Basic deployment use case

The basic deployment use case, shown in the following figure, requires one instance of each 

component. This simple system responds to monitoring situations with the following characteristics:

• The application front end is in a single data center.
• One 

  The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

  instance can handle the profile of traffic between end users and the application.
• One 

  The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

  instance provides an adequate number of Watchpoints (120).
• One Analyzer instance provides enough processing power to generate the various artifacts that the user needs (for example, statistics, dashlets, reports).
• One 

  The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

  instance can handle all demands for insertion and query capabilities.
• Segregation of data for multiple tenants is not necessary.

Basic BMC Real End User Experience Monitoring system

The 

is the only component that requires internet access. Device updates occur via your web browser.

For troubleshooting, the command-line interface (CLI) of all components requires access via port 22 (SSH).

Traffic capture

For all use cases, the system can capture end-user traffic in the following ways:

• Network tap — The preferred method, a network tap copies traffic for the purpose of monitoring. It is a passive device that, if it breaks, does not interrupt network traffic or the functioning of your application. A "smart" tap is better still, because it can filter on IP addresses and port numbers.

  The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

  monitors only HTTP and HTTPS traffic, so you can configure a smart tap to copy only traffic on ports 80 and 443. Taps are fast and purpose-built for copying traffic. However, installing or replacing a tap forces you to take a segment of your network offline for a time.

• Mirror port — It is known as a SPAN port on Cisco devices and a RAP port on 3com devices. You can configure a mirror port on a switch to copy traffic. In many cases, a switch already has a spare port that you can set up as a mirror. However, the device considers mirroring a secondary function, and if the device becomes overloaded, it might suspend mirroring, and the 

  The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

  will experience packet drops.

  Note

  You must be sure that the mirror port is copying traffic both to and from the application (bidirectional).

• Mirror pool — You can invoke a mirror pool on a load balancer, which can be configured to filter traffic. In many cases, a load balancer already has a spare port that you can set up as a mirror. However, the device considers mirroring a secondary function, and if the device becomes overloaded, it might suspend mirroring, and the

  The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

  will experience packet drops.

You can set up tapping "in front of" or "behind" the load balancer:

• In front (in the following diagram, see 1) — This is the recommended method. It provides the best visibility of end-user traffic. To monitor HTTPS traffic, if the load balancer or web servers are performing encryption and decryption, you must upload a copy of SSL private keys to the

  The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

  .

• Behind (in the following diagram, see 2) — You can also tap here, but you must tap incoming and outgoing traffic in the same place. To monitor HTTPS traffic, if encryption and decryption occur on the load balancer, you have no need to upload a copy of SSL private keys to the

  The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

  . However, tapping in this way reduces visibility of end-user traffic, particularly between the end user and the load balancer.

   

  Tapping points