management access through the console or
through the network are implemented. They are listed below (however access to a particular
ip|engine is limited to a very small number of cases):
console access is secured with a full password management,

remote access to an ip|engine is secured. Different levels of security can be selected by the user
at installation time. The most advanced level implies the use of the SSH protocol for ip|engine
remote access,
commands limitation: when remotely accessing an ip|engine, the set of available user
commands is carefully restricted to a minimum set of commands used for troubleshooting.
1. 2. 12. 2. Secured ip|boss <-> ip|engines communications

SSL protocol is used for downloading the configuration file from ip|boss to ip|engines, monitoring
of ip|engines and measurement data collection from ip|engines, both authentication and
encryption are used.
Ipanema System allows for 3 different security levels to be implemented:
First level (default mode)

The customer uses the default factory certificate. Communications are secured. Nevertheless,
as the certificate is not unique to the customer, the security level is not at its maximum.
Second level
The customer defines his own certificate. This is done centrally from ip|boss or from a
customers certificate generator. Certificate installation on ip|engines is handled from ip|boss
and does not require local access to the ip|engines.
Communications are secured. Unauthorized people will not be able to enter the system nor to
read and interpret configuration or measurement data.
Third level
The customer defines his own certificate AND a passphrase. This requires not only an ip|boss
certificate installation, but also to have local access to all ip|engines in order to setup the
passphrase configuration.
Communications are secured. Combination of certificate and local passphrase provides the
highest level of security.
Important reminder 80% of the security breaches are internal to companies.
March 2012
1-23
CHAPTER 2. UNIFIED ACCESS TO THE

IPANEMA SYSTEM (SALSA CLIENT)
2. 1. UNIFIED USER MANAGEMENT

The SALSA Web Portal offers a single access point to all SALSA components: ip|uniboss,
ip|boss, ip|dashboard and ip|reporter, with a single URL entry point and a unique username
and password.
The URL to access SALSA Web Portal is
https://<ipanema_server>/salsa/salsa_portal
where ipanema_server is the server where ip|uniboss was installed. The User is prompted for
a login and password:
SALSA Web Portal login pop-up window

Default login and password are: administrator / admin.
Once logged in, each User has a specific homepage depending on his access rights. This page is
called the Domain selector and can contain:
links to the Domains the User can connect to, with ip|boss (select a the Domain from the
drop-down list and click on the ip|boss button),
links to the Domains the User can connect to, with ip|reporter (select a the Domain from the
drop-down list and click on the ip|reporter button),
a link to ip|uniboss (click on the ip|uniboss button no Domain needs to be selected first,
asip|uniboss manages all Domains).
March 2012
2-1
Ipanema System
SALSA Web Portal Domain selector
The SALSA Portal can also be accessed through a Java client:
Type in the following URL in your browser:

https://<ipanema_server>:10443/salsa_manager
and click on Start Salsa Portal rich client in the window that opens:
Access to SALSA Portal Java client
2-2
The Java client downloads and installs automatically (it will be downloaded and installed the
first time only; any subsequent click on this link will launch the client, once installed):
March 2012
UNIFIED ACCESS TO THE IPANEMA SYSTEM (SALSA CLIENT)
SALSA Portal Java client download
SALSA Portal Java client start
The login window opens (default login and password are the same as describes above):
SALSA Portal Java client login window
The SALSA Portal Java client opens; it gives access to the various Domains through ip|boss
Java client, and to ip|uniboss:
March 2012
2-3
Ipanema System
SALSA Portal Java client
2-4
March 2012
2. 2. SALSA ARCHITECTURE
Unified Users are stored in an LDAP server embedded in ip|uniboss.
When a User tries to connect to the SALSA Web Portal:
1. The portal requests an authentication to the web browser,

2. The portal checks given username/password against the LDAP directory,
3. Once the User is authenticated by LDAP, the portal also retrieves his ACLs from LDAP and
caches them in memory as well as HTTP Authentication headers before redirecting the request
to the appropriate web application given the current portal URL request.
SALSA unified User management

The Domain selector Java client always tries user authentication against LDAP
whereasip|uniboss and ip|boss Java clients first check authentication against LDAP then use
legacy users if LDAP authentication fails.
External user authentication works the same way except that it is not performed by SALSA but
by a third part component (RADIUS). In this case each external HTTP request must be filled with
SALSA authentication and authorization HTTP headers.
March 2012
2-5
Ipanema System
2. 3. SALSA URLS
2. 3. 1. LDAP Users URLs
Although all components of the Ipanema system (ip|uniboss, ip|boss, ip|dashboard and
ip|reporter) can be accessed via SALSA unified client at this URL:
https://<ipanema_server>/salsa
(which
automatically
you to the welcome page that contains the Domain selector
https://<ipanema_server>/salsa/salsa_portal/),
redirects
capability:
they can also be accessed individually and directly at the following URLs (these URLs are secured
through LDAP-based authentication, therefore only unified users have access to them; they are
entry points for all SALSA components using SSO):
https://<ipanema_server>/salsa/ipuniboss_portal/: access to ip|uniboss portal

https://<ipanema_server>/salsa/<domain_name>/: access to the selected Domain
with ip|boss portal
https://<ipanema_server>/salsa/gui/<domain_name>/: access to the selected
Domain with ip|dashboard portal
https://<ipanema_server>/salsa/ipreporter_portal/<domain_name>/: access
to the selected Domains reports with ip|reporter portal
2. 3. 2. External Users URLs

These URLs are not secured. Users must have been authenticated before hitting them.
By default theses URLs are not accessible. To make them available one must change Apache
servers "httpd.conf" file in apache conf directory as described below:
<Location /salsa_ext/>
Order Deny,Allow
# Deny from all
Allow from your portal
</Location>
Once apache is restarted it gives access to the following URLs:
https://<ipanema_server>/salsa_ext/salsa_portal: welcome page that contains

the Domain selector capability
https://<ipanema_server>/salsa_ext/<domain_name>: provides a direct access to
ip|boss portal
2. 3. 3. Legacy Users URLs
2-6
https://<ipanema_server>/ipboss_cli/: access to ip|boss CLI client

https://<ipanema_server>/ipuniboss_cli/: access to ip|uniboss CLI client
https://<ipanema_server>:10443/ipboss_portal/: access to ip|boss portal
https://<ipanema_server>:10443/ipuniboss_portal/: access to ip|uniboss portal
https://<ipanema_server>:10443/salsa_manager/: access to the Domain selector
Java client
https://<ipanema_server>:10443/ipuniboss_manager/: access to ip|uniboss Java
client
https://<ipanema_server>:10443/ipboss_manager/: access to ip|boss Java client
March 2012
2. 4. LDAP AUTHENTICATION
LDAP authentication is performed in the Apache httpd server using mod_authnz_ldap. The
configuration for the module is located in production/ip_boss/izpack/httpd_ldap.conf.
Upon successful authentication, HTTP headers are added to the request that is forwarded to the
Tomcat server through an AJP connection (the configuration of the mod_proxy_ajp module is
located here ). These headers (x-6307-is-*) contain the profile of the authenticated user: name,
accessible domains, and access rights to ip|boss, ip|uniboss, and ip|reporter.
When forwarding to external users URLs, the front end portal is expected to fill the x-6307-is
headers to provide information about the user it has authenticated.
2. 5. VISTAPORTAL AND VPSE CONSIDERATIONS

2. 5. 1. VistaPortal considerations
VistaPortal cannot deal with HTTP headers for authorizations. It uses ip|uniboss LDAP servers to
retrieve user permissions.
We have added a Tomcat valve that parses Ipanema HTTP headers coming from ip|uniboss
Apache server and puts them back in ip|uniboss LDAP server in order to always provide
authorizations to VistaPortal through our LDAP.
Then VistaPortal reads and maps the user permissions into properties that are used to filter Objects
like Domains, metaviews, reports, and so on.
There is nothing particular to do for the valve installation; ip|reporter web installer is taking care
of installing and configuring the ipanema valve in the VistaPortal tomcat, the only parameters to
provide are ip|uniboss LDAP connection parameters during ip|reporter web installation.
The code of the Tomcat valve is located under ip_reporter/uum in the ip_reporter_web project
(VF_4 feature branch).
2. 5. 2. VistaPortal SE considerations
VistaPortalSE cannot deal with HTTP headers for authorizations. It uses internal files to manage
users (portalsesetup.xml, security.properties).
We have added a Tomcat valve that parses Ipanema HTTP headers coming from ip|uniboss
Apache server and maintains internal files model consistent with the Ipanema user permissions
and authorizations.
VistaPortalSE user internal representation is made by associating Users and InfoVista instances;
by this way it lets a user access to reports the Domains of which are located in different InfoVista
instances.
There is nothing particular to do for the valve installation; ip|reporter web installer is taking care
of installing and configuring the Ipanema valve in the VistaPortalSE tomcat, the only parameters
to provide are ip|uniboss LDAP connection parameters during ip|reporter web installation.
March 2012
2-7
CHAPTER 3. MANAGING DOMAINS, USERS

AND LICENSES (IP|UNIBOSS)
3. 1. DOMAINS OVERVIEW
After ip|uniboss and ip|boss servers installation, you have to create a Domain to use the system.
A Domain is a coherent set of elements:
ip|boss,
ip|engines.
The Domains are hermetic, an ip|engine of a Domain cannot dialog with an ip|engine
of another Domain. An ip|boss server can manage several Domains; one instance per
Domain should be created.
The creation of a Domain is done only on the server.
To create a Domain launch ip|uniboss web client or Java client (a CLI client is also available).
March 2012
3-1
Ipanema System
3. 2. IP|UNIBOSS WEB CLIENT
All configuration operations described in this section are performed with Mozilla Firefox 8.0 as
a web GUI on the workstation.
All procedures in the following sections are based on ip|uniboss web client.
3. 2. 1. Connection to ip|uniboss using the web client

To connect to ip|uniboss server, select ip|uniboss in the SALSA web client.
SALSA web client
The selected Domain has no impact, as ip|uniboss gives access to all Domains
(according to the User rights).
For security reasons, the use of HTTPS is mandatory.
You can also access ip|uniboss web client directly by entering the following
URL: https://<ipuniboss_server>:10443/ipuniboss_portal/ (where
<ipuniboss_server> can be ip|unibosss IP address or DNS name).
In this case, the User needs to log in through the connection window; this window has
two fields:
User name: the name of the user (administrator by default),

Password: with administrator account the default password is admin.
Then click on Validate to access the main window.
3-2
March 2012
Managing Domains, USERS AND LICENSES (ip|uniboss)
3. 2. 2. ip|uniboss web client main window
ip|uniboss web client main window (in this view, two Domains already exist)
The main window is divided into 5 parts:

A title bar, with Ipanema Technologies logo; closes all open windows when you click
on it.
A tool bar, on the left: it is composed of icons which give access to the different screens
of the software.
A menu bar, on the top: it is composed of five menus, File, Edit, Display, Actions
and ?.
A tab bar, below the menu bar: it shows all the open windows and allows to select any of
them without needing to reload it from the tool bar. The active windows tab is highlighted
in blue.
ip|uniboss web client with two windows open
March 2012
3-3
Ipanema System
The working table, that is subdivided into two parts:

A tool bar, composed of icons which allow to read, create, clone, modify and
delete objects (Domains, etc.).
The list of created objects (Domains, etc.).
The buttons of the main toolbar are the following:
Update: updates the configuration; flashes when an update is necessary.

System provisioning menu:
ip|boss servers: opens the ip|boss servers window.
Radius: opens the Radius window.
Domains: comes back to the Domains window.
System administration menu:
Users: opens the Users window,

Local administrator password: allows to change password (locally
connected administrators only).
Supervision menu:
Inventory: shows the inventory.
Log: shows the logged events.
Issues: shows the issues, when applicable.
Reporting provisioning menu:
3-4
ip|reporter web portals: opens the ip|reporter web portals window.
VistaMart: opens the VistaMart window.
Server Group: opens the Server Group window.
IV Server: opens the IV Server window..
About: shows information about ip|uniboss version and license information, and
allows to import a license.
Quit: quits ip|uniboss client.
The buttons of the working tables are the following:
(consult): to consult an object (without modification capability),
(new): to create a new object,
(clone): to create an object from another one,
(modify): to modify one or more objects,
March 2012
(delete): to delete one or more objects.
The menus are the following:

File
New: to create a new object,
Print list: to print a list of objects,
Close: to close the window.
Edit: you can select an object by clicking on its line. To select other objects, you have to
click on their lines while pressing the Ctrl key. The Edit/Select all allows to select all the
objects on the list. The Edit/Unselect all allows to unselect all the selected objects. In
the status bar, the number of selected objects and the total number of objects is shown.
Search: to search for objects; opens a dialog box which allows to find all the
objects with an attribute containing the specified text. The navigation between
the found objects is made with the menus Edit/Next and Edit/Previous.,
Next: to jump to the next found object,
Previous: to jump to the previous found object,
Select all: to select all the objects,
Unselect all: to unselect all the objects.
Display
Sort: to sort objects; by clicking on the header of a column, you sort the list
according to this column (by clicking again on the column, you change the order
ascending-descending). By clicking on several columns while pressing the Ctrl
key, you make a sort on multi-columns. These functions are also available with
the menu Display/Sort.
Filter: you can create some filters on the list which display only the filtered
objects according to the criteria. A simple filter works with only one field whereas
an extended filter is a combination of simple filters. When a filter is active, the
number of displayed objects and the total number of objects is written on the
status bar.
New filter: to create a new simple filter,

New extended filter: to create a new extended filter,
Modify filter: to modify an existing filter,
Extend filter: to extend an existing filter,
Active filter: to activate or deactivate the selected filter.
Choose columns: to choose the columns to display,

Preferences:
Save: to save the active filter (and column display),
Delete: to delete a filter (and column display).
Actions: allows to make all the actions achieved through the corresponding buttons:
Consult,
Clone,
Modify,
Delete.
?
About: shows the software version and license information (the same as the
About button).
In some tables (Domains, ip|boss servers, etc.), an LED on the left gives the objects operational
states; for the Domains, it can be:
March 2012
green (Started),
grey (n/a: disabled),
3-5
Ipanema System
amber (Starting),
red (the number of ISUs exceeds the total ISU credit),
small and dark (when the Domain has just been created, before an Update has been
applied).
It can be displayed by moving the mouse upon it:
Domains operational state
3-6
March 2012
3. 3. IP|UNIBOSS JAVA CLIENT

All configuration operations described in this section are performed from a Graphic User Interface
on the workstation which can be a workstation with a Java Virtual Machine and ip|uniboss Java
client.
To install ip|uniboss Java client, refer to CHAPTER 2 IPANEMA SYSTEM
INSTALLATION.
All procedures in the following sections are based on ip|uniboss web client.
There are four ways to launch ip|uniboss Java client:
Select ip|uniboss from SALSA Java client.

Launch Internet Explorer, select the following URL: https://x.x.x.x:10443/ipuniboss_manager
(where x.x.x.x is the IP address of the ip|uniboss server) and click on Start ip|uniboss rich
client.
After having installed ip|uniboss Java client, you can use the shortcut
on your desktop
(if you accepted its creation on installation).
Use the Start menu (Windows), then select Programs / ipuniboss_manager.
Launching ip|uniboss Java client through a web browser
ip|uniboss start
March 2012
3-7
Ipanema System
3. 3. 1. Connection to ip|uniboss using the Java client

When you connect to ip|uniboss through the SALSA client, you are authenticated in SALSA
and do not need to enter your login and password again. If you connect directly to ip|uniboss, a
connection window opens and you need to authenticate:
Connection window
The connection window has three fields:

Server : this field is used to indicate which ip|uniboss server you want to connect to.
You give the IP address and the port number with the format: X.X.X.X:Z, where X.X.X.X
is the IP address of the ip|uniboss server and Z the port number (9999 by default; it
can be modified in the ip_uniboss.conf file),
If the server is setup with the default port number 9999, the port number is
not mandatory.
User name: name of the user (administrator by default),
Password: the password of the user (admin by default).
Click Validate. When done, you are logged in ip|uniboss.
3. 3. 2. ip|uniboss Java client main window
ip|uniboss Java client main window
The main window is divided into four parts:

A menu bar, that gives access to the generic actions of the GUI (creation, deletion,
sort...).
A title bar with the logo of Ipanema Technologies and the name of the application.
A tool bar, composed of icons which give access to the different screens of the software.
3-8
March 2012
A working table that is subdivided into three parts:

A title (Domains in the example above),
A tool bar, composed of icons which allow to read, create, modify and delete
objects,
The list of created objects (Domains, etc.).
The menu bar in the main window has the 6 menus File, "Windows, Edit, Display, Actions
and ?:
File, Edit, Display and ? are the same as described above (web client),
Windows allows to close all windows,
Action allows to make all the actions achieved through the corresponding buttons
(Consult, Clone, Modify, Delete), as in the web client, plus it gives an access to the tools
(Update, ip|boss servers, Password modification, Log, Issues, Inventory).
Toolbar and table view: refer to the description above (web client).
March 2012
3-9
Ipanema System
3. 4. IMPORT A LICENSE
To create Domains, the license file license.ipmsys must be installed.
To get your license file, please contact the Ipanema Support service at the e-mail address
support@ipanematech.com or license@ipanematech.com.
In the Toolbar, select
About:
It shows the software version and license information (maximum number of Domains, total ISU
credits (Ipanema Software Units), maximum number of ip|engines and tele|engines, authorized
features, etc.):
About menu
The total number of ISUs (Ipanema Software Units) can be allocated in a flexible way accross
different Domains; refer to the Create a Domain section below.
To import a license, click on the Import button, browse your folders and select the proper license
file (license.ipmsys).
(The license file is copied:
In the directory uni_boss\conf:

if ip|uniboss and ip|boss are installed on separate servers: on ip|uniboss server, in
the directory ~\salsa\uniboss\server\domains\uni_boss\conf.
if both ip|uniboss and ip|boss are installed on the same server: on ip|uniboss / ip|boss
server, in the directory ~\salsa\ipboss\server\domains\uni_boss\conf.
3-10
In each Domains directory (if Domains were already existing, for example when upgrading
from a version to a new one): ~\salsa\ipboss\server\domains\<Domain>\conf (on
ip|boss server).)
March 2012
3. 5. SYSTEM PROVISIONING
The procedures in this section and in the following ones are all based on ip|uniboss web client.
3. 5. 1. Create an ip|boss server

Before you can create a Domain, you first need to create an ip|boss server.
Open the ip|boss servers table

The ip|boss servers table can be displayed by clicking on
Toolbar:
ip|boss servers in ip|uniboss
ip|boss servers table
Create an ip|boss server

in the ip|boss servers window. Only
To create a new ip|boss server, click on the New icon
the host name (or the IP address) needs to be entered, all other information (ip|boss version,
OS version and JRE version) will be polled from the server:
ip|boss server creation window

You need to click on Validate or Apply:
The Ok button creates the object and closes the window.
The Apply button create the object and keeps the window open. This is useful when
you want to create several objects.
The Cancel button closes the window without creating an object. Use Cancel after an
Apply.
March 2012
3-11
Ipanema System
In the servers table, the LED on the left shows the compatibility status of the server; it can be:
green (Compatible) if the server is reachable and compatible with ip|boss; ip|boss
version, OS version and JRE version are polled and displayed:
Compatible ip|boss server
grey (Unreachable) if the server is not reachable,
small and dark (when the server has just been created, before an Update has
been applied: an Update
into account).
3-12
is mandatory for the changes to be saved and taken
March 2012
3. 5. 2. Domains
The Domains window is opened when you start ip|uniboss client.
If other windows have been opened and if the Domains window is not the active one, click on
the Domains tab.
If the Domains window has been closed, in the Toolbar, select
Domains.
3. 5. 2. 1. Create a Domain
Operating procedure table: service ip|reporter
An ip|boss server must be created first. Refer to the previous section.

A running license is required. Otherwise an error window is displayed when
committing a new Domain.
ip|uniboss Domains window
March 2012
3-13
Ipanema System
In the Domains window, click on the New button
A creation window opens where you can indicate your Domains characteristics:
Domain creation window
The fields with a legend in bold characters are mandatory.
The Domains parameters can be read in the Domains window and in the Inventory window.
3-14
March 2012
The window for Domain creation is made of 7 frames.

The first frame contains the following global parameters:
Name: to specify the name of the Domain (characters string),

Description: to give additional information, if needed,
Administrative state: to Enable or Disable the whole Domain
When a Domain is disabled, all the functions (measurement, QoS & control,
redundancy elimination, acceleration, etc.) of all ip|engines of the Domain are
stopped.
Access port: port used by the client for that Domain (set 0 for a dynamic port).
The second frame, ip|boss server, contains the following parameter:
ip|boss server: to choose the server that will manage the Domain (from a drop-down list).
In display mode, ip|boss version, OS version, JRE version and the Compatibility
status are polled from the server and displayed:
The third frame, Domain ISU, contains the following parameter:
Allocated ISU: to specify the number of Ipanema Software Units that are needed on that
Domain. Each function requires a certain number of ISUs, that can be purchased from Ipanema
(a new license file is then provided; refer to the Import a license section above). The number
of consumed ISUs and available ISUs for each Domain is displayed in the Domains windows.
In display mode, the Credit ISUs (as a percentage of the total number of ISUs
accross all Domains), the Consumed ISUs (according to the activated services
and WAN accesses bandwidths) and the number of Available ISUs (= Allocated
Consumed) are computed and displayed:
The fourth frame, SNMP Parameters, allows to configure the SNMP agent of ip|boss:
SNMP Port: to specify the port number of the SNMP agent,

Each Domain (on the same server) must use its own SNMP port, different from the
SNMP port of the other Domains.
SNMP IP Address: to specify the SNMP agent (ip|boss) to be polled by the SNMP Manager
(ip|reporter), only in case of multiple interfaces on ip|boss server, or a servers cluster: the IP
address of the interface to be used or the clusters virtual IP address must be typed in here,
Community name: to specify the community name (Public by default).
March 2012
3-15
Ipanema System
The fifth frame, ip|reporter parameters, allows to configure ip|reporter in order to create/delete
reports in InfoVista Server:
Mode: the version of InfoVistas VistaFoundation platform must be specified here: it can be VF0
or VF4, according to the version that was installed. If you dont have any ip|reporter server,
select Disabled.
The next field depends on the selected VistaFoundation platform:
If you are using VF0: IV Server allows to select an InfoVista from the drop-down list.
If the InfoVista server you want to use has not been created yet, you can create it from
this window, by clicking on the New button next to the selection box. Alternatively, you
can use the IV Server function in the Reporting provisioning menu (described below).
If you are using VF4: Group allows to select a servers Group from the drop-down list.
If the servers Group you want to use has not been created yet, you can create it from this
window, by clicking on the New button next to the selection box. Alternatively, you can
use the Server Group function in the Reporting provisioning menu (described below).
Logo URL: to customize the logo in the reports (one logo per Domain). The size of the logo
should not exceed 150 x 80 pixels; most common formats are supported (gif, jpg and png). This
logo will be visible only through a web access.
The sixth frame, Tuning, allows to configure the maximum number of Application Groups and User
subnets, the HTTP timeout and the data collection periods between ip|boss and ip|engines and
between ip|reporter and ip|boss, and used as the reporting polling period:
Maximum number of Application Groups: the administrator can limit the number of
Application Groups; -1 (default value) allows an infinite number,
Maximum number of User subnets: the administrator can limit the number of User subnets;
-1 (default value) allows an infinite number,
HTTP timeout: the timeout (in seconds) used on HTTP (or HTTPS) request; the time entered
must be consistent with the network (more than the max. RTT for the most distant ip|engine),
Supervision: the polling period of ip|engine updated status (default values should be used):
1 mn: every minute, ip|boss collects the supervision status (default value),
5 mn: every 5 minutes, ip|boss collects the supervision status,
15 mn: every quarter, ip|boss collects the supervision status.
Collect: the elementary period of the Correlation Records generation (packets collected during
the specified time) and collect period for ip|boss (default values should be used):
1 mn: a CR is made by the ip|engine every minute of traffic (default value),
5 mn: a CR is made by the ip|engine every 5 minutes of traffic,
15 mn: a CR is made by the ip|engine every quarter of traffic.
This parameter is used for the maps and real time flows window updates.
Short reporting: update period for clients of collector service (SNMP agent) for short period
reports (default values should be used):
1 mn: the SNMP data are updated by ip|boss every minute (default value),
5 mn: the SNMP data are updated by ip|boss every 5 minutes,
15 mn: the SNMP data are updated by ip|boss every quarter .
This parameter is used for some reports in Ipanema Libraries like Time Evolution,
Detailed per Application, Detailed per Application Group, ....
Long reporting: update period for clients of collector service (SNMP agent) for long period
reports (default values should be used):
5 mn: the SNMP data are updated by ip|boss every 5 minutes,
15 mn: the SNMP data are updated by ip|boss every quarter (default value).
3-16
March 2012
This parameter is used for some reports in Ipanema Libraries like dashboard, Site
Talker/Listener, Subnet Talker/Listener....
The seventh and last frame, User management, allows to enable Remote Authentication Dial-In
User Service accounting for the Domain:
Radius Accounting: to enable (when the check box is enabled) or disable (when the check
box is disabled) RADIUS accounting.
To see the RADIUS parameters, please refer to the Create Radius servers section below.
When done, you need to click on Validate or Apply:
The Ok button creates the Domain and closes the window.

The Apply button creates the Domain and keeps the window open. This is useful when you
want to create several Domains.
The Cancel button closes the window without creating any Domain. Use Cancel after an Apply.
An Update is mandatory for the changes to be saved and taken into account: click on
the Update button
March 2012
3-17
Ipanema System
After a Domain creation (HMS in the example below) the following directory tree is created on
ip|boss server (by default in ~\salsa\ipboss\server\domains\):
3. 5. 2. 2. Move a Domain
Refer to the document DomainMove.pdf provided on the DVD-ROM, in the \doc directory.
3-18
March 2012
3. 5. 3. Radius
The Radius feature allows the user to:
Define several Radius servers,

Distinguish accounting servers from authentication servers,
Select the server selection algorithm.
The Radius configuration is common to all Domains. For each Domain, the Radius management
can be activated or not (refer to the Create a Domain section above).
If the Radius management is not activated, or if all declared Radius servers are unreachable, we
automatically fall back to the embedded ip|boss users management mode.
The Radius window can be displayed by clicking on
Radius in ip|uniboss Toolbar:
Radius window
This window contains two tabs: Configuration and Accounting servers.
Configuration
This tab allows to configure the RADIUS accounting parameters:
Retry: number of times the server will attempt to contact the Radius servers before falling down
to the embedded ip|boss users management mode; default value is 3;
Timeout: time interval in seconds to wait for the Radius server to respond before a timeout;
default value is 10 seconds;
Dead time: duration between two accesses to an unreachable Radius server (a server is
considered unreachable when the configured number of retries has been reached without
receiving a response within the specified timeout); value 0 means that a server is never
removed from the list of available servers; default value is 10 minutes;
Selection algorithm: allows to choose between a serial and a round-robin algorithm to select
the server, when there are several ones:
serial: the available servers are used one after the other, using the configured timeout
and retry. The order is based on the priority attribute: the lower priority value is taken
first.
round robin: the available servers are used randomly, using the configured timeout
and a retry set to 1. When all servers have been tried, a second loop is done, and so
on depending on the retry value. The order is based on the priority attribute: the lower
priority value is taken first.
March 2012
3-19
Ipanema System
Accounting servers
This tab allows to create, modify or delete Accounting servers.

Click on the New icon
in the Accounting tab to create a new Accounting server.
Accounting server creation window

The Accounting server creation window contains 5 fields:
3-20
Priority: value between 0 and 32767 used to define different priority levels between the different
servers, when there are several ones; the higher the value, the lower the priority; default value
is 10,
Name: name you want to give the server (50 characters max); names must be unique across
the servers dictionary,
Host name: IP address or host name of the server (50 characters max),
Port: port on which the server is listening to accounting requests (generally UDP/1646),
Shared secret: shared secret for Radius authentication; it must consist of 15 or fewer printable,
non space, ASCII characters; it should have the same qualifications as a well-chosen password.
March 2012
3. 6. REPORTING PROVISIONING
The Reporting provisioning menu contains four functions: ip|reporter web portals, VistaMart,
Server Group and IV Server.
It allows to configure the ip|reporter components, which differ according to InfoVista platform being
used (VistaFoundation 0 or VistaFoundation 4):
ip|reporters architecture with InfoVistas VF0
ip|reporters architecture with InfoVistas VF4
March 2012
3-21
Ipanema System
3. 6. 1. ip|reporter web portals (VF0 and VF4)

The ip|reporter web portals window can be displayed by clicking on
in ip|uniboss Toolbar:
ip|reporter web portals
ip|reporter web portals window

This window shows all created ip|reporter web portals in a table with 5 columns:
Host name (mandatory parameter),

Description: a short description can be written for each ip|reporter web portal (not
mandatory),
Mode: it can be either VF0 or VF4, according to the version of InfoVista platform being installed
(mandatory parameter),
Base URL: the URL extension to be used to reach the portal; default values are PortalSE with
VF0 and VPortal with VF4 (mandatory parameter),
HTTP Port: port being used, if defined (not mandatory).
3-22
to create a new ip|reporter web portal.
March 2012
ip|reporter web portal creation window

The 5 parameters in this window are described above.
March 2012
3-23
Ipanema System
3. 6. 2. VistaMart (VF4 only)

The VistaMart window can be displayed by clicking on
VistaMart in ip|uniboss Toolbar:
VistaMart window
This window shows all created VistaMart servers in a table with 7 columns:
A status LED, which can be:
green (Operational state = reachable),
red (Operational state = unreachable),
grey (when a new VistaMart server has been created but before the configuration
has been updated),
Host name,
Version: VistaMart version (this piece of information is polled from the server),
Description: description for the VistaMart server,
Port: port being used to access the VistaMart server,
Login: login to the VistaMart server,
ip|reporter web portal: ip|reporter web portal that runs the VistaPortal attached to the
VistaMart server.
3-24
to create a new VistaMart server.
March 2012
VistaMart creation window

The VistaMart creation window contains 7 fields:
Host name,
Description: a short description can be written for each VistaMart server,
Port: port being used to access the VistaMart server; default value is 11080,
Login: login to the VistaMart server; default login is vmar_operator,
Password and Confirm password: the password, if any, must be typed in twice,
ip|reporter web portal: the ip|reporter web portal that runs the VistaPortal attached to the
VistaMart server can be selected from a drop-down list. A new ip|reporter web portal can be
created using the New button next to the selection box. It opens the same creation window as
described in the previous section.
March 2012
3-25
Ipanema System
3. 6. 3. Server Group (VF4 only)

In InfoVista, a server belongs to a Group, and an Ipanema Domain is allocated to a Group. A Group
can be made of several servers, according to required capacity.
The Server Group window can be displayed by clicking on
Toolbar:
Server Group in ip|uniboss
Server Group window

This window shows all created Groups in a table with three columns:
Name: name of the Group (mandatory parameter),

VistaMart: VistaMart server that manages this Group (mandatory parameter),
Description: short description for that Group (not mandatory).
to create a new Group.
Group creation window

The three parameters in this window are described above.
3-26
March 2012
3. 6. 4. IV Server
The IV Server window can be displayed by clicking on
IV Server in ip|uniboss Toolbar:
IV Server window
This window shows all created IV Servers in a table with 12 columns:
Host name: IV Server host name,

Server Group (VF4 only): Group the IV Server belongs to,
Description: short description for the IV Server,
Viewer username (VF4 only): identifier used by VistaPortal SE to get connected to IV Server
(viewer by default),
Viewer password (VF4 only): password for the Viewer username on the IV Server (no password
by default for the viewer login),
Username: login to the IV Server (administrator by default),
Password: password for the Username on the IV Server (no password by default for the
administrator login),
ip|reporter web portal (VF0 only): ip|reporter web portal (VistaPortal SE server) connected
to IV Server.
Port mapper: port used by the services based on Remote Procedure Call (RPC) which do not
listen for requests on a well-known port, but rather pick an arbitrary port when initialized; they
then register this port with a Portmapper service running on the same machine. Default value
for IV Server is 1275.
Manager: TCP port configured in the IV Server for the manager service (0 for a dynamic port),
Collector: TCP port configured in the IV Server for the collector service (0 for a dynamic port),
Browser: TCP port configured in the IV Server for the browser service (0 for a dynamic port).
the 3 previous fields are optional (used in firewall environment).
to create a new IV Server.
This window contains two tabs, Basic and Advanced.
Basic contains the following parameters: Host name (mandatory), Server Group (VF4
only, mandatory), Description (not mandatory), Username (default value: administrator;
mandatory), Password (there is no password by default for the administrator login; not
mandatory) and ip|reporter web portal (VF0 only, not mandatory)
Advanced contains the following parameters: Viewer username (VF4 only, default value:
viewer; mandatory), Viewer password (VF4 only, not mandatory), Port mapper (default
value: 1275; mandatory), Manager (not mandatory), Collector (not mandatory), Browser (not
mandatory)
All these parameters are described above. There is one more field, at the top of the creation window,
to select the VistaFoundation version:
Mode: select either VF0 or VF4 with the radio buttons, according to InfoVistas platform version
being installed.
March 2012
3-27
Ipanema System
IV Server creation window (two tabs), with VF0 selected
IV Server creation window (two tabs), with VF4 selected
3-28
March 2012
3. 7. SYSTEM ADMINISTRATION
The System administration menu contains one or two functions, according to the User logged
in: Users (displayed for all Users) and Local administrator password (displayed only if the User
logged in ip|uniboss is a local administrator).
3. 7. 1. Users
Users:
The Users window is displayed.
Users window
This window show a table with 12 columns:
Name: Username,
ip|boss access: shows whether the User has an access to ip|boss (access) or not (no
access),
ip|dashboard access: shows whether the User has an access to ip|dashboard (access) or
not (no access),
Discovery: shows whether the User has an access to the Discovery (access) or not (no
access),
Real-time Flows: shows whether the User has an access to the Real-time Flows (access) or
not (no access),
Real-time Graph: shows whether the User has an access to the Real-time Graphs (access)
or not (no access),
ip|uniboss rights: shows the Users rights on ip|uniboss (three levels: no access, read only
or read/write),
iPhone access: shows whether the User has an access to the Ipanema system via the ad hoc
iPhone software application (access) or not (no access),
ip|reporter access: shows whether the User has an access to ip|reporter (access) or not (no
access),
Domains: shows the Domains the User can access (*: the User can access all Domains),
Locale: shows the Users preferred languages.
Tag: free field.
March 2012
to create a new User.
3-29
Ipanema System
User creation window

This window contains the following fields:
Name: User name,

Password and Confirm password: the password for the Use must be typed in twice,
Locale: you can only select English,
Tag: free field.
ip|boss access (ip|boss frame): allows to give access toip|boss (no access by default); when
the User is granted an access, further parameters need to be selected see below.
ip|dashboard access (ip|dashboard frame): allows to give access toip|dashboard (no access
by default); when the User is granted an access, further parameters need to be selected see
below.
ip|uniboss rights (ip|uniboss frame): allows to give read only or read/write access toip|uniboss
(no access by default).
iPhone access (iPhone frame): allows to give access to the Ipanema system via the ad hoc
iPhone software application (no access by default); when the User is granted an access, further
parameters need to be selected see below.
ip|reporter access (ip|reporter frame): allows to give access to the reports (no access by
default); when the User is granted an access, further parameters need to be selected see
below.
Further parameters:
Domains selection
By selecting access in ip|boss access, ip|dashboard access, iPhone access or
ip|reporter access, one must specify on which Domains the User is granted an access:
3-30
March 2012
All domains: if the click box is checked, the User will be granted an access to
all Domains; if not, the User will be granted an access to the Domains selected
below only,
Domains: allows to specify which Domains the User can access (not displayed
if the previous click box has been checked, as the User can access all Domains
in this case).
The left frame shows the Domains the User can not access (all existing
Domains before any selection has been made),
the right frame shows the Domains the User can access;
Domains can be moved from one frame to the other using the different arrows:
to move the Domains selected in the left frame to the right frame
(i.e. to give the User an access to the selected Domains),
to move all Domains to the right frame (i.e. to give the User an
access to all Domains),
to move the Domains selected in the right frame to the left frame
(i.e. to prevent the User from accessing the selected Domains),
to move all Domains to the left frame (i.e. to prevent the User from
accessing any Domain).
ip|boss frame
By selecting access in ip|boss access, in addition to the Domains selection
(see above), one must specify the three access levels (no access, read only or
read/write) for each of the 7 ip|boss menus (System administration, Service
activation, Supervision, Helpdesk, Reporting, Application provisioning and
System provisioning):
ip|dashboard frame
By selecting access in ip|dashboard access, in addition to the Domains selection
(see above), one must specify the User access rights (either no access or access) to
four features: ip|dashboard, Discovery, Real-time Flow and Real-time Graph:
March 2012
3-31
Ipanema System
ip|reporter frame
By selecting access in ip|reporter access, in addition to the Domains selection (see
above), one can specify the access to the reports with various filters:
Metaview: one can give the User an access to the reports on certain Metaviews
only, by typing them in this field. Use * to replace any string of characters (e.g.
Application Group* to give an access to the reports on all Application Groups;
use * alone to grant an access to all Metaviews).
Period: one can give the User an access to the reports on certain periods only
(hour or day or week or month), by typing it in this field (use * to grant an access
to all four periods).
Report: one can give the User an access to certain reports only, by typing them in
this field. Use * to replace any string of characters (e.g. *slm* to give an access
to the Service Level Monitoring reports only; use * alone to grant an access to
all reports).
Navigation mode: one can choose between three values:
All: the User can navigate in the Sites reports using either the Sites
metaviews folders or the two Navigation hierarchical levels (called
Folder name for level 1 and Folder name for level 2 in ip|engines
windows Advanced tab),
No navigation: the User can navigate in the Sites reports using the Sites
metaviews folders only (they cannot select Navigation and navigate
using the two Navigation hierarchical levels),
No Folder: the User can navigate in the Sites reports using the two
Navigation hierarchical levels only (they cannot select Folder and
navigate using the metaviews folders, so they cannot access reports
other than Sites reports the only ones that are accessible through the
Navigation menu).
Folder 1: for Users who navigate using the Navigation menu, one can specify
which folders they can access at level 1 (use * to replace any string of
characters).
Folder 2: for Users who navigate using the Navigation menu, one can specify
which folders they can access at level 2 (use * to replace any string of
characters).
Scope: one can give the User an access to the public reports only (by selecting
public), or to the private reports only (by selecting private), or to both public
and private reports (by selecting All).
3-32
March 2012
3. 7. 2. Local administrator password

Local administrator password.
This button appears only if you connect to ip|uniboss locally, without using LDAP (e.g.
https://<ip|uniboss_server>:10443/ipuniboss_portal/).
Local administrator password window

This window allows the administrators to change the password they use to connect to ip|uniboss
locally, by typing their actual password in the first field, then their new password in the second and
in the third fields.
March 2012
3-33
Ipanema System
3. 8. SUPERVISION
The Supervision menu contains three functions: Inventory, Log and Issues.
3. 8. 1. Inventory
Inventory:
The Inventory window is displayed.
Inventory window
This window is made of two frames:
Domain inventory,
Topology inventory. This frame is contextual: if no Domain is selected in the previous frame,
it displays all Domains topologies; if one (or several) Domain(s) is (are) selected, it displays its
(their) topology(ies) only.
The
Print button prints all the columns of the selected Domain(s),
whereas the Action / Print menu prints the selected columns of all the Domains.
3. 8. 1. 1. Domain inventory
This frame contains the following information:
Name: Name of the Domain

Enabled: Yes / No
ip|boss server: IP address of ip|boss server
Access port: port used by the client on that Domain (0 = dynamic)
SNMP agent (refer to the section Create a Domain above):
Port
Address
3-34
March 2012
C.N.: Community Name
ip|reporter (refer to the section Create a Domain above):
Periods (refer to the section Create a Domain above):
Server
Manager port
Collector port
Browser port
Portmapper port
Supervision
Collect
Reporting short
Reporting long
User management (refer to the section Create a Domain above):

Radius: Yes / No
Domain services: shows if the following services are started (Yes) or not (No):
ip|true
ip|fast
ip|coop
ip|xcomp
ip|xtcp
ip|xapp
smart|plan
ip|reporter
ip|export
smart|path
Number of: shows the number of the following objects, with their totals on the last line:
March 2012
ip|engines
tele|engines
Automatic metaview
On demand metaview
Automatic reports
On demand reports
Application Group
Topology subnet
User subnet
Applications
3-35
Ipanema System
3. 8. 1. 2. Topology inventory
This frame contains:
Domain name
ip|boss server
ip|engine (software version, model and IP addresses are polled from the ip|engine; if it has
not been reachable, the field is blank):
WAN Access:
max ingress bandwidth

min ingress bandwidth
max egress bandwidth
min egress bandwidth
Server
Manager port
Collector port
Browser port
Portmapper port
Domain: shows if the following services are started (Yes) or not (No):
3-36
Total
Total
Total
Total
ip|reporter:
Name
Main public IP address
Main private IP address
Auxiliary public IP address
Auxiliary private IP address
LAN MAC address
Physical: ip|engine (Yes) or tele|engine (No)
Enabled: Enabled (Yes) or disabled (No)
Software version
Hardware
ip|true: Yes / No
ip|fast: Yes / No
ip|xcomp compress: Yes / No
ip|xcomp uncompress: Yes / No
ip|xtcp: Yes / No
ip|xapp: Yes / No
smart|plan: Yes / No
ip|true
ip|fast
ip|coop
ip|xcomp
ip|xtcp
ip|xapp
smart|plan
ip|reporter
ip|export
March 2012
3. 8. 2. Logs
Log:
ip|uniboss Log window is displayed:
ip|uniboss Log window

This window contains:
the list of system events (on ip|uniboss server) with a time stamping,
the list of connections/disconnections to/from ip|uniboss with a time stamping.
The events are sorted by antichronological order, by default (the latest event is the first in the list,
at the top of the first page), but you can sort them by chronological order by clicking on the column
header (Messages).
If the list is displayed on several pages, you can select which page you want to see by clicking on
the page number at the bottom of the window.
You can also use the following arrows to navigate:
: displays the previous page of logged events,
: displays the next page of logged events.
You can also click on a page number to jump to that page (the current page number is displayed
on the left, and underlined in the list of pages).
A field allows you to specify how many objects (events) per page you want to display (40 by default);
click on the Refresh button next to this field to apply a change:
March 2012
3-37
Ipanema System
3. 8. 3. Issues
display):
Issues, when applicable (the icon is greyed when there is no issue to
The Issues window is displayed:
ip|uniboss Log window

It contains a list of issues that may require a users action:
Possible issues for the Domains:
non
non
non
non
non
created Domains,
deleted Domains,
started Domains,
configured Domains,
reachable Domains.
Possible issues for ip|boss servers:

non configured servers,
non compatible servers,
non reachable servers.
As long as there is an issue, the Issues icon

issue to display, the icon is greyed.
3-38
in ip|uniboss tool bar blinks. When there is no
March 2012
CHAPTER 4. CONFIGURING SERVICES

(IP|BOSS)
4. 1. CONFIGURATION OVERVIEW
Once your Domain has been created (refer to the previous Chapter) and before starting a
measurement, QoS & control or optimization session, you have to parameter your configuration
(one configuration per Domain).
This configuration uses:
general settings for all functions (measurement, QoS & control, redundancy elimination,
acceleration and smart plan) ensuring:
configuration of the Domains ip|engines,
configuration of the topology subnets associated with the ip|engines,
selection of applications, TOS and User subnets assigned to the session, according
to the specific features of the traffic to be measured, controlled, compressed or
accelerated,
specific settings that depend on customers requests, for measurement, QoS & control,
redundancy elimination and acceleration features:
WAN accesses characteristics settings,

Quality of Service (QoS profiles) settings,
Coloring settings,
Application Groups settings,
Metaviews settings.
These data are grouped in a configuration file in the directory

~\salsa\ipboss\server\domains\<Domain_name>\config
named:
__active__.ipmconf
Three clients are available:
a Web client through a Web browser,

a Java client,
a CLI client (Command Line Interface).
March 2012
4-1
Ipanema System
4. 2. CONFIGURING SERVICES USING IP|BOSS WEB CLIENT
a web GUI on a Windows XP workstation.
4. 2. 1. Connection to ip|boss using the web client

To connect to ip|boss server from the SALSA web client, first select the Domain you want to
connect to, then click ip|boss and in :
Connection screen
4-2
March 2012
Configuring services (ip|boss)
Alternatively, you can access ip|boss directly, by entering the following URL:
https://<ip|uniboss_server>:10443/ipboss_portal (ip|uniboss is the web portal for
ip|boss).
For security reasons, the use of HTTPS is mandatory.
Connection screen
In this case, you have to log in locally. The connection window has two fields:
User name: the name of the user,
Password: the password of the user.
The user administrator with password admin is defined by default.
March 2012
4-3
Ipanema System
4. 2. 2. ip|boss web client main window
ip|boss web client main window

A title bar with the logo of Ipanema Technologies; it closes all opened windows when
you click on it.
A tool bar, on the left: it is composed of menus and icons which give access to the
different functions of the software. It depends on the profile of the connected user.
A status bar, at the bottom: it gives the status and statistics on the system.
A working space (that displays the main image on login).
4-4
March 2012
4. 2. 3. ip|boss web client table view
Typical window with a table view
A table view shows a list of objects. All the table views give:
A menu bar,
A tool bar,
A list of objects.
Selection: you can select an object in the list by clicking on its line. To select other objects, you
have to click on their lines while pressing the Alt key. To select an interval of objects, you select
the first then the last by clicking while pressing the Shift key. The Edit menu (see below) allows to
select/unselect all the objects on the list. In the status bar, the number of selected objects and the
total number of objects is shown.
Sort: you can sort the list according to one column by clicking on this columns header (by clicking
on the header a second time, you change the order ascending-descending). By clicking on several
columns while pressing the Ctrl key, you make a sort on multi-columns. These functions are also
available through the Display/Sort menu (see below).
The menu bar contains:

The File menu, which allows to:
New: create an object,
Export: export the list of objects,
Import: import a list of objects (Import); this function is not available for all
objects,
Print list: print the list of objects,
Close: close the window.
March 2012
4-5
Ipanema System
The Edit menu, which allows to:

Search: open a contextual dialog box which allows to find all the objects with
an attribute containing the specified text. The first matching object is highlighted
in the table below. The navigation between the found objects is made with the
menu Edition/Next and Edition/Previous.
Search contextual dialog box
Next: go to the next found object,

Previous: go to the previous found object,
Select all: select all objects,
Unselect all: unselect all objects.
The Display menu, which allows to:

Sort: by clicking on the header of a column, you sort the list according
to this column (by clicking again on the column, you change the order
ascending-descending). By clicking on several columns while pressing the Ctrl
key, you make a sort on multi-columns. These functions are also available with
the menu Display/Sort.
Sort the data (by any field or combination of multiple fields; other features in the
Sort menu are Invert sort (global), Sort by status (global) and Invert sort by status
(global)),
4-6
March 2012
Sort dialog box

Filter: create filters on the list which display only the filtered objects according
to the selected criteria.
There are two kinds of filters:
A simple filter (New Filter) works with only one field:
March 2012
4-7
Ipanema System
Simple filter
An extended filter (New Extended Filter) is a combination of simple filters
(using AND, OR, NOT logical operators). When a filter is active, the
number of displayed objects and the total number of objects is written
on the status bar. You can activate/deactivate a filter by double-clicking
on the icon of the status bar.
Extended filter
Choose columns: choose the columns to display.
Preferences: save or delete the display mode (filters and selected columns).
The Actions menu, which allows to consult, clone, modify, delete and change the
administrative state of the objects. The list of actions is the same as you get through
the context menu of the list.
The ? menu, which gives an access to the About menu.
4-8
The tool bar contains often the same icons:
(Consult): to consult an object (without modification capability),
(New): to create a new object,
March 2012
March 2012
(Clone): to create an object from another one,
(Modify): to modify one or more objects,
(Delete): to delete one or more objects,
(Change administrative state): to change the administrative state of one or more

objects.
(Freeze, in dynamic tables such as the Real time flows list): to freeze the view;
when clicked, the button turns into Unfreeze.
(Unfreeze, in dynamic tables such as the Real time flows list): to unfreeze the view,
after it has been frozen; when clicked, the button turns back to Freeze.
(Export): to export in a text file the content of a list.
(Import): to import the content of a list from a text file.
(Help): to go to the help page.
4-9
Ipanema System
4. 2. 4. ip|boss web client creation form
Typical creation form
4-10
Some fields have tips (

): when you move the mouse on the icon, a message is displayed. In
case of error, the field is displayed in red.
Some fields are related to other objects (example: WAN access).
The Ok button creates the object and closes the window.
The Apply button creates the object and keeps the window opened. This is useful when you
want to create several objects.
The Cancel button closes the window without creating any object.
March 2012
4. 3. CONFIGURING SERVICES USING IP|BOSS JAVA CLIENT

All configuration operations described in this section are performed from a Graphic User Interface
on the workstation which can be a workstation with a Java Virtual Machine and ip|boss Java client.
To install ip|boss Java client, refer to CHAPTER 2 IPANEMA SYSTEM
INSTALLATION.
There are four ways to launch ip|boss Java client:
Select ip|boss and the Domain you want to connect to in the SALSA Java client.
Launch your web browser, select the following URL: https://x.x.x.x:10443/ipboss_manager
(where x.x.x.x is the IP address of ip|uniboss server ip|uniboss is an authentication and
redirection server for ip|boss), and click on Start ip|boss rich client; this method is the only
one available on the first use of ip|boss Java client.
Use the shortcut
on your desktop (if you accepted its creation when asked on the first use
of ip|boss Java client).
Use the Start menu (Windows), then select Programs and ipboss_manager.
Launching ip|boss Java client through a web browser

ip|boss Java client launching window then appears:
ip|boss Java client launching window
4. 3. 1. Connection to ip|boss using the Java client

When you connect to ip|boss through the SALSA client, you are authenticated in SALSA and do
not need to enter your login and password again. If you connect directly to ip|boss, a connection
window opens and you need to authenticate:
March 2012
4-11
Ipanema System
Connection screen
The connection window has three fields:

Server: name or address of ip|uniboss. You give the IP address and the port number
with the form: X.X.X.X:Z, where Z is the port number (9999 by default),
If the server is setup with the default port number 9999, the port number is
not mandatory.
User name: name of the user (administrator by default),
Password: the password of the user (admin by default).
4. 3. 2. ip|boss Java client main window
ip|boss Java client main window

Menu bar: the menu is generic and is in all windows. It gives access to the generic
actions of the GUI (creation, deletion, sort...),
A title bar with the name of the application and the name of the Domain.
A tool bar composed of icons that give access to the different functions of the software.
An overview: it gives the status and statistics on the system.
4-12
March 2012
4. 3. 3. ip|boss Java client table view
Typical window with a table view
A table view shows a list of objects. All the table views give:
A menu bar,
A tool bar,
A list of objects.
They are the same as in the web client. Refer to the web client description above for more
details.
The Display menu contains one additional function to the web client:
Fix columns: to fix the columns: this keeps the left columns unaffected by an horizontal
scrolling.
March 2012
4-13
Ipanema System
4. 3. 4. ip|boss Java client creation form
Typical creation form

Creation forms are the same as in the web client. Refer to the web client description above for
more details.
4-14
March 2012
4. 4. IP|BOSS CLI CLIENT

For detailed information concerning ip|boss and ip|uniboss Command Line Interface
clients, please refer to NO-10000249-Rev 3- ipboss v4.3Rx - CLI Reference
Manual.doc.
4. 4. 1. CLI architecture
ip|boss and ip|uniboss have a specific GUI client each, that uses CORBA over SSL to
communicate with a dedicated client request handler (called the Leonardi connector because
of the underlying technology).
Quite similarly, there is a CLI client for ip|boss and a CLI client for ip|uniboss. They communicate
exclusively with their respective CLI connector using CORBA over SSL. The best image to illustrate
what the CLI clients and CLI connectors are is to compare the CLI clients to Telnet clients and the
CLI connectors to remote shell services.
The CLI client/server protocol relies on three verbs:
Login
Logout
Execute
The client and the server exchange version information prior to the login request. This allows either
side to adapt to an older peer.
In its current version, the ip|boss CLI connector forwards login and logout requests to the targeted
Domains Leonardi connector, besides establishing its own session information and setting up
a session specific command parser that will process execute requests. If no specific Domain is
targeted, the ip|boss CLI connector will use the naming service to get a list of all running Domains
and will connect to the first available Domain (in alphabetical order) the provided credentials are
valid for.
The ip|uniboss CLI connector will forward the login and logout requests to the ip|uniboss Leonardi
connector.
Once the session is established, the CLI client acts a transparent upstream pipe between the client
systems keyboard or input file and the CLI connector and a transparent downstream pipe between
the CLI connector and the client systems display or output file.
4. 4. 2. CLI language
The ip|boss Leonardi connector essentially maps a Domains configuration to a set of object
classes and objects within each class. The ip|uniboss Leonardi connector does the same at a
higher level, where Domains are objects in a class. (This is very much akin to tables and rows we
are used to in DBMSes such as Oracle for example.)
The CLI language builds on this paradigm. The language basics are the same for ip|boss CLI and
ip|uniboss CLI. The difference currently only lies in the underlying schema - names of tables and
columns.
A CLI script is a (possibly empty) list of statements. A statement is always terminated by a ";"
(semicolon) character. The semicolon is not a statement separator but a statement terminator. The
difference is important, particularly for parser robustness sake. Having the semicolon act as a
statement terminator and not anything else makes error recovery much easier: eat and discard
input until you see the next semicolon and try to parse more statements from there.
CLI statements currently fall into 2 categories:
Data Manipulation Language (DML)

Session Control Language (SCL)
CLI DML is very much akin to SQL DML.
March 2012
4-15
Ipanema System
With DML you can perform essentially 4 operations on objects:
Create ( or insert),
Modify ( or update),
Delete,
List ( or select).
But there are not only similarities, there are differences too. CLI DML statements act on one table
or object class at a time, there is no such thing as a join. Future releases of CLI will make it easy
to clone objects, just overriding a few columns with specific values. That is not easy in SQL.
CLI offers fine grained control over error handling and logging because it is mainly targeted at
procedure automation versus ad hoc queries.
For the same reason, CLI not only produces tabular output but can also use tabular input in
statements
4. 4. 3. Tabular input and output

CLI can be used for procedure automation in environments where the ipanema solution fits into a
bigger, centrally managed solution. This means that the primary databases are not inside ip|boss,
but somewhere outside, no matter the format.
As a consequence, it is important to make it easy to resynchronize the ipanema solution with
external databases. Hence the choice of a bulk operation centric approach.
With tabular input and output we simply mean that CLI produces output and accepts input such as:
name|public_ip_address|virtual
Out of domain|240.0.0.0|1
ipe_0001|10.1.1.1|0
ipe_0002|10.1.2.1|0
ipe_0003|10.1.3.1|0
ipe_0004|10.1.4.1|0
ipe_0005|10.1.5.1|0
That is easy to obtain from Excel and easy to feed into Excel, or any database (the | (pipe)
character can be changed to something else via a command line option, including the semicolon).
The CLI language has been designed with bulk operations in mind. Below is an example of a valid
statement that creates 5 ip|engines at a time:
CREATE ip_engine FROM STREAM
name|public_ip_address|virtual
ipe_0001|10.1.1.1|0
ipe_0002|10.1.2.1|0
ipe_0003|10.1.3.1|0
ipe_0004|10.1.4.1|0
ipe_0005|10.1.5.1|0
;
4-16
March 2012
4. 5. IP|BOSS MAIN SCREEN DESCRIPTION

All the configuration operations of this section are made through the web client GUI. This graphical
user interface is presented hereafter.
Working space
The main window gives access to all features of the system.
March 2012
4-17
Ipanema System
4. 5. 1. ip|boss tool bar

The content of the Tool bar depends on the profile of the connected User.
Toolbar
The buttons give a direct access to the functions. The tool bar is separated into 7 areas:
Global tools
User settings: allows the User to change their password (local access only),
Domains: gives access to another Domain and allows to check the status of all Domains
at a glance (this icon is only visible if you connected to ip|boss directly - i.e. not through SALSA
- and if you have an access to several Domains),
Save/Update: saves/updates the configuration; flashes when an update is necessary,
Service activation: allows to activate all services:
4-18
global Start /Stop of ip|true (measurement) on the ip|engines,

global Start/Stop of ip|fast ( QoS & control) on the ip|engines,
global Start/Stop of ip|xcomp (redundancy elimination) on the ip|engines,
global Start/Stop of ip|coop (virtual cooperation),
global Start/Stop of ip|xtcp (TCP acceleration),
global Start/Stop of ip|xapp (CIFS acceleration),
global Start/Stop of smart|plan (Smart planning reports),
Refresh: refreshes the view (web client only),
March 2012
Undo: allows to undo last modifications,
Help: gives access to the online help,
ip|reporter: opens ip|reporter web portal to give access to the reports (this icon is only
visible if you connected to ip|boss through SALSA),
About: shows ip|boss version and license information,
Quit: quits ip|boss client.
System administration
Click on System administration to access
the System administration functions:
Users: gives access to the user management (creation, deletion of local users); you can
select this function only if you connected to ip|boss directly - i.e. not through SALSA,
Automatic reporting: gives access to the Automatic reporting function,
Security: gives access to the security configuration.
System provisioning
Click on System provisioning to access the
System provisioning functions:
ip|engines: configures the ip|engines,
Topology subnets: configures the topology subnets addresses,
WAN access: configures the WAN accesses,
Coloring: configures the coloring rules,
March 2012
4-19
Ipanema System
ip|sync: configures the time and synchronization servers,
Tools: starts the ip|engines management features:
4-20
software upgrade
reboot
scripts
security status
advanced configuration
March 2012
Application provisioning
Click on Application provisioning to access
the Application provisioning functions:
User subnets: configures the User subnets addresses,
Applications: configures the applications,
TOS: configures the ToS values,
Application Groups: configures the Application Groups,
Application mapping: configures the application mapping,
QoS Profiles: configures the QoS Profiles,
LTL: configures the limiting rules (LTL),
Supervision
Click on Supervision to access the
Supervision functions:
ip|engine status: shows the status of the ip|engines,
Status map: shows the status map of the ip|engines within a map,
Log: displays the log window,
Options: gives access to the different options (mail, SNMP trap) of the system,
March 2012
4-21
Ipanema System
Helpdesk
Click on Helpdesk to access the Helpdesk
functions:
Topology map: shows the flows behavior within a Topological map,
Applicative map: shows the flows behavior within an Applicative map,
VoIP map: shows the flows behavior within a VoIP map,
Link supervision: lists the sites links usage and quality,
Discovery: starts the Discovery feature on the ip|engines,
Real-time: lists the flows in real-time.
Reporting
Click on Reporting to access the Reporting
functions:
4-22
MetaView: configures the Metaviews,
reports: configures the reports of ip|reporter,
Alarming: configures alarms.
March 2012
4. 5. 2. ip|boss status zone

Status on session start
The status zone gives instantaneous information on the state of the system.
It is one source of supervision information: in case of errors, the dedicated indicators are lighted
in red or amber. More details can be obtained by clicking on the LEDs.
Status zone
The status zone is made of four frames, showing the Domain name, LEDs and bargraphs.
Domain: <Domain_name>:
Total throughput
(Mbps)
gauge displaying the current total throughput measured by all

enabled ip|true agents of the Domain (left figure) over peak
throughput measured since the session start-up (right figure).
Active flows
gauge displaying the current active flows (max number for each
collection) measured by all enabled ip|true agents of the Domain
(left figure) over the peak flows measured since the session start-up
(right figure).
ip|boss: shows the state of the system with three colored LEDs:
Connection LED: shows the status of the connection between the client and the ip|boss
server:
green
red
the server is reachable

the server is unreachable
it can be due to a network connectivity issue between ip|boss server
and ip|boss client, or ip|boss server may be down
License LED: shows the license status:
green
red
the license is respected

the license is not respected (the number of consumed ISUs exceeds
the total ISU credit)
Discovery LED: indicates when Discovery is in process:
grey
amber
March 2012
no Discovery agent is running

Discovery agents are running on one or more ip|engines
4-23
Ipanema System
ip|reporter: shows the state of ip|reporter with two colored LEDs:

Server LED: shows the state of the ip|reporter server (InfoVista):
green
the InfoVistas services (manager, collector and browser) are

operational
yellow
one of the InfoVistas services (manager or browser) is down

check the .../InfoVista/Essentials/log/manager.log log file
red
all InfoVistas services are down (or the server is unreachable)

check the .../InfoVista/Essentials/log/manager.log and
collector.log log files
grey
ip|reporter is disabled in the Domains configuration,

or the ip|engines on the Domain have not been enabled yet
Database LED: shows the state of the InfoVista Database:
green
yellow
grey
red
the InfoVistas database is operational

synchronization of InfoVistas database is running (temporary state)
error happened during last synchronization of InfoVistas database
no access to the reports description (in the reports_desc.ipmsys file
in ~/salsa/ipboss/server/conf on ip|boss server),
or the reports description does not match the installed library
(VistaViews loaded from ip|reporter DVD-ROMs ivl directory)
ip|engine: shows the status and activity of the ip|engines:

Reachable LED and bargraph: display the reachability status of all ip|engines:
green LED
red LED
grey LED
Reachable
all ip|engines are reachable

some ip|engines are unreachable
it can be due to a network connectivity issue between ip|boss and
ip|engines (firewall, WAN link breakdown,ip|engine off or failure)
the service is stopped, or the status is not available
displays the number of ip|engines currently reachable (left) upon
the total number of ip|engines activated (right).
Overload LED and bargraph: display the overload status of all ip|engines:
green LED
red LED
Overload
4-24
no ip|engine is overloaded
some ip|engines are overloaded (the WAN throughput exceeds the
capacity of the hardware)
displays the number of ip|engines currently overloaded (left) upon
the total number of ip|engines reachable (right).
March 2012
Synchronized LED and bargraph: display the synchronization status of all ip|engines:
green LED
service start-up and the server is OK (*); all ip|engines are

synchronized
yellow LED
the server is OK (*) but one or several ip|engines are

not synchronized (synchronization in progress, temporary
synchronization loss)
red LED
grey LED
Synchronized
the server is down (*) and no ip|engine is synchronized

service is switched off or the status is not available
displays the number of ip|engines currently synchronized (left) upon
the total number of ip|engines reachable (right).
(*) ITP case.
Measuring LED and bargraph: display the ip|true status of all ip|engines:
green LED
service start-up and all ip|true agents are operational
yellow LED
one or several ip|true agents are not operational (not configured yet,
configuration refused or failure)
red LED
none of the ip|true agents are operational (not configured yet,

configuration refused or failure)
grey LED
Measuring

displays the number of ip|engines currently measuring (ip|true
agent running) (left) upon the total number of ip|engines activated
(right).
Optimizing LED and bargraph: display the ip|fast status of all ip|engines:
green LED
service start-up and all enabled ip|fast agents are operational
yellow LED
one or several enabled ip|fast agents are not operational (not

configured yet, configuration refused or failure)
red LED
none of the enabled ip|fast agents are operational (not configured

yet, configuration refused or failure)
grey LED
Optimizing
March 2012

displays the number of ip|engines currently controlling the traffic
(ip|fast agent running) (left) upon the total number of measuring
ip|engines having ip|fast activated (right).
4-25
Ipanema System
Limiting LED and bargraph: indicates when a Local Traffic Limiting rule is active on an
ip|engine:
yellow LED
grey LED
Limiting
a Local Traffic Limiting rule is active on one or several ip|engines

no Local Traffic Limiting rule is active or the status is not available
displays the number of ip|engines currently limiting the traffic (Local
Traffic Limiting rule active) (left) upon the total number of ip|engines
controlling the traffic (right).
ip|xcomp LED and bargraph: display the ip|xcomp status of all ip|engines:
green LED
service start-up and all enabled (de)compressing agents are

operational
yellow LED
one or several enabled (de)compressing agents are not operational

(not configured yet, configuration refused or failure)
red LED
none of the enabled (de)compressing agents are operational (not

grey LED
ip|xcomp

displays the number of ip|engines currently (de)compressing
(ip|xcomp agent running) (left) upon the total number of ip|engines
having ip|xcomp activated (right).
ip|xtcp LED and bargraph: display the ip|xtcp status of all ip|engines:
green LED
service start-up and all enabled ip|xtcp agents are operational
yellow LED
one or several enabled ip|xtcp agents are not operational (not

red LED
none of the enabled ip|xtcp agents are operational (not configured

grey LED
ip|xtcp

displays the number of ip|engines currently accelerating TCP traffic
(ip|xtcp agent running) (left) upon the total number of ip|engines
having ip|xtcp activated (right).
ip|xapp LED and bargraph: display the ip|xapp status of all ip|engines:
green LED
yellow LED
one or several enabled ip|xapp agents are not operational (not

red LED
none of the enabled ip|xapp agents are operational (not configured

grey LED
ip|xapp
4-26
service start-up and all enabled ip|xapp agents are operational

displays the number of ip|engines currently accelerating CIFS traffic
(ip|xapp agent running) (left) upon the total number of ip|engines
having ip|xapp activated (right).
March 2012
4. 5. 3. ip|boss Java client menu bar

The menu bar in the ip|boss Java client main window has four menus, File, Windows, Actions
and ?:
ip|boss Java client menu bar
File is used only to exit the GUI,

Windows is used to close all the opened windows,
Actions allows to make all the actions achieved through the corresponding icons,
? allows to see information about ip|boss and ip|reporter versions, license and maximum
number of Application Groups and User Subnets (if limited on the Domains creation with
ip|uniboss).
It is the same as the
About icon in ip|boss web client:
ip|boss Java client About window
March 2012
4-27
Ipanema System
4. 6. OPERATING PROCEDURE
The operating procedure consists of the following phases:
choosing a Domain,
creating a configuration or using an archived configuration, that is, specifying all ip|engines
and Domain settings (topology subnets, applications, Application Groups, Qos Profiles,
MetaViews....),
running a measurement, control, redundancy elimination or virtual cooperative session, applied
to the Domain,
analyzing the results in real-time,
reporting configuration of measurement and QoS & control (optional).
Table: operating procedure

The tables below show operations in their chronological order for a Domain.
4-28
March 2012
Operations to be
performed
Commands
ip|
true
ip|
fast
(1)
Making configuration settings

Create a new configuration
Manual procedure
Start with an existing

configuration
Manual procedure
Define automatic reporting

Automatic reporting
Configure operator coloring

characteristics
Coloring
Configure the WAN

accesses
WAN access
Declare ip|engines of the

Domain
ip|engines
Declare the topology

subnets associated with
each ip|engine
Topology Subnets
Define User subnets

User Subnets
Add, modify or remove
TOS in the dictionary
Add, modify or remove
applications in the
dictionary
TOS
Applications
Define QoS profiles

QoS profiles
Define Application Groups
Application Group
Define Metaviews
Metaview
Define reports
ip|reporter
Define Alarming
Alarming
Save the configuration
Automatic procedure
(1) M = Mandatory, O = Optional, X = Applied
March 2012
4-29
Ipanema System
Operations to be
performed
Commands
ip|
true
ip|
fast
(1)
ip|true service: measurement

Start a session
Service activation, ip|engines: on

Enable ip|true, for all
ip|engines
Analyze links
X
Link supervision
X
Analyze real-time flows

Real-time
Real-time Maps
Modify the topology subnets
associated with each
ip|engine
X
Topology Subnets
X
Modify aggregation rules:

TOS
TOS
Applications
Applications
User Subnets
User Subnets
Modify QoS profiles and
Application Groups
X
QoS profiles
Application Group
Modify automatic reporting

Automatic reporting
X
Modify Metaview settings

Metaview
Modify reports
ip|reporter
Modify Alarming settings

Alarming
Modify the session

dynamically
Update
Disable ip|true, for all

ip|engines
Service activation, ip|engines: off
Stop a session
4-30
March 2012
Operations to be
performed
Commands
ip|
true
ip|
fast
(1)
ip|fast service: QoS & control

Enable ip|fast for all
ip|engines
Service activation, ip|fast: on
Disable ip|fast for all

ip|engines
Service activation, ip|fast: off
X
X
Start a session

Analyze controlled links
X
Link supervision
Analyze real-time controlled

flows
X
Real-time
Real-time Maps
Optimize flow management

by adjusting settings:
ip|engines, QoS profiles,
User subnets and AGs
X
ip|engines
X
QoS profiles
Application Group
User Subnets
X
Modify aggregation rules:

TOS
TOS
Applications
Applications
Modify coloring policies

characteristics
Coloring
Modify the attached WAN

access
WAN access
X
X
Create, modify, delete LTLs

LTL
Modify the session
dynamically
X
Update
X
Stop the session

March 2012
4-31
Ipanema System
Operations to be
performed
Commands
ip|
true
ip|
fast
(1)
ip|coop service: virtual cooperation

Enable ip|coop for all
ip|engines
Service activation, ip|coop: on
Disable ip|coop for all

ip|engines
Service activation, ip|coop: off
X
X
Start a session

Analyze links with
tele|engines
Analyze real-time flows for
tele|engines
X
Link supervision
X
Real-time
Real-time Maps
Modify the session

dynamically
X
Update
X
Stop the session

Service activation, ip|engine: off
Operations to be
performed
Commands
ip|
true
ip|
fast
(1)
ip|xcomp service: redundancy elimination

Enable ip|xcomp for all
ip|engines
Service activation, ip|xomp: on
Disable ip|xcomp for all

ip|engines
Service activation, ip|xcomp: off
X
X
Start a session

Analyze compressed links
X
Link supervision
Analyze real-time
compressed flows
X
Real-time
Real-time Maps
Management by adjusting
redundancy elimination
settings: Application Group
Application Group
redundancy elimination
direction settings:
ip|engines
ip|engines
Modify the session

dynamically
X
Update
X
Stop the session

4-32
March 2012
Operations to be
performed
Commands
ip|
true
ip|
fast
(1)
ip|xtcp service: TCP acceleration

Enable ip|xtcp for all
ip|engines
Service activation, ip|xtcp: on
Disable ip|xtcp for all

ip|engines
Service activation, ip|xtcp: off
X
X
Start a session

Analyze accelerated links
X
Link supervision
Analyze real-time
accelerated flows
X
Real-time
Real-time Maps
acceleration settings:
Application Group
Application Group
ip|engines
ip|engines
Modify the session

dynamically
X
Update
X
Stop the session

March 2012
4-33
Ipanema System
Operations to be
performed
Commands
ip|
true
ip|
fast
(1)
ip|xapp service: CIFS acceleration

Enable ip|xapp for all
ip|engines
Service activation, ip|xapp: on
Disable ip|xapp for all

ip|engines
Service activation, ip|xapp: off
X
X
Start a session

Analyze accelerated links
X
Link supervision
Analyze real-time
accelerated flows
X
Real-time
Real-time Maps
ip|engines
Modify the session
dynamically
ip|engines
X
Update
X
Stop the session

4-34
March 2012
Operations to be
performed
Commands
ip|
true
ip|
fast
(1)
smart|path service
Start a session
Dynamic WAN Selection
settings: Application Group
Application Group
settings: WAN access
WAN access
settings: ip|engines
ip|engines
advanced parameters:
Tools
Tools
Modify the session

dynamically
X
Update
X
Stop the session

Operations to be
performed
Commands
ip|
true
ip|
fast
(1)
smart|plan service
Enable smart|plan for all
ip|engines
Service activation, smart|plan: on
Disable smart|plan for all

ip|engines
Service activation, smart|plan: off
X
X
Start a session

Modify the session
dynamically
X
Update
X
Stop the session

March 2012
4-35
Ipanema System
Operations to be
performed
Commands
ip|
true
ip|
fast
(1)
Commands
ip|
true
ip| fast
(1)
Domain creation
ip|sync service: Synchronization

Synchronization
ip|sync
Modify the session
dynamically
Operations to be
performed
Update
ip|reporter: reporting
Define InfoVista server
settings
Define automatic reporting
Automatic reporting
Define Metaview settings
Metaview
Define reports
ip|reporter
4-36
March 2012
Operations to be
performed
Commands
ip|
true
ip| fast
(1)
ip|boss: management
Supervision management
settings (mail, SNMP trap)
Options
Log window
Log
Create/Delete local users
Users
User password modification
Login
Security configuration
Security
Certificate generation tab enerate the
keys and the certificates
Configuration tab hoose the encryption
algorithm
ip|engine status
ip|engine status
ip|engine status map
Security status
Tools, Status tab: displays the
security status of ip|engines
Discovering of applications,
subnets.....
Discovery
Send results of script to

Ipanema support
Tools, Script tab
Upgrade ip|engines
software
Tools, Software Upgrade tab
Reboot ip|engines
Tools, Reboot tab
Quit the application
File/Exit
March 2012
4-37
Ipanema System
4. 7. CREATE, OPEN, SAVE A CONFIGURATION

The name of the configuration file is fix. This file is in the directory
~\salsa\ipboss\server\domains\<Domain_name>\config and its name
is __active__.ipmconf (double underscore before and after). It contains all the
configuration parameters of the Domain. During the start and the update, this file is
sent to the ip|engines.
4. 7. 1. Create a new configuration

Operating procedure table
To create a new configuration file from the default parameters, you must:
Stop the current configuration with the ip|boss client (GUI)

Quit the ip|boss client (GUI)
Stop ip|boss services in Windows control panel
In the directory ~\salsa\ipboss\server\domains\<Domain_name>\config, copy the
file __new__.ipmconf then name it __active__.ipmconf
Start ip|boss services in Windows control panel
Start the ip|boss client (GUI) and create your configuration for the Domain
4. 7. 2. Open a configuration
To work with an existing configuration file, you must:
Stop the current configuration with the ip|boss client

Quit the ip|boss client
Stop ip|boss services in Windows control panel
Copy your file <my_domain>.ipmconf and rename it __active__.ipmconf in the directory
~\ipboss\server\domains\<Domain_name>\config
Start ip|boss services in Windows control panel
Start the ip|boss client then start the session
4. 7. 3. Save a configuration
The configuration file of the Domain (__active__.ipmconf) is automatically applied and saved
on the following actions:
ip|engines activation (Service activation, ip|engines: on),
Update/Save
In case of necessity (for backup), you should make the backup of this file from your
server to the media of your choice (do not backup the file while an update is pending
on the ip|engines).
Important reminder it is advisable to backup your configuration file in a different directory than
that used for installation in order to avoid deleting files during subsequent install.
4-38
March 2012
4. 7. 4. Undo a configuration modification

The 50 last configuration modifications can be undone by clicking on
By choosing a configuration in the Undo table and clicking on

to the selected one is restored.
Undo in the Toolbar.

, the configuration previous
Undo table
If a modification has been carried out by another user in the interval, undo will not
operate.
March 2012
4-39
Ipanema System
4. 8. EXPORTING AND IMPORTING OBJECTS

4. 8. 1. Exporting objects
Most objects (ip|engines, Topology subnets, Application Groups, etc., even the real time flows list)
can be exported.
As the procedure is the same for all objects, we will consider one case only: exporting
ip|engines.
In the ip|engines window, click on the Export icon

following window opens:
or select the File menu, then Export. The
ip|engine export window
The Export selection check box only appears if ip|engines were selected before
using the Export function: it allows to export the selected objects only. If no ip|engine
was selected before using the Export function, or if the Export selection box is not
checked, all objects are exported.
Step 1. Select the fields you want to export by pushing them to the right with the double arrow
to the right (all fields will be moved at a time) or the single arrow to the right (only the selected
fields will be moved) and click Ok.
A new window opens, where the first line is the description of the fields, and all the subsequent
lines are the exported objects:
Export window
Step 2. Copy and paste all the windows contents in a .res file.
All objects can also be exported using the CLI client.
4-40
March 2012
4. 8. 2. Importing objects
The following objects can be created by importing them from a configuration file: Coloring rules,
WAN accesses, ip|engines and Topology subnets.
All objects can be imported using the CLI client.
As the procedure is the same for all objects, we will consider one case only: importing
ip|engines.
An existing configuration file in raw format (.res) can be imported. The first line must be the
description of the fields (it is present if the file was made with an export), and all the subsequent
lines are the objects to be imported (some may be already existing).
In the example below, we will import the previously exported file, where we added a new site called
MyNewSite:
File ready for import: ipe.res
In the ip|engines window, click on the Import icon

or select the File menu, then Import:
In the Import window, select the field(s) to be imported and browse to the file to be imported,
then click on Ok.
Import window
In the Import window that opens, you can choose which objects to display:
created (objects of the imported file not found in the actual configuration),
modified (objects different in the imported file and in the actual configuration),
deleted (objects of the actual configuration not found in the imported file),
March 2012
4-41
Ipanema System
and unchanged (objects identical in the imported file and in the actual configuration).
(Only the created and modified objects are displayed by default.)
Click on Import all, or select the objects to import then click on Import selection.
Import window
A message tells you how many objects could be successfully imported; click on Ok.
Click on Ok in the Import window to commit the changes.

A message tells you how many objects could be successfully committed, and the imported
objects are added to the existing ones. Click on Ok.
If the Import file contains an object that already exists (same name), it will update it; an
update icon warns you:
4-42
March 2012
If objects could not be created (already existing IP address for an ip|engine, for
example), an error message warns you:
March 2012
4-43
Ipanema System
4. 9. SYSTEM PROVISIONING
4. 9. 1. Configuring Coloring
Operating procedure table: settings, ip|fast service
The Coloring Policy is used with QoS & control. It is the capability to modify the TOS or DiffServ
field in the IP header with a new value according to the type and criticality of the packet.
The mode used is Color-Blind (in this mode, all packets are treated as if they were uncolored:
they are marked according to the selected coloring rule, regardless of their initial color).
ip|fast must be enabled.
In the System provisioning Toolbar, select
Coloring:
The Coloring window is displayed.
Coloring list window
By clicking on the New button
, the creation window of a new coloring rule is displayed.
Coloring rule creation window (unspecified by default)
4-44
March 2012
Coloring directory with TOS selection
Coloring directory with DiffServ selection
March 2012
4-45
Ipanema System
This window defines the coloring policies to apply at the access to WAN (you can create as many
Colorings as you want). The coloring parameters specify the type of service, the TOS or DSCP
values function of the traffic type and criticality level. It comprises:
input fields:
Name: to identify the coloring policy (string of characters). By default , the name none is
defined associated with an unspecified service type. The name is used to identify the
Coloring policy,
Service type: to select the type of coloring policy to set-up. The service is selected from
a drop-down list. The values offered are:
TOS: the TOS field of the frame is set to the value specified by the Code point
setting. It then contains the value of the IP PRECEDENCE and the TOS specified
for the Class of Service,
DiffServ: "Differentiated Service" type service. The TOS field of the frame is
set at the value specified by the PHB Group (DSCP) setting, in accordance
with RFC 2474 (definition of the Differentiated Services Fields (DS Field) in the
IPv4 and IPv6 headers), RFC 2597 (Assured Forwarding PHB group), RFC 2598
(Express Forwarding PHB group)
unspecified: not specified,
a Coloring zone: to define or modify the coloring for type of Traffic and Criticality level:
PHB Group (DSCP): when DiffServ is the Service Type selected, the value for each
peer (type of Traffic and criticality level) is selected with drop-down list,
Precedence/TOS (b0b7): when ToS is the Service Type selected,
a display zone in the form of a table corresponding to the data previously entered.
Type of traffic & Criticality level

Type of traffic
Real time
Service type
PHB
group
DSCP
value
TOS value
Top
Express
Forwarding
EF
101110
EF
101110
Medium
EF
101110
Low
EF
101110
AF11
001010
AF12
001100
Medium
AF21
010010
Low
AF22
010100
BE
000000
High
BE
000000
Medium
BE
000000
Low
BE
000000
Top
High
Background
ToS default
setting
Criticality
level
High
Transactional
DiffServ default setting
Top
Assured
Forwarding
Best Effort
Configuration: DiffServ and TOS default setting

By default, the coloring is named none and the Service Type is unspecified.
The entered values should correspond with the Class of Service of the Operator.
4-46
March 2012
Coloring rules can also be created by importing them from a configuration file. Refer to
section Importing objects.
March 2012
4-47
Ipanema System
4. 9. 2. Configuring WAN Accesses

Operating procedure table: settings, ip|fast service , smart|path service .
The WAN access describes the WAN line(s) connected to the CPE on the WAN side of an
ip|engine.
WAN access:
The WAN access window is displayed.
The WAN access list window
, the creation window of a new WAN access is displayed.
The WAN access window

This window contains the following input fields:
Name: character string used to identify the WAN access.

The bandwidth of the WAN access is an important factor for QoS & control. It is
therefore advisable to mention it in its name (e.g.: ADSL 2048).
4-48
Ingress (LAN to WAN) max Bandwidth: maximum ingress throughput allocated at the WAN
interface of the CPE (in kbps),
Ingress (LAN to WAN) min Bandwidth: minimum ingress throughput that the tracking function
(see below) can track down (in kbps); if no value is entered, it is automatically set to half of the
max value,
Egress (WAN to LAN) max Bandwidth: maximum egress throughput allocated at the WAN
interface of the CPE (in kbps),
Egress (WAN to LAN) min Bandwidth: minimum egress throughput that the tracking function
(see below) can track down (in kbps); if no value is entered, it is automatically set to half of the
max value,
March 2012
Coloring: selection, from a drop-down list, of the Coloring policy created in the Coloring
directory, to be applied. If there is no specific coloring (LS, Best effort), select "none". The
default display is none.
Trust level: Routine or Business: in case of smart|path, defines which type of traffic is allowed
to go through the Network Access Point (Routine and Business sensitivity levels are also defined
for each Application Group, where they are used in the path decision to route traffic to a NAP
with at least the same Trust Level).
Report key: this field is optional. A report key field is used for SNMP and ip|reporter and
allows to define regrouping of WAN accesses. A WAN access belongs to only one regrouping.
For example, this field can be used to gather WAN accesses according to:
the type of network (all WAN accesses to an MPLS backbone, all WAN accesses to
the Internet, etc.)
the type of access line (all WAN accesses with an access line at 64 kbps, 128 kbps, ....)
March 2012
4-49
Ipanema System
Bandwidth tracking
Congestion detection is key to know when and where to manage flows. Network available capacity
may also vary in time (DSL link, Frame Relay access, secondary link with a bandwidth different
from that of the primary link, etc.). The purpose of Bandwidth Tracking is to automatically and
dynamically estimate the available network capacity:
Bandwidth Tracking
Bandwidth tracking principles:
One independent BW tracker per potential congestion point.

Fast increase (real time), slow decrease (20 seconds steps; for example, it takes approximately
5 minutes to detect an HSRP switch from a 2 Mbps line to a 1 Mbps backup line).
Inputs:
Always: Usage profile (throughput) at potential congestion points.
When available: end-to-end QoS (delay, jitter, loss).
Output:
Available bandwidth for each potential congestion point.
4-50
March 2012
ip|engines manage three potential congestion points between any pair of sites:
Potential congestion points between any pair of sites

Bandwidth tracking activation:
By setting a minimum bandwidth lower than the maximum bandwidth, the tracking function will
automatically and dynamically estimate the actual value of the bandwidth between those two
values:
Bandwidth tracking activated (between 1000 and 2000 kbps)
A minimum of 0 is not recommended.
By setting a minimum bandwidth equal to the maximum bw, the tracking function will not execute:
Bandwidth tracking deactivated (constant bandwidth of 2000 kbps)
March 2012
4-51
Ipanema System
WAN accesses can also be created by importing them from a configuration file. Refer
to section Importing objects.
4-52
March 2012
4. 9. 3. Configuring ip|engines
Operating procedure table, ip|fast service, ip|xcomp service, ip|xtcp service, ip|xapp service,
smart|path service.
displayed:
ip|engines. The ip|engines list window is
ip|engines list window
, the creation window of a new ip|engine is displayed:
ip|engine creation window
March 2012
4-53
Ipanema System
The number of ip|engines and tele|engines which can be created are limited by the
license. This number is displayed in the About window.
ip|engines can also be created by importing them from a configuration file. Refer to
section Importing objects.
4-54
March 2012
The creation window of a new ip|engine contains two tabs:
the General tab is made of three frames: General, WAN Access and Services.
the Advanced tab is made of two frames: Redundancy elimination method and Navigation.
General tab
1. The General frame contains the following input fields and click boxes:
Name: character string used to identify the ip|engine (50 alphanumeric characters max),
Main public IP address (mandatory): IP address of the ip|engine visible by ip|boss server for
management purposes (configuration, collection of the correlation records, supervision),
Main private IP address (option if only the Main public address is declared, then the Main
private address is automatically allocated the same value): IP address of the ip|engine as it
has been locally configured (with the ipconfig command).
- In most cases (VPN, flat addressing, ...) only the Main public address is needed.
- In case of NAT, the two addresses must be different.
According to the MGT port being used or not, the Main addresses can be allocated to either the
LAN-to-WAN bridge (if the MGT port is not used in band management), or to the MGT port, if
used (out of band management):
In band mgt: Main IP address allocated to the LAN-to-WAN bridge
March 2012
4-55
Ipanema System
Out of band mgt: Main IP address allocated to the MGT port
IP addresses are not mandatory for a tele|engine.
Auxiliary public IP address (mandatory when the MGT port is used; must not be declared
otherwise): IP address of the ip|engine visible by other ip|engines for measurement
(ip|true), QoS & control (ip|fast), redundancy elimination (ip|xcomp, signalling + tunnel), TCP
acceleration (ip|xtcp), CIFS acceleration (ip|xapp) and synchronization (ip|sync) purposes;
it allows for out of band management (using the Main address) but in band inter-ip|engines
messages (using the Auxiliary address),
Auxiliary private IP address (option if only the Aux. public address is declared, then the
Aux. private address is automatically allocated the same value): IP address of the ip|engine as
it has been locally configured (with the ipconfig command) for the LAN-to-WAN bridge.
The Auxiliary addresses are allocated to the LAN-to-WAN bridge, when the MGT port is used (in
this case, the Main addresses are allocated to the MGT port). Refer to the second diagram above.
If no Auxiliary address is declared, the inter-ip|engines messages use the Main
address.
- In most cases (VPN, flat addressing, ...) only the Auxiliary public address is needed.
- In case of NAT, the two addresses must be different.
Report key: this field is optional. A report key field is used for SNMP and ip|reporter and
allows to define regrouping of ip|engines. An ip|engine belongs to only one regrouping.
For example, this field can be used to gather ip|engines according to:
a geographical criteria (all ip|engines in Europe, North America, Asia, Africa...).
the type of access line (all ip|engines with an access line at 64 kbps, 128 kbps, ....)
4-56
Auto-reporting: to allow (yes) or not (no) the reports created with the Automatic reporting
function to be added for this ip|engine. Refer to the Automatic reporting section.
Type: physical or virtual, to create an ip|engine or a tele|engine, respectively. A tele|engine
is characterized by an alias and an IP address; if no IP address is defined ip|boss randomizes
a virtual IP address with a 240.x.x.x prefix.
March 2012
2. The WAN Access frame allows to configure the WAN access(es) on the Network Access
Point(s); it contains the following input fields:
Path Selection: allows to enable the smart|path feature by selecting TOS or CPE, when
there are several NAPs on the site; the smart|path feature must be allowed in the license, and
optimize must be checked in the Services frame to enable it.
Disabled (default value): to disable the smart|path feature when there is one WAN
access on one NAP only, or when one do not want to use this feature.
TOS: allows to configure up to three WAN accesses with their corresponding marking
values (see below).
CPE: allows to configure up to three WAN accesses with their corresponding CPEs (see
below).
WAN access 1: name of the NAPs WAN access (mandatory)
When the TOS radio button is selected (optimize must be clicked in the Services frame first),
the WAN Access frame contains the following input fields after Path Selection:
WAN Access frame with the TOS radio button selected
WAN access 1: name of the first NAPs WAN access (mandatory).

Marking value 1: allows to mark the packets that are to be sent on WAN access 1 with this
value, which can be chosen from a drop down list (xxxx01xx, xxxx10xx or xxxx11xx); the CPE
router has to be configured with the corresponding PBR rules, to route the packets accordingly.
WAN access 2 and Marking value 2: the same for the second WAN access (mandatory
parameters, as the smart|path feature can be used when there is a minimum of two WAN
Accesses).
WAN access 3 and Marking value 3: the same for a third WAN access, if used (not mandatory).
When the CPE radio button is selected (optimize must be clicked in the Services frame first),
the WAN Access frame contains the following input fields after Path Selection:
WAN Access frame with the CPE radio button selected
WAN access 1: name of the first NAPs WAN access (mandatory).

CPE IP address 1: allows to configure the IP address of the CPE router connected to WAN
access 1; the ip|engine will send the traffic to that CPE router in an Ethernet frame with the
CPE routers MAC address (so there must be no layer 3 device between the ip|engine and the
CPE router connected to this WAN access); there is no need to configure PBR rules on the CPE
router.
March 2012
4-57
Ipanema System
WAN access 2 and CPE IP address 2: the same for the second WAN access (mandatory
parameters, as the smart|path feature can be used when there is a minimum of two WAN
Accesses).
WAN access 3 and CPE IP address 3: the same for a third WAN access, if used (not mandatory).
The bandwidth is an important factor for QoS & control: make sure the WAN access(es)
is (are) correctly defined.
3. The Services frame allows to define the ip|engines capabilities. It contains the following click
boxes:
Administrative State: measurement service (ip|true) selection:

enable: ip|engine activated,
disable: ip|engine deactivated.
ip|fast: QoS & control service selection, if checked;

control will be running only if ip|fast service is activated from the Service activation
window;
this service is also available for tele|engines.
ip|xcomp compress: compression service selection, if checked;

ip|xcomp decompress: decompression service selection, if checked;
For both compression and decompression services:
ip|fast must be checked first;
(de)compression will be running only if ip|xcomp service is activated from the Service
activation window;
this service is not available for tele|engines.
ip|xtcp: TCP acceleration service selection, if checked;

TCP acceleration will be running only if ip|xtcp service is activated from the Service
activation window;
ip|xapp: CIFS acceleration service selection, if checked;

CIFS acceleration will be running only if ip|xapp service is activated from the Service
activation window;
smart|plan: Smart Planning service selection, if checked);

Smart Planning reports will be running only if smart|plan service is activated from the
Service activation window;
4-58
March 2012
Advanced tab
ip|engine creation window, Advanced tab

1. The Redundancy Elimination Method frame contains two click boxes:
Zero Delay: ZRE is enabled.

Standard: SRE is enabled.
By default, both methods of redundancy elimination are enabled (when ip|xcomp is checked in
the Services frame in the General tab).
We do not recommand to change the default settings without advice from the Ipanema
Support.
2. The Navigation frame contains two fields:
Folder name for level 1,

Folder name for level 2.
These two fields allow to navigate in the reports (in ip|reporter) in different ways:
The first browsing method does not use these two fields: by selecting Folders in the drop-down
list in ip|reporters main window, you can access the reports with the following file system tree
(4 hierarchical levels):
<Domain> / <type of MetaView> / <MetaView> / <time level, public/private>
March 2012
4-59
Ipanema System
ip|reporters Folders file system tree
The second browsing method allows to navigate in the sites reports with two additional
hierarchical levels, defined by these two fields: by selecting Navigation in the drop-down list
in ip|reporters main window, you can access the sites reports with the following file system
tree (6 hierarchical levels):
<Domain> / Navigation / <Folder name for level 1> / <Folder name for level 2> /
<MetaView> / <time level, public/private>
(the <type of MetaView> level disappears, as this method is valid to access the sites reports
only).
This method is very helpful on larges networks, with hundreds or thousands of sites.
In the example below, Folder name for level 1 was used to group sites per continents, and
Folder name for level 2 was used to group sites per countries. The ip|engines created without
filling those fields are grouped under the Unknown folder name:
ip|reporters Navigation file system tree
4-60
March 2012
4. 9. 4. Configuring Topology subnets

Operating procedure table: settings,ip|true service
This directory is mainly dedicated to the measurement, in order to describe the network topology.
Topology Subnets:
The Topology Subnets list window is displayed.
Topology Subnets list window
The Topology subnets are used by the ip|engines to classify, measure and control
the traffic peer to peer. These subnets match the IP subnets of the sites where the
ip|engines are installed. All of them must be declared (in the example above, two
Topology subnets are declared on the Datacenter, 10.2.1.0/24 and 10.2.4.0/24). Use
the Discovery agent and the SA Site throughput report to check if no one is missing.
The traffic from/to a Topology subnet is described as coming from/to the User subnet
Other. To report it with a specific name, see the User subnet paragraph.
, the creation window of a new Topology subnet is displayed.
Configuring measured Topology subnets
March 2012
4-61
Ipanema System
It contains the following input fields:
Name: string of characters used to identify the Topology subnet,

Network prefix: Topology subnet prefix,
Prefix length: length of the prefix of the Topology subnet,
Associated ip|engines: defines the ip|engines for this subnet. Selection is from the list on the
left, the window on the right displays the selected ip|engines. Two command icons allow to add
(
) or remove (
) associated ip|engines from the list (all ip|engines can be added or
removed with
and
buttons).
Several ip|engines can be associated to a same subnet in case of clustering. The clustering
function defines the subnet partition for several ip|engines (for example Central site with backup
routers). At a time, a session belongs to only one ip|engine of the cluster.
Cluster solution works with a Hot Standby Router, load sharing per session but not
load sharing per packet.
Clustering
Clustering configuration:
Subnets
Associated ip|engines
This diagram
VLAN 1, VLAN 2, Subnet_LAN
ip|e A, ip|e B
Topology Subnets list window

above
LAN_HQ
HQ1, HQ2
Administrative state:
Enable: Topology subnet taken into account,
Disable: Topology subnet not taken into account.
The ip|engines associated with a Topology subnet must be upstream from the data
flows of this subnet.
Topology subnets can also be created by importing them from a configuration file. Refer
to section Importing objects.
4-62
March 2012
4. 9. 5. Configuring ip|sync (time synchronization)

Operating procedure table: ip|sync service
ip|sync is used for the time synchronization of the ip|engines through the network, and time
synchronization is used for delays measurements. An ip|engine is synchronized when the offset
with its source is less than 10 ms (by default; this value can be changed).
Time synchronization uses three levels:
A Time server, which can be an external clock reference (NTP) or an ip|engine of the Domain,
is used as the main synchronization source,
Synchronization servers, which are ip|engines of the Domain (use several for redundancy
reasons), get their synchronization from the Time server and propagate it to all the other
ip|engines of the Domain,
All other ip|engines of the Domain get their synchronization from the Synchronization servers
(without any out of Domain connection).
This architecture allows GPS-less Domains, out of Domain synchronization and short term no
time function (a Domain can be disconnected from its Time server, the Synchronization servers
will remain synchronized to each other, thus making higher resiliency).
Time servers
can be either ip|engines (with or without GPS), ip|boss or External NTP servers,
must be delivering a consistent time between each other,
if an ip|engine is a Time Server, it will use its local ITP configuration (GPS, local or an external
source).
if a Time server is an external NTP server, the ITP port must be tuned to 123 (Sentry
Tuning section in the __active__.ipmconf ip|boss configuration file).
Synchronization servers
must be Domain ip|engines,

will not use their local reference (even if a GPS receiver is connected),
share their clocks with their peers (all other synchronization servers).
An ip|engine can be declared as both a time server and a synchronization server.
March 2012
4-63
Ipanema System
Configuration
ip|sync:
The Time and Synchronization servers window is displayed.
Time and Synchronization servers window

The Time server directory gives the list of all ITP servers. It includes:
a Server field: allows to enter the IP address of a time server (several ones can be
declared).
an ip|engine field: allows to select an ip|engine as a time server (select only one).
Declare a Server or an ip|engine.
the zone on the right displays the selected time servers for the Domain.
The Synchronization server directory gives the list of all ip|engines that can be used as ITP
servers. It includes:
an ip|engine field: allows to select ip|engines as ITP servers (choose two or three, for
redundancy reasons). They do not need GPS antennas.
the zone on the right displays the selected ITP servers for the Domain.
4-64
March 2012
4. 9. 6. Tools
The System provisioning Toolbar provides a
Tools menu, with five functions.
Tools
They are described in the following sections:
Software upgrade:
2.8.2. (INSTALLATION / ip|engines / Upgrading ip|engines software).
Reboot:
6.4.1. (SUPERVISION / SYSTEM PROVISIONING: TOOLS / Rebooting).
Scripts:
6.4.2. (SUPERVISION / SYSTEM PROVISIONING: TOOLS / Scripts).
Security status:
6.3.3. (SUPERVISION / SUPERVISION / Security).
Advanced configuration:
5.9.7. (CONFIGURING SERVICES / SYSTEM PROVISIONING / Configuring smart|path).
March 2012
4-65
Ipanema System
4. 9. 7. Configuring smart|path (Tools / Advanced conf.)

Operating procedure table: smart|path
smart|path fully supports asymmetric routing. Path selection is based packet per packet, so a
single session can use several Ingress WAN accesses and several Egress WAN accesses. Yet,
there can be constrains (e.g. stateful firewalls) to:
always use the same Ingress WAN access,

always use the same Egress WAN access as Ingress WAN access (remote sites).
Tools, then the Advanced configuration tab.

The smart|path advanced configuration window is displayed:
smart|path advanced configuration window

It contains three parameters:
These three parameters can be overwritten for each Application Group, thanks to the
Application Group configuration windows Advanced tab (refer to 4.10.5.4. Application
Groups advanced tab).
Sensitivity policiy: matching Application Groups sensitivities with WAN accesses Trust Levels
depends on a policy which can be changed here.
Sensitivity policies allows to choose between three policies:
4-66
March 2012
- Preferred
(default
value):
- Strict:
- Backup:
a Business AG will be sent on a Business

WAN access, and
a Routine AG will be sent on a Routine WAN
access preferably...
... except when connectivity is down or when
Qos/BW criteria cannot be met;
there is a decision threshold based on
QoS/BW evaluation.
WAN access, and
access (always);
there is no possible backup.
WAN access, and
access...
... except when connectivity is down, in which
case a WAN access with a different Trust level
can be used.
Return path:
- no:
both half-connections are independent (from

smart|path perspective) and can use different WAN
accesses.
(this value is called Free in the Application Group
Return path parameter)
- yes
(default
value):
always use the same Egress WAN access as

Ingress: Ingress half-connection (SYN+ACK) will
use the observed WAN access for the peer Egress
half-connection (SYN).
(this value is called As received in the Application
Group Return path parameter)
NAP selection policy:
- Per Packet:
decision is made packet per packet (different packets

from a single session can use different paths).
note: this is not recommended on heterogeneous
networks
- Per Session
(default
value):
always use the same Ingress WAN access (all

following packets of the same session will re-use the
initially chosen WAN access)
March 2012
4-67
Ipanema System
4. 10. APPLICATION PROVISIONING

4. 10. 1. Configuring User subnets
Operating procedure table: settings, ip|true service, ip|fast service
This directory can be used also for the measurement and QoS & control, in order to measure and/or
control some specific subnets or Hosts.
Create User subnets only in case of specific subnets or Hosts.
The User Subnets are used by the system for services configuration (ip|true, ip|fast and
ip|reporter). These user subnets identify hosts, servers or subnets on which measurement,
control or reporting is requested by the system. These user subnets are used in the application,
Application Group and metaview definitions.
In the Application provisioning Toolbar, select
User subnets:
The User subnets list window is displayed (it is empty by default).

, the creation window of a new User subnet is displayed.
Configuring User subnets

It contains the following input fields and check boxes:
Name: string of characters used to identify the user subnet,

Network prefix: user subnet prefix,
Prefix length: length of the prefix of the user subnet,
Administrative state:
Enable: user subnet taken into account,
Disable: user subnet not taken into account,
4-68
March 2012
4. 10. 2. Configuring Types of service (TOS)

Operating procedure table: settings, ip|true service, ip|fast service
TOSs can be added to, removed from or modified in this dictionary. This dictionary is useful only
when the packets are colored by the source (IP-Phone for instance).
This dictionary can be used for measurement (ip|true) and QoS & control (ip|fast).
TOS:
The Types Of Service window is displayed (it is empty by default).

, the creation window of a new TOS is displayed.
Configuring TOS
TOS that are not explicitly named in the dictionary are implicitly grouped into the Other category.
The TOS window contains the following input fields and click boxes:
Name: to identify a specific TOS value (string of characters),

Mode: to select TOS field mode of use:
TOS: specifies the Type of Service,
DSCP: specifies the "Code point" for a DiffServ type of service,
According to the selected mode (TOS or DSCP):

TOS/CP: 8 bits field, value: 0, 1, X (dont care),
DSCP: 6 bits field, value: 0, 1, X (dont care).
March 2012
4-69
Ipanema System
4. 10. 3. Configuring Applications

Operating procedure table: settings, ip|true service , ip|fast service
A default applications dictionary is available for each configuration. Applications can be added to,
removed from or modified in this dictionary.
This dictionary is used by the ip|true and ip|fast functions.
Applications:
The applications window is displayed.
Applications window
The recognized protocols are displayed on the left

The Applications dictionary is displayed on the right.
The Applications dictionary specifies the applications that are recognized.
4. 10. 3. 1. Application recognition

The Ipanema System recognizes the application flows using the opening negotiations of the
client/server session conversation (SYN, SYN-ACK, ACK, i.e. layers 3 and 4 information), then it
checks the syntax of the application (layer 7 information) thanks to a syntax engine to uniquely
identify it without any possible error, regardless the ports being used; this also allows to classify
particular applications (such as Codecs, published application names, peer-to-peer applications,
URLs or URIs, etc.)
The ip|engines syntax engine uses DPI (deep packet inspection) to detect application signatures
data patterns that uniquely identify a particular application. (Mechanisms such as this are also
commonly used for virus recognition.) We are inspecting the start of the conversation (and only the
start) to detect these patterns to classify the applications.
4-70
March 2012
It is also possible to declare applications on the ports being used (you have defined an application
as traffic on a specific port/server); in this case, it is the port number that prevails to regnosize the
application.
When an ip|engine has not observed this start of the conversation, or if the application cannot
be recognized thanks to its syntax or declared port number, it falls back to RFC1700 ("well known
ports" definition).
So the order of recognition of applications is as follows:
1) Declared Port (you have defined an application as traffic on a specific port/server)

2) Syntax engine (the Ipanema System uses its inbuilt application detection capabilities)
3) Well known port (RFC 1700)
Applications that are not recognized or enabled in the dictionary are implicitly grouped on their
lower layer protocol (e.g. TCP or UDP).
4. 10. 3. 2. Applications recognized by the syntax engine

A
B
C
F
G
AOL Instant Messenger
Audiogalaxy
BGP
Border Gateway Protocol
Bittorrent
Citrix
and Citrix published applications
COTP
Connection Oriented Transfer Protocol (ISO)
CUPS
Common Unix Printer System
DCERPC
Distributed Computing Environment Remote Procedure Call
DHCP
Dynamic Host Configuration Protocol
DICT
Dictionary Server Protocol
DirectConnect
DNS
Domain Name Service
Edonkey
EIGRP
Enhanced Interior Gateway Routing Protocol
End Point Mapper
Exchange
= MAPI
FTP
File Transfer Protocol
FTPS
Secure FTP
G711a
audio/PCMA; RTP/RTCP attribute
G711u
audio/PCMU; RTP/RTCP attribute
G723
audio/G723; RTP/RTCP attribute
G729
audio/G729; RTP/RTCP attribute
GIOP
General Inter-ORB Protocol (Corba)
GIOPS
Secure GIOP
Gizmo
Gnutella
March 2012
4-71
Ipanema System
J
K
L
4-72
GoBoogy
GRE
Generic Routing Encapsulation
GTP
GPRS Tunneling Protocol
H225
HSRP
(Cisco) Hot Standby Router Protocol
HTTP
HyperText Transfer Protocol
HTTPS
Secure HTTP
ICMP
Internet Control Message Protocol
ICQ
I seek you
Identification protocol
IGMP
Internet Group Management Protocol
IMAP
Internet Message Access Protocol v4
IMAPS
Secure IMAP
IPCOMP
IP Payload Compression Protocol
IPP
Internet Printing Protocol
IPSec
IP Secure
IRC
Internet Relay Chat
IRCS
Secure IRC
ISAKMP
Internet Security Association and Key Management Protocol
Jabber
JetDirect
Kazaa
Kerberos
L2TP
Level 2 Tunneling Protocol
LDAP
Lighweight Directory Access Protocol
LDAPS
Secure LDAP
LoadBalancing
Lotus Notes
LPR
Line Printer Daemon
Mainframe CFT
MAPI
MS Exchange Mail API
McAfee
MCS
Multipoint Communication Service
MGCP
Media Gateway Control Protocol
MMS
Microsoft Multimedia Streaming
Mount
MS_SQL
= TDS
MS Exchange
= MAPI
March 2012
Q
R
MSN
MSN Messenger
Mute
MySQL
Napster
NARP
NBMA Address Resolution Protocol
Netbios
NetFlow
Network Lock Manager
NFS
Network File System
NNTP
Network News Transport Protocol
NNTPS
Secure NNTP
NSPI
Name Service Provider Interface
NTP
Network Time Protocol
Open FT
Oracle - SQL Net
Transparent Network Service
OSPF
Open Short Path First
PCAnywhere
PIM
Protocol Independant Multicast
POP3
Post Office Protocol v3
POP3S
Secure POP3
PortMapper
Postgres
PPP
Point-to-Point Protocol
PPTP
Point-to-Point Tunneling Protocol
Printer_ipp
= IPP
Q931
Quake
(game)
RADIUS
Remote Authentication Dial-In User Service
RDP
Remote Desktop Protocol (Windows Terminal Server)
RDT
Real Data Transfer
Remote Shell
RFB
Remote Frame Buffer (VNC)
RIP ng1, v1, v2
Routing Internet Protocol
RLogin
Remote Login
RLP
Resource Location Protocol
RPC
Remote Procedure Call
RQuota
RSH
= Remote Shell
March 2012
4-73
Ipanema System
4-74
RStat
RSVP
ReSerVation Protocol
RSync
Remote synchronous (file transfer)
RTP/RTCP
Real Time (Control) Protocol
RTSP
Real Time Streaming Protocol
RUsers
SAP
SAP AGs Enterprise Resource Planning (ERP) software
SHOUTcast
SIP
Session Initiation Protocol
Skinny Client Control

Protocol
Skype
SLP
Service Location Protocol; = SrvLoc
SMB
Server Message Block (Windows File Server)
SMTP
Simple Mail Transfer Protocol
SMTPS
Secure SMTP
SNMP
Simple Network Management Protocol
SOAP
Simple Object Access Protocol
Socks
Sockets
Soulseek
SrvLoc
Service Location Protocol
SSDP
Simple Service Discovery Protocol
SSH
Secure Shell
SSL
Secure Socket Layer
Sync
Syslog
TCP
Transmission Control Protocol
TDS
Tabular Data Stream, or MS SQL
Telnet
TelnetS
Secure Telnet
TFTP
Trivial File Transfer Protocol
TNVIP
UCP
Universal Computer Protocol
UDP
User Datagram Protocol
URL
Uniform Resource Locator, as an HTTP attribute
VMWare
VNC
= RFB
VRRP
Virtual Router Redundancy Protocol
March 2012
WINMX
X11
XOT
X25 over TCP
Yahoo Messenger
YPPasswd
Yellow Pages Password
YPServ
Yellow Pages Server
YPUpdate
Yellow Pages Update
Recognized applications in alphabetical order
Client/Server
GIOP, Socks, SOAP
Internet
ActiveX, FTP, HTTP, HTTPS, IP, IPCOMP, IRC, NNTP, Remote Shell,
Socks, SSH, SSL, TCP, TFTP, UDP, URL
Security
FTPS, GIOPS, HTTPS, IMAPS, IPSec, IRCS, ISAKMP, LDAPS,

McAfee, NNTPS, POP3S, SSL, TelnetS
ERP
Oracle, SAP
Database
MS SQL, My SQL, Oracle, Postgres
Directory Service
DHCP, DNS, Ident, Identification Protocol, Kerberos, LDAP, RADIUS
Messenger,
Groupware
Exchange, IMAP, Kerberos, LDAP, Lotus Notes, MAPI, OP3, PNSPI,

SMTP
Network Service
DCERPC, Mount, RLP, RPC, rquota, rsync, rusers, SrvLoc, SSDP,

Syslog, XOT, Yellow pages
Chat
AOL Instant Messenger, IRC, Jabber, MSN Messenger, Yahoo

Messenger
File server
Mainframe CFT, FTP, Netbios, NFS, RDT, SMB
Terminal
Rlogin, RSH, SSH, Telnet, VIP, VNC (RFB), XWindows (X.11)
Time
NTP
Game
Quake
Remote Client
Citrix, Citrix Published Applications, PC Anywhere, RDP, Rlogin,

VMWare, VNC (RFB)
Peer to peer
Audiogalaxy, Bittorent, Directconnect, Edonkey, Gnutella, GoBoogy,

Kazaa, Mute, Napster, OpenFT, Soulseek
Tunneling
GRE, GTP, L2TP, PPP, PPTP
Audio/Video, VoIP
Gizmo, H.225, ICQ, MGCP, MMS, Q.931, RTP/RTCP (G711a,

G711u, G723, G729), RTSP, SHOUTcast, SIP, Skinny Client Control
Protocol, Skype
Routing
BGP, EIGRP, HSRP, IGMP, Load Balancing, OSPF, PIM, RIP ng1,
RIP v1, RIP v2
Network Management
ICMP, Netflow, RSVP, SNMP
Printing
CUPS, IPP, JetDirect, LPR

Recognized applications per type
March 2012
4-75
Ipanema System
4. 10. 3. 3. Creating new applications

New applications can be created, described by a protocol plus an attribute:
The system recognizes about 180 protocols (HTTP, ICMP, FTP, RTP/RTCP, H.225, SAP, Citrix,
Skype, VMWare....; refer to the comprehensive list in the tables above).
Attributes depend on protocols:
for HTTP: it is possible to distinguish the URL names (www.ipanematech.com for
example)
Syntax:
?
a unique character
any character string (included empty)
shortest word (non empty, separated by spaces)
longest word (non empty, separated by spaces)
separator in a list
Examples:
www.google.fr
any URL of the site
www.google.*
all google incarnations (.fr, .com, .de .... )
www.google.*/*.gif
all .gif documents in any page of any google
*/*.gif
all .gif documents in any page of any server
*/*
www.ipanematech.*/web_germany/*
well, everything (should better not use this attribute)

all German pages on our site
Specific cases:
host/*
"any" URI
host/
empty URI
*/full/uri
"any" HOST
/full/uri
empty HOST
for HTTPS: it is possible to distinguish the Common Names,

for Citrix: it is possible to distinguish published applications (Word, Excel for example)
when the applications are not multiplexed on the same TCP session,
for RTP/RTCP: Codec type (choose from a drop-down list),
for TCP/UDP: port number, list of ports or range of ports, subnet or list of subnets
for others: no information is necessary.
Applications that are not explicitly named and enabled in the dictionary are implicitly grouped on
the lower layer protocol (e.g. TCP or UDP).
4-76
March 2012
, the creation window of a new application is displayed.
Creation of a standard application

The Application window contains the following input fields:
Name: character string used to identify the application,

Administrative State:
Enable: application taken into account,
Disable: application not taken into account,
Protocol: protocol is to choose from a drop list,

Attribute: depends on the protocol; this field is enabled or not and allows the access to a list
or free fields,
URL (for HTTP protocol):
Creation of an HTTP application
Do not start the URL by http://.

You can put a URL like *.ipanematech.* (see above).
Common Name (for HTTPS protocol):
Creation of an HTTPS application
March 2012
4-77
Ipanema System
The Common Name is displayed in the Certificate (the way to display the
Certificate depends on the web navigator being used):
Example of HTTPS Certificate, with IPANEMA as a Common Name

Application(s) (for Citrix protocol): name of a published application,
Creation of a Citrix application

Codec (for RTP/RTCP Protocol): list of Codecs that can be selected to describe an
RTP/RTCP application.
4-78
March 2012
Creation of an RTP/RTCP application
March 2012
4-79
Ipanema System
Port(s) (for TCP or UDP Protocol): port number as it will appear in the Server port
(source or destination) fields of TCP/UDP headers. This field can contain several values
and be filled in with a combination of values (; separator) and ranges (- separator) (for
TCP/UDP),
Creation of a TCP application
User Subnets filter: this optional parameter can be used to identify an application by the IP
address of a server or client, or list of servers or clients (ex: SAP). It is possible to choose the
server or client from a drop-down list of the User subnets, or directly:
User Subnets List: choose the subnet or host in the list of User subnets to be associated
with the application by selecting them and pushing them to the right frame with the single
right arrow (selected User subnets only) or double right arrow (all User subnets),
Prefix/Length: set the subnet with the following notation X.X.X.X/Y where X.X.X.X is
the IP address and Y the length integer between 0 and 32; a list of IP addresses can be
configured (; separator).
C/S Side: specify if the application must be recognized on the server side or on the client
side.
4-80
March 2012
4. 10. 3. 4. Order of recognition

When describing different applications using the same protocol (e.g. for HTTP: Intranet (=
intranet.company.com), Internet corporate (= *.company.com) and Internet (= the rest of http)),
place the more specific applications first (the Intranet, then Internet corporate in the example)
and the generic one after (the Internet), so that the specific ones can be recognized as such.
This ordering is achieved by selecting an application and by moving it up with the left blue arrow
(move up) if it is more specific than the one above it, or moving it down with the right blue
arrow (move down) if it is more generic than the one below it, and by repeating this for as many
applications as necessary until they are all sorted from the most specific one (at the top) to the
most generic one (at the bottom).
Moving applications to place the more specific ones above the more generic ones
March 2012
4-81
Ipanema System
4. 10. 4. Configuring QoS Profiles

Operating procedure table: settings, ip|true service , ip|fast service
This dictionary is used for measurement (ip|true) and for QoS & control (ip|fast).
QoS profiles:
The QoS Profiles list window is displayed.
QoS Profiles list window

The settings made in this window enable to define the QoS objectives. A QoS objective associated
with an Application Group is used by the system to measure (ip|true) and control (ip|fast) the traffic
according to the application requirements.
By clicking on the New icon
, the creation window of a new QoS Profile is displayed.
QoS Profiles window
4-82
March 2012
Name: to identify the QoS profile (character string),

Type: to characterize application flow type:
real-time: real-time flow (VoIP, video) sensible to delay, jitter and loss,
transactional: transactional flow (SAP, Telnet), sensible to delay,
background: other than those listed above,
Session B/W (kbps): to specify the bandwidth per session; the value is used by ip|fast,
Obj. (objective): nominal bandwidth per session (mandatory parameter).
The objective bandwidth per session is operational during the congestion
step.
Max. (maximum): maximum bandwidth allowed per session (not mandatory).
When defined, the maximum bandwidth per session is always operational
(even without congestion).
The maximum ratio between the objective and the maximum bandwidth has
been suppressed (it was 20 until ip|boss v5.0).
Delay (ms), Jitter (ms), Packet loss (%), SRT (server response time, ms), RTT (round trip
time, ms), TCP retrans. (%): to specify, for each flow, the Objective and Maximum values for
that QoS profile. These parameters are enabled or not by checking the click box or not,
These information can be used by the Application Group reporting to control the QoS associated
with each Application Group.
all values <
< at least 1 value <
Obj.
Max.
< at least 1 value
acceptable
Correct
unacceptable
Interpretation of Obj. and Max. criteria for Delay, Jitter, Loss, SRT, RTT and TCP retrans.
Name
Type
Session
BW
(kbps)
Delay
(ms)
Default
Bg
30-600
File transfer
Bg
Business
Jitter
(ms)
Packet
Loss
(%)
SRT
(ms)
RTT (ms)
TCP
retrans.
(%)
200-1000
1-10
0-0
400-2000
1-10
50-1000
500-1000
1-10
0-0
1000-2000
1-10
Tr
50-500
200-500
1-5
0-0
400-1000
1-5
Thin client
Tr
40-400
100-500
1-5
0-0
200-1000
1-5
Mail
Bg
50-1000
500-2000
1-10
0-0
1000-4000
1-10
Net services
Bg
20-200
100-500
1-10
0-0
200-1000
1-10
Web
Tr
40-400
200-1000
1-10
0-0
400-2000
1-10
G711
RT
90-120
100-200
50-100
0-2
0-0
200-400
0-2
G723
RT
20-30
50-150
50-100
0-1
0-0
100-300
0-1
G729
RT
30-45
50-150
50-100
0-1
0-0
100-300
0-1
Video streaming
RT
150-200
200-1000
50-100
1-5
400-2000
1-5
Ex. of QoS Profiles (Bg: background, Tr: transactional, RT: real-time; in each column: obj.-max.)
March 2012
4-83
Ipanema System
4. 10. 5. Configuring Application Groups

Operating procedure table: settings, ip|true service , ip|fast service , ip|xcomp service , ip|xtcp
service , smart|path service
Users specify high-level business objectives through Application Groups. The Customer traffic is
classified using a mix of the users applications and organization data. The Application Group
attributes include:
business criticality,
QoS performance objectives (nominal bandwidth per application session, delay, jitter, packet
loss, SRT, RTT and TCP retransmission),
the enabling of compression.
The users objectives are the only input to the system. There is no need to set low-level, network
and device specific policy rules.
The Ipanema System performs:
the configuration of high-level QoS objectives (ip|boss),

the specific reporting to Application Group (ip|engine, ip|reporter),
the control of the application flows in accordance with the Application Groups (ip|fast).
the compression of the flows in accordance with the Application Groups (ip|xcomp).
the TCP acceleration of the flows in accordance with the Application Groups (ip|xtcp).
the Dynamic WAN Selection for the flows in accordance with the Application Groups
(smart|path).
Application Groups are independent of ip|true, ip|fast, ip|xcomp, ip|xtcp, smart|path and
smart|plan services.
Application Groups are given in a tree structure, each Application Group is characterized by:
a name,
filters to define the rules of traffic classification corresponding to the Application Group,
a criticality level to define the level of criticality associated to the application(s) in this Application
Group,
a QoS profile that enables QoS objectives for the application(s) in this Application Group,
the capability to be compressed.
tjhe capability to be accelerated.
The position of the Application Groups in the tree structure is important, it determines
the classification of the packets. The classification is performed by running the structure
tree downwards. The packet is classified with the first applicable classification met.
Other, included the whole classifications, is at the end of the tree.
The configuration of the Application Groups is necessary for the good behavior of the QoS & control
agent, ip|fast.
4-84
March 2012
Application Groups:
The Application Group window is displayed:
Application Group window

An Application Groups zone which shows the tree of Application Groups,

A Properties zone which shows the configuration of the selected Application Group,
A table zone which summarizes all the Application Groups.
March 2012
4-85
Ipanema System
, the creation window of an Application Group is displayed.
New Application Group window

A zone with four tabs:
Dictionary filters,
Subnet filters,
ip|engine filters,
Advanced
The selection areas at the bottom of the window depend on the selected tab (see below).
A zone displaying the characteristics of the selected Application Group:
Name of the Application Group,

Business criticality: top, high, medium or low,
Compress: the compression capability for the flows belonging to the Application Group,
Accelerate: the TCP acceleration capability for the flows belonging to the Application
Group,
QoS profile: the QoS profile that will apply to this Application Group (the QoS profile
contains the Type of traffic, the Bandwidth objective and maximum values, the D/J/L,
RTT, SRT and TCP retransmit objective and maximum values),
Sensitivity, Routine or Business: when the sites are connected through various
networks (e.g. MPLS and Internet), or use various Networks Access Points to the same
network, the Sensitivity is used in the path decision to route traffic to a NAP with at least
the same Trust Level (defined on the WAN accesses). The smart|path option must be
activated in the license.
A zone with multiple selection areas, that depend on the selected tab at the top of the window:
the first area (on the left) shows a list of elements of the Dictionaries (Applications,
ToS values), Subnets (source and destination) or ip|engines (ingress and egress) as
described in the system and managed by ip|boss
the second area (on the right) shows the selected elements for the Application Group.
4-86
March 2012
- A logical Or is applied for the different elements inside a filter (for example filter
Applications: HTTP or HTTPS).
- A logical And is applied for the different types of filters (for example Applications:
HTTP or HTTPS and subnet-src=LAN-192).
Arrows are used to move the selected data from one area to the other (one by one or all at a
time).
4. 10. 5. 1. Dictionary filters tab
Dictionary filters tab

The tab comprises the filters which define the rules of traffic classification corresponding to the
Application Group.
The tab contains:
an Application area: displays the list of the applications dictionary,

a TOS area: displays the list of the TOS dictionary.
Another way of mapping applications within Application Groups is described in 4.10.6.
Applications mapping.
Description of the two areas of the tab: see description above.
March 2012
4-87
Ipanema System
4. 10. 5. 2. Subnet filters tab
Subnet filters tab

The tab comprises the filters which define the rules of traffic classification corresponding to the
Application Group. It contains:
a Sources area: displays the list of User subnets directory,

a Destinations area: displays the list of User subnets directory.
By selecting Subnets with this tab, you create local rules that will apply only to
those Subnets! Do this only if really needed. Otherwise, use global parameters only
(Dictionary filters).
4-88
March 2012
4. 10. 5. 3. ip|engine filters tab
ip|engine filters tab

This tab allows to configure the Application Group per site (ip|engine) and per direction. It contains:
an Ingress zone: displays the ip|engines and tele|engines list as described in the directory,
an Egress zone: displays the ip|engines and tele|engines list as described in the directory,
By selecting ip|engines with this tab, you create local rules that will apply only to
those ip|engines! Do this only if really needed. Otherwise, use global parameters only
(Dictionary filters).
March 2012
4-89
Ipanema System
4. 10. 5. 4. Advanced tab
Advanced tab
This tab contains two additional frames:
Redundancy Elimination Method:

Zero Delay: ZRE is enabled.
Standard: SRE is enabled.
The two options appear only if Compress is clicked.
By default:
If the type of traffic

in the selected QoS
profile is:
... then, by default:
Real time
both methods are disabled (real time traffic is not compressible,

usually),
Transactional
only the Zero Delay method is enabled (the Standard method can
create a small latency usually less than 5 ms),
Background
both methods are enabled.

We do not recommend to change the default settings without advice from the
Ipanema Support.
4-90
Smart|path:
This frame contains three parameters, that can be used to overwrite the global values set in the
System provisioning > Tools > Advanced configuration menu.
March 2012
Please refer to 4.9.7. Configuring smart|path (Tools / Advanced conf.) for a

comprehensive description of each parameter.
Sensitivity policy can take four values:

Default: the global Sensitivity policy parameter (in System provisioning > Tools
> Advanced configuration) will apply,
Preferred, Strict or Backup: overwrite the global value for the selected Application
Group.
Return path can take three values:
Default: the global Return path parameter (in System provisioning > Tools >
Advanced configuration) will apply, with the following correspondence:
As received for yes,
Free for no.
As received: overwrites the global Return path parameter (corresponds to
yes) for the selected Application Group,
Free: overwrites the global Return path parameter (corresponds to no) for the
selected Application Group.
NAP selection policy can take three values:
Default: the global Sticky choice parameter (in System provisioning > Tools >
Advanced configuration) will apply,
Per session: overwrites the global Sticky choice parameter with the Per
session value for the selected Application Group,
Per packet: overwrites the global Slave return parameter with the Per packet
value for the selected Application Group.
March 2012
4-91
Ipanema System
4. 10. 6. Applications mapping

Mapping applications within Application Groups can be achieved in two different ways:
Using the Dictionary filters tab when configuring Application Groups, as described above.
Using the Application mapping functionality.
To access the Application mapping functionality, in the Application provisioning Toolbar, select
Application mapping.
The Mapping of applications within Application Groups window is displayed.
Mapping of applications within Application Groups

The maps show the behavior of the whole network at a glance. These graphical views use squares
with a size depending on the throughput and a color code depending on the quality of the flows (the
Application Quality Score is calculated from weighted colors: Red = 0, Orange = 5, Green = 10).
At each collect from the ip|engines, the map is refreshed.
This window contains the map itself plus the following buttons:
: no access,
: to export in a text file the list of the flows,
: to move the application to another Application Group,
4-92
: to get the list of flows corresponding to the square area in the window (refer to the real
time flows list below),
March 2012
: to zoom in the map,
: to zoom out of the map,
: to reset the zoom (zooms out to the top level),
: to show the label inside the squares,
: to show the label on top of the squares,
: to show the help.
At the first zoom level, the map displays the full traffic with a main square per Application Group
and a sub-square per application.
The zoom in, zoom out and reset zoom functions can be accessed using the right
button on the mouse on the ip|boss Java Client.
By moving the mouse on a square, a contextual text shows the description of the square:
Contextual text
Application Group: Application Group of the application,

Application: name of the application,
Volume: number of bytes exchanged by the application,
AQS: the Application Quality Score is calculated with the SLA defined in the QoS profiles; the
notation is calculated with weighted colors (Red = 0, Orange = 5, Green = 10).
March 2012
4-93
Ipanema System
4. 10. 7. Configuring LTL (Local Traffic Limiting)

Operating procedure table: ip|fast service
The LTLs (Local Traffic Limiting) allow traffic limiting rules to be configured for each site, when
this is necessary. These rules take the enterprise organization, user subnets and the applications
implemented between these different entities into account. They are used by ip|fast (QoS &
control).
These rules are defined for outgoing (LTL Ingress) or incoming (LTL Egress) traffic on the selected
site.
LTLs are used to:
limit the bandwidth used by the different networks of the departments, services (user subnets)
or applications according to specific criteria taking the following constraints into account:
source subnet,
remote subnet,
applications,
TOS/CP values.
Traffic Limiting is given in a tree structure, each LTL is characterized by:
a name,
filters to define the rules to classify the traffic corresponding to the LTL,
a limit on the bandwidth that can be used by the class.
The LTL rules are enabled only if ip|fast is activated on the ip|engine.
LTL.
The Local Traffic Limiting Tree window is displayed.
Local Traffic Limiting Tree window

This window contains an LTL tree structure per ip|engine.
To create a new policy, select the ip|engine, the direction (ingress or egress), then by clicking on
the New icon
4-94
, the creation window of a new LTL is displayed:
March 2012
Local Traffic Limiting window
This window contains the following input boxes:

Name: Name of the LTL policy,
Local Traffic Limiting:
Maximum bandwidth (kbps): to specify the limit bandwidth for a LTL,
If the value 0 is specified, in this case all the traffic is dropped.
Limited: to enable or disable the limiting rule,

Filters: to specify filtering rules for traffic that are associated with an LTL:
Source user subnet: to filter traffic according to source User subnet. It is
selected from a drop-down list corresponding to the "User subnets" directory,
Destination user subnet: to filter traffic according to destination User subnet. It
is selected from a drop-down list corresponding to the "User subnets" directory,
Application: to filter traffic according to application(s). It is selected from a
drop-down list corresponding to the "Applications" dictionary,
TOS/CP: to filter traffic according to the value of the TOS field. This value
specified in the "TOS/CP" dictionary, is selected from a drop-down list.
March 2012
4-95
Ipanema System
4. 11. REPORTING
The Reporting menu gives access to three functions: MetaView, reports and Alarming.
4. 11. 1. Configuring MetaViews

Operating procedure table: settings, service ip|true, service ip|reporter
The Metaviews are objects used to show the data according to your criteria (topology,
applications...) in order to be used by external reporting tools (including ip|reporter) and to
trigger logs, traps or e-mails when certain thresholds are surpassed (Alarming). The MIB will be
populated according the settings of the Metaviews.
Metaviews show information about the traffic or availability according to the following criteria:
In the Configuration tab:
a (list of) source site(s),

a (list of) source site(s) and a (list of) destination site(s),
a (list of) source ip|engine report key(s),
a (list of) source ip|engine report key(s) and a (list of) destination ip|e report key(s),
a (list of) source Network Access Point(s),
a (list of) source NAP(s) and a (list of) destination NAP(s),
a (list of) source WAN access report key(s),
a (list of) source WAN access report key(s) and a (list of) destination WAN access report
key(s),
In the User subnets tab:

a (list of) source user subnet(s),
a (list of) source user subnet(s) and a (list of) destination user subnet(s),
In the Traffic classification tab:

a (list of) application(s),
a (list of) Application Group(s),
a (list of) criticality(ies),
and any complex definition with the previous parameters, using several fields and, possibly,
several tabs.
For example, a Metaview can aggregate the data on the Domain (no filter), but another metaview
could detail the behavior between 2 subnets and a particular application.
ip|reporter uses the Metaviews for the reports creation and data collection.
Two modes of Metaview creation are available:
unitary mode: allows to create Metaviews one by one with your own naming rules. This mode
can be used in order to create a troubleshooting Metaview with complex filters (for example a
destination site, a source site and a specific application),
wizard mode: allows to create a big number of Metaviews with automatic naming rules and
simple filter (for example: one Metaview for each user subnet of the Domain).
Metaviews for the Domain, the Physical sites (= sites with an ip|engine), the Virtual
sites (= sites with a tele|engine) and the Application Groups are automatically created
by the system (as soon a new Domain, a new Physical site, a new Virtual site or a new
Application Group is created, respectively).
As a consequence, only one Metaview needs to be created manually in the window
below (the one that will be used to troubleshoot Telnet between Factory and
Headquarters, on the sixth line).
The Metaview name is used by ip|reporter to name the instances of the reports.
4-96
March 2012
In the Reporting Toolbar, select
Metaview.
The Metaview window is displayed.
Metaview list window

This window contains the MetaView list created and the parameters for each one.
March 2012
4-97
Ipanema System
4. 11. 1. 1. MetaView creation in unitary mode

, the creation window is displayed
MetaView creation window

The Name of the Metaview, used by ip|reporter to name the instances of the reports,
The Type: as this function is used to create a Metaview on demand, the field always displays
on demand.
A zone with three tabs:
Configuration,
User Subnets,
Traffic classification.
Each tab contains two areas:
the first area (on the left) shows a list of elements (ip|engines, Keys, User subnets, Applications,
Application Groups, etc.), as described in the system and managed by ip|boss
the second area (on the right) shows the selected elements for the Metaview.
A logical Or is applied for the different elements inside a filter.
A logical And is applied for the different types of filters.
Some arrows are used to move the selected data from one area to the other, one by one (using
the single arrows) or all at a time (using the double arrows).
4-98
March 2012
4. 11. 1. 1. 1. "Configuration" Tab
Configuration tab
This tab comprises the filters which define the rules of traffic topologies corresponding to the
Metaview (from Site A to Site B, etc.). It contains the following areas:
Site A: displays the ip|engines and tele|engines list as described in the configuration,
Reminder: Metaviews for the Sites are automatically created by the system.
Site B: displays the ip|engines and tele|engines list as described in the directory,
This list is available only if at least one site in Site A is selected.
Engine Report Key A: displays the ip|engine report key list as described in the configuration,
Engine Report Key B: displays the ip|engine report key list as described in the configuration,
This list is available only if at least one ip|engine report key in Engine Report Key
A is selected.
WAN Access Id A: displays the Network Access Points list as described in the configuration,
WAN Access Id B: displays the Network Access Points list as described in the configuration,
This list is available only if at least one Network Access Point in WAN Access Id A
is selected.
March 2012
4-99
Ipanema System
WAN Access Report Key A: displays the WAN Access report key list as described in the
configuration,
WAN Access Report Key B: displays the WAN Access report key list as described in the
configuration,
This list is available only if at least one WAN Access report key in WAN Access
Report Key A is selected.
4. 11. 1. 1. 2. "User Subnets" Tab
User Subnets Tab

Metaview (From User Subnet A to User Subnet B). It contains the following areas:
User Subnet A: displays the User subnets list as described in the configuration,
User Subnet B: displays the User subnets list as described in the configuration.
This list is available only if at least one subnet in User Subnet A is selected.
4-100
March 2012
4. 11. 1. 1. 3. "Traffic classification" Tab
Traffic classification Tab

This tab comprises the filters which define the rules of traffic classification corresponding to the
Metaview. It contains the following areas:
Application: displays the applications list as described in the configuration,

Application Group: displays the Application Groups list as described in the configuration,
Reminder: Metaviews for the Application Groups are automatically created by the
system.
Criticality: displays the criticality list as described in the configuration (from Top to Low).
March 2012
4-101
Ipanema System
4. 11. 1. 2. Metaview creation in wizard mode

By clicking on the Wizard icon
, the multiple creation window of Metaviews is displayed.
Wizard Metaview window

A zone with three tabs:

Configuration,
User Subnets,
Traffic Classification.
Each tab contains two areas:
the first area (on the left) shows a list of elements (ip|engines, Keys, User Subnets, Application
Groups, etc.) as described in the system and managed by ip|boss,
the second area (on the right) shows the selected elements for the Metaviews.
Some arrows are used to move the selected data from one area to the other (one by one or all at
a time).
By selecting several elements in each list, the system will create the Metaviews
according to combinative selected criteria.
The wizard mode automatically manages the naming rules (the name varies according to the
selected elements).
4-102
March 2012
4. 11. 1. 2. 1. "Configuration" Tab
Configuration Tab
Configuration Tab window: see above.
Metaviews (From/to Site A, from/to Key ). It contains the following areas:
Site: displays the ip|engines and tele|engines list as described in the configuration,
Reminder: Metaviews for the Sites are automatically created by the system.
Key: displays the ip|engines report keys list as described in the configuration,
NAP id: displays the Network Access Points as described in the configuration,
Network report key: displays the WAN access report keys as described in the configuration.
March 2012
4-103
Ipanema System
4. 11. 1. 2. 2. "User subnets" Tab
User Subnets Tab

Metaview (From/to User Subnets). It contains the following area:
User Subnets: displays the User subnets list as described in the configuration.
4. 11. 1. 2. 3. "Traffic classification" Tab
Traffic classification Tab

This tab comprises the filters which define the rules of traffic classification corresponding to the
Metaviews. It contains the following areas:
Application: displays the applications list as described in the configuration,

Application Group: displays the Application Groups list as described in the configuration,
Reminder: Metaviews for the Application Groups are automatically created by the
system.
4-104
Criticality: displays the criticality list as described in the configuration (from Top to Low).
March 2012
4. 11. 2. Configuring Reports (ip|reporter)

Refer to 8.2.5. Reports Management.
4. 11. 3. Configuring Alarming

Operating procedure table: settings, service ip|true
The Alarming feature uses the Metaviews for the alarms creation.
Alarming.
The Alarming window is displayed:
Alarming window
This window contains three frames:
Rule <Domain name>: the list of created rules on the Domain,

Alarm: the list of created alarms based on those rules,
Help: available metrics: the metrics and operators to be used in the rules.
An alarm is the instantiation of a rule (when does the alarm trigger/rearm?) on a Metaview (on what
objects - sites, Application Groups, etc. - does the rule apply?).
Creating an alarm is achieved in three steps:
creating a rule,
associating a rule to a Metaview,
activating logs and/or mails and/or traps on alarming events.
March 2012
4-105
Ipanema System
4. 11. 3. 1. Rule creation

in the Rule frame, the AlarmRule creation window is displayed:
AlarmRule creation window

This window contains an input zone with the following fields:
Name: name of the rule; it must be unique.

Actions: 3 click boxes to activate (when the boxes are checked):
a Log
and/or a Mail
and/or a Trap
when an alarm triggers or rearms.

Severity: to choose the severity of the alarm from a drop-down list:
Information: informational messages,

Clear: establishment of a normal status,
Warning: possible error or incident; e.g. good (but not excellent) quality (AQS < 9),
Minor: low-priority error or incident; e.g. average quality (AQS < 8.4),
Major: high-priority error or incident; e.g. poor quality (AQS < 7),
Critical: very high-priority error or incident; e.g. unacceptable quality (AQS < 5).
Description: text description of the alarm.

2 frames:
Trigger: to define the rule that will trigger the alarm:
Trigger threshold: the threshold that will trigger the alarm,
Trigger occurrences: the number of consecutive collects (by default, 1 collect
= 1 minute; refer to section 3.5.1. Create a Domain) that are necessary for this
threshold to be reached before triggering the alarm.
Rearm: to define the rule that will rearm the alarm:
Rearm threshold: the threshold that will rearm the alarm,
Ream occurrences: the number of consecutive collects (by default, 1 collect =
1 minute) that are necessary for this threshold to be reached before rearming
the alarm.
When a rule is created, an Identifier is automatically attributed to it by the system, that can be seen
in the Alarming window (Ident).
4-106
March 2012
Rules syntax
The description of a threshold must respect the following grammar:
exp ::= prefixexp
exp ::= number
exp ::= exp binop exp
exp ::= unop exp
prefixexp ::= var | ( exp )
Examples:
lan_ingress_packet_loss > 5
wan_egress_throughput > 1000
wan_ingress_throughput > 0.2 * ingress_wan_access_ingress
Numbers can be integers or decimals. Examples: 0; 3; 3.14156; 10

Variables (var) represent the metrics.
Metrics naming rule: [lan/wan]_[ingress/egress]_metric
Name
Unit
Name
Unit
ingress_tcp_rtt_min
ms
lan_egress_min_delay
ms
ingress_tcp_rtt_avg
ms
lan_egress_avg_delay
ms
ingress_tcp_rtt_max
ms
lan_egress_max_delay
ms
egress_tcp_rtt_min
ms
lan_egress_jitter
ms
egress_tcp_rtt_avg
ms
lan_egress_sessions
number
egress_tcp_rtt_max
ms
wan_ingress_throughput
kbps
ingress_tcp_srt_min
ms
wan_ingress_packet_loss
ingress_tcp_srt_avg
ms
wan_ingress_min_delay
ms
ingress_tcp_srt_max
ms
wan_ingress_avg_delay
ms
egress_tcp_srt_min
ms
wan_ingress_max_delay
ms
egress_tcp_srt_avg
ms
wan_ingress_jitter
ms
egress_tcp_srt_max
ms
wan_egress_throughput
kbps
ingress_tcp_retransmit
wan_egress_packet_loss
egress_tcp_retransmit
wan_egress_min_delay
ms
lan_ingress_throughput
kbps
wan_egress_avg_delay
ms
lan_ingress_goodput
kbps
wan_egress_max_delay
ms
lan_ingress_packet_loss
wan_egress_jitter
ms
lan_ingress_min_delay
ms
quality_ingress
010
lan_ingress_avg_delay
ms
quality_egress
010
lan_ingress_max_delay
ms
mos_ingress
05
lan_ingress_jitter
ms
mos_egress
05
lan_ingress_sessions
number per s
ingress_wan_access_ingress
kbps
lan_egress_throughput
kbps
ingress_wan_access_egress
kbps
lan_egress_goodput
kbps
egress_wan_access_ingress
kbps
lan_egress_packet_loss
egress_wan_access_egress
kbps
Metrics used
March 2012
4-107
Ipanema System
Binary and unary operators (binop and unop) consist of arithmetical, relational and logical
operators.
arithmetical operators are:
addition
multiplication
modulo
subtraction
division
negation (unary)
relational operators are:

==
equal to
<
less than
<=
less than or equal to
~=
different from
>
greater than
>=
greater than or equal to
logical operators are:

or
and
not (unary)
priorities between operators are (from low priority to high priority):
1.
2.
3.
4.
5.
6.
or
and
< > <= >= ~= ==
+*/%
not - (unary)
A rule is validated when committed; a mistake will trigger an Error message window.
4-108
March 2012
4. 11. 3. 2. Alarm creation in unitary mode

displayed:
in the Alarm frame, the single Alarm creation window is
Single Alarm creation window

Rule: drop-down list, to choose the rule to apply.

Metaview: drop-down list, to choose the Metaview on which the rule will apply.
Administrative state: to enable or disable the selected rule on the selected Metaview.
4. 11. 3. 3. Alarm creation in wizard mode

This creation mode allows to create a package of alarms for several Metaviews. This mode could
be used in the initial creation step (instead of the unitary mode).
displayed:
in the Alarm frame, the multiple creation window of Alarms is
Alarm creation Wizard window

a zone with multiple selection for the Alarm rules,

a zone with multiple selection for the Metaviews.
The first area (on the left) shows the list of elements (Alarm rules and Metaviews), the second
area (on the right) shows the selected elements.
Some arrows are used to move the selected data from one area to the other.
By selecting several elements in each list, the system will create the Alarms according to
combinative selected criteria.
March 2012
4-109
Ipanema System
4. 11. 3. 4. Enabling logs/mails/traps

So that alarming events can be logged and/or sent by e-mail and/or trapped, according to the
selected Actions, Log and/or Mail and/or Trap must be enabled in the Options window (see
OPTIONS - FAULT MANAGEMENT below).
4. 11. 3. 5. Operation
Using the alarms triggered by ip|boss is achieved with external tools, according to the selected
Actions:
text editor or script for the logs,

e-mail client for the mails,
SNMP manager for the traps.
When an alarm is triggered or rearmed, the following information is available (in a log, an e-mail or
a trap):
the name of the Domain,

the rule identifiers (Ident and Name),
the MetaView (Ident and Name),
the ip|engine (Name and public IP address),
the rule with the value of the metrics; for example, if the rule wan_egress_throughput > 1000
triggered an alarm because its value is 2000, it is displayed like this: wan_egress_throughput
[2000] > 1000.
Alarms are sent by pair: trigger when the first threshold is reached, rearm when the second is.
In the logs and trap, one line is generated per alarm.

For the mail, only one mail is sent, containing all the alarms.
SNMP trap: example
4-110
March 2012
4. 12. SUPERVISION OPTIONS

4. 12. 1. Configuring Fault Management
In the Supervision Toolbar, select
Options.
The Options window is displayed:
The Options list window

This window contains three tabs:
Activation: specify how to manage the Supervision events and the Traffic alarming events.
Mail (e-mail): Supervision and/or Traffic alarming events can be mailed to a list of recipients
configured in ip|boss; it uses its own mailing command.
Trap (SNMP Trap): Fault management traps generated by ip|boss on Supervision and/or Traffic
alarming events are sent to configured SNMP managers.
It gives access to the fault management parameters.
March 2012
4-111
Ipanema System
You can manage the Supervision events. They consist of an alarm (log, mail or trap) in case of
system events like:
LicenseExpiration
ip|boss license expiration will occur
Start
ip|boss has been started
Stop
ip|boss has been stopped
Update
ip|boss has been updated
Upgrade
an ip|engine has received upgrade order
Reboot
an ip|engine has been rebooted
BeginOfDownStatus
an ip|engine is down
EndOfDownStatus
an ip|engine is up after a previous down status
BeginOfSynchronizationLoss
an ip|engine has lost its synchronization
EndOfSynchronizationLoss
an ip|engine is up after a previous synchronization loss
CertificateExpiration
ip|boss X509 certificate expiration will occur
RestartByRecover
ip|boss has been restarted by recover mode
IpReporterManagerIsDown
ip|reporter Manager service is down
IpReporterCollectorIsDown
ip|reporter Collector service is down
IpReporterBrowserIsDown
ip|reporter Browser service is down
IpReporterManagerIsUp
ip|reporter Manager service is up
IpReporterCollectorIsUp
ip|reporter Collector service is up
IpReporterBrowserIsDown
ip|reporter Browser service is down
IpReporterBrowserIsUp
ip|reporter Browser service is up
BeginOfNotReachableStatus
an ip|engine is physically down (network link is down)
EndOfNotReachableStatus
an ip|engine is physically up after a previous physical down status
MetaViewColors
the MetaView is green
BeginOfCompressDownStatus
an ip|engine has compression down
EndOfCompressDownStatus
an ip|engine has compression up
BeginOfUncompressDownStatus
an ip|engine has uncompression down
EndOfUncompressDownStatus
an ip|engine has uncompression up
BeginOfLanLinkDownStatus
an ip|engine has LAN interface down
EndOfLanLinkDownStatus
an ip|engine has LAN interface up
BeginOfWanLinkDownStatus
an ip|engine has WAN interface down
EndOfWanLinkDownStatus
an ip|engine has WAN interface up
Events (ip|engines are identified with Alias, IP Address and Domain name)
You can manage the Traffic alarming events. They consist of an alarm (log, mail or trap) in case
of an alarm triggered or rearmed (see CONFIGURING ALARMING above).
4-112
March 2012
The Options window contains three tabs:
4. 12. 1. 1. "Activation" tab
The Activation tab

The tab contains three frames:
Log: to enable or disable the log of events:

Supervision events (see above):
Enable: to log the Supervision events in ip|boss log file,
Disable: not to log the Supervision events.
Traffic alarming events (see above):
Enable: to log the Alarming events in ip|boss log file,
Disable: not to log the Alarming events.
Mail:
Supervision events:
Enable: to send e-mails on Supervision events,
Disable: not to send e-mails on Supervision events.
Traffic alarming events:
Enable: to send e-mails on Alarming events,
Disable: not to send e-mails on Alarming events.
Trap:
Supervision events:
Enable: to trap the Supervision events,
Disable: not to trap the Supervision events.
Traffic alarming events:
Enable: to trap the Alarming events,
Disable: not to trap the Alarming events.
March 2012
4-113
Ipanema System
4. 12. 1. 2. "Mail" tab
The Mail tab

The tab contains:
Sender address: to define the sender e-mail address; must be enquired,

Outgoing mail server (SMTP): to define the outgoing mail server,
Recipients: to see the list of destinations (use the New button
to add some entries).
E-Mail: e-mail address of the destination.

An alarm message gives the following data:
Subject: ip|boss, the Origin (see table above) and the alarm type,
Alarm timestamp (time when alarm was detected),
description: optional comments on the alarm.
The Origin and Type fields are included in the subject of the mail. The Description field is included
into the body of the mail. The Field format is <Domain><Type><Origin><Events>.
Mail examples:
Object : HMS : ip|boss - OSS - Cold Start
Date : 26/03/02 13:42:42 Paris, Madrid
From: ipboss@ipanematech.com
To: support@ipanematech.com
ip|boss System has been started by DOC on 26/03/2002 at 13:43:47.
Configuration file is: C:\program files\server\domains\HMS\config\__active__.ipmconf.
Object : HMS : ip|boss - OSS - Stop
To: support@ipanematech.com
ip|boss System and ip|engine have been stopped by DOC on 26/03/2002 at 13:45:11.
Object : HMS : ip|boss - ip|engine - End of ip|fast down status
To: support@Ipanematech.com
ip|fast is up on following ip|engine on 26/03/2002 at 14:07:43 : - HQ (192.169.0.100)
4-114
March 2012
4. 12. 1. 3. "Trap" tab
The Trap tab

The tab contains the following field:
Hostname: IP address of the SNMP manager (use the New button
March 2012
to add some entries).
4-115
Ipanema System
4. 13. SYSTEM ADMINISTRATION

4. 13. 1. Configuring User profiles
Operating procedure table: Management.
This procedure is not the standard one: Users are normally created in ip|unibosss
LDAP directory, thus allowing Unified User Management. The procedure described here
should only be used if you wish to create local Users (no UUM; they will be granted an
access to ip|boss only, where they will be able to connect without using the Unified
SALSA client).
When starting ip|boss client directly (and not through SALSA client), the user must authenticate
locally in order to connect on the Domain. In order to allow different users to work with the Ipanema
System, it is possible to create several users with different profiles.
In the System administration Toolbar, select
Users:
This function is only available if you connected to ip|boss directly - and not through
SALSA client.
ip|boss local Users list is displayed in a window.

The settings made in this window enable for each User some specific rights.
After a standard installation, only the account administrator is created (default
password: admin).
Authentication is made by a login and a password, which are specific for each Domain.
, the creation window of a new ip|boss local User is displayed.
The users created with this function will remain local to ip|boss; to create users and
manage their rights on ip|boss, on ip|uniboss and on ip|reporter, you must use
ip|unibosss Users function.
Name: login name (character string),

Password: password associated to the user login name (character string),
Confirm Password: confirm the password associated to the user login name (character string),
a radio buttons zone to define the user profile with their rights (no access / read only /
read/write) for the 7 functions of the system:
A user profile can cumulate several functions, for example Service activation +
Supervision + Application provisioning.
4-116
Functions
Rights
System Administration
Users
Automatic reporting
Security
March 2012
Service activation
Start/stop ip|engines (measurement, ip|true)

Start/stop ip|fast (QoS & control)
Start/stop ip|coop (cooperative control of the tele|engines)
Start/stop ip|xcomp (redundancy elimination)
Start/stop ip|xtcp (TCP acceleration)
Start/stop ip|xapp (CIFS acceleration)
Start/stop smart|plan
Supervision
ip|engines status
Supervision map
Log file
Options (Mail, SNMP trap)
Helpdesk
Maps
Discovery
Real time flows
Reporting
Metaviews
ip|reporter (reports)
Alarming
Application provisioning
Users Subnets
Applications
ToS (type of service)
Application Group
QoS profile
LTL (local traffic limiting)
System provisioning
ip|engines
Topology Subnets
WAN access
Coloring
ip|sync
Tools (upgrade, script, reboot, security status)
User Profile
4. 13. 2. Configuring Automatic reporting

Refer to 8.2.5. Reports Management.
March 2012
4-117
Ipanema System
4. 13. 3. Configuring Security

Ipanema System security features are based on SSL and SSH protocols, plus tools for key
generation and distribution. ip|boss to ip|engines communications are secured.
SSL protocol is used for downloading the configuration file from ip|boss to ip|engines,
monitoring of ip|engines by ip|boss and collecting the measurement data from ip|engines. Both
authentication and encryption are used. The HTTPS protocol is used for the exchanges.
Ipanema System allows for three different security levels to be implemented.
4. 13. 3. 1. First level (default mode)

The customer uses the default factory certificate (Qosmart). Communications are secured.
Nevertheless, as the certificate is not unique to the customer, the security level is not at its
maximum.
To start Ipanema System, just make the configuration and start the session.
4. 13. 3. 2. Second level

The customer defines his own certificate. This is done centrally from ip|boss or from a customers
certificate generator. Certificate installation on ip|engines is handled from ip|boss and does not
require a local access to the ip|engines.
Communications are secured. Unauthorized people will not be able to enter the system nor to read
and interpret configuration or measurement data.
Procedure
This procedure requires ip|boss Java client.
1. In the Toolbar, select

Security and go the Certificate generation tab.
2. Define the key/certificate name and its characteristics in the Certificate generation window.
The Validity Period parameter is displayed in the About window.
3. Select the tab Configuration.
4. Define the encryption (algorithm) in Configuration window. Click on OK.
5. The key/certificate file are recorded in the directory ~/ipboss/server/
domains/<Domain_Name>/Security. It is recommended to make a backup on an
external media.
6. The second level of security is taken into account. Several minutes are necessary to activate
it on the ip|engines.
7. The customer can see the ip|engines status by selecting Tools in the Toolbar tab Security
status .
4. 13. 3. 3. Third level

The customer defines his own certificate AND a passphrase. This requires not only an ip|boss
certificate installation, but also to have local access to all ip|engines in order to setup the
passphrase configuration.
Communications are secured. Combination of certificate and local passphrase provides for highest
level of security, provided that passphrase is properly managed.
Procedure
4-118
1. The procedure (steps 1 to 5) is similar to the procedure of the second level, except that the
customer selects and defines a passphrase in Security/Certificate Generation window.
March 2012
2. Configure the associated ip|engines. THE SAME PASSPHRASE MUST BE USED for the
ip|boss and the ip|engine to allow the SSL connections between ip|boss and ip|engine. This
passphrase should be configured on all ip|engines of the Domain.
3. Before using this command, check the system Administrator to obtain the same
passphrase as ip|boss.
Command usage:
sslpassphrase
usage: sslpassphrase set
sslpassphrase reset
Copyright (c) Ipanema Technologies 2000-2005
Set the passphrase:
sslpassphrase set
Enter old SSL passphrase:
Enter new SSL passphrase: *******************
Confirm new SSL passphrase: ******************
Passphrase has been changed
Do you want to restart HTTP Server with new passphrase now [y/n]?
y
4. 13. 3. 4. Configuring ip|boss-ip|engines security

Operating procedure table: Management
Security.
The security of ip|boss-ip|engines communication is managed by ip|boss and is defined by:
the keys and certificates generation,

the algorithm (security level according to the laws) selection,
To secure these communications, the user:
step 1) defines the certificate name. Under this name, 4 files are generated:
the private key: <alias>.isk (Ipanema Server Key) in the Security directory
(~/ipboss/server/domains/<Domain Name>/Security). If a passphrase was provided,
the key has been encoded with the passphrase in the file,
The same passphrase should be also entered on all ip|engines of the
Domain.
the certificate: <alias>_isc.crt (Ipanema Server Certificate) in the Security directory

(~/ipboss/server/domains/<Domain Name>/Security) corresponding with the created
key,
the private key: <alias>.ick (Ipanema Client Key) in the Security directory
(~/ipboss/server/domains/<Domain Name>/Security),
the certificate signed by the key: <alias>_icc.crt (Ipanema Client Certificate) in the
Security directory (~/ipboss/server/domains/<Domain Name>/Security) corresponding
to the created key,
step 2) defines the algorithm (encoding mode or not) used for communication encryption
between ip|boss and ip|engines,
March 2012
4-119
Ipanema System
ip|boss adds the ip|engine certificate in the authorized certification list.
4. 13. 3. 4. 1. "Security certificates generation" tab

Security and go to the Security certificate generation tab.
The Security certificate generation is displayed.
Security certificate generation window

Certificate group box with the Name: name (without extension) of the key/certificate,
Key group box with:
the field Size: choice of the key size: 512, 1024 (by default), 2048,
the field Passphrase: to enter the passphrase. The selection displays the Security
Generation dialog box.
If used, the same passphrase must be used for ip|boss and all the
ip|engines of the Domain.
4-120
March 2012
Identification group box with:
Country name (2 letter code)

State or province name (full name)
Locality name (eg. city)
Organization name (eg. company)
Organization unit name (eg. section)
Common name (eg. YOUR name)
Email address
Validity period (in month): choice of the validity period of the security certificate: 6, 12,
18 (by default), 24, always (until 2037)
All the fields should be fulfilled.
and command buttons:

Ok: to generate the private and public keys (Server and Client) with the associated
certificates Server and Client), recorded in files stored in the Security directory,
Close: to cancel any changes made,
4. 13. 3. 4. 2. "Configuration" tab

Security and go to the Configuration tab.
The Configuration window is displayed.
Configuration window
The configuration specifies to ip|boss which certificate of the Security directory to use and which
algorithm to associate in SSLv3 with RSA authentication. This window defines the encryption
applied to the communications.
The window contains:
Certificate group box with the Name: name (without extension) of the key/certificate to choose
in the drop-down list. With this name, ip|boss finds the .isk, .isc, .isk and .icc files.
Algorithm group box: click in the corresponding case (Selection) to select the encryption
algorithms to be applied between ip|boss and the ip|engines.
The algorithms are listed in security level order, NULL SHA is selected by default.
March 2012
4-121
CHAPTER 5. IPANEMA SYSTEM

SUPERVISION (IP|BOSS)
This chapter gives access to the system software application procedures: starting/closing
applications, ip|engines and security supervision, upgrading the software version, rebooting
ip|engines and launching scripts.
5. 1. CHECK THE DOMAINS STATUSES

It is possible to check all the Domains statuses at a glance by connecting to ip|boss locally.
This function is available only when you connect to ip|boss locally (i.e. not through
SALSA client) and if you have an access to several Domains.
Domain.
This icon is not displayed when you connect to ip|boss through the SALSA client or if
you have an access to one Domain only.
Domain window
The colors of the lines show the global statuses of the Domains:
A blank line is either a fully operational Domain (all activated functions run normally) or
a deactivated Domain (the ip|engines have not been enabled globally).
An orange line is a Domain with some down status (but not all).
A red line shows a Domain with all status down.
When selected, a line turns blue, whatever the Domains status (and the lines previous
color).
For each Domain, a synthesis of the status of the ip|engines, measurement (ip|true), QoS
& control (ip|fast), compression and decompression (ip|xcomp), TCP acceleration (ip|xtcp),
CIFS acceleration (ip|xapp) and synchronization (ip|sync) is displayed, as well as the total
throughput on the Domain and the total number of active flows.
You can also use this window to change Domain, by clicking on the corresponding Domains
.
line and clicking on the Connect Domain button
The name of the selected Domain appears in the status zone:
March 2012
5-1
Ipanema System
Status zone
5-2
March 2012
Ipanema System supervision (ip|boss)
5. 2. IP|BOSS MAIN WINDOW

The Ipanema System supervision is accessible from ip|boss main window, through the status
zone and the Supervision menu, which gives access to more detailed information.
ip|boss main window (web client)

In case of an error, the concerned indicator light in the status zone at the bottom of the window is
displayed in amber or red. Please refer to 5.5.2 ip|boss status zone for a detailed desciption of
the indicators.
March 2012
5-3
Ipanema System
5. 3. SUPERVISION
5. 3. 1. ip|engine status (monitoring ip|engines activity)
ip|engine Status.
The ip|engine Status window is displayed.
ip|engine Status window
5. 3. 1. 1. ip|engine status window

The ip|engine Status window gives the following information on each ip|engine:
(Other columns can be added; please refer to the next section, ip|engine supervision details, to
see all existing fields.)
ip|engine: name of the ip|engine,

Status: administrative status of each ip|engine:
up: the ip|engine is operational,
down: the ip|engine is not operational:
down - unreachable: the system cannot see the ip|engine, it is periodically
interrogated,
down - not configured: the ip|engine can be seen, but it has not been
configured. Periodic attempts of reconfiguration are made,
down - not started: the ip|engine can be seen but has not started correctly. It
is periodically restarted,
Optimization: QoS & control status:

up: the QoS & control service is operational for the ip|engine,
down: the QoS & control service is not operational,
nothing: the QoS & control service is not available,
Compress: compression status:

up: the compression service is operational for the ip|engine,
down: the compression service is not operational,
nothing: the compression service is not available for the ip|engine,
Decompress: decompression status:

up: the decompression service is operational for the ip|engine,
down: the decompression service is not operational,
nothing: the decompression service is not available for the ip|engine,
5-4
March 2012
Accelerate: TCP acceleration status:

up: the TCP acceleration service is operational for the ip|engine,
down: the TCP acceleration service is not operational,
nothing: the TCP acceleration service is not available for the ip|engine,
Accelerate protocols: CIFS acceleration status:

up: the CIFS acceleration service is operational for the ip|engine,
down: the CIFS acceleration service is not operational,
nothing: the CIFS acceleration service is not available for the ip|engine,
Discovery: discovery status:

up: the discovery agent is running on the ip|engine,
nothing: no discovery agent is not running,
Synchronized: time synchronization status:

yes: the ip|engine is synchronized,
no: the ip|engine is not synchronized,
Overload: overload status:

yes: the ip|engine is overloaded, the WAN traffic exceeds the ip|engine specifications
(see the ip|engine characteristics),
no: the ip|engine is not overloaded,
CPU (%): ip|engine load average during the last collect period,
Satellites: number of satellites seen and used for synchronization,
Source: synchronization source (GPS or ITP (Ipanema Time Protocol)),
Server: name of the synchronization server or n/a (not available),
LAN status: LAN interface status of ip|engine:
up: Ethernet interface is link Up,
down: Ethernet interface is link Down.
WAN status: WAN interface status of ip|engine:

down: Ethernet interface is link Down,
Its possible to modify the columns displayed by the menu Display/Choose columns.
March 2012
5-5
Ipanema System
5. 3. 1. 2. ip|engine supervision details

By double clicking on the ip|engine line in the status window, the window ip|engine Status is
displayed.
ip|engine status details window

This window gives the following information for the selected ip|engine:
ip|engine : name of the ip|engine,

Status: administrative status of the ip|engine :
up: the ip|engine is operational,
down: the ip|engine is not operational:
down - unreachable: the system cannot see the ip|engine, it is periodically
interrogated,
down - not configured: the ip|engine can be seen, but it has not been
configured. Periodic attempts of reconfiguration are made,
down - not started: the ip|engine can be seen but has not started correctly. It
is periodically restarted,
5-6
March 2012
Optimization: QoS & control status:

up: the QoS & control service is operational for the ip|engine,
down: the QoS & control service is not operational,
nothing: the QoS & control service is not available,
Compress: compress status:

up: the compression service is operational for the ip|engine,
down: the compression service is not operational,
nothing: the compression service is not available for the ip|engine,
Decompress: Decompress status:

up: the decompression service is operational for the ip|engine,
down: the decompression service is not operational,
nothing: the decompression service is not available for the ip|engine,
Discovery: synchronization status:

yes: a discovery agent is running on the ip|engine,
nothing: no discovery agent is running on the ip|engine,
Overload: overload status:

yes: the ip|engine is overloaded, the WAN traffic exceeds the ip|engine specifications
(see the ip|engine characteristics),
no: the ip|engine is not overloaded,
CPU (%): ip|engine load average during the last collect period,
Satellites: number of GPS satellites seen and used for the time synchronization,
Version : ip|agent software version and type release of the ip|engine,
Source: synchronization source (GPS or ITP (Ipanema Time Protocol)),
Server: name of the synchronization server on n/a (not available),
Offset (ms): estimated synchronization offset from GPS and ITP server (time difference
between synchronizing and synchronized units),
Delay (ms): average round trip delay between the ip|engine and ITP server,
Frequency (ppm): local oscillator free running frequency difference with the synchronization
source,
LAN status: LAN interface status of ip|engine:
LAN (configured type): Ethernet configuration of the LAN interface of ip|engine:

auto, 10HD, 10FD, 100HD, 100FD, 1000FD,
LAN (detected type): Ethernet current state of the LAN interface of ip|engine (it should be
compatible with the previous field):
auto, 10HD, 10FD, 100HD, 100FD, 1000FD,
LAN (received bytes): number of bytes received on the LAN interface of the ip|engine,
LAN (sent bytes): number of bytes sent on the LAN interface of the ip|engine,
LAN (received packets): number of packets received on the LAN interface of the ip|engine,
LAN (sent packets): number of packets received on the LAN interface of the ip|engine,
LAN (collisions): number of collisions on the LAN interface of the ip|engine,
LAN (error frames) : number of frames error on the LAN interface of the ip|engine,
WAN status: WAN interface status of the ip|engine:
WAN (configured type): Ethernet configuration of the WAN interface of the ip|engine:
auto, 10HD, 10FD, 100HD, 100FD, 1000FD,
March 2012
5-7
Ipanema System
WAN (detected type): Ethernet current state of the WAN interface of the ip|engine (it should
be compatible with the previous field and with the LAN detected type):
auto, 10HD, 10FD, 100HD, 100FD, 1000FD,
WAN (received bytes): number of bytes received on the WAN interface of the ip|engine,
WAN (sent bytes): number of bytes sent on the WAN interface of the ip|engine,
WAN (received packets): number of packets received on the WAN interface of the ip|engine,
WAN (sent packets): number of packets received on the WAN interface of the ip|engine,
WAN (collisions): number of collisions on the WAN interface of the ip|engine,
WAN (error frames): number of frame errors on the WAN interface of the ip|engine,
Measure (diagnostics): last diagnostic message of ip|true of the ip|engine (Alarm in the
real-time flows list is at yes):
OutOfTicket: there are no more up tickets,
OutOfBuffer: the driver is overloaded,
WanOverload: the packets received by the ip|engine on its WAN interface are more
than it is capable of handling,
TooManyFlow: the maximum number of sessions has been reached (depends on the
ip|engine range),
PktOverload: Ethernet RX overrun,
CPUOverload: CPU overrun,
LanIntfDown: the LAN interface of the ip|engine is down,
WanIntfDown: the WAN interface of the ip|engine is down
OutOfAppCnx: the maximum number of sessions of the application recognition syntax
engine has been reached.
Optimization (diagnostics) : last diagnostic message of ip|fast of the ip|engine (Alarm in the
real-time flows list is at yes):
ip|fast unreachable from ip|true: ip|fast is not working (transitory state),
ip|engine set in parallel mode: ip|fast was started on an ip|engine set in parallel mode,
current state is xxxx (where xxxx can be Initial, Configuring, Configured, Stopping,
Resetting or Unknown): ip|fast has not been started while it should have been; ip|true
tries to start it until it succeeds (transitory state).
Compression (diagnostics): there is no diagnostic message of ip|xcomp Compress to

date.
Decompression (diagnostics): there is no diagnostic message of ip|xcomp Decompress
to date.
Discovery (diagnostics): there is no diagnostic message of the Discovery function to date.
Synchronization (diagnostics): there is no diagnostic message of ip|sync to date.
Alarm (diagnostics): this field will always be empty.
Overload Mode: it should normally read Normal; otherwise the ip|engine is overloaded.
Detected IMA Clients: number of IMA clients detected by the ip|engine.
Active IMA Clients: number of active IMA clients on the ip|engine.
IMA Server Tokens Used: number of tokens used on the ip|engine (that acts as IMA server).
IMA Server Tokens Allocated: number of tokens allocated on the ip|engine (that acts as IMA
server).
The counters show the delta between two polls (by default 1 minute), its not a
cumulative value
if the ip|engine is connected in parallel mode, only the LAN counters are significant.
5-8
March 2012
5. 3. 2. Supervision Maps (monitoring ip|engines activity)

Supervision maps.
The ip|engine Supervision Maps window is displayed.
ip|engine Supervision Maps window

The supervision maps show in a glance the behavior of all ip|engines. These graphical views use
squares with a size depending on the ip|engine model (depending on their hardware capabilities),
and a color depending on the supervision status.
At each collect from the ip|engines, the map is refreshed.
the map itself, with a square for each ip|engine, the size depends on the ip|engine hardware
model, and a color in order to give a quick synthetic view of the supervision status:
Red: when Status is down (ip|engine not reachable), or when one of the following
functions: Measurement, QoS & control, Compression, Decompression, Acceleration
is down, not started, not configured or not updated (after three trials of update),
Yellow: when not Synchronized, and/or Overloaded and/or Updating (update of
configuration running),
Green: all status are OK (Status, Measurement (always); QoS & control, Compression,
Decompression and Acceleration, if enabled; Synchronization (always)).
: to consult the global supervision status,
: to export in a text file the list of supervision status,
: to consult the detailed supervision status (refer to the supervision details above),
March 2012
5-9
Ipanema System
: to show the label on the top of the squares,
: to show the help.
By moving the mouse on a square, a contextual text shows the supervision status (see screenshot
above):
5-10
ip|engine: host name,

Model: ip|engine range,
Status: reachability of ip|engine,
Measure: status of ip|true function,
Optimization: status of ip|fast function,
Compression: status of ip|xcomp function for compression,
Decompression: status of ip|xcomp function for decompression,
Acceleration: status of ip|xtcp function,
Protocol acceleration: status of ip|xapp function,
Mobile Agents: status of ip|ma function,
Discovery: status of discovery function,
Synchronization: status of ip|sync function.
Overload: status of ip|engine usage, if overload the ip|engine WAN throughput exceeds the
specification of the hardware.
March 2012
5. 3. 3. Security (monitoring security certificate)

Tools and go to the Security status tab.
The Security status is displayed:
Security status window

The name of the certificate used by ip|boss is displayed in the blue bar.
to check the name of the
Select ip|engines in the list below and click on the Status button
certificate that they use. (You can select all ip|engines simultaneously with the Select all button
).
The certificates used by ip|boss and by the ip|engines should be the same.
(The certificate is created in ip|boss with the System administration > Security menu.)
March 2012
5-11
Ipanema System
5. 4. SYSTEM PROVISIONING: TOOLS

5. 4. 1. Rebooting
Tools and go to the Reboot tab.
The Reboot window is displayed:
Reboot window
5-12
the list of ip|engines,

the following command buttons:
(Select all): selects all the ip|engines,
(Reboot): all the selected ip|engines receive a reboot order.
(Refresh): refreshes the view.
(Help): opens a contextual Help window.
March 2012
5. 4. 2. Scripts
This tool is to be used with the Ipanema Technologies Support.
Tools and go to the Scripts tab.
Scripts window
The window comprises the input fields:
ip|engine: list of all ip|engines of the Domain,

Script: list of the available scripts. These scripts are in the directory ~/ipboss/server/scripts
commands buttons:
(Select all): selects all the ip|engines,

(Launch): to launch the script on all the selected ip|engines. A confirmation
window is displayed. According to the number of selected ip|engines, a message
appears This can take a long time... . The results will be located in the directory
~/salsa/ipboss/server/domains/<Domain Name>/temp/ipanema-dump/<date-time>,
after the Launch button is pressed and confirmed, no information is available
to know if the script is executed on the ip|engines or not; for this, check on
the result directory.
(Refresh): refreshes the view.
(Help): opens a contextual Help window.

The name of the script files are suffixed .ipmscp.
The name of the result files are suffixed .ipmres.
The result files are given in a tree structure where the root is
~/salsa/ipboss/server/domains/<domain_name>/temp/Ipanema-dump/<date-time>
format: yymmdd-hhmm).
Three sub-directories are created for each Launch:
(date-time
ipboss: contains the current configuration and the log file of ip|boss,
ipengine: contains the result file (format: <alias or @ip address of the ipengine>.ipmres),
script: contains the used script file. This file is encoded (.ipmscp). An ipengine.txt is
associated to the script file and contains the list of dumped ip|engines (alias+@ip).
March 2012
5-13
Ipanema System
The user can send these directories in a zipped file (by E-mail or FTP to Ipanema Technologies
support (support@ipanematech.com)).
Different script files are available. The main ones are :
5-14
default.ipmscp: dumps all information in the ip|engine, reserved for the support,
flows.ipmscp: dumps all flows in the ip|engine,
gpsinfo.ipmscp: dumps the synchronization information about the GPS receiver,
ipconfig.ipmscp: dumps information about the IP and Ethernet settings of the ip|engine,
check iptrue.ipmscp: dumps information about ip|true, reserved for the support,
check ipfast.ipmscp: dumps information about ip|fast, reserved for the support,
check ipxcomp.ipmscp: dumps information about ip|xcomp, reserved for the support,
check itp.ipmscp: dumps information about ip|sync synchronization, reserved for the support,
restart iptrue.ipmscp: restarts ip|true agent, reserved for the support,
restart ipfast.ipmscp: restarts ip|fast agent, reserved for the support,
restart ipxcomp.ipmscp: restarts ip|xcomp agent, reserved for the support,
restart itp.ipmscp: restarts ip|sync agent, reserved for the support,
process.ipmscp: dumps information about the process running, reserved for the support.
March 2012
5. 4. 3. ip|engine software upgrade

ip|engines software (ip|agent) can be upgraded from the system manager ip|boss, or directly
from the ip|engines themselves. In the first case, an FTP server reachable by both ip|boss and
the ip|engines is mandatory; in the second case (direct upgrade from the ip|engines), the FTP
server only needs to be reachable by the ip|engines to be upgraded.
In ip|boss System provisioning Toolbar, select
tab.
Tools and go to the Software upgrade
The Software upgrade window is displayed:
Software upgrade window

the list of ip|engines to be upgraded (left frame),

the list of ip|agent software versions (right frame).
The procedure is as follows:
1. At opening, the list of ip|engines in the configuration is displayed in the left frame. The
Version column is not filled in. Select some ip|engines (or all with the Select all button
and click on the Status button
selected ip|engines.
March 2012
to see the actual software versions and statuses of the
5-15
Ipanema System
The statuses can be:

upgraded: the ip|engine has the software release which is described in the field version,
download scheduled: the ip|engine will be upgraded, the scheduled Begin hour is
not passed,
install scheduled: the ip|engine is upgrading, the scheduled End hour is not passed,
error occurred: possible reason of failure:
No Space left for file: no more space on ip|engine to download the file,
Cant connect to server (check address/routes): FTP server is unreachable,
Access to server denied (check login/password): login/pw problem on FTP
server,
File not found: xxxxxxx: the file is not in the right directory on FTP server or the
directory is wrong,
Error while downloading: the connection between FTP server and the ip|engine
is broken,
No disk space left for file: no more space to uncompress the software package.
2. In the right frame, clisk on the Get catalog button

FTP server that contains the catalog:
. A new window opens, to specify the
It contains the following fields:

FTP server (ip|boss access): IP address of the FTP server reachable by ip|boss
(ip|boss reads the ip|agent versions present on the FTP server),
FTP server (ip|engine access): IP address of the FTP server reachable by ip|engines
(ip|engines will download the new ip|agent version from that FTP server); it can be
different from the previous address in case of NATting ,
Directory: the FTP server directory containing the ip|agent software files,
Login: user name to use to get the files,
Password: password of the user,
The list of ip|agent software versions on the FTP server is displayed:
5-16
March 2012
This table is made of two columns:

ip|agent version: list of the available software versions,
Current version compatibility: shows the compatibility with the running version of
ip|boss (compatible or not compatible).
3. Select the ip|engines to be upgraded in the left frame and the ip|agent software version in
the right frame, and click on the Upgrade button
A message confirms that the selected ip|engines have received the upgrade order.
A Cancel button
allows to cancel the upgrade request. Cancelling an upgrade is possible
before or during the FTP download of the new version of ip|agent, but before the ip|engine
has started swapping.
4. A scheduling window opens, that allows to schedule the upgrade (during the night for
example), or launch it immediately by clicking on Ok without specifying any date or time:
This window is made of the following fields:

Start time: enter the start date and time for upgrade (this must be a future date, not the
current date). The Start time corresponds to the date when the downloading ip|engine
from the FTP server will be started. The chronological sequence of downloads is
managed automatically by the system,
End time: enter the end date and time of the upgrade (this must be a future date, not
the current date). The End time corresponds to the date when ip|engines downloading
will end and reboot for the new version to be applied,
Mode:
Differential: download only files necessary to upgrade the current version to the
new version,
Total: download all files.
Click on Ok when done. The restart of ip|engines after upgrade is automatically performed at
the date/time specified by the "End time" field.
If the Start time and End time fields are empty, the upgrade starts immediately on the selected
ip|engines.
March 2012
5-17
Ipanema System
5. Check that the upgrade has been completed correctly by selecting the concerned ip|engines
and by clicking on the Status button
5-18
March 2012
5. 5. IP|BOSS LOGS
Log.
The Log window is displayed.
Log window
the list of Supervision events (on ip|engines, ip|reporter server....) with a time stamping,
the list of Traffic alarming events (on Metaviews) with a time stamping (only if it has been
activated in Options / Activation).
March 2012
5-19
CHAPTER 6. USING IPANEMA SERVICES

(IP|BOSS)
To run a measurement or QoS & control session, you must start ip|boss.
For more information, refer to table "Operating procedure".
A session can be started or stopped whatever the service used - ip|true (measurement), ip|fast
(QoS & control), ip|coop (virtual cooperation), ip|xcomp (redundancy elimination), ip|xtcp (TCP
acceleration), ip|xapp (CIFS acceleration) and smart|plan (smart planning reports).
6. 1. STARTING AND STOPPING A SESSION

6. 1. 1. Starting a session
Operating procedure table: ip|true service, ip|fast service, ip|coop service, ip|xcomp service,
ip|xtcp service, ip|xapp service, smart|path service, smart|plan service.
From the Toolbar, select
Service activation.
In the Service activation window that opens, select ip|engines: on:
The start of a session of measurement, control, compression or acceleration begins by a check of

the configuration. In case of error, ip|boss shows a warning.
Check that the indicator lights in the Main window turn green (after a few seconds), refer to ip|boss
status zone description for information on the meaning of indicator lights that remain amber or red.
When a session starts, ip|true (measurement) is automatically activated on the
ip|engines of the Domain.
in case of failure of ip|boss or of the server, at the next start of ip|boss, the session
will be on the same state (automatic restart if it was started, or stop if it was stopped).
March 2012
6-1
Ipanema System
6. 1. 2. Stopping a session
ip|xtcp service, ip|xapp service, smart|path service, smart|plan service.
A session can be stopped on the ip|engines by the Toolbar,
Service activation.
In the Service activation windows that opens, select ip|engines: off:
Stopping a session will stop all functions of the system (ip|true (measurement), ip|fast,
ip|xcomp, ip|coop, ip|xtcp, ip|xapp, smart|path, smart|plan).
Check that the indicator lights on the status zone turn to black.
6-2
March 2012
Using IPANEMA services (ip|boss)
6. 2. LOGIN: CHANGING USER PASSWORD

Users who access ip|boss directly (and not through SALSA) can modify their local passwords by
the Toolbar,
User settings.
The User settings window is displayed:
User settings window

Password: user password for the current session,

New password: new password for the next session,
Confirm New password: confirm the new password for the next session,
March 2012
6-3
Ipanema System
6. 3. DYNAMICALLY MODIFYING A SESSION

The user can dynamically modify some current session settings without stopping the system.
The table below lists the ip|boss system components and services that are accessible with the
current configuration running, where:
A: means that the modifications made by a user of the service are automatically applied,
U: means that the user has to use Update to apply the modifications made.
Table Dynamically modifying a session: ip|true service, ip|fast service, ip|xcomp service,
ip|coop service, ip|xtcp service, ip|xapp service.
Components
Services
Dynamic
Login
Login/User Settings
Update
Help
User
Automatic reporting
Security/Generation
Security/Configuration
ip|engines
Topology Subnets
WAN access
Coloring
ip|sync
Other
Manager
System
System
Administration
System
provisioning
Tools/Software
grade
6-4
up-
Not available with the system

shut down
None cannot be suppressed
Tools/Reboot
Tools/Script
Tools/Security status
March 2012
Components
Services
Dynamic
Other
Service activation
Enable ip|engines
start the session
Disable ip|engines
stop the session
Enable ip|fast
Disable ip|fast
Enable ip|xcomp
Disable ip|xcomp
Enable ip|coop
Disable ip|coop
Enable ip|xtcp
Disable ip|xtcp
Enable ip|xapp
Disable ip|xapp
ip|engines status
Supervision map
Log
Options/Activation
Options/Mail
Options/Trap
User subnets
Applications
TOS
Application Group
other cannot be suppressed
QoS profile
Default cannot be suppressed
Local Traffic Limiting
Maps
Realtime
Discovery
Metaview
ip|reporter
Alarming
Supervision
Application
provisioning
Helpdesk
Reporting
Whether for a Start or an Update, the configuration is checked to inform the user that resources
(Domains and services) are referenced even though they are not configured in the directories or
dictionaries. As long as the check is not OK, no Start or Update operation can be performed on
ip|engines. The check operation accepts configurations with empty dictionaries or directories.
March 2012
6-5
Ipanema System
6. 3. 1. Update procedure
ip|xtcp service, ip|xapp service, smart|path service, smart|plan service, ip|sync service.
Update.
The Update option performs the following steps:
checks the configuration,

archives the old configuration (__active__.ipmconf.bak) with its date and time and user
in the file name (__active__.<YYYYMMDDhhmmss>.<User>.undo.ipmconf; the 50 most
recent archives are kept),
saves the current configuration (__active__.ipmconf) as the old configuration
(__active__.ipmconf.bak),
saves the new configuration as the current configuration (__active__.ipmconf),
releases the locked resources (during an edit of it),
applies the new configuration to each ip|engine with an immediate application request.
applies the new configuration to ip|reporter (if some reporting modifications were made).
If some ip|engines do not apply the new configuration, ip|boss automatically reconfigures these
ip|engines. The status indicator is yellow and shows either:
not configured: some ip|engines refuse the new configuration,

not updated: some ip|engines have received the new configuration, but refused it.
ip|boss systematically sends a complete configuration file to the ip|engines of the Domain.
6. 3. 2. Transition
In the ip|engines reconfiguration phase, some ip|engines must measure, control and compress
on the basis of different configurations. In addition, as an SNMP agent must take the new
configuration into account (after Update), it may receive measurement results for the previous
configuration. Different problems can arise:
an application dictionary entry is suppressed,

a TOS dictionary entry is suppressed,
an ip|engine directory entry is suppressed,
a subnet directory entry is suppressed.
For suppressed dictionary entries, reports on the previous configuration (i.e. with old aggregate
application or TOS values) are automatically classified in other by ip|boss. There is no retroactive
effect on measurement data that may have been saved in ip|reporter.
For suppressed subnet directory entries, reports on the previous configuration (i.e. with old subnet
values) are automatically rejected by ip|boss.
For suppressed ip|engine directory entries, reports on the previous configuration (i.e. with old
ip|engine values) are automatically rejected by ip|boss.
For suppressed ip|engine directory entries, the ip|engines that have disappeared are stopped.
However, the stop signal may not reach the ip|engines concerned after 10 attempts spaced out
over the recovery interval configured in the system, the stop operation is abandoned by the
manager and the user is informed.
6-6
March 2012
6. 4. SERVICE ACTIVATION
6. 4. 1. ip|true (measurement)
Operating procedure table: ip|engines Enabled, ip|engines Disabled
Stopping ip|true will stop all other functions of the system (ip|fast, ip|xcomp, ip|coop,
ip|xtcp, ip|xapp, smart|path, smart|plan). Refer to the section Stopping a session.
The measurement mechanisms are designed to measure precisely all flows crossing the
ip|engines and to provide comprehensive metrics (volume and quality).
ip|true is enabled, if:
Administrative stare: enable is checked in the ip|engines creation window (Services frame):
ip|engine creation window, Services frame

(The display window shows a green tip in front of the line:)
ip|engines display window
ip|engines are enabled in the Service activation window

session):
March 2012
(refer to the section Starting a
6-7
Ipanema System
Service activation window
6-8
March 2012
Modifying quality (AQS) measurement settings

Depending on the results obtained, you can modify some settings. To access the options, refer to
the table Dynamically modifying a session. The settings you may need to modify are:
Applications
User Subnets
QoS profiles
Metaviews
Application Groups
Reports
TOS
March 2012
6-9
Ipanema System
6. 4. 2. ip|fast (QoS & control)

Operating procedure table: QoS & control Enabled, QoS & control Disabled
The QoS & control mechanisms are designed to find the best compromises to reach QoS objectives
and take express customer requirements into account:
QoS objectives are expressed in terms of "physical" constraints (delay, jitter, loss rate, etc.),
customer policies are expressed in terms of classes, defining relative traffic criticality.
ip|fast is enabled, if:
ip|fast is enabled in the license file,

ip|fast is checked in the ip|engines creation window ( Services frame):

(The ip|engines display window shows yes in the optimization column:)
the Application Groups have been configured,

not mandatory, the Coloring offered by the operator has been configured (only for a network
with Classes of Service),
ip|engines have been started (Service activation window, ip|engines: on),
QoS & control is activated in the Service activation window:
6-10
ip|fast: on:
March 2012

At this stage, QoS & control is performed according to the specified QoS objectives.
March 2012
6-11
Ipanema System
Modifying QoS & control settings

Depending on the results obtained, you can modify some settings. To access the dictionaries, see
the table Dynamically modifying a session. The settings you may need to modify are:
6-12
Applications
User Subnets
QoS profiles
LTL
Application Groups
Coloring
TOS
WAN access
March 2012
6. 4. 3. ip|coop (virtual cooperation)

Operating procedure table: cooperation Enabled, cooperation Disabled
The cooperation mechanisms are designed to control the traffic to a site which is not equipped
with an ip|engine as efficiently as possible. To achieve this, a remote coordination group (RCG),
that contains the main sources of traffic to that site, is automatically and dynamically configured by
ip|boss; the RCG can contain up to 8 ip|engines. Each tele|engine has its own RCG.
ip|coop is enabled, if:
ip|coop is enabled in the license file,

ip|fast is checked in the ip|engines creation window ( Services frame):

(The ip|engines display window shows yes in the optimization column:)
If ip|fast is not checked for a tele|engine, the traffic on that site will be controlled
anyway (as long as ip|fast is enabled globally), as it is the remote ip|engines which
actually do it, but without ip|coop (that is, without the remote ip|engines cooperating
to control the site with the tele|engines).

QoS & control has been started (Service activation window, ip|fast: on),
ip|coop is activated in the Service activation window:
March 2012
ip|coop: on.
6-13
Ipanema System
If ip|coop is not enabled, tele|engines will still measure and control the traffic, with the
following restrictions:
measurement: the traffic will be measured and reported exactly the same,
control: the traffic will be controlled with no Remote Coordination Group, each
ip|engine managing the flows to and from the unequipped sites (tele|engines) on
its own, without coordination with the other ip|engines communicating with this site.
Modifying virtual cooperation settings

There are no settings that are specific to ip|coop (table Modifying a session dynamically).
6-14
March 2012
6. 4. 4. ip|xcomp (redundancy elimination)

Operating procedure table: compression Enabled, compression Disabled
The redundancy elimination mechanisms are designed to use as much bandwidth as possible, but
still taking the QoS & control parameters into account.
ip|xcomp is enabled, if:
ip|xcomp is enabled in the license file,

ip|xcomp compress and/or ip|xcomp decompress is/are checked in the ip|engines window
(Services frame ip|fast must be checked first):

(The ip|engines display window shows yes in the compress and/or decompress columns:)
the Application Groups have been configured (Compress must be checked),
Application Group creation window

compression is activated in the
March 2012
Service activation window: ip|xcomp: on:
6-15
Ipanema System

At this stage, compression is performed according to the Application Group set up.
Modifying redundancy elimination settings
Depending on the results obtained, you can modify some settings. To access the dictionaries, see
the table Modifying a session dynamically. The settings you may need to modify are:
ip|engines
6-16
Application Groups
March 2012
6. 4. 5. ip|xtcp (TCP acceleration)

Operating procedure table: TCP acceleration Enabled, TCP acceleration Disabled
The TCP acceleration mechanisms are designed to accelerate the traffic between sites with a high
RTT and/or a high available bandwidth.
ip|xtcp is enabled, if:
ip|xtcp is enabled in the license file,

ip|xtcp is checked in the ip|engines creation window (Services frame ip|fast must be
checked first):
the Application Groups have been configured (Accelerate must be checked):
Application Group creation window

TCP acceleration is activated in the Service activation window:
ip|xtcp: on:
March 2012
6-17
Ipanema System
Modifying acceleration settings

Depending on the results obtained, you can modify some settings. To access to the dictionaries,
see the table Modifying a session dynamically. The setting you may need to modify is:
ip|engines
6-18
Application Groups
March 2012
6. 4. 6. ip|xapp (CIFS acceleration)

Operating procedure table: CIFS acceleration Enabled, CIFS acceleration Disabled
The CIFS acceleration mechanisms are designed to accelerate CIFS traffic between sites with a
high RTT and/or a high available bandwidth.
ip|xapp is enabled, if:
ip|xapp is enabled in the license file,

ip|xapp is checked in the ip|engines creation window (Services frame ip|fast must be
checked first):

CIFS acceleration is activated in the Service activation window:
ip|xapp: on:

Modifying acceleration settings
Depending on the results obtained, you can modify some settings. To access to the dictionaries,
see the table Modifying a session dynamically. The setting you may need to modify is:
ip|engines
March 2012
6-19
Ipanema System
6. 4. 7. smart|plan
Operating procedure table: Smart Planning Enabled, Smart Planning Disabled
Ipanema Technologies Smart planning reports provide easy-to-use data for Capacity Planning
optimization. Smartplanning generates very high added value data enabling a complete analysis
for each network access of the relationship between Traffic (resource) and delivered service
level (results). Using this automatically generated data, it is immediately possible to identify if the
access link is under-provisioned or over-provisioned in regard of the expected service level per
applications business criticality.
smart|plan is enabled, if:
smart|plan is enabled in the license file,

smart|plan is checked in the ip|engines creation window (Services frame ip|fast must be
checked first):

smart|plan is activated in the Service activation window:
smart|plan: on:
6-20
March 2012
6. 5. HELPDESK
6. 5. 1. Link supervision
Operating procedure table: ip|true service, ip|fast service, ip|xcomp service, ip|coop service,
ip|xtcp service, ip|xapp service.
In the Helpdesk Toolbar, select
Link supervision.
The Link supervision window is displayed:
Link supervision window

a table, with each sites link shown on a separate line,

the following buttons:
: to consult information on the selected sites link (highlighted) in a pop up window,
: to open the real time monitored flows list for the selected sites link (highlighted),
in both directions, in a new tab,
: to open the real time monitored flows list for the selected sites ingress link
(highlighted), in a new tab,
: to open the real time monitored flows list for the selected sites egress link
(highlighted), in a new tab,
: to switch between average and worst AQS (color) in the Usage bars,
: to show the ingress traffic (Use classes) on the link,
: to show the egress traffic (Use classes) on the link
: to export in a text file the list of sites links,
: to show the help.

,
March 2012
and
: refer to Analyzing Real-Time monitored flows below.
6-21
Ipanema System
Table columns description (the order is the default one; it can be changed using the Display menu):
Link
if only one WAN access is declared on the ip|engine monitoring the link,
the name of the Link is the name of the ip|engine
if several WAN accesses are declared, the name of the Link is the
association of the name of the ip|engine with the identifier of the link
(NAP Id)
Ingress WAN Access
maximum ingress throughput allocated at the WAN interface of the CPE

(in kbps), as defined in the WAN access Ingress (LAN to WAN) max
Bandwidth field
Ingress Usage
percentage of used ingress bandwidth during the last minute; the color of
the bar indicates the quality (AQS, see below): green = good, yellow =
average, red = bad, grey = not computed
Ingress AQS
Application Quality Score of the ingress link: notation (over 10 points),

calculated as an average balance on the color volume percentage, each
color being weighted differently:
Green: 10 points
Yellow: 5 points
Red: 0 point
The AQS can take any value in between 0 and 10 (e.g. 9.87), and can be
interpreted like this:
This is only a typical interpretation of the AQS with typical

parameters it may vary according to the users sensibility and
according to the QoS profile parameters.
100 is a reserved value used when the AQS cannot be computed.
The quality of a flow cannot be computed when ALL three following
conditions are met:
6-22
it is a real time flow (the bandwidth is not a criteria) or the bandwidth

objective of the flow is not met (the quality is measured thanks to the
other parameters),
the flow is not qualified (D/J/L cannot be measured),
the flow runs over UDP (RTT, TCP retransmission and SRT cannot be
measured either) or those parameters are not activated in the QoS profile.
Egress WAN Access
maximum egress throughput allocated at the WAN interface of the CPE

(in kbps), as defined in the WAN access Egress (WAN to LAN) max
Bandwidth field
Egress Usage
percentage of used egress bandwidth during the last minute; the color of
the bar indicates the quality (AQS, see below): green = good, yellow =
average, red = bad, grey = not computed
Egress AQS
Application Quality Score of the egress link (AQS definition: see Ingress
AQS above)
March 2012
Columns that can be added through the Display / Choose column menu:
ip|engine
name of the ip|engine monitoring the link
napId
Network Access Point identifier: when only one WAN access is declared on
a Site, it will always be 1; when several WAN accesses are declared (up to
three), the napId identifies them (the value, 1, 2 or 3, corresponds to WAN
access 1, WAN access 2 and WAN access 3 respectively, as declared
in the ip|engine creation window)
Ingress Usage Max
maximum percentage of used ingress bandwidth since ip|boss was last

started
Egress Usage Max
maximum percentage of used egress bandwidth since ip|boss was last

started
March 2012
6-23
Ipanema System
6. 5. 2. Real-Time flows
During a session, the operator can analyze real-time flows (controlled or not), via the Helpdesk
Toolbar,
Real-time.
This feature is very similar to ip|dashboard Real Time Flows frame in the <Site>
window (described in 8.3.3).
6. 5. 2. 1. Analyzing Real-Time monitored flows

Operating procedure table: ip|true service, ip|fast service, ip|xcomp service, ip|coop service,
Real-time.
The Real-time monitored flows window is displayed:
Real-time monitored flows window

a table, with each active flow shown on a separate line. A flow becomes active and is shown in
the window as soon as a packet belonging to it is detected during the session,
the following buttons:
(Graph): to get information on the selected flow (highlighted) in graph form,
(Freeze) /
(Unfreeze): to freeze / unfreeze the view (it is dynamically refreshed
every minute by default),
(Show historical flows) /

(Show current flows): to show all the flows (active
and past) / to show the active flows only (last minute of traffic or last 5 or 15 minutes
of traffic, according to the selected collect period see the Domains parameters in
ip|uniboss),
Showing the historical flows on large networks (e.g. with tens of thousands
of simultaneous flows), if ip|boss server has been running for a long time
(without any reboot), can severely impact the servers performances.
6-24
(Export): to export in a text file the list of flows,
March 2012
(Previous page): to go to the previous page.
(Next page): to go to the next page.
(Help): to show the help.
The color of the first column indicates the quality (AQS, see below): yellow = average, red = bad.
The parameter (delay, jitter, loss, etc.) that triggered an average or a bad quality is also highlighted
with the same color, so that one can easyly find which parameters objective was not met (yellow)
or which parameters maximum was exceeded (red).
Table columns description (the order is the default one; it can be changed using the Display menu):
The same metrics are used in the reports, with the same definitions. Yet, in the
reports, other metrics and symbols are also used: you can find their definitions in 8.3.5
Definitions.
Last updated
UTC date for the most recently monitored packet
Ingress
name of the ip|engine upstream of the flow
Egress
name of the ip|engine downstream of the flow
Source
source subnet name (according to the User Subnet directory)
Destination
destination subnet name (according to the User Subnet directory)
Application
application name
TOS/CP
TOS name
Application Group
Application Group in which the flow is classified
Criticality
criticality level for the flow
Compression
compression state of the flow
March 2012
6-25
Ipanema System
AQS
Application Quality Score of the flow: notation (over 10 points), calculated

as an average balance on the color volume percentage, each color being
weighted differently:
Green: 10 points
Yellow: 5 points
Red: 0 point
The AQS can take any value in between 0 and 10 (e.g. 9.87), and can be
interpreted like this:
This is only a typical interpretation of the AQS with typical

parameters it may vary according to the users sensibility and
according to the QoS profile parameters.
The quality of a flow cannot be computed when ALL three following
conditions are met:
it is a real time flow (the bandwidth is not a criteria) or the bandwidth

objective of the flow is not met (the quality is measured thanks to the
other parameters),
the flow runs over UDP (RTT, TCP retransmission and SRT cannot be
measured either) or those parameters are not activated in the QoS profile.
LAN Throughput
level 3 flow, all IP packets (in kbps) sent on upstream side (measured on
the LAN port of the source ip|engine)
LAN Goodput
level 4 flow, measure of effective transmitted throughput (in kbps)

received on the downstream side (payload of the TCP and UDP packets;
retransmitted, out of sequence and lost packets are not counted)
LAN Packet loss
rate of instantaneous loss (in %) (measured between the LAN port of the
source ip|engine and the LAN port of the destination ip|engine)
LAN Min delay
minimum LAN-to-LAN transit time (in ms)
LAN Avg delay
average LAN-to-LAN transit time (in ms)
LAN Max delay
maximum LAN-to-LAN transit time (in ms)

the LAN delay (= LAN-to-LAN transit time) is the transit time (in ms)
measured between the LAN port of the source ip|engine and the LAN
port of the destination ip|engine.
LAN Jitter
6-26
delay variation (in ms) (measured between the LAN port of the source
ip|engine and the LAN port of the destination ip|engine)
March 2012
LAN Sessions
number of sessions, represented by the averaged activity for the duration

of the Correlation Record (by default: T = 1 minute).
For example, 2 sessions running during T plus 3 sessions running during
half this period of time will give 3.5 sessions (2 x 1 + 3 x 0.5).
A session is identified by the following parameters:
for TCP or UDP: source address, destination address, protocol (TCP or

UDP), source port and destination port.
for others protocols over IP (for example ICMP): source address,
destination address, protocol.
WAN Throughput
level 3 flow, all IP packets (in kbps) sent on upstream side (measured on
the WAN port of the source ip|engine)
WAN Packet loss
rate of instantaneous loss (in %) (measured between the WAN port of the
source ip|engine and the WAN port of the destination ip|engine)
WAN Min delay
minimum WAN-to-WAN transit time (in ms)
WAN Avg delay
average WAN-to-WAN transit time (in ms)
WAN Max delay
maximum WAN-to-WAN transit time (in ms)

the WAN delay (= WAN-to-WAN transit time) is the transit time (in ms)
measured between the WAN port of the source ip|engine and the WAN
port of the destination ip|engine
WAN Jitter
delay variation (in ms) (measured between the WAN port of the source
ip|engine and the WAN port of the destination ip|engine)
Accuracy
precision of the current measure: high (synchronized), low (not

synchronized),
Alarm
this field indicates, when at yes, the presence of an alarm on the upstream
ip|engine. Check its status for further information. In case of alarm, the
correlation records are ignored.
This table is refreshed about every minute (according to the
ip|engine collect period option) if it is not frozen.
SRT Min
shortest Server Response Time
SRT Avg
average Server Response Time
SRT Max
longest Server Response Time

the Server Response Time measures the delay (in ms) between the last
packet sent by the client (PSH) and the acknowledgement to the first
packet received from the server (ACK) both measured from the client to
the server and reported to ip|boss by the ip|engine located on the client
side; the latter must see the two ways of the TCP connection
RTT Min
fastest Round Trip Time
RTT Avg
average Round Trip Time
RTT Max
longest Round Trip Time
March 2012
6-27
Ipanema System
the Round Trip Time is the time of establishment of a TCP connection

(3way handshake: SYN, SYN+ACK, ACK): it measures the delay (in ms)
between the SYN and the ACK both measured from the client to the
server and reported to ip|boss by the ip|engine located on the client side;
the latter must see the two ways of the TCP connection
TCP Retransmission
6-28
number of TCP retransmissions
March 2012
6. 5. 2. 2. Graph Statistics Real-time

Select one flow in the real time window and click the
and is refreshed regularly (every 10 seconds).
icon, a new empty graph is displayed
The graph window contains four tabs, and each tab is made of 4 graphs, displayed simultaneously:
Tab
Graphs
Additional information
LAN
Delay (ms)
max (red), avg (blue), min (green)
Jitter (ms)
Packet loss (%)
Throughput (kbps)
layer 3 (blue), layer 4 (green)
Delay (ms)
Jitter (ms)
Packet loss (%)
Throughput (kbps)
Avg. delay (ms)
LAN (blue), WAN (orange)
Avg. sessions
Packet loss (%)
Throughput (kbps)
SRT (ms)
RTT (ms)
Retransmission
Throughput (kbps)
layer 3 (blue), layer 4 (green)
WAN
LAN/WAN
TCP
March 2012
6-29
Ipanema System
Example of tab
In case of control and/or compression, the differences between LAN and WAN values
might be very different.
Not all graphs are displayed for a tele|engine.
If the upstream or downstream ip|engine is not synchronized, the delay, jitter and packet
loss are not displayed.
6-30
March 2012
6. 5. 3. Discovery
This feature is very similar to ip|dashboard Discovery frame in the <Site> window,
described in 8.3.3).
Discovery.
The indicator light Discovery becomes yellow in the Main window when the Discovery is started.
The discovery function consists in creating one discovery agent for one ip|engine (one agent
maximum per ip|engine). According to the configuration rules this discovery agent will send to
ip|boss:
number of ingress packets,

number of ingress bytes,
number of ingress sessions,
number of egress packets,
number of egress bytes,
number of egress sessions,
Total percentage per throughput, packets or sessions.
detailed by:
source network address (local),

destination network address (remote),
application.
Discovery window
In addition to the other windows, some extra buttons allow to:
: start the selected discovery agent on the ip|engine,
March 2012
6-31
Ipanema System
: stop the selected discovery agent on the ip|engine,
6-32
March 2012
6. 5. 3. 1. Discovery agent creation

, the creation window of Discovery agent is displayed.
Discovery agent creation window

The window contains an input zone with these fields:
ip|engine : selects the ip|engine (site) on which the Discovery agent will be running,
Name : name of the Discovery agent (not mandatory),
Network filter: a set of parameters in order to filter the information sent by the Discovery agent:
Local : radio button (according to the choice, the following fields will be enabled),
user subnet: to select a user subnet declared in the configuration,
prefix/length: to specify a subnet address not in the configuration file (for
example a host),
Name: selects in the drop-down list the user subnet in the configuration,
prefix: enter the subnet X.X.X.X,
length: subnet mask associated to the prefix (integer between 0 and 32),
out of local config.: check box; if checked, allows to display the traffic which does not
belong to the local configuration only (e.g. in transit, locally rerouted, etc.), that is, which
is not measured by the ip|engine (nor reported, except in volume in the report SA Site throughput); if the box is unchecked, all the traffic that crosses the ip|engine is
displayed,
Remote: radio button (according to the choice, the following field will be enabled),
ip|engine: to select a destination ip|engine,
user subnet: to select a destination user subnet declared in the configuration,
prefix/length: to specify a user subnet address not in the configuration file (for
example a host),
Name: selects in the drop-down list the ip|engine or user subnet in the configuration,
prefix: enter the subnet X.X.X.X,
length: subnet mask associated to the prefix (integer between 0 and 32),
March 2012
6-33
Ipanema System
Application filter: a set of parameters in order to filter the information sent by the Discovery
agent in terms of applications:
Type: radio button (function of the choice, the following field will be enable):
Name: to select an application declared in the configuration,
Protocol/ports: to specify a port number or a range over the protocol TCP or
UDP.
Name: selects in the drop-down list the application in the configuration,
Protocol/ports: enter the protocol and port number or range with the following format
UDP/456, UDP/456789, TCP/456 or TCP/456789 (the port can be Out of config),
Out of config: check box, allows to discover the port number classified in other for the
application.
6-34
March 2012
6. 5. 3. 2. Using Discovery agents

Discovery.
Discovery window
In the Discovery agents zone, to start an agent, select the line(s) in the list and click on the Start
button
. The status indicator (on the left of the selected line(s)) becomes green.
In the Results zone, the results of the selected and started agent(s) are displayed.
The following command buttons allow to:
(Consult): consult the selected result line in a new window,
(Print): print the Results zone,
(Export): export the Results zone to a text file,
(Freeze/Unfreeze): freeze the Results zone (the new result coming from the ip|engine are
not updated),
(Refresh): refresh the Results zone (send a request to the ip|engine),
According to the display parameters selected in the bottom of the Results zone:
Local: source subnets

hide: the source IP addresses are not displayed (all IP addresses will be merged),
show: the source IP addresses are displayed,
Remote: destination subnets

hide: the destination IP addresses are not displayed (all IP addresses will be merged),
show: the destination IP addresses are displayed,
Application: applications
hide: the detailed applications are not displayed (all applications will be merged) ,
show: the detailed applications are displayed,
March 2012
6-35
Ipanema System
Direction: sort the traffic by direction (ingress or egress) on the ip|engine where the discovery
agent is running:
Ingress: ingress traffic (LAN -> WAN),
Egress: egress traffic (WAN -> LAN),
Sorted by: this parameter defines the sort criteria for the Top N results:
Throughput: Top N by maximum throughput usage,
packets: Top N by maximum packets number,
sessions : Top N by maximum sessions number,
Top : this parameter defines the maximum number of entries to display in the results zone:
20,
50,
100,
Period: refresh period:

10 seconds,
1 minute,
5 minutes.
The Discovery function displays the following results (the counter are cleared at each start of the
agent):
Local: local network subnet,

Remote: remote network subnet,
Application: application, with the following format:
Example
Meaning
Recognized by
When
HTTP (http)
application according to ip|boss

dictionary (application according to the
syntax engine dictionary)
syntax engine
on the
session start
(handshake)
HTTP (tcp)

dictionary (layer 4 protocol)
declared or
well-known port
on the
session start
(handshake)
IMAP
(established)

dictionary (established)
declared or
well-known port
after the session

start
TCP/0-19999
TCP/19999-0
TCP (or UDP) / 0 - remote server port

TCP (or UDP) / local server port - 0
Note: if the handshake is missed, the
direction of the flow is unknown and the
reported port may be the clients.
not recognized
The order of recognition is the following:

1. declared port,
2. syntax engine,
3. well-known port (RFC 1700).
Ingress packets: number of ingress packets sent (LAN to WAN),

Ingress bytes: number of ingress bytes sent (LAN to WAN),
Ingress sessions: number of ingress sessions opened (LAN to WAN),
Egress packets: number of egress packets received (WAN to LAN),
Egress bytes: number of egress packets received (WAN to LAN),
Egress sessions: number of egress sessions opened (WAN to LAN),
% : percentage of traffic (according to the parameter Sorted by).
The indicator light Discovery becomes yellow in the Main window when a Discovery
is running, to remind you not to let agents running for ever (they generate traffic).
6-36
March 2012
6. 5. 4. Helpdesk maps
Topology map,
Applicative map or
VoIP map.
The corresponding Map window is displayed.
Map example
The maps show in a glance the behavior of the whole network. These graphical views use squares
with:
a size depending on the throughput,

a color code depending on the quality of the flows: from Red (very bad quality) to Green (very
good quality) (the Application Quality Score is calculated from weighted colors: Red = 0, Orange
= 5, Green = 10). When the quality cannot be computed, the color is Grey (refer to the AQS
description in 6.5.1.1. above).
They are divided in main blocks and sub-blocks inside. Those blocks depend on the type of map
(see below) and level of zoom.
By moving the mouse on the square, a contextual text shows the description of the blocks:
description of the main block (for example: Ingress site),

description of the sub-block (for example: Egress site),
Total throughput of the sub-block (in kbps),
AQS (Application Quality Score) of the sub-block.
This window contains the map itself plus the following buttons and check boxes:
: no access,
: to export in a text file the list of the flows,
March 2012
6-37
Ipanema System
: to get the list of flows corresponding to the square area in the real time window,
: to show the label on top of the squares,
: to switch between average and worst AQS (color) for a square,
: to switch between ingress and egress traffic.

Group by Report Key: to group the flows by report key,
: to show a contextual help.
The zoom in, zoom out and reset zoom functions are made by using the right button
of the mouse on ip|boss Java Client
Three types of maps are available in the system:
Topology map: to show the behavior with a topology point of view (sites, sites to sites),
Applicative map: to show the behavior with a criticality, Application Group point of view,
VoIP map: to show the behavior of the Voice over IP.

These maps can be used in a large screen on the supervision system.
6. 5. 4. 1. Topology Map
By clicking on
Topology map, the Topology map is displayed.
Zoom levels:
Top level: at the first level, the map displays the full traffic with a main block per source (ingress)
ip|engine and a sub-block per destination (egress) ip|engine.
Zoom in level 1: by zooming in a Site block, you can see a sub-block per Application Group
from site to site.
Zoom in level 2: by zooming in an Application Group block, you can see a sub-block from
site to site by Application Group.
6. 5. 4. 2. Applicative Map
By clicking on
Applicative map, the Applicative map is displayed.
Zoom levels:
6-38
Top level: at the first level, the map displays the full traffic with a main block per criticality and
a sub-block per Application Group.
Zoom in level 1: by zooming in a criticality block, you can see a sub-block for all Application
Groups in the selected criticality level and the ingress site for each Application Group.
March 2012
Zoom in level 2: by zooming in an Application Group block, you can see a sub-block for all
ingress sites in the selected Application Group, and the egress sites for each ingress site.
Zoom in level 3: by zooming in a Site block, you can see a sub-block for the selected
Application Group between ingress site and egress site.
6. 5. 4. 3. VoIP Map
By clicking on
VoIP map, the VoIP map is displayed.
Unlike the other maps, the VoIP map does not show the AQS, but the MOS (mean opinion score)
of the voice calls.
MOS Definition
Zoom levels:
Top level: at the first level, the map displays the full traffic with a main block per source (ingress)
ip|engine and a sub-block per destination (egress).
Zoom in level 1: by zooming in a Site block, you can see a sub-block from site to site, and
per Codec for each site.
Zoom in level 2: by zooming in a Codec block, you can see a sub-block from site to site by
Codec.
March 2012
6-39
Ipanema System
6. 6. HELP
Help:
The Help window is displayed.
Help window
This window contains the documentation of Ipanema System.
6-40
March 2012
CHAPTER 7. NETWORK VIEW

(IP|DASHBOARD)
This chapter describes ip|dashboard capabilities.
a web GUI on a Windows XP workstation.
7. 1. CONNECTION TO IP|DASHBOARD
To connect to ip|dashboard from the SALSA web client, first select the Domain you want to
connect to, then click on the ip|dashboard button:
SALSA web client
March 2012
7-1
Ipanema System
ip|dashboard main window then opens:
ip|dashboard main window
7-2
March 2012
NETWORK VIEW (ip|dashboard)
7. 2. PRESENTATION OF IP|DASHBOARD GUI

7. 2. 1. ip|dashboard windows and menus
ip|dashboard window is made of three parts: the top bar, the menu and windows titles bar and the
main space:
ip|dashboard main window
1. The top bar shows:
the Ipanema logo,

the User who is logged in (Connected as),
the Domain where the User is connected to (Domain)
and a Quit button.
2. The menu and windows titles bar shows:

one main menu: Dashboard (other menus will be added in future releases of the
product)
and several windows titles:
<Domain> (called by the name of the Domain: France in the example above;
it is always displayed): allows to see the information at the Domain level;
Sites (always displayed): shows the list of Sites with their links usage and quality,
Application Group by Application Group;
<Site> (only displayed when the User clicks on a Site in one of the previous
windows): allows to see more details for the selected Site; several <Site>
windows can be open simultaneously no one is open when the User first
connects. Unlike the two previous windows, a <Site> window can be closed by
clicking on the cross next to its name: .
The active window appears with its title in blue.
Example with two Sites windows open (.Mumbai and .Paris) on Domain ABCD,
where .Mumbai is the active window:
Example of menu and windows titles bar with two Sites windows open
March 2012
7-3
Ipanema System
3. The main space shows different network views, according to the selected window. You can
open a window by clicking on its title in the menu and windows titles bar (for a <Site> window,
it must have been opened first by clicking on a Site in the <Domain> or in the Sites window).
The <Domain> window contains three frames:
<Domain> - Overview
<Domain> - Quality Summary
<Domain> - Activity Summary
The Sites window contains only one frame:
Sites
A <Site> window contains six frames:
<Site> - Overview
<Site> - Quality Summary
<Site> - Activity Summary
<Site> - Throughput Summary per NAP
<Site> - Real Time Flows
<Site> - Discovery
The frames can be expanded or collapsed by clicking of the frame headers.
Example of a Domain window with its three frames collapsed

ip|dashboard version is displayed at the bottom of the window.
7-4
March 2012
7. 2. 2. Reading ip|dashboard contents

ip|dashboard displays bar graphs, historical graphs, pie charts and tables.
The exact values of the various curves, fields, etc., can be read precisely:
Bar graphs and pie charts

You can read the exact values on a bar graph or on a pie chart, by hovering your mouse on them.
On small pop-up then appears with the name on the field and its value:
Reading graphs and pies exact values
March 2012
7-5
Ipanema System
Historical graphs
You can read the exact values on historical graphs by hovering your mouse over them. A vertical
bar then appears on the graph, with a small pop-up indicating the exact time and the exact values
of each curve at this time; the same vertical bar and pop-up also appear in the other historical
graphs of the window, thus allowing a synchronized navigation and reading of all graphs:
Reading various historical graphs exact values at the same time
7-6
March 2012
7. 2. 3. Access to the reports

From the <Domain> and <Site> windows, one can access the corresponding reports thanks to the
reports icon
at the top right of the main space.
To see what kind of reports can be accessed, hover your mouse on the icon; for example in a
<Site> window:
To access the reports, click on the icon to display the reports list; for example in the <Domain>
window:
March 2012
7-7
Ipanema System
7. 3. USING IP|DASHBOARD
7. 3. 1. Domains view
The <Domain> window gives access to the following information:
<Domain> - Overview
<Domain> - Overview frame

This frame shows six fields with the following information:
Domain name (static field): name of the Domain where the User is connected to (same
information as in the top bar).
Sites (static field): number of Sites declared on the Domain.
Application Groups (static field): number of Application Groups configured on the
Domain.
Domain AQS (dynamic field): global Average Quality Score on the Domain, displayed
both as a number (between 0 and 10 with two decimals) and as a colored bar graph
(e.g. large and green when the AQS is close to 10, medium and amber when the AQS is
close to 5, small and red when the AQS is close to 0 but it can take any color between
green and red).
Domain Global Throughput (dynamic field): global throughput on the Domain, in kbps,
Mbps or Gbps, displayed both as a number and as a bar representing the utilization rate
of the total available bandwidth.
Domain active flows (dynamic field): total number of flows on the Domain during the last
period of traffic.
The dynamic fields are automatically refreshed every minute (or every 5 or 15 minutes,
according to the collect period see the Domains parameters in ip|uniboss).
7-8
<Domain> - Quality Summary
March 2012
<Domain> - Quality Summary frame

This frame shows four graphs with the following information:
Sites by AQS
This bar graph shows the Top 10 Sites (i.e. the 10 Sites with the best quality)
sorted by decreasing quality (the best Site of the Domain is displayed in the first
bar on the left), with their AQS values displayed both as a number (between 0
and 10 with two decimals) and as a colored bar (the height of the bar indicates
the value on the vertical axis and the color can take any hue between green
(AQS = 10) and red (AQS = 0)).
By clicking on Worst 10 at the top of the bar graph, the 10 worst Sites are
displayed, sorted by increasing quality (the worst Site of the Domain is displayed
in the first bar on the left), with their AQS values.
By clicking on a bar, a new window opens and shows detailed information for the selected
Site.
Site Overview
This pie chart shows the number of Sites (and the percentage of the total that they
represent):
with an AQS higher or equal to 9 (in green),

with an AQS between 6 and 9 (in yellow),
with an AQS lower than 6 (in red),
where the AQS could not be computed (none, in grey).
Application Groups by AQS

This bar graph shows the Top 10 Application Groups (i.e. the 10 Application
Groups with the best quality) sorted by decreasing quality (the best Application
Group of the Domain is displayed in the first bar on the left), with their AQS
values displayed both as a number (between 0 and 10 with two decimals) and
as a colored bar (the height of the bar indicates the value on the vertical axis and
the color can take any hue between green (AQS = 10) and red (AQS = 0)).
March 2012
7-9
Ipanema System
By clicking on Worst 10 at the top of the bar graph, the 10 worst Application
Groups are displayed, sorted by increasing quality (the worst Application Group
of the Domain is displayed in the first bar on the left), with their AQS values.
Last 3h AQS
This historical graph shows the evolution of the AQS for all flows (the label at
the top of the graph reads All Criticalities) on the Domain during the last three
hours, with one value every minute (or every 5 or 15 minutes, according to the
collect period see the Domains parameters in ip|uniboss).
By clicking on Top/High Criticalities at the top of the graph, it shows the
evolution of the AQS for the critical flows only, during the last three hours.
<Domain> - Activity Summary
<Domain> - Activity Summary frame

This frame shows two graphs with the following information:
Top by volume
This pie chart shows:
the top 10 Application Groups in volume (by clicking Top 10 Application Groups
at the top of the graph; this is the default view),
the top 10 Sites in volume of outgoing traffic (by clicking Top 10 Sites (LAN =>
WAN) at the top of the graph),
the top 10 Sites in volume of incoming traffic (by clicking Top 10 Sites (WAN =>
LAN) at the top of the graph),
with their names and volumes.
Last 3h Throughput Per Criticality

This historical graph shows the evolution of the throughput for all flows, by
criticality level (one curve for Top, one curve for High, one curve for Medium
and one curve for Low).
By clicking on Top, High, Medium or Low in the legend, one can hide the
corresponding curve(s).
7-10
March 2012
7. 3. 2. Sites view
The Sites window gives access to the following information:
Sites
Sites window
This unique frame in the window shows, for all Sites of the Domain, the following information:
Site: name of the Site; by clicking on that name, a new window opens with more details
on the selected Site.
The Sites links usage and quality with, for each direction (LAN => WAN and WAN =>
LAN), the following fields:
link size: WAN access throughput, as declared in ip|boss (max B/W),
link usage: usage of the link, displayed both as a percentage of the link size and
as a bar, the size of which is proportional to the usage,
AQS: quality of the link, displayed both as an AQS value (between 0 and 10) and
as a color (between green (AQS = 10) and red (AQS = 0)).
The Sites Application Groups volume and quality, sorted by Criticality levels (Top, High,
Medium, Low), with each square color representing the quality of the corresponding
Application Group (in the same column) for the corresponding link (on the same line); it
can take any hue between green (AQS = 10) and red (AQS = 0).
you can read the exact values by hovering your mouse on the squares;
clicking on a square opens a new window for the corresponding Site, where it
filters the flows in the Sites Real Time Flows list (see below) according to the
selected Application Group: thanks to this features, you can immediately access
the details of any Application Group for any Site.
This window is automatically refreshed every minute (or every 5 or 15 minutes, according to the
collect period see the Domains parameters in ip|uniboss).
March 2012
7-11
Ipanema System
7. 3. 3. Single Site view

A <Site> window can be opened for any Site by clicking on its name in the previous windows
(<Domain> or Sites). It gives access to the following information:
<Site> - Overview
<Domain> - Overview frame

This frame shows eight fields with the following information:
Name (static field): name of the selected Site (also indicated in the menu and windows
titles bar, in blue).
ip|engine (static field).
NAP (static field): number of Network Access Points on the Site.
Subnets (static field): number of Topology subnets declared on the Site.
AQS (dynamic field): global Average Quality Score on the Site, displayed both as a
number (between 0 and 10 with two decimals) and as a colored bar graph (e.g. large
and green when the AQS is close to 10, medium and amber when the AQS is close to
5, small and red when the AQS is close to 0 but it can take any color between green
and red).
LAN => WAN (dynamic field): outgoing throughput on the Site, in kbps, Mbps or
Gbps (according to the most suitable unit), displayed both as a number and as a bar
representing the utilization rate of the available ingress bandwidth.
LAN <= WAN (dynamic field): incoming throughput on the Site, in kbps, Mbps or
Gbps (according to the most suitable unit), displayed both as a number and as a bar
representing the utilization rate of the available egress bandwidth.
Active Flows (dynamic field): total number of flows on the Site during the last period of
traffic.
The dynamic fields are automatically refreshed every minute (or every 5 or 15 minutes,
according to the collect period see the Domains parameters in ip|uniboss).
<Site> - Quality Summary
<Site> - Quality Summary frame
7-12
March 2012
This frame shows two graphs with the following information:
Application Groups by AQS

This bar graph shows the Top 10 Application Groups (i.e. the 10 Application
Groups with the best quality) sorted by decreasing quality (the best Application
Group of the Site is displayed in the first bar on the left), with their AQS values
displayed both as a number (between 0 and 10 with two decimals) and as a
colored bar (the height of the bar indicates the value on the vertical axis and its
color can take any hue between green (AQS = 10) and red (AQS = 0)).
By clicking on Worst 10 at the top of the bar graph, the 10 worst Application
Groups are displayed, sorted by increasing quality (the worst Application Group
of the Site is displayed in the first bar on the left), with their AQS values.
Last 3h AQS
This historical graph shows the evolution of the AQS for all flows (the label at the
top of the graph reads All Criticalities) of the Site during the last three hours,
with one value every minute (or every 5 or 15 minutes, according to the collect
period see the Domains parameters in ip|uniboss).
By clicking on Top/High Criticalities at the top of the graph, it shows the
evolution of the AQS for the critical flows only, during the last three hours.
<Site> - Activity Summary
<Site> - Activity Summary frame

This frame shows four graphs with the following information:
March 2012
Top Application Groups by volume
7-13
Ipanema System

the top 10 Application Groups in volume of outgoing traffic (by clicking Top 10
Application Groups (LAN => WAN) at the top of the graph),
the top 10 Application Groups in volume of incoming traffic (by clicking Top 10
Application Groups (WAN => LAN) at the top of the graph),
Clicking on an Application Group in the chart automatically filters the traffic for that
Application Group in the Real Time Flows frame below (see below).
Top Remote Sites by volume

the top 10 Remote Sites in volume of traffic sent to these Sites (by clicking Top
10 Remote Sites (LAN => WAN) at the top of the graph),
the top 10 Remote Sites in volume of traffic received from these Sites (by clicking
Top 10 Remote Sites (WAN => LAN) at the top of the graph),
Last 3h LAN => WAN Throughput Per Criticality

This historical graph shows the evolution of the throughput of the outgoing traffic,
by criticality level (one curve for Top, one curve for High, one curve for Medium
Last 3h WAN => LAN Throughput Per Criticality

This historical graph shows the evolution of the throughput of the incoming traffic,
by criticality level (one curve for Top, one curve for High, one curve for Medium
7-14
<Site> - Throughput Summary per NAP
March 2012
<Site> - Throughput Summary per NAP frame

This frame shows two graphs per NAP with the following information:
When several NAPs are present on the Site, the name of the NAPs are the
name of the Site followed by the NAP number (i.e., <NAP 1> = <Site>.1,
etc.).
When there is only one NAP on the Site, the name of the NAP is the name
of the Site (i.e., <NAP> = <Site>).
<NAP> - Last 3h LAN => WAN Throughput

This historical graph shows the evolution of the LAN-to-LAN throughput (in blue and in
the background) and WAN-to-WAN throughput (in orange and on the foreground) of the
outgoing traffic during the last three hours.
As the WAN-to-WAN throughput is displayed in front of the LAN-to-LAN
throughput, when both the LAN-to-LAN and WAN-to-WAN throughputs are
equal (i.e., when the traffic is not compressed), only the WAN-to-WAN
throughput (orange area) is visible. It can be hidden by clicking WAN in
the legend, thus revealing the LAN-to-LAN throughput (blue area) behind it
(LAN-to-LAN throughput can also be hidden, by clicking LAN in the legend).
When the LAN-to-LAN throughput is higher than the WAN-to-WAN throughput
(i.e., when the traffic is compressed), the blue area above the orange area
corresponds to the bandwidth saved thanks to compression (difference
between LAN-to-LAN throughput and WAN-to-WAN throughput).
<NAP> - Last 3h WAN => LAN Throughput

This historical graph shows the evolution of the LAN-to-LAN throughput (in blue and in
the background) and WAN-to-WAN throughput (in orange and on the foreground) of the
incoming traffic during the last three hours. (The same remarks as above description
of <NAP> - Last 3h LAN => WAN Throughput apply.)
The two same graphs are displayed for each NAP.
March 2012
7-15
Ipanema System
<Site> - Real Time Flows
<Site> - Real Time Flows frame
This frame is very similar to ip|boss Real time flows list (ip|boss > Helpdesk >
Real-Time, described in 7.5.2).
This frame shows three filters (Application Groups, Applications and Remote sites) and the list
of flows for the Site:
The three filters show the list of Application Groups, the list of Applications and the list
of Remote Sites with, for each of them, their names (first column), their LAN-to-LAN
throughput (LAN column) and their WAN-to-WAN throughput (WAN column).
Applying a filter
The flows in the Real Time Flows list can be filtered out by clicking on any line
in the three filter tables.
Several filters can be applied simultaneously.
To remove the filters, click the first line (ALL; this is the default view).
Interactions between the filters
When a filter is applied, the two others are automatically updated accordingly.
For instance, if FTP is selected in the Application Groups filter, the Applications
filter table will only show the applications belonging to that Application Group
(and ALL shows the total throughput for that Application Group too), and the
throughputs displayed in the Remote Sites filter correspond to the throughput for
that Application Group only.
Sorting the data in the filters:
7-16
March 2012
It is possible to sort the data in these filters by clicking on the column headers:
click once to sort the data by increasing order (an up arrow
then appears
next to the header), click twice to sort the data by decreasing order (
).
(The line named ALL shows all flows with the total values, and it always appears
at the top of the filter tables, whatever the sorting criteria.)
Example where only FTP flows between .Mumbai and .Paris are shown
The Real Time Flows list itself shows a table with each active flow shown on a separate
line. A flow becomes active and is shown in the window as soon as a packet belonging
to it is detected during the session. The table contains the following columns
Topology
Local Site
name of the selected ip|engine
Local User Subnet
name of the User subnet on the local Site (this field is empty if the local IP
address does not belong to any User subnet defined on the Site)
Local User Subnet
name of the User subnet on the local Site (this field is empty if the local IP
address does not belong to any User subnet defined on the Site)
direction of the flow:
outgoing (the local Site is the source)
incoming (the local Site is the destination)
Remote Site
name of the remote ip|engine (where the flow is going to or coming from)
Remote User Subnet
name of the remote User subnet
March 2012
7-17
Ipanema System
AQS
Application Quality Score of the flow: score between 0 (extremely bad quality) and 10 (excellent
quality), displayed with two decimals.
The color of the field also represents the quality, with the following meaning:
Excellent, Very good, etc., are only a typical interpretation of the AQS with typical
parameters it may vary according to the users sensibility and according to the QoS
profile parameters.
When the AQS is not good, the parameters (delay, jitter, loss, etc.) that triggered an average or a
bad quality are also highlighted with the same color, so that one can easily find which parameters
objectives were not met (yellow) or which parameters maximum values were exceeded (red).
The quality of a flow cannot be computed when ALL three following conditions are met:
it is a real time flow (the bandwidth is not a criteria) or the bandwidth objective of the flow is not
met (the quality is measured thanks to the other parameters),
the flow runs over UDP (RTT, TCP retransmission and SRT cannot be measured either) or
those parameters are not activated in the QoS profile.
Classification
Application Group
name of the Application Group where the flow is classified
Application
name of the application
Criticality
criticality level of the flow (Top, High, Medium or Low)
Sens.
sensitivity of the Application Group (Routine or Business this is a

smart|path parameter)
LAN
Thr. (kbps)
7-18
Thr.: LAN-to-LAN throughput (number of bits per second sent at the IP

layer)
Good: LAN-to-LAN goodput (number of useful bits received at the
application layer i.e. payload of the TCP and UDP packets received on
the downstream side; retransmitted, out of sequence and lost packets
are not counted).
Throughput vs Goodput, example:
March 2012
Sess.
number of sessions, represented by the averaged activity for the duration

of the Correlation Record (by default: T = 1 minute).
For example, 1 session running during T plus 1 session running during half
this period of time will give 1 + 0.5 = 1.5 session.
A session is identified by the following parameters:
for TCP or UDP: source address, destination address, protocol (TCP
or UDP), source port and destination port.
for others protocols over IP (for example ICMP): source address,
destination address, protocol.
Loss (%)
LAN-to-LAN loss rate (measured between the LAN port of the source
ip|engine and the LAN port of the destination ip|engine)
Delay (ms)
LAN-to-LAN one-way-delay (in ms) measured between the LAN port of the
source ip|engine and the LAN port of the destination ip|engine
Min: minimum LAN-to-LAN one-way-delay
Avg: average LAN-to-LAN one-way-delay
Max: maximum LAN-to-LAN one-way-delay
Jitter (ms)
LAN-to-LAN jitter (delay variation measured between the LAN port of the
source ip|engine and the LAN port of the destination ip|engine)
WAN
Thr. (kbps)
WAN-to-WAN throughput (number of bits per second sent at the IP layer)
Loss (%)
WAN-to-WAN loss rate (measured between the WAN port of the source
ip|engine and the WAN port of the destination ip|engine)
Delay (ms)
WAN-to-WAN one-way-delay (in ms) measured between the WAN port of

the source ip|engine and the WAN port of the destination ip|engine
Min: minimum WAN-to-WAN one-way-delay
Avg: average WAN-to-WAN one-way-delay
Max: maximum WAN-to-WAN one-way-delay
Jitter (ms)
WAN-to-WAN jitter (delay variation measured between the WAN port of the
source ip|engine and the WAN port of the destination ip|engine)
Comp
Ratio
March 2012
compression ratio for the flow (when applicable)
7-19
Ipanema System
TCP
SRT (ms)
The Server Response Time measures the delay (in ms) between the last
packet sent by the client during a request (PSH) and the emission of the
acknowledgement to the first packet received from the server (ACK).
When an ip|engine is installed on the client side, it measures this response
time and reports it to ip|boss; otherwise, it is the ip|engine installed on
the server side which does it (and the measurement is made between the
reception of the PSH and the reception of the ACK).
If the same ip|engine does not see the two ways of the TCP connection
(in case of a cluster with asymmetric routing), the SRT will not be measured
unless the two ip|engines of the cluster are connected together and the
ASR feature is configured.
Min: shortest Server Response Time

Avg: average Server Response Time
Max: longest Server Response Time
RTT (ms)
The Round Trip Time measures the time of establishment of a TCP

connection (3way handshake: SYN, SYN+ACK, ACK), that is: the delay
(in ms) between the emission of the SYN and the emission of the ACK.
When an ip|engine is installed on the client side, it measures this RTT and
reports it to ip|boss; otherwise, it is the ip|engine installed on the server
side which does it (and the measurement is made between the reception of
the SYN and the reception of the ACK).
If the same ip|engine does not see the two ways of the TCP connection
(in case of a cluster with asymmetric routing), the RTT will not be measured
unless the two ip|engines of the cluster are connected together and the
ASR feature is configured.
Min: shortest Round Trip Time

Avg: average Round Trip Time
Max: longest Round Trip Time
Ret. (%)
percentage of TCP retransmissions

Flags
7-20
Comp.
compression status: Yes if the flow is compressed, No otherwise
Accu.
accuracy of the current measurement: High is the flow is qualified, Low

otherwise
Al.
this field indicates, when at yes, the presence of an alarm on the

ip|engine. Check its status for further information. In case of alarm, the
correlation records are ignored.
March 2012
TOS / DSCP
name of the TOS / DSCP value used to recognize the application, when applicable
This table is refreshed about every minute (according to the ip|engine collect period
option) if it is not frozen.
The same metrics are used in the reports, with the same definitions. Yet,
in the reports, other metrics and symbols are also used: you can find their
definitions in 8.3.5 Definitions.
From any flow in this list, one can open a Real Time Graph, which is a 12minute window
showing the evolution of the above metrics with additional polling every 10 seconds. Up to four
graphs can be open on a Domain, simultaneously.
To access the Real Time Graph, right click on a flow and select Start Real Time Graph:
Flows contextual menu
Real Time Graph

Through the contextual menu above, one can also access the Discovery frame (see below),
with the corresponding filters automatically set.
March 2012
7-21
Ipanema System
<Site> - Discovery
<Site> - Discovery frame
This frame is very similar to ip|boss Discovery function (ip|boss > Helpdesk >
Discovery, described in 7.5.3).
The Discovery function consists in creating a Discovery agent for the selected ip|engine (one
agent maximum per ip|engine) to collect additional data (as compared to the data already
collected and displayed in the Real Time Flows list see above).
Filters
The flows can be filtered according to 5 criteria, using the 5 drop-down lists surrounding the
network diagram:
Template: three templates can be used to filter:
Out of local subnets: (= out of local config) packets crossing the ip|engine, but
where neither the source IP address nor the destination IP address belong to
one of its Topology subnets (this traffic is called in Transit); these flows are
not measured individually by the ip|engine; instead, only their global volume is
measured and reported (i.e., these flows are not present in the Real Time Flows
list nor in any report, except in the Site Analysis reports, which show the volume
of Transit traffic).
Unrecognized Application: packets belonging to applications which are not
recognized by the ip|engines syntax engine, which were not declared in
ip|boss and which do not use well-know ports,
Out of Domain: sent packets with a destination IP address which does not belong
to a declared Topology subnet, or received packets with a source IP address
which does not belong to a declared Topology subnet (in either case, these
packets will match Out of Domain Topology subnet which is in the system
by default, so it does not have to be declared , 0.0.0.0/0).
Local User Subnet: to filter the data using a User subnet declared in ip|boss for the
local Site,
An Out of Local Config. check box allows, if checked, to display the traffic which
does not belong to the local configuration only (see Out of local subnets above)
Remote User Subnet: to filter the data using a User subnet declared in ip|boss for a
remote Site,
7-22
March 2012
Remote Site: to filter the data using a User subnet declared in ip|boss for a remote Site,
Application: to filter the data according to one application,
An Out of config check box, allows, if checked, to discover the port number
used by the unrecognized applications (see above).
Start/stop a Discovery agent
A Discovery agent can be started or stopped with the
of the <Site> - Discovery frame header:
and
buttons at the right
Start/Stop Discovery agents
If the Start button is greyed

and the Stop button is visible
, it means
that a Discovery agent is running on the ip|engine. Discovery agents consume
resources, and they are not meant to run permanently. So when you have found
what you were looking for thanks to a Discovery agent, do not forget to stop it.
The indicator LED Discovery in ip|boss main window turns amber when a
Discovery agent is running.
Result table
According to the configuration rules this Discovery agent will collect the following data and
send them to ip|boss:
Local IP
local IP address
Remote IP
remote IP address
Application
name of the application, displayed as follows:

when the application is recognized: A (b), where A is the name
declared in ip|boss and b is the application recognized by the syntax engine:
for a standard application (e.g. FTP) it reads: FTP (ftp),
for an application with a specific declaration in ip|boss (e.g.
Ping_X is declared as follows: protocol: ICMP; User subnet:
X), it reads: Ping_X (icmp)
for an application which is not recognized by the ip|engine
syntax engine, but which is declared in ip|boss, it reads:
<Application_name> (unknown)
when the application is not recognized (it is not recognized by the
ip|engine and it has not been declared in ip|boss), it displays the
layer 4 protocol and the port number.
LAN => WAN Packets
number of ingress packets
LAN => WAN Bytes
number of ingress bytes
LAN => WAN Sessions
number of ingress sessions
WAN => LAN Packets
number of egress packets
WAN => LAN Bytes
number of egress bytes
March 2012
7-23
Ipanema System
WAN => LAN Sessions
number of egress sessions
percentage of the total throughput

Discovery result table
The counters are cleared at each start of a Discovery agent.
The result can be downloaded in CSV format by clicking on the

right of the <Site> - Discovery frame header.
button at the
Display settings
The results can be displayed in different ways, thanks to 6 drop-down lists below the network
diagram:
Local IP:
Detail: the local IP addresses are displayed (so different local IP addresses will
always be displayed on different lines),
Group: the local IP addresses are not displayed (and all flows with the same
remote IP address and same application will be merged on one line, even if they
have different local IP addresses).
Remote IP:
Detail: the remote IP addresses are displayed (so different remote IP addresses
will always be displayed on different lines),
Group: the remote IP addresses are not displayed (and all flows with the same
local IP address and same application will be merged on one line, even if they
have different remote IP addresses).
Application:
Detail: the application names are displayed (so different applications will always
be displayed on different lines),
Group: the application names are not displayed (and all flows with the same
local IP address and same remote IP address will be merged on one line, even
if different applications are running between these two addresses).
Top:
20: shows the 20 most significant results (in Packets, Bytes or Sessions,
according to the field used to sort the data),
50: shows the 50 most significant results,
100: shows the 100 most significant results.
Sort by: it is possible to sort the data according to the number of:
LAN => WAN

LAN => WAN
LAN => WAN
WAN => LAN
WAN => LAN
WAN => LAN
Bytes,
Packets,
Sessions,
Bytes,
Packets,
Sessions.
It is also possible to sort the data by clicking on the column headers.

Period:
10 s: the results are refreshed every 10 seconds,
1 mn: the results are refreshed every minute,
5 mn: the results are refreshed every 5 minutes.
7-24
March 2012
CHAPTER 8. ANALYZING AND REPORTING

TOOLS (IP|REPORTER)
This chapter describes capabilities for communication with external systems via an SNMP agent.
This function allows measures to be archived on an external system, whether they are optimized
or not.
The data available via the MIB depend on the Metaviews configured in the system.
8. 1. MIB ACCESS
8. 1. 1. MIB
The description file is available in the directory of ip|boss:
~/salsa/ipboss/server/interface/ipanema-technologies.mib
~/salsa/ipboss/server/interface/ipanema-technologies-notifications.mib
8. 1. 2. SNMP
Measures can be used via a MIB access thanks to an SNMP agent included in the ip|boss software.
The UDP port used by this agent must be configured, Domain per Domain (a different port must
be declared for each Domain), in ip|uniboss.
Access to the agent is read-only with SNMPv2c protocol. The Community name is public (default
value, can be configured by user).
The SNMP agent instantiates the system and SNMP groups as well as a private MIB.
The SNMP agent is updated every Short reporting period (as defined in the Domain configuration
see chapter 3).
March 2012
8-1
Ipanema System
8. 2. IP|REPORTER
This section describes the reporting system, ip|reporter, made by Ipanema Technologies.
8. 2. 1. Ipanema Architecture
The Ipanema solution architecture is composed of the following system elements:
ip|boss is the centralized management software for the Ipanema performance management
system which runs on a standard Solaris or Windows platform. Through the ip|boss, business
objectives are communicated to ip|engines and measurement data are collected.
ip|engines are software/hardware appliances that automatically measure and control

network and application performance. Using the business objectives defined by the company,
ip|engines work together as a real-time system to measure network performance and
utilization, and to manage application service levels. GPS time synchronization enables them
to deliver the most accurate measurement possible.
ip|reporter is a full-service report generating utility. It provides a global view of service levels
for each application, as well as detailed, metrics based reports for problem diagnostics.
The ip|reporter is a reporting tool powered by InfoVista and based on OEM agreement.
InfoVista can operate with real-time data or deferred-time data. Real time, such as SNMP data,
is retrieved from the ip|boss at regular intervals by polling the resource and requesting it for
specific information about the behavior of the resource. These data give up to date information
about IS behavior.
Deferred-time data is external to the SNMP world. It has its source in existing log files (a web
site log file, for example) or databases. It is batch-loaded onto the InfoVista server as some time
after it was generated. InfoVista uses these data to calculate Indicators in the same way as it
handles real time data. And, in fact, when the data is displayed on a report, the origin of the
resource data is totally transparent to the user.
8-2
SNMP (System MIB) Collect of measurement. Interfaced with SNMP agent of ip|boss.
March 2012
Analyzing and reporting tools (ip|reporter)
Ipanema architecture
March 2012
8-3
Ipanema System
8. 2. 2. Ipanemas ip|reporter architecture

Ipanema Technologies ip|reporter is the easy to use report generating component of Ipanemas
service level management system. Using information gathered from ip|engines performance
measurement and control appliances, and aggregated by the ip|boss management software,
ip|reporter generates sophisticated reports showing network performance and utilization. These
reports summarize real-time as well as historic data that an enterprise can use to appropriately
size a network, thus reducing WAN operating costs significantly, while improving or maintaining
application performance levels. ip|reporter includes embedded report generation software which
handles all user interface functions.
Ipanemas ip|reporter is powered by InfoVista. ip|reporter can be purchased without InfoVista
software, if an enterprise already owns the software package. ip|reporter should run on a dedicated
server.
According to InfoVistas platform being used, Vista-Foundation 0 (VF0) or Vista-Foundation 4 (VF4),
there are two different possible architectures.
ip|reporter architecture with InfoVistas VF0 platform

ip|reporter runs in client/server mode. The server processes (InfoVista) collect data from
ip|boss SNMP agent. The rich client (IVreport) is the GUI (graphical user interface) that allows
to show the reports.
The reports can also be visualized through a web client, using VistaPortal SEs web server (refer
to section ip|reporter web edition).
8-4

The VistaFoundation 4 is an ensemble of InfoVista products working in conjunction with each
other in a N-tier architecture:
March 2012

Administration: VistaCockpit provides a centralized view of the distributed system and
thus helps to maintain a coherent configuration over the life time of the project. From the
Cockpit console, an administrator can configure components in a homogeneous fashion,
debug the system, and automate the administrators tasks (such as debugging data,
InfoVista Server backup, etc.)
Consolidation: this layer consists of just one product, VistaMart, which models the
service, provisions InfoVista Servers accordingly (load balancing between the servers),
and stores the collected data that subsequently go to the presentation layer in an Oracle
database; this is where the configuration and the dashboard data are stored. VistaMart
controls groups of InfoVista servers, which can spread over different systems.
Data collection: InfoVista servers use SNMP to obtain the data from ip|boss SNMP
agent, store the collected data in ObjectStore databases and and push them to
VistaMart using HTTP. This is where the real time reports are stored.
Presentation: the collected data are presented to Users in VistaPortal in pages that
form together a management dashboard. Alerts show up directly in VistaPortal, and you
can obtain real-time data by drilling-down from higher-level summary reports.
All components connecting to InfoVista servers (i.e. VistaMart and VistaPortal) must use the
Port Mapper (default port 1275). See the InfoVista Server Administration Guide for complete
connection details.
March 2012
8-5
Ipanema System
8. 2. 3. Terms
8. 2. 3. 1. The Instance
Each monitored resource in the network is represented by an Instance object (equivalent to a
Metaview in ip|boss) . An Instance can represent any logical or physical element in the network
such as an ip|engine source, an ip|engine destination, a subnet source, a subnet destination, an
application, a Key A, a Key B, an Application Group, a criticality.
The Instance consists of values and identify and characterize the resource (for example, the alias
for an application). These characteristics are called Property and the values assigned to them are
called Property Values.
The data is displayed on a Graph. The Instance is mapped to the Graph via a report.
8. 2. 3. 2. The Vista
You create each Instance object from a template object called the Vista. The Vista indicates which
Properties each Instance should have. You can create any number of Instances from the same
Vista. In this way, you define each type of equipment only once and when you create Instances of
this equipment, you simply supply the values of the Properties.
InfoVista is installed with a number of standard, pre-configured Vistas which allow you to get up
and running immediately.
For example:
the Vista IpNode has the Property ip (IP Address).
the Vista SNMP node has the Properties snmprd (SNMP community read) and snmpwr (SNMP
community write).
Rules can be defined to create relationships between Vistas. They are not immediately
visible in the object model but they are exploited by several Vistas you use. For example,
one of the standard Rules states that All Routers are SNMP nodes. The result is that
the Vista Router automatically inherits all the Properties of the Vista SNMP node as
well as its own intrinsic Properties.
8. 2. 3. 3. The Indicator
An Indicator is a measurement. It tells us something about the operation of a resource. Examples
are data traffic or quality of service. InfoVista calculates the values of Indicators from the source
data, which it collects from the monitored resource.
Standard, pre-configured Indicators exist for the most common situations that you encounter (and
for some of the more difficult ones, too).
8. 2. 3. 4. The Report
An InfoVista report shows one or more Graphs and possibly some decorative text or bitmaps. Each
Graph shows the values of a set of Indicators for a set of Instances (the monitored resources).
8. 2. 3. 5. The Report Template

Each Report is derived from a template object called the Report Template. The Report Template
represents a typical report layout. It does not contain data, it just shows the Graphs that are used
and the visual layout of the report.
The same template can be used by any number of Reports. You can therefore define a typical
report template once, and each time you create a report from this template, your work is reduced
to specifying which Instances the report will monitor.
InfoVista is installed with a number of standard, pre-configured Report Templates.
8-6
March 2012
Typical Report Template names:
Short/Long reporting: SNMP agent polling period.

Display Rate: The time interval between two consecutive values of an Indicator. Each Report
Template may be provided with several different display rates (select from the list: hourly, daily,
weekly and monthly).
Time Span: The time period over which the Graph must display data. The Time Span value is
not subject to any limitations, though typically it is set to a simple multiple of the display rate.
For example, if the display rate is 1 day and the time span is set to 1 week, the graph is scaled
to display 7 consecutive Indicator values.
Life Time: The Life Time is one of the factors used by the system to calculate and reserve the
necessary buffer space for storing the Indicator values. When the data becomes older than this
Life Time it is considered to be obsolete and is gradually purged from the system.
Hourly: Specifies that the display period is one hour.
Ingress: name of the ip|engine upstream of the flow (from LAN to WAN).
Egress: name of the ip|engine downstream of the flow (from WAN to LAN).
8. 2. 3. 6. The Report Folders

A Report Folder is a list of Reports. The Reports in a folder may be derived from different Report
Templates. The folder provides a way of grouping the Reports together:
either to simplify readability in the object tree
or to provide common access rights to a number of Reports.
You can also create sub-folders, if necessary, to organize your working environment.
8. 2. 3. 7. Libraries
A Library (supplied by InfoVista or third parties, or created by you) is used to group together objects
such as Vistas, Indicators, etc. in order to obtain logical units.
March 2012
8-7
Ipanema System
8. 2. 4. Starting the system

8. 2. 4. 1. Starting the server application
Normally, the InfoVista server is started automatically, after installation, and each system reboot.
A message such as:
Manager/Collector server not found
Manager service
Collector service
or
Client-Server communication failure
Browser service
Which may be displayed after trying to connect to a server, means that the InfoVista
server has not started correctly. If you have a problem, refer to chapter 1 section
Troubleshooting.
8-8
March 2012
8. 2. 4. 2. Starting IVreport rich client application (VF0)
Windows (Windows 2003, XP SP2, Vista)
In the Windows Task bar, click on Start/Programs/InfoVista/IVreport.
Starting IVreport
Unix
The InfoVista software is installed in:

/opt/InfoVista/Essentials/bin (Solaris)
(The path should be included in the PATH variable)
To start the client, execute:
./ivreport &
March 2012
8-9
Ipanema System
After startup, the Connection dialog box is displayed. Enter the parameters requested and click on
OK.
Startup window
InfoVista Server Connection
Server name: Name of the system running the InfoVista server or IP address. If the server is on
the same machine as the client application, leave this field blank or put the loop back address
(127.0.0.1).
Several instances of InfoVista can be installed on the same server. In this case the
syntax is the following: <instance_name>@x.x.x.x (where x.x.x.x is the IP address
of InfoVista server).
In a firewall environment, the endpoints for Manager, Collector and
Browser services can be fix. In this case the syntax is the following:
x.x.x.x:ManagerPort:CollectorPort:BrowserPort (where x.x.x.x is the IP address of
InfoVista server). The endpoints ports can be setup using ip|reporter rich client
(IVreport):
8-10
March 2012
InfoVista Endpoint Setup
User name: Enter administrator.

Password: The default value is blank. To reconnect to the same server or to another server,
select the command File/Connect to Server in the InfoVista Main window.
March 2012
8-11
Ipanema System
8. 2. 4. 3. IVreport main window (VF0)

After connection, the InfoVista Main window is displayed. The left-hand panel displays the objects
of the InfoVista model in the form of a tree structure.
InfoVista Main window

The root of the tree (at the top) is the InfoVista server system. If the name of the server is local,
this means that the server is on the same system as the client application.
Nodes in the tree are indicated by a
expanded. It may contain subfolders. A
8-12
or a
.A
indicates that the branch has not been
indicates that the node is already expanded.
Click a
node to expand the branch.
Click a
Click a branch or object name to select the item.
Double-click the name of an object to open the Property sheet or List view window of the object
(shortcut for Edit/Open).
node to collapse the branch.
March 2012
The right-hand pane of the window displays the list of sub-objects of the object that is currently
selected in the object tree.
Click the square symbol
in front of an object to display the next level of sub-object.
Double-click an object name to open the Property sheet of the object (shortcut for Edit/Open).
The tool bar contains buttons which provide shortcuts for the more frequently used menu
commands.
Create a new object of the selected type (shortcut for Edit/Add).
Copy the selected object to the clipboard (shortcut for Edit/Copy).
Paste an object from the clipboard (shortcut for Edit/Paste)
Delete the selected object (shortcut for Edit/ Delete).
Open the Property sheet of the selected object (shortcut for Edit/Open).
Find objects by name or description (shortcut for Edit/Find).
Schedule report-related actions (shortcut for Reports/Schedule)
Create a new report with the Instant Report wizard (shortcut for
Reports/Instant Report).
Filter reports based on specified criteria (shortcut for Reports/Filter).
March 2012
8-13
Ipanema System
8. 2. 4. 4. IVreports Report Viewer (VF0)

Use the viewer to view or print a Report. This paragraph describes the manipulation of the Report
viewer.
Report viewer
Report/Periodical Refresh/Stop
Report/Periodical Refresh/Start
The report template is configured to update the data display in function of the display rate value.
While the report is running, inhibit Periodical Refresh (click the

and wait a few minutes. Note
that the data in the reports stops being updated and the Report Reference Time, displayed at the
top right of the viewer also becomes fixed. The reference time indicates the timestamp of the last
data sample displayed in the Report (in other words, the timestamp of the last update of data).
After a few minutes, enable Periodical Refresh again (click the button). You will see the data
updated immediately, one new point on the Traffic graph for every period you wait. You also see
the reference time updated to display the current time again.
Graph/Refresh/Data if a graph is selected.
File/Print While a Report is open, you can print it with this command. The report is printed
on your systems default printer.
Edit/Copy
Graph/Properties if a graph is selected
Toggle Information Mode (not in a menu) When depressed, displays a tool tip over graphic
objects, indicating the Metric name, Vista name and acquisition rates, time span and the objects
Description attribute.
8-14
March 2012
Reference Time slider
Use the reference Time slider to adjust the reference time of the report:
either drag the slider
or click on the arrow buttons
or click on the time or date, edit with the keyboard and press Enter to validate
click on the latest button

to set the reference time to the current date and time (equivalent
to dragging the slider all the way to the right)
For more information, please refer to the InfoVista Reference Manual.
March 2012
8-15
Ipanema System
8. 2. 4. 5. ip|reporter web client (VF0 and VF4)

To access ip|reporter web, click the ip|reporter button in SALSA web client:
SALSA web client
The Domain selected in theSALSA web client has no impact, as once in ip|reporter,
you will be able to select the reports on any Domain you have an access to (according
to you User rights).
If you are connected on a Domain with ip|boss (and if you accesses it via SALSA), you can open
ip|reporter web by selecting the
ip|reporter web button in ip|boss toolbar.
Different accesses can be defined with different user rights (unlike for the users of IVreport (VF0),
who always have access to all the reports managed by the server). Refer to the Technical note
TN-0200011-04__how_to_configure_report_access_with_VPSE2.pdf.
Two different windows can be displayed, according to the VistaFoundation being installed, VF0 otr
VF4:
8-16
March 2012
ip|reporter web client with VF0
March 2012
8-17
Ipanema System
8. 2. 5. Reports Management
Operating procedure table: settings (automatic reporting), settings (define reports), service ip|true
(automatic reporting), service ip|true (modify reports), service ip|reporter (automatic reporting),
service ip|reporter (define reports)
The reports are managed in the ip|boss interface, thanks to ip|reporter or to the Automatic
reporting tool.
ip|boss manages the Instances creation and deletion in InfoVista according to the configuration
parameters.
ip|boss is the reference for the reports and Instances for infovista. If some reports described in
ip|boss configuration file are not present in Infovista database, then ip|boss takes in charge to
create the missing reports. At the opposite, if some reports exist (for the Domain) in Infovista
database and not in ip|boss configuration, then ip|boss takes in charge to delete these reports.
ip|reporter uses the Metaviews for the reports creation and filling.
Three kinds of reports creation are available:
8-18
ip|reporter, unitary mode: one report is created on one Metaview. This mode is to use to add a
specific report on a specific Metaview, or to create some reports that cannot be created in the
Wizard mode.
ip|reporter, automatic mode (Wizard): several reports can be created on several Metaviews in
one operation. For example: 8 given reports on all physical sites.
automatic reporting: reports are automatically created for the Domain, for all Physical sites,
for all Virtual sites or for all Application Groups, and will automatically be added when new
Physical sites, new Virtual sites or new Application Groups are created.
March 2012
8. 2. 5. 1. Automatic reporting
This tool allows to create reports for the Domain, for all Physical sites, for all Virtual sites or for all
Application Groups.
The selected reports are automatically added for existing Physical sites*, Virtual sites* and
Application Groups, and will be automatically added when new Physical sites*, new Virtual sites*
or new Application Groups are created.
* For the sites (physical or virtual), the selected reports are created only if
Auto-reporting is at yes in the ip|engine parameters.
Automatic reporting.
The Automatic reporting window is displayed.
Automatic reporting window

This window contains four tabs:
Domain,
Physical sites (= sites with an ip|engine),
Virtual sites (= sites with a tele|engine),
Application Groups.
within any tab, the automatic report creation window is displayed

(Domain, Physical sites, Virtual sites or Application Groups automatic reports creation window,
according to the selected tab):
Domain automatic reports creation window

This window contains an input zone with the following field:
Report template: drop-down list of available report templates, to choose the reports attached
to the selected tab.
March 2012
8-19
Ipanema System
four click boxes allow to define which time aggregation can be created for the report:
Hour,
Day,
Week,
Month.
a click box that allows to define the level of confidentiality for the report:
Public (unclicked by default):
when clicked, the reports are stored in the hour / day / week / month folders
in IVreport, and an access to the reports can be given to all users using the web
client;
otherwise, the reports are stored in the hour private / day private
/ week private / month private folders in IVreport, and the
access to the reports can be restricted, for the users using the
web client, to authorized users only (refer to the Technical note
TN-0200011-04__how_to_configure_report_access_with_VPSE2.pdf).
8-20
March 2012
8. 2. 5. 2. Reports creation in unitary mode (ip|reporter)

ip|reporter.
The ip|reporter window is displayed:
ip|reporter window
This window contains the list of reports created on each instance with the specific parameters.
, the report creation window is displayed.
reports creation window

Metaview: drop-down list of Metaviews, to choose the Metaview on which the reports will be
created.
Report template: drop-down list of available report templates, to choose the reports attached
to the selected Metaview.
4 click boxes allow to define which time aggregation can be created for the report:
Hour,
Day,
Week,
Month.
client;
March 2012
8-21
Ipanema System
8. 2. 5. 3. Reports creation in wizard mode (ip|reporter)

This creation mode allows to create a big number of reports. It allows to create a package of reports
for several Metaviews. This mode could be used in the initial creation step.
ip|reporter.
The ip|reporter window is displayed:
ip|reporter window
, the multiple creation window of Reports is displayed.
Reports Wizard window

a zone with multiple selection for the Metaviews,

a zone with multiple selection for the Report template . The list is modified according to the
type of Metaview selected.
4 click boxes, that allow to define which time aggregation can be created for the report:
8-22
Hour,
Day,
Week,
Month.
March 2012
client;
The first zone (on the left) shows the list of elements (Metaviews and Report templates) as
described in the system and managed by ip|boss, the second area (on the right) shows the
selected elements.
Some arrows are used to move the selected data from one area to another.
By selecting several elements in each list, the system will create the reports according to
combinative selected criteria.
8. 2. 5. 4. Reports Deletion
To delete some reports in the Infovista database, just suppress the reports in the list accessible by
ip|reporter. After the validation of the deletion and update of the configuration, the reports
are definitively deleted, the reports and their data cannot be accessed anymore.
It is possible to suppress several reports by selection with the keyboard.
Another way to remove the reports is by clicking on the icon
reports is displayed.
, the multiple deletion window of
If the reports were created with the Automatic reporting function

, they will be
automatically re-created after deletion, so they must be deleted with this funciton (be
aware that suppressing a report with this function will impact all the concerned objects
ip|engines or Application Groups).
March 2012
8-23
Ipanema System
8. 2. 5. 5. Update in InfoVista
After creation or deletion of reports, click on the flashing Update button
in order to update the
Infovista Database with ip|boss configuration. After you have confirmed you want to update the
configuration in ip|reporter, this step is identified by the ip|reporter Database LED (in the ip|boss
status zone) in amber during the synchronization (this can last several minutes, or several hours if
you created a large number of reports at a time).
Warning before configuration update
ip|reporter Database LED during database update
8. 2. 5. 6. Force synchronize
If InfoVista suffers a Database synchronization problem, it is possible to force the synchronization
using ip|reporters menu Actions / Force synchronize.
This function should not be used under normal circumstances. Use it only in case
of synchronization problem. A synchronization problem can be checked in the
logs, and thanks to the Database LED above (grey: an error happened during last
synchronization; red: error in the reports description; amber is a normal color during
synchronization, but it should be a temporary state: if the LED remains amber for an
abnormaly long time, this can also be due to a synchronization problem).
ip|reporter Force synchronize menu

As this can last several minutes, or several hours if you created a large number of reports, a warning
message is displayed:
Warning before forced synchronization

Click OK to confirm you want to force synchronization, Cancel if you wan to abort.
8-24
March 2012
8. 2. 5. 7. Recommended reports
Ipanema recommends that the following reports are created:
Report
Dom
Phy
Vir
SLM - Site Synthesis
SLM - Application Synthesis
SLM - Site Summary (per direction)
SLM - Application Group Summary
PM - Site Summary
PM - AG Summary (per direction)
PM - Detailed per AG
(x)
PM - Detailed per application - Top
X
X
X
AM - Time evolution - TCP
SA - Site Throughput
X
X
X
X
PM - Compression Evolution
PM - Compression Synthesis - AG
PM - Compression Synthesis - appli
FI - Availability Overview
FI - Availability Evolution
other
PM - Time Evolution
SA - Site Summary (ingress/egress)
UC
X
where Dom stands for Domain, Phy for Physical sites, Vir for Virtual sites, UC for Application
Groups, and other should be created for a specific occasion only (troubleshooting...), then
removed.
March 2012
8-25
Ipanema System
8. 3. HOW TO READ THE REPORTS

Reports can be read either using IVreport (InfoVista rich client, VF0) or InfoVista web client (VF0
and VF4).
8. 3. 1. IVreport (VF0)
To open a report using IVreport, launch IVreport (default login / password are administrator /
(no password)), open the Reports tab, open the following folders: Report folders / <Domain>
/ <MetaView> / <Level of aggregation, level of confidentiality>, then double-click on the reports
name.
If the Public click box was clicked on the reports creation, it can be found in the hour / day
/ week / month folders;
otherwise, it can be found in the hour private / day private / week private / month private
folders.
Reports directory structure in IVreport
8-26
March 2012
8. 3. 2. Web client (VF0)

Using the web client, the directory structure is similar, but users may not have an access to all
reports (for example, the access may be limited to the Public reports only), according to their rights
(refer to the Technical note TN-0200011-04__how_to_configure_report_access_with_VPSE2.pdf).
ip|reporter web client

There are two ways to navigate in the reports:
by selecting Folders in the drop-down list in ip|reporters main window, you can access the
reports with the following file system tree (4 hierarchical levels):
<Domain> / <type of MetaView> / <MetaView> / <time level, public/private>
ip|reporters Folders file system tree
March 2012
8-27
Ipanema System
The second browsing method allows to navigate in the sites reports with two additional
hierarchical levels, defined by the ip|engines Navigation fields Folder name for level 1 and
Folder name for level 2: by selecting Navigation in the drop-down list in ip|reporters main
window, you can access the sites reports with the following file system tree (6 hierarchical
levels):
<Domain> / Navigation / <Folder name for level 1> / <Folder name for level 2> /
<MetaView> / <time level, public/private>
(the <type of MetaView> level disappears, as this method is valid to access the sites reports
only).
This method is very helpful on larges networks, with hundreds or thousands of sites.
In the example below, Folder name for level 1 was used to group sites per continents, and
Folder name for level 2 was used to group sites per countries. The ip|engines created without
filling those fields are grouped under the Unknown folder name:
ip|reporters Navigation file system tree
8-28
March 2012
8. 3. 3. Web client (VF4)

The web client, with VistaFoundation 4, shows two levels of reports:
all the reports available with VF0 are also available (they are called real time reports hereafter),
and there are new high level reports displayed in the main web page (they are called Service
Level Overview reports).

The window contains five frames:
Time Navigator,
Navigation,
Service Level Overview,
and two frames in Reports.
The Time Navigator frame shows the date and time, and allows to browse the selected reports in
the past.
March 2012
8-29
Ipanema System
To access a report, first select the MetaView or group of MetaViews in the Navigation frame (click
on the
before a branch to expand the navigation tree,
to collapse a branch):
Selecting MetaViews in the Navigation frame
8-30
March 2012
The Service Level Overview report corresponding to the selected MetaView(s) is displayed in the
Service Level Overview frame:
Selecting the periodicity in the Navigation frame
For a Site or a list of Sites, this report shows, for each site:
the name of the MetaView (<Domain name> x Site:<name of the Site>),
the AQS per criticality level (Top, High, Medium and Low) with color bars; the colors
indicate the AQS (from red = 0 to green = 10), and one can read the exact value of the
AQS by moving the mouse over the bars,
the ingress (LAN => WAN) and egress (WAN => LAN) WAN accesses utilization (in
percentage of the WAN accesses throughputs) and the WAN accesses throughputs (as
defined in ip|boss); the utilization bars are blue between 0 and 70% of utilization, yellow
between 70 and 90% of utilization, and red above 90% of utilization; the percentage of
utilization can be read by moving the mouse over the bars,
For an Application Group or a list of Application Groups, this report shows, for each Application
Group:
the name of the MetaView (<Domain name> x Application Group:<name of the
Application Group>),
the AQS of the Application Groups with color bars; the colors indicate the AQS (from red
= 0 to green = 10), and one can read the exact value of the AQS by moving the mouse
over the bars,
the ingress (LAN => WAN) and egress (WAN => LAN) throughputs, both on the LAN
interfaces of the ip|engines and on their WAN interfaces,
the number of sessions.
March 2012
8-31
Ipanema System
A second type of Service Level Overview reports is available by selecting the Evolution tab, at
the top of the window:
Evolution tab
It shows four frames:
the
the
the
the
volume per Criticality level,

AQS per Criticality level,
ingress (LAN => WAN) throughput,
egress (WAN => LAN) throughput.
for the selected MetaViews.

Select the Overview tab to come back to the previous view (Service Level Overview frame).
8-32
March 2012
To access the real time reports, once the Metaviews have been selected in the Navigation frame,
select the periodicity in the Reports frame:
Selecting the periodicity in the Reports frame

The names of the available reports for the selected MetaViews and periodicity are diplayed in a
second frame in Reports, called Name:

To open the real time reports displayed in this frame, double click on their names or right click and
select Instant report:

The real time reports open in a new window. They are explained in the following sections.
March 2012
8-33
Ipanema System
8. 3. 4. Dynamic reading of the reports

The reports show graphs and tables:
Report example
The graphs show the history of the values.

Click on the graphs (IVreport) or move your mouse on them (web client) to read detailed values
in a popup.
The values in the tables are measured over the last display period.
Click successively on any column header to sort the table by increasing or decreasing values.
On the client you can use the time slider (IVreport) or specify the date and time (both clients) to see
the previous values of each indicator. This presents you with a historical view of each resource
for any moment during the lifetime of the report.
8-34
March 2012
8. 3. 5. Definitions
Here is a definition of the symbols and specific metrics that are used in the reports (for the definition
of the standard metrics, such as AQS, Delay, Jitter, Loss rate, RTT, SRT, TCP retrans., etc.), please
refer to 7.5.2.1 Analyzing Real time monitored flows):
=>
Represents the LAN => WAN - or ingress - direction,
<=
Represents the WAN => LAN - or egress - direction.
Session
A session is identified:
For TCP or UDP by the following parameters: source IP address,

destination IP address, protocol (TCP or UDP), source port and
destination port.
For other protocols over IP (for example: ICMP) by the following
parameters: source IP address, destination IP address, protocol.
Qualified
(sessions,
throughput,
goodput)
Traffic between synchronized ip|engines; delay, jitter and packet loss

are measured.
Non qualified
or Unqualified
(throughput,
goodput, sessions)
Traffic between non synchronized ip|engines, or (more frequently)

between an ip|engine and atele|engine; delay, jitter and packet loss
cannot be measured.
MOS
(1 to 5)
March 2012
8-35
Ipanema System
Overactivity
(%)
Percentage of time when the Right Size (computed by Smart planning) is

higher than the WAN access for Top and High traffic.
Evolution
(Volume, Quality,
Activity)
(++/+/0/-/- -)
Evolution, according to the following symbols, as compared to the

average value of the 3 last periodicity levels (3 hours, 3 days, 3 weeks or
3 months, according to the time scale of the report):
++: the metric has increased a lot (by more than +20%),
+: the metric has slightly increased (between +5 and +20%),
o: the metric is stable (between 5% and +5%),
- : the metric has slightly decreased (between 5 and 20%),
- -: the metric has decreased a lot (by more than 20%).
Color Management
8-36
March 2012
8. 4. IPANEMA SYSTEM VISTAVIEWS

The following sections (7.5 to 7.15) correspond to each Vistaview, and each section is further
divided into sub-sections that correspond to each report template. A report sub-section includes
an overview of the report features, a graphical representation of the report, a detailed description
of the report, and finally a suggested way of using the report.
Ipanema VistaViews
Some of these VistaViews are available only if you have purchased the corresponding
options and if they are enabled in the license file.
March 2012
8-37
Ipanema System
core
Used to collect all information by querying ip|boss SNMP agent.
Acceleration
Metrics and Indicators for TCP acceleration.
Acceleration - en
English Template Reports used to display the TCP acceleration

metrics (namely the acceleration factor).
Application Monitoring
Metrics and Indicators for the AM.
Application Monitoring - en
English Template Reports used to display the AM.
CIFS
Metrics and Indicators for CIFS acceleration.
CIFS - en
English Template Reports used to display the CIFS acceleration.
Compression (option)
Used to collect all Compression metrics by querying the SNMP

agent.
Compression - en
Used to display the Compression metrics of all incoming or outgoing

traffic with the compression ratio.
Fault Isolation
Metrics and Indicators for the Ipanema system status.
Fault Isolation - en
English Template Reports used to display the IS status.
ip_export (option)
Used to collect the ipanema metrics via the SNMP interface.
Performance Monitoring
LAN-to-LAN metrics and Indicators for the PM.
Performance Monitoring - en
English Template Reports used to display the PM.
Performance Monitoring WAN
WAN-to-WAN metrics and Indicators for the PM.
Performance Monitoring WAN - en
English Template Reports used to display the PM.
Service Level Monitoring
Metrics and Indicators for the SLM.
Service Level Monitoring - en
English Template Reports used to display the SLM.
Site Analysis
Metrics and Indicators for the SA used for troubleshooting
Site Analysis-en
English Template Reports used to display the SA used for

troubleshooting
SLA
Metrics and Indicators for the SLA.
SLA - en
English Template Reports used to display the SLA.
Smartplanning (option)
Used to collect all smartplanning metrics by querying the SNMP

agent.
Smartplanning - en
Used to display the smartplanning metrics of all incoming or

outgoing traffic by criticality level (top, high, medium and low) on a
site.
VoIP
Used to collect all Voice Over IP metrics by querying the SNMP

agent.
VoIP-en
English Template Reports used to display the Voice Over IP metrics

of all incoming or outgoing VoIP traffic.
Ipanema System VistaViews
8-38
March 2012
The statistics generated by the different functions are available throughout the whole Ipanema
System:
ip|boss aggregates the data gathered from ip|engines measurement, QoS & control,
redundancy elimination and acceleration functions, and makes them available through the
SNMP interface.
ip|reporter uses them to generate the appropriate easy-to-use reports, that provide a complete
analysis for each network access.
All reports can be created with ip|reporter using the single or the wizard mode (unless otherwise
specified).
The reports on the Domain, on Physical or Virtual sites, and on Application Groups can also be
created with the Automatic reporting tool.
The available periodicity levels for the reports are the following (unless otherwise specified):
Hourly,
Daily,
Weekly,
Monthly.
The Ipanema System library contains the following report templates, with the following
abbreviations being used:
in What is measured: App: Application; Crit: Criticality; D/J/L: Delay/Jitter/Loss; Ses: number
of sessions; Thput: Throughput; Gput: Goodput; (un)qual: (un)qualified; AG: Application Group;
Vol: volume; evol: evolution
Filters: D: Domain; P: Physical Sites; V: Virtual sites; K: Keys; S: User Subnets; U: Application
Groups; A: Applications; C: Criticality
Legend in the Filters:
X: the report is available for Metaviews that contain this object.
Example: is - slm - site summary is available on the Domain.
L: the report is available for Metaviews that contain a list of this object.
Ex.: is - slm - site synthesis is not available on a single Physical site, but it is if the
Metaview contains a list of Physical sites.
o: the report is available for Metaviews that contain this object, but only if the Metaview
also contains objects with an X.
Ex.: is - slm - application group summary per direction is not available on an Application
Group, but it is if the Metaview is a combination of a Physical site AND an Application
Group.
SLM (Service Level Monitoring)

Report template
(is - slm -)
What is measured
service level
evolution
AQS, qual. and unqual. ses., Thput, Gput
site summary
AQS, D/J/L, RTT, SRT, TCP retrans.,

ses., Thput.
uc summary
AQS, D/J/L, RTT, SRT, TCP retrans.,

ses., Thput.
uc summary per
direction
March 2012
Filters
D P
8-39
Ipanema System
app. synthesis
Vol. & AQS evol. per crit., Ingress &

Egress Thput, vol. & vol. evol. per AG,
AQS & AQS evol. per AG, vol. per app.
(top 10), site activity, global evol.
site synthesis
Vol. & AQS evol. per crit., Total Thput,

vol. & vol. evol. per site, AQS & AQS
evol. per site.
D P
V
X
SLA (Service Level Agreement)

Report template
(is - sla -)
What is measured
Filters
domain overview graph
AQS per AG, AQS per site, over activity

per site
domain overview table
Vol., AQS, MOS, over activity per AG,

per site
domain - aqs
summary
AQS, over activity per AG, per site
domain - mos
summary
MOS, over activity per AG, per site
site summary
AQS, MOS, over activity per AG, per

site
site exploitation
AQS, MOS, vol., ses., over activity
site customer
AQS, MOS, vol., ses., over activity
D P
AM (Application Monitoring)
8-40
Report template
(is - am -)
What is measured
site summary - tcp
SRT, RTT, Packet retrans., Thput, ses.
application group
summary - tcp
application group
summary - per
direction - tcp
application
summary - tcp
app. summary - per

dir. - tcp
time evolution - tcp
Filters
X
March 2012
PM (Performance Monitoring)
Report template
(is - pm -)
What is measured
site summary
uc summary
uc sum. per dir
Filters
D P
WAN-WAN & LAN-LAN Delay, Loss,

Thput; ses.
D/J/L; RTT/SRT/TCP retrans.; total

Thput, sessions, packet size
app. summary
app. sum. per dir
traffic topology
Total & qual. traffic, Traffic profile

(kbps/%time), packet%/delay, Thput per
site, ingress & egress
time evolution
D/J/L, Thput, ses.
detailed per ag
Throughput
detailed per app. top

detailed per app.
top host app on
vol.
Host (IP address), app., vol., ses.

This report does not appear
in the hour, day, week and
month folders, but in the
default folder.
PM (Performance Monitoring) Compression

Report template
(is - pm -)
What is measured
compression
evolution
Total LAN Thput. (without compr.), total

WAN Thput (with compr.), compressed
Thput, saved Thput.
compression
synthesis - ag
For each AG and each way: compressed,

saved, total LAN, total compressible and
total compressed volumes; compr. factor
and ratio
compression
synthesis application
Filters
D P
ip|reporters wizard mode is not available for those reports.
March 2012
8-41
Ipanema System
ACC (TCP acceleration)

Report template
(is - acc -)
What is measured
acceleration
evolution
Compr., TCP & Acceleration factors, nb

of new & current sessions
Filters
D P
D P
CIFS (CIFS acceleration)

Report template
(is - cifs -)
What is measured
Filters
time evolution
Thput, CIFS verbosity, Acceleration

factor, nb of active sessions
Report template
(is - VoIP -)
What is measured
Filters
synthesis
MOS distribution
time evolution
MOS, D/J/L, sessions
Report template
(is - sa -)
What is measured
Filters
K
site summary
ingress
Thput: To physical ip|e, No correlation,

To virtual ip|e, To Out of Domain, Transit,
Other, Locally rerouted, Non IPv4 WAN,
Ignored LAN
site summary
egress
Thput: From physical ip|e, No correlation,

From virtual ip|e, From Out of Domain,
Transit, Other, Locally rerouted, Non
IPv4 WAN, Ignored LAN
site throughput
Thput: IPv4, Apple Talk, IPX, SNA, IPv6,

Ignored LAN. IPv4 Thr.: To/From physical
ip|e, No correlation, To/From virtual ip|e,
To/From Out of Domain, Transit, Other,
Locally rerouted
VoIP
D P
SA (Site Analysis)
8-42
D P
March 2012
FI (Fault Isolation)
Report template
(is - fi -)
What is measured
availability evolution
Status down, Status up, synchro. loss,

highest CPU load, WAN overload
Filters
D P
availability overview
With ip|reporter, FI reports can only be created using the unitary mode.
Smart planning
Report template
(smartplanning -)
What is measured
profile
Throughput, Right Size
synthesis
Current, trend 3 months, trend 1 year
Filters
D P
X
X
This report is only available on

a daily basis.
March 2012
8-43
Ipanema System
8. 5. SLM (SERVICE LEVEL MONITORING) REPORTS

8. 5. 1. is - slm - service level evolution
Service Level Monitoring Table
Service Level Monitoring - service level evolution
8-44
March 2012
What can it do?

Monitored resource
This template is available for the following Metaviews:

A Domain .
A Site or a list of sites.
A Key or a list of keys.
A Subnet or a list of subnets,
An Application or a list of applications,
An Application Group or a list of Application Groups,
A Criticality or a list of criticality levels.
AQS, number of sessions (qualified and unqualified), throughput
(qualified and unqualified), goodput (qualified and unqualified).
From data collected every Short reporting period.
What is measured
How it is measured
Type of report
Hourly
Daily
Weekly
Monthly
Display rate
Short reporting
5 minutes
1 hour
4 hours
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
The graphs present the following information:

AQS graph
This graph represents the evolution of the AQS over the period of time.
Sessions graph
This graph represents the evolution of the number of sessions over the period of time:
number of qualified sessions,

number of unqualified sessions (the top of the curve (that sits above the Qualified sessions)
indicates the total sessions (qualified + unqualified)).
Throughput graph
This graph represents the evolution of the Throughput over the period of time:
Throughput: the surface indicates the non qualified throughput only, whereas the top of the curve
(that sits above the Qualified throughput) indicates the total throughput (qualified + unqualified)
Qualified throughput
Goodput: the surface indicates the non qualified goodput only, whereas the top of the curve
(that sits above the Qualified goodput) indicates the total goodput (qualified + unqualified)
Qualified goodput
March 2012
8-45
Ipanema System
8. 5. 2. is - slm - site summary

Service Level Monitoring - site summary

What can it do?
Monitored resource

A Domain ,
A Site or a list of sites,
A Key or a list of keys,
AQS, delay, jitter, packet loss, RTT, SRT, TCP retrans., sessions,
throughput.
From data collected every Long reporting period.
What is measured
How it is measured
8-46
Type of report
Hourly
Daily
Weekly
Monthly
Display Rate
1 hour
1 day
1 week
1 month
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
March 2012
The table
The table presents the following information (note: for color and symbol explanation see the Color
Management picture in Definitions):
Site
Name of the Site (ip|engine).
Average AQS
Weighted average of the ingress AQS and egress AQS of the site.
In the following columns,
=> represents the LAN => WAN - or ingress - direction,

<= represents the WAN => LAN - or egress - direction.
AQS
Application Quality Score of the site for one direction.
D/J/L
Symbolic representation for Delay, Jitter and packet Loss to show the
metrics causing color during a display period of time.
RTT/SRT/Retrans
Symbolic representation for RTT, SRT and TCP Retrans. to show the
metrics causing color during a display period of time.
Average sessions
Average number of sessions per second.
Average
throughput
(kbps)
Average number of kbits per second at IP level (on ip|engines and/or

tele|engines).
March 2012
8-47
Ipanema System
8. 5. 3. is - slm - application group summary

Service Level Monitoring - application group summary

What can it do?
Monitored resource

A Domain .
throughput.
What is measured
How it is measured
Type of report
Hourly
Daily
Weekly
Monthly
Display Rate
1 hour
1 day
1 week
1 month
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
The table
The table present the following information (note: for color and symbol explanation see the Color
8-48
Application
Group
Name of the Application Group.
Criticality
Criticality level of the Application Group.
AQS
Application Quality Score of the Application Group.
D/J/L
metrics causing color during a display period for ingress and egress
directions.
RTT/SRT/Retrans
directions.
March 2012
Average sessions
Average number of sessions per second for ingress and egress directions.
Average
throughput
(kbps)
Average number of kbits per second at IP level for ingress and egress
directions.
March 2012
8-49
Ipanema System
8. 5. 4. is - slm - application group summary per direction

Service Level Monitoring - application group summary per direction

What can it do?
Monitored resource
A Domain.
Per Application or a list of applications.
Per Application Group or a list of Application Groups.
Per Criticality or a list of criticality levels.


What is measured
How it is measured
8-50
A Subnet or a list of subnets.

throughput (kbps).
Type of report
Hourly
Daily
Weekly
Monthly
Display Rate
1 hour
1 day
1 week
1 month
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
March 2012
The table
The table presents the following information (note: for color and symbol explanation see the Color
Application
Group
Criticality
Criticality level of the Application Group.
Average AQS
Weighted average of the ingress AQS and egress AQS.


AQS
Application Quality Score of the Application Group for one direction.
D/J/L
directions.
RTT/SRT/Retrans
directions.
Average sessions
Average number of sessions per second for ingress and egress directions.
Average
throughput
(kbps)
Average number of kbits per second at IP level for ingress and egress
directions.
March 2012
8-51
Ipanema System
8. 5. 5. is - slm - application synthesis

Service Level Monitoring - application synthesis
8-52
March 2012
What can it do?

Monitored resource

A Domain.
An Application or a list of applications.
An Application Group or a list of Application Groups.
Volume evolution per criticality, Quality evolution, Ingress
throughput, Egress throughput, Volume per Application Group
(percentage MB, evolution), Quality per Application Group (AQS,
evolution), Volume per application (Top 10), site activity, global
evolution.
What is measured
How it is measured
Volume evolution and Quality evolution graphs

Type of report
Hourly
Daily
Weekly
Monthly
Display rate
1 hour
1 day
1 week
1 month
Time Span
24 hours
1 week
5 weeks
12 months
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
LAN->WAN throughput and WAN->LAN throughput graphs

Type of report
Hourly
Daily
Weekly
Monthly
Display rate
15 minutes
15 minutes
1 hour
4 hours
Time Span
2 hours
2 days
2 weeks
2 months
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
Application Group Volume, application volume Top 10, site activity and global evolution
Tables
Type of report
Hourly
Daily
Weekly
Monthly
Display rate
1 hour
1 day
1 week
1 month
Time Span
1 hours
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
The graphs
The graphs present the following informations:
Volume Evolution (GB) graph
This graph shows the volume evolution on the last 24 hours, 7 days, 5 weeks or 12 months
according to the periodicity level by criticality.
March 2012
8-53
Ipanema System
Quality Evolution (%) graph

This graph represents quality evolution on the last 24 hours, 7 days, 5 weeks or 12 months
according to the periodicity level in percentage of volume with different colors:
%
%
%
%
green volume
yellow volume
red volume
grey volume when quality cannot be computed
LAN => WAN throughput (kbps) graph

This graph shows the ingress throughput evolution on the last 2 hours, 2 days, 2 weeks or 2 months
according to the periodicity level, for the following indicators: average throughput and maximum
throughput.
Average (Throughput)
Number of Kbits per second at layer 3 level during a display rate.
Max (Peak throughput)
The peak throughput curve displays the maximum encountered value during a display rate.
WAN => LAN throughput (kbps) graph

This graph shows the egress throughput evolution on the last 2 hours, 2 days, 2 weeks or 2 months
according to the periodicity level, for the following indicators: average throughput and maximum
throughput.
Number of kbits per second at layer 3 level during a display rate.
The peak throughput curve displays the maximum encountered value during a display rate.
For LAN => WAN throughput (kbps) and WAN => LAN throughput (kbps), the
average and maximum throughputs are calculated on the following periods:
Average (throughput)
Periodicity
Maximum (Peak throughput)
Hour
15 minutes
15 minutes
Day
15 minutes
15 minutes
Week
1 hour
15 minutes
Month
4 hours
15 minutes
The tables
The tables present the following information:
Application Group table
8-54
Application
Group
Criticality
Criticality level according to the Application Group name.
Volume (%)
Percentage of total volume used by the Application Group.
Volume (MB)
Volume used by the Application Group in Mega bytes.
Volume Evolution
(++/+/0/-/- -)
Volume evolution for the 3 last periodicity levels.
AQS (0 to 10)
Application Quality Score.
Quality Evolution
(++/+/0/-/- -)
Quality evolution for the 3 last periodicity levels.
March 2012
Application TOP 10 table

Application
Name of the Application.
Application
Group
Application Group name corresponding to the application classification.
Volume (%)
Percentage of total volume used by the Application.
Site Activity table

Site activity
This indicator displays the percentage of time when traffic was measured.
Evolution
(++/+/0/-/- -)
Availability evolution for the 3 last periodicity levels.
March 2012
8-55
Ipanema System
8. 5. 6. is - slm - site synthesis

Service Level Monitoring- site synthesis

What can it do?
Monitored resource

A Domain.
A list of Sites.
A list of Keys.
A list of Subnets.
Volume evolution per criticality, Quality evolution, Total throughput,
Volume per site (percentage, MB, evolution), Quality per site (AQS,
evolution)
What is measured
How it is measured
8-56
March 2012
Volume evolution and Quality evolution graphs

Type of report
Hourly
Daily
Weekly
Monthly
Display rate
1 hour
1 day
1 week
1 month
Time Span
24 hours
1 week
5 weeks
12 months
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
Throughput graph
Type of report
Hourly
Daily
Weekly
Monthly
Display rate
15 minutes
15 minutes
1 hour
4 hours
Time Span
2 hours
2 days
2 weeks
2 months
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
Site table
Type of report
Hourly
Daily
Weekly
Monthly
Display rate
1 hour
1 day
1 week
1 month
Time Span
1 hours
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
The graphs
The graphs present the following informations:
Volume Evolution (GB) graph
This graph shows the volume evolution on the last 24 hours, 7 days, 5 weeks or 12 months
according to the periodicity level by criticality.
Quality Evolution (%) graph
This graph represents quality evolution on the last 24 hours, 7 days, 5 weeks or 12 months
according to the periodicity level in percentage of volume with different colors:
%
%
%
%
green volume
yellow volume
red volume
grey volume when quality cannot be computed
Throughput (kbps) graph

This graph shows the total throughput evolution (ingress + egress) on the last 2 hours, 2 days, 2
weeks or 2 months according to the periodicity level, for the following indicators: average throughput
and maximum throughput.
Number of kbits per second at layer 3 level during a display period.
The peak throughput curve displays the maximum encountered value during a display period.
March 2012
8-57
Ipanema System
For the Throughput (kbps), average and maximum throughput are calculated on the
following periods:
Periodicity
Average (throughput)
Maximum (Peak throughput)
Hour
15 minutes
15 minutes
Day
15 minutes
15 minutes
Week
1 hour
15 minutes
Month
4 hours
15 minutes
The table
The Site table presents the following information:
8-58
Site
Volume (%)
Percentage of total volume used by the site.
Volume (MB)
Volume used by the site in Mega bytes.
Volume Evolution
(++/+/0/-/- -)
Volume evolution for the 3 last periodicity levels.
AQS (0 to 10)
Application Quality Score of the sites.
Quality Evolution
(++/+/0/-/- -)
Quality evolution for the 3 last periodicity levels.
March 2012
8. 6. SLA (SERVICE LEVEL AGREEMENT) REPORTS

8. 6. 1. is - sla - domain overview - graph
Service Level Agreement Table
Service Level Agreement - Domain

What can it do?
Monitored resource
What is measured
How it is measured
March 2012

A Domain .
AQS per critical Application Group (Top and High), AQS per site for
critical Application Groups, Over activity per site (%).
8-59
Ipanema System
Type of report
Hourly
Daily
Weekly
Monthly
Display Rate
1 hour
1 day
1 week
1 month
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
The graphs
Used to display in a graph an overall view of the service level agreement supplied by the network.
Presents the following information:
Application Group graph
This graph represents the AQS during no over activity, per critical Application Group (Top and
High).
Site graph
This graph represents the AQS during no over activity of the 10 worst Sites, for the critical
Application Groups (Top and High).
Over activity per site (%) graph
This graph represents the percentage of time when the Right Size (computed by Smart planning)
is higher than the WAN access for Top and High traffic.
8-60
March 2012
8. 6. 2. is - sla - domain overview - table

Service Level Agreement - Domain - overview

What can it do?
Monitored resource

A Domain .
Volume, AQS, MOS, Over activity per critical Application Group
(Top and High), per site for critical Application Groups.
What is measured
How it is measured
Type of report
Hourly
Daily
Weekly
Monthly
Display Rate
1 hour
1 day
1 week
1 month
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
The tables
Application
Group
Criticality
Criticality of the Application Group (Top and High only).
Volume (%)
Percentage of volume represented by the Application Group.
AQS
Application Quality Score during no over-activity.
MOS
Mean Opinion Score during no over-activity.
Overactivity (%)

March 2012
8-61
Ipanema System
8-62
Site
Volume (%)
Percentage of volume represented by the Site for the critical Application

Groups (Top and High).
AQS
MOS
Overactivity (%)

March 2012
8. 6. 3. is - sla - domain - aqs summary

Service Level Agreement - Domain - AQS summary

What can it do?
Monitored resource

A Domain .
AQS, Over activity per critical Application Group (Top and High),
per site for critical Application Groups.
What is measured
How it is measured
Type of report
Hourly
Daily
Weekly
Monthly
Display Rate
1 hour
1 day
1 week
1 month
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
The tables
Application
Group
Criticality
Overactivity (%)

AQS > 5.0 (%)
Percentage of time when the qualified Application Quality Score is strictly

higher than 5.0 during no over-activity.
AQS > 7.0 (%)

March 2012
8-63
Ipanema System
8-64
AQS > 8.0 (%)

AQS > 9.0 (%)

AQS > 9.5 (%)

AQS > 9.8 (%)

AQS > 9.9 (%)

AQS = 10 (%)
Percentage of time when the qualified Application Quality Score is equal

to 10 during no over-activity.
Site
Overactivity (%)

AQS > 5.0 (%)

AQS > 7.0 (%)

AQS > 8.0 (%)

AQS > 9.0 (%)

AQS > 9.5 (%)

AQS > 9.8 (%)

AQS > 9.9 (%)

AQS = 10 (%)

March 2012
8. 6. 4. is - sla - domain - mos summary

Service Level Agreement - Domain - MOS summary

What can it do?
Monitored resource

A Domain .
MOS, Over activity per critical Application Group (Top and High),
per site for critical Application Groups.
What is measured
How it is measured
Type of report
Hourly
Daily
Weekly
Monthly
Display Rate
1 hour
1 day
1 week
1 month
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
The tables
Application
Group
Criticality
Overactivity (%)

MOS > 2.6 (%)
Percentage of time when the Mean Opinion Score is strictly higher than
2.6 during no over-activity.
MOS > 3.1 (%)
March 2012
8-65
Ipanema System
8-66
MOS > 3.6 (%)
MOS > 4.0 (%)
MOS > 4.3 (%)
MOS > 4.4 (%)
Site
Overactivity (%)

MOS > 2.6 (%)
MOS > 3.1 (%)
MOS > 3.6 (%)
MOS > 4.0 (%)
MOS > 4.3 (%)
MOS > 4.4 (%)
March 2012
8. 6. 5. is - sla - site summary

Service Level Agreement - Site summary

What can it do?
Monitored resource

A Physical site .
AQS, MOS, Over activity per critical Application Group (Top and
High).
What is measured
How it is measured
Type of report
Hourly
Daily
Weekly
Monthly
Display Rate
1 hour
1 day
1 week
1 month
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
The tables
Application
Group
Criticality
Overactivity (%)

AQS > 5.0 (%)

AQS > 7.0 (%)

AQS > 8.0 (%)

AQS > 9.0 (%)

March 2012
8-67
Ipanema System
8-68
AQS > 9.5 (%)

AQS > 9.8 (%)

AQS > 9.9 (%)

AQS = 10 (%)

Application
Group
Criticality
Overactivity (%)

MOS > 2.6 (%)
MOS > 3.1 (%)
MOS > 3.6 (%)
MOS > 4.0 (%)
MOS > 4.3 (%)
MOS > 4.4 (%)
March 2012
8. 6. 6. is - sla - site exploitation

Service Level Agreement - site exploitation
March 2012
8-69
Ipanema System
What can it do?

Monitored resource
What is measured

AQS, MOS, Volume, Sessions density, Over activity.
How it is measured
Type of report
Hourly
Daily
Weekly
Monthly
Display rate
Short reporting
5 minutes
1 hour
4 hours
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
The graphs
AQS graph
This graph represents the Application Quality Score during no over activity, per critical Application
Group (Top and High).
MOS graph
This graph represents the Mean Opinion Score during no over-activity, per Application Group.
Volume (MBytes) graph
This graph represents the volume of data (MBytes) exchanged by each critical Application Group
(Top and High) and for all non critical ones (Medium and Low).
Session density graph
This graph represents the number of sessions for each critical Application Group (Top and High)
and for all non critical ones (Medium and Low).
Overactivity (%) graph
8-70
March 2012
8. 6. 7. is - sla - site customer

Service Level Agreement - site customer
March 2012
8-71
Ipanema System
What can it do?

Monitored resource
What is measured

AQS, MOS, Volume, Sessions, Over activity
How it is measured
Type of report
Hourly
Daily
Weekly
Monthly
Display Rate
1 hour
1 day
1 week
1 month
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
The graphs
AQS graph
This graph represents the Application Quality Score during no over activity, per critical Application
Group (Top and High).
MOS graph
This graph represents the Mean Opinion Score during no over-activity, per Application Group.
Volume (MBytes) graph
This graph represents the volume of data (MBytes) exchanged by each critical Application Group
(Top and High) and for all non critical ones (Low and Medium).
Session density graph
This graph represents the number of sessions for each critical Application Group (Top and High)
and for all non critical ones (Low and Medium).
Overactivity (%) graph
The table
The table presents the following information:
8-72
Application
Group
Criticality
AQS
MOS
Overactivity (%)

Volume (%)
Percentage of volume represented by the Application Group.
March 2012
8. 7. AM (APPLICATION MONITORING) REPORTS

8. 7. 1. is - am - site summary - tcp
Application monitoring Table
Application Monitoring - Site Summary - TCP

What can it do?
Monitored resource

A Domain.
Packet retransmission, SRT, RTT, Non TCP sessions, TCP
sessions, Goodput, Non TCP Throughput, TCP Throughput.
What is measured
How it is measured
Type of report
Hourly
Daily
Weekly
Monthly
Display Rate
1 hour
1 day
1 week
1 month
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
March 2012
Executive officers
8-73
Ipanema System
The table
The table is used to display the following indicators concerning the Site traffic:
Site

8-74

Packet
retransmission
Percentage of retransmitted TCP segments between ip|engines.
SRT
Server response time (in ms).
RTT
Round trip time (in ms).
Non TCP
sessions
Number of non TCP sessions per second.
TCP sessions
Number of TCP sessions per second.
Goodput
Number of kbits per second at layer 4 level.
Non TCP
Throughput
Number of non TCP segments per second (in kbps) measured at IP

level), between ip|engines.
TCP Throughput
Number of TCP segments per second (in kbps, measured at IP level),

between ip|engines.
March 2012
8. 7. 2. is - am - application group summary - tcp

Application Monitoring - application group summary - TCP

What can it do?
Monitored resource

A Domain.
What is measured
How it is measured
Type of report
Hourly
Daily
Weekly
Monthly
Display Rate
1 hour
1 day
1 week
1 month
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
Application Groups table

Used to display in a table the following indicators concerning the Application Group traffic.
Application
Group


Packet
retransmission
SRT
RTT
March 2012
8-75
Ipanema System
8-76
Non TCP
sessions
TCP sessions
Goodput
Non TCP
Throughput

TCP Throughput

between ip|engines.
March 2012
8. 7. 3. is - am - application group summary - per dir. - tcp

Application Monitoring - application group Summary - per direction - TCP

What can it do?
Monitored resource

What is measured
How it is measured
Type of report
Hourly
Daily
Weekly
Monthly
Display Rate
1 hour
1 day
1 week
1 month
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
Application Groups table

Application
Group


Packet
retransmission
SRT
RTT
Non TCP
sessions
TCP sessions
March 2012
8-77
Ipanema System
8-78
Goodput
Non TCP
Throughput

TCP Throughput

between ip|engines.
March 2012
8. 7. 4. is - am - application summary - tcp

Application Monitoring - Application Summary - TCP

What can it do?
Monitored resource

A Domain.
What is measured
How it is measured
March 2012
8-79
Ipanema System
Type of report
Hourly
Daily
Weekly
Monthly
Display Rate
1 hour
1 day
1 week
1 month
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
Application table
Used to display in a table the following indicators concerning the Application traffic.
Application

8-80

Packet
retransmission
SRT
RTT
Non TCP
sessions
TCP sessions
Goodput
Non TCP
Throughput

TCP Throughput

between ip|engines.
March 2012
8. 7. 5. is - am - application summary - per direction - tcp

Application Monitoring - Application Summary - per direction - TCP

What can it do?
Monitored resource

What is measured
How it is measured
March 2012
8-81
Ipanema System
Type of report
Hourly
Daily
Weekly
Monthly
Display Rate
1 hour
1 day
1 week
1 month
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
Application table
Used to display in a table the following indicators concerning the Application traffic.
Application

8-82

Packet
retransmission
SRT
RTT
Non TCP
sessions
TCP sessions
Goodput
Non TCP
Throughput

TCP Throughput

between ip|engines.
March 2012
8. 7. 6. is - am - time evolution - tcp

Application Monitoring - time evolution - tcp
March 2012
8-83
Ipanema System
What can it do?

Monitored resource

A Domain.
SRT, RTT, packet retransmission, Throughput (TCP and non TCP),
Goodput (TCP), sessions.
What is measured
How it is measured
Type of report
Hourly
Daily
Weekly
Monthly
Display rate
Short reporting
5 minutes
1 hour
4 hours
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
The graphs
SRT (ms) graph
This graph represents the average Server response time (in ms).
RTT (ms) graph
This graph represents the average Round trip time (in ms).
Packet retransmission graph
This graph represents the percentage of retransmitted TCP segments between ip|engines.
Throughput graph
This graph represents:
TCP: the number of TCP segments per second (in kbps, measured at IP level), between
ip|engines (dark blue).
non TCP: the number of non TCP segments per second (in kbps) measured at IP level),
between ip|engines (light blue).
Goodput: the number of kbits per second at layer 4 level (tele|engines) (green).
Peak: the maximum encountered value during a display period (red).
Sessions graph
8-84
TCP: the number of TCP sessions per second (dark green).

non TCP: the number of non TCP sessions per second (light green).
March 2012
8. 8. PM (PERFORMANCE MONITORING) REPORTS

8. 8. 1. is - pm - site summary
Performance Monitoring Table
Performance Monitoring - site summary

What can it do?
Monitored resource

A Domain.
LAN-to-LAN and WAN-to-WAN average delay, packet loss and
throughput, total sessions.
What is measured
How it is measured
Type of report
Hourly
Daily
Weekly
Monthly
Display Rate
1 hour
1 day
1 week
1 month
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
Site table
Used to display in a table the following indicators concerning the Site traffic.
March 2012
8-85
Ipanema System
Site

8-86

LAN average
delay (ms)
LAN-to-LAN average delay of packets (in ms).
WAN average
delay (ms)
WAN-to-WAN average delay of packets (in ms).
LAN packet loss

(%)
Percentage of IP packets lost between the LAN interfaces of the

ip|engines.
WAN packet loss

(%)
Percentage of IP packets lost between the WAN interfaces of the

ip|engines.
LAN total
throughput
(kbps)
Number of kbits per second at the IP level measured on the LAN interface
of the ip|engine.
WAN total
throughput
(kbps)
Number of kbits per second at the IP level measured on the WAN

interface of the ip|engine.
Total sessions
Total number of sessions (on ip|engines and/or tele|engines).
March 2012
8. 8. 2. is - pm - application group summary

Performance Monitoring - application group summary

What can it do?
Monitored resource

A Domain.
Total sessions, total throughput, packet size, delay, jitter, packet
loss, packet retransmission, SRT, RTT
What is measured
How it is measured
Type of report
Hourly
Daily
Weekly
Monthly
Display Rate
1 hour
1 day
1 week
1 month
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers

Application
Group
Total sessions
Total number of sessions (on ip|engines and/or tele|engines) for ingress

and egress directions.
Total throughput
(kbps)
Total number of kbits per second at IP level (on ip|engines and/or

tele|engines) for ingress and egress directions.
Packet size
(bytes)
Average packet size in bytes (on ip|engines and/or tele|engines) for

ingress and egress directions.
Delay (ms)
Average delay of packets (in ms) for ingress and egress directions.
March 2012
8-87
Ipanema System
8-88
Jitter (ms)
Delay variation (in ms) for ingress and egress directions.
Packet loss (%)
Percentage of lost IP packets for ingress and egress directions.
Packet retrans.
(%)
Percentage of retransmitted TCP segments for ingress and egress

directions.
SRT (ms)
Average Server Response Time (in ms).
RTT (ms)
Average Round Trip Time (in ms).
March 2012
8. 8. 3. is - pm - application group summary per direction

Performance Monitoring - application group summary per direction

What can it do?
Monitored resource
A Domain.


What is measured
How it is measured

Delay, jitter, packet loss, qualified packet size, qualified sessions,
total throughput, total packet size, total sessions, qualified
throughput
Type of report
Hourly
Daily
Weekly
Monthly
Display Rate
1 hour
1 day
1 week
1 month
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
March 2012
Executive officers
8-89
Ipanema System

Application
Group

8-90

Delay (ms)
Average delay of packets (in ms).
Jitter (ms)
Delay variation (in ms).
Packet loss (%)
Percentage of lost IP packets.
Packet retrans.
(%)
Percentage of retransmitted TCP segments.
SRT (ms)
RTT (ms)
Packet size
(bytes)
Average packet size in bytes (on ip|engines and/or tele|engines).
Total sess.
Total Thput
(kbps)
(Total throughput) Total number of kbits per second at IP level (on

ip|engines and/or tele|engines).
March 2012
8. 8. 4. is - pm - application summary
Performance Monitoring - Application summary

What can it do?
Monitored resource

A Domain.
Total sessions, total throughput, packet size, delay, jitter, packet
loss, packet retransmission; SRT, RTT
What is measured
How it is measured
Type of report
Hourly
Daily
Weekly
Monthly
Display Rate
1 hour
1 day
1 week
1 month
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
March 2012
Executive officers
8-91
Ipanema System

Used to display in a table the following indicators concerning the Application Group traffic:
8-92
Application
Total sessions
Total number of sessions (on ip|engines and/or tele|engines) for ingress

and egress directions.
Total throughput
(kbps)

tele|engines) for ingress and egress directions.
Packet size
(bytes)
Average packet size in bytes (on ip|engines and/or tele|engines) for

ingress and egress directions.
Delay (ms)
Average delay of packets (in ms) for ingress and egress directions.
Jitter (ms)
Delay variation (in ms) for ingress and egress directions.
Packet loss (%)
Percentage of lost IP packet for ingress and egress directions.
Packet retrans.
(%)
Percentage of retransmitted TCP segments for ingress and egress

directions.
SRT (ms)
RTT (ms)
March 2012
8. 8. 5. is - pm - application summary per direction

Performance Monitoring - application summary per direction

What can it do?
Monitored resource
A Domain.


What is measured
How it is measured
March 2012

Delay, jitter, packet loss, packet retransmission, SRT, RTT, packet
size, total sessions, total throughput
8-93
Ipanema System
Type of report
Hourly
Daily
Weekly
Monthly
Display Rate
1 hour
1 day
1 week
1 month
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers

Application
Criticality
Criticality level according to the Application Group name associated to

the application.
8-94

Delay (ms)
Average delay of packets (in ms).
Jitter (ms)
Delay variation (in ms).
Packet loss (%)
Percentage of lost IP packets.
Packet retrans.
(%)
Percentage of retransmitted TCP segments.
SRT (ms)
RTT (ms)
Packet size
(bytes)
Average packet size in bytes (on ip|engines and/or tele|engines).
Total sessions
Total throughput
(kbps)

tele|engines).
March 2012
8. 8. 6. is - pm - traffic topology
Performance Monitoring - traffic topology
March 2012
8-95
Ipanema System
What can it do?

Monitored resource

A Domain.
Total traffic, qualified traffic, Traffic profile (kbps/%time),
packet%/delay threshold, sites and their ingress and egress
throughputs.
What is measured
How it is measured
Type of report
Hourly
Daily
Weekly
Monthly
Display Rate
1 hour
1 day
1 week
1 month
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
The Tables
Total traffic table
Used to display in a table the following indicators concerning the ip|engine traffic or the Domain
traffic:
Packet size
Average packet size (in bytes).
Sessions
Number of sessions during a display period.
Throughput
Average throughput during a display period (kbps).
Volume
Total number of bytes (in MBytes).
Qualified traffic table

Average delay
Average delay of total packets between ip|engines (in ms).
Jitter
Average delay variation (in ms).
Packet loss
Percentage of lost IP packets during a display period.
Packets size
Average packet size (in bytes).
Sessions
Number of qualified sessions during a display period.
Throughput
Number of qualified bits per second at IP level (kbps).
Volume
Total of number of qualified bytes during a display period (in MB).
The graphs
Traffic profile (kbps / % time) graph
8-96
March 2012
Maximum bandwidth reached during the Time percentage:

10
Bandwidth reached during 90% of time during the display period.
30
50
67
80
90
95
98
99
100
Peak rate reached during the display period.

This representation is very useful to get a view of the bandwidth usage.
Case 1: If all values are about the same at 100 kbps this means that during time
throughput is constant and always very close to 100 kbps. If the line is a leased line
of 512 kbps, then this line is over dimensioned and can be reduced at least down to
256 kbps.
Case 2: On the other hand, let us suppose that values are almost all equal to zero
except the 100 value which is very close to 450 kbps: that means the line is used 1%
of the time. We should check the reason of this peak usage.
This representation is useful because it is still meaningful when observed over a long
period of time. A time evolution representation could have masked the bursty behavior
of the line in case 2.
Packet % / Delay threshold (ms) graph

This graph shows the packet delay distribution:
<10
Percentage of packets that had a latency (delay) under 10 ms.
<20
Percentage of packets that had a latency (delay) between 10 and 20 ms.
<50
<100
<200
<500
<1000
<2000
Sites table
Site
List of sites communicating with the resource monitored

in this report.
Throughput ratio LAN=>WAN (%)
The Throughput ratio from this site to the resource

monitored in this report, in percentage.
Throughput ratio WAN=>LAN (%)
The Throughput ratio from the resource monitored in

this report to this site, in percentage.
March 2012
8-97
Ipanema System
8. 8. 7. is - pm - time evolution
Performance Monitoring - time evolution
8-98
March 2012
What can it do?

Monitored resource
What is measured
A Domain.
Delay, jitter, packet loss, throughput, number of sessions.
How it is measured
Type of report
Hourly
Daily
Weekly
Monthly
Display rate
Short reporting
5 minutes
1 hour
4 hours
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
The graphs
Delay (ms), Jitter (ms) graph
LAN average delay: the average LAN-to-LAN delay of total packets (in ms) (Blue).
WAN average delay: the average WAN-to-WAN delay of total packets (in ms) (Orange).
LAN jitter: the average LAN-to-LAN delay variation (in ms) (Light blue).
WAN Jitter: the average WAN-to-WAN delay variation (in ms) (Purple).
Packet loss (%) graph

LAN packet loss : the percentage of lost IP packets between the LAN interfaces of the
ip|engines (Red).
WAN packet loss : the percentage of lost IP packets between the WAN interfaces of the
ip|engines (Pink).
Peak Throughput graph

LAN peak throughput: the maximum encountered LAN-to-LAN throughput during a display
period (Blue).
WAN peak throughput: the maximum encountered WAN-to-WAN throughput during a display
period (Orange).
LAN Throughput graph

Throughput: the number of kbits per second at layer 3 level (light blue).
Goodput: the number of kbits per second above layer 4 level (light green).
Qualified throughput: the number of qualified kbits per second at layer 3 level (dark Blue).
Qualified goodput: the number of qualified kbits per second above layer 4 level (dark green).
Sessions graph: this graph represents the number of sessions per second.
March 2012
8-99
Ipanema System
8. 8. 8. is - pm - detailed per application, per app. group

A group of reports is used to display the throughput of the flows grouped by application and
Application Group.
The following reports are included in this group:
is - pm - detailed per application group

Layer 3 throughput distribution for flows by Application Group in ingress and egress directions.
is - pm - detailed per application - top
Layer 3 throughput distribution for flows by type of application in ingress and egress directions.
is - pm - detailed per application
Layer 3 throughput distribution for flows by type of application in ingress and egress directions.
Performance Monitoring-detailed per application
8-100
March 2012
What can they do?

Monitored resource
These templates are available for the following Metaviews:
What is measured
A Domain.
Throughput.
How it is measured
Type of report
Hourly
Daily
Weekly
Monthly
Display rate
Short reporting
5 minutes
1 hour
4 hours
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
The graph
The Throughput graph represents the layer 3 throughput distribution for the flows per application
or Application Group in kbps.
March 2012
8-101
Ipanema System
8. 8. 9. is - pm - top host application on volume

Performance Monitoring - Top host application on volume

What can it do?
Monitored resource
A Site.
What is measured
Host, application, volume, sessions.
How it is measured
From data collected every minute.
This report does not appear in the hour, day, week and month folders, but in the default
folder. Hour, Day, Week, Month must NOT be selected when creating it with ip|reporter.
Type of report
Default
Display Rate
1 minute
Time Span
1 minute
Life Time
1 week
Audience
Network analysts
Reports creation
The user specifies the filters to create a Metaview then instantiates a report template on the
Metaview. There are the following filters:
A Site.
This report consumes a lot of CPU on the server, and should not be instantiated on
more than 10 sites. As a consequence, it should not be Instantiated by default, but only
when really needed.
Create it with ip|reporter only (do not use the Automatic reporting tool).
The table
Talkers: List of hosts on the site sending data to the other sites (upstream from the
flow).
Listeners: List of hosts on the site receiving data from the other sites (downstream from
the flow).
8-102
March 2012
a session is identified:
For TCP or UDP by the following parameters: source address, destination address,
protocol TCP or UDP, source port and destination port.
For other protocols over IP (for example: ICMP) by the following parameters: source
address, destination address, protocol.
The number of sessions represents the average session activity for the duration of
Correlation Record (by default: T = 1 minute). For example, 2 sessions running during
T plus 3 sessions running during half this period of time will give 3.5 sessions (2 x 1 +
3 x 0.5).
These values are measured over the last display rate. Click successively on any column header to
sort the table by increasing or decreasing values. On the report you can use the time slider to see
the previous values of each indicator. Using the slider presents you with a historical view of each
resource for any moment during the lifetime of the report.
Top host application on volume table
Used to display in a table the following indicators concerning the Top Host application sorted by
maximum volume used.
The Top Host application is limited to 10 hosts for each way.
Host Talkers
IP address of the talker host on the Site (ip|engine).
Application
Talkers
Application name used by the talker host.
Volume (KB)
Talkers
Volume of traffic sent by the talkers host in KBytes.
Sessions Talkers
Number of sessions per second generated by the talker host.
Host Listeners
IP address of the listener host on the Site (ip|engine).
Application
Listeners
Application name used by the listener host.
Volume (KB)
Listeners
Volume of traffic received by the listener host in KBytes.
Sessions
Listeners
Number of sessions per second generated by the listener host.
March 2012
8-103
Ipanema System
8. 9. PM COMPRESSION REPORTS
8. 9. 1. is - pm - compression evolution
Compression Table
Compression Evolution
What can it do?
Monitored resource

A Domain.
Total LAN throughput (without compression), total WAN throughput
(with compression), compressed throughput, saved throughput.
What is measured
How it is measured
8-104
March 2012
Type of report
Hourly
Daily
Weekly
Monthly
Display rate
Short reporting
5 minutes
1 hour
4 hours
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
The graphs
Ingress Throughput (compress) graph:
LAN Throughput : the Total throughput (in kbps) before compression (Blue curve), on the LAN
interface of the ip|engine.
WAN Throughput: the Total throughput (in kbps) after compression (Orange curve), on the
WAN interface of the ip|engine for all flows (compressed and non-compressed flows).
Compressed: the Throughput of the compressed flows (flows classified in Application Group
enabled for compression and going to ip|engines) (Orange area).
Saved: the Throughput saved on the compressed flows (flows classified in Application Group
enabled for compression and going to ip|engines) (Blue area).
Egress Throughput (decompress) graph
LAN Throughput : the Total throughput (in kbps) before compression (Blue curve), on the LAN
interface of theip|engine.
WAN Throughput: the Total throughput (in kbps) after compression (Orange curve), on the
WAN interface of the ip|engine for all flows (compressed and non-compressed flows).
Compressed: the Throughput of the compressed flows (flows classified in Application Group
enabled for compression and going to ip|engines) (Orange area).
Saved: the Throughput saved on the compressed flows (flows classified in Application Group
enabled for compression and going to ip|engines) (Blue area).
March 2012
8-105
Ipanema System
8. 9. 2. is - pm - application group compression synthesis

Compression Table
Compression Synthesis AG
8-106
March 2012
What can it do?

Monitored resource

A Domain.
Volume per Application Group (compressed, saved), LAN input,
Comp. input, Comp. output, Comp. factor, Comp. ratio.
What is measured
How it is measured
Type of report
Hourly
Daily
Weekly
Monthly
Display Rate
1 hour
1 day
1 week
1 month
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
The graphs
Ingress Volume (compress) graph:
Compressed volume (MB): for each Application Group, the total compressed volume (flows
classified in Application Group enabled for compression and going to ip|engines) in MB for the
ingress way (Orange area).
Saved Volume (MB): for each Application Group, the total saved volume (flows classified in
Application Group enabled for compression and going to ip|engines) in MB for ingress way
(Blue area).
Egress Volume (decompress) graph
Compressed volume (MB): for each Application Group, the total compressed volume (flows
classified in Application Group enabled for compression and going to ip|engines) in MB for the
egress way (Orange area).
Saved Volume (MB): for each Application Group, the total saved volume (flows classified in
Application Group enabled for compression and going to ip|engines) in MB for egress way
(Blue area).
March 2012
8-107
Ipanema System
The tables
Ingress Volume (compress) and Egress Volume (decompress) by Application Group table
Used to display for each Application Group, for all traffic in ingress and egress directions, the
volume (in MB) before and after compression, and the compression ratio.
In each column of the table,

LAN Volume (MB)
For each Application Group, the total volume of flows classified in

Application Group in MB (compressed and non-compressed flows); this
volume is measured on the LAN interface of the ip|engine.
Comp. input (MB)
For each Application Group, the total compressible volume (flows

classified in Application Group enabled for compression and going to
ip|engines) in MB before compression; this volume is measured on the
LAN interface of the ip|engine.
Comp. output
(MB)
For each Application Group, the total compressed volume (flows classified
in Application Group enabled for compression and going to ip|engines)
in MB after compression; this volume is measured on the WAN interface
of the ip|engine.
Comp. factor
For each Application Group, the compression factor is calculated by the

formula: Comp. input/Comp. output).
Comp. ratio (%)
For each Application Group, the compression ratio represents the

percentage of compression.
Ingress Volume (compress) and Egress Volume (decompress) table

Used to display the total of volume for all traffic in the ingress and egress directions, the volume
(in MB) before and after compression, and the compression ratio. For the parameters see the
explanation in the table above.
8-108
March 2012
8. 9. 3. is - pm - application compression synthesis

Compression Table
Compression Synthesis Application
March 2012
8-109
Ipanema System
What can it do?

Monitored resource

A Domain.
Volume per application (compressed, saved), LAN input, Comp.
input, Comp. output, Comp. factor, Comp. ratio.
What is measured
How it is measured
Type of report
Hourly
Daily
Weekly
Monthly
Display Rate
1 hour
1 day
1 week
1 month
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
The graphs
Ingress Volume (compress) graph:
Compressed volume (MB): for each Application, the total compressed volume (flows classified
in Application Group enabled for compression and going to ip|engines) in MB for the ingress
way (Orange area).
Saved Volume (MB): for each Application, the total saved volume (flows classified in Application
Group enabled for compression and going to ip|engines) in MB for ingress way (Blue area).
Egress Volume (decompress) graph
8-110
Compressed volume (MB): for each Application, the total compressed volume (flows classified
in Application Group enabled for compression and going to ip|engines) in MB for the egress
way (Orange area).
Saved Volume (MB): for each Application, the total saved volume (flows classified in Application
Group enabled for compression and going to ip|engines) in MB for egress way (Blue area).
March 2012
The tables
Ingress Volume (compress) and Egress Volume (decompress) by Application table
Used to display for each Application, for all traffic in ingress and egress directions, the volume (in
MB) before and after compression, and the compression ratio.
In each column of the table,

LAN Volume (MB)
For each Application, the total volume of flows classified in Application

Group in MB (compressed and non-compressed flows); this volume is
measured on the LAN interface of the ip|engine.
Comp. input (MB)
For each Application, the total compressible volume (flows classified in

Application Group enabled for compression and going to ip|engines) in
MB before compression, this volume is measured on the LAN interface
of the ip|engine.
Comp. output
(MB)
For each Application, the total compressed volume (flows classified in

Application Group enabled for compression and going to ip|engines) in
MB after compression, this volume is measured on the WAN interface
of the ip|engine.
Comp. factor
For each Application, the compression factor is calculated by the formula:

Comp. input/Comp. output).
Comp. ratio (%)
For each Application, the compression ratio represents the percentage

of compression.
Ingress Volume (compress) and Egress Volume (decompress) table

Used to display the total volume for all traffic in the ingress and egress directions, the volume (in MB)
before and after compression, and the compression ratio. For the parameters see the explanation
in the table above.
March 2012
8-111
Ipanema System
8. 10. ACC (ACCELERATION) REPORT

8. 10. 1. is - acc - acceleration evolution
Acceleration Table
Acceleration Evolution
What can it do?
Monitored resource

A Domain.
MRE factor, Acceleration factors, number of new sessions, number
of active sessions
What is measured
How it is measured
8-112
March 2012
Type of report
Hourly
Daily
Weekly
Monthly
Display rate
Short reporting
5 minutes
1 hour
4 hours
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
The graphs
Acceleration Factors graphs:
MRE factor(Multiple Redundancy Elimination): compressible volume (measured on the LAN

interface of the ip|engine, before compression) / compressed volume (measured on the WAN
interface of the ip|engine, after compression).
Acceleration factor: the response time that would have been measured without TCP
acceleration (computed with the following hypotheses: TCP window size equal to 64 Kbytes
and MSS equal to 1400 bytes) / Response time of the accelerated sessions.
Accelerated session:
Number of new sessions: number of new sessions.

Number of active sessions: number of active sessions.
March 2012
8-113
Ipanema System
8. 11. CIFS REPORT

8. 11. 1. is - cifs - time evolution
CIFS acceleration Table
CIFS - Time evolution
8-114
March 2012
What can it do?

Monitored resource

A Domain.
CIFS throughput, CIFS verbosity, Acceleration factor, number of
active sessions
What is measured
How it is measured
Type of report
Hourly
Daily
Weekly
Monthly
Display rate
Short reporting
5 minutes
1 hour
4 hours
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
The graphs
Throughput graph: CIFS throughput, in kbps.
Requests graphs:
from client: number of SMB messages sent by clients.

to server: number of SMB messages sent to servers.
Acceleration factor graph: number of SMB messages sent by clients divided by the number of
SMB messages sent to servers.
Active Sessions graph: number of active CIFS sessions.
March 2012
8-115
Ipanema System
8. 12. VOIP REPORTS

Ipanema Technologies VoIP reports provide easy-to-use data for Voice over IP. Using information
gathered from ip|engines performance measurement function, then aggregated by the ip|boss
central management software, VoIP reports generate for Voice over IP per Codec specific metrics
like the MOS (Mean Opinion Score).
MOS definition
The data generated by the VoIP module is available throughout the whole Ipanema System.
ip|boss makes them available through the SNMP interface, ip|reporter uses them to generate
the appropriate easy to use reports.
8-116
March 2012
8. 12. 1. is - voip - synthesis

VoIP Table
VoIP Synthesis
What can it do?
Monitored resource
What is measured
A Domain .
MOS distribution ingress and egress direction per Codec
How it is measured
Type of report
Hourly
Daily
Weekly
Monthly
Display rate
1 hour
1 day
1 week
1 month
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
The graphs
MOS distribution graph
MOS range reached in percentage of Time.
March 2012
8-117
Ipanema System
[1,3]
MOS between 1 and 3 in percentage of time during the display period.
[3,3.5]
MOS between 3 and 3.5 in percentage of time during the display period.
[3.5,4]
MOS between 3.5 and 4 in percentage of time during the display period.
[4,4.5]
MOS between 4 and 4.5 in percentage of time during the display period.
[4.5,5]
MOS between 4.5 and 5 in percentage of time during the display period.
This representation is very useful to get a view of Voice over IP quality.
MOS example
8-118
March 2012
8. 12. 2. is - voip - time evolution

VoIP Table
VoIP Time Evolution
March 2012
8-119
Ipanema System
What can it do?

Monitored resource

A Domain.
MOS, delay, jitter, packet loss, sessions for ingress and egress
direction
What is measured
How it is measured
Type of report
Hourly
Daily
Weekly
Monthly
Display rate
Short reporting
5 minutes
1 hour
4 hours
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
The graphs
MOS graph:
Maximum MOS: the maximum MOS (Red) per Codec.

Average MOS: the average MOS (Blue) per Codec.
Minimum MOS: the minimum MOS (Green) per Codec.
Jitter: the average delay variation (in ms) (Yellow).
Delay (ms), Jitter (ms) graph:
Delay (ms): the average delay (in ms) (Blue) per Codec.
Jitter: the average delay variation (in ms) (Yellow) per Codec.
Packet loss (%) graph

This graph represents the percentage of lost IP packets between ip|engines per Codec.
Sessions graph:
8-120
Sessions: the number of sessions per second in direction of tele|engines (light blue).
Qualified sessions: the number of qualified sessions per second (between ip|engines) (dark
Blue).
Peak sessions: the peak sessions curve displays maximum encountered value during a display
rate.
March 2012
8. 13. SA (SITE ANALYSIS) REPORTS

This chapter is divided into sections that correspond to each report template. A report description
includes an overview of the report features, a graphical representation of the report, a detailed
description of the report, and finally a suggested way of using the report.
8. 13. 1. is - sa - site summary ingress

Site Analysis Table
Site Analysis - site summary ingress

What can it do?
Monitored resource
What is measured
A Domain.
A list of Sites.
A Key or a list of Keys.
Throughput to (physical) ip|engines, no correlation, to (virtual)
tele|engines, to Out of Domain, transit, other, locally rerouted, Non
IPv4 WAN, ignored LAN
How it is measured
Type of report
Hourly
Daily
Weekly
Monthly
Display Rate
1 hour
1 day
1 week
1 month
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
The table
Used to display for ip|engines (in the Domain, list of sites, list of keys) the information concerning
the following indicators:
Site
To physical ipe
(kbps)
Ingress throughput in kbps to (physical) ip|engines.
No correlation
(kbps)
Ingress throughput in kbps with No correlation, if the throughput is a

major part of the total traffic it may be a configuration error in the subnet,
or some flows are not seen end to end between ip|engines.
To Virtual ipe
(kbps)
Ingress throughput in kbps to tele|engines.
To out of Domain
(kbps)
Ingress throughput in kbps to subnet 0.0.0.0/0 (Out Of Domain subnet).
March 2012
8-121
Ipanema System
8-122
Transit (kbps)
Ingress throughput in kbps for transit flows.
Other (kbps)
Ingress throughput in kbps for Other traffic; in fact Other traffic contains
Multicast traffic, Broadcast traffic, local traffic.
Locally rerouted
(kbps)
Ingress throughput in kbps for rerouted traffic.
Non ipv4 WAN

(kbps)
Ingress throughput in kbps for non IPv4 traffic (Apple Talk, IPX, SNA,
IPv6).
Ignored LAN
(kbps)
Ingress throughput in kbps for Ignored LAN traffic (BPDU, Spanning

tree, loopback, ARP frames...).
March 2012
8. 13. 2. is - sa - site summary egress

Site Analysis Table
Site Analysis - site summary egress

What can it do?
Monitored resource
What is measured
A Domain.
A list of Sites.
Throughput from (physical) ip|engines, no correlation, from (virtual)
tele|engines, from Out of Domain, transit, other, locally rerouted,
Non IPv4 WAN, ignored LAN
How it is measured
Type of report
Hourly
Daily
Weekly
Monthly
Display Rate
1 hour
1 day
1 week
1 month
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
The table
Used to display for ip|engines (in the Domain, list of sites, list of keys) the information concerning
the following indicators:
Site
To physical ipe
(kbps)
Egress throughput in kbps to (physical) ip|engines.
No correlation
(kbps)
Egress throughput in kbps with No correlation; if the throughput is a

major part of the total traffic may be a configuration error in the subnet, or
some flows are not seen end to end between ip|engines.
To Virtual ipe
(kbps)
Egress throughput in kbps to tele|engines.
To out of Domain
(kbps)
Egress throughput in kbps to subnet 0.0.0.0/0 (Out Of Domain subnet).
Transit (kbps)
Egress throughput in kbps for transit flows.
Other (kbps)
Egress throughput in kbps for Other traffic; in fact Other traffic contains
Multicast traffic, Broadcast traffic, local traffic.
Locally rerouted
(kbps)
Egress throughput in kbps for rerouted traffic.
March 2012
8-123
Ipanema System
8-124
Non ipv4 WAN

(kbps)
Egress throughput in kbps for non IPv4 traffic (Apple Talk, IPX, SNA,
IPv6).
Ignored LAN
(kbps)
Egress throughput in kbps for Ignored LAN traffic (BPDU, Spanning

tree, loopback, ARP frames...).
March 2012
8. 13. 3. is - sa - site throughput

Site Analysis Table
Site Analysis - site throughput

What can it do?
Monitored resource
What is measured
How it is measured
This template is available for the following Metaview:

A Site.
Ethernet throughput: IPv4, Apple Talk, IPX, SNA, IPv6, ignored
LAN.
IPv4 throughput: to/from (physical) ip|engines, no correlation,
to/from (virtual) tele|engines, to/from Out of Domain, transit, other,
locally rerouted, Non IPv4 WAN
Type of report
Hourly
Daily
Weekly
Monthly
Display rate
Short reporting
5 minutes
1 hour
4 hours
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
March 2012
Executive officers
8-125
Ipanema System
The graphs
Used to display for each ip|engine the information concerning the following indicators:
Ethernet-Throughput (kbps) graphs:
IPv4 (kbps): Ingress or egress throughput in kbps for IPv4 traffic.

Apple Talk (kbps): Ingress or egress throughput in kbps for Apple Talk traffic..
IPX (kbps): Ingress or egress throughput in kbps for IPX traffic.
SNA (kbps): Ingress or egress throughput in kbps for SNA traffic.
IPV6 (kbps): Ingress or egress throughput in kbps for IPv6 traffic.
Ignored LAN (kbps): Ingress or egress throughput in kbps for Ignored LAN traffic (BPDU,
Spanning tree, loopback, ARP frames...).
IPv4 -Throughput (kbps) graphs:
8-126
To physical ipe (kbps): Ingress or egress throughput in kbps to (physical) ip|engines.

No correlation (kbps): Ingress or egress throughput in kbps with No correlation, if the
throughput is a major part of the total traffic may be a configuration error in the subnet, or some
flows are not seen end to end between ip|engines.
To Virtual ipe (kbps): Ingress or egress throughput in kbps to tele|engines.
To out of Domain (kbps): Ingress or egress throughput in kbps to subnet 0.0.0.0/0 (Out Of
Domain subnet).
Transit (kbps): Ingress or egress throughput in kbps for transit flows.
Other (kbps): Ingress or egress throughput in kbps for Other traffic, in fact Other traffic
contains Multicast traffic, Broadcast traffic, local traffic.
Locally rerouted (kbps): Ingress or egress throughput in kbps for rerouted traffic.
March 2012
8. 14. FI (FAULT ISOLATION) REPORTS

8. 14. 1. is - fi - availability - evolution
Fault Isolation Table
Fault Isolation - availability - evolution
March 2012
8-127
Ipanema System
What can it do?

Monitored resource

A Domain.
Status down, Status up, synchronization loss, highest CPU load,
WAN overload (%).
What is measured
How it is measured
Type of report
Hourly
Daily
Weekly
Monthly
Display rate
Short reporting
5 minutes
1 hour
4 hours
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
The graphs
Used to display for ip|engines the information concerning the following indicators:
Status Down graph
This graph represents the Unavailability status of the ip|engine seen by the management system:
100%: All ip|engines detected as unavailable.

xx %: the percentage of ip|engines detected as unavailable.
0%: No ip|engine detected as unavailable.
Status Up graph
This graph represents the Availability status of the ip|engine seen by the management system:
100%: All ip|engines detected as available.

xx %: the percentage of ip|engines detected as available.
0%: No ip|engine detected as unavailable.
Synchronization loss graph

This graph represents the Synchronization loss status of the ip|engine:
100%: All ip|engines not synchronized.

xx %: percentage of ip|engines detected as not synchronized.
0%: All ip|engines synchronized.
Highest CPU load graph

This graph represents the highest CPU load of all ip|engines in percent if the reports is instantiated
on a list of ip|engines, or CPU load of the selected ip|engine in percent if the report is instantiated
on a single ip|engine.
WAN Overload graph
This graph represents the Overload status of the ip|engine (the WAN throughput exceeds the
capacity of the ip|engine):
8-128
100%: All ip|engines overloaded.

xx %: percentage of ip|engines detected as overload.
0%: no overloaded ip|engine.
March 2012
The availability and/or unavailability is linked to the managers ability to reach an

ip|engine in the Domain.
March 2012
8-129
Ipanema System
8. 14. 2. is - fi - availability - overview

Fault Isolation Table
Fault Isolation - Availability - Overview

What can it do?
Monitored resource
This template is available for the following Metaview:

A Domain .
Site, Status down (%), Status up (%), synchronized (%), highest
CPU load, WAN overload (%).
What is measured
How it is measured
Type of report
Hourly
Daily
Weekly
Monthly
Display Rate
1 hour
1 day
1 week
1 month
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
The table
Used to display for each ip|engine the information concerning the following indicators:
Site
Down Status (%)
Unavailability status of the ip|engine seen by the management system.
Up Status (%)
Availability status of the ip|engine seen by the management system.
8-130
100%: the ip|engine is detected as unavailable during a whole display

period.
xx %: the percentage of time during which the ip|engine is detected as
unavailable during a display period.
0%: the ip|engine is not detected as unavailable during a display
period.
100%: the ip|engine is detected as available during a whole display

period.
available during a display period.
0%: the ip|engine is not detected as available during a display period.
March 2012
Synchronization
loss (%)
Synchronization status of the ip|engine.
100%: the ip|engine is not synchronized during a display period.

not synchronized during a display period.
0%: the ip|engine is synchronized during a whole display period.
Highest CPU load
Highest CPU load of ip|engines in percent if the reports is instantiated on

a list of ip|engines, or CPU load of an ip|engine in percent if the report is
instantiated on a single ip|engine, during a display period.
WAN Overload
(%)
Overload status of the ip|engine (the WAN throughput exceeds the

capacity of the ip|engine)
100%: the ip|engine is overloaded during a whole display period.

overload during a display period.
0%: the ip|engine not overloaded during a display period.
The availability and/or unavailability is linked to the managers ability to reach an

ip|engine in the Domain.
March 2012
8-131
Ipanema System
8. 15. SP (SMARTPLANNING) REPORTS

8. 15. 1. is - sp - profile
Smartplanning Table
Smartplanning Profile
What can it do?
8-132
Monitored resource
What is measured
A Site,
Throughput (kbps), Right Size (kbps)
How it is measured
Type of report
Hourly
Daily
Weekly
Monthly
Display rate
1 hour
1 day
1 week
1 month
Time Span
1 hour
1 day
1 week
1 month
Life Time
24 hours
7 days
5 weeks
12 months
Audience
Network analysts
Executive officers
March 2012
The graphs
Used to display, for each site (ip|engine) in the Domain, for all traffic in the ingress and egress
direction, the throughput (in kbps) and right size (in kbps), by criticality level (top, high, medium
and low) per percentage of time.
The bargraph top shows the bandwidth for top critical flows.
The bargraph high shows the bandwidth for top and high critical flows.
The bargraph medium shows the bandwidth for top, high and medium critical flows.
The bargraph low shows the bandwidth for top, high, medium and low critical flows.
On a flow per flow basis, smartplanning takes into account the traffic demand (the per-session
objective bandwidth, as set in corresponding Application Group), the actual network usage (from
measurement function) and the existence, or not, of local or distant congestions (from the QoS &
control function). Flows elasticity is also estimated and taken into account.
Then smartplanning aggregates this data according to access and criticality, and produces the
following information:
the actual traffic usage (what has been exchanged on the network) per percentage of time;
the right size value (estimated access size to match objectives, including correction for
end-to-end congestions and flows elasticity) per percentage of time.
Smartplanning generates two metrics:
The actual usage Throughput (in kbps) is carried out by the measurement module of the
Ipanema System. The original data produced is processed to be aggregated by criticality level
and by access.
The access right size Right Size (in kbps) presents for the site per criticality refined estimate
of the necessary access bandwidth to match the service level according to the percentage of
time, taking into account the flow matrix, end-to-end congestions as well as characteristics of
the flows. Depending on actual traffic nature and congestion status, it can be equal to or smaller
than the traffic demand.
March 2012
8-133
Ipanema System
8. 15. 2. is - sp - synthesis
Smartplanning Table
Smartplanning Synthesis
8-134
March 2012
What can it do?

Monitored resource

A Domain.
A list of Sites.
Throughput (kbps), Estimated bandwidth for the next 3 months
(kbps), Estimated bandwidth for the next year (kbps)
What is measured
How it is measured
Type of report
Daily
Display rate
1 day
Time Span
1 day
Life Time
1 day
Audience
Executive officers
The tables
A table is provided per each level of criticality you want to take into account (top top and high
top, high and medium top to low).
Used to display for each site (ip|engine) in the Domain, per selected level of criticality for all traffic
in the ingress and egress directions, the throughput (in kbps), and the trends for the next 3 months
and for the next year per percentile of time.
For each level of criticality, 2 tables are provided:
The bandwidth and its trends for the next 3 months and next year,
The right size and its trends for the next 3 months and next year,
On a flow per flow basis, smartplanning takes into account the traffic demand (the per-session
objective bandwidth, as set in corresponding Application Group), the actual network usage (from
measurement function) and the existence, or not, of local or distant congestions (from the QoS &
control function). Flows elasticity is also estimated and taken into account.
Then smartplanning aggregates these data according to access and criticality, and produces the
following information:
the actual traffic usage (what has been exchanged on the network) per percentage of time;
the estimated traffic value (estimated access size to match objectives, including correction for
end-to-end congestions and flows elasticity) for the next 3 months and for the next year per
percentage of time.
Smartplanning generates three metrics:
The actual usage Throughput (in kbps) is carried out by the measurement module of the
Ipanema System. The original data produced is processed to be aggregated by criticality level
and by access.
The estimated Throughput (in kbps) for the next 3 months according to the network activity
of the past 3 months.
The estimated Throughput (in kbps) for the next year according to the network activity of the
past year.
March 2012
8-135
Ipanema System
8. 16. EXPORTING THE REPORTS DATA WITH IP|EXPORT

ip|export installation
The goal of ip|export is to automate scheduled data exports from InfoVista Server Database.
The process exports values from specified sets of existing indicators and instances and produces
outputs files on a given regular period.
All expected parameters by the process are given in input as an XML configuration file, which
contains a list of tasks. Each task describes an export action with filter expressions on Domain,
MediaView, Indicator names and many other parameters such as the type of output files, field
separator, schedule period, etc. (Please refer to ip|export configuration.)
Reports displaying the requested indicators must by running at all time to allow ip|export to export
them.
8. 16. 1. ip|export output files and directory

All output files are stored in the directory indicated in ip|export XML configuration files <export>
block. If "sliptbydomain=true" then output files are classified under subdirectories that correspond
to their domain names.
All files are stored in this directory, so there are three things the user should do:
create the given output directory (ip|export process will not create it automatically),
make sure that the disk space is always enough to store the new output files,
clean or move old output files (ip|export process will not clean them automatically).
Output files are named with the following naming convention:
<taskname>_<epochtime>.<ext>" if "splitbyparams=false", or
<taskname>_<params>_<epochtime>.<ext>" if "splitbyparams=true".
where:
8-136
taskname:
name of the task as described in the XML configuration file
params:
if "splitbyparams=true", then one file per detected parameter is generated.

If more than one parameter is returned, they are concatenated with the
underscore "_" character. If no parameter is returned then the filename is
identical to the first expression. (optional)
epochtime:
GMT(UTC) date and time of the beginning of the analyzed period in number
of seconds since January 1st 1970.
ext:
file extension depending on the output file format as described in the XML
configuration file (txt, csv, xls or xml).
March 2012
8. 16. 2. ip|export log file

ip|export produces a historical log of all actions, warnings or failures that occur. This log file is
named "ipm_export.log", located in the temporary directory (Windows: %TEMP%, Solaris: $TMP).
The format of the log file is as fiollows:
DateTime | Type | Description
where:
DateTime:
GMT(UTC) date and time with the following format: %Y/%m/%d-%H:%M:%S
Type:
Message type; it can take one of the following values:
Description:
INFO: for an informative message

WARN: for a warning message
ERROR: for an error message
FATAL: for an unexpected error causing program to stop
DEBUG: for debug message if debugging has been activated
A description (characters string)
8. 16. 3. ip|export command usage

The ipm_export command syntax is as follows:
ipm_export [-config file <filename>] [-verbose]
ipm_export -help|?
ipm_export -version
where:
-configfile:
set the configuration file; by default it is looking for "ipm_export.xml
-verbose:
enable the verbose mode (disabled by default)
-version:
display current version number
-help|?:
print this help usage
March 2012
8-137
Ipanema System
8. 16. 4. ip|export output file formats

The possible output formats are text (.txt), csv, Excel (.xls) and eXtended Markup Language (.xml),
as described in the XML configuration file, for each task.
For text files, the field separator can be set in the XML configuration file; by default the pipe (|) is
used.
For all output formats, the columns order is always as follows:
datetime:
date and time with the specified given format; if no format is provided then it
uses the raw Epoch time (number of seconds since January 1st 1970)
domain:
name of the domain (if "splitbydomain=true" then this column does not appear)
(optional)
metaview:
name of the metaview.
indicator
name of the Indicator; if a rename entry is found for the indicator then the
new indicator name is used
params:
parameters separated with comma (if "splitbyparams=true" then this column

does not appear) (optional)
value:
value computed by the InfoVista Server
Examples
Example of text file
2010/05/04 15:00:00|default|Site: Paris|ingress throughput L3 - L4 - qualified||1340

2010/05/04 15:00:00|default|Site: Paris|ingress throughput L3 - L4 - unqualified||0
2010/05/04 15:00:00|default|Site: Paris|ingress throughput L4 - qualified||26660
2010/05/04 15:00:00|default|Site: Paris|ingress throughput L4 - unqualified||0
....
Example of csv file
2010/05/04 15:00:00;default;Site: Paris;ingress throughput L3 - L4 - qualified;;1340

2010/05/04 15:00:00;default;Site: Paris;ingress throughput L3 - L4 - unqualified;;0
2010/05/04 15:00:00;default;Site: Paris;ingress throughput L4 - qualified;;26660
2010/05/04 15:00:00;default;Site: Paris;ingress throughput L4 - unqualified;;0
...
8-138
March 2012
Example of xml file
<?xml version="1.0"?>
<data>
<slot>
<datetime>2010/05/04 15:00:00</datetime>
<domain>default</domain>
<metaview>Site: Paris</metaview>
<indicator> ingress throughput L3 - L4 <params></params>
value>1340</value>
</slot>
<slot>
value>0</value>
</slot>
<slot>
value>26660</value>
</slot>
<slot>
value>0</value>
</slot>
...
</data>
qualified </indicator>
unqualified</indicator>
Example of xls file

A
E F
2010/05/04 default
15:00:00
Site: Paris
ingress throughput L3 - L4 - qualified
1340
2010/05/04 default
15:00:00
Site: Paris
ingress throughput L3 - L4 - unqualified
2010/05/04 default
15:00:00
Site: Paris
ingress throughput L4 - qualified
26660
2010/05/04 default
15:00:00
Site: Paris
ingress throughput L4 - unqualified
2010/05/04 default
14:59:00
Site: Paris
ingress throughput L3 - L4 - qualified
1340
2010/05/04 default
14:59:00
Site: Paris
ingress throughput L3 - L4 - unqualified
2010/05/04 default
14:59:00
Site: Paris
ingress throughput L4 - qualified
26660
...
...
...
... ...
March 2012
...
8-139
CHAPTER 9. SOFTWARE LICENSE TERMS

To use the Ipanema software modules (the Software), the End User must be granted a license
(the License) directly by Ipanema Technologies (Ipanema) or through a duly authorized reseller
(the Reseller). This License is defined by the following terms:
9. 1. GRANT OF RIGHTS TO USE AND INTELLECTUAL

PROPERTY
The rights granted to the End User to use the software is non-exclusive, non-transferable,
non-convertible and restricted to the use of the software for the exclusive purpose of installation
and operation of the Ipanema System in accordance with the recommendations and instructions of
Ipanema, issued in any form including the Ipanema technical documentation (theDocumentation).
Ipanema owns and shall retain all rights, title and interest in and to the Software and the
Documentation, and any copies, customized versions, corrections, bug fixes, updates,
enhancements, new versions, or other modifications to the Software, including all copyrights,
patents, trade secret rights, trademarks and other intellectual property rights therein. The license
granted under this Agreement does not provide the End User with title to, ownership of or any
proprietary right to the software and the documentation, but only a right of limited use according
to the terms of this License.
The right to use the Software does not include the right for copying, modifying, disassembling,
de-compiling, decoding, reverse engineering, or any derivative usage of the products, to the extent
permitted by applicable law.
According to software modules, the right to use is associated either with either a specific Ipanema
System configuration or by a certain number of ISUs (Ipanema Software Units) as described in
the commercial proposal or the contract.
The right to use software modules bound to ISUs within an Ipanema System can be transferred by
the End User to other such modules in the same Ipanema System as long as the corresponding total
number of ISUs is not exceeded. Any other modification of the configuration will modify the already
granted right to use and must be described in a subsequent commercial proposal or contract.
9. 2. OPEN SOURCE LICENSES

Some components of the Ipanema software may be covered under one or more of the open source
licenses below. The Ipanema warranty for these modules apply as they are used embedded in
the entire product. For licenses that require it, machine readable copies of modifications made
by Ipanema are available upon request. Complete license texts can be found at the following
addresses or by connecting to ip|engines (using the license command at login):
Apache License The Apache Software Licence, Version 1.1 and 2.0 http://www.apache.org
BSD 1.0 License http://opensource.org
GNU General Public License (GPL) Version 2, June 1991 http://www.fsf.org
GNU Lesser General Public License (LGPL) Version 2.1, February 1999 http://www.fsf.org
9. 3. TERM AND TERMINATION

The grant of this License is dependent on payment of the Initial Software License Fee, and shall
be effective as of the shipment date of the Software license key.
Should the End User fail to comply with any of the terms and conditions of this License, Ipanema
or its Reseller shall be entitled to terminate the License. Such termination shall be effective fifteen
March 2012
9-1
Ipanema System
(15) days after formal demand requiring correction of the breach shall have been sent by registered
post with return receipt requested without the breach having been so corrected.
In the event of termination of this license, the End User shall:
immediately de-install the Ipanema software;

pay to Ipanema or its Reseller all sums remaining due as at the date of termination.
9. 4. SOFTWARE MEDIA WARRANTY

Ipanema warrants that original data supports are free from defects in materials and workmanship,
assuming normal use, for a period of ninety (90) days from date of shipment.
Ipanemas sole and exclusive liability and the End Users sole and exclusive remedy under this
limited warranty shall be to replace the defective media on which the Software is recorded free of
charge. This remedy is available only if Ipanema is promptly notified in writing, within the warranty
period, upon discovery of the defect by the End User.
9. 5. SOFTWARE WARRANTY
Ipanema warrants that the software performs substantially according to its documentation for a
period of ninety (90) days from date of shipment of the software license key.
Ipanemas sole and exclusive liability and the End Users sole and exclusive remedy under this
limited warranty shall be, at Ipanemas election, to provide corrective maintenance services to
correct the Ipanema software if it doesnt perform as warranted within the warranty period or to
replace it free of charge with a corrected version.
The limited warranty set forth in this article shall not apply to any non conformity that is caused
by: (a) the End Users misuse or improper use of the software, including, without limitation, the
use or operation of the software with an application or in an environment other than that specified
by Ipanema, or introduction of data into any data structures or tables used by the software by any
means other than use of the software; (b) any third party software or hardware; (c) any modifications
or alterations of or additions to the software performed by parties other than Ipanema; or (d) the
End Users failure to implement all problem corrections and new releases.
9. 6. DISCLAIMER
THE EXPRESS REPRESENTATIONS, WARRANTIES AND CONDITIONS OF IPANEMA
SET FORTH IN THIS DOCUMENT ARE IN LIEU OF ALL OTHER REPRESENTATIONS,
WARRANTIES AND CONDITIONS, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED
TO, IMPLIED REPRESENTATIONS, WARRANTIES AND CONDITIONS OF MERCHANTABLE
QUALITY, MERCHANTABILITY, TITLE, DURABILITY OR FITNESS FOR A PARTICULAR
PURPOSE AND THOSE ARISING BY STATUTE OR OTHERWISE IN LAW OR FROM A COURSE
OF DEALING OR USAGE OF TRADE. IPANEMA DOES NOT REPRESENT OR WARRANT
THAT: (A) THE SOFTWARE WILL MEET END USERSS BUSINESS REQUIREMENTS; (B)
THE OPERATION OF THE SOFTWARE WILL BE ERROR-FREE OR UNINTERRUPTED; OR
(C) THAT ALL PROGRAMMING ERRORS CAN BE FOUND AND CORRECTED. THE END
USER IS RESPONSIBLE FOR TAKING PRECAUTIONARY MEASURES TO PREVENT THE
LOSS OR DESTRUCTION OF THE END USERS DATA, INCLUDING WITHOUT LIMITATION,
MAKING REGULAR BACKUPS AND VERIFYING THE RESULTS OBTAINED FROM USING THE
SOFTWARE, AND IPANEMA SHALL HAVE NO OBLIGATIONS OR LIABILITY WHATSOEVER
WITH RESPECT TO SUCH LOSS, DESTRUCTION OR USE UNLESS CAUSED BY THE
WILFUL MISCONDUCT OF IPANEMA.
WITHOUT LIMITING THE GENERALITY OF THE FOREGOING DISCLAIMERS, IPANEMA
EXPRESSLY DISCLAIMS ANY REPRESENTATIONS, WARRANTIES AND CONDITIONS
REGARDING THE PERFORMANCE CHARACTERISTICS OF THE SOFTWARE, INCLUDING
RESPONSE TIMES, MACHINE USAGE AND OTHER OPERATING CHARACTERISTICS, ON
ANY PARTICULAR COMPUTER EQUIPMENT. IPANEMA SHALL HAVE NO RESPONSIBILITY
FOR THE SELECTION, INSTALLATION AND MAINTENANCE OF THE COMPUTER
EQUIPMENT ON WHICH THE PROGRAMS AND THIRD PARTY SOFTWARE ARE TO
OPERATE.
9-2
March 2012
software license terms
FOR ANY BREACH OF THIS AGREEMENT OR ANY OTHER CLAIM ARISING FROM OR
RELATED TO THIS AGREEMENT GIVING RISE TO LIABILITY, IPANEMAS ENTIRE LIABILITY
SHALL BE LIMITED TO THE END USERS ACTUAL DIRECT, PROVABLE DAMAGES IN AN
AMOUNT NOT TO EXCEED IN THE AGGREGATE, THE TOTAL LICENSE FEES PAID BY THE
END USER FOR THE SOFTWARE THAT IS THE SUBJECT MATTER OF THE CLAIM.
IN NO EVENT SHALL IPANEMA OR ITS RESELLER BE LIABLE FOR LOSS OF PROFITS, LOSS
OF BUSINESS REVENUE, LOSS OF DATA, FAILURE TO REALIZE EXPECTED PROFITS OR
SAVINGS OR ECONOMIC LOSS OF ANY KIND, OR FOR ANY INDIRECT, CONSEQUENTIAL,
SPECIAL, INCIDENTAL OR PUNITIVE LOSSES OR DAMAGES, OR FOR ANY CLAIM AGAINST
END USER BY ANY OTHER PERSON, EVEN IF IPANEMA OR ITS RESELLER HAS BEEN
ADVISED OF OR COULD REASONABLY FORESEE THE POSSIBILITY OF ANY SUCH
DAMAGE OCCURRING.
THE LIMITATIONS SHALL APPLY REGARDLESS OF THE FORM OF ACTION, WHETHER
BASED ON CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR
OTHER LEGAL OR EQUITABLE THEORY, INCLUDING A BREACH OF A CONDITION OR
FUNDAMENTAL TERM OR FUNDAMENTAL BREACH OR BREACHES. THE LIMITATIONS
SHALL NOT APPLY TO CLAIMS FOR PERSONAL INJURY OR BODILY HARM CAUSED BY
EITHER PARTY, OR PAYMENT OF AMOUNTS OWING BY THE END USER TO IPANEMA OR
ITS RESELLER.
9. 7. GOVERNING LAW
This License is governed by French law and any proceedings arising out of or in connection with
this License shall be submitted to the Commercial Court of Paris, France.
If any provision hereof is held invalid, the remainder shall continue in full force and effect.
March 2012
9-3
CHAPTER 10. TECHNICAL SUPPORT

10. 1. CUSTOMER TECHNICAL SUPPORT

Do not attempt to repair the equipment yourself. Do not remove ip|engine covers
and casings. This will void any warranty.
Please refer to the support and maintenance contract for specific information about these services.
Should you have any problem with your system, please contact your supplier for technical
assistance.
In any case, you can get support and information by logging on Ipanemas Support web site:
https://support.ipanematech.com,
where you can access the Public Knowledge Database, find Technical notes and FAQs, be informed
of the latest developments and updates, download all the Ipanema software, create and track
tickets, and find other relevant information relating to the Ipanema System.
An account will be created on demand.
Other contact information:
E-mail: support@ipanematech.com
Phone: +(33)1 55 52 15 22
Fax: +(33)1 55 52 15 01
In the event of a technical problem, please supply as much information as possible, in particular:
your name, address, telephone number and the name of your company,
your Ipanema Technologies license number, see window about in ip|boss field reference,
the names, versions and serial numbers of the products you are using,
the version: Windows (2000 / 2003) or Solaris of operating system for ip|boss,
a description of the installed configuration and the configuration files,
a detailed description of the problem you have encountered.
March 2012
10-1

Ipanema System User Manual 7.0.2

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Ipanema System User Manual 7.0.2

Hochgeladen von

Copyright:

Verfügbare Formate

Ipanema System

Issue: March 2012

The information contained in this document is subject to change without notice.

CHAPTER 1 IPANEMA SYSTEM ............................................ ..........

CHAPTER 2 UNIFIED ACCESS TO THE IPANEMA SYSTEM

CHAPTER 3 MANAGING DOMAINS, USERS AND LICENSES

7. SYSTEM ADMINISTRATION .............................................. ..........

CHAPTER 4 CONFIGURING SERVICES (IP|BOSS) ............. ..........

13. 2. Configuring Automatic reporting ............................... ..........

CHAPTER 5 IPANEMA SYSTEM SUPERVISION (IP|BOSS) . ..........

CHAPTER 6 USING IPANEMA SERVICES (IP|BOSS) .......... ..........

CHAPTER 7 NETWORK VIEW (IP|DASHBOARD) ................ ..........

CHAPTER 8 ANALYZING AND REPORTING TOOLS

3. HOW TO READ THE REPORTS ........................................ ..........

16. 1. ip|export output files and directory ............................ ..........

CHAPTER 9 SOFTWARE LICENSE TERMS ......................... ..........

CHAPTER 10 TECHNICAL SUPPORT ..................................... ..........

in accordance with the V2.4 software version

in accordance with the V2.5 software version

in accordance with the V2.5.11 software version

in accordance with the V2.6.1 software version

in accordance with the V2.7.5 software version

in accordance with the V2.7.6 software version

in accordance with the V2.8 software version

in accordance with the V3.0 software version

in accordance with the V3.2 software version

in accordance with the V3.4 software version

in accordance with the V4.0 software version

ip|boss Solaris installation

in accordance with the V4.2 software version

in accordance with the V4.3 software version

Domain creation, ip|reporter Solaris installation,

manual organization; ip|reporters portmapper

in accordance with the V4.4 software version

ip|reporter web (no license key; user rights

in accordance with the v5.0.0r8 software version

Solaris installation removed from this manual;

in accordance with the v5.0.0r12 software

in accordance with the v5.1 software version

2.5.4. Install/Uninstall ip|reporter on Windows,

in accordance with the v5.2 software version

Minor corrections: 1. 2. 3. 5, 3. 6. 1 and 7.1.2:

2.1 JDK is not required any longer;

2.8.2 software upgrade (FTP)

2.2.3 and 2.3.3 minor corrections

in accordance with the v6.0 software version

A bug in the documentation system, which

1.2.3.2 minor correction

8.8.11.1 minor correction

Virtual ip|engines are now called

in accordance with the v7.0 software version

Chapter 1 - Ipanema System was missing in rev.

in accordance with the v7.0.2 software version

2. LIST OF ASSOCIATED DOCUMENTS

Ipanema System Installation Manual

Directives and Regulations Manual

Chapter 1 - Ipanema System: system overview.

Application Group (new name for a User Class as of SALSA

an aggregated flow groups together IP micro-flows sharing

the Applications Dictionary contains a list of the applications

Application Quality Score:

Ipanema notation for the traffic Quality. From 0 (very bad) to

Application Quality Score (see description above).

Application Service Level.