Data Center Real User Monitoring

Transcription

1 Data Center Real User Monitoring SAP Application Monitoring User Guide Release 12.3

2 Please direct questions about Data Center Real User Monitoring or comments on this document to: Customer Support Copyright 2015 Compuware Corporation. All rights reserved. Unpublished rights reserved under the Copyright Laws of the United States. U.S. GOVERNMENT RIGHTS-Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in Compuware Corporation license agreement and as provided in DFARS (a) and (a) (1995), DFARS (c)(1)(ii) (OCT 1988), FAR (a) (1995), FAR , or FAR (ALT III), as applicable. Compuware Corporation. This product contains confidential information and trade secrets of Compuware Corporation. Disclosure is prohibited without the prior express written permission of Compuware Corporation. Use of this product is subject to the terms and conditions of the user's License Agreement with Compuware Corporation. Documentation may only be reproduced by Licensee for internal use. The content of this document may not be altered, modified or changed without the express written consent of Compuware Corporation. Compuware Corporation may change the content specified herein at any time, with or without notice. All current Compuware Corporation product documentation can be found at Compuware, FrontLine, Network Monitoring, Enterprise Synthetic, Server Monitoring, Dynatrace Network Analyzer, Dynatrace, VantageView, Dynatrace, Real-User Monitoring First Mile, and Dynatrace Performance Network are trademarks or registered trademarks of Compuware Corporation. Cisco is a trademark or registered trademark of Cisco Systems, Inc. Internet Explorer, Outlook, SQL Server, Windows, Windows Server, and Windows Vista are trademarks or registered trademarks of Microsoft Corporation. Firefox is a trademark or registered trademark of Mozilla Foundation. Red Hat and Red Hat Enterprise Linux are trademarks or registered trademarks of Red Hat, Inc. J2EE, Java, and JRE are trademarks or registered trademarks of Oracle Corporation. VMware is a trademark or registered trademark of VMware, Inc. SAP and SAP R/3 are trademarks or registered trademarks of SAP AG. Adobe Reader is a registered trademark of Adobe Systems Incorporated in the United States and/or other countries. All other company and product names are trademarks or registered trademarks of their respective owners. Local Build: April 1, 2015, 12:51

3 Contents Contents Introduction Who Should Read This Guide Organization of the Guide Related Publications Customer Support Information Reporting a Problem Documentation Conventions Part I Basic Monitoring Configuration Chapter 1 Overview of SAP Monitoring Recognition of DC RUM Capabilities Related to SAP Monitoring Overview of SAP Monitoring Configuration Process Chapter 2 Adding Basic DC RUM Devices Adding an AMD to the Devices List Adding a CAS to Devices List Adding ADS to Devices List Chapter 3 Verification of Traffic Monitoring Quality Sniffing Point Diagnostics Sniffing Point Diagnostics Reports Network Interface General Statistics Network and Transport Protocol Information Services Detected in the Traffic Session-Related Statistics SSL Diagnostics Application Overview Application Overview in SAP Monitoring Using RUM Console to Identify Problems Related to Network Hardware Operation.. Chapter 4 Basic Monitoring Configuration

4 Contents AMD General Configuration Settings Part II Front-End Monitoring Configuration Chapter 5 Configuring AMD to Monitor SAP GUI Traffic Global Settings for SAP GUI Monitoring Configuring SAP GUI Availability Operation Names Configuration in SAP GUI Monitoring (Legacy AMDs) Operation Names Configuration in SAP GUI Monitoring Configuring Rules for SAP GUI Monitoring Configuring Operation Name Normalization (Legacy AMDs) Chapter 6 Configuring AMD to Monitor SAP RFC Global Settings for SAP RFC Monitoring Configuring SAP RFC Availability Configuring Rules for SAP RFC Monitoring Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic Configuring Rules for SAP GUI over HTTP Monitoring Configuration Fine-Tuning Configuring URL Monitoring Extracting Miscellaneous Parameters Extracting Grouping Attributes Configuring User Name Recognition for SAP GUI over HTTP Dimensions, Metrics and Attributes in HTTP Monitoring Rule-based Character Encoding for HTTP Services Automatic Page Name Recognition End-of-Page Components Excluding Elements from Orphaned Redirects Reporting HTTP Configuration Options for Selected User-Defined Software Services... General Configuration Options for HTTP-Related Analyzers Content Type Monitoring Monitoring of XML Objects Based on Content Type Global Settings for Recognition and Parsing of URLs Global Settings for Page and Session Recognition Based on Cookies Global Settings for Client IP Address Extraction Assembling Pages Multi-Frame Pages Calculating Server Time for Multi-Frame Pages URL Auto-Learning Configuring URL Auto-Learning Details of the URL Auto-Learning Algorithm URL Auto-Learning Diagnostics Synthetic Agent and Browser Recognition Configuring Synthetic Agents, Browsers, Operating System and Hardware Recognition

5 Contents Synthetic Agent Recognition Based on Contents of HTTP Header Synthetic Agent Recognition Based on User Name or IP Address Part III Back-End Monitoring Configuration Chapter 8 Configuring AMD to Monitor SAP Back-End Configuration Properties Common to All Database Analyzers Reported Database Operation Types Configuring Database Monitoring for Individual Servers Individual Query Monitoring Query Auto-Learning Query Diagnostics Query Aggregation SQL Query Normalization Masking Sensitive Information in SQL Query Literals Part IV SAP End-To-End Data on Reports Chapter 9 Initial Central Analysis Server Reporting Configuration CAS Basic Configuration Settings Sites, User Aggregation, and User Tracking ADS Basic Configuration Settings Configuring Sites, Areas, and Regions Adding Sites Manually Importing Site Definitions Chapter 10 SAP Tiers Network Tiers Modifying a Network Tier Adding a Rule Based on Sites Chapter 11 Central Analysis Server Reporting Hierarchy for SAP Preparing SAP Reporting Hierarchy Table on SAP Solution Manager Importing and Modifying the SAP Reporting Hierarchy in RUM Console Modifying the Reporting Hierarchy in RUM Console Upgrading the SAP GUI Reporting Hierarchy in RUM Console Upgrade of SAP GUI-Related Definitions Based on Reporting Hierarchy Chapter 12 SAP Traffic on CAS Reports EUE Overview Reports Network Analysis Reports

6 Contents Part V Advanced Configuration in SAP Monitoring Chapter 13 AMD General Configuration Settings Chapter 14 Configuring Operation-Related Global Settings Chapter 15 Monitoring SAP GUI Sequence Transactions Adding SAP GUI Sequence Transactions Filters and Transaction Inspector for SAP GUI Sequence Transactions Modifying, Deleting, and Cloning Transactions for a Single AMD Chapter 16 Monitoring SQL Sequence Transactions Adding SQL Sequence Transactions Filters and Transaction Inspector for SQL Transactions Modifying, Deleting, and Cloning Transactions for a Single AMD Chapter 17 Monitored Traffic from a Business Perspective Applications, Transactions, and Tiers Application and Transaction Management Chapter 18 Alert System Types of Alerts Alert States and Notifications Means of Alert Delivery Chapter 19 Obtaining and Using Kerberos Keys for SAP SNC Decryption on AMD Obtaining Kerberos Keys for SNC Decryption Encrypting Kerberos SNC Keys for Secure Storage on AMD Listing Kerberos SNC Keys in AMD Configuration Using KPA to Make Keys Available to the AMD Process Appendix A Diagnostics and Troubleshooting SAP Architecture-related Issues Report-Related Issues Appendix B Regular Expression Fundamentals Testing Regular Expressions Best Practices for Regular Expressions Appendix C Graphical Explanation of Network Performance Metrics Glossary Index

7 INTRODUCTION Who Should Read This Guide This manual is intended for the Data Center Real User Monitoring users who want to monitor the SAP R/3 environment. Organization of the Guide This guide is organized as follows: Overview of SAP Monitoring [p. 13] Describes capabilities of SAP analyzers and provides an overview of the configuration process. Adding Basic DC RUM Devices [p. 23] Describes how to add and configure the data sources and report servers using the RUM Console. Sniffing Point Diagnostics [p. 29] Describes how to verify sniffing points traffic detection quality before the actual monitoring begins. Basic Monitoring Configuration [p. 43] Describes AMD general settings. Configuring AMD to Monitor SAP GUI Traffic [p. 47] Describes the creation and management of SAP GUI-based software services. Configuring AMD to Monitor SAP RFC [p. 59] Describes the creation and management of SAP RFC-based software services. Configuring AMD to Monitor SAP GUI over HTTP Traffic [p. 65] Describes the creation and management of SAP GUI over HTTP-based software services. Configuring AMD to Monitor SAP Back-End [p. 137] Describes the creation and management of SAP back-end, that is database servers. Initial Central Analysis Server Reporting Configuration [p. 153] Describes CAS settings that you need to modify before accessing reports. SAP Tiers [p. 163] Describes tiers that present SAP data. Central Analysis Server Reporting Hierarchy for SAP [p. 167] Describes how to import and modify SAP hierarchy so that it is properly reported. 7

8 Introduction SAP Traffic on CAS Reports [p. 179] Lists other CAS reports that display statistics for SAP data. AMD General Configuration Settings [p. 185] Describes AMD general settings. Configuring Operation-Related Global Settings [p. 189] Describes AMD general settings related to ADS data generation. Monitoring SAP GUI Sequence Transactions [p. 193] Describes how to monitor SAP GUI sequence transactions. Monitoring SQL Sequence Transactions [p. 199] Describes how to monitor database sequence transactions. Diagnostics and Troubleshooting [p. 221] Lists common CAS support issues in the form of questions and answers. Regular Expression Fundamentals [p. 233] Describes how to use regular expressions in CAS. Graphical Explanation of Network Performance Metrics [p. 239] Uses charts to illustrate network performance metrics. Related Publications Documentation for your product is distributed on the product media. For Data Center RUM, it is located in the \Documentation directory. It can also be accessed from the Media Browser. Go online ( for fast access to information about your Dynatrace products. You can download documentation and FAQs as well as browse, ask questions and get answers on user forums (requires subscription). The first time you access FrontLine, you are required to register and obtain a password. Registration is free. PDF files can be viewed with Adobe Reader version 7 or later. If you do not have the Reader application installed, you can download the setup file from the Adobe Web site at Customer Support Information Dynatrace Community For product information, go to and click Support. You can review frequently asked questions, access the training resources in the APM University, and post a question or comment to the product forums. You must register and log in to access the Community. Corporate Website To access the corporate website, go to The Dynatrace site provides a variety of product and support information. 8

9 Introduction Reporting a Problem Use these guidelines when contacting APM Customer Support. When submitting a problem, log on to the Dynatrace Support Portal at click the Open Ticket button and select Data Center Real User Monitoring from the Product list. Refer to the DC RUM FAQ article at to learn know how to provide accurate diagnostics data for your DC RUM components. Most of the required data can be retrieved using RUM Console. Documentation Conventions The following font conventions are used throughout documentation: This font Bold Citation Documentation Conventions [p. 9] Fixed width Fixed width bold Fixed width italic Indicates Terms, commands, and references to names of screen controls and user interface elements. Emphasized text, inline citations, titles of external books or articles. Links to Internet resources and linked references to titles in documentation. Cited contents of text files, inline examples of code, command line inputs or system outputs. Also file and path names. User input in console commands. Place holders for values of strings, for example as in the command: cd directory_name Menu Item Screen Menu items. Text screen shots. Code block Blocks of code or fragments of text files. 9

10 Introduction 10

11 PART I Basic Monitoring Configuration

12

13 CHAPTER 1 Overview of SAP Monitoring Data Center Real User Monitoring monitors users and application operations when a SAP client and a SAP application server communicate. Benefits of SAP Monitoring with DC RUM DC RUM provides answers to common questions about the status of the SAP application: How many users use the application and its modules or transactions, and when. How many users have performance problems with SAP; what are those performance problems, when do they occur, and what transactions are causing performance problems. How many users encounter errors working with SAP applications, what are the exact errors returned by the server and for which transactions. What causes the problems that end users experience: the application server, the database server, or the network. Why are particular transactions slow: is it the application logic, system resources, database throughput, or one of many other reasons. SAP GUI binary traffic (also known as the DIAG protocol) is observed by the AMD as a series of data portions referred to as command chunks. Each chunk type is identified by the command chunk ID, an important element of SAP GUI monitoring. The most important are the IDs associated with the user names and operation names. By default, the AMD is configured to monitor the most common IDs. SAP GUI over HTTP (or SAP GUI over HTTPS) analysis is identical to web application performance monitoring. It can be configured to monitor specific URLs or ranges of URLs, or to automatically recognize and analyze the URLs that appear most frequently. You can also configure many other aspects of web application monitoring, such as user recognition, HTTP and SSL error groups, object and frame recognition, or synthetic agent recognition. SAP Multi-Tier Monitoring SAP software is a large and complex system composed of three tiers (client, application server, and database) and involving network interactions between these tiers: between client and application server and between application server and database. 13

14 Chapter 1 Overview of SAP Monitoring SAP uses a third-party DBMS such as Oracle or Microsoft SQL Server. The application server relies on the DBMS network protocols to access the database. A separate monitoring configuration is required for the database back-end. You can use one or two AMDs to listen both in front of the SAP servers and in front of the database servers. Recognition of DC RUM Capabilities Related to SAP Monitoring DC RUM enables you to monitor the SAP front-ends and database back-end of your SAP deployment. Monitoring SAP GUI users The SAP GUI analysis module decodes the SAP GUI protocol and obtains the names of the users logged on to SAP. The decode also detects the names of the transactions that the SAP GUI users execute. Monitoring is performed individually for each user, each recognized ABAP transaction, and on an aggregated level of the SAP server. The SAP GUI analysis module covers SAP GUI for Windows and SAP GUI for Java. Monitoring SAP RFC SAP Remote Function Call (RFC) is the standard SAP interface for communication between SAP systems or SAP systems and non-sap systems. The SAP RFC analysis module enables end-to-end monitoring of the SAP transactions and enables precise measurements of SAP integration layer transactions, known by name and user, reporting on transaction availability and response time. With SAP RFC decode, you can precisely troubleshoot integration problems within SAP systems and between 3rd-party systems. Trending and base-lining of the SAP RFC transactions allows you to instantly detect changes within the integrated systems The SAP RFC analyzer will identify operations (name, parameters), detect errors, user names and operation attributes, and report this data to the report servers: For CAS, the summary and per operation records. For ADS, operation and hit logs. Monitoring SAP HTTP Users There are two types of SAP Web users: SAP GUI for HTML (SAP WebGUI) and SAP Web portal. DC RUM modules allow you to fully or partially monitor SAP HTTP users: The SAP GUI over HTTP analyzers of AMDm together with the Web Site reports of CAS, provide a detailed view of all operations invoked by the SAP WebGUI users. The HTTP analyzer recognizes all URLs and URL parameters to isolate the individual transactions and report down to the T-Code level. The SAP Web portal user names are recognized but individual operations require custom configuration in order to report valuable information. Contact Compuware for configuring the individual operations. Monitoring the Database The database tier is monitored with database protocol analysis modules. Data Center Real User Monitoring has analysis modules for Oracle, DB2, Microsoft SQL Server, Sybase, 14

15 Chapter 1 Overview of SAP Monitoring and Informix. For each of these databases, DC RUM reports the database server performance, and to a more granular level, the performance of the individual queries and stored procedure calls. SAP Support on the AMD Table 1. Analyzers and Supported Versions Analyzer Protocol Version Limitations Example application SAP GUI SAP GUI protocol (DIAG) 6.40, 7.10, 7.20, 7.30 SAP GUI for Java 7.10rev8, SAP GUI for Windows 7.10, SAP GUI for Windows 7.30, SAP GUI Console, Net weaver Business Client 4.0. SAP RFC SAP RFC SAP PI, SAP BW, Excel plugin for SAP SAP GUI over HTTP HTTP 1.1, 1.0 (RFC 2616) Support for SAP 7.01 SP3 and SAP GUI for HTML Support for SAPGUI for HTML (WebGUI) only. No support for SAP portal application and user name recognition. SAP GUI over HTTPS HTTPS HTTP 1.1 encapsulated Support for SAP 7.01 SP3 in SSL, SSL 3.0, and TLS1.0 (RFC 2246), TLS 1.1 (RFC 4507, 4680), TLS 1.2 (RFC 5878) Support for SAPGUI for HTML (WebGUI) only. No support for SAP portal application and user name recognition. SAP GUI for HTML Reporting the SAP Performance The DC RUM includes service-module-task-operation hierarchy on the technical side and application-transaction-step on the business data grouping side. Together, these hierarchies present information on performance from the top-level end-user visible application down to individual technical operations that application server processes. The SAP RFC reporting hierarchy is based on the configuration of SAP RFC operations in the SAP RFC related software services. This will let you precisely measure SAP integration-layer transactions, known by name and user, and report on transaction-availability and response-time problems. The analyzer can tell you precisely whether: The analytics are slow because of network-capacity problems that are caused by the interferences between SAP transactions and other data. 15

16 Chapter 1 Overview of SAP Monitoring The SAP server is responding slowly. The amount of data read from the SAP database is too large for network transfers to Excel. The SAP reporting hierarchy is included out of the box and can be adjusted to business needs by importing custom CSV file. The business hierarchy settings imported from the CSV file also drive reporting of the multi-step transactions that represent business processes. Multi-step transactions are aligned with the technical hierarchy the tasks have steps that represent SAP T-Codes that have to be invoked by end users to complete a business task, in order. Figure 1. Business Hierarchy of Reports Figure 2. Technical Hierarchy of Reports 16

17 Overview of SAP Monitoring Configuration Process Data Center Real User Monitoring provides several ways to monitor SAP traffic. You can monitor servers (or server groups), tiers, applications with transactions, and the network. Before You Begin Before you start the configuration process: You should be familiar with DC RUM components and basic monitoring concepts. Refer to the Data Center Real User Monitoring Getting Started. You need to identify your monitoring goals. For more information, see Define and Prioritize Goals, Objectives, and Requirements in the Data Center Real User Monitoring Getting Started. You need to identify your SAP installation components. If you intend to monitor SAP users using Web front-end, you must verify whether SAP Web portal or SAP GUI for HTML (SAP WebGUI) is used. For more information, see SAP Architecture-related Issues [p. 221]. You need to install the following DC RUM components: The latest version of AMD Refer to the Data Center Real User Monitoring Agentless Monitoring Device Installation Guide. The latest version of RUM Console Refer to the Data Center Real User Monitoring RUM Console Installation Guide. The latest version of CAS Refer to the Data Center Real User Monitoring Central Analysis Server Installation Guide. The latest version of ADS Chapter 1 Overview of SAP Monitoring Refer to the Data Center Real User Monitoring Advanced Diagnostics Server Installation Guide. Make sure that default ports are available for communications between the individual DC RUM components. For more information, see Network Ports Opened for DC RUM in the Data Center Real User Monitoring Administration Guide. The following steps must be executed in order to begin monitoring the traffic using the DC RUM suite: Configure the Devices 1. Add Agentless Monitoring Device (AMD) AMD is the main data source (Data Collector) for DC RUM; it collects and presents the monitored data to DC RUM report servers for analysis and reporting. You need to add at least one AMD to the list of devices in RUM Console. 17

18 Chapter 1 Overview of SAP Monitoring For more information, see Adding an AMD to the Devices List [p. 23]. 2. Add Central Analysis Server (CAS) CAS is the main report server for DC RUM. It uses data provided by the AMD and its monitoring and alerting mechanisms to identify, track, and report on issues affecting the security, performance, and reliability of your services. Add at least one CAS to the device list and configure its connection with the AMD. Adding a report server to a list of devices is similar to adding the AMD. For more information, see Adding a CAS to Devices List [p. 25]. 3. Add Advanced Diagnostics Server (ADS) ADS is a report server that performs detailed analysis of key transactional application protocols. It uses data provided by the AMD. Add at least one ADS to the device list and configure its connection with the AMD. For more information, see Adding ADS to Devices List [p. 26]. 4. Verify the traffic monitoring quality and completeness You can verify traffic quality and completeness before the actual monitoring begins. Sniffing point diagnostics allows you to perform pre-monitoring tasks without the need of accessing the AMD console and executing a series of Linux commands which usually serve the purpose of validating AMD physical installation and connection. For more information, see Verification of Traffic Monitoring Quality [p. 29]. Configure Basic Monitoring 5. Configure general settings for your AMD Before you proceed to detailed monitoring rules, you need to define the global settings that are applied to all software services monitored by a given AMD. These global settings include a monitoring interval and thresholds for the basic metrics. These settings can be overridden at a later time with more specific monitoring rules that you can define. For more information, see AMD General Configuration Settings [p. 43]. 6. Configure the global monitoring settings for SAP GUI over HTTP. Global settings for HTTP analyzer affect the way SAP GUI over HTTP or SAP GUI over HTTPS services are monitored for a given AMD. You may start using default values and adjust the necessary settings later. For more information, see General Configuration Options for HTTP-Related Analyzers [p. 113]. 7. Configure the global monitoring settings for database monitoring. The global settings for database analyzer affect the way all database servers are monitored. If you intend to monitor SAP back-end and other database servers, configure these settings before defining specific database server monitoring rules. For more information, see Configuration Properties Common to All Database Analyzers [p. 137]. If you want to concentrate only on one type of database server monitoring you can skip this step. All the related settings can be adjusted later, at the time of configuring 18

19 Chapter 1 Overview of SAP Monitoring monitoring rules for individual servers. For more information, see Configuring Database Monitoring for Individual Servers [p. 140]. 8. Configure the AMD to monitor decrypted traffic. If your SAP Web GUI server and clients communicate using encrypted connections you need to enable decryption on the AMD. Refer to the Data Center Real User Monitoring SSL Monitoring Administration Guide. Customize the Monitoring Rules 9. Define your own software services on specified ports and for specified IP addresses Configure the user-defined software services to see SAP data on many CAS reports, such as Software Services, Tiers, or Network View. To configure rules for monitoring SAP GUI servers, see Configuring Rules for SAP GUI Monitoring [p. 53] To configure rules for monitoring SAP RFC, see Configuring Rules for SAP RFC Monitoring [p. 61] To configure rules for monitoring SAP Web GUI servers, see Configuring Rules for SAP GUI over HTTP Monitoring [p. 66] To configure rules for monitoring database servers, see Configuring Database Monitoring for Individual Servers [p. 140] 10. Display the reports to review statistics for monitored traffic For more information, see SAP Traffic on CAS Reports [p. 179]. Fine-Tune the Reporting Configuration 11. Configure the sites, areas, and regions A site is a term for a group of users that are located in the same IP network or group of networks sharing similar routing properties. Sites can be grouped together into areas, which, in turn, can be grouped together into regions. The hierarchy of sites, areas, and regions provides an organized view of the monitored network on the reports. For more information, see Configuring Sites, Areas, and Regions [p. 159]. 12. Configure the tiers A tier is a specific point where DC RUM collects performance data. The monitoring data can be reported based on the default tier configuration, or you can define tiers that fit your network architecture. For more information, see SAP Tiers [p. 163]. 13. Adjust the reporting hierarchy. By default, Data Center Real User Monitoring provides you with reporting hierarchy definition for SAP. The default hierarchy is uploaded to CAS once it is added to RUM Console. If you are running SAP using non-english locale, configure the hierarchy levels to match your installation. To verify data hierarchy mappings, display the Operations report. For more information, see Central Analysis Server Reporting Hierarchy for SAP [p. 167]. 19

20 Chapter 1 Overview of SAP Monitoring 14. Configure the transactions, applications, and reporting groups Transactions are sequences of information exchange that represent particular actions or functions performed by a human user or a client program. They are viewed as higher-level units of self-contained functionality and are tied to applications. For example, they may represent the procedure for an online purchase or ticket booking. AMD monitors traffic data and prepares it for transaction monitoring by an ADS and CAS. Some of the relevant configuration and processing is performed on the actual RUM Console and some is performed on the AMD. For more information, see Managing Business Units in the Data Center Real User Monitoring Administration Guide. 15. Configure the monitoring of sequence transactions DC RUM enables you to define and monitor transactions that are sequences of steps. For more information, see Monitoring SAP GUI Sequence Transactions [p. 193] and Monitoring SQL Sequence Transactions [p. 199]. Fine-Tune the AMD Monitoring Settings 16. Configure the global monitoring settings for SAP GUI or SAP RFC. The global settings are settings that affect monitoring of all services based on SAP GUI or SAP RFC analyzer for a given AMD. It is important to configure these settings if you see discrepancies on reports, or if your SAP deployment is not covered by the default Data Center Real User Monitoring configuration. For more information, see Global Settings for SAP GUI Monitoring [p. 47]. To configure global settings for monitoring SAP GUI, see Global Settings for SAP GUI Monitoring [p. 47] To configure global settings for monitoring SAP RFC, see Global Settings for SAP RFC Monitoring [p. 59] 17. Configure general settings for your AMD AMD global settings include a monitoring interval and thresholds for basic metrics, and can be later overridden by more specific monitoring rules that you can define. You may need to fine tune the general settings if large packets affect AMD performance or you need to change the packet deduplication method to address packet statistics inconsistency on reports. For more information, see AMD General Configuration Settings [p. 185]. 18. Change the ADS data generation settings. Options in the ADS data generation settings section in Global Operations refer mainly to handle various types of standalone hits, which are hits that cannot be automatically assigned to operations because the reference information, such as correlating response, defined or auto-learned URL, no authorization, or orphaned redirects, is missing. By default, most standalone hits are not taken into account when generating operations data. For more information, see Configuring Operation-Related Global Settings [p. 189]. 20

21 Chapter 1 Overview of SAP Monitoring Troubleshooting 19. Troubleshoot problems You can review the answers to the most common questions and troubleshoot your setup and report configurations. For more information, see Diagnostics and Troubleshooting [p. 221]. 21

22 Chapter 1 Overview of SAP Monitoring 22

23 CHAPTER 2 Adding Basic DC RUM Devices In a DC RUM configuration, there are two device types: data collectors and report servers. To start using the product, add and configure at least one AMD data collector and one CAS report server. You manage these devices using a configuration tool called the RUM Console. Adding an AMD to the Devices List Before you can monitor traffic with DC RUM, you have to add and configure an Agentless Monitoring Device using the RUM Console. To add an AMD to the list: Adding an AMD 1. Start and log on to RUM Console. 2. Select Devices and Connections Add device from the top menu. The Add Device pop-up window appears. 3. From the Device type list, select AMD. 4. In the Description box, type a description of the device. TIP It is recommended that you include the parent device name in the description of each device you add and to add these names consistently. This enables you to easily find your device in the list. Specifying the Connection Information 5. In the Device IP address box, type the device IP address. 6. In the Port number box, type the port number for communication with this device. The standard port number used by AMD is Optional: Select Use secure connection if you want to use HTTPS (secure HTTP) for communication between the console and the device you are adding. 23

24 Chapter 2 Adding Basic DC RUM Devices Providing the Authentication Details 8. Type the user name and password of the account that will be used for managing this device. By default, the AMD user is set to compuware and the password is set to vantage. The credentials entered here are used by the RUM Configuration to communicate with the device and are also passed to the report servers so that they can collect monitoring data for processing. Note that the values used here for authentication are not the same as the values you use for logging in to the device via SSH or local console. Configuring Advanced Settings 9. Select the Advanced options tab. 10. Optional: Under Secondary device connection, provide an alternative IP address for this device. 11. Optional: Enable SNMP connection. Optionally, you can define the SNMP connection parameters so that you can obtain more detailed health information about the device. To define SNMP connection parameters: a. Select SNMP Connection check box. b. Type the read community name and port number. 12. Enable Guided Configuration. By default, the Guided Configuration connection is enabled when you add an AMD. However, for performance reasons, the number of AMDs with enabled Guided Configuration is limited to 50. Any additional AMDs do not feed data to the Guided Configuration perspective. This means that the monitoring data from the additional AMDs is not available for generating the web traffic statistics or defining the web software services with a wizard. By default, the port number for communication between the Console Basic Analyzer Agent and the RUM Console Server is set to 9094 and the secure connection is enabled. In most cases, it is not necessary to modify this setting. If the default port number is already in use by other services, however, type the new port number in the Port number box. In this case, you also have to manually change the port number setting on the Console Basic Analyzer Agent side. For more information, see Modifying Connection Settings for Guided Configuration in the Data Center Real User Monitoring Administration Guide. 13. Click Next to test your connection parameters. If your configuration fails the test, you can go back and adjust your settings. Note that if the device fails to respond correctly, it may take several seconds before the test times out. 14. Click Finish to save the configuration. As a result, your device appears on the Devices list. To view the list, go to Devices and Connections Manage Devices in the top menu of the RUM Console. The Devices screen presents a comprehensive view of all the devices that you add, including their IP Address, Port, Description, Type, Version, Connection, Hardware Health, and Configuration. 24

25 Chapter 2 Adding Basic DC RUM Devices Adding a CAS to Devices List To view reports based on the data from the AMD, use the RUM Console to add and configure a CAS report server. Adding a CAS 1. Start and log on to RUM Console. 2. Select Devices and Connections Add device from the top menu. The Add Device pop-up window appears. 3. From the Device type menu, select CAS. 4. In the Description box, type a description of the device. TIP It is recommended that you include the parent device name in the description of each device you add and to add these names consistently. This enables you to easily find your device in the list. Specifying the Connection Details 5. In the Device IP address box, type the device IP address. 6. In the Port box, type the port number for communicating with this device. The standard port number used by the CAS when communicating over HTTP is Select Use secure connection if you want to use HTTPS (secure HTTP) for communication between the console and the device you are adding. Providing the Authentication Details 8. Choose whether authentication should occur via CSS. 9. Type the user name and password of the account that will be used for managing this device. Configuring the Advanced Settings 10. Select the Advanced options tab. 11. Optional: Under Secondary device connection, provide an alternative IP address for this device. 12. Click Next to test your connection parameters. If your configuration fails the test, you can go back and adjust your settings. Note that if the device fails to respond correctly, it may take several seconds before the test times out. 13. Click Finish to save the configuration. Configuring the CAS-AMD Connection 14. Select Devices and Connections Manage Devices from the top menu, to display the current device list. 15. Select a report server from the list of devices. Click the server once to display the detailed information for the device. 16. Select the Data Sources tab. 25

26 Chapter 2 Adding Basic DC RUM Devices 17. Click Add Data Source. 18. Select your AMD from the list and then click the button. 19. Click Finish to save the configuration. As a result, your device appears on the Devices list. To view the list, go to Devices and Connections Manage Devices in the top menu of the RUM Console. The Devices screen presents a comprehensive view of all the devices that you add, including their IP Address, Port, Description, Type, Version, Connection, Hardware Health, and Configuration. What to Do Next It is important to keep the devices synchronized to avoid improper data interpretation. For more information, see Synchronizing Time Using the NTP Server in the Data Center Real User Monitoring Smart Packet Capture User Guide and Time Synchronization Between AMD and Server in the Data Center Real User Monitoring Administration Guide. Adding ADS to Devices List To view reports based on data from the AMD, use the RUM Console to add and configure at least one CAS report server. In addition, you can add one or more ADS report servers in a farm configuration. Adding an ADS 1. Start and log on to RUM Console. 2. Select Devices and Connections Add device from the top menu. The Add Device pop-up window appears. 3. From the Device type menu, select ADS. 4. In the Description box, type a description of the device. TIP It is recommended that you include the parent device name in the description of each device you add and to add these names consistently. This enables you to easily find your device in the list. Specifying the Connection Details 5. In the Device IP address box, type the device IP address. 6. In the Port number box, type the port number for communication with this device. The standard port number used by ADS when communicating over HTTP is Optional: Select Use secure connection if you want to use HTTPS (secure HTTP) for communication between the console and the device you are adding. Providing the Authentication Details 8. Choose whether authentication should occur via CSS. 26

27 Chapter 2 Adding Basic DC RUM Devices 9. Type the user name and password of the account that will be used for managing this device. Configuring the Advanced Settings 10. Select the Advanced options tab. 11. Optional: Under Secondary device connection, provide an alternative IP address for this device. 12. Click Next to test your connection parameters. If your configuration fails the test, you can go back and adjust your settings. Note that if the device fails to respond correctly, it may take several seconds before the test times out. 13. Click Finish to save the configuration. Configuring the ADS-AMD Connection 14. Select Devices and Connections Manage Devices from the top menu, to display the current device list. 15. Select the ADS from the list of devices. Click in the row corresponding with your server to display details for the device. 16. Switch to the Data Sources tab. 17. Click Add Data Source. 18. Select your AMD from the list and then click the button. 19. Click Finish to save the configuration. 20. Configure the ADS and CAS to work together. As a result, your device appears on the Devices list. To view the list, go to Devices and Connections Manage Devices in the top menu of the RUM Console. The Devices screen presents a comprehensive view of all the devices that you add, including their IP Address, Port, Description, Type, Version, Connection, Hardware Health, and Configuration. 27

28 Chapter 2 Adding Basic DC RUM Devices 28

29 CHAPTER 3 Verification of Traffic Monitoring Quality Use the RUM Console to verify the traffic monitoring quality using two tightly connected solutions: Sniffing Point Diagnostics and Application Overview. We highly recommend that you perform this step at the beginning of your DC RUM deployment to verify that your hardware is working properly and that the applications you intend to monitor are detected. You can verify the test results and repeat them as needed at any time and for any network conditions. IMPORTANT All verification is based on a traffic recording, either manual or automatic. The outcome may not be representative if the target traffic is low at the time of recording or if you are unable to capture a satisfactory number of complete sessions. Choose automatic or manual traffic recording to capture unfiltered or filtered traffic. Enable automatic recording only during the configuration process and then disable it. It can negatively affect the performance of the AMD during normal operations, especially if you are running a 32-bit AMD in a high-traffic environment or a 64-bit AMD with the native driver. For the most complete and reliable statistics, use the 64-bit customized driver on the AMD. The verification of traffic monitoring quality is possible only for AMD 11.7 or later. Sniffing Point Diagnostics Sniffing Point Diagnostics is a type of hardware state analysis that enables you to perform pre-monitoring tasks without the need to access the AMD terminal. You can use it to validate the operation of the sniffing points, instead of using a series of UNIX or rcon commands. This step can be performed at the DC RUM deployment stage or at any other time to determine if the AMD performance is affected by malfunctioning hardware or external networking conditions. The Sniffing Point Diagnostics analysis can detect issues, such as: No traffic detected on sniffing interfaces. Interface or link overload. 29

30 Chapter 3 Verification of Traffic Monitoring Quality Poor quality of traffic due to mirrored ports on switching hardware configuration. Dropped packets (indicates AMD overload). Network conditions when unidirectional traffic prevails. Rejected packets, invalid packets, wrong check sums for packets. Missing packets (either lost or dropped). Missing bytes (how much traffic is lost in general). Conditions affecting AMD calculations, such as: Duplicate traffic that cannot be handled by the AMD. Incorrect choice of packet deduplication method. Incorrect settings for packet deduplication buffer. Incorrect settings for maximum packet size or huge packet size. Conditions affecting AMD performance, such as: Duplicate traffic handled by the AMD. Large percentage of non-ip traffic (noise). Large percentage of non-tcp or non-udp traffic (noise). Reordered sessions. Miscellaneous SSL problems: Unsuccessful decryption (in general). Uninitialized SSL cards unable to decrypt traffic. The ratio of encrypted and successfully decrypted traffic to encrypted and non-decrypted traffic. Incorrect or missing private keys. No match between the key and server certificate. Dropped or corrupted packets preventing decryption. Unsupported cipher methods (for example, Diffie-Hellman based key infrastructure). Unsupported SSL versions or features. Prerequisites and Best Practices To diagnose application detection problems and sniffing point connection problems, ensure that: All cables are connected correctly. The AMD is properly installed and configured. This includes the post-installation steps, such as interface identification and network configuration. Traffic recording lasts long enough to capture a reasonable amount of traffic volume, for example, 20 to 30 minutes of traffic. 30

31 Chapter 3 Verification of Traffic Monitoring Quality Do not use specific capture profiles when recording traffic. Always use the All available option for capture profiles when you do manual recording. When you need to diagnose traffic or capture port problems, enable automatic trace recording. Trace recording provides access to regular and fresh snapshots of the traffic that is traveling on your network. Sniffing Point Diagnostics Reports Sniffing Point Diagnostics reports are organized into several sections, each representing a separate set of metrics related to either hardware or network traffic. This topic provides directions for viewing the reports, but you can follow each step or skip steps to view the only the information important to you. 1. Start either by looking at device health or from the reports section directly. If you enabled automatic trace recording, you can monitor the device state on the Device Status tab of the Devices screen. A separate set of statistics is provided for each AMD added to the console. If there are any alarm messages, go to Devices and Connections Verify quality of monitored traffic. Inspect network interfaces in detail for a selected AMD. Open the Overview report to verify that the proper type of network driver is being used (custom or native) and that traffic has been detected, and check the number of dropped packets and other performance related issues. You can also verify that the NIC drivers are operational. For more information, see Network Interface General Statistics [p. 31]. 2. Switch to the Protocols section to inspect protocols. See whether network protocols are detected (IPv4 or IPv6) and verify detection of transport protocols (TCP or UDP). For more information, see Network and Transport Protocol Information [p. 34]. 3. Switch to the Services section to see the most active services. For more information, see Services Detected in the Traffic [p. 34]. 4. Depending on your goals, switch to the Sessions section either by selecting a particular service on the Services report to see session details or by choosing the Sessions section to see general statistics for all sessions. For more information, see Session-Related Statistics [p. 34]. 5. If you use SSL decryption, you can inspect whether there are problems detected for the currently used SSL engine or keys. For more information, see SSL Diagnostics [p. 36]. Network Interface General Statistics The Overview section of the Sniffing Points Diagnostics reports enables you to verify the general state of capture ports on a selected AMD. The information in the Overview section is gathered directly from the NIC driver operating on the AMD. For the most reliable results, use the 64-bit customized drivers. 31

32 Chapter 3 Verification of Traffic Monitoring Quality Calculation of Analyzed Traffic The calculation of analyzed traffic is performed in several stages, gradually excluding the irrelevant statistics: 1. The overruns are excluded first. When the received packets are counted, the overruns are omitted. 2. The calculation of the received packets depends on the subtraction of errors and filtered-out packets. 3. The dropped packets are counted after the filtered packets are disregarded. 4. The number of analyzed packets is the count of packets remaining after all of the previous categories are subtracted. In default AMD installations, non-tcp/udp packets are not part of this process and are never counted when the number of analyzed packets is given. Non-TCP/UDP traffic increases the amount of analyzed traffic only if you enable the monitoring of the default software services. Figure 3. Graphical Explanation of Analyzed Traffic Calculation for an AMD with 64-bit Customized Network Interface Driver All network packets Overruns Packets not received Received packets Errors and non-conditional filtering Errors: length or bad checksum; filtered out: non-ip Load balancing If active, fraction of the traffic Configuration filtering Based on defined software services Sampling and dropped packets Packets not analyzed due to performance issues Non-TCP, non-udp If default software services enabled Analyzed packets 32

33 Chapter 3 Verification of Traffic Monitoring Quality Interface Operation-Related Metrics The statistics presented on this screen include: Overruns Overruns may indicate a link overload. The overload is typically caused by an exceptionally high traffic volume. This value may also indicate that the network interface or network interface driver cannot manage the amount of traffic received. Other hardware-related issues may also cause overruns. If a high overrun occurs, limit the traffic volume received by the card. Errors (length) Packets of erroneous length are reported when they are too big (such as jumbo frames) or are bigger than the maximum transmission unit (MTU). To avoid such problems, you can increase Maximum packet size in the Entire Configuration perspective. For more information, see Configuring General Data Collector Settings in the Data Center Real User Monitoring Web Application Monitoring User Guide. Errors (bad checksum) Checksum-related errors are typically caused by insufficient signal strength on an optical link. In other cases, checksum errors may indicate Ethernet distortion, such as duplex problems, where the checksum errors may result, for example, when the duplex auto-negotiation process fails. Check the host switch and AMD duplex settings. Filtered out (non-ip) Non-IP packets, such as ARP traffic. Even large numbers of such packets are generally considered harmless. They are not analyzed by the AMD software and are regarded as noise. Preventing such traffic from reaching the AMD may reduce the possibility of performance degradation. Filtered out (load balancing) This setting is only applicable in deployments with multiple AMDs where each device only analyzes a certain part of the same traffic. Filtered out (configuration) Provides additional filtering based on software service definitions. In default installations, where monitoring of the default software services is turned off, the driver limits the number of processed packets to only those that are relevant to the IP addresses included in user-defined software service definitions. Dropped (sampling) Sampling here means dropping packets when the driver performance is degraded. Packets are dropped in a controlled manner, and always with care, to preserve complete and consistent sessions. The packet drops almost always mean that traffic is too heavy for a complete analysis and that, with packet drops, the precision of CAS reports is diminished. Sampling is only active with the customized 64-bit driver and diagnostics always use this sampling mechanism regardless of the settings used in the general AMD configuration. Dropped (driver performance) Drops are always a symptom of problems, especially when SSL analysis is deployed. Drops occur when AMD software is unable to analyze all of the packets it receives from the driver. If you use 32-bit or native drivers, you may experience uncontrolled packet 33

34 Chapter 3 Verification of Traffic Monitoring Quality dropping. If you use the 64-bit customized driver, packet dropping may occur, but in a software-controlled manner with care for monitored data contingency. To avoid packet dropping, decrease the traffic volume that your AMD analyzes or reduce the number of monitored software services. Non TCP/UDP Whether these statistics are classified as analyzed or not depends on the default software service monitoring. The numbers in this section are mostly relevant if you enabled monitoring of default software services. In this case, ICMP traffic is also analyzed. If monitoring of the default software services is disabled and you still see a large percentage of non-tcp and non-udp traffic, it is possible that AMD performance will be affected. Network and Transport Protocol Information Use the Protocols report to check the ratio of supported transport or network protocols. Only supported protocols are shown. In general, this report enables you to check whether traffic that makes sense (from the DC RUM perspective) is present and is heavy enough to give meaningful results for report servers. NOTE To obtain the most reliable results, use 64-bit customized drivers. The limited approximation algorithms used by native and 32-bit customized network interface drivers may lead to differences between the packet count in this and the Overview sections. Problem Detection Low traffic for the IPv4 or IPv6 network protocols may indicate further monitoring problems. The presence solely of multicast or broadcast traffic is an indication that port mirroring is not enabled or inactive. Services Detected in the Traffic This overview report enables you to identify the most active services on your network. You can see what their load is and what protocols they use, and filter the results to display all data, monitored services, or unmonitored services. You can also use filters to display statistics for all, monitored, or unmonitored services with additional protocol filtering. For each service, you can open the Sessions report to verify session-level statistics. NOTE To obtain the most reliable results, use 64-bit customized drivers. The limited approximation algorithms used by native and 32-bit customized network interface drivers may lead to differences between the packet count in this and the Overview sections. Session-Related Statistics The Sessions section enables you to view detailed information about traffic quality. 34

35 Chapter 3 Verification of Traffic Monitoring Quality The statistics presented on this screen include: Duplicates, Unhandled duplicates The value presented on the Sessions screen depends on the currently selected deduplication method in your AMD configuration. Packet duplicates may indicate incorrect configuration of mirroring ports. While this may be a sign of a problem, values of 10 to 20 percent typically are no reason for concern. The AMD is capable of packet deduplication. Higher numbers of duplicate packets will degrade the AMD performance and may negatively influence the monitoring results. The diagnostics mechanism for duplicate detection and counting for this report works with different settings than the network monitoring processes on the AMD. Duplicate detection is performed using both methods of duplicate detection and with different settings (buffer and delay detection size). Based on these settings and calculations, Sniffing Point Diagnostics provides suggestions concerning duplicate handling, such as increasing buffer size or changing the deduplication mechanism. You should check whether there are unhandled duplicates detected, in which case it is suggested that you switch the detection method in the AMD general settings. For more information, see Configuring General Data Collector Settings in the Data Center Real User Monitoring Web Application Monitoring User Guide. Unidirectional TCP sessions and UDP streams This may indicate a problem related to incorrectly configured mirroring ports. If the value of unidirectional traffic exceeds 90 percent, the RUM Console always marks it as an error. The numbers on the Sessions screen are the sums of many measurements; you are able to go deeper and analyze details for each server and check whether this is a problem related to a significant service or protocol. Insignificant traffic may be recorded and included in the general analysis, so always check the detailed reports when you see alarming numbers on the Sessions report. TCP sessions with missing packets Missing packets may result from interface or driver packet drops. If a session with missing packets is shown, the percentage value is counted with regard to all sessions. For example, if two percent of sessions have missing packets reported, this means that two out of a hundred sessions have missing packets. TCP sessions with missing packets and TCP bytes lost in missed packets may provide valuable insight into SSL decryption problems, especially in the case of long SSL sessions. TCP bytes lost in missing packets This is a complementary value to the TCP sessions with missing packets. Verify the number of lost bytes with regard to missing packets to see whether the problem is serious (if there are large sums of missing bytes). This is useful additional information in the case of long TCP sessions; because one lost packet is enough to classify a session as having missing packets, the number here gives insight into the actual loss rate. TCP sessions with reordered packets Reordered packets are typically found when there is a WAN link enabled. Devices transferring WAN packets may affect the packet order. The existence of reordered packets is not a problem in itself, because the AMD software can restore original packet order, but an excessive number of such packets may cause performance degradation. 35

36 Chapter 3 Verification of Traffic Monitoring Quality NOTE To obtain the most reliable results, use 64-bit customized drivers. The limited approximation algorithms used by native and 32-bit customized network interface drivers may lead to differences between the packet count in this and the Overview sections. SSL Diagnostics The traffic for this report is dependent on capturing complete sessions. Incomplete sessions, missing packets, or missed handshakes cause a large number of errors and a large number of errors results in unreliable reports. Always be sure to record enough traffic for an adequate length of time to allow you to capture complete sessions. The Statistics for encrypted traffic, SSL card and keys report is only available after the traffic trace recording is finished. Partial statistics for SSL are not provided for unfinished sessions. General Statistics for Encrypted Traffic For a given time range, defined by the scope of the recorded traffic traces, you can see the recognized SSL engine (for example, OpenSSL or ncipher) and the number of keys exchanged in the traffic. The remaining sections of this diagnostic report show the detailed information about the keys, the overall summary of the captured SSL traffic, and whether there are errors. The servers section shows information for all SSL traffic captured during the traffic trace recording. All of the detected encrypted protocols are listed together with their matching keys, if they are seen in the traffic. You can see whether the key exchange was successful; the matched keys are indicated by the icon. Key and certificate matching enables you to verify that certificates were found and were valid. No matching may indicate that the certificates are out of date. SSL Server Status The Status column shows whether there are errors or whether erroneous sessions prevail. A traffic capture sometimes does not contain session beginnings, or it contains incomplete handshakes, or it has no master session; these sessions are marked as ignored, as indicated by the gray ( ) color bar. The sessions with errors are marked by a red ( ) color bar. The main causes of errors are missing packets or missing keys. Other causes of errors are listed in detail on the Detailed SSL Statistics for servers report. Detailed SSL Statistics for Servers Detailed SSL statistics for servers are accessed from the Server or Status columns. This report shows: The percentage of the sessions without error, with errors, or ignored. The counts of each problem, in detail, for the error or ignored sessions. The number of decrypted sessions if there are no problems. 36

37 Chapter 3 Verification of Traffic Monitoring Quality You can filter the results. Use Sessions finished to display the data for completed sessions. Use Sessions in progress to display the sessions that are still in progress (sessions that did not end before the traffic capture stopped; to see those session statistics). Figure 4. Example of Detailed SSL Statistics for Server, Errors Detected Due to Private Key Mismatch SSL Keys Because invalid or outdated keys are usually not removed from SSL cards, the list of keys for which an error status is indicated may be considerably long. In such cases, sort by the Status column to see keys correctly matched. Note that it may be necessary to format the SSL card storage area to refresh the key list. Application Overview The Application Overview screen enables you to answer several questions about your applications at the onset of your monitoring configuration. Are all my applications or servers detected? What applications or servers are detected? Can the detected applications or servers be successfully monitored? How heavy is the traffic for each application or server? What services are detected on each server? How heavy is the traffic for each detected service? Note that incomplete sessions are not analyzed. If no beginning is recorded for a session, that session is not analyzed. 37

38 Chapter 3 Verification of Traffic Monitoring Quality The Application Overview screen is an optional step towards defining new software services. To access it, select Software Services Add Software Service in the console top menu, then select By traffic lookup. Figure 5. Example of the Application Overview Screen Showing Detected Applications From this screen, you can configure software services either manually or by using the wizard. If it is possible to go through a step-by-step configuration, a wizard icon ( ) is displayed for the given protocol or service. Application Detection Mechanism Application detection is a three-stage process: 1. To provide the most accurate results, packet analysis for SSL, HTTP, HTTPS, SOAP, and related protocols is performed as a first step toward application type detection. Application recognition is based on the first matching pattern found. This means that some services may not be properly classified if multiple protocols are used in one session. For example, if your application uses HTTP and SOAP over HTTP protocols, and plain HTTP communication opens a session, the application is classified as HTTP. 2. Applications are also detected based on discovery of well-known ports. The default protocol definitions are stored on the AMD and can be exported from the RUM Console. For more information, see Exporting the AMD Configuration in the Data Center Real User Monitoring Administration Guide. At times applications may use ports commonly used for other purposes. The AMD is unaware of these circumstances and will report well-known protocol names. For example, if one of your web applications uses port 8080 and uses HTTP for communication, the AMD reports this as an HTTP proxy. 3. If none of the selected conditions matches, the application is labeled as Unknown TCP or Unknown UDP. 38

39 Chapter 3 Verification of Traffic Monitoring Quality Server recognition in application detection is based on heuristic session analysis; results may vary depending on the type of network interface driver used. Application Overview in SAP Monitoring Application Overview feature of the RUM Console can help you identify whether your AMD is able to see traffic to and from application server that you intend to monitor. Note that since applications monitored with SAP GUI and SAP GUI over HTTP analyzers use protocols for which port numbers are typically either used by other services or are outside the well-known port numbers, Application Overview will not be able to show correct names for the detected SAP protocols. SAP GUI over HTTP will be labeled as HTTP (if encrypted the either as HTTPS or SSL) and SAP GUI and SAP RFC as Unknown TCP. Figure 6. Application Overview Screen Showing SAP GUI Server Detected You can use Application Overview at any stage of your DC RUM deployment process: at the onset of the SAP monitoring configuration or at any time of the monitoring process. Depending on the stage of your deployment (configuration onset versus monitoring in progress) Application Overview will offer you to either configure new services or modify the existing ones. Note that in order to work with up-to-date data you need to either record traffic manually or enable automatic trace recording. To find SAP GUI or SAP RFC servers on the list of detected services go to Application Overview and click Unknown TCP to open Servers report where all servers seen during the traffic recording are listed. If no SAP GUI or SAP RFC based software services are configured you can configure them here using the icon in the Actions column. For existing SAP GUI or SAP RFC services, you can modify the settings. To find SAP Web GUI servers on the list of detected services go to Application Overview and click HTTP to open Servers report where all servers seen during the traffic recording are listed. If no SAP GUI over HTTP software services are configured you can configure them here using the icon in the Actions column. For existing SAP over HTTP services, you can modify the settings. The Application Overview always classifies SAP Web GUI traffic as HTTP, therefore if you have configured a software service to use SAP GUI over HTTP analyzer, the Servers report shows a warning icon indicating that an analyzer different from HTTP was used for monitoring the given server. 39

40 Chapter 3 Verification of Traffic Monitoring Quality Figure 7. Application Overview Screen Showing SAP Web GUI Server in List of All HTTP Servers To find SAP Web GUI servers using secure connection on the list of detected services go to Application Overview. If your AMD is capable of traffic decryption and decryption has been deployed, click HTTPS link to open Servers report where all the servers seen during traffic recording are listed. If there is no traffic decryption deployed on the AMD click SSL link to open Servers report where all the servers seen during traffic recording are listed. If no SAP GUI over HTTPS software services are configured you can configure them using the icon in the Actions column. For existing SAP over HTTPS services, modify the settings. Using RUM Console to Identify Problems Related to Network Hardware Operation Typical configuration errors related to port mirroring can, at times, severely affect the AMD software traffic analysis capabilities. Faulty hardware configuration may result in no data seen by the AMD, a large number of duplicate packets reaching the AMD, or only a limited portion of traffic visible to the monitoring software. Use the Application Overview and Sniffing Point Diagnostics sections as tools to solve issues related to the switching hardware configuration. The following list describes several common problems and some possible causes and solutions. No data seen by the AMD The cable is connected to the wrong physical port on the destination switch. This can be checked by physically tracing the cable directly to the switch and confirming the port ID. The port mirroring configuration (for example, SPAN on Cisco hardware) has been set or changed to mirror incorrect ports or an incorrect destination. This can be resolved by logging on to the source switch and checking the mirroring ports configuration relevant to the requirements (see the vendor-specific documentation for details). No data seen on Application Overview but non-tcp/udp traffic seen in interface statistics The port mirroring configuration (for example, SPAN on Cisco hardware) has been set or changed to mirror incorrect ports or an incorrect destination. This can be resolved by logging on to the source switch and checking the mirroring ports configuration relevant to the requirements (see the vendor-specific documentation for details). 40

41 Chapter 3 Verification of Traffic Monitoring Quality Application Overview does not show all expected data The port mirroring destination may be oversubscribed or dropping packets. Check this by logging on to the switch and checking the SPAN or mirror destination interface. If it is recording many drops, review the configuration of source ports to understand the ratio of source interface bandwidth to destination interface bandwidth. If the ratio is excessive (for example, greater than 4:1), consider reducing the number of source interfaces. If applicable, consider using device-specific filtering to reduce the load on the destination interface (for example, VACL, Rx-only, or Tx-only sources). By design, port mirroring does not forward faulty frames. Check the source device interface statistics to ascertain the nature of the drops (see the vendor-specific documentation for details). Check the interface-related metrics. If there is a high rate of Errors (bad checksum), consider hard-configuring one end of the AMD SPAN connection to prevent auto negotiation. Session-related report shows a high rate of packet duplicates A SPAN or mirror operates by copying frames from source interfaces and directing them to the destination interface. In effect, configurations often result in two copies of a packet. For example, if the source of a SPAN or mirror is set as a VLAN, any traffic that goes from one switch port to another switch port within the VLAN appears twice on the mirrored port. If the number of duplicates starts to affect AMD performance, consider reducing the number of source interfaces. If applicable, consider using a device-specific filtering control to reduce packet duplication (for example, VACL, receive-only, or transmit-only sources) or consider using tap technology as opposed to port mirroring to collect the data. Only unidirectional streams are seen on session-related overview If the AMD is connected via a SPAN or mirror, the configuration has been set incorrectly to send only one side of a receive or transmit stream to the destination. Log on to the local source switch to check the configuration (see the vendor-specific documentation for details). 41

42 Chapter 3 Verification of Traffic Monitoring Quality 42

43 CHAPTER 4 Basic Monitoring Configuration You can define many configuration settings globally for all software services for a given protocol and Data Collector, or locally for specific user-defined software services. If you specify both types of settings, the settings for a user-defined software service take precedence over the corresponding global settings. AMD General Configuration Settings For any given AMD, you can set a variety of options such as time thresholds. The general settings affect the monitoring of software services, but they can be overridden by specific settings for a particular analyzer or software service. At the onset of your Data Center Real User Monitoring deployment you should try using the default values. If you are using several AMDs, make sure that all of them use an identical monitoring interval setting. If you suspect the defaults are too strict or too liberal, adjust the operation time threshold as well as the server time threshold. This will help you avoid situations where the reports do not classify the application performance correctly. To define the most important general settings for an AMD: 1. Start and log on to RUM Console. 2. Select Devices and Connections Manage Devices from the top menu, to display the current device list. 3. Select Open Configuration from the context menu for an AMD. The AMD Configuration window appears. 4. Click Edit as Draft to set your configuration to draft mode (if you are not in draft mode already). 5. Select Configuration Global General to access the list of general configuration settings. While some of the options control only general AMD behavior, some options in the Advanced group affect more specific configurations in application monitoring. For example, if Inherit from global settings is selected in your other configurations while configuring user-defined software services, the global setting takes precedence over the specific monitoring configuration. 43

44 Chapter 4 Basic Monitoring Configuration Configuration options include: Monitoring interval The monitoring interval in minutes. Increasing this value reduces the number of chunks of data that need to be transferred and processed. Default: 5 minutes. Page load time/operation time threshold The number of seconds after which a page or operation is considered to be slow. The global threshold value depends on the analyzer. The threshold is used by all SAP-related analyzers. Server time threshold Server time threshold relates to the server time portion of an overall operation time. Server times above the threshold limit are considered to be slow due to poor datacenter performance. The threshold is used by SAP GUI over HTTP and SAP GUI over HTTPS analyzers. IP address of the server authorized to set AMD time The IP address of the report server that has the authority to synchronize the time with this AMD. In an environment with a number of servers sharing the same AMD, it is good practice to designate only one of these servers as a time synchronization server to make changes to AMD settings. Otherwise, the server used for time synchronization will change inadvertently every time you save an AMD configuration. 6. Publish the draft configuration on the monitoring device. 44

45 PART II Front-End Monitoring Configuration

46

47 CHAPTER 5 Configuring AMD to Monitor SAP GUI Traffic To achieve reliable results in SAP GUI monitoring, configure the AMD to collect and report SAP GUI-related data correctly. 1. Configure the global settings for SAP GUI analyzer. For more information, see Global Settings for SAP GUI Monitoring [p. 47]. 2. Create the user-defined software service definition based on the SAP GUI analyzer. a. Add the software service based on SAP GUI analyzer and add services to be monitored. b. Optional: Override the global settings for the SAP GUI analysis by preparing a user-defined software service. For more information, see Basic Monitoring Configuration [p. 43] and Configuring Rules for SAP GUI Monitoring [p. 53]. c. Optional: Choose how to report the operation names by specifying whether they should be normalized. For more information, see Operation Names Configuration in SAP GUI Monitoring (Legacy AMDs) [p. 51]. 3. Configure SAP GUI transaction monitoring. Select individual steps and construct your own transactions from live SAP traffic or historical data. For more information, see Filters and Transaction Inspector for SAP GUI Sequence Transactions [p. 196]. Global Settings for SAP GUI Monitoring Use the SAP GUI analyzer to configure the monitoring of communication between a SAP GUI Windows client and a SAP application server. Most SAP GUI monitoring parameters are adjusted globally, which means that you can create most basic parameters for software monitoring when you create user-defined software services. To change SAP GUI monitoring settings, in RUM Console, select Global Front-End Monitoring SAP GUI. Parser Max filtered string length 47

48 Chapter 5 Configuring AMD to Monitor SAP GUI Traffic The AMD filters DIAG traffic in a search for strings containing a meaningful operation or user information. The SAP GUI parser processes command chunk content to clean irrelevant or random strings out of the traffic data. This configuration property tells the parser to remove strings or character combinations shorter than or equal to this value. Default: three bytes (three characters). Safe Threshold Use this option to exclude long-executing operations (in minutes) from average measurements. This improves the precision of reporting for typical interactive operations while maintaining the full scope of SAP transaction monitoring. Operations longer than the value set in Safe Threshold will be excluded from average measurements. SAP server time method Define the method of calculating the server time for SAP GUI. This impacts reports showing metrics for the operations, hits and aggregate metrics for operations and hits. first The server time from the first observed operation is reported. last The server time from the last observed operation is reported. average The average server time based on all observed operations is reported. max The maximum server time from all observed operations is reported. sum The sum of all operation server times is reported. Operation and User Name recognition Recognize User Names Select to automatically recognize the user name based on default user name chunk ID: User name chunk ID The chunk ID string contained in the command chunk that also contains the user name. This may vary depending on the server. Default value is for AMD versions 12.1 and later. You can use regular expression to operate on the user name parts for a given chunk ID. Enter a regular expression that enables you to filter the user name. Regular expressions may be useful for cutting out the irrelevant or unnecessary parts of names. Use POSIX Basic Regular Expressions syntax. Operation name chunk IDs NOTE The differences in configuration of SAP GUI monitoring in earlier AMD versions prohibits the operation status and operation name configurations to be migrated to the current version. The default values will be applied in current version making some of the SAP GUI monitoring settings unavailable for editing. The chunk ID string contained in the command chunk that also contains the transaction code (T-Code). 48

49 Chapter 5 Configuring AMD to Monitor SAP GUI Traffic Default: The differences in configuration of SAP GUI monitoring in earlier AMD versions create a variant that can be only applied to current version. The RUM Console will automatically display the configuration that applied to the particular AMD version. Legacy AMD Configuration The following configuration options are available for AMD versions older than release Attribute/Metric/Parameter definition This table presents configuration elements that are responsible for operation name reporting. You can choose to have the AMD report operation chunks in their raw form or normalized, and you can customize chunk content reporting through regular expressions. For more information, see Operation Names Configuration in SAP GUI Monitoring (Legacy AMDs) [p. 51]. You can also select which chunk ID will be used to extract operation status. Use Operation status list to select chunk IDs entered in the operation name customization table. The value will be later appended to the T-Code by the CAS when SAP GUI operations are reported. By default UI status (also referred to as window title) chunk ID is selected as operation status ( ). Current AMD Configuration The following configuration options are available for AMD versions and newer. Attribute/Metric/Parameter definition Monitoring T-Code alone is often not enough to pinpoint performance problems, especially when complex SAP transactions are performed. You can identify and report SAP operations based on context retrieved from specific SAP form fields. To do this, you will need to define a field value to be retrieved from selected SAP form fields. This table presents definitions for each configured value. It summarizes how the value should be extracted, where should it be reported and as what should the value be reported. Use the right-click to open the context menu and choose Add, Open or Delete. 1. Choose how value should be reported Define how the extracted value should be reported in CAS or ADS. CAS counts occurrences of the defined attribute while ADS reports on actual values retrieved. Attribute Metric Operation name parameter 2. Choose where given value should be reported Select the group based on automatically detected sets of operation attributes. 3. Configure how value should be extracted Select the value extraction method: Chunk ID 49

50 Chapter 5 Configuring AMD to Monitor SAP GUI Traffic You can select which chunk ID will be used to extract the value. The value will be later appended to the T-Code by the report server when SAP GUI data is reported. By default Window Status (also referred to as window title) chunk ID is selected. ( ). Form ID Enter the SAP form ID that should be used to extract the value from selected SAP form fields. SAP GUI RFC Exception SAP GUI traffic can contain information on RFC Exceptions and Errors. Selecting this option, you define the extracted value as a Remote Function Call (RFC) exception. SAP GUI RFC Error Message Selecting this option, you define the extracted value as a RFC Error Message. Default configuration of RFC errors is applied. 4. Define if given elements occur more than once. Select which of the values should be taken under consideration. Detected First, Last or All detected values. 5. Optionally, you can enter a regular expression that will be applied to the extracted value. 6. Search scope: Select to which observed traffic the regular expression search should be applied: response, request or both. Configuring SAP GUI Availability By configuring the availability, you can determine which attempt failures are included in the availability metric calculation. You can configure SAP GUI availability globally or at the software service level. For global configuration, open the AMD configuration and go to Global Front-End Monitoring SAP GUI Availability. For the software service level, select the Availability tab in the Edit Rule window. Failures (transport) You can determine whether two of the incomplete response types, No response and Partial response errors should be included in the calculation of Failures (transport) metric. Failures (applications) Enable or disable the automatically detected operation attributes to individually select which sets of operation attributes are included in the calculation of Failures (application). The following operation attributes are available: SAP GUI status error 50

51 Chapter 5 Configuring AMD to Monitor SAP GUI Traffic SAP GUI error indicator Window title Operation attributes (4) Operation attributes (5) Note that by default Window title attribute is always present, so it is not recommended to enable it as a failure as it will cause 0% of availability reported. All of these are configurable. For more information, see Global Settings for SAP GUI Monitoring [p. 47]. Operation Names Configuration in SAP GUI Monitoring (Legacy AMDs) You can choose to have the AMD report operation chunks in their raw form or normalized, and you can customize chunk content reporting through regular expressions. To monitor SAP GUI operations, specify a list of chunk IDs that, when combined, form the operation names. The order in which you create the entries for the operation name chunk IDs is important because it is reflected in the operation name reported by the AMD: changing the order of command chunk IDs in the Operation name chunk IDs table changes the AMD operation name accordingly. Click the up and down arrows next to the table to move the IDs up and down in the sequence. Note that the order of entries can be changed only when the values are sorted by the Order column. Each operation name consists of three elements: Transaction type (most commonly contained by chunks with ID: ) GUI title (most commonly contained by chunks with ID: ) GUI status (most commonly contained by chunks with ID: ) Because each operation part is responsible for a different part of SAP GUI communication, choose the best normalization method for each purpose. In general, it is best to use mapping files for normalizing transaction types, regular expressions for GUI title normalization, and no normalization for GUI status reporting. The following parameters enable you to control operation name formation: Chunk ID An operation ID. For example, this configuration order: corresponds to the following traffic portions: ZM UM In this case, the operation name is ZM01 UM. If you change the order of the operation name chunk IDs, its name is then UM ZM01. 51

52 Chapter 5 Configuring AMD to Monitor SAP GUI Traffic The order of entries is important from the point of view of the report server. CAS, when reporting the SAP GUI operations, uses the fixed logic reflected by tabs in the SAP GUI reports. Regular Expression You can use regular expressions to operate on the operation name parts for a given chunk ID. Enter a regular expression that enables you to filter the operation name. Regular expressions may be useful for cutting out the irrelevant or unnecessary parts of names. Use POSIX Basic Regular Expressions syntax. Operation Names Configuration in SAP GUI Monitoring Monitoring only the T-Code alone may not be enough to pinpoint performance problems, especially when complex SAP transactions are performed. You can identify and report SAP operations based on the context retrieved from specific SAP form fields. To monitor SAP GUI operations, create definitions that specify how the value is extracted, where it is reported, and what value is reported. Operation and User Name recognition Indicate the chunk ID string contained in the command chunk that also contains the user name. The predefined value is: for AMD versions and earlier for AMD versions 12.1 and later. The chunk ID string extracted from the operation name element predefined with chunk ID Both the user name chunk ID and operation name chunk ID can be extracted using a regular expression. Attributes/Metrics/Parameters You can derive the operation name from more than one chunk, including chunks that carry SAP form data that can identify operation context. You have the option to retrieve form field values from selected SAP form fields. These form filed values are reported under Operation Attributes in CAS and ADS. CAS reports the occurrences of the defined attributes while ADS reports the actual values retrieved. For more information, see Attribute/Metric/Parameter definition [p. 49]. Your SAP GUI traffic can contain information about RFC Exceptions and Errors. You can define the extracted value as a Remote Function Call (RFC) exception as a RFC Error Message. This will enable you to generate application availability reports. The default configuration of RFC errors is applied. Operation settings When monitoring complex systems such as SAP, you may experience anomalies when it comes to operation time reporting. It is typical for some SAP operations to take a very long time to execute (ranging from several minutes to several hours). They last significantly longer than the majority of operations you see on reports. Such operations, even though normal, will be classified as slow and will negatively affect the timing averages on reports. 52

53 Chapter 5 Configuring AMD to Monitor SAP GUI Traffic In this case, you can configure individual operation load time thresholds for a chosen operation or exclude it from monitoring. Note that exclusion is not equal to ignoring the operation by the AMD. Exclusion means that load time for the particular operation will not be shown by the Central Analysis Server. If you use the Advanced Diagnostics Server, the statistics will be shown on its reports. Since Central Analysis Server uses a different method to analyze the monitored traffic, the value of Slow Operation metric in drilldown reports will differ. This inconsistency occurs when Advanced Diagnostics Server does not account for the SAP GUI Safety Valve and reports operations that Central Analysis Server excludes of its reports. For the slow operations flow, the following reports and drilldown reports are affected by this inconsistency: Tiers (SAP) Servers Slow Operation Cause Breakdown Slow Operation Loads Configuring Rules for SAP GUI Monitoring You can override the global settings for SAP GUI analysis by configuring rules for particular user-defined software services. Before You Begin See Configuring User-Defined Software Services in the RUM Console Online Help and Configuring Rules for User-Defined Software Services in the Data Center Real User Monitoring Citrix/Windows Terminal Services Monitoring User Guide to learn how to create and define user-defined software services. For a broader perspective, see Basic Monitoring Configuration in the Data Center Real User Monitoring Web Application Monitoring User Guide. To change the monitoring parameters: Configuring Services 1. After the software service is defined, right-click the Rules table to open the context menu and choose Add. The Rule Configuration window opens. 2. On the Services tab, define services to be monitored. For more information, see Configuring Rules for User-Defined Software Services in the Data Center Real User Monitoring Citrix/Windows Terminal Services Monitoring User Guide. By default, the port number is Configuring User Name Recognition On the SAP GUI Operations tab, you can override most of the global settings for the analyzer. You can also define more detailed rules, such as the use of regular expressions in user name recognition. 53

54 Chapter 5 Configuring AMD to Monitor SAP GUI Traffic NOTE The differences in configuration of SAP GUI monitoring in earlier AMD versions prohibits the operation status and operation name configurations to be migrated to the current version. The default values will be applied in current version making some of the SAP GUI monitoring settings unavailable for editing. 3. Define a chunk ID containing user names and optional user name normalization. User name chunk ID The chunk ID string contained in the command chunk that also contains the user name. This may vary depending on the server. Default value is for AMD versions 12.1 and later. You can use regular expression to operate on the user name parts for a given chunk ID. Enter a regular expression that enables you to filter the user name. Regular expressions may be useful for cutting out the irrelevant or unnecessary parts of names. Use POSIX Basic Regular Expressions syntax. User name regular expression You can enter a regular expression to normalize the user names detected in SAP GUI traffic. This option enables you to shorten the string reported as the user name for a given chunk. For example, if, by default, the AMD detects user names as long chains of characters such as usernameprefixuser2012affix, you can use the regular expression User[0-9]* to see only a part of the whole field on reports (User2012 in this case). Configuring Operation Name Chunk IDs (Legacy AMDs) By default, Use global values is selected. The software service is monitored using the operation name normalization settings created in Global Front-End Monitoring SAP GUI. Clear this option to start overriding the global settings. 4. Override the global setting for operation name mapping. It is possible to copy the chosen chunk IDs defined in the Global SAP GUI settings. The Available global chunk IDs list contains all the IDs you entered as global values. You can select and copy one or all given chunk IDs to the Current chunk IDs table using controls located between the tables. The IDs are moved together all of the mapping or normalization settings. The File Path or Regular Expression fields are automatically filled with the settings defined in Global Front-End Monitoring SAP GUI. This table presents configuration elements that are responsible for operation name reporting. You can choose to have the AMD report operation chunks in their raw form or normalized, and you can customize chunk content reporting through regular expressions. For more information, see Operation Names Configuration in SAP GUI Monitoring (Legacy AMDs) [p. 51]. You can also select which chunk ID will be used to extract operation status. Use Operation status list to select chunk IDs entered in the operation name customization table. The value will be later appended to the T-Code by the CAS when SAP GUI operations are reported. By default UI status (also referred to as window title) chunk ID is selected as operation 54

55 Chapter 5 Configuring AMD to Monitor SAP GUI Traffic status ( ). Note that you can make a selection based only on the IDs from the Current chunk IDs table. Attribute/Metric/Parameters (Current AMDs) By default, Use global values is selected. The software service is monitored using the operation name normalization settings created in Global Front-End Monitoring SAP GUI. Clear this option to start overriding the global settings. 5. Define how the value should be extracted, where should it be reported, and the value that is reported. Monitoring T-Code alone is often not enough to pinpoint performance problems, especially when complex SAP transactions are performed. You can identify and report SAP operations based on context retrieved from specific SAP form fields. To do this, you will need to define a field value to be retrieved from selected SAP form fields. This table presents definitions for each configured value. It summarizes how the value should be extracted, where should it be reported and as what should the value be reported. Use the right-click to open the context menu and choose Add, Open or Delete. a. Choose how value should be reported Define how the extracted value should be reported in CAS or ADS. CAS counts occurrences of the defined attribute while ADS reports on actual values retrieved. Attribute Metric Operation name parameter b. Choose where given value should be reported Select the group based on automatically detected sets of operation attributes. c. Configure how value should be extracted Select the value extraction method: Chunk ID You can select which chunk ID will be used to extract the value. The value will be later appended to the T-Code by the report server when SAP GUI data is reported. By default Window Status (also referred to as window title) chunk ID is selected. ( ). Form ID Enter the SAP form ID that should be used to extract the value from selected SAP form fields. SAP GUI RFC Exception SAP GUI traffic can contain information on RFC Exceptions and Errors. Selecting this option, you define the extracted value as a Remote Function Call (RFC) exception. SAP GUI RFC Error Message Selecting this option, you define the extracted value as a RFC Error Message. Default configuration of RFC errors is applied. 55

56 Chapter 5 Configuring AMD to Monitor SAP GUI Traffic d. Define if given elements occur more than once. Select which of the values should be taken under consideration. Detected First, Last or All detected values. e. Optionally, you can enter a regular expression that will be applied to the extracted value. f. Search scope: Select to which observed traffic the regular expression search should be applied: response, request or both. 6. In the Operation settings table, click Add to open the Operation settings dialog box. Configuring Operation Settings When monitoring complex systems such as SAP, you may experience anomalies when it comes to operation time reporting. It is typical for some SAP operations to take a very long time to execute (ranging from several minutes to several hours). They last significantly longer than the majority of operations you see on reports. Such operations, even though normal, will be classified as slow and will negatively affect the timing averages on reports. In this case, you can configure individual operation load time thresholds for a chosen operation or exclude it from monitoring. Note that exclusion is not equal to ignoring the operation by the AMD. Exclusion means that load time for the particular operation will not be shown by the Central Analysis Server. If you use the Advanced Diagnostics Server, the statistics will be shown on its reports. Since Central Analysis Server uses a different method to analyze the monitored traffic, the value of Slow Operation metric in drilldown reports will differ. This inconsistency occurs when Advanced Diagnostics Server does not account for the SAP GUI Safety Valve and reports operations that Central Analysis Server excludes of its reports. For the slow operations flow, the following reports and drilldown reports are affected by this inconsistency: Tiers (SAP) Servers Slow Operation Cause Breakdown Slow Operation Loads 7. In the Operation settings dialog, define the operation that requires individual rules. Provide a T-Code and indicate whether you want it to be excluded from monitoring or set a time threshold for the operation containing this T-Code as part of the name. Define an individual Operation load time threshold by clearing the instruction to use the value set for the whole software service. You can increase or decrease the value of the threshold. Exclude the operation from monitoring. Select this option if you do not want to see operation time statistics for the particular operation on Central Analysis Server reports. If you select this option, setting individual operation time thresholds for this operation is impossible. Note that this does not affect ADS reports. You can define slow operations on three levels: for the analyzer globally, for the whole software service, and for individual operations. Choose the method most suitable to your environment to see accurate data on reports. 56

57 Chapter 5 Configuring AMD to Monitor SAP GUI Traffic Configuring Additional Options On the Options tab, you can override the global settings for AMD configuration. 8. Change the settings for monitoring TCP session-related options. Enable monitoring of persistent TCP sessions We highly recommend that you enable this option for SAP monitoring. When this option is selected, non-syn sessions (TCP sessions for which the start was not recorded) are included in the TCP statistics. When enabled, this option generally does not negatively affect the reported data because the SAP analyzer dynamically calculates network metrics. When disabled in the SAP software service rule, the report servers may show issues with missing traffic. 9. Optional: Change the settings for monitoring operation load time threshold or select ADS-related options. Operation load time threshold An operation that takes more than this many seconds is considered slow. When Inherit from global setting is selected, the global setting is used. The global threshold value depends on the analyzer. Safe Threshold Use this option to exclude long-executing operations (in minutes) from average measurements. This improves the precision of reporting for typical interactive operations while maintaining the full scope of SAP transaction monitoring. Operations longer than the value set in Safe Threshold will be excluded from average measurements. SAP server time method Define the method of calculating the server time for SAP GUI. This impacts reports showing metrics for the operations, hits and aggregate metrics for operations and hits. first The server time from the first observed operation is reported. last The server time from the last observed operation is reported. average The average server time based on all observed operations is reported. max The maximum server time from all observed operations is reported. sum The sum of all operation server times is reported. Generate sequenced transactions and ADS data Select this option to provide data to the report server that consists of low-level protocol information, such as raw HTTP traffic data, which enables you to view the full HTTP request-response dialog. 10. Define the availability by enabling or disabling specific attempts to be included in availability calculation. When Inherit from global setting is selected, the global setting is used. For more information, see Configuring SAP GUI Availability [p. 50]. 57

58 Chapter 5 Configuring AMD to Monitor SAP GUI Traffic Configuring Operation Name Normalization (Legacy AMDs) RUM Console enables you to configure operation name normalization at the global level and for each software service. The normalization rules are configured in the Chunk ID mapping definition dialog box. Before You Begin To access command chunk ID mappings globally on your AMD: 1. In the AMD Configuration window, select Global Front-End Monitoring SAP GUI. 2. Right-click a row in Attribute/Metric/Parameter definition table and choose Add or Open. The Chunk ID Mapping dialog box opens. To access command chunk ID mappings for an existing dedicated software service: 1. In the Rule Configuration dialog box, choose SAP GUI Operations tab. 2. Right-click a row in Operation name chunk IDs and choose Add or Open. The Chunk ID Mapping dialog box opens. In the Chunk ID Mapping dialog box, choose the type of mapping to be applied to a chunk ID: 1. Choose Regular expression, File path, or None. When None is selected, normalization rules will not be applied to command chunks with the specified ID. For more information on the remaining options, see Operation Names Configuration in SAP GUI Monitoring (Legacy AMDs) [p. 51]. 2. Complete the Chunk ID field. 3. Optional: For configurations using options other than None, configure normalization rules to be applied to command chunks forming an operation name. Enter an extended regular expression in the Regular expression field. Enter an absolute file path to the file containing the mapping in the File path field. 4. Click OK to confirm your changes. What to Do Next The order in which you create the entries for the operation name chunk IDs is important because it is reflected in the operation name reported by the AMD: changing the order of command chunk IDs in the Operation name chunk IDs table changes the AMD operation name accordingly. Click the up and down arrows next to the table to move the IDs up and down in the sequence. Note that the order of entries can be changed only when the values are sorted by the Order column. To delete a chunk ID mapping definition, right-click the row and choose Delete from the context menu. 58

59 CHAPTER 6 Configuring AMD to Monitor SAP RFC To achieve reliable results in SAP RFC monitoring, configure the AMD to collect and report SAP RFC related data correctly. 1. Configure global settings for SAP RFC analyzer. For more information, see Global Settings for SAP RFC Monitoring [p. 59]. 2. Create user-defined software service definition based on the SAP RFC analyzer. a. Add software service based on SAP RFC analyzer and add services to be monitored. b. Optional: Override global settings for the SAP RFC analysis by preparing a user-defined software service. For more information, see Configuring Services [p. 61]. c. Define the operation name extraction rules, how the attributes, metrics or parameters should be extracted, where they should be reported and as what should they be reported. For more information, see Configuring operation settings [p. 61]. d. Define options relating to TCP sessions and load time threshold. For more information, see Configuring additional options [p. 62]. e. Configure the availability of specific attempts to be included in availability calculation. For more information, see Configuring availability [p. 63]. Global Settings for SAP RFC Monitoring The Remote Function Call (RFC) interface system enables function calls between two SAP systems, or between a SAP system and an external system. Use the SAP RFC analyzer to configure the monitoring of communication between a SAP system and another SAP, or between a SAP system and a third-party system. Most SAP RFC monitoring parameters are adjusted globally, which means that you can create most basic parameters for software monitoring when you create user-defined software services. To change SAP RFC monitoring settings, in RUM Console, select Global Middleware Monitoring SAP RFC. 59

60 Chapter 6 Configuring AMD to Monitor SAP RFC Attributes/Metrics/Parameters Choose how value should be reported Define how the extracted value should be reported in CAS or ADS. CAS counts occurrences of the defined attribute while ADS reports on actual values retrieved. You can define the extracted value as Attribute, Metric, Parameter or User Choose where given value should be reported Value reported as Attribute Select the group based on automatically detected sets of operation attributes: SAP RFC error, SAP RFC error indicator, Group 3, Group 4, Group 5 Value reported as Metric Select the group based on sets of metrics: Group 1, Group 2, Group 3, Group 4, Group 5 Value reported as Parameter Select the group based on automatically detected sets of parameters: Group 1, Group 2, Group 3, Group 4, Task name, Module name, Service name Value reported as User Automatically reported in User name group. Choose source to extract value from You can choose from which Field ID the value should be extracted. Options include Predefined set for Field IDs, Custom entry where you can manually enter the Field ID or a default set of CPIC errors. Predefined field Selecting a predefined Field ID will set the Field type automatically and known value decoding rules will be applied. Custom field Selecting the Custom option, you will have to select the value transformation method (Field type) and provide additional information depending on which method was selected. Make sure your custom entry uses the correct format: 0xNNNNN where NNNNN can be any value in 2-bytes hex format. CPIC Error This option will attempt to extract the value from an error occurring in Common Programming Interface-Communications API (available only for Attribute definition). Apply given regular expression to the value This required field enables you to match and extract a particular value from the parameter name in the observed traffic. Configuring SAP RFC Availability Configuring the availability you can determine which attempt failures will be included in the availability metric calculation. You can configure SAP GUI availability globally or at the software service level. 60

61 Chapter 6 Configuring AMD to Monitor SAP RFC For global configuration, open the AMD configuration and go to Global Middleware Monitoring SAP GUI Availability. For the software service level, select the Availability tab in the Edit Rule window. Failures (transport) You can determine whether the Partial response errors are included in the calculation of Failures (transport) metric. Failures (applications) Enable or disable the automatically detected operation attributes to individually select which sets of operation attributes are included in the calculation of Failures (application). The following operation attributes are available: SAP RFC error SAP RFC error indicator Operation attributes (3) Operation attributes (4) Operation attributes (5) Note that all of these are configurable. For more information, see Global Settings for SAP RFC Monitoring [p. 59]. Configuring Rules for SAP RFC Monitoring You can override global settings for SAP RFC analysis by configuring rules for particular user-defined software services. To change monitoring parameters: Configuring Services 1. After the software service is defined, right-click the Rules table to open the context menu and choose Add. The Rule Configuration window opens. 2. On the Services tab, define services to be monitored. For more information, see Configuring Rules for User-Defined Software Services in the Data Center Real User Monitoring Citrix/Windows Terminal Services Monitoring User Guide. By default, the port number is Configuring operation settings If the Use global or Inherit from global settings checkbox is selected in your definition while configuring software services, the global setting for that option takes precedence over the specific monitoring configuration. 3. Define how the attributes, metrics or parameters should be extracted, where they should be reported and as what should they be reported. Choose how value should be reported 61

62 Chapter 6 Configuring AMD to Monitor SAP RFC Define how the extracted value should be reported in CAS or ADS. CAS counts occurrences of the defined attribute while ADS reports on actual values retrieved. You can define the extracted value as Attribute, Metric, Parameter or User Choose where given value should be reported Value reported as Attribute Select the group based on automatically detected sets of operation attributes: SAP RFC error, SAP RFC error indicator, Group 3, Group 4, Group 5 Value reported as Metric Select the group based on sets of metrics: Group 1, Group 2, Group 3, Group 4, Group 5 Value reported as Parameter Select the group based on automatically detected sets of parameters: Group 1, Group 2, Group 3, Group 4, Task name, Module name, Service name Value reported as User Automatically reported in User name group. Choose source to extract value from You can choose from which Field ID the value should be extracted. Options include Predefined set for Field IDs, Custom entry where you can manually enter the Field ID or a default set of CPIC errors. Predefined field Selecting a predefined Field ID will set the Field type automatically and known value decoding rules will be applied. Custom field Selecting the Custom option, you will have to select the value transformation method (Field type) and provide additional information depending on which method was selected. Make sure your custom entry uses the correct format: 0xNNNNN where NNNNN can be any value in 2-bytes hex format. CPIC Error This option will attempt to extract the value from an error occurring in Common Programming Interface-Communications API (available only for Attribute definition). Apply given regular expression to the value This required field enables you to match and extract a particular value from the parameter name in the observed traffic. Configuring additional options 4. Change the settings for monitoring TCP session-related options. Enable monitoring of persistent TCP sessions We highly recommend that you enable this option for SAP monitoring. When this option is selected, non-syn sessions (TCP sessions for which the start was not recorded) are included in the TCP statistics. When enabled, this option generally does not negatively affect the reported data because the SAP analyzer 62

63 Chapter 6 Configuring AMD to Monitor SAP RFC dynamically calculates network metrics. When disabled in the SAP software service rule, the report servers may show issues with missing traffic. 5. Optional: Change the settings for monitoring operation load time threshold or select ADS-related options. Operation load time threshold An operation that takes more than this many seconds is considered slow. When Inherit from global setting is selected, the global setting is used. The global threshold value depends on the analyzer. Safe Threshold Use this option to exclude long-executing operations (in minutes) from average measurements. This improves the precision of reporting for typical interactive operations while maintaining the full scope of SAP transaction monitoring. Operations longer than the value set in Safe Threshold will be excluded from average measurements. SAP server time method Define the method of calculating the server time for SAP GUI. This impacts reports showing metrics for the operations, hits and aggregate metrics for operations and hits. first The server time from the first observed operation is reported. last The server time from the last observed operation is reported. average The average server time based on all observed operations is reported. max The maximum server time from all observed operations is reported. sum The sum of all operation server times is reported. Generate sequenced transactions and ADS data Select this option to provide data to the report server that consists of low-level protocol information, such as raw HTTP traffic data, which enables you to view the full HTTP request-response dialog. Configuring availability 6. Define the availability by enabling or disabling specific attempts to be included in availability calculation. For more information, see Configuring SAP RFC Availability [p. 60]. 63

64 Chapter 6 Configuring AMD to Monitor SAP RFC 64

65 CHAPTER 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic To achieve reliable results in SAP over HTTP or SAP over HTTPS monitoring, configure the AMD to collect and report SAP related data correctly. Data Center Real User Monitoring offers a number of presets that facilitate your configuration of SAP over HTTP monitoring. The assumption is that you should be able to see data on reports by just creating a software service definition. The presets in SAP over HTTP monitoring include: Predefined set of URLs. Predefined parameter group definitions for URLs. Predefined page name detection rules for selected URLs. Predefined content types for selected URLs. Predefined user recognition policy. URL auto-learning is inactive for predefined URLs and entire software service. To configure SAP over HTTP monitoring perform two stages of configuration (global settings for HTTP analysis and settings for individual server monitoring): 1. Tune global settings for content type monitoring. For SAP monitoring one step in global monitoring configuration is necessary. You have configure XML objects to be treated as HTML pages. For more information, see Content Type Monitoring [p. 116]. 2. Optional: Configure global settings for HTTP analyzer. The global settings for HTTP analyzers that you set up in RUM Console affect also the operation of SAP over HTTP or SAP over HTTPS analyzers. 3. Add software service based on SAP over HTTP (or SAP over HTTPS) analyzer and add services to be monitored. For more information, see Configuring Rules for SAP GUI over HTTP Monitoring [p. 66]. 65

66 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic Configuring Rules for SAP GUI over HTTP Monitoring You can create software service definitions for SAP GUI over HTTP and SAP GUI over HTTPS traffic. Each software service can have a number of specific rules that define what is to be monitored and what additional options are in effect. You can also assign each software service to existing or newly created tiers and applications. Before You Begin See Configuring User-Defined Software Services in the RUM Console Online Help and Configuring Rules for User-Defined Software Services in the Data Center Real User Monitoring Citrix/Windows Terminal Services Monitoring User Guide to learn how to create and define user-defined software services. For a broader perspective, see Basic Monitoring Configuration in the Data Center Real User Monitoring Web Application Monitoring User Guide. To change monitoring parameters: 1. After the software service is defined, right-click the Rules table to open the context menu and choose Add. The Rule Configuration window opens. 2. On the Services tab, define services to be monitored. For more information, see Configuring Rules for User-Defined Software Services in the Data Center Real User Monitoring Citrix/Windows Terminal Services Monitoring User Guide. By default, the port number is 80 for SAP GUI over HTTP, and 443 for SAP GUI over HTTPS. 3. Configure URL monitoring. Switch to URL Monitoring tab and verify or change URL definitions. By default there exists a number of pre-defined URL definitions based on regular expressions. For example: ( ( They are constructed to match most common URLs used by SAP applications. To ascertain more precise reporting some of the predefined URLs also come with a set of matching URL parameter groups or page names. For more information, see Configuring URL Monitoring [p. 67]. 4. Configure other HTTP-related issues. For more information, see Configuration Fine-Tuning in the Data Center Real User Monitoring Web Application Monitoring User Guide. 5. Optional: On the Options tab, you can override global settings for AMD configuration. Enable monitoring of persistent TCP sessions When this is selected, TCP sessions that do not start with SYN packets are monitored. By default, this is selected. Persistent TCP sessions are TCP sessions for which the start was not recorded. They are also referred to as non-syn sessions. These sessions can be included in the TCP statistics, based on the configuration properties you enable in RUM Console. The 66

67 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic inclusion of these sessions may render the statistics somewhat inaccurate and must be undertaken with care. Page load time threshold An operation that takes more than this many seconds is considered slow. When Inherit from global setting is selected, the global setting is used. To edit the global setting, open the AMD configuration, go to Global General and set the Operation time threshold. Configuration Fine-Tuning Configuring URL Monitoring You can create named URL definitions to monitor specific URLs and you can specify URLs to be excluded from monitoring. You can also specify a virtual HTTP server to handle scenarios in which many web sites reside under a single IP address. Before You Begin It is assumed for this task that you have already created a user-defined software service for this protocol and have specified one or more rules containing the essential components such as the IP address and port of the software service to be monitored. For more information, see Configuring User-Defined Software Services in the RUM Console Online Help and Configuring Rules for User-Defined Software Services in the Data Center Real User Monitoring Citrix/Windows Terminal Services Monitoring User Guide. To specify definitions for the monitoring of URLs for a user-defined HTTP software service, create or edit one or more URL definitions: 1. Open the URL Monitoring screen for the service. In the Rules table for the service, select the URL Monitoring tab. 2. Add or open a definition for a URL to be monitored or to be excluded from monitoring. In the URL Definitions table, right-click and choose Add Monitored URL to create a new definition for monitoring URLs, Add Excluded URL to create a new definition for URLs excluded from monitoring, or Open to open an existing definition. The Configure Monitored URL or Configure Excluded URL window will open. The order in which you arrange URLs is important. When adding several URLs of the same type, make sure that you arrange the definitions from the most specific to the most general, as the URLs are processed from top to bottom. Especially, if you add a specific excluded URL, make sure you place it before a more general monitored URL, otherwise the exclusion will be ignored. 3. Select a URL type. The option you select here determines the type of URL information that you will need to enter further down in the URL Definition section: Virtual HTTP Server 67

68 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic Static URL Part URL as Regular Expression. 4. Enter a URL definition string. The information you enter here depends on the URL Type selection you made in the previous step. Virtual HTTP Server This option refers to monitoring a host where many websites reside under a single IP address. Using a virtual HTTP server causes all of the reported pages that have no separate definitions to be aggregated into one record and reported together. This does not apply to those pages from the IP address that are defined separately in a monitoring configuration. Such individual definitions do not require that you select this option. For example, a valid virtual HTTP server address is without a trailing slash. Static URL Part A fully qualified URL, containing the protocol to be used, the server to be contacted, and the file to be requested, such as This URL is added to the list of monitored URLs regardless of the limit of monitored URLs. URL as Regular Expression An extended POSIX regular expression describing a set of URLs. For more information, see Regular Expression Fundamentals [p. 233]. The syntax allows you to use parentheses () to select one or more sub-expressions (specific portions of the results). If this mechanism is used, only the specified portions are reported; if more than one portion is specified, the portions are concatenated. 68

69 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic NOTE When using a regular expression to specify a set of URLs to monitor, you must: Explicitly include the string or in the expression. Thus, for example, you should not start the expression with.* and expect that the or strings will be assumed or resolved as a part of the regular expression. The parentheses you use to select the part of the URL to be extracted must include the above strings or and they must also include the name of the host. However, the name of the host does not have to be provided explicitly, but can be resolved by the regular expression. Thus, for example, ( is correct, and so is ( The regular expression must be constructed such that, after extracting the portions delimited by parentheses, the resulting string does not end with a slash character ( / ). This rule applies to all URLs except home pages (URLs consisting only of a protocol specification and a host name). Such URL specifications should end with a slash. For example ( is legal, but ( is not legal. Note also that a specification ending with (myreport/*) is not valid because it can be matched by a string ending with a slash, as the asterisk can match an empty string. You can test the patterns that will be used by the AMD using the Regular Expressions Test tool, which is activated after you click Test located next to the regular expression pattern field. For more information, see Testing Regular Expressions [p. 235]. Example 1. Example of Using a Regular Expression to Specify Monitored URLs The use of parentheses in a regular expression is demonstrated in the following example: ( The above expression matches URLs such as: but only the bracketed portion ( ) will be reported. Example 2. Complex Example of Using a Regular Expression to Specify Monitored URLs The following is a more complex example that demonstrates concatenation of bracketed portions: 69

70 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic A site contains URLs of the form: 04_Sj9SPykssy0xPLMnMz0vM0Y_QjzKLN4o39w0BSYGYRiGBpFoYsamaEIG8Y4IEW99X4_83FT9AP2C3NDQiHJHRQDwwo2X/ delta/base64xml/l3djdyevuud3qndnqsevnelvrs82xzjfnvvn?wcm_global_context=/ assurance/wcm/connect/my Life.fr/Aide/Accueil Aide&WT.tz=1&WT.bh=12&WT.ul=en-us&WT.cd=32&WT.sr= 1400x1050&WT.jo=Yes&WT.ti=AssuranceRetraitePERP&WT.js=Yes&WT.jv=1.3&WT.fi= Yes&WT.fv=3.0&WT.sp=@@SPLITVALUE@@ where only the part after...wcm/connect/, in this case My Life.fr/Aide/Accueil Aide, is relevant for differentiating this page from other pages of this site, the rest being session ID and various parameters. If you use the following regular expression to define monitored URLs: ( assurance/wcm/connect/([^&]*) the reported URL for this page is: life.fr/aide/accueil Aide NOTE A large number of URLs defined by using regular expressions can have an adverse effect on the performance of the AMD, because resolving regular expressions is processor-intensive. If you are configuring excluded URLs, this step completes this particular definition. If you are defining monitored URLs, proceed to the next step. 5. Optional: Specify a page name. Not supported by HTTP Express. For more information, see Automatic Page Name Recognition [p. 100]. Page names are not supported by HTTP Express analyzer. 6. Optional: Specify an operation time threshold. Not supported by HTTP Express. Operation time threshold relates to the time a page takes to load. Operation loads above the threshold limit are considered to be slow. You can specify this limit separately for this URL definition, or you can use the value as defined for this entire monitoring rule in the Options tab. To specify an individual value for this URL definition, clear the Inherit Setting from Rule check box and select the value in the Operation Time Threshold threshold selection boxes. To use the value defined for the entire monitoring rule, ensure that the Inherit Setting from Rule check box is selected. For more information, see Configuring Rules for User-Defined Software Services in the Data Center Real User Monitoring Citrix/Windows Terminal Services Monitoring User Guide. 7. Optional: Specify a server time threshold. Server time threshold relates to the server time portion of an overall page load time. Server times above the threshold limit are considered to be slow due to the poor datacenter performance. You can specify this limit separately for this URL definition, or you can use the value as defined for this entire monitoring rule in the Options tab. 70

71 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic To specify an individual value for this URL definition, clear the Inherit Setting from Rule check box and select the value in the Server Time Threshold threshold selection boxes. To use the value defined for the entire monitoring rule, ensure that the Inherit Setting from Rule check box is selected. For more information, see Configuring Rules for User-Defined Software Services in the Data Center Real User Monitoring Citrix/Windows Terminal Services Monitoring User Guide. 8. Optional: Specify the data generation options. Not supported by HTTP Express. To specify individual values for this URL definition, clear the Inherit Setting from Rule check boxes. To use the value defined for the entire monitoring rule, ensure that the Inherit Setting from Rule check box is selected. For more information, see Configuring Rules for User-Defined Software Services in the Data Center Real User Monitoring Citrix/Windows Terminal Services Monitoring User Guide. This controls the scope of data generated by the AMD that is used in CAS and ADS reporting. CAS Data If you select Disabled, the AMD will stop saving data used in most CAS reports. In normal circumstances, you should not disable CAS data generation. ADS Data When controlling ADS data generation, you can either disable it completely or decide on the depth of available data. ADS data only The AMD will generate data enabling you to access essential operation-level information. ADS data and hit details The AMD will generate data enabling you to access a deep drilldown report that represents an HTTP page hit broken down into specific HTTP elements. ADS data, hit and header details The AMD will generate data enabling you to access even deeper drilldown information retrieved from related request and response headers for the hit. 9. Optional: Select additional options. In the Options section, select or clear the desired options as required: Report URL after redirect Not supported by HTTP Express. This option causes addresses after the last redirection to be reported for redirected pages. By default, redirections are reported as addresses of the originating page, before redirection takes place. The final target page will be reported regardless of how many redirects are detected in between. To use the value defined for the entire monitoring rule, ensure that the Inherit Setting from Rule check box is selected. For more information, see Configuring Rules for User-Defined Software Services in the Data Center Real User Monitoring Citrix/Windows Terminal Services Monitoring User Guide. 71

72 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic Report Redirects as Page Not supported by HTTP Express. You can configure page redirects as single regular pages and report them separately. This makes it possible to combine the redirects with the originating or target page (depending on the setting in Report URL after redirect). In this way, redirects can become operations and you can create transactions consisting of more than one step. The per-url or per-url parameter settings always take precedence. Report URL Prefixed with Analyzed HTTP Method All methods of passing HTTP parameters, can be distinguished if this option is selected. To use the value defined for the entire monitoring rule, ensure that the Inherit Setting from Rule check box is selected. The All methods option allows for processing all detected HTTP methods including the WebDAV HTTP extesion. The extended WebDAV methods automatically identified include: PROPFIND Retrieves properties and a directory hierarchy of a remote system. PROPPATCH Changes and deletes multiple properties is a single operation. MKCOL Creates directories or collections. COPY Copies a resource from one URI to another. MOVE Moves a resource from one URI to another. LOCK Puts a lock on a resource. UNLOCK NOTE Removes a lock from a resource. Monitoring WebDAV software services requires a specific configuration options. In order to properly report a hit as a separate operation, you must define a URL with regex matching all URLs ( and content types. For more information, see Configuring Rules for User-Defined Software Services in the Data Center Real User Monitoring Citrix/Windows Terminal Services Monitoring User Guide. Report long pages, incoming over many monitoring intervals This option allows for reporting so-called long pages (pages that load continually). This type of page is used, for example, for providing constantly updated information such as stock market reports. There are a number of different techniques for providing 72

73 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic this functionality, such as by using streaming objects or server PUSH. All pages to be treated as long pages must be specified explicitly. Long pages are reported on reports, but no transaction-related information is included in reports. The only information collected for such pages are network metrics. Report Only URL Part When Parameters Do Not Match Select this option to cause this URL to be reported even if none of the parameter sets specified for the URL has been matched with the actual parameters seen in the monitored traffic. Parameters are defined in a separate configuration window. For more information, see Configuring Monitoring of URL Parameters in the RUM Console Online Help. 10. Optional: Specify frameset recognition options. Not supported by HTTP Express. AMDs are able to recognize HTML pages containing frames. The association between frames and their contents can be performed automatically, by analyzing the HTML tags: FRAMESET and IFRAME. In addition, AMD allows explicit definitions of framesets in cases where the actual contents of frames are loaded dynamically, for example, using JavaScript. This latter method of frame recognition is referred to as static. For more information, see Multi-Frame Pages [p. 123]. Configure the following: Enable or disable automatic multi-frame page recognition The check box Enable Automatic Multi-Frame Page Recognition is available at the global level as well as for an individual service or URL. Service-specific settings take precedence over global settings and URL settings take precedence over service rule settings. Subframe URI strict matching patterns For the static frame recognition method, this option allows you to define subframe URIs. For a subframe to be recognized, you need to enter the entire and complete URI. If you have set URL cut method to nocut in global HTTP settings, you will also need to specify the parameters to match, otherwise enter the URI up to the cut point. For information on setting the cut method, see Global Settings for Recognition and Parsing of URLs [p. 117]. Subframe URI regex patterns For the static frame recognition method, this option allows you to define subframe URIs as regular expressions. This method of defining URIs is very powerful and flexible, though you should bear in mind that regular expression pattern matching does use up more processing power than simple string matching, as in the case of subframe URI strict matching above. Also note that the cut method specified in global HTTP settings does not apply here and therefore the regular expression you enter should take into account URI parameters, if any are expected in the URI you wish to match.for more information, see Regular Expression Fundamentals [p. 233]. 11. Optional: Specify the monitored content types. Not supported by HTTP Express. For more information, see Content Type URL Monitoring in the Data Center Real User Monitoring Web Application Monitoring User Guide. 12. Optional: Define the custom metrics for the URL. Not supported by HTTP Express. 73

74 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic For more information, see Defining Custom Metrics for HTTP Monitoring in the RUM Console Online Help. 13. Optional: Define the operation attributes for the URL. Not supported by HTTP Express. For more information, see Operation Attributes in HTTP Monitoring in the RUM Console Online Help. 14. Optional: Configure the automatic page name recognition for the URL. Not supported by HTTP Express. For more information, see Automatic Page Name Recognition [p. 100]. 15. Optional: Define the end-of-page components for the URL Not supported by HTTP Express. For more information, see End-of-Page Components [p. 107]. 16. Optional: Configure the Correlation ID extraction for the asynchronous HTTP transactions. Not supported by HTTP Express. For more information, see Using Correlation ID to Monitor Asynchronous HTTP Transactions in the Data Center Real User Monitoring Web Application Monitoring User Guide. 17. Save or publish your changes. For more information, see Configuring Rules for User-Defined Software Services in the Data Center Real User Monitoring Citrix/Windows Terminal Services Monitoring User Guide. What to Do Next If you require URL recognition that includes parameter matching, you need to define parameter information for this URL definition. For more information, see Configuring Monitoring of URL Parameters in the RUM Console Online Help. Extracting Miscellaneous Parameters For each software service, URL, or URL with parameters, it is possible to define up to six miscellaneous parameters by specifying rules applied to the request URL or response body. Before You Begin It is assumed that you have already created a user-defined software service for this protocol and have specified one or more rules containing the essential components such as the IP address and port of the software service to be monitored. It is also assumed that you have created one or more URL definitions for your rules. Miscellaneous parameters are text strings available in the URL request or response body. You need to define recognizable text patterns conveying the miscellaneous parameters that then can be used in DC RUM reports as dimensions and enable additional ways of grouping data under specific categories of your interest. Miscellaneous parameters, unlike parameters extracted for URLs with parameters, are not defined together with an accompanying URL. When extracting Miscellaneous parameters, only the initial hit triggering the web page load is taken into account. The extracted Miscellaneous parameters must not be longer than 1030 bytes. 74

75 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic When defining the rule, you can use one of six methods to search for the parameters in the request URL or you can also use one additional method to search for the dimension in the response body. Note that the rules defined for URL or URL with parameters have a higher priority than those defined at the software service level. To add or edit a miscellaneous parameter pattern: Configure settings at the software service level 1. Start and log on to RUM Console. 2. From the top menu, select Software Services Manage Software Services. 3. Select a software service from the list. Click in the row corresponding with your service to display a set of rules for this service on the Configuration tab. 4. On the Configuration tab, select Edit manually from the Actions context menu for a selected rule. The Edit Rule pop-up window appears. In this window you can edit and delete the existing rules, or add new rules. 5. Navigate to the Miscellaneous Parameters tab. To quickly navigate to an existing entry in one of the six Miscellaneous parameter table, click in that table and then type some or all of the parameter. Click the magnifying glass icon or press [Ctrl+F] to open a search box to limit the table view to only those rows that contain a match (in any column) to the search string. 6. Right-click one of the six Miscellaneous parameter tables and choose Add to create a new dimension definition, or choose Open to open an existing definition. The URL Attribute dialog will open. You can define up to six parameters. The number of available Miscellaneous parameters, however, is limited by the number of defined URL with parameter definitions at the URL level. For example, if you use up all four parameter definitions available for a particular URL, you can define only two more Miscellaneous parameters. 7. Select a parameter matching method from the Parameter match list. When choosing the method, note that the Exact parameter, Start of parameter, Start of parameter (expand), End of parameter, Value RegEx, and Custom RegEx methods are applied to the request URL while the Search group method is applied to the response body. The following matching methods are supported: Exact Report the specified parameter or the parameter and value. Usage syntax 'name=value' or just 'name'. Source By selecting the appropriate check box, you can cause the parameter to be searched for in the request URL, POST body, or HTTP header. 75

76 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic If more than one option is selected, the selected parameter sources are searched for in sequence, in the order specified for HTTP analysis, until the first match is found. Method of matching parameters Parameters are identified in the request URL, POST body, or HTTP header by searching for the appropriate separator characters, as defined for the analysis of HTTP. After individual parameters have been identified a match is attempted for each parameter. Limitations A case-insensitive match is performed; no wildcard characters are permitted in the string. So, the wildcard character * is taken literally. Combining parameters If you have defined more than one parameter for a given URL, for a match to be successful all specified parameters have to be matched. When all matches are found, the reported string then contains a concatenation of all the matched parameters, separated by the ampersand & character. Note that for a single URL, different parameters can be extracted from different portion of the HTTP packet, request URL, POST body, or HTTP header, and combined into a single match. Examples You can specify 'john', to match though note that in this case will not be reported because the parameter value '=123' was not explicitly specified. To match it, you would need to specify 'john=123'. Start Report parameters that begin with a specified string; report only the matched pattern, truncate any remainder of the parameter. Usage syntax 'name=value' or any initial part of it this string, including string of the form 'name=' or just 'name'. Source By selecting the appropriate check box, you can cause the parameter to be searched for in the request URL, POST body, or HTTP header. If more than one option is selected, the selected parameter sources are searched for in sequence, in the order specified for HTTP analysis, until the first match is found. Method of matching parameters Parameters are identified in the request URL, POST body, or HTTP header by searching for the appropriate separator characters, as defined for the analysis of HTTP. After individual parameters have been identified a match is attempted for each parameter. Limitations A case-insensitive match is performed; no wildcard characters are permitted in the string. 76

77 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic Combining parameters If you have defined more than one parameter for a given URL, for a match to be successful all specified parameters have to be matched. When all matches are found, the reported string then contains a concatenation of all the matched parameters, separated by the ampersand & character. Note that for a single URL, different parameters can be extracted from different portion of the HTTP packet, request URL, POST body, or HTTP header, and combined into a single match. Examples 'fred=5' will match but it will be reported as The value 'fred' will match as well as and it will be reported as Start (expand) Report parameters which begin with a specified string; report the entire parameter, not only the matched pattern. Usage syntax 'name=value' or any initial part of it this string, including string of the form 'name=' or just 'name'. Source By selecting the appropriate check box, you can cause the parameter to be searched for in the request URL, POST body, or HTTP header. Note that more than one option can be selected, and in such a case, the selected parameter sources are searched for in sequence, in the order specified for HTTP analysis, until the first match is found. Method of matching parameters Parameters are identified in the request URL, POST body, or HTTP header by searching for the appropriate separator characters, as defined for the analysis of HTTP. After individual parameters have been identified a match is attempted for each parameter. Limitations A case-insensitive match is performed; no wildcard characters are permitted in the string. Combining parameters If you have defined more than one parameter for a given URL, for a match to be successful all specified parameters have to be matched. When all matches are found, the reported string then contains a concatenation of all the matched parameters, separated by the ampersand & character. Note that for a single URL, different parameters can be extracted from different portion of the HTTP packet, request URL, POST body, or HTTP header, and combined into a single match. 77

78 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic End Decoding and decompression The string to match the regular expression is first optionally decoded and decompressed, if the appropriate encoding and compression is selected. Examples 'fred=5' will match and it will be reported as The value 'fred' will match as well as and it will be reported as and respectively. Report parameters which end with a specified string; report the entire parameter, not only the matched pattern. Usage syntax 'name=value' or any final part of it this string, including string of the form '=value' or just 'value'. Source By selecting the appropriate check box, you can cause the parameter to be searched for in the request URL, POST body, or HTTP header. Note that more than one option can be selected, and in such a case, the selected parameter sources are searched for in sequence, in the order specified for HTTP analysis, until the first match is found. Method of matching parameters Parameters are identified in the request URL, POST body, or HTTP header by searching for the appropriate separator characters, as defined for the analysis of HTTP. After individual parameters have been identified a match is attempted for each parameter. Limitations A case-insensitive match is performed; no wildcard characters are permitted in the string. Combining parameters If you have defined more than one parameter for a given URL, for a match to be successful all specified parameters have to be matched. When all matches are found, the reported string then contains a concatenation of all the matched parameters, separated by the ampersand & character. Note that for a single URL, different parameters can be extracted from different portion of the HTTP packet, request URL, POST body, or HTTP header, and combined into a single match. Examples For to be matched, you can specify the following ends: '0', '00', '100', '=100', 'n=100' and so on, up to 'john=100'. Thus is reported. 78

79 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic Value RegEx Report parameters which begin with a specified string; optionally attempt to match the remainder of the parameter with a regular expression; report the start string and selected portions of the regular expression, if any. Usage syntax Parameter is entered as name=value or any initial part of it this string including string of the form name= or just name. A regular expression (regex) is entered as an extended POSIX regular expression. Source By selecting the appropriate check box, you can cause the parameter to be searched for in the request URL, POST body, or HTTP header. Note that more than one option can be selected, and in such a case, the selected parameter sources are searched for in sequence, in the order specified for HTTP analysis, until the first match is found. Method of matching parameters Parameters are identified in the request URL, POST body, or HTTP header by searching for the appropriate separator characters, as defined for the analysis of HTTP. After individual parameters have been identified a match is attempted for each parameter. Limitations A case-insensitive match is performed on the Parameter part; the regex part is matched as a case-sensitive POSIX regular expression. Combining parameters If you have defined more than one parameter for a given URL, for a match to be successful all specified parameters have to be matched. When all matches are found, the reported string then contains a concatenation of all the matched parameters, separated by the ampersand & character. Note that for a single URL, different parameters can be extracted from different portion of the HTTP packet, request URL, POST body, or HTTP header, and combined into a single match. Decoding and decompression The string to match the regular expression is first optionally decoded and decompressed, if the appropriate encoding and compression is selected. Examples parameter specification fred= and a regular expression AB(C?E) will match but it will be reported as because the AB portion of the regular expression was not included in round braces. Custom RegEx Report parameters that match the given regular expression; report those portions that have been selected within the regular expression. Usage syntax Enter an extended POSIX regular expression to match the desired string. Mark portions to be reported by using round braces ( and ). 79

80 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic Source By selecting the appropriate check box, you can cause the parameter to be searched for in the request URL, POST body, or HTTP header. Note that more than one option can be selected, and in such a case, the selected parameter sources are searched for in sequence, in the order specified for HTTP analysis, until the first match is found. Method of matching parameters The request URL, POST body, or HTTP header are not split into parameters prior to pattern matching. Instead, they are treated as single units of data and the regular expression is applied to their entire contents. Only the path part of the request URL is excluded from the matching process. Limitations The regular expression is entered according to POSIX syntax. Combining parameters If you have defined more than one parameter for a given URL, for a match to be successful all specified parameters have to be matched. When all matches are found, the reported string then contains a concatenation of all the matched parameters, separated by the ampersand & character. Note that for a single URL, different parameters can be extracted from different portion of the HTTP packet, request URL, POST body, or HTTP header, and combined into a single match. Decoding and decompression The string to match the regular expression is first optionally decoded and decompressed, if the appropriate encoding and compression is selected. Examples Regular expression fred=ab(c?e) will match but it will be reported as Regular expression (.*=)AB(C?E) will match as well as and it will be reported as and as respectively. Search group Report the text found in the response body between the first occurrences of strings defined by Match start and Match end. 8. Click OK to save the configuration. 9. Publish the draft configuration on the monitoring device. Optional: Configure settings for a URL 10. Repeat Step 1 [p. 75] through Step 4 [p. 75]. 11. Switch to the URL Monitoring tab. 80

81 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic 12. In the URL definitions table, right-click a specific URL and select Open from the context menu to open Monitored URL window. To quickly navigate to an entry in the URL definitions table, click in the table and then type some or all of the IP definition. Click the magnifying glass icon or press [Ctrl+F] to open a search box to limit the table view to only those rows that contain a match (in any column) to the search string. 13. Repeat Step 5 [p. 75] through Step 9 [p. 80]. Optional: Configure settings for a URL with parameters 14. Repeat Step 1 [p. 75] through Step 4 [p. 75]. 15. Switch to the URL Monitoring tab. 16. In the URL parameter groups table, right-click a specific parameter group and select Open from the context menu. The URL Parameter Group window appears. 17. Repeat Step 5 [p. 75] through Step 9 [p. 80]. The Miscellaneous parameter tables present all the values set for extracting miscellaneous parameters. The order of entries is important because it sets the rule priority. You can change the order by clicking the arrow buttons located beside the table (rows can be moved down or up). When you move a row, you automatically change the set's priority. The order of entry creation might be especially important if you expect two patterns defined on the same level to occur in one response. In such a situation, only the first pattern will be detected and processed further by the AMD. Note also that the rules applied to HTTP requests always take precedence over the response rules. It is not advised to use both of them to extract one parameter. Extracting Grouping Attributes For each software service, URL, or URL with parameters, you can define up to three grouping attributes by specifying rules applied to the request URL or response body. Before You Begin It is assumed that you have already created a user-defined software service for this protocol and have specified one or more rules containing the essential components such as the IP address and port of the software service to be monitored. It is also assumed that you have created one or more URL definitions for your rules. Grouping attributes are text strings available in the URL request or response body that uniquely identify clients. You need to define recognizable text patterns conveying the grouping attributes that then can be used in DC RUM reports as dimensions and enable additional ways of grouping data under specific categories of your interest. When defining a rule, you can use one of six methods to search for attributes in the request URL or you can also use one additional method to search for the attribute in the response body. You can define up to three grouping attributes. Each matching rule in each of the set of rules is 81

82 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic taken into account regardless of its order, but the rules applied to the HTTP requests always takes precedence over the response rules and it is not advised to use both of them to extract one attribute. The extracted Grouping attributes should not be longer than 255 bytes. Note that the rules defined for URL or URL with parameters have a higher priority than those defined at the software service level. To add or edit a grouping attribute pattern: Configure settings at the software service level 1. Start and log on to RUM Console. 2. From the top menu, select Software Services Manage Software Services. 3. Select a software service from the list. Click in the row corresponding with your service to display a set of rules for this service on the Configuration tab. 4. On the Configuration tab, select Edit manually from the Actions context menu for a selected rule. The Edit Rule pop-up window appears. In this window you can edit and delete the existing rules, or add new rules. 5. Navigate to the Grouping Attributes tab. To quickly navigate to an existing entry in one of the three Grouping attribute tables, click in that table and then type some or all of the attribute. Click the magnifying glass icon or press [Ctrl+F] to open a search box to limit the table view to only those rows that contain a match (in any column) to the search string. 6. Right-click one of the three Grouping attribute tables and choose Add to create a new dimension definition, or choose Open to open an existing definition. You can define up to three dimensions. The Grouping attribute dialog will open. 7. Select a parameter matching method from the Parameter match list. When choosing the method, note that the Exact parameter, Start of parameter, Start of parameter (expand), End of parameter, Value RegEx, and Custom RegEx methods are applied to the request URL while the Search group method is applied to the response body. The following matching methods are supported: Exact Report the specified parameter or the parameter and value. Usage syntax 'name=value' or just 'name'. Source By selecting the appropriate check box, you can cause the parameter to be searched for in the request URL, POST body, or HTTP header. If more than one option is selected, the selected parameter sources are searched for in sequence, in the order specified for HTTP analysis, until the first match is found. 82

83 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic Method of matching parameters Parameters are identified in the request URL, POST body, or HTTP header by searching for the appropriate separator characters, as defined for the analysis of HTTP. After individual parameters have been identified a match is attempted for each parameter. Limitations A case-insensitive match is performed; no wildcard characters are permitted in the string. So, the wildcard character * is taken literally. Combining parameters If you have defined more than one parameter for a given URL, for a match to be successful all specified parameters have to be matched. When all matches are found, the reported string then contains a concatenation of all the matched parameters, separated by the ampersand & character. Note that for a single URL, different parameters can be extracted from different portion of the HTTP packet, request URL, POST body, or HTTP header, and combined into a single match. Examples You can specify 'john', to match though note that in this case will not be reported because the parameter value '=123' was not explicitly specified. To match it, you would need to specify 'john=123'. Start Report parameters that begin with a specified string; report only the matched pattern, truncate any remainder of the parameter. Usage syntax 'name=value' or any initial part of it this string, including string of the form 'name=' or just 'name'. Source By selecting the appropriate check box, you can cause the parameter to be searched for in the request URL, POST body, or HTTP header. If more than one option is selected, the selected parameter sources are searched for in sequence, in the order specified for HTTP analysis, until the first match is found. Method of matching parameters Parameters are identified in the request URL, POST body, or HTTP header by searching for the appropriate separator characters, as defined for the analysis of HTTP. After individual parameters have been identified a match is attempted for each parameter. Limitations A case-insensitive match is performed; no wildcard characters are permitted in the string. Combining parameters If you have defined more than one parameter for a given URL, for a match to be successful all specified parameters have to be matched. When all matches 83

84 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic are found, the reported string then contains a concatenation of all the matched parameters, separated by the ampersand & character. Note that for a single URL, different parameters can be extracted from different portion of the HTTP packet, request URL, POST body, or HTTP header, and combined into a single match. Examples 'fred=5' will match but it will be reported as The value 'fred' will match as well as and it will be reported as Start (expand) Report parameters which begin with a specified string; report the entire parameter, not only the matched pattern. Usage syntax 'name=value' or any initial part of it this string, including string of the form 'name=' or just 'name'. Source By selecting the appropriate check box, you can cause the parameter to be searched for in the request URL, POST body, or HTTP header. Note that more than one option can be selected, and in such a case, the selected parameter sources are searched for in sequence, in the order specified for HTTP analysis, until the first match is found. Method of matching parameters Parameters are identified in the request URL, POST body, or HTTP header by searching for the appropriate separator characters, as defined for the analysis of HTTP. After individual parameters have been identified a match is attempted for each parameter. Limitations A case-insensitive match is performed; no wildcard characters are permitted in the string. Combining parameters If you have defined more than one parameter for a given URL, for a match to be successful all specified parameters have to be matched. When all matches are found, the reported string then contains a concatenation of all the matched parameters, separated by the ampersand & character. Note that for a single URL, different parameters can be extracted from different portion of the HTTP packet, request URL, POST body, or HTTP header, and combined into a single match. Decoding and decompression The string to match the regular expression is first optionally decoded and decompressed, if the appropriate encoding and compression is selected. 84

85 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic End Examples 'fred=5' will match and it will be reported as The value 'fred' will match as well as and it will be reported as and respectively. Report parameters which end with a specified string; report the entire parameter, not only the matched pattern. Usage syntax 'name=value' or any final part of it this string, including string of the form '=value' or just 'value'. Source By selecting the appropriate check box, you can cause the parameter to be searched for in the request URL, POST body, or HTTP header. Note that more than one option can be selected, and in such a case, the selected parameter sources are searched for in sequence, in the order specified for HTTP analysis, until the first match is found. Method of matching parameters Parameters are identified in the request URL, POST body, or HTTP header by searching for the appropriate separator characters, as defined for the analysis of HTTP. After individual parameters have been identified a match is attempted for each parameter. Limitations A case-insensitive match is performed; no wildcard characters are permitted in the string. Combining parameters If you have defined more than one parameter for a given URL, for a match to be successful all specified parameters have to be matched. When all matches are found, the reported string then contains a concatenation of all the matched parameters, separated by the ampersand & character. Note that for a single URL, different parameters can be extracted from different portion of the HTTP packet, request URL, POST body, or HTTP header, and combined into a single match. Examples For to be matched, you can specify the following ends: '0', '00', '100', '=100', 'n=100' and so on, up to 'john=100'. Thus is reported. Value RegEx Report parameters which begin with a specified string; optionally attempt to match the remainder of the parameter with a regular expression; report the start string and selected portions of the regular expression, if any. 85

86 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic Usage syntax Parameter is entered as name=value or any initial part of it this string including string of the form name= or just name. A regular expression (regex) is entered as an extended POSIX regular expression. Source By selecting the appropriate check box, you can cause the parameter to be searched for in the request URL, POST body, or HTTP header. Note that more than one option can be selected, and in such a case, the selected parameter sources are searched for in sequence, in the order specified for HTTP analysis, until the first match is found. Method of matching parameters Parameters are identified in the request URL, POST body, or HTTP header by searching for the appropriate separator characters, as defined for the analysis of HTTP. After individual parameters have been identified a match is attempted for each parameter. Limitations A case-insensitive match is performed on the Parameter part; the regex part is matched as a case-sensitive POSIX regular expression. Combining parameters If you have defined more than one parameter for a given URL, for a match to be successful all specified parameters have to be matched. When all matches are found, the reported string then contains a concatenation of all the matched parameters, separated by the ampersand & character. Note that for a single URL, different parameters can be extracted from different portion of the HTTP packet, request URL, POST body, or HTTP header, and combined into a single match. Decoding and decompression The string to match the regular expression is first optionally decoded and decompressed, if the appropriate encoding and compression is selected. Examples parameter specification fred= and a regular expression AB(C?E) will match but it will be reported as because the AB portion of the regular expression was not included in round braces. Custom RegEx Report parameters that match the given regular expression; report those portions that have been selected within the regular expression. Usage syntax Enter an extended POSIX regular expression to match the desired string. Mark portions to be reported by using round braces ( and ). Source By selecting the appropriate check box, you can cause the parameter to be searched for in the request URL, POST body, or HTTP header. 86

87 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic Note that more than one option can be selected, and in such a case, the selected parameter sources are searched for in sequence, in the order specified for HTTP analysis, until the first match is found. Method of matching parameters The request URL, POST body, or HTTP header are not split into parameters prior to pattern matching. Instead, they are treated as single units of data and the regular expression is applied to their entire contents. Only the path part of the request URL is excluded from the matching process. Limitations The regular expression is entered according to POSIX syntax. Combining parameters If you have defined more than one parameter for a given URL, for a match to be successful all specified parameters have to be matched. When all matches are found, the reported string then contains a concatenation of all the matched parameters, separated by the ampersand & character. Note that for a single URL, different parameters can be extracted from different portion of the HTTP packet, request URL, POST body, or HTTP header, and combined into a single match. Decoding and decompression The string to match the regular expression is first optionally decoded and decompressed, if the appropriate encoding and compression is selected. Examples Regular expression fred=ab(c?e) will match but it will be reported as Regular expression (.*=)AB(C?E) will match as well as and it will be reported as and as respectively. Search group Report the text found in the response body between the first occurrences of strings defined by Match start and Match end. 8. Click OK to save the configuration. 9. Publish the draft configuration on the monitoring device. Optional: Configure settings for a URL 10. Repeat Step 1 [p. 82] through Step 4 [p. 82]. 11. Switch to the URL Monitoring tab. 12. In the URL definitions table, right-click a specific URL and select Open from the context menu to open Monitored URL window. To quickly navigate to an entry in the URL definitions table, click in the table and then type some or all of the IP definition. 87

88 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic Click the magnifying glass icon or press [Ctrl+F] to open a search box to limit the table view to only those rows that contain a match (in any column) to the search string. 13. Repeat Step 5 [p. 82] through Step 9 [p. 87]. Optional: Configure settings for a URL with parameters 14. Repeat Step 1 [p. 82] through Step 4 [p. 82]. 15. Switch to the URL Monitoring tab. 16. In the URL parameter groups table, right-click a specific parameter group and select Open from the context menu. The URL Parameter Group window appears. 17. Repeat Step 5 [p. 82] through Step 9 [p. 87]. The Grouping attribute tables present all the values set for extracting grouping attributes. The order of entries is irrelevant because each matching hit is used to extract the grouping attributes. Configuring User Name Recognition for SAP GUI over HTTP The enhanced method of extracting and processing user identification for HTTP can be configured globally for all HTTP-related software services configured on AMDs set to work in HTTP Mode, or it can be configured for a specific user-defined software service on the User Name Recognition tab. For SAP GUI over HTTP software services, monitoring a predefined user recognition policy is enabled by default. You can use the default setting, modify it, or add your own. Before You Begin It is assumed for this task that you have already created one or more user-defined software services for this protocol and that you are familiar with how to access global settings for user identification for HTTP and with user identification rule settings for a specific service. Ensure HTTP analyzer is set to HTTP mode. For more information, see Choosing HTTP Analyzer Mode in the Data Center Real User Monitoring Web Application Monitoring User Guide. When adding the detection rules used to identify the user names, you have to follow one the following scenarios. User session context The user name recognition is performed in the context of a particular user session. All monitored hits must contain the session ID, but only a single login hit contains the user name. In addition to defining the user detection rules, define session ID rules as well, as described in Configuring User Name Recognition for HTTP in HTTP Mode in the RUM Console Online Help. The SAP GUI schema user name recognition policy is based on this scenario. Non-context The user name recognition is performed individually per hit, consequently each hit must contain a user name. You only need to add user detection rules as described in Configuring User Name Recognition for HTTP in HTTP Mode in the RUM Console Online Help 88

89 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic Ack URL (User session context, acknowledge URL) The user name recognition is performed in the context of a particular user session and a login is validated by redirection to a special acknowledge URL. All monitored hits must contain the session ID, but only the ACK hit is the first one to contain the user name. Besides user and session ID rules, you need to provide the acknowledge URL (as described in the procedure) for the AMD to be able to discover a user session and retrieve the user name. 1. Open the User Name Recognition screen for a particular user-defined software service or open the corresponding screen for Global settings. 2. Select or clear Enable User Name Recognition for a specific service. This option is available only for a specific software service. Clearing the setting here disables it for this service only, regardless of any global settings for HTTP. Selecting it gives you the choice of using global settings or of selecting settings specific for the given service. Service-specific settings always take precedence over global settings. 3. Select a search policy. Add new or select an existing policy, that is a container for a set of detection rules. Right-click a cell in the Available Policies table and select Add or Edit. Adding the detection rules 4. Adding user name rules. Right-click a row in the User recognition rules table and select Add or Open. User Recognition Rule Definition dialog opens. At least one user rule is required for user recognition mechanism. a. Choose a type of user recognition rule. When adding the detection rules used to identify the user names, you have to follow one the following scenarios. Ack URL (User session context, acknowledge URL) The user name recognition is performed in the context of a particular user session and a login is validated by redirection to a special acknowledge URL. All monitored hits must contain the session ID, but only the ACK hit is the first one to contain the user name. Besides user and session ID rules, you need to provide the acknowledge URL (as described in the procedure) for the AMD to be able to discover a user session and retrieve the user name. Session ID (User session context) The user name recognition is performed in the context of a particular user session. All monitored hits must contain the session ID, but only a single login hit contains the user name. Besides user detection rules, you need to define session ID rules as well. User Name (Non-context) The user name recognition is performed individually per hit, consequently each hit must contain a user name. You only need to add user detection rules as described in Step 4 [p. 89] b. Choose where to search for a value. 89

90 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic You can retrieve the user names and session identifiers from a number of entities, referred to as search scopes. For more information, see Choosing Search Scope for User Identification [p. 90]. c. Optional: Configure the Host and path settings. Enter the following to filter the traffic used for user name recognition. Host pattern Server host name. Path pattern The leading part of a URL. Only hits beginning with this string will be matched. This parameter is optional. If it is not specified, the path is assumed to be / and it will match any requested URL. d. Configure the search and transformation rules to be applied. It is sometimes difficult to perform a successful match resulting in a legible string in one pass. In such situations, you can perform further transformations to your initial search result. Right-click a row in the Apply following search and transformation rules table and select Add or Open. Search or transformation rule definition dialog opens. e. Advanced settings Match only when response has one of the indicated HTTP status codes. The HTTP status codes can be defined by providing the HTTP status code range. Use the official HTTP status codes to narrow down qualifying responses. ( ) Informational ( ) Success ( ) Redirection ( ) Client error ( ) Server error Choosing Search Scope for User Identification You can retrieve the user names and session identifiers from a number of entities, referred to as search scopes. When you create a user name or session ID rule definition, you have to apply it to only one search scope, which you have to choose as a first step in creating the definition. Identify the entities containing user or session identification, consider applicable scenarios, then choose one of the following scopes: Request or Response Headers Request or Response Body Request parameter Cookie 90

91 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic Note that available search methods depend on the selected search scope. For more information, see Choosing Method of Searching for User Identification [p. 91]. When you create a number of definitions for one policy, the definitions are applied in the order in which they were entered in the rules table. The first successful match is used. Choosing Method of Searching for User Identification Choose one of the available search methods to detect the user names in the selected search scope. Depending on the selected search scope, choose one the methods of extracting user names. Each search method requires you to specify a different set of extraction rules. Add prefix Use this method if you expect the value to always be preceded by a specific prefix. To extract the value, provide the prefix expected to precede the value. Cookie name search Specify the cookie from which to extract the value. Provide the value of a specific cookie name confirming a successful login. The session ID, for mapping to the value, is extracted from this cookie. Successful logins are normally recognized by a SET COOKIE operation for the named cookie Basic Use this method if you expect the value to always be carried by a specific parameter. To extract the value, provide the name of the parameter. Depending on the selected search scope, the term parameter refers to a specific entity, such as a cookie name when the search scope is set to cookie, or a header field when the search scope is set to request or response header. Enter the parameter name without delimiters. The search is not case sensitive and no wildcard characters are permitted in the string unless the wildcard character * is to be used literally. This search method is not available for the response body search scope. Decode / decompress If you expect to perform a search on a compressed or encoded data, or URL encoded in case of URL parameters, you can bring the search results to a human readable form by using one of available decoders, Base64, Base64 + Gzip, Gzip or URL encoding. You can also extract parts of your initial search results by using Text search or Regular expression search methods. Choosing Method of Searching for User Identification [p. 91] Mime encoded list filter Use this method if you expect to find a value in an MIME format. Including text in character sets other than ASCII, message bodies with multiple parts and in header information encoded in non-ascii character sets. NTLM search Use this method to search for a value in an NTLM authentication request header. Depending on your choice, the value can be composed of the following fields: workstation, domain, or user. Select the fields that compose an identified value and, if necessary, change the default character used to separate the selected components in the resulting value. 91

92 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic Parameter name and value search Use this method if you expect the value to always be carried by the specific parameter. To extract the value, provide the parameter name. Depending on the selected search scope, the term parameter may refer to a specific entity, such as a cookie name (when the search scope is set to cookie), or a header field (when the search scope is set to request or response header). Parameter name prefix search Use this method if you expect the value to always be carried by a specific parameter with a specific prefix. To extract the value, provide the parameter name prefix and indicate what data should be reported. The results of the search can be presented as a parameter name and the value, just the parameter value or just a parameter prefix. Parameter value suffix search Use this method if you expect the user name to always be carried by the specific value of a parameter with a specific suffix. To extract the user name, provide the value for the suffix. Regex search You construct a regular expression that, when applied to a selected search scope, returns the value. The regular expression must contain at least one group enclosed in parentheses. If the regular expression returns a number of search groups, you can define the custom group order by entering a comma-separated list in the order of your choice (for example, 2,1,3). This method is not available for the cookie and response body search scopes. For more information, see Regular Expression Fundamentals [p. 233]. You can test the patterns that will be used by the AMD using the Regular Expressions Test tool, which is activated after you click Test located next to the regular expression pattern field. For more information, see Testing Regular Expressions [p. 235]. Example 3. The following is an example of extracting the value of REMOTE_ADDR field from the HTTP header. An HTTP header might contain the following information: GET HTTP/1.1 Accept: */* Referer: Accept-Language: en-us Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0) Host: Connection: Keep-Alive Cookie: FPB=061j8hura11q56cv; CRZY9=t=1; REMOTE_ADDR: The following regular expression extracts the address from the REMOTE_ADDR field: REMOTE_ADDR: ([.0-9]*) Text phrase search Use this method if you expect the user name to always be found in the text. The provided value for the search parameter will be used to match the text phrases in the analyzed traffic. 92

93 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic Text search Use this method if you expect to find a user name between the first occurrences of strings defined by Match start and Match end. Because it is not always possible to extract the user names directly, you can use this method as a first step in preparing content for search result transformations. You can set a Search limit in bytes to avoid lengthy search results. This method is not available for the cookie search scope. Dimensions, Metrics and Attributes in HTTP Monitoring You can define custom metrics to monitor certain types of measurable data that is specific to your network environment or software. You can analyze and categorize operation attributes (text entities retrieved from requests and responses of a web application operation). You can extract miscellaneous parameters from the request or response body. You can also define grouping attributes by specifying the rules to be applied to the request URL or response body. A custom metric is a non-standard metric you can use to count values specific to your web application. Custom metrics can be, for example, the number of items sold or the total value of a transaction. The values are reported as user-defined metrics on the report server. Extracting an operation attribute, which is a text entity retrieved from the requests and responses of a web application operation, can help to diagnose and report specific events or errors caused by end-user actions. Miscellaneous parameters are text strings available in the URL request or response body. You need to define recognizable text patterns conveying the miscellaneous parameters that then can be used in DC RUM reports as dimensions and enable additional ways of grouping data under specific categories of your interest. Miscellaneous parameters, unlike parameters extracted for URLs with parameters, are not defined together with an accompanying URL. When extracting Miscellaneous parameters, only the initial hit triggering the web page load is taken into account. The extracted Miscellaneous parameters must not be longer than 1030 bytes. Grouping attributes are text strings available in the URL request or response body that uniquely identify clients. You need to define recognizable text patterns conveying the grouping attributes that then can be used in DC RUM reports as dimensions and enable additional ways of grouping data under specific categories of your interest. In order to define dimensions, metrics or attributes that you wish to extract and monitor, follow these configuration steps: 1. Open the Dimensions, Metrics, Attributes tab for the service. 2. Add or open a definition to be monitored and reported in a specific way. In the Dimensions, Metrics, Attributes table, right-click and choose Add to create a new definition, or Open to open an existing definition. The Dimensions, Metrics, Attributes window will open. 3. Choose how the value should be reported Custom metric You can define up to five custom metrics to monitor certain types of measurable data that is specific to your network environment or software. Use this mechanism if you want to obtain non-standard measurements extracted from the HTTP, XML, or SOAP traffic. 93

94 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic A custom metric is a non-standard metric you can use to count values specific to your web application. Custom metrics can be, for example, the number of items sold or the total value of a transaction. The values are reported as user-defined metrics on the report server. Custom metrics can be defined on the level of: software service URL URL parameters The number of metrics for each level is globally limited to five. Choose the custom metric level that matches the characteristics of the traffic to monitor. For example, to monitor an HTTP software services in which URL monitoring is not deployed, define the custom metric for the software service custom metric level. However, to define URLs and URL parameters, use the appropriate custom metric levels for each. The level you choose should directly relate to where the information to monitor can be found Also consider performance issues when choosing a custom metric level. For example, if you define custom metrics for a software service globally, the rule will be applied to all URLs that the analyzer processes, and could possibly negatively impact the performance of the AMD. This may be unnecessary if you only want to extract this type of data only from two types of URLs, in which case you can define the rule at the URL or even URL parameter level. The custom metric values are collected during traffic monitoring and can be configured in the RUM Console for the HTTP and transactional software services (SOAP and XML). By default, the new metric names are derived from the field name in an HTTP or XML request. These names can be changed later on the report server for easier identification. The custom metric values are presented by the report server in dedicated columns that show the number of occurrences and the sum and average values. Grouping attribute Grouping attributes are text strings available in the URL request or response body that uniquely identify clients. You need to define recognizable text patterns conveying the grouping attributes that then can be used in DC RUM reports as dimensions and enable additional ways of grouping data under specific categories of your interest. Note that the rules defined for URL or URL with parameters have a higher priority than those defined at the software service level. Miscellaneous parameter Miscellaneous parameters are text strings available in the URL request or response body. You need to define recognizable text patterns conveying the miscellaneous parameters that then can be used in DC RUM reports as dimensions and enable additional ways of grouping data under specific categories of your interest. Miscellaneous parameters, unlike parameters extracted for URLs with parameters, are not defined together with an accompanying URL. When extracting Miscellaneous parameters, only the initial hit triggering the web page load is taken into account. The extracted Miscellaneous parameters must not be longer than 1030 bytes. 94

95 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic When defining the rule, you can use one of six methods to search for the parameters in the request URL or you can also use one additional method to search for the dimension in the response body. Note that the rules defined for URL or URL with parameters have a higher priority than those defined at the software service level. Operation attribute Configuring extraction of request operation attributes is almost identical to the process for custom metrics, the main difference being that the custom metrics functionality is used to extract and report numeric values, while the request operation attributes relate to textual data. 4. Choose where the value should be reported The options available for this step depend on the selection made in the Choose how the value should be reported option. Custom metric (1, 2, 3, 4, 5) Select a metric category from 1 through 5, where each number corresponds to one of five custom metric categories. The values extracted will be reported by CAS in the same custom metrics category. Grouping attribute (1, 2, 3) You can define up to three grouping attributes. Each matching rule in each of the set of rules is taken into account regardless of its order, but the rules applied to the HTTP requests always takes precedence over the response rules and it is not advised to use both of them to extract one attribute. The extracted Grouping attributes should not be longer than 255 bytes. The order of entries is irrelevant because each matching hit is used to extract the grouping attributes. Miscellaneous parameter (1, 2, 3, 4, 5, 6, page name) You can define up to six parameters. The number of available Miscellaneous parameters, however, is limited by the number of defined URL with parameter definitions at the URL level. For example, if you use up all four parameter definitions available for a particular URL, you can define only two more Miscellaneous parameters. Operation attribute (1, 2, 3, 4, 5) Select a category from 1 through 5, where the selection from the dropdown list corresponds to one of five operation attribute categories. Values extracted will be reported by the CAS in the same category. 5. Choose where to search for the value You can retrieve the values from a number of entities: Request or Response Headers Request or Response Body Request parameter 6. Apply additional search and transformation rules. Choose one of the available search methods to detect the values: 95

96 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic Add prefix Use this method if you expect the value to always be preceded by a specific prefix. To extract the value, provide the prefix expected to precede the value. Cookie name search Specify the cookie from which to extract the value. Provide the value of a specific cookie name confirming a successful login. The session ID, for mapping to the value, is extracted from this cookie. Successful logins are normally recognized by a SET COOKIE operation for the named cookie Decode / decompress If you expect to perform a search on a compressed or encoded data, or URL encoded in case of URL parameters, you can bring the search results to a human readable form by using one of available decoders, Base64, Base64 + Gzip, Gzip or URL encoding. You can also extract parts of your initial search results by using Text search or Regular expression search methods. Mime encoded list filter Use this method if you expect to find a value in an MIME format. Including text in character sets other than ASCII, message bodies with multiple parts and in header information encoded in non-ascii character sets. NTLM search Use this method to search for a value in an NTLM authentication request header. Depending on your choice, the value can be composed of the following fields: workstation, domain, or user. Select the fields that compose an identified value and, if necessary, change the default character used to separate the selected components in the resulting value. Parameter name and value search Use this method if you expect the value to always be carried by the specific parameter. To extract the value, provide the parameter name. Depending on the selected search scope, the term parameter may refer to a specific entity, such as a cookie name (when the search scope is set to cookie), or a header field (when the search scope is set to request or response header). Parameter name prefix search Use this method if you expect the value to always be carried by a specific parameter with a specific prefix. To extract the value, provide the parameter name prefix and indicate what data should be reported. The results of the search can be presented as a parameter name and the value, just the parameter value or just a parameter prefix. Parameter value suffix search Use this method if you expect the value to always be carried by the specific value of a parameter with a specific suffix. To extract the value, provide the value for the suffix. Regex search You construct a regular expression that, when applied to a selected search scope, returns the value. The regular expression must contain at least one group enclosed in parentheses. If the regular expression returns a number of search groups, you can define the custom group order by entering a comma-separated list in the order of your choice (for example, 2,1,3). This method is not available for the cookie and response 96

97 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic body search scopes. For more information, see Regular Expression Fundamentals [p. 233]. You can test the patterns that will be used by the AMD using the Regular Expressions Test tool, which is activated after you click Test located next to the regular expression pattern field. For more information, see Testing Regular Expressions [p. 235]. Example 4. The following is an example of extracting the value of REMOTE_ADDR field from the HTTP header. An HTTP header might contain the following information: GET HTTP/1.1 Accept: */* Referer: Accept-Language: en-us Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0) Host: Connection: Keep-Alive Cookie: FPB=061j8hura11q56cv; CRZY9=t=1; REMOTE_ADDR: The following regular expression extracts the address from the REMOTE_ADDR field: REMOTE_ADDR: ([.0-9]*) Text phrase search Use this method if you expect the value to always be found in the text. The provided value for the search parameter will be used to match the text phrases in the analyzed traffic. Text search Use this method if you expect to find a value between the first occurrences of strings defined by Match start and Match end. Because it is not always possible to extract the value directly, you can use this method as a first step in preparing content for search result transformations. You can set a Search limit in bytes to avoid lengthy search results. This method is not available for the cookie search scope. 7. Advanced settings Define the matching based on pattern or absence of a pattern. a. Select a condition Pattern presence The response for a defined category is reported if a given pattern was detected, which is the default setting. Pattern absence The response for a defined category is reported if a given pattern was not detected. b. Enter a Host Pattern. Enter the pattern to match in the host field in HTTP requests. The pattern should consist of a case-sensitive string that is expected to be found in the host name and may also contain an optional wild-card character * to signify any number of any characters. 97

98 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic If spaces are included in the pattern, the pattern must be enclosed in a pair of double or single quotation marks. Otherwise, quoting the pattern is optional. NOTE The eligible hosts are selected by limiting the size of the host group to the one defined by the narrowest condition. In other words, for a particular sample of monitored traffic data, if one host pattern defines a set of hosts that is included in the set of hosts defined by another pattern, a match will be attempted on the smaller group first. If the monitored traffic data does match the application response definition for the smaller group of hosts, there is no attempt to match the same traffic data to the application response definition for the larger set. For example, the pattern *.abc defines a larger set of hosts than the pattern *.myhost.abc. In this case, for any given sample of monitored traffic data, first, an attempt to match it to the response definition for *.myhost.abc and, if successful, there is no attempt to match it to the response definition for *.abc. Within a given host group, all path patterns that match are taken into consideration while searching for responses. To ensure meaningful results, no two different patterns defining host names should be matched by a single host, except for the pattern *. This means that the same patterns can repeat in the configuration file, but for any two different patterns, the search will not find a host that matches both of them. For example, if there are two patterns such as *t* and *u*, the host names Jupiter and Saturn both match both of the patterns because both of the names contain the letters u and t. So, if you are monitoring two such hosts, modify your pattern so that no host matches both of them. However, if there are no such hosts in the monitored data, the above pattern will cause no problems. Similar requirements apply to the patterns for paths and response pattern text. c. Enter a Path Pattern. Enter a pattern to match the path field in HTTP requests, after removing from it the leading portion, up to and including the host name. The pattern should consist of a case-sensitive string that is expected to be found in the path and it may also contain optional wild-card characters *, to signify any number of any characters. Note that if spaces are included in the pattern, the pattern must be enclosed in double or single quotation marks. Otherwise, quoting the pattern is optional. For example, if the path in the HTTP request is enter /sales/eg/index.jhtml. d. Match only when response has one of the following HTTP status code Match only when response has one of the indicated HTTP status codes. The HTTP status codes can be defined by providing the HTTP status code range. Use the official HTTP status codes to narrow down qualifying responses. 98

99 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic 1xx - Informational 2xx - Successful 3xx - Redirection 4xx - Client error 5xx - Server error Rule-based Character Encoding for HTTP Services Global support for character encoding for monitoring HTTP-based traffic can be customized per software service. Before You Begin It is assumed that you have already created one or more user-defined software services for this protocol. You can define different character encoding for each of the HTTP components: URI encoding Parameter encoding (request) Header encoding (request) Response header encoding Response body encoding To customize character encoding: 1. Start and log on to RUM Console. 2. From the top menu, select Software Services Manage Software Services. 3. Select a software service from the list. Click in the row corresponding with your service to display a set of rules for this service on the Configuration tab. 4. Select the Character Encoding tab. 5. Right-click the Encodings table and then select Add to create a new setting, or select Open to modify an existing record. 6. Type the settings for a specified host. Note that if you leave the Host box empty, the settings will be applied to all entities that comply with the rule. Not all encoding settings have to be configured. The per-rule settings take precedence over global or implied settings. 7. Save or publish the configuration. Click Save to save your changes and continue with configuration. Click Save and Publish to immediately update the devices configuration. 99

100 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic Automatic Page Name Recognition URL strings appearing on reports can be very long and difficult to read, but you can specify URL names to use instead. You can either add a static page name, or you can configure the AMD to retrieve the page name automatically from the HTML body of the HTTP response page or from the request URL. Before You Begin It is assumed that you have already created a user-defined software service for this protocol and have specified one or more rules containing the essential components such as the IP address and port of the software service to be monitored. It is also assumed that you have created one or more URL definitions for your rules. Automatic page name recognition can be configured at the software service level, at the URL level, or for a URL with parameters. However, this configuration will work only for URLs and parameter groups if explicitly assigned page names, as described in Configuring URLs for a Software Service Definition in the Data Center Real User Monitoring Web Application Monitoring User Guide, have not been set to have a higher priority. If a URL matches the criteria you have specified in the page name extraction definition and an assigned static page name is not set to have a higher priority, the AMD will attempt to retrieve the page name automatically from the HTML body of the HTTP response or the request URL. Because the same URL or URL with parameters may return various web page content, various page names may be assigned to one URL or URL with parameters as a result of automatic page name retrieval. Configure Settings at the Software Service Level 1. Start and log on to RUM Console. 2. From the top menu, select Software Services Manage Software Services. 3. Select a software service from the list. Click in the row corresponding with your service to display a set of rules for this service on the Configuration tab. 4. On the Configuration tab, select Edit manually from the Actions context menu for a selected rule. The Edit Rule pop-up window appears. In this window you can edit and delete the existing rules, or add new rules. 5. Switch to the Page Name Recognition tab. 6. Choose the page name recognition priority. You can decide whether to give priority to static names or to names retrieved automatically using the response rules. Select Use static page names if defined if a static page name should always be used (if defined) or Use automatically retrieved page names from the HTML body of the response over static names if automatic page name recognition based on response rules should take precedence. 7. Add or edit a response recognition rule. 100

101 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic Right-click the Response rules table and choose Add or Open. For software services based on SAP GUI over HTTP and SAP GUI over HTTPS analyzers, the table already contains a default definition enabling you to automatically extract the page name in SAP GUI over HTTP and SAP GUI over HTTPS environments. 8. Specify the strings to extract as the page name. The text between the first occurrences of strings defined by Begin tag and End tag found in the response body are reported as the page name. For example, suppose you want the web page title to be reported as the page name. The title is defined by the title element in the head section of the web page, like this: <head> <meta http-equiv="content-type" content="text/html; charset=iso "> <meta http-equiv="content-language" content="pl"> <title>page title</title> </head> To extract the Page title string as your page name, type <title> in the Begin tag field and </title> in the End tag field. Note that the definition is case sensitive. 9. Apply a regular expression to the extracted text. To trim the page name of redundant elements, you can add a regular expression in the Regex field to apply to the text extracted with Begin tag and End tag. 10. Decide whether you want to apply the definition immediately. Clear Disable this definition if you want to apply the definition immediately when you publish the configuration. Select Disable this definition if you want save the definition, but you do not want to use it now. 11. Add or edit a request recognition rule. Right-click the Request rules table and choose Add or Open. 12. Select a parameter matching method from the Parameter match list. The following matching methods are supported: Exact Report the specified parameter or the parameter and value. Usage syntax 'name=value' or just 'name'. Source By selecting the appropriate check box, you can cause the parameter to be searched for in the request URL, POST body, or HTTP header. If more than one option is selected, the selected parameter sources are searched for in sequence, in the order specified for HTTP analysis, until the first match is found. Method of matching parameters Parameters are identified in the request URL, POST body, or HTTP header by searching for the appropriate separator characters, as defined for the analysis 101

102 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic of HTTP. After individual parameters have been identified a match is attempted for each parameter. Limitations A case-insensitive match is performed; no wildcard characters are permitted in the string. So, the wildcard character * is taken literally. Combining parameters If you have defined more than one parameter for a given URL, for a match to be successful all specified parameters have to be matched. When all matches are found, the reported string then contains a concatenation of all the matched parameters, separated by the ampersand & character. Note that for a single URL, different parameters can be extracted from different portion of the HTTP packet, request URL, POST body, or HTTP header, and combined into a single match. Examples You can specify 'john', to match though note that in this case will not be reported because the parameter value '=123' was not explicitly specified. To match it, you would need to specify 'john=123'. Start Report parameters that begin with a specified string; report only the matched pattern, truncate any remainder of the parameter. Usage syntax 'name=value' or any initial part of it this string, including string of the form 'name=' or just 'name'. Source By selecting the appropriate check box, you can cause the parameter to be searched for in the request URL, POST body, or HTTP header. If more than one option is selected, the selected parameter sources are searched for in sequence, in the order specified for HTTP analysis, until the first match is found. Method of matching parameters Parameters are identified in the request URL, POST body, or HTTP header by searching for the appropriate separator characters, as defined for the analysis of HTTP. After individual parameters have been identified a match is attempted for each parameter. Limitations A case-insensitive match is performed; no wildcard characters are permitted in the string. Combining parameters If you have defined more than one parameter for a given URL, for a match to be successful all specified parameters have to be matched. When all matches are found, the reported string then contains a concatenation of all the matched parameters, separated by the ampersand & character. 102

103 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic Note that for a single URL, different parameters can be extracted from different portion of the HTTP packet, request URL, POST body, or HTTP header, and combined into a single match. Examples 'fred=5' will match but it will be reported as The value 'fred' will match as well as and it will be reported as Start (expand) Report parameters which begin with a specified string; report the entire parameter, not only the matched pattern. Usage syntax 'name=value' or any initial part of it this string, including string of the form 'name=' or just 'name'. Source By selecting the appropriate check box, you can cause the parameter to be searched for in the request URL, POST body, or HTTP header. Note that more than one option can be selected, and in such a case, the selected parameter sources are searched for in sequence, in the order specified for HTTP analysis, until the first match is found. Method of matching parameters Parameters are identified in the request URL, POST body, or HTTP header by searching for the appropriate separator characters, as defined for the analysis of HTTP. After individual parameters have been identified a match is attempted for each parameter. Limitations A case-insensitive match is performed; no wildcard characters are permitted in the string. Combining parameters If you have defined more than one parameter for a given URL, for a match to be successful all specified parameters have to be matched. When all matches are found, the reported string then contains a concatenation of all the matched parameters, separated by the ampersand & character. Note that for a single URL, different parameters can be extracted from different portion of the HTTP packet, request URL, POST body, or HTTP header, and combined into a single match. Decoding and decompression The string to match the regular expression is first optionally decoded and decompressed, if the appropriate encoding and compression is selected. Examples 'fred=5' will match and it will be reported as The value 'fred' will match as well as 103

104 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic End and it will be reported as and respectively. Report parameters which end with a specified string; report the entire parameter, not only the matched pattern. Usage syntax 'name=value' or any final part of it this string, including string of the form '=value' or just 'value'. Source By selecting the appropriate check box, you can cause the parameter to be searched for in the request URL, POST body, or HTTP header. Note that more than one option can be selected, and in such a case, the selected parameter sources are searched for in sequence, in the order specified for HTTP analysis, until the first match is found. Method of matching parameters Parameters are identified in the request URL, POST body, or HTTP header by searching for the appropriate separator characters, as defined for the analysis of HTTP. After individual parameters have been identified a match is attempted for each parameter. Limitations A case-insensitive match is performed; no wildcard characters are permitted in the string. Combining parameters If you have defined more than one parameter for a given URL, for a match to be successful all specified parameters have to be matched. When all matches are found, the reported string then contains a concatenation of all the matched parameters, separated by the ampersand & character. Note that for a single URL, different parameters can be extracted from different portion of the HTTP packet, request URL, POST body, or HTTP header, and combined into a single match. Examples For to be matched, you can specify the following ends: '0', '00', '100', '=100', 'n=100' and so on, up to 'john=100'. Thus is reported. Value RegEx Report parameters which begin with a specified string; optionally attempt to match the remainder of the parameter with a regular expression; report the start string and selected portions of the regular expression, if any. Usage syntax Parameter is entered as name=value or any initial part of it this string including string of the form name= or just name. A regular expression (regex) is entered as an extended POSIX regular expression. 104

105 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic Source By selecting the appropriate check box, you can cause the parameter to be searched for in the request URL, POST body, or HTTP header. Note that more than one option can be selected, and in such a case, the selected parameter sources are searched for in sequence, in the order specified for HTTP analysis, until the first match is found. Method of matching parameters Parameters are identified in the request URL, POST body, or HTTP header by searching for the appropriate separator characters, as defined for the analysis of HTTP. After individual parameters have been identified a match is attempted for each parameter. Limitations A case-insensitive match is performed on the Parameter part; the regex part is matched as a case-sensitive POSIX regular expression. Combining parameters If you have defined more than one parameter for a given URL, for a match to be successful all specified parameters have to be matched. When all matches are found, the reported string then contains a concatenation of all the matched parameters, separated by the ampersand & character. Note that for a single URL, different parameters can be extracted from different portion of the HTTP packet, request URL, POST body, or HTTP header, and combined into a single match. Decoding and decompression The string to match the regular expression is first optionally decoded and decompressed, if the appropriate encoding and compression is selected. Examples parameter specification fred= and a regular expression AB(C?E) will match but it will be reported as because the AB portion of the regular expression was not included in round braces. Custom RegEx Report parameters that match the given regular expression; report those portions that have been selected within the regular expression. Usage syntax Enter an extended POSIX regular expression to match the desired string. Mark portions to be reported by using round braces ( and ). Source By selecting the appropriate check box, you can cause the parameter to be searched for in the request URL, POST body, or HTTP header. Note that more than one option can be selected, and in such a case, the selected parameter sources are searched for in sequence, in the order specified for HTTP analysis, until the first match is found. 105

106 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic Method of matching parameters The request URL, POST body, or HTTP header are not split into parameters prior to pattern matching. Instead, they are treated as single units of data and the regular expression is applied to their entire contents. Only the path part of the request URL is excluded from the matching process. Limitations The regular expression is entered according to POSIX syntax. Combining parameters If you have defined more than one parameter for a given URL, for a match to be successful all specified parameters have to be matched. When all matches are found, the reported string then contains a concatenation of all the matched parameters, separated by the ampersand & character. Note that for a single URL, different parameters can be extracted from different portion of the HTTP packet, request URL, POST body, or HTTP header, and combined into a single match. Decoding and decompression The string to match the regular expression is first optionally decoded and decompressed, if the appropriate encoding and compression is selected. Examples Regular expression fred=ab(c?e) will match but it will be reported as Regular expression (.*=)AB(C?E) will match as well as and it will be reported as and as respectively. 13. Set the slow page thresholds for the particular page name string. You can set the page load time/operation time and server time thresholds for a particular page name string, either the name string set as a static page name, or the name string you expect to retrieve using automatic recognition rules. Right-click the Page name thresholds table and choose Add or Open. Type the page name, clear Inherit from rule setting, and set the value of your choice. If the page name string matches the name string reported, the thresholds you set take precedence over the thresholds set at other levels. 14. Click OK to save the configuration. 15. Publish the draft configuration on the monitoring device. Configure Settings at the URL Level Settings at the URL level take precedence over settings for a software service. 16. Repeat Step 1 [p. 100] through Step 4 [p. 100]. 17. Switch to the URL Monitoring tab. 106

107 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic 18. In the URL definitions table, right-click a specific URL and select Open from the context menu to open Monitored URL window. To quickly navigate to an entry in the URL definitions table, click in the table and then type some or all of the IP definition. Click the magnifying glass icon or press [Ctrl+F] to open a search box to limit the table view to only those rows that contain a match (in any column) to the search string. 19. Switch to the Page Name tab. 20. Decide whether to add a static page name for the monitored URL. To define a static page name for all the URLs matching the definition criteria, you can type the preferred name in the Static name field. You can decide whether to give priority to static names or to the names retrieved automatically from response rules. You can use the priority defined at the software service level or you can clear Inherit setting from the rule and choose whether a static page name should always be used when available or whether automatic page name recognition based on response rules should take precedence. 21. Repeat Step 7 [p. 100] through Step 15 [p. 106]. Configure Settings at the URL Parameters Level Settings at the URL parameters level take precedence over settings for a URL and software service. 22. Repeat Step 1 [p. 100] through Step 4 [p. 100]. 23. Switch to the URL Monitoring tab. 24. In the URL parameter groups table, right-click a specific parameter group and select Open from the context menu. The URL Parameter Group window appears. 25. Switch to the Page Name tab. 26. Decide whether to add a static page name for the monitored URL with parameters. To define a static page name for all the URLs with parameters matching the definition criteria, you can type the preferred name in the Static name field. You can decide whether to give priority to static names or to the names retrieved automatically from response rules. You can use the priority defined at the URL level or you can clear Inherit setting from the URL and choose whether a static page name should always be used when available or whether automatic page name recognition based on response rules should take precedence. 27. Repeat Step 7 [p. 100] through Step 15 [p. 106]. End-of-Page Components For each HTTP (HTTPS) software service, URL, or URL with parameters, you can define an end-of-page component identified by its URL. Loading this component indicates that the page is complete; no further elements are taken into account when calculating metrics for the page. Before You Begin It is assumed that you have already created a user-defined software service for this protocol and have specified one or more rules containing the essential components such as the IP address 107

108 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic and port of the software service to be monitored. It is also assumed that you have created one or more URL definitions for your rules. You can define the end-of-page components at the level of software service, URL and URL with parameters. If you decide to define the end-of-page components at more than one level, the definitions are complementary to one another and not overriding definitions at other levels. For each level, you can either provide a single regular expression that will match the URL of a component or provide a static list of components. To define end-of-page components: Configure settings at the software service level The definitions at the software service level are complementary to the definitions at other levels and do not override them. 1. Start and log on to RUM Console. 2. From the top menu, select Software Services Manage Software Services. 3. Select a software service from the list. Click in the row corresponding with your service to display a set of rules for this service on the Configuration tab. 4. On the Configuration tab, select Edit manually from the Actions context menu for a selected rule. The Edit Rule pop-up window appears. In this window you can edit and delete the existing rules, or add new rules. 5. Switch to the End of Page Components tab. 6. Define end-of-page components. This can be done in two ways: Provide an Element regular expression to match the end-of-page component. You can define a single regular expression that will match the end-of-page component. For example, the expression will match all the footer.png files downloaded from any of the section of the website, for example: Provide Static page components definitions. You can also add a number of static definitions, listing all the necessary end-of-page components across the monitored operations. To add the end-of-page components, right-click a line in the Component column and choose Add. You must enter a fully qualified URL of the component starting from the or strings. 7. Click OK to save the configuration. 108

109 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic 8. Publish the draft configuration on the monitoring device. Configure settings at the URL level The definitions at the URL level are complementary to the definitions at other levels and do not override them. 9. From the top menu, select Software Services Manage Software Services. 10. Select a software service from the list. Click in the row corresponding with your service to display a set of rules for this service on the Configuration tab. 11. On the Configuration tab, select Edit manually from the Actions context menu for a selected rule. The Edit Rule pop-up window appears. In this window you can edit and delete the existing rules, or add new rules. 12. Switch to the URL Monitoring tab. 13. In the URL definitions table, right-click a specific URL and select Open from the context menu to open Monitored URL window. To quickly navigate to an entry in the URL definitions table, click in the table and then type some or all of the IP definition. Click the magnifying glass icon or press [Ctrl+F] to open a search box to limit the table view to only those rows that contain a match (in any column) to the search string. 14. Repeat Step 5 [p. 108] and Step 6 [p. 108]. 15. Click OK to save the configuration. 16. Publish the draft configuration on the monitoring device. Configure settings at the URL parameters level The definitions at the URL parameters level are complementary to the definitions at other levels and do not override them. 17. From the top menu, select Software Services Manage Software Services. 18. Select a software service from the list. Click in the row corresponding with your service to display a set of rules for this service on the Configuration tab. 19. On the Configuration tab, select Edit manually from the Actions context menu for a selected rule. The Edit Rule pop-up window appears. In this window you can edit and delete the existing rules, or add new rules. 20. Switch to the URL Monitoring tab. 21. In the URL parameter group table, right-click a specific parameter group and select Open from the context menu. This will open the URL Parameter Group window. 22. Repeat Step 5 [p. 108] and Step 6 [p. 108]. 23. Click OK to save the configuration. 109

110 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic 24. Publish the draft configuration on the monitoring device. Excluding Elements from Orphaned Redirects Reporting For each software service, you can define elements to exclude from reporting as an orphaned redirect. Before You Begin It is assumed that you have already created a user-defined software service for this protocol and have specified one or more rules containing the essential components such as the IP address and port of the software service to be monitored. It is also assumed that you have created one or more URL definitions for your rules. If you do not want particular redirects to be reported as orphaned, exclude them from orphaned redirects reporting by defining strings describing these elements. You can define the elements to be extracted from the Location field of the HTTP header or the request URL. 1. Start and log on to RUM Console. 2. From the top menu, select Software Services Manage Software Services. 3. Select a software service from the list. Click in the row corresponding with your service to display a set of rules for this service on the Configuration tab. 4. On the Configuration tab, select Edit manually from the Actions context menu for a selected rule. The Edit Rule pop-up window appears. In this window you can edit and delete the existing rules, or add new rules. 5. Navigate to the Orphaned redirects tab. 6. Add or edit the elements to be extracted from the Location field of the HTTP header or the request URL. Right-click a row in the Location suffixes or Request URL tables and choose Add to create a new definition, or choose Open to open an existing definition. You can create a list of elements or you can also construct a regular expression to be applied to the URL to extract the element. Because the regular expression must return a value, make sure that it contains parentheses. When supplying elements to the Location suffixes or Request URL tables, you must provide the last URL element defining the file. For example, if an element that you want to exclude from reporting as an orphaned redirect is identified by the you need to add the footer.gif string. 7. Click OK to save the configuration. 8. Publish the draft configuration on the monitoring device. 110

111 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic HTTP Configuration Options for Selected User-Defined Software Services HTTP options for software services are options related to a variety of settings such as redirection handling, session recognition, multi-frame page handling, and client IP address extraction. They can be set globally for the AMD or individually for particular software services. To modify the configuration options related to service-specific settings for an individual HTTP software service: 1. Start and log on to RUM Console. 2. From the top menu, select Software Services Manage Software Services. 3. Select a software service from the list. Click in the row corresponding with your service to display a set of rules for this service on the Configuration tab. 4. On the Configuration tab, select Edit manually from the Actions context menu for a selected rule. The Edit Rule pop-up window appears. In this window you can edit and delete the existing rules, or add new rules. 5. Switch to the HTTP Options tab. 6. In the Multi-frame pages section, enable multi-frame page recognition. Here you enable or disable the entire mechanism of frame recognition automatic frame recognition and static frame recognition at all levels: global, service, and URL. NOTE You must turn this option on, if you want to monitor frame sets at all: Even if you define static frames to monitor on per-service level, the mechanism will not function, unless this global option here is turned on. Note also that this feature is not supported by HTTP Express analyzer. 7. Configure report URL after redirect. This option causes addresses after the last redirection to be reported for redirected pages. By default, redirections are reported as addresses of the originating page, before redirection takes place. The final target page will be reported regardless of how many redirects are detected in between. The option can be set globally for all software services or configured for a specific user-defined software service. Specific settings take precedence over global settings. It is not supported by HTTP Express analyzer. 8. Configure report URL prefixed with analyzed HTTP method. If this option is selected, the string POST or GET is prefixed to the reported URL. This option can be set globally for all software services or configured for a specific user-defined software service. Specific settings take precedence over global settings. 9. Configure the methods of assembling pages. For more information, see Assembling Pages [p. 120]. 10. Decide whether the port number should be ignored in the HTTP host field. 111

112 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic To overcome inconsistency in adding the port number to the host field by a browser, you can configure the HTTP analyzer to ignore the port in the HTTP host field. 11. Select client IP address extraction method. To turn off automatic client IP address extraction, select Off. To extract the client IP address from a header tag, select Header tag and type the name of the HTTP header field containing the real client IP information. The string extracted by the regular expression becomes the real client IP address reported to the report server. Example 5. The following is an example of extracting the value of REMOTE_ADDR field from the HTTP header. An HTTP header might contain the following information: GET HTTP/1.1 Accept: */* Referer: Accept-Language: en-us Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0) Host: Connection: Keep-Alive Cookie: FPB=061j8hura11q56cv; CRZY9=t=1; REMOTE_ADDR: The following regular expression extracts the address from the REMOTE_ADDR field: REMOTE_ADDR: ([.0-9]*) For details on how expressions are used, see Using Regular Expressions to Extract User Identification in the Data Center Real User Monitoring Web Application Monitoring User Guide. To use the real client IP address as both the user ID and the user IP address, select Try to convert user name to IP address. 12. Select analyzed HTTP methods. Choose between Only POST and GET and All Methods. This option is configured individually for user-defined software services. 13. Specify data generation options. This controls the scope of data generated by the AMD that is used in CAS and ADS reporting. CAS Data If you select Disabled, the AMD will stop saving data used in most CAS reports. In normal circumstances, you should not disable CAS data generation. ADS Data When controlling ADS data generation, you can either disable it completely or decide on the depth of available data. 112

113 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic ADS data only The AMD will generate data enabling you to access essential operation-level information. ADS data and hit details The AMD will generate data enabling you to access a deep drilldown report that represents an HTTP page hit broken down into specific HTTP elements. ADS data, hit and header details The AMD will generate data enabling you to access even deeper drilldown information retrieved from related request and response headers for the hit. 14. Click OK to save the configuration. 15. On the Software Services screen, click Publish Configuration. General Configuration Options for HTTP-Related Analyzers HTTP general configuration options are options related to a variety of settings such as timeout values, redirection handling, session recognition, multi-frame page handling, and cookie handling. They can be set globally for the AMD or individually for particular software services. Before You Begin It is assumed for this task that you have already created one or more user-defined software services for this protocol and know how to access and modify global settings for an AMD and settings for a specific service. To configure general options for monitoring this protocol: 1. Start and log on to RUM Console. 2. Select Devices and Connections Manage Devices from the top menu, to display the current device list. 3. Select Open Configuration from the context menu for an AMD. The AMD Configuration window appears. 4. Click Edit as Draft to set your configuration to draft mode (if you are not in draft mode already). 5. Navigate to Front-End-Monitoring Web HTTP General. NOTE Configuration options related to general settings for an AMD for this protocol analyzer are also under the HTTP Options tab for individual user-defined services. 6. Configure options available in the General section. The list of configuration options includes: 113

114 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic Redirect timeout This timeout period, expressed in seconds, is configured globally for all software services. HTTP redirects are stored until either a matching target URL is seen or a timeout expires. If the redirect target page has not been seen by the time the redirect timeout expires, the AMD reports the URL with all transactional metrics equal to zero and the redirect is referred to as an orphaned redirect. The URL reported is taken from the orphaned redirect. Cascaded unauthorized hits timeout Cascaded unauthorized hits older or equal to this timeout (in seconds) are treated as unauthorized. In case of a mixed cascade, redirects and unauthorized hits, the head of cascade determines which timeout should be used, Redirect timeout or Cascaded unauthorized hits timeout. Last packet HTTP session timeout If the time since the last packet for an HTTP session is longer than this value (in seconds), the hit is considered finished and closed. This timeout period is configured globally for all software services. Hit session timeout Maximum time delay allowing a hit to be linked to a page. The value is specified in seconds, with a resolution of one-tenth of a second, and is configured globally for all software services. User agent timeout Time in minutes after which a user agent will be erased from the cache. The value is configured globally for all software services. Maximum header length Maximum size in bytes of the buffer that the HTTP header can be assembled into before considering it incomplete and proceeding with its processing. This option is available only in HTTP mode of the HTTP analyzer. The value is configured globally for all software services. Maximum request body length Maximum size in bytes of the buffer that HTTP request body can be assembled into before considering it incomplete and proceeding with its processing. This option is available only in HTTP mode of the HTTP analyzer. The value is configured globally for all software services. Report URL after redirect This option causes addresses after the last redirection to be reported for redirected pages. By default, redirections are reported as addresses of the originating page, before redirection takes place. The final target page will be reported regardless of how many redirects are detected in between. The option can be set globally for all software services or configured for a specific user-defined software service. Specific settings take precedence over global settings. It is not supported by HTTP Express analyzer. 114

115 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic Report URL prefixed with analyzed HTTP method If this option is selected, the string POST or GET is prefixed to the reported URL. This option can be set globally for all software services or configured for a specific user-defined software service. Specific settings take precedence over global settings. The All methods option allows for processing all detected HTTP methods including the WebDAV HTTP extesion. The extended WebDAV methods automatically identified include: PROPFIND Retrieves properties and a directory hierarchy of a remote system. PROPPATCH Changes and deletes multiple properties is a single operation. MKCOL Creates directories or collections. COPY Copies a resource from one URI to another. MOVE Moves a resource from one URI to another. LOCK Puts a lock on a resource. UNLOCK NOTE Removes a lock from a resource. Monitoring WebDAV software services requires a specific configuration options. In order to properly report a hit as a separate operation, you must define a URL with regex matching all URLs ( and content types. Treat a client RST packet sent by the session as closing session If this option is selected, the protocol analyzer will treat a client RST packet sent by the session as closing the session instead of aborting it if there was no content length header. It is configured globally for all software services. 7. Configure page and session recognition based on cookies You can use cookies to distinguish between separate HTTP pages and sessions. This is useful when, for example, a number of distinct users are hidden behind a shared load balancer or a proxy server.for more information, see Global Settings for Page and Session Recognition Based on Cookies [p. 118]. 8. Select client IP address extraction method. To turn off automatic client IP address extraction, select Off. To extract the client IP address from a header tag, select Header tag and type the name of the HTTP header field containing the real client IP information. 115

116 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic The string extracted by the regular expression becomes the real client IP address reported to the report server. Example 6. The following is an example of extracting the value of REMOTE_ADDR field from the HTTP header. An HTTP header might contain the following information: GET HTTP/1.1 Accept: */* Referer: Accept-Language: en-us Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0) Host: Connection: Keep-Alive Cookie: FPB=061j8hura11q56cv; CRZY9=t=1; REMOTE_ADDR: The following regular expression extracts the address from the REMOTE_ADDR field: REMOTE_ADDR: ([.0-9]*) For details on how expressions are used, see Using Regular Expressions to Extract User Identification in the Data Center Real User Monitoring Web Application Monitoring User Guide. To use the real client IP address as both the user ID and the user IP address, select Try to convert user name to IP address. 9. Save or publish the configuration. Click Save to save your changes and continue with configuration. Click Save and Publish to immediately update the devices configuration. Content Type Monitoring By default, an AMD recognizes only HTML objects as pages, but it can be configured to treat types of objects as HTML pages to be monitored. Such objects may include, for example, images, embedded objects such as Flash objects, and objects that require third-party plug-ins to render. For SAP GUI over HTTP monitoring you must make your AMD monitor XML objects. For details of how to define new page objects for SAP GUI over HTTP monitoring, please refer to Monitoring of XML Objects Based on Content Type [p. 116]. Monitoring of XML Objects Based on Content Type By default, an AMD recognizes only HTML objects as pages, but it can be configured to treat types of objects as HTML pages to be monitored. Such objects may include, for example, images, embedded objects such as Flash objects, and objects that require third-party plug-ins to render. For SAP GUI over HTTP monitoring you must make your AMD monitor XML objects. To define other objects as HTML pages: 116

117 1. Start and log on to RUM Console. 2. Select Devices and Connections Manage Devices from the top menu, to display the current device list. 3. Select Open Configuration from the context menu for an AMD. The AMD Configuration window appears. 4. Navigate to Global Front-End Monitoring Web HTTP Content Type Monitoring. 5. Add text/xml content type to the table listing objects recognized as monitored pages. To have the AMD treat a certain content type as a monitored page, right-click the Objects Recognized as Pages table and select Add from the context menu (or click the add a new entry. Enter text/xml and select Treat as HTML. 6. Publish the draft configuration on the monitoring device. What to Do Next icon) to In addition to monitoring based on content type derived from the HTTP header, you can specify objects to be included in auto-learning as described in URL Auto-Learning [p. 126]. Note that this feature refers to the content of a field in the HTTP header, and not to a string contained in a URL being loaded. Global Settings for Recognition and Parsing of URLs The global configuration settings for recognition and parsing of URLs are inherited by all user-defined software services for HTTP. Global settings can be overridden by specific settings for a particular user-defined software service. NOTE Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic The default values for these settings should be sufficient for most purposes and care should be taken when modifying them. 1. Start and log on to RUM Console. 2. Select Devices and Connections Manage Devices from the top menu, to display the current device list. 3. Select Open Configuration from the context menu for an AMD. The AMD Configuration window appears. 4. Click Edit as Draft to set your configuration to draft mode (if you are not in draft mode already). 5. Open the global settings section for recognition and parsing of URLs. Navigate to Global Front End Monitoring Web Recognition and Parsing of URLs. 6. Select the method of truncating URLs. 117

118 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic In the field Method of Truncating URLs, select the method of truncating URLs when monitoring HTML page loads: No cut URLs are not truncated. Cut after last slash URLs are truncated after the last slash ( / ) character. Cut after first separator URLs are truncated after the first separator (see below for separator definitions). If cutting according to separators is selected and if the set of defined separators is empty, the URL is not cut, which is equivalent to specifying No cut. 7. Specify characters to be recognized as separators. a. In the First parameter separators field, type characters to be recognized as separators between URLs and their parameters. b. In the Parameter Separators in URL field, type characters to be recognized as separators between consecutive parameters in URL and POST body. c. In the Parameter Separators in HTTP Header field, enter characters to be recognized as separators between consecutive parameters in the HTTP header. NOTE If monitored pages may include the question mark (? ) character as the value of a parameter, it is necessary to remove it from the list of previously defined separators. 8. Define the order of searching for parameters. When defining a specific user-defined service to be monitored, you can indicate whether you want parameters extracted from the URL or from the URL request, or from any combination of these.for more information, see Configuring Monitoring of URL Parameters in the RUM Console Online Help. However, the order in which these components of the HTTP packet are searched is determined here for all HTTP services, and the first parameter that matches the search criteria is accepted. In the Search for Parameters First section, select In POST Body to cause the POST body to be searched before the URL. Selecting In URL Request will cause the URL to be searched before the POST body. The HTTP header is always searched last. 9. Publish the draft configuration on the monitoring device. Global Settings for Page and Session Recognition Based on Cookies You can use cookies to distinguish between separate HTTP pages and sessions. This is useful when, for example, a number of distinct users are hidden behind a shared load balancer or a proxy server. Before You Begin It is assumed that you have already created one or more user-defined software services for this protocol. 118

119 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic To configure page or session recognition using cookies: 1. Start and log on to RUM Console. 2. Select Devices and Connections Manage Devices from the top menu, to display the current device list. 3. Select Open Configuration from the context menu for an AMD. The AMD Configuration window appears. 4. Click Edit as Draft to set your configuration to draft mode (if you are not in draft mode already). 5. Select Configuration Global Front-End-Monitoring Web HTTP General. 6. Select or clear the check box to specify whether to use cookies to distinguish separate sessions and pages. 7. Optional: Enter the cookie name. If you provide a cookie name, only cookies with the specified name will be used for session and page recognition. If no cookie name is specified, all cookies are used. Thus, if a name is entered, hits with this particular cookie name will be linked, provided the cookie value is the same for all the hits. If no name is entered, all cookies in a hit are looked at and their value is extracted. Matching hits must have the same cookie names and cookie values. 8. Specify the cookie time-to-live resolution. If a given cookie or cookie set with particular cookie values does not appear in the analyzed traffic for this length of time, the cookie or cookie set is discarded and the corresponding session is considered closed. Future occurrences of this set will be treated as belonging to a new session. The value is specified in seconds. 9. Save or publish the configuration. Click Save to save your changes and continue with configuration. Click Save and Publish to immediately update the devices configuration. Global Settings for Client IP Address Extraction You can choose from three methods to extract the real client IP address from the HTTP header. Before You Begin It is assumed for this task that you have already created one or more user-defined software services for this protocol, and that you know how to access and modify global settings for an AMD and settings for a specific service. Configuration options related to general settings for an AMD for this protocol analyzer are found under Front-End-Monitoring Web HTTP General for Global settings, and also under the HTTP Options tab for individual user-defined services. To configure general options for client IP address extraction, modify the following settings in either global or service-specific settings, as applicable: 1. Specify one of the following settings for extracting the client IP address. 119

120 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic To turn off automatic client IP address extraction, select Off. To extract the client IP address from a header tag, select Header Tag and type the name of the HTTP header field containing the real client IP information. To extract the client IP address by applying a regex to the HTTP header, select Header Regex and type a regular expression matching the real client IP information in the HTTP header. The string extracted by the regular expression becomes the real client IP address reported to the report server. Example 7. The following is an example of extracting the value of REMOTE_ADDR field from the HTTP header. An HTTP header might contain the following information: GET HTTP/1.1 Accept: */* Referer: Accept-Language: en-us Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0) Host: Connection: Keep-Alive Cookie: FPB=061j8hura11q56cv; CRZY9=t=1; REMOTE_ADDR: The following regular expression extracts the address from the REMOTE_ADDR field: REMOTE_ADDR: ([.0-9]*) For details on how expressions are used, see Using Regular Expressions to Extract User Identification in the Data Center Real User Monitoring Web Application Monitoring User Guide. To use the real client IP address as both the user ID and the user IP address, select Try to Convert User Name to IP address. 2. Save or publish your changes. For more information, see Configuring General Data Collector Settings in the Data Center Real User Monitoring Web Application Monitoring User Guide. Assembling Pages Page assembly options concern the methods of assigning individual hits to pages (assembling pages from a number hits). Before You Begin It is assumed for this task that you have already created one or more user-defined software services for this protocol, and that you know how to access and modify global settings for an AMD and settings for a specific service. To configure general options for monitoring this protocol: 120

121 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic 1. Start and log on to RUM Console. 2. Select Devices and Connections Manage Devices from the top menu, to display the current device list. 3. Select Open Configuration from the context menu for an AMD. The AMD Configuration window appears. 4. Click Edit as Draft to set your configuration to draft mode (if you are not in draft mode already). 5. Navigate to Front-End-Monitoring Web HTTP Page Assembly. Regular hits Configure options available in the Regular hits section. The options relate to various flavors of cross-site hit assignment (assembling pages from hits requested or loaded from a number of hosts). 6. Decide whether to enable cross-site hit assignment. Select Enable cross-site hit assignment to enable page components loaded from different hosts to be recognized as belonging to the same page loaded as a result of a single transaction. 7. Decide whether to enable multi-client cross-site hit assignment. Select Enable multi-client cross-site hit assignment to enable HTML page components that belong to one page, but that are requested by a number of parallel proxy servers on behalf of a single client, to be recognized as belonging to the same page loaded as a result of a single transaction. Such a situation may occur if client traffic is directed through a number of proxy servers for each TCP/IP session. 8. Decide whether to enable multi-client real IP cross-site hits assignment. Select Enable multi-client real IP cross-site hit assignment in deployments with the AMD monitoring traffic from a number of load balancers. This way, the cross-site hit assignment is based on the real IP address of the client extracted from the X-forwarded-for HTTP header field. 9. Decide whether to enable hit assignment for different combinations of operating systems, browsers, and hardware. Select Enable hit assignment for different OS/Browser/Hardware combinations to enable HTML page components that belong to one page, but that are requested by hosts with a different operating system, browser, and hardware combination than the one detected in the first hit, to be recognized as belonging to the same page loaded as a result of a single transaction. 10. Decide whether to assign a hit to a page when no referrer is found. Select Assign hit to page when no referer found to assign a hit to a single page load if the analyzer has only one page load in progress and a new hit occurs that has no Referer field. This option is configured globally for all software services for this protocol. 121

122 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic Redirects Configure options available in the Redirects section. These options control the way pages are assembled in the case of redirects. 11. Choose keys used to assemble pages in the case of redirects. You can enable redirects identified by the same client IP, real client IP, user name, software service name, or OS/browser/hardware combination to be recognized as belonging to the same page loaded as a result of a single transaction. The real client IP is useful when monitoring the traffic from a number of load balancers. This way, you can use the real IP address of the client extracted from the X-forwarded-for HTTP header field as a key for redirects. 12. Decide whether to report redirections from HTTPS to HTTP. In the redirect from HTTPS to HTTP, the referrer is not set. Select Report redirections from HTTPS to HTTP to report this kind of redirect. 13. Decide whether to report a redirect as a page. You can configure page redirects as single regular pages and report them separately. This makes it possible to combine the redirects with the originating or target page (depending on the setting in Report URL after redirect). In this way, redirects can become operations and you can create transactions consisting of more than one step. Redirects are commonly used with login procedures. For example, if your web service requires login and four redirects occur, you can select Report redirect as page for the second URL and obtain a two-step transaction. This makes it possible to observe in greater detail where the problem occurs after it has been reported. Reporting of redirects as pages can be configured per server, per URL, and per URL parameter. If you do not select this option per URL, it inherits the value from the related per-server configuration. Default: not selected. Multi-frame pages It is possible to recognize framesets as single pages. This can be performed dynamically, by analyzing HTML tags, or statically, by explicitly defining framesets. For more information, see Multi-Frame Pages [p. 123]. 14. Decide whether to enable multi-frame page recognition. Select Enable multi-frame page recognition to enable the entire mechanism of frame recognition automatic frame recognition and static frame recognition at all levels: global, service, and URL. 15. Decide whether to enable automatic multi-frame page recognition. Select Enable automatic multi-frame page recognition to enable frame recognition based on analyzing HTML FRAMESET and IFRAME tags. 16. Save or publish the configuration. Click Save to save your changes and continue with configuration. Click Save and Publish to immediately update the devices configuration. 122

123 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic Multi-Frame Pages It is possible to recognize framesets as single pages. This can be performed dynamically, by analyzing HTML tags, or statically, by explicitly defining framesets. Before You Begin It is assumed that you have already created a user-defined software service for this protocol and have specified one or more rules containing the essential components such as the IP address and port of the software service to be monitored. It is also assumed that you have created one or more URL definitions for your rules. Configure global settings 1. Start and log on to RUM Console. 2. Select Devices and Connections Manage Devices from the top menu, to display the current device list. 3. Select Open Configuration from the context menu for an AMD. The AMD Configuration window appears. 4. Click Edit as Draft to set your configuration to draft mode (if you are not in draft mode already). 5. Navigate to Front-End-Monitoring Web HTTP Page Assembly. 6. In the Multi-frame pages section, enable multi-frame page recognition. Here you enable or disable the entire mechanism of frame recognition automatic frame recognition and static frame recognition at all levels: global, service, and URL. NOTE You must turn this option on, if you want to monitor frame sets at all: Even if you define static frames to monitor on per-service level, the mechanism will not function, unless this global option here is turned on. Note also that this feature is not supported by HTTP Express analyzer. 7. Optional: Enable or disable automatic multi-frame page recognition. Automatic frame recognition is based on analyzing the HTML FRAMESET and IFRAME tags. 8. Save or publish the configuration. Click Save to save your changes and continue with configuration. Click Save and Publish to immediately update the devices configuration. Optional: Configure settings related to individual software-services Service-specific settings take precedence over global settings. At this level, you can only configure automatic multi-frame page monitoring. 9. From the top menu, select Software Services Manage Software Services. 10. Select a software service from the list. 123

124 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic Click in the row corresponding with your service to display a set of rules for this service on the Configuration tab. 11. On the Configuration tab, select Edit manually from the Actions context menu for a selected rule. The Edit Rule pop-up window appears. In this window you can edit and delete the existing rules, or add new rules. 12. Click the HTTP Options tab. 13. Modify options related to automatic multi-frame page monitoring. By default, the configuration is inherited from global settings, which you can change using the provided check-boxes: Inherit from global setting and Enable automatic multi-frame page monitoring. 14. Publish the draft configuration on the monitoring device. Optional: Configure settings related to individual URLs URL settings take precedence over service rule settings and global settings. 15. Repeat Step 9 [p. 123] through Step 11 [p. 124]. 16. Click the URL Monitoring tab. This will open the Edit Rule pop-up window. 17. In the URL definitions table, right-click a URL for which you want to modify the configuration and select Open from the context menu. The Configure Monitored URL pop-up window will appear. 18. On the URL tab, in the Options section, modify settings related to automatic multi-frame page monitoring. By default, the configuration is inherited from global settings, which you can change using the provided check-boxes: Inherit from global setting and Enable automatic multi-frame page monitoring. 19. Define subframe URI matching patterns for static frame recognition. Subframe URI strict matching patterns For the static frame recognition method, this option enables you to define subframe URIs. For a subframe to be recognized, you need to enter the entire URI. If you have set URL cut method to nocut in global HTTP settings, you also need to specify the parameters to match. Otherwise, enter the URI up to the cut point. For information on setting the cut method, see Global Settings for Recognition and Parsing of URLs [p. 117]. Subframe URI regex patterns For the static frame recognition method, this option enables you to define subframe URIs as regular expressions. This method of defining URIs is very powerful and flexible, but it consumes more processing power than subframe URI strict matching. Also note that the cut method specified in global HTTP settings does not apply here, so the regular expression you enter should take into account any URI parameters expected in the URI you want to match. For more information, see Regular Expression Fundamentals [p. 233]. 124

125 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic 20. Click OK to save the configuration. 21. Publish the draft configuration on the monitoring device. What to Do Next For individual user-defined software services for which multi-frame pages can occur, you can configure the method of calculating server time for such pages. For more information, see Calculating Server Time for Multi-Frame Pages [p. 125]. Calculating Server Time for Multi-Frame Pages You can configure how to calculate server time for HTTP-based protocols for which multi-frame pages can occur. This configuration is performed for individual user-defined software services. Before You Begin It is assumed that you have already created a user-defined software service for this protocol and have specified one or more rules containing the essential components such as the IP address and port of the software service to be monitored. It is also assumed that you have created one or more URL definitions for your rules. This configuration option is provided because for multi-frame pages the server time for the first HTTP object can be insignificant compared to the server times of subsequent objects. You can therefore specify a method of calculating the server time based on either the server time for the first object or based on a formula incorporating the server times of the subsequent objects. 1. Start and log on to RUM Console. 2. From the top menu, select Software Services Manage Software Services. 3. Select a software service from the list. Click in the row corresponding with your service to display a set of rules for this service on the Configuration tab. 4. In the Rules table, right-click a rule for which you want to configure calculating server time for multi-frame pages and select Open from the context menu. The Rule Configuration pop-up window is displayed. 5. Click the HTTP Options tab. 6. Choose one of the following options for Server time method for multi-frame pages: Server time for the first HTML object Use the server time for the frame holder (for example, an HTML frameset document or a document with an iframe tag). The longest server time of all HTML objects Use the single longest server time of all HTML objects in the page. Total server time for all HTML objects Use the sum of all server times for all HTML objects in the page. This is the default value. 125

126 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic The longest server time of all objects Use the single longest server time of all server time calculations for all page objects (HTML objects or other objects). 7. Click OK to save the configuration. 8. Publish the draft configuration on the monitoring device. URL Auto-Learning URL auto-learning enables you to define the set of URLs appearing in per-url reporting statistics without the need to manually define each URL. URLs that are found frequently are learned and reported. Configuring URL Auto-Learning URL auto-learning can be configured globally for all HTTP software services or configured for an individual user-defined software service. You can also have a separate global configuration for default HTTP and HTTP Express analyzer based software services. Before You Begin It is assumed that you have already created a user-defined software service for this protocol and have specified one or more rules containing the essential components such as the IP address and port of the software service to be monitored. It is also assumed that you have created one or more URL definitions for your rules. Configure Global Settings 1. Start and log on to RUM Console. 2. Select Devices and Connections Manage Devices from the top menu, to display the current device list. 3. Select Open Configuration from the context menu for an AMD. The AMD Configuration window appears. 4. Click Edit as Draft to set your configuration to draft mode (if you are not in draft mode already). 5. Select Global Front-End Monitoring Web HTTP URL Auto-Learning or to Global Front-End Monitoring Web HTTP Express URL Auto-Learning, depending on the analyzer you use to monitor the HTTP services. 6. Select the Enable URL auto-learning check box to enable auto-learning for all services based on this protocol. 7. Define the size of reported URLs pool. If necessary, you can change the default size of reported URLs pool. The pool is shared among all monitored servers. The auto-learning algorithm aggregates the loads of all URLs for all servers - the server IP, port or any other attribute of the server is not taken into account by the auto-learning algorithm. Any member of the pool will be reported for all servers, regardless the activity on individual servers. 8. Adjust the auto-learning algorithm. 126

127 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic Click Advanced settings to show the properties so you can adjust the behavior of the auto-learning algorithm. For more information, see Details of the URL Auto-Learning Algorithm [p. 127]. 9. Specify whether URL auto-learning is to be limited to synthetic agents. Because the HTTP Express analyzer does not support synthetic agent recognition, this option is not available for HTTP Express. 10. Save or publish the configuration. Click Save to save your changes and continue with configuration. Click Save and Publish to immediately update the devices configuration. Optional: Configure the Settings at the Software Service Level 11. From the top menu, select Software Services Manage Software Services. 12. Select a software service from the list. Click in the row corresponding with your service to display a set of rules for this service on the Configuration tab. 13. On the Configuration tab, select Edit manually from the Actions context menu for a selected rule. The Edit Rule pop-up window appears. In this window you can edit and delete the existing rules, or add new rules. 14. Click the URL Auto-Learning tab. 15. Enable or disable URL auto-learning. A user-defined software service has the following options: Off To turn URL-auto learning off for this service. Global Settings To use global settings for all services based on this protocol. Custom Settings To specify custom values for URL auto-learning settings for this software service. All To monitor all URLs for this software service. The option is not supported by the HTTP Express analyzer. 16. Optional: Adjust the auto-learning algorithm. This is only possible if you select Custom Settings in Step 15 [p. 127]. Click Advanced settings to show the properties so you can adjust the behavior of the auto-learning algorithm. 17. Click OK to save the configuration. Details of the URL Auto-Learning Algorithm The AMD uses a URL auto-learning algorithm to choose and report the most popular URLs observer in monitored traffic. 127

128 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic The AMD uses a pool of auto discovered URLs. It consists of members and candidates. The auto-learning algorithm aggregates the loads of all URLs for all monitored servers. The server IP address, port or any other attribute of the server is not used by the auto-learning algorithm. If a URL becomes the member of the pool, it is reported for all servers, regardless the activity on individual servers. URLs are inserted into the list of candidates and the list of members and moved between the lists according to the configuration parameters set in the Advanced setting section of the URL Auto-learning screens in the RUM Console. The AMD removes the URLs from the member list every specified interval, as controlled by the Cleanup interval property. Use the Percentage of new URLs property to control the portion of the members pool to be freed at the beginning of each interval and reserved for new highly active URLs. A candidate URL becomes a pool member if it is more popular than the portion of members defined by the Page loads threshold property. If you want to report URLs from all servers in the farm, regardless of the individual host name, you can deselect Use host name to exclude host names from the URL auto-learning algorithm. Enable the Slow page weight property to ensure that slow operation URLs with high volume loads are included in the auto-learning algorithm. To avoid a situation when no URLs are reported for software services with very little traffic, you can set the rules at the any software service level. In this way, you create a software service level pool with lower limits, making sure its URLs are reported. You can create separate pools within a single software service based on a number of servers. This way, you ensure the URLs monitored on a server with a lower traffic do not have to compete with URLs from a much larger server in terms of volume. You achieve this by assigning servers to groups within a single software service which translates to separate pools. Use the Group name option in the Service Details dialog. For more information, see Configuring Rules for User-Defined Software Services in the Data Center Real User Monitoring Citrix/Windows Terminal Services Monitoring User Guide. You can also create separate monitoring pools for default software services based on HTTP and HTTP express analyzers, both globally, and the software service level, by enabling URL auto-learning for default software services. URL Auto-Learning Diagnostics To monitor the performance of the URL auto-learning engine, log on to the AMD using an SSH connection and input the rcon command. To assess how many URLs are monitored, counters are maintained and can be displayed with the rcon command: show status The following is an example of the relevant portion of the output produced by this command. URI discovery status: Global Http Pool: monitored=6/600 candidates=0/2400 candidatespromoted=0 candidatesremoved=0 128

129 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic contenders=0 contendersadded=0 contendersremoved=0 contenderspromoted=0 Default Apps Http Pool: monitored=0/700 candidates=0/2800 candidatespromoted=0 candidatesremoved=0 contenders=0 contendersadded=0 contendersremoved=0 contenderspromoted=0 Express Http Pool: monitored=0/500 candidates=0/2000 candidatespromoted=0 candidatesremoved=0 contenders=0 contendersadded=0 contendersremoved=0 contenderspromoted=0 Application pools: 1 monitored=6 monitoredmax=500 candidates=0 candidatesmax=2000 candidatespromoted=0 candidatesremoved=0 contenders=0 contendersadded=0 contendersremoved=0 contenderspromoted=0 The reported counters are displayed in the table below: Table 2. Status Counters Counter monitored candidates candidatespromoted candidatesremoved contenders contendersadded contendersremoved contenderspromoted Meaning The number of monitored URLs in pool and a maximum allowed value as set in Number of reported URLs. The number of additionally tracked URLs, candidates to become monitored URLs and the limit as set in Size of candidates pool. The number of URLs promoted to being monitored. The number of candidate URLs that were tracked by the AMD, but were removed due to URL auto-learning advanced configuration. The number of URLs, neither monitored, nor tracked, seen by AMD in current short interval. The total number of contenders added. The total number of idle contenders removed. The total number of contenders promoted to the pool of tracked URLs. To see the details of the current URL auto-learning pool, use the command show urls from the AMD console. The command can be executed without parameters, and it displays all of the information for all of the URLs. When the command is executed with parameters, use the following syntax: show urls [all] < group name > < software service name > < url pattern > all When specified, the output contains a list of contenders URLs. group name Quoted string, only the specified group is included in the result. application name Quoted string, only the matching software service will be included in the result. 129

130 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic url pattern Quoted string, only URLs that match specified pattern are in the output. It is a simple substring match, for example Not all of the parameters have to be specified. The valid shorter versions of the command are: show urls show urls [all] group show urls [all] group application show urls [all] group application pattern If you do not want to specify a certain parameter, but it is required by the syntax, the value any can be used. For example, to display URLs for Example Software Service software service, you can use the following command: show urls any Example Software Service There are predefined values for the software service name parameter that can used to display the URLs monitored as a result of URL auto-learning configuration for default software services set for HTTP and HTTP Express analyzers at the general and software service level. GLOBAL_HTTP, DEFAPP_HTTP, GLOBAL_LIGHT_HTTP and DEFAPP_LIGHT_HTTP. Synthetic Agent and Browser Recognition A synthetic agent is a simulator of user traffic to a given web site. Synthetic agents are usually distributed over a number of different geographical site and are designed to measure website availability and performance. Synthetic agent traffic is recognized and treated differently than real user browser traffic. Recognition of the following synthetic agents and browsers is supported: KTXN Envive Gomez Keynote Mercury SiteScope Firefox Internet Explorer Chrome Opera Safari Configuring Synthetic Agents, Browsers, Operating System and Hardware Recognition In addition to the pre-configured agents, browsers, and operating system, you can define further recognition based on the strings extracted from the User-Agent field of the HTTP request-header. To manage the list of supported synthetic agents, browsers, operating systems, and hardware: 130

131 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic 1. Start and log on to RUM Console. 2. Select Devices and Connections Manage Devices from the top menu, to display the current device list. 3. Select Open Configuration from the context menu for an AMD. The AMD Configuration window appears. 4. Navigate to Global Front-End Monitoring Web HTTP Browser Recognition to manage the list of browsers and synthetic agents. 5. Right-click in the Browser Rules table and select: Add Browser to define a new synthetic agent or browser. Add Pattern to Browser to add an additional pattern to match an agent or browser. Open to modify an existing agent definition or browser. Delete to delete an existing agent definition. 6. Add or edit an agent or browser definition pattern. Right-click the Browser Recognition table. The Edit Browser dialog appears. a. Choose a user agent type. If you are adding a new user agent, select whether it is a browser or synthetic agent. b. Provide a user agent name to be used in the reports in case of a successful match. If you edit a synthetic agent, you have to provide its predefined identity (in the 50 to 150 range). c. Specify Hit Session Timeout. For each user agent on the list, you can specify a separate value for Hit Session Timeout, overriding the value configured globally for all software services. Maximum time delay allowing a hit to be linked to a page. The value is specified in seconds, with a resolution of one-tenth of a second, and is configured globally for all software services. Synthetic agents might require a higher Hit Session Timeout value because, unlike real users, they always load the full page contents and all of its elements. Real users, especially if they access frequently visited page, load many page items from the browser cache instead. d. Define the search pattern. In HTTP communication, the User-Agent request-header field contains information about the user agent originating the request. You can use either a simple pattern or a regular expression search. If you use a simple pattern, the string you enter is compared to the User-Agent field found in the HTTP header. A match occurs when the whole defined string has been found anywhere in the field. Because the User-Agent field may contain a longer string, you can choose to use a regular expression constructed to match a variety of strings falling into a category of your interest. 7. Navigate to Global Front-End Monitoring HTTP Operating System Recognition to manage the list of operating systems. 8. Add or edit an operating system definition pattern. 131

132 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic Right-click the Operating System Recognition table to open the Operating System Rule dialog. In the Name field, provide an operating system name to be used in the reports in case of a successful match. When defining the search pattern, you can use either a simple pattern or a regular expression search. 9. Navigate to Global Front-End Monitoring HTTP Hardware Recognition to manage the list of hardware. 10. Add or edit a hardware definition pattern. Right-click the Hardware Recognition table to open the Hardware Rule dialog. In the Name field, provide a hardware name to be used in reports when there is a successful match. When defining the search pattern, you can use either a simple pattern or a regular expression search. 11. Save or publish the configuration. Click Save to save your changes and continue with configuration. Click Save and Publish to immediately update the devices configuration. What to Do Next To disable synthetic agent and browser recognition, navigate to Global Front-End Monitoring Web HTTP Browser Recognition and deselect Enable User Agents Detections. Save and publish the changes. Synthetic Agent Recognition Based on Contents of HTTP Header For a new agent to be recognized automatically based on the contents of the HTTP header, configuration is necessary both on the AMD device that collects traffic data and on the report server. For more information, see Configuring Synthetic Agents, Browsers, Operating System and Hardware Recognition [p. 130]. New agent definitions on the report server are added in the Protocols/User Agents screen of the Diagnostic Console invoked by the following address : 132

133 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic Figure 15. Example Protocols/User Agents Screen To define a new agent, fill the input fields in the bottom portion of the screen and click Add. You need to enter the following information: ID The agent ID number as defined on the AMD, but preceded with the minus sign. All synthetic agent IDs are entered as negative numbers. User Agent Name The name of your choice. This is the name under which the agent will appear on reports. Protocol This should always be TCP. Real/Synthetic This should always be Synthetic. Synthetic Agent Recognition Based on User Name or IP Address Recognition of synthetic agents can also be performed based on the IP address or user name. This may be used if no relevant information can be extracted from the HTTP header. To configure this type of synthetic agent recognition, select the menu item Settings Report Settings User-Protocol Mapping. 133

134 Chapter 7 Configuring AMD to Monitor SAP GUI over HTTP Traffic This configuration screen enables you to set the PROTOCOL_MAPPING configuration property, which specifies mappings of user names or client IP addresses to special protocol IDs of synthetic agents. The syntax of the property value field is: username1=procotolid_1; username2=protocolid_2;...; ip:ipaddress1=procotolid_11; ip:ipaddress2=procotolid_12 The prefix "ip:" indicates that the client IP address is being mapped; otherwise, the user name is assumed. The wildcard character * can be used in user names or IP addresses. protocolid can be a number or a name of an agent. Names are not case sensitive. The screen lists pre-defined agent names and numbers. Example 8. Specifying synthetic agent mapping to user name or IP address topaz = -52 ; abcdef* = -53 ; ip: = Gomez ; ip: * = Keynote NOTE Every protocol ID used in User-Protocol Mapping should also be defined in the Protocols User Agents configuration screen, or protocol IDs may be reported incorrectly. 134

135 PART III Back-End Monitoring Configuration

136

137 CHAPTER 8 Configuring AMD to Monitor SAP Back-End Your SAP application servers communicate with database servers to store their run-time data. In this guide SAP back-end is understood as database servers. To acquire complete picture of all components cooperating as the SAP deployment you are advised to monitor database servers like Microsoft SQL Server or Oracle. The most common tasks related to SAP back-end monitoring include: Configuring options common to all database analyzers. Configuring global options dedicated to monitoring of chosen database server types. Configuring monitoring rules for individual database servers. Configuration Properties Common to All Database Analyzers For any given Agentless Monitoring Device (AMD), you can change global settings for all supported database protocols (TDS, DRDA, Informix, and Oracle) so that the settings are inherited by all user-defined software services for these protocols. In RUM Console, open configuration settings for an AMD and go to Global Database Monitoring General to set global settings for database analyzers. The settings are either common for each analyzer or are dedicated to a particular database (which is indicated in brackets beside the option's label). SQL query time threshold The number of seconds after which a database query is classified as slow. Report full queries Whether full queries are reported in ADS. Full queries are never reported in CAS. When you select full query reporting, you see queries in the form in which they were detected in the network traffic; query normalization rules do not influence the reported strings. If queries contain classified information, you can use masking to prevent certain strings from being reported. See SQL Query Normalization [p. 147] to learn about excluding sensitive information from query reports. 137

138 Chapter 8 Configuring AMD to Monitor SAP Back-End Select the check box beside the protocol name that you want to have logged. By default, processing and reporting of full queries is cleared for all protocols, and only normalized queries are reported. Note that only the first 1024 bytes of a full query are logged. Slow query threshold (DRDA only) Whether the slow operation threshold is compared to: Query duration Server delay Report cursor-based queries as single queries Select this option to have cursor-based queries reported as separate operations. Otherwise, all cursor operations are grouped and reported under their respective query operations. Log SQL statements Enables storage and processing of SQL statements on the AMD. Note that the first 1024 bytes of a query are logged. Report database name Enable this option to report the database name, which is used in the CAS reports as a module. For more information, see Multi-Level Hierarchy Reporting in the Data Center Real User Monitoring Central Analysis Server User Guide. Select the check box beside the protocol name for which you want to report the database name. User Identification Select Global Database Monitoring User Identification and enable the AMD to attempt to extract the database user name for the selected database protocols (TDS, DRDA, Informix, MySQL and Oracle). Next, select the protocols for which to extract the database user name. NOTE Some authentication methods do not allow to extract the database user name or database name, for example NTLM authentication for TDS. Also, if the connection traffic is not available, as in case of long-standing connections, the user name and the database name extraction may be not possible. Dynamic ports Select Global Advanced Database to enable or disable the dynamic ports reporting. Use the option with caution, because it switches the AMD into singlethreaded mode, which may impair the monitoring performance. Dynamic ports monitoring is required for a small fraction of the TDS or Oracle deployments and in new istallations is disabled by default. If you upgraded to current release, the option is selected, but we strongly recommend to disable it, if it is not reuired for your particular deployment. NOTE Some authentication methods do not allow to extract the database user name or database name, for example NTLM authentication for TDS. Also, if the connection traffic is not available, as in case of long-standing connections, the user name and the database name extraction may be not possible. 138

139 Reported Database Operation Types By default, operation type settings enabled in database monitoring are different for each analyzer (although a number of operations are common for all protocols). You can narrow or expand the list of reported operations for a given database protocol. To enable some operations excluded from reporting by default, in the RUM Console, open configuration setting s for an AMD and go to Global Database Monitoring General. Edit the table Supported operation types to adjust monitoring parameters for the requested database protocols (DRDA, MySQL, TDS, Oracle, Informix). Example 9. Reported operation types available for use with the following database analyzers: DRDA, MySQL, Oracle, Informix, TDS (Sybase and Microsoft SQL Servers) [p. 139] lists operations common to all protocols. Edit the table for each protocol and either add or delete operations (right-click for a menu of available options). Entering the tag means it will be enabled. Example 9. Reported operation types available for use with the following database analyzers: DRDA, MySQL, Oracle, Informix, TDS (Sybase and Microsoft SQL Servers) li:login qq:query pc:rpc 71:logout 21:lang 86:curdecl 23:curdecl2 84:curopen 82:curfetch 81:curdel 85:curupd 80:curcls e0:rpc e6:dbrpc e7:dynamic a3:dynamic2 Example 10. Reported operation types for Oracle monitoring The list includes additional operation types not listed in Example 9. Reported operation types available for use with the following database analyzers: DRDA, MySQL, Oracle, Informix, TDS (Sybase and Microsoft SQL Servers) [p. 139] and specific only to Oracle database protocol monitoring. de:describe ex:execute Chapter 8 Configuring AMD to Monitor SAP Back-End 139

140 Chapter 8 Configuring AMD to Monitor SAP Back-End Default Behavior For Oracle and Informix, the default list is empty and all operation types are reported. When you add an operation type for Oracle or Informix, only those listed in Supported operation types will be reported. For TDS, this subset of the operations is enabled by default: qq:query pc:rpc 21:lang 86:curdecl 23:curdecl2 e0:rpc e6:dbrpc e7:dynamic a3:dynamic2 Configuring Database Monitoring for Individual Servers Basic database analysis can be performed using default software services definitions. To customize monitoring properties or override global settings, create user-defined software services on a single AMD. Before You Begin See Configuring User-Defined Software Services in the RUM Console Online Help and Configuring Rules for User-Defined Software Services in the Data Center Real User Monitoring Citrix/Windows Terminal Services Monitoring User Guide to learn how to create and define user-defined software services. For a broader perspective, see Basic Monitoring Configuration in the Data Center Real User Monitoring Web Application Monitoring User Guide. To configure monitoring of individual SQL servers, you must create user-defined software services. Then you will be able to point to a specific server or servers and, for each of them, create query auto-learning rules and individual masks for SQL query literals. To change monitoring parameters for a defined server: In the Rule Configuration window, set the service address and port and, on the Query Auto-Learning tab, clear the Inherit from global settings check box. Edit the available options when they become active: Limit of queries that can be learned per server The limit of the number of queries that can be learned per server IP address. Default value: 50. Number of queries tracked in addition to the reported queries The AMD typically tracks more SQL queries than it reports; this is required to accurately pick the most frequently used ones. This parameter defines how many SQL queries are tracked in addition to the reported queries. It is expressed as a 140

141 Chapter 8 Configuring AMD to Monitor SAP Back-End percentage of the maximum number of reported queries. Values greater than 100 are allowed. Default value: 100. Number of executions a query has to reach before being learned Defines the number of executions a query has to reach before it will be learned. Default value: 10. Inactivity timeout for query in the learning list Defines, in seconds, the period of inactivity, after which a candidate query is demoted from its candidate status, when the query list is full. Default value: 300 seconds. See, Tuning guidelines [p. 146] for additional help on matching configuration with your needs. On the Query Aggregation tab, you can define additional masking parameters to avoid having sensitive information reported or processed by the AMD and you can also choose one of the available normalization method to be applied at the software service level. For more information, see SQL Query Normalization [p. 147]. On the Options tab, you can change additional monitoring parameters. Enable monitoring of persistent TCP sessions When this is selected, TCP sessions that do not start with SYN packets are monitored. By default, this is selected. Persistent TCP sessions are TCP sessions for which the start was not recorded. They are also referred to as non-syn sessions. These sessions can be included in the TCP statistics, based on the configuration properties you enable in RUM Console. The inclusion of these sessions may render the statistics somewhat inaccurate and must be undertaken with care. SQL query time threshold A database query that takes more than this many seconds is considered slow. When Inherit from global setting is selected, the global setting is used. To edit the global setting, open the AMD configuration, go to Global Database Monitoring General and set the SQL query time threshold. Generate ADS data Enable this option to provide data to the report server consisting of full SQL queries. SQL Server uses dynamic ports This is a TDS analyzer specific option. Select this option if the database engine you intend to monitor does not have a static port number assigned (for example, a named instance). In this case SQL Server Browser Service (SSBS) will be used to discover the actual port of the service. The AMD will use additional UDP analysis of the SSBS to discover the actual port number for the service you intend to monitor. If you select this option make sure the connection details set in Services tab identify SQL Server Browser Service (use IP address of the server and the port number of the SSBS). Leave this option unselected if your SQL Server uses static ports. 141

142 Chapter 8 Configuring AMD to Monitor SAP Back-End Enable user name recognition You can enable the AMD to attempt to extract the database user name for the selected database protocols (TDS, DRDA, Informix, MySQL and Oracle). Next, select the protocols for which to extract the database user name. Report database name Enable this option to report the database name, which is used in the CAS reports as a module. For more information, see Multi-Level Hierarchy Reporting in the Data Center Real User Monitoring Central Analysis Server User Guide. Select the check box beside the protocol name for which you want to report the database name. NOTE Some authentication methods do not allow to extract the database user name or database name, for example NTLM authentication for TDS. Also, if the connection traffic is not available, as in case of long-standing connections, the user name and the database name extraction may be not possible. Individual Query Monitoring The query monitoring feature enables you to define the queries that are always reported regardless of their frequency or performance, in other words, regardless if they comply with query auto-learning requirements. In the Rule Configuration window, select Query Monitoring tab and add or edit the query in the Key Queries table to open Monitored Query dialog. You can either specify a literally given query or use a regular expression that the query will match. Exact Select Exact to add a literally given query. In such case, you have to provide a literal string for the query and its custom name. Regular expression Select Regular expression to use a pattern to match a query. In such case you have to provide a regular expression to match a query and a custom name assigned to the matched occurrences. Note that when applying a regular expression, you can extract part of the query, getting rid of redundant elements. Optionally, you can specify the normalization method applied to queries found by means of regular expression. For more information, see SQL Query Normalization [p. 147]. Optionally, for both methods, you can override a default SQL query time threshold defined at the software service level. A query that takes more than this many seconds is considered slow. When Inherit setting from the rule is selected, the software service setting is used. To report the key queries bypassing the auto-learning scheme, select always report query. If you already defined the key queries and temporarily wish to leave the decision on their monitoring to the query auto-learning scheme, clear always report query, which is a default setting. Note that the queries that bypass the auto-learning mechanism will not be displayed on reports showing queries which most frequently occur or the ones having longest execution time. 142

143 Chapter 8 Configuring AMD to Monitor SAP Back-End Configuration effects on reported data Individual query monitoring settings affect data presentation on the CAS with regard to reporting hierarchy levels. Values that you enter in the Query definition section will be reported as operation names. They can be either combined or only the value from either field will be used. If set, Query name will be always visible on reports. If you use regular expressions to define individual queries they will also be reported as operation names. If you do not set the name then the value from Query field will be reported as operation name. Query Auto-Learning The query auto-learning feature enables you to define the set of queries appearing in per-query reporting statistics. The queries found (learned) to fall into at least one of these three categories are reported: the most frequently executed queries; queries with the longest average execution time; queries with the longest overall execution time. The learning process occurs on the AMD. You can turn this feature off, thus causing all queries to be reported, but normally it is desirable to report queries complying one of the above requirements optionally extended by a set of always reported queries defined manually. For more information, see Individual Query Monitoring [p. 142]. The query auto-learning configuration in RUM Console consists of the following properties: High-level Reporting SImplified reporting based on the autodiscovered software services. In this scenario, operation types are used for both tasks and operation names, which saves the system resources. Detailed operation names are reserved for monitoring based on user-defined software services. The autodiscovery feature detects the following operation types: Operation Types ORACLE TDS DRDA MySQL Database statement execution cancel X X Database login X X X X X Database logout X X X X X SQL select X X X X X SQL select distinct X X X X X SQL select count X X X X X 143

144 Chapter 8 Configuring AMD to Monitor SAP Back-End Operation Types ORACLE TDS DRDA MySQL SQL create statement X X X X X SQL execute statement X X X X X SQL insert X X X X X SQL update X X X X X SQL delete X X X X X SQL alter X X X X X SQL other statements X X X X X (such as describe, lock, explain, noaudit, grant, purge, declare, savepoint, rollback, comment, begin, etc) APPS SYS X X Database other RPC statements SYSPROC DBXXX X X X X X SYS X APPS X Prepared statement definition X X X X Prepared statement execution X X X X X Prepared statement destruction X X X X Database other operations X X X X 144

145 Chapter 8 Configuring AMD to Monitor SAP Back-End Operation Types ORACLE TDS DRDA MySQL Transaction rollback X X Transaction commit X X Transaction other operations X Cursor definition X X X X Cursor execution X X X X X Cursor destruction X X X X Detailed Reporting - No Auto-Learning Auto-learning disabled, reporting based on user-defined software services. Auto-Learn Reporting Select this option if you want to enable query learning. If this check box is not selected, all queries are reported. Default: enabled. Limit of queries that can be learned per server The limit of the number of queries that can be learned per server IP address. Default value: 50. Number of queries tracked in addition to the reported queries The AMD typically tracks more SQL queries than it reports; this is required to accurately pick the most frequently used ones. This parameter defines how many SQL queries are tracked in addition to the reported queries. It is expressed as a percentage of the maximum number of reported queries. Values greater than 100 are allowed. Default value: 100. Number of executions a query has to reach before being learned Defines the number of executions a query has to reach before it will be learned. Default value: 10. Inactivity timeout for query in the learning list Defines, in seconds, the period of inactivity, after which a candidate query is demoted from its candidate status, when the query list is full. NOTE Default value: 300 seconds. If the query list reaches its limit, queries are discarded using an algorithm of flushing and aging based on query activity. 145

146 Chapter 8 Configuring AMD to Monitor SAP Back-End Tuning guidelines If you want a small and stable number of the most active queries, you need a large set of potential candidates. Use the following settings as guidelines to obtain this goal: Number of queries tracked in addition to the reported queries Set to a high value (for example, 500) to give you a large set of potential candidates. Number of executions a query has to reach before being learned Set to a high value (for example, a few thousand) to define a threshold that only a few queries will attain. Limit of queries that can be learned per server Set to a low value. If you want to explore queries (to get a large number of queries) and if you do not mind if they disappear after some time, adjust the parameters the opposite way: Number of queries tracked in addition to the reported queries Set to a low value. Number of executions a query has to reach before being learned Set to a low value. Limit of queries that can be learned per server Set to a high value. Query Diagnostics You can use the AMD console to obtain information on the performance of the query auto-learning engine. Log on to the AMD using an SSH connection and input the following command: rcon The AMD console program accepts commands for performing management and diagnostic functions. To assess how many queries are monitored, issue the rcon command: show status The following is an example of the relevant portion of the output produced by this command. SQL discovery status: srvc=1 count=0 cand=0 mcand=50 mem=0 mmem=50 added=0 lost=0 rm=0 prom=0 c-shuf=0 m-shuf=0 t-prot=0 c-prot=0 failed: 0 of 1 See Table 3. Status counters [p. 146] for the list of reported counters. Table 3. Status counters Counter count added lost Meaning Current number of defined automatic queries (monitored + candidates) Total number of occurrences when an observed query was added to monitoring Total number of occurrences when an observed query was not added to monitoring 146

147 Chapter 8 Configuring AMD to Monitor SAP Back-End Table 3. Status counters (continued) Counter rm cand mem prom c-shuf m-shuf t-prot c-prot Meaning Total number of queries removed when flushing and aging the list Current number of observed candidates Current number of members (queries monitored) Number of times candidates were promoted to the list of monitored queries Number of times candidates were moved in the lists (shuffled) Number of shuffled members Number of timeout-protected candidates Number of use-protected candidates (candidates that are not deleted from the list because they are being used) To see the current cache content, use the command show queries from the AMD console. The command is either issued without any parameters (and then it displays all the information about all queries) or it can be supplied with the following three parameters, in this order: 1. SQL_Server_IP_address 2. software_service name 3. query For example: show queries " " "ORACLE" "SELECT NULL FROM DUAL FOR UPDATE NOWAIT" Query Aggregation SQL Query Normalization SQL query normalization means, for example, truncation of repeating patterns. Query normalization can be useful if you want to diminish the number of similar queries logged. If, for example, the queries differ only in the value of parameters, they can be truncated at a defined keyword and then only the unique queries will be processed and reported. You can choose an alternative way of gaining uniform, unique queries: mask literal values with a special symbol. You can configure the normalization methods globally, at the software service level or per individual static query, with the query level having the highest priority and the global setting, the lowest. To configure normalization methods, first open configuration settings for an AMD in RUM Console, and then choose how you want them to be configured: globally select Global Database Monitoring Query Aggregation. at the software service level in the Rule Configuration window, click the Query Aggregation tab; 147

148 Chapter 8 Configuring AMD to Monitor SAP Back-End at the query level in the Query Monitoring tab, add or edit a query to open the Monitored Query dialog and choose Regular expression as Query type. SQL Query Sensitive Data Masks Literal values (text values) in SQL queries may be pieces of information that you do not want to be visible at any stage of database monitoring (for example, passwords or credit card numbers). If you know that such strings are part of your monitored database traffic, configure literal masking on the AMD using RUM Console. The table SQL query sensitive data masks must be filled with strings that will be used to mask literals in SQL queries. Such a string is a SQL query (or a significant fragment of a query) that unambiguously defines literals that have to be masked. The literal to be masked is represented by the \# symbol, which is an obligatory element in the defined mask, while the \% symbol stands for an ordinary literal. Note that a backslash in this format has a special meaning and must be escaped: to indicate a backslash, a double backslash ( \\ ) must be used. When literal masking is defined, all the matching classified data will be removed and will never be processed by the AMD. Example 11. Masking SQL Query Literals Adding the following mask: WHERE user=\% AND password=\# will result in masking the password literal, but will report user. Adding the following mask: INSERT INTO users (id, name, cardnumber) VALUES (\%, \%, \#) will result in reporting users' ID and name but will mask their card numbers. SQLQuery Normalization Method The panel SQL query normalization method enables you to choose: Queries will be cut before keyword set, values, where, ( Cutting means that queries will be truncated before a specific keyword: where, set, values, or (. If the resulting string is longer than 1024 bytes and the Log SQL Statements option is turned on, it will be further truncated so it does not exceed the default limit. All query literals will be masked using the? character All literal values will be replaced by the? symbol. This normalization method is useful for aggregation of queries - types of queries are grouped regardless of the literals they contain. Optionally, you can exclude certain literals from masking by adding them to SQL query literals to exclude from masking table. As in sensitive literals masking, you can use \% symbol as an obligatory element, and optionally \# symbol Example 12. Excluding Literals from Masking Adding following the pattern to the SQL query literals to exclude from masking table user=\% 148

149 Chapter 8 Configuring AMD to Monitor SAP Back-End will result in masking all the literals except user. Note that, although only unique, normalized queries will be reported, the whole query with unmasked literals will still be recorded if the option Log Full Queries was set in the database monitoring global settings. Masking Sensitive Information in SQL Query Literals Use SQL query literal masks to protect confidential information that is part of a SQL query. Literal values (text values) in SQL queries may be pieces of information that you do not want to be visible at any stage of database monitoring (for example, passwords or credit card numbers). If you know that such strings are part of your monitored database traffic, configure literal masking on the AMD using RUM Console. To define masks in the configuration settings for an AMD, select Global Database Monitoring Query Aggregation. The table SQL query sensitive data masks must be filled with strings that will be used to mask literals in SQL queries. Such a string is a SQL query (or a significant fragment of a query) that unambiguously defines literals that have to be masked. The literal to be masked is represented by the \# symbol, while the \% symbol stands for an ordinary literal. Note that a backslash in this format has a special meaning and must be escaped: to indicate a backslash, a double backslash ( \\ ) must be used. When literal masking is defined, all the matching classified data will be removed and will never be processed by the AMD. Example 13. Masking SQL query literals WHERE user=\% AND password=\# INSERT INTO users (id, name, cardnumber) VALUES (\%, \%, \#) This kind of masking can also be set on each AMD (or a range of AMDs) and is defined per user-defined software service or individual query. For more information, see Configuring Database Monitoring for Individual Servers [p. 140] and Managing User-Defined Software Services in the Data Center Real User Monitoring Cerner Application Monitoring User Guide. 149

150 Chapter 8 Configuring AMD to Monitor SAP Back-End 150

151 PART IV SAP End-To-End Data on Reports

152

153 CHAPTER 9 Initial Central Analysis Server Reporting Configuration Before you start viewing reports, there are various configuration tasks that have to be performed. Defining the Basic Report Server Configuration Settings When you use the report server for the first time, you must select some basic configuration options. For Central Analysis Server select sites, user aggregation, and user tracking. For Advanced Diagnostics Server select a scalability mode. These options are fundamental to the servers' operation and must be specified before the report servers start to function. Complete the basic Central Analysis Server configuration. For more information, see CAS Basic Configuration Settings [p. 154]. Review the basic configuration for the Advanced Diagnostics Server. For more information, see ADS Basic Configuration Settings [p. 156]. Assigning the Data Collector Devices to a Report Server To manage the data collectors and report servers, use RUM Console (RUM Configuration). This tool consists of a server application (called Manager or RUM Console Server), and a client application (called Console or RUM Console). For more information, see RUM Console Overview in the Data Center Real User Monitoring RUM Console Installation Guide and Managing Devices in the Data Center Real User Monitoring Administration Guide. Defining sites The monitored traffic information can be organized in the way the report server sees traffic via AMDs. The hierarchy of sites, areas, and regions provides an organized view of the monitored network. A site is a term for a group of users that are located in the same IP network or group of networks sharing similar routing properties. Sites can be grouped together into areas, which in turn can be grouped together into regions. Use site definitions to help you identify IP networks. 153

154 Chapter 9 Initial Central Analysis Server Reporting Configuration The report server enables you to use two types of sites: manual sites and automatic sites. For more information, see Configuring Sites, Areas, and Regions [p. 159]. CAS Basic Configuration Settings When you use the CAS for the first time, you must specify a number of basic configuration options. These options must be configured before the CAS starts to function. Only users with administrative rights can modify the basic configuration settings. Every time the settings are updated on this screen, including the first time the application is run, the report server is restarted. When you click Update, the server is restarted and a message appears on the screen. Return to the CAS home page by clicking Continue. The report server restart can take a while, which may prevent you from quickly accessing the home page. Figure 22. CAS Configuration Screen To modify settings after the report server is deployed, select Settings Central Analysis Server Server Configuration from the top menu. 154

155 Chapter 9 Initial Central Analysis Server Reporting Configuration NOTE You can also modify these settings using the RUM Console. From the console top menu, select Devices and Connections Manage Devices, then choose Open configuration from the context menu for your CAS on the Devices screen. This command opens the configuration screen for a given server. To access settings related to users and sites, select Server Configuration from the menu. Sites, User Aggregation, and User Tracking A site is an organizing concept introduced to help report users identify particular IP networks. In this context, a site is defined as an IP network or a part of a network. A site is defined in one of two ways: Manual sites are specified as explicit IP address ranges. Automatic sites are based on either AS names or CIDR blocks, where a block is defined by an IP address and a network mask. All client IP addresses that are neither manual nor automatic sites are treated as belonging to the Default site. All server IP addresses that do not fall into any of the manual or automatic site categories are treated as belonging to the Default Data Center site. User aggregation means that users are not recognized individually, but are counted per site. Note that if sites are based on AS names, users can still be aggregated to CIDR blocks within ASes. However, if sites are based on CIDR blocks, users cannot be aggregated to ASes because ASes are higher level aggregates than CIDR blocks. The option Base automatic sites on enables you to select automatic sites based on either ASes or CIDR blocks. You can also opt not to have automatic sites. The option Base user aggregation on enables you to aggregate users to ASes or CIDR blocks, subject to any additional aggregation and user tracking options you may configure. Note that user aggregation is compatible with the way you configure the creation of automatic sites. If automatic sites are based on CIDR blocks, user aggregation can also be based on CIDR blocks, but it cannot be based on ASes, because ASes are not recognized entities. However, if you choose automatic sites based on ASes, you will have the choice of aggregating users to ASes or individual CIDR blocks. Additional user tracking and aggregation options enable you to track or count all or selected IP addresses or user identifiers while aggregating other users. These options may require you to enter IP address ranges consisting of IP addresses separated by hyphens. Both IPv4 and IPv6 address formats are supported. To define a range of IP addresses, you have to specify the starting and ending addresses in the following way: IPv IPv6 2001:0db8:0000:0000:0000:0000:1622:35bd-2001:0db8:0000:0000:0000:0000:1999:35bd An IP address range has to be continuous. Note that you can type an IPv6 address in any of the following ways (they are equivalent): 155

156 Chapter 9 Initial Central Analysis Server Reporting Configuration 2001:0db8:0000:0000:0000:0000:1622:35bd 2001:0db8:0:0:0:0:1622:35bd 2001:db8::1622:35bd ADS Basic Configuration Settings When you use the Advanced Diagnostics Server (ADS) for the first time, you are required to select the basic configuration options before the ADS starts to function. Administrative privileges are required to configure these settings. Configure ADS in two modes: Small Web Site and Large Web Site. The mode impacts how quickly your database grows and how quickly it affects report performance. In the Small Web Site mode, reports include more available low-level hit details data, used mostly to compose load sequence charts. In the Large Web Site mode, these details are accessible for shorter retention times and it takes longer to display them. However, this allows for five times more operations storage in the ADS database. TIP Use the Large Web Site mode when the operation volume is high and if your main objective is to use fault domain isolation or sequence transaction reporting. However, do not use this mode even if the operation volume is high if your main objective is to create fast hit-level detail reports for more than the last few hours. You can use data filtering to further limit the analyzed data to only those transactions and URLs that are most significant. Figure 23. ADS Scalability Settings Screen Small Web Site If your main requirement is a troubleshooting server with all-details drilldown reports from CAS (especially drilldown reports from single user activity reports to load sequence charts) the data availability limitations and report performance may be unacceptable in the large website mode. Using this scalability mode, the ADS records each individual operation and each individual operation hit in the database, so hit-level information can be used for planning purposes and historical analysis. One drawback is that the hit-level database affects the whole ADS database 156

157 Chapter 9 Initial Central Analysis Server Reporting Configuration size. Additionally, because the report response time influences ADS capacity, the capacity drops down and is affected by the response time of hit-level reports. In practice, it means about 2M operations (approximately 10M hits) per day. When you select Small Web Site, you can collect details about a small number of operation loads per day: approximately 2 million on Tier 1 equipment. Operation Elements When you select Small Web site, Operation Elements are stored in a database. 1 Page Headers By default, the page headers are stored on the AMD. To store all page headers in the database, select Store page headers in DB. This increases the size of the database to approximately 6 to 7 times larger than the original size. NOTE Storing the page headers on the AMD introduces certain limitations to the Operation element data data view. If the header data is stored on the AMD and you use page header-related dimensions in your report, you also have to apply an Operation ID or Hit ID filter in this report. Page header-related dimensions include: Request header Request parameters (from URL) POST data POST data (raw) Request cookie in the HTTP request section Response header Response cookie in HTTP response section Pause reading data It is recommended that you set the limit of the number operations per day. The cut-off value prevents overloading the system above the limits you expect it to operate within. As you change the two configuration settings, the suggested default values for the small and large website models appear. The data daily storage default limit for a small website is 2 million operations per day. By default, the data is still written to the database if the daily storage limit is exceeded and only an alert is issued. However, this behavior, as well as the limit itself, can be changed by a user with administrative privileges. For more information, see ADS Scalability-Related Configuration Properties in the Data Center Real User Monitoring Administration Guide. 1 For XML and SOAP, Operation Elements data is identical to Operation Analysis data, so, to avoid unnecessarily keeping the duplicates in the database, a VDATA_FILTER_XMLSOAP filter is set to true by default. Keeping this filter set to true saves disk space but, because the XML and SOAP entries are filtered out, it makes reporting on the Operation Elements level (elements or headers) impossible. To change the value of VDATA_FILTER_XMLSOAP property in userpropertiesadmin, type in the Web browser's Address bar and press [Enter], change the filter's property value, and click Set value to accept the change. To access this screen, you need to have administrative privileges for the report server. 157

158 Chapter 9 Initial Central Analysis Server Reporting Configuration Large Web Site You may want to use the Large Web Site mode if your main requirement for installing ADS is not to access the low level granularity data per every hit, but instead to access the sequence transactions or fault domain isolation. Using this scalability mode, the ADS does not record per-http-hit information, which reduces the volume of information kept in the SQL database to about 10M operations per day. Keeping only per-operation data, however, results in limited access to the HTTP hit information. Whenever you request information on the analyzed operations, the data is read directly from AMDs. This option makes it possible to view load sequence charts for an individual operation, but does not allow for aggregation of the information for more than one operation. When you select Large Web Site, you can collect the aggregated information for a large number of operations per day, approximately 10 million on Tier 1 equipment. The efficiency of Tier 2 is between 30% to 50% higher than that of Tier 1. The data daily storage default limit for a large website is 10 million operations per day. By default, the data is still written to the database if the daily storage limit is exceeded, and only an alert is issued. However, this behavior, as well as the limit itself, can be changed by a user with administrative privileges. For more information, see ADS Scalability-Related Configuration Properties in the Data Center Real User Monitoring Administration Guide. Operation Elements The Operation element data data view is limited in its report generation capability by the fact that traffic monitoring data is stored on the AMDs and not in the report server's database. For more information, see Operation Elements [p. 157]. Page Headers The page header data is stored on the AMDs. This is mandatory for large websites. NOTE Because of the Operation Elements view limitations resulting from storing the page headers on the AMD, if you use page header-related dimensions on a report, you must also filter report data by Operation ID. The page header-related dimensions include: Request header Request parameters (from URL) POST data POST data (raw) Request cookie in the HTTP request section Response header Response cookie in the HTTP request section If no page header-related dimensions are used, you can filter the report either by Operation ID or, provided the report interval limit is equal to or less than one hour, by User name. Pause reading data It is recommended that you set the limit of the number operations per day. The cut-off value prevents overloading the system above the limits you expect it to operate within. 158

159 Chapter 9 Initial Central Analysis Server Reporting Configuration As you change the two configuration settings, the suggested default values for the small and large website models appear. The data aggregation performed for the large website mode does not affect the accuracy of the predefined reports, but it may influence reports you create using the DMI report generation tool. The following ADS reports are not available in Large Web Site mode: Application Design Problem Overview Largest Operation Elements Most Popular Operation Elements The following ADS reports are unavailable when accessed from CAS: Load Sequence Stepchart HTTP Response by Operation Element Configuring Sites, Areas, and Regions The monitored traffic information can be organized in the way the report server sees traffic via AMDs. The hierarchy of sites, areas, and regions provides an organized view of the monitored network. A site is a term for a group of users that are located in the same IP network or group of networks sharing similar routing properties. Sites can be grouped together into areas, which in turn can be grouped together into regions. Use site definitions to help you identify IP networks. The report server enables you to use two types of sites: Manual sites Specified as explicit IP address ranges Support both IPv4 and IPv6 addresses Configured through the Site Configuration screen Automatic sites Public Internet sites based on either an IP address and a network mask or on information retrieved from the BGP routing table and AS (autonomus system) name to number mapping in the bgp.zip and asn.zip files Support only IPv4 format Configured directly in the report server database All server IP addresses that are not covered by any of the manual or automatic sites are treated as belonging to the Default Data Center. In addition, there are external sites, which are specified based on the same type of definitions as imported manual sites, but are imported from external text files rather than defined using the report server GUI. Automatically detected sites, such as sites originating from Enterprise Synthetic, can be viewed by clicking Show Detected. All of the sites listed in the column Type as Active originated from Enterprise Synthetic data. Once modified, the site type becomes Manual (user-defined). 159

160 Chapter 9 Initial Central Analysis Server Reporting Configuration NOTE Sites cannot overlap. The report server will not allow a situation where there would be addresses that match the definitions of two different sites. Adding Sites Manually Creating site definitions manually enables you to monitor specific networks that use both IPv4 and IPv6 addresses. To add a new site: 1. Open the site definition screen From the RUM Console top menu, choose Devices and Connections Manage Devices, then choose Open configuration from the context menu for your server on the Devices screen. Finally, on the Server Configuration screen, choose Sites from the menu. NOTE All manual sites defined through external files are of type External. This type of site cannot be removed or modified through the RUM Console user interface. 2. Optional: Add Areas and Regions. The sites are geographicaly situated using the Region -> Area -> Site hierarchy. Before adding a site, you need to create a region and area the site belongs to. Type in the region name, and click Add. The region name appears in the table. Click the name to move to the Areas tab. Do the same for the area, completing the process on the Sites tab. 3. Add Site. When in the Sites, type in the site name and click Add. Site names can contain spaces but cannot contain special characters such as & or *. 4. Optional: Select region and Area. You can select a region and area from the list. 5. Optional: Select the User Defined Link check box. This check box enables you to select a manually defined site as a UDL, which will make it appear on the CAS Link View reports. This is helpful if a particular link cannot be automatically detected by the monitoring device. NOTE For sites that are not defined manually, this option will not be available from the server GUI. However, you can configure any site as a user-defined link through external files. For more information, see Formatting the Site, Area, and Region Definitions in the Data Center Real User Monitoring Administration Guide. A UDL will appear in the Link View reports as soon as the first monitoring interval data collection is ready after the UDL has been defined. The report does not show any historical data. 160

161 Chapter 9 Initial Central Analysis Server Reporting Configuration If you change the configuration and clear User Defined Link for a selected site, the system will stop collecting information for that link but the UDL will still display in the Link View reports to allow access to the historical data already stored in the report server database. 6. Optional: Select the WAN Optimized Link check box. This check box enables you to select a manually defined site as a WAN optimized link. This option is not available if WAN optimized links are discovered automatically as controlled by the RTM_AUTO_WANOPT_DISCOVERY property in the Advanced Properties Editor. You can turn off the automatic detection of WAN optimized links if a particular link cannot be automatically detected as WAN optimized by the monitoring device. The WAN optimized links information is available as Client site WAN optimized and Server site WAN optimized dimensions with the plain text value Yes or No on the DMI Software service, operation, and site data and Software service, operation, and site data baselines data views. 7. Optional: Specify the User Defined Link speeds. Specify the incoming and outgoing link speeds in bits per second. 8. Specify a set of IP addresses or a range of IP addresses in the IP Addresses field. Make sure to specify each IP address or IP address range on a separate line. To define a range of IP addresses, you have to specify the starting and ending addresses in the following way: An IP address range has to be continuous. You can specify IP addresses both in IPv4 and IPv6 format and mix them within the same site. For example: :db8::4ab5 Note that you can type an IPv6 address in any of the following ways (they are equivalent): 2001:0db8:0000:0000:0000:0000:1622:35bd 2001:0db8:0:0:0:0:1622:35bd 2001:db8::1622:35bd NOTE Note that this mode of specifying IP addresses does not allow you to enter an IP address followed by a mask, as in Site_name = IP_address / IP_mask. However, using masks to specify sites is permitted when importing site definitions using the external site definition files or text fragments pasted in the site import window. For more information, see Defining Sites, Areas, and Regions Using External Text Files in the Data Center Real User Monitoring Administration Guide, Importing Site Definitions [p. 162], and Formatting the Site, Area, and Region Definitions in the Data Center Real User Monitoring Administration Guide. 9. Optional: Add a comment in the Comment field. 161

162 Chapter 9 Initial Central Analysis Server Reporting Configuration For each site, in addition to the site name, you can add a comment that is displayed on the list of sites. 10. Click OK. Importing Site Definitions Manual site definitions can be specified in the form of text fragments containing already formatted site definitions, according to the required syntax. For more information, see Formatting the Site, Area, and Region Definitions in the Data Center Real User Monitoring Administration Guide. Access the Site Configuration Import screen by doing the following: On the report server, open the Diagnostic Console by typing diagconsole in the browser Address field: Select Import Sites Hierarchy. Note that administrative rights are required to configure the site definitions. On the Site Configuration Import screen, paste the site definition text in the input window. The syntax of the imported site definitions is verified before they are added to the server configuration and any invalid definitions are rejected. To import data, enter the site definitions in the edit box in the following format: Location_name=IP_address1-IP_address2 Location_name.area=Area_name Location_name.region=Region_name The following example defines the site New England in the East Coast area of the USA region: New England= New England.area=East Coast New England.region=USA Importing the sites configuration using the RUM Console You can also import the sites configuration, you previously exported in the RUM Console using the CSV format. For more information, see Importing and Exporting Site Definitions in RUM Console in the Data Center Real User Monitoring Administration Guide. 162

163 CHAPTER 10 SAP Tiers A tier is a specific point where DC RUM collects performance data. It is a logical application layer, a representation of a fragment of your monitored environment. Front-end tiers There are three tiers on CAS that report SAP data: SAP If you have defined software services based on SAP GUI analyzers, the SAP tier will automatically be displayed on the Tiers report. This front-end tier shows measurements for traffic monitored by AMD. For more information, see Data Center Tiers in the Data Center Real User Monitoring Administration Guide. RUM sequence transactions If you have defined sequence transactions for SAP GUI monitoring, the RUM sequence transactions tier will automatically be displayed on Tiers in the Client tiers section. For more information, see Solution-Specific Tiers in the Data Center Real User Monitoring Administration Guide. Middleware Data for software services based on SAP RFC analyzers will displayed on the Middleware tier. For more information, see Data Center Tiers in the Data Center Real User Monitoring Administration Guide. Network tiers If you have configured sites on the CAS or if sites have been configured automatically, the Client network and Network tiers will automatically be displayed on the Tiers report. By default, the Client network tier shows traffic for all sites except the All other site and the Network tier shows traffic for the All other site only.for more information, see Network Tiers [p. 164]. Back-end tiers Apart from SAP applications related tiers you can use other tiers to monitor SAP back-end performance. If you have defined software services based on database analyzers, the Database 163

164 Chapter 10 SAP Tiers tier will automatically be displayed on the Tiers report. This tier shows measurements for database traffic monitored by AMD. Network Tiers If you have configured sites on the CAS or if sites have been configured automatically, the Client network and Network tiers will automatically be displayed on the Tiers report. By default, the Client network tier shows traffic for all sites except the All other site and the Network tier shows traffic for the All other site only. Figure 24. Client Traffic and Data Center Traffic Site 1 Data center Site 2 Site 3 Client network (WAN) Network (LAN) If you suspect that the All other site may include client traffic, you should modify the default configuration of the Client network and Network tiers. For more information, see Modifying a Network Tier [p. 165]. When the All Other Site Includes Client Traffic The following are examples of when the All other site may include client traffic: 1. The assignment of clients to sites is imprecise. This may happen when you are not sure whether all client locations were assigned to the appropriate sites. 2. Sites were configured automatically based on either AS names or CIDR blocks, where a block is defined by an IP address and a network mask. In either case, modify the Client network and Network tier definitions. Follow these steps to configure the network tiers so that they are used as designed: 1. Create a new Data center site and specify a set of IP addresses or a range of IP addresses corresponding to your data center. 2. Modify a Client network tier definition. a. Remove the rule that excludes the All other site. 164

165 Chapter 10 SAP Tiers b. Add a rule that excludes the Data center site. 3. Modify a Network tier definition. a. Remove the rule that includes the All other site. b. Add a rule that includes the Data center site. The Network tier now shows the data center traffic and the Client network tier now shows the traffic for the client sites. For more information, see Modifying a Network Tier [p. 165]. Modifying a Network Tier To modify a network tier: 1. Select a tier in the Network tiers section. 2. In the Rules for this tier section: Click Add rule to define a new rule. For more information, see Adding a Rule Based on Sites [p. 165]. Select a rule and change its definition by selecting other region, area, or site in the designated fields. Select a rule and click Delete rule to delete that rule from the tier definition. Adding a Rule Based on Sites In the Rules for this tier section: 1. Select Client network or Network tier. 2. Select a region, area, or site to add it to the rule. Select Exclude to exclude a particular region, area, or site from a tier definition. 165

166 Chapter 10 SAP Tiers 166

167 CHAPTER 11 Central Analysis Server Reporting Hierarchy for SAP In addition to manual monitoring configuration, you can also import and modify the reporting hierarchy specific for your application from an external CSV file and then map it to the Dynatrace reporting hierarchy. By default mapping definitions for SAP GUI analyzers are already part of Data Center Real User Monitoring installation. They are uploaded to Central Analysis Server immediately after it is added to RUM Console (provided you add a freshly installed CAS). Hierarchy definitions uploaded by RUM Console always take precedence over the configuration existing on the report server. Monitoring data provided by Agentless Monitoring Device does not contain information on SAP GUI application structure (task types and application modules). A default Data Center Real User Monitoring installation contains a predefined set of T-Code groupings most commonly used by SAP GUI installations. Every time you add a newly installed CAS to RUM Console hierarchy mappings are added to the report server. If the provided mappings do not comply with your SAP implementation you can create your own groupings. Later T-Code group associations can be used to configure applications and transactions to apply business perspective above the technical details of monitored data. Table 4. SAP and Data Center Real User Monitoring hierarchy levels comparison. SAP GUI Data Center Real User Monitoring T-code Operation T-code description Task Reporting hierarchy for software services based on SAP RFC analyzers can be configured using the RUM Console configuration options for SAP RFC operations. For more information, see Configuring Rules for SAP RFC Monitoring [p. 61]. Next steps Depending on your needs, mapping of the application-specific hierarchy to Dynatrace reporting hierarchy can be a one or three stage procedure. 167

168 Chapter 11 Central Analysis Server Reporting Hierarchy for SAP To import an external hierarchy definition, see Importing and Modifying the SAP Reporting Hierarchy in RUM Console [p. 171]. To modify an existing hierarchy definition, see Modifying the Reporting Hierarchy in RUM Console [p. 172]. To learn more about the multi-level reporting hierarchy on Central Analysis Server, see Multi-Level Hierarchy Reporting in the Data Center Real User Monitoring Central Analysis Server User Guide. Preparing SAP Reporting Hierarchy Table on SAP Solution Manager The SAP reporting hierarchy is imported from a configuration file that can be generated on the SAP Solution Manager. In this way, the Data Center Real User Monitoring reporting hierarchy can be tightly coupled with the SAP application business hierarchy. The mapping of T-Codes to hierarchy levels enables easier application and transaction configuration. The following procedure is for your orientation only. To obtain information on SAP Solution Manager details, refer to your SAP software documentation. To export a SAP hierarchy using SAP Solution Manager: 1. Access Business Blueprint - Transactions. Select Analysis Project Business Blueprint Assignments Transactions. 2. Select projects. You can select one or more project. Select a single project. 168

169 Chapter 11 Central Analysis Server Reporting Hierarchy for SAP Select more than one projects. On the Business Blueprint - Transactions screen click Selection for Project. icon to open Multiple On the Select Single Values tab, in each line add a required project. Then confirm your changes. 3. Click Execute. 4. Complete export procedure. Click Tabular View to display hierarchy on the screen. 169

170 Chapter 11 Central Analysis Server Reporting Hierarchy for SAP Export to Microsoft Excel format. 5. Convert Microsoft Excel format to CSV (Comma Separated Values). Open the file in Excel and add heading section. The report server expects the heading to contain the following columns: Object, Level5, Level6, Level3, Level2, Node Type 6. Save the CSV on disk. What to Do Next Provide the exported CSV file to the report server using RUM Console. For more information, see Importing and Modifying the SAP Reporting Hierarchy in RUM Console [p. 171]. 170

171 Chapter 11 Central Analysis Server Reporting Hierarchy for SAP Importing and Modifying the SAP Reporting Hierarchy in RUM Console Default installations of Data Center Real User Monitoring are already capable of displaying SAP hierarchy levels mapped to the reporting hierarchy. You may want to override these settings, especially when your SAP installation uses a locale other than English. When the Data Center Real User Monitoring hierarchy mapping does not match your environment, you should use the RUM Console to import the hierarchy exported from SAP. After your definitions are imported you are able to modify these mappings further. Before You Begin Before starting the import procedure, you should be familiar with the Dynatrace reporting hierarchy concept as described in Multi-Level Hierarchy Reporting in the Data Center Real User Monitoring Central Analysis Server User Guide. Importing external hierarchy definition to RUM Console 1. Start and log on to RUM Console. 2. Choose Service, module and task assignments from the top Reporting Configuration menu. 3. Select the existing entry for SAP analyzer group and click Edit. It opens the Reporting Hierarchy pop-up window with preview of the default hierarchy assignments. 4. Click Modify Hierarchy to start modifying assignments. 5. Browse for the file containing the reporting hierarchy of your application. The file must be in CSV format. 6. Select the delimiter type. 7. Click Import to import the hierarchy. 8. Click Next to proceed to mapping of the hierarchy. On the screen you will see a preview of the imported file (10 rows) and a table where you map table headers from the file with operations, tasks, modules and services. Modifying hierarchy definition on RUM Console 9. To map a specific column to a given hierarchy level, click the New Mapping table cell for that level and select the column from a list. Always select a single T-Code as the Object (operation name) level. The columns that are not mapped to any level will not be included in the CAS configuration. You cannot map a column to a level higher in the hierarchy without mapping any to the lower levels. For example, you cannot leave an operation level unassigned and map a column to the task level. If there is no named entity for a given level, it appears in the All other aggregate on the CAS reports. 171

172 Chapter 11 Central Analysis Server Reporting Hierarchy for SAP You don't need to map all the levels of the hierarchy; you can map any number of levels starting from the lowest (operation) level. 10. Click Next to review the results of the configuration. 11. Click Finish to complete the import. What to Do Next You can always edit the reporting hierarchy. To do so, in the RUM Console, select Service, module and task assignments from the top Reporting Configuration menu. Click a specific record, and choose Edit. A pop-up window appears, allowing you to preview the existing hierarchy, modify it, and change the update settings. Modifying the Reporting Hierarchy in RUM Console You can edit the imported reporting hierarchy by importing it again from a file and changing the mapping. To modify the imported hierarchy: 1. Start and log on to RUM Console. 2. Select Reporting Configuration Service, module and task assignments from the top menu. 3. In the reporting hierarchy table, right-click the row corresponding to the hierarchy to edit and select Edit from the context menu. The Reporting Hierarchy pop-up window appears. 4. Click Modify Hierarchy. Note that when you are modifying the existing hierarchy, you cannot change the Analyzer or the Software Service defined during the first import procedure. The new mappings will automatically be suggested to you based on the structures of currently and previously imported files. 5. Browse for the file containing the reporting hierarchy of your application. The file has to be in CSV format. 6. Select the delimiter type. 7. Click Import to import the hierarchy. 8. Click Next to proceed to mapping of the hierarchy. On the screen there is a preview of the imported file (10 rows) and a table where you map table headers from the file with operations, tasks, modules, and services. 9. To map a specific column to a given hierarchy level, click the New Mapping table cell for that level and select the column from a list. One application hierarchy level can only be mapped to one DC RUM level. Mapping definitions for the operation name and task name levels are obligatory. The task step level is optional. If you define mapping for a specific DC RUM level, you also have to provide mappings for all of its parent levels in the DC RUM hierarchy tree. 172

173 Chapter 11 Central Analysis Server Reporting Hierarchy for SAP The columns that are not mapped to any level will not be included in CAS configuration. If there is no named entity for a given level, it appears as an All other aggregate on the CAS reports. 10. Click Next and review the results of the configuration. 11. Click Next to define the automatic import settings. The automated reporting hierarchy import directory is located in the RUM Console installation directory in \cva\eclipse\workspace\configuration\vas\import\hierarchy. The directory is periodically scanned for changes and the automatic import of a hierarchy file is initiated if any change in the modification date is observed or a new file with the name matching any of names declared in reporting hierarchy definitions is detected. The file format, CSV file delimiting character, and, for the SAP reporting hierarchy, the SAP hierarchy node types are those you specified in the edited reporting hierarchy configuration. If the current mapping contains application-specific hierarchy levels with identical names, or duplicated column names are detected in the imported file, the import operation is successful only if the required levels are found in the same positions (columns) as in the last manually imported file. If all currently mapped application-specific hierarchy level names are unique and the imported file also does not contain duplicate column names, the required levels can be in different positions (columns) than those in the last manually imported file. 12. Click Finish. The modified reporting hierarchy is automatically published on the master CAS. Upgrading the SAP GUI Reporting Hierarchy in RUM Console A freshly installed RUM Console uses simplified default hierarchy definitions for SAP, with just two hierarchy levels: Operation Name and Task Name. An upgraded RUM Console, however, retains the SAP hierarchy definitions and mappings you were using in the earlier release of the RUM Console. If you would like to upgrade your SAP hierarchy definitions to the new simplified version, you must manually import the new hierarchy file. The new SAP hierarchy file (sap-hierarchy-default.txt) is located in the \cva\eclipse\data\configuration\vas\defaults\hierarchy\ folder of your upgraded RUM Console installation directory. To use the new SAP hierarchy definitions you must modify the reporting hierarchy and import the new hierarchy mappings from a tab delimited file: 1. Start and log on to RUM Console. 2. Choose Service, module and task assignments from the top Reporting Configuration menu. 3. Select the existing entry for SAP analyzer group and click Edit. 173

174 Chapter 11 Central Analysis Server Reporting Hierarchy for SAP It opens the Reporting Hierarchy pop-up window with preview of the default hierarchy assignments. 4. Click Modify Hierarchy to start modifying assignments. 5. Browse for the sap-hierarchy-default.txt file in C:\<install_dir>\cva\eclipse\data\configuration\vas\defaults\hierarchy\. The file is in CSV format. 6. Select the Tab delimiter type. 7. Click Import to import the hierarchy. 8. Click Next to proceed to mapping of the hierarchy. On the screen you will see a preview of the imported file (10 rows) and a table where you map table headers from the file with operations, tasks, modules and services. 9. To map a specific column to a given hierarchy level, click the New Mapping table cell for that level and select the column from a list. Always select a single T-Code as the Object (operation name) level. The columns that are not mapped to any level will not be included in the CAS configuration. You cannot map a column to a level higher in the hierarchy without mapping any to the lower levels. For example, you cannot leave an operation level unassigned and map a column to the task level. If there is no named entity for a given level, it appears in the All other aggregate on the CAS reports. You don't need to map all the levels of the hierarchy; you can map any number of levels starting from the lowest (operation) level. 10. Click Next to review the results of the configuration. 11. Click Finish to complete the import. Upgrade of SAP GUI-Related Definitions Based on Reporting Hierarchy The current release redefines the meaning of operation for SAP GUI reporting. The AMD reports T-Codes with operation statuses (UI status in default configurations) and this pair constitutes a single operation reported by the CAS. In practice, this means that the number of operations reported by the CAS is increased since the generalization derived from reporting only a T-Code no longer exists. Operation status reporting is part of the AMD configuration. Note that the enhanced operation reporting is possible only when you upgrade all DC RUM components (the AMD, the CAS, the ADS, and the RUM Console). For an existing DC RUM installation, more detailed operation reporting means that upon upgrade you must either fine tune or change configuration settings. The most vulnerable reporting mechanisms are alerts and applications. You may also need to review also the differences in technical hierarchy. 174

175 Chapter 11 Central Analysis Server Reporting Hierarchy for SAP Table 5. Differences between older and current releases with regard to report server hierarchies and alert system Reporting mechanism Technical hierarchy In current release Reports: operation (a T-Code with operation status) or a T-Code for all levels above operation (that is, task, module and service). Hierarchy import: a T-Code In previous releases A T-Code Business hierarchy Operation (a T-Code with operation status) A T-Code Alerts T-Code or operation (a T-Code with operation status) A T-Code Transactions Previous configurations whose rules were based only on a T-Code will not work in the current release. Transaction rules based on an operation level always consist of T-Code and operation status. If your transactions have been created on an operation level in previous releases, you can modify your existing definitions in two ways: Use operation masks instead of operations (T-Codes). In this case, you need to change the Type to Operation mask and append the asterisk symbol ( * ) to each T-Code. Use higher reporting hierarchy levels instead of T-Codes. In this case, you need to change the Type to Task, Module, or Service, and to select the required entity. Each of these changes can be deployed on the CAS before or after the upgrade. The decision whether to make rule modifications depends on your needs and environment characteristics. Remember that the new data model is available immediately after the upgrade. The upgraded AMD sends operations and operation statuses, the CAS processes this data, and all mechanisms (such as business hierarchy) process the enhanced operation names. Figure 25. Creating a new transaction rule based on a T-Code (before upgrade) 175

176 Chapter 11 Central Analysis Server Reporting Hierarchy for SAP Figure 26. Creating a new transaction rule based on a T-Code and operation status (after upgrade) Historical data (already existing in the report server database) is not affected by the redefinition of a SAP GUI operation. When using reports on a report server containing data collected before and after the upgrade, you will see differences in operation aggregation and reporting. The borderline is the date of the upgrade. Alerts Alert configuration can be based on a single T-Code as an operation or T-Code with operation status. Alert detector, in the case of SAP GUI monitoring, will work regardless if you enter entire operation name (T-Code plus operation status) or just a single T-Code. Note that in previous versions operation was equal to a T-Code (operation statuses were unavailable). Current release changes the meaning of operation allowing you to understand user actions based on more information that a single T-Code. IMPORTANT When considering alerts and upgrading DC RUM, you need to be aware that what was reported as a single operation (T-Code) now means more operations and different operation counters. The overall counter of operations that were previously seen as a T-Code increases and your alert rules based on counters need to be increased or decreased depending on your needs. A recommended approach is to first observe what happens after the upgrade to establish what is normal. With the norm defined, you should be able to define conditions for detecting anomalies. Example 14. Alert rule based on a greater than condition Alert settings: Detection settings based on a particular T-Code, S000 Metric condition set to raise alert when the number of operations exceeded a defined threshold, 20 instances. 176

177 Chapter 11 Central Analysis Server Reporting Hierarchy for SAP Before the upgrade The alert is triggered when the number of specified operations, T-Code S000, exceeds the value of 20. Each S000 T-Code instance is counted and, after the counter reaches 20, an alert is raised. After the upgrade Without changing the rules, the alert is either never or extremely rarely raised. T-Codes are counted together with statuses (for example, S , S000 EXP1, and S000 MAIN100). Each operation (combination of T-Code and status) has its own counter, and the alert detector uses this counter to generate alerts about anomalies. To preserve sensible alert configuration, you need to either adjust the operation count condition or include all operations (T-Code plus operation status) that apply to your expected configuration. Example 15. Alert rule based on a less than condition Alert settings: Detection settings based on a particular T-Code, S000 Metric condition set to raise alert when the number of operations is lower than a defined threshold, 20 instances (you typically have more than 20 operations of this type in a day). 177

178 Chapter 11 Central Analysis Server Reporting Hierarchy for SAP Before the upgrade The alert is triggered whenever the number of specified operations, T-Code, S000, is lower than the value of 20. Each S000 T-Code instance is counted and if the counter does not reach the value of 20 an alert is raised. After the upgrade The alert is triggered more often than you actually intended to see. All operations consisting of T-Code S000 regardless of their operation status match the definition. For example, operations S , S000 EXP1, S000 MAIN100 increase the operation counter and the detector assumes the number of operations is always above the threshold. To preserve sensible alert configuration in this case, you can either change the dimension filters set as part of detection settings or alter monitored metric condition. It is suggested to first use T-Code and operation status as dimension filters, choosing the most important ones and then to set matching monitored metric conditions. 178

179 CHAPTER 12 SAP Traffic on CAS Reports CAS reports available from the Reports menu enable you to see a complete view of your SAP applications performance. Each application can be divided into layers (tiers). CAS reports present this division with measurements originating from different sources: synthetic agents and passive monitoring devices. CAS reports that present SAP data include: EUE Overview Reports Showing an overview of many types of measurements collected by CAS from various sources. For more information, see EUE Overview Reports [p. 180]. Top N View Report Showing the most used and the worst performing software services and sites. For more information, see Top N View Report in the Data Center Real User Monitoring Central Analysis Server User Guide. Software Services Report Showing statistics for traffic monitored by different analyzers. For more information, see Software Services Report in the Data Center Real User Monitoring Central Analysis Server User Guide. Network Analysis Reports Showing a network view of the traffic. For more information, see Network Analysis Reports [p. 181]. User Activity Reports Showing information on user activity for a selected period of time. For more information, see User Activity Report in the Data Center Real User Monitoring Central Analysis Server User Guide. The reports are based on DMI. You can customize these reports by clicking Edit report in the Actions list to display a page containing all the data views on which the reports are based. For more information on how to use DMI, refer to the Data Mining Interface (DMI) User Guide, which you can access from Help Books Data Mining Interface User Guide. 179

180 Chapter 12 SAP Traffic on CAS Reports EUE Overview Reports EUE Overview reports provide a complete view of your monitored environment and application performance. These reports show data collected by CAS from various sources (Enterprise Synthetic and DC RUM). The EUE Overview report workflow consists of two main parts: Business hierarchy, which shows the monitored data organized into applications, transactions, and sites. Technical hierarchy, which shows the monitored data technically divided into software services, servers, and operations. Use the business hierarchy to drill down through three levels of reports, starting from the overall view of applications. A separate path leads through applications to transactions filtered for a selected site. Each report has a high-resolution equivalent that shows data with finer granularity. Three drilldown links are available from each CAS report in the EUE Overview report workflow: From the first column on the report to Metric Charts reports. From the Unique and affected users (performance) column to the All Users report. From the Errors or TCP errors column to the Errors report. Tiers are the links between the business hierarchy and the technical hierarchy. For more information, see Multi-Tier Reporting in the Data Center Real User Monitoring Central Analysis Server User Guide. 180

181 Chapter 12 SAP Traffic on CAS Reports Figure 29. Overview of the Report Workflow Level 1 Business Hierarchy Applications Tiers Sites Operation Level 2 Tiers for Application Transactions for Application Sites for Application Level 3 Applications for Site Tiers for Transaction Sites for Transaction Transactions for Site Software services Technical Hierarchy Software Services Servers Operations Sites Multi-level reporting hierarchy Services Modules Tasks Operations Locations Regions Areas Sites Network Analysis Reports The reports grouped in the Reports Network Analysis menu provide a network view of the traffic. They show a picture of the monitored network operation and highlight potential problems in the network, including excessive RTT or loss rate. The Network Analysis reports show metrics for all the detected or defined regions, areas, and sites and for all analyzed software services. They help you to quickly troubleshoot software service or network performance problems by answering these questions: 181

182 Chapter 12 SAP Traffic on CAS Reports Who (which clients and servers) is sending what data? Which software services are competing for network resources? When was the software service used? Where is the troublesome software service traffic flowing through the network? Why is the software service performing poorly? How much data (bytes) is being sent/received? A healthy network is necessary as a platform for the IT applications that support key business services. The Network Analysis reports deliver metrics on the performance levels of various software services across the network. They help you find and eliminate performance problems before they affect end users. They help you to identify the business impact of the performance problem and to plan for the growth of network infrastructure by showing network performance trends for critical software services with respect to traffic load and loss rate baselines. 182

183 PART V Advanced Configuration in SAP Monitoring

184

185 CHAPTER 13 AMD General Configuration Settings For any given AMD, you can set a variety of options such as time thresholds. The general settings affect monitoring of software services, but they can be overridden by specific settings for a particular analyzer or software service. To define the general settings for an AMD: 1. Start and log on to RUM Console. 2. Select Devices and Connections Manage Devices from the top menu, to display the current device list. 3. Select Open Configuration from the context menu for an AMD. The AMD Configuration window appears. 4. Click Edit as Draft to set your configuration to draft mode (if you are not in draft mode already). 5. Select Configuration Global General to access the list of general configuration settings. While some of the options control only general AMD behavior, some options in the Advanced group affect more specific configurations in application monitoring. For example, if Inherit from global settings is selected in your other configurations while configuring user-defined software services, the global setting takes precedence over the specific monitoring configuration. Configuration options include: Monitoring interval The monitoring interval in minutes. Increasing this value reduces the number of chunks of data that need to be transferred and processed. Default: 5 minutes. Operation time threshold The number of seconds after which an operation is considered to be slow. The global threshold value depends on the analyzer. This threshold is used by the following analyzers: Cerner Cerner over MQ 185

186 Chapter 13 AMD General Configuration Settings Epic Generic with transactions HTTP MS Exchange over HTTP MS Exchange over HTTPS Oracle Applications over HTTP Oracle Applications over HTTPS SAP GUI SAP RFC SAP GUI over HTTP SAP GUI over HTTPS SMTP SSL SSL Decrypted Server time threshold The Server time threshold relates to the server time portion of an overall operation time. Server times above the threshold limit are considered to be slow due to poor datacenter performance. This threshold is used by the following analyzers: HTTP SAP GUI over HTTP SAP GUI over HTTPS IP address of the server authorized to set AMD time The IP address of the report server that has the authority to synchronize the time with this AMD. In an environment with a number of servers sharing the same AMD, it is good practice to designate only one of these servers as a time synchronization server to make changes to AMD settings. Otherwise, the server used for time synchronization will change inadvertently every time you save an AMD configuration. Default analyzer The default setting for the TCP analyzer is Generic (with transactions). To change it, select another analyzer from the list. Client RST packet timeout to mark session as CLOSED If the time between the last ACK for data sent by the server and an RST packet sent by the client is greater than this value, the session is treated as closed instead of aborted. Huge packet size The upper size limit, in bytes, of an HTTP request to be processed successfully by the AMD. Maximum packet size The AMD is capable of processing packets of up to bytes, besides the Ethernet standard MTU (Maximum Transmission Unit) of 1536 bytes. 186

187 Chapter 13 AMD General Configuration Settings Choose one of the predefined values (2048, 4096, 8192, or bytes) to enable the AMD to process non-standard MTU packets. When you have chosen the Maximum packet size value, make sure that you also set the Huge packet size to an applicable value. Enabling theamd to process nonstandard MTU packets without extending RAM on the machine and leaving Packet buffer size (64-bit AMDs only) and Data memory limit unchanged can cause an excessive packet loss. To avoid this, extend RAM and configure its usage as recommended in the tables below. For more information, see Setting Packet Buffer Size in the Data Center Real User Monitoring Agentless Monitoring Device Installation Guide and Setting Data Memory Limit in the Data Center Real User Monitoring Agentless Monitoring Device Installation Guide. NOTE Do not enable the processing of large packets for a Small AMD. These devices are not designed to process larger packets. For more information, see Small AMD in the Data Center Real User Monitoring Agentless Monitoring Device Installation Guide. Table 6. Recommended RAM Configuration for Maximum Packet Size Values for AMDs Maximum packet size 8192 B or less 8192 B B Recommended RAM size for 64-bit platforms 64 GB 96 GB 128 GB Deduplication method You can choose one of four methods for eliminating duplicate packets: Based on TCP checksum and IP ID Using this method, duplicate packets are detected based on their TCP checksum and IP ID. Based on TCP checksum and IP ID (excluded SEQ and ACK numbers) Using this more complex, two-stage method, duplicate packets are detected based on a modified packet KCP checksum (SEQ and ACK numbers are excluded) and IP ID. This method is useful if the AMD captures packets on various interfaces of the router, rewriting SEQ and ACK numbers. A packet is considered a duplicate when the modified checksum, IP ID, and SEQ and ACK numbers are identical. First, a packet checksum with SEQ and ACK numbers is created and compared to the packets stored in the detection buffer. If the comparison indicates that the packet is not a duplicate, it is checked to determine whether it matches the current session. A packet matches the current session when its SEQ and ACK numbers are different from processed and cached numbers by the value defined in TCP duplicate window. If the difference exceeds the defined value, the AMD assumes 187

188 Chapter 13 AMD General Configuration Settings the ACK and SEQ numbers were rewritten by the router and the packet is considered a duplicate. TCP checksum, IP ID and MAC address (excluded SEQ and ACK) Using this method, the deduplication process is similar to the one based on TCP checksum and IP ID (excluded SEQ and ACK numbers), but in addition to TCP checksum and IP ID, the source/destination MAC addresses are also taken into account for the calculation. TCP checksum, IP ID and MAC address Using this method, duplicate packets are identified based on their TCP checksum, IP ID and source/destination MAC addresses. TCP duplicate window This setting is useful only if Deduplication method is set to Based on TCP checksum with excluded SEQ and ACK numbers. It is used for determining whether a packet, based on its SEQ and ACK numbers, belongs in the session. If a packet's SEQ and ACK numbers differ from the current session's SEQ and ACK numbers by a value larger than TCP duplicate window, the packet is considered a duplicate. Default: Packet buffer size The number of packets to keep in the buffer for use as a basis for comparison in duplicate packet detection. Newly captured packets are sequentially compared to the packets in the buffer. A newly captured non-duplicate packet (all packets in the buffer are unique) is placed on the top of the stack and the oldest is removed. Range: 6 to 24 packets. Default: 16. Reset duplicate detection time threshold Time of inactivity (in seconds) after which the duplicate packets elimination mechanism is reset. If Deduplication method is set to Based on TCP checksum with excluded SEQ and ACK numbers or TCP checksum, IP ID and MAC address (excluded SEQ and ACK), and the Reset duplicate detection time threshold should be greater than every response generation time (server time). 6. Publish the draft configuration on the monitoring device. 188

189 CHAPTER 14 Configuring Operation-Related Global Settings The operation-related global settings enable you to define options that apply to all monitored operations. These settings take precedence over the options defined for individual operations. 1. Start and log on to RUM Console. 2. Select Devices and Connections Manage Devices from the top menu, to display the current device list. 3. Select Open Configuration from the context menu for an AMD. The AMD Configuration window appears. 4. Select Configuration Global Operations to display the general configuration settings. The options are: Operation load time threshold The number of seconds after which an operation is considered slow. You can set this value with a precision of one ten-thousandth of a second. Default: seconds. The threshold is used by following analyzers: IBM over MQ Jolt MS Exchange Oracle Forms over HTTP Oracle Forms over HTTPS Oracle Forms over SSL Oracle Forms over TCP SOAP over HTTP SOAP over HTTPS XML XML over HTTP XML over HTTPS XML over MQ XML over SSL 189

190 Chapter 14 Configuring Operation-Related Global Settings Max. operation duration The maximum number of seconds an operation can take. You can set this value with a precision of one ten-thousandth of a second. Default: 3600 seconds (1 hour). User abort threshold The minimum number of seconds between the beginning of a hit and TCP reset to count it as a user abort. Default: seconds. (You can set this value with a precision of one ten-thousandth of a second.) ADS data generation settings The options in the ADS data generation settings section can be used to handle various types of standalone hits, which are hits that cannot be automatically assigned to operations because the reference information, such as correlating response, defined or auto-learned URL, no authorization, or orphaned redirects, is missing. By default, most standalone hits are not taken into account when generating operations data. Report data without monitored URL Select this option to report data for hits without a URL that has been explicitly defined in user-defined services or recorded through auto-learning. Report standalone hits without monitored URL Select this option to report data for standalone hits that at the same time do not refer to a monitored URL, as in Report data without monitored URL. Standalone hits are hits without a response header, unauthorized hits, orphaned redirects, or other hits missing the reference context. Report hits without response header Select this option to report data for discarded hits (hits without a correlating response header). Report hits not added to any operation Select this option to report data for other standalone hits caused by factors not covered by other options of this section. Report unauthorized hits Select this option to report data for hits with rejected authentication. Report orphaned redirects Select this option to report data for redirects to sites that are not being monitored or are not visible and therefore appear as orphaned redirects. Report filtered data This is a diagnostics option. When configuring content type monitoring, you can filter out pages based on the content of the URL. For more information, see Monitoring of Non-HTML Objects Based on Content Type in the Data Center Real User Monitoring Web Application Monitoring User Guide. If you select this option, the filtered out pages are not reported, but are saved in the AMD data files. 190

191 Chapter 14 Configuring Operation-Related Global Settings Ignored clients A list of clients for which TCP setup time are ignored and all operations start from the request packet. Right-click the list to open a menu of command options: Add, Edit, or Delete. 5. Save or publish the configuration. Click Save to save your changes and continue with configuration. Click Save and Publish to immediately update the devices configuration. 6. Close the AMD Configuration window. 191

192 Chapter 14 Configuring Operation-Related Global Settings 192

193 CHAPTER 15 Monitoring SAP GUI Sequence Transactions You can manage the sequence transactions (operation sequences) that are defined on an individual AMD or manage each transaction that is monitored by a group of AMDs. Viewing All Defined Sequence Transactions To view all transactions, select Reporting Configuration Sequence Transactions from the console top menu. Click in the Sequenced Transactions list and then type the first letters of a sequenced transaction name to find a sequenced transaction whose name matches what you have typed. Click the magnifying glass icon or press [Ctrl+F] to open a search box to limit the table view to only those rows that contain a match (in any column) to the search string. For each transaction, the following information is shown: Sequence Transaction Name The name of a transaction. Application The application that includes the listed transaction. Type The protocol used to define the listed transaction: ASYNC-HTTP, CERNER, CERNER-RTMS, HTTP, OF, SAP GUI, SQL or XML. Packaged Applications Whether the listed transaction is a packaged application whose transactions are recognized by the report server automatically. When you select a transaction by clicking it once, you can see the list of AMDs that monitor this transaction. Viewing Sequence Transactions Defined on an Individual AMD To view the defined transactions monitored by a single AMD, select Devices and Connections Manage Devices from the console top menu. Next, select Open configuration from the context menu for the AMD to access the AMD Configuration screen. Finally, select Configuration Sequence Transactions. 193

194 Chapter 15 Monitoring SAP GUI Sequence Transactions The main Sequence Transactions table lists all of the currently defined transactions and their details: Sequence Transaction Name The name of a transaction. Application Name The application that includes the listed transaction. Type The protocol used to define the listed transaction. Steps The number of individual operations involved in the listed transaction. Priority The priority of the transaction. Possible values are 1 (highest priority), 2, and 3. Timeout The maximum time for the transaction to complete. Packaged Applications Identifies whether the listed transaction is a packaged application whose transactions are recognized by the report server automatically. Viewing Sequence Transaction Details On the Sequence Transactions screen, select Edit from the Actions menu for a given transaction to open the Edit Transaction window and examine the steps that make up the transaction. The listed details are as follow: Name, Application, Description: Timeout [s], Slow after [ms], Priority URL, Timeout, Repetition. Managing Existing Sequence Transactions To manage all of the defined transactions, use the Sequence Transactions screen. To create new transactions, click Add Sequence Transaction. The Create Sequence Transaction screen appears, where you can select the AMD devices that will monitor this new transaction. To delete a transaction, select the check box for the transaction and click Delete. NOTE If the transaction you are deleting is monitored by more than one AMD, a new draft configuration must be published to all of the affected AMDs. To edit a transaction, from the Actions context menu for the transaction, select Edit. To copy a transaction to another device, from the Actions context menu for the transaction, select Copy. 194

195 Adding SAP GUI Sequence Transactions You can add a sequence transaction to an individual AMD using the AMD Configuration window. To define a new transaction for a single AMD: 1. In the RUM Console, select Reporting Configuration Sequence Transactions. 2. Click Add Sequence Transaction. The Create Sequence Transaction pop-up window appears. 3. Enter the application and transaction names and a description. If you have configured the Dynatrace connection, click Browse to select a predefined application and a specific transaction within this application. For more information, see Configuring the BSM Connection in RUM Console in the Data Center Real User Monitoring Administration Guide. 4. From the Type list, choose SAP GUI. 5. Select the devices that will monitor the transaction. When you publish the new configuration, it is only applied to these devices. 6. Click OK. On the screen, specify the configuration details for the transaction. 7. Enter the application and transaction names and a description. If you have configured the Dynatrace connection, click Browse to select a predefined application and a specific transaction within this application. For more information, see Configuring the BSM Connection in RUM Console in the Data Center Real User Monitoring Administration Guide. 8. Provide the timing and priority values: Timeout [s] The maximum time for the transaction to complete. Transactions must complete in this time to be logged as successful transactions. Slow after [ms] If the transaction execution time exceeds this value, the transaction is classified as slow. Specify this threshold in seconds, for example: 500. Chapter 15 Monitoring SAP GUI Sequence Transactions Priority Determines which transaction is recorded if two or more transaction definitions match the transaction detected in the monitored traffic. The valid priority values are 1 (highest priority), 2, and 3. A multiple transaction match can happen if, for example, you first create a generic transaction definition that can match a number of more specific transactions and then you create another transaction definition that matches a particular sub-type of that generic transaction type. If an observed transaction is found to match the latter definition, it also matches the first (more generic) definition, and the system will need to determine under which transaction name to record the observed transaction instance. By increasing the priority of the second, more specific definition, you can count the 195

196 Chapter 15 Monitoring SAP GUI Sequence Transactions occurrences of this particular transaction sub-type, which are then not counted in the statistics for the generic transaction type. So you can use this feature to increase the priority of specific customized transaction definitions that should take precedence over more generic transaction templates. 9. Specify SAP GUI operations comprising the transaction steps. To maintain the sequence of these operations, use the navigation buttons on the right. Using the wildcard character *, you can signify any number of any characters. For more information, see Using Wildcards in URLs in the Data Center Real User Monitoring Web Application Monitoring User Guide. You can Add, Delete, Move Up, Move Down, or Copy the defined steps by selecting the step and clicking one of these actions. You can also make changes in the table itself: click in any of the column cells to edit the values. 10. Click OK to add your transaction definition to a draft configuration. 11. On the Sequence Transactions screen, click Publish Configuration. What to Do Next You can also add a transaction using the Sequence Transaction Inspector. For more information, see Monitoring Sequence Transactions in the Data Center Real User Monitoring Web Application Monitoring User Guide. Filters and Transaction Inspector for SAP GUI Sequence Transactions The Sequence Transaction Inspector enables you to select individual steps and construct your own transactions from live SAP traffic or historical data. The Transaction Inspector consists of two main areas: the Filters and the Transaction Inspector itself. Filters Sequence transactions can be defined manually by entering each step, however, the Filter enables you to examine Current Stream or Recent Data and select the detected steps to build a transaction. The transaction filter consists of two tabs: Data Filter The Data Filter tab enables you to define your filter by selecting the source and range of data to be filtered. From the list, you can select the report server and create a user filter. Select User Name or User IP Address and either enter the data manually or click Browse to open the Select User window, where you can select the user identified in transaction traffic by the report server. You can highlight or search for the specific user or user IP address and filter the search query based on any of the columns in the transactions table. 196

197 Chapter 15 Monitoring SAP GUI Sequence Transactions After the user or user IP address is selected, you can choose to either extract transactions from a Current Stream that is being monitored, or from Recent Data stored on the report server. The Recent Data option requires you to provide a Begin and End date for the time range to be processed. NOTE In the case of HTTP asynchronous transactions, you can only extract transactions from Recent Data and you cannot apply the user filters. Result Filter The Result Filter tab consists of a find field, a transaction detail field, and an interactive legend to filter transactions that have been classified as: Table 7. Result Filter Color Guide The transaction was recognized and matched with the transaction currently being defined. One or more steps One or more steps A Step or a SAP Excluded SAP in the transaction in the transaction GUI operation was GUI operations currently being for which SAP recognized as an which did not defined were not GUI error already defined match any completed. occurred. and saved definition. transaction definition. By selecting and clearing the corresponding check boxes, you can filter the SAP GUI operations from the data source. The color coding of the steps is based on your current transaction definition in the Sequence Transaction Definition area. To view the results and allow the filter to receive data, click the icon. While viewing the data in Sequence Transaction Inspector, at any time you can force the data to be recalculated using your current transaction definition by pressing the icon or stop the filter by pressing the icon. All three icons are located on the right side within the Filters area. Sequence Transaction Inspector Sequence Transaction Inspector consists of two tables that display the Operations and Sequence Transactions detected in data source defined in Filters section. The Sequence Transaction Inspector enables you to select one or a number of detected steps and add them to your transaction definition. Select the check box corresponding to the SAP GUI operation that you want to add and click the icon located just above the table. If your analyzer is based on SAP GUI, you can add the steps from both the Operations table and from the Transactions table. After the SAP GUI operation is moved to the Sequence Transaction Definition table, you can modify it, position it within a sequence of other steps, clone it as another step, or delete it using the operation buttons to the right of the Sequence Transaction Definition table. 197

198 Chapter 15 Monitoring SAP GUI Sequence Transactions Modifying, Deleting, and Cloning Transactions for a Single AMD Modifying a Sequence Transaction To modify the definition of an existing transaction: 1. Open AMD configuration and click Edit as Draft to switch to draft mode. 2. In the Configuration tree, select Sequence Transactions. This opens the Sequence Transactions table, listing all of the defined transactions for this AMD. 3. Right-click the transaction to manage and select Open from the context menu. You can modify any of transaction details. For more information, see Adding Transactions in the Data Center Real User Monitoring Web Application Monitoring User Guide. Deleting a Sequence Transaction To delete selected transactions: 1. Open AMD configuration and click Edit as Draft to switch to draft mode. 2. In the Configuration tree, select Sequence Transactions. 3. Click the transaction that you want to delete. To delete multiple transactions with one step, hold the [Ctrl] key as you click additional transactions. 4. Right-click and select Delete to remove the selected transactions from the list. Cloning a sequence transaction To clone selected transactions: 1. Open AMD configuration and click Edit as Draft to switch to draft mode. 2. In the Configuration tree, select Sequence Transactions. 3. Click the transaction that you want to clone. To clone multiple transactions with one step, hold the [Ctrl] key as you click additional transactions. 4. Right-click and select Clone to duplicate the selected transactions. A cloned transaction is indicated by the original transaction name with (Clone) appended to it. There are differences between cloning and copying. For more information, see Monitoring Sequence Transactions in the Data Center Real User Monitoring Web Application Monitoring User Guide. 198

199 CHAPTER 16 Monitoring SQL Sequence Transactions You can manage the sequence transactions (operation sequences) that are defined on an individual AMD or manage each transaction that is monitored by a group of AMDs. Viewing All Defined Sequence Transactions To view all transactions, select Reporting Configuration Sequence Transactions from the console top menu. Click in the Sequenced Transactions list and then type the first letters of a sequenced transaction name to find a sequenced transaction whose name matches what you have typed. Click the magnifying glass icon or press [Ctrl+F] to open a search box to limit the table view to only those rows that contain a match (in any column) to the search string. For each transaction, the following information is shown: Sequence Transaction Name The name of a transaction. Application The application that includes the listed transaction. Type The protocol used to define the listed transaction: ASYNC-HTTP, CERNER, CERNER-RTMS, HTTP, OF, SAP GUI, SQL or XML. Packaged Applications Whether the listed transaction is a packaged application whose transactions are recognized by the report server automatically. When you select a transaction by clicking it once, you can see the list of AMDs that monitor this transaction. Viewing Sequence Transactions Defined on an Individual AMD To view the defined transactions monitored by a single AMD, select Devices and Connections Manage Devices from the console top menu. Next, select Open configuration from the context menu for the AMD to access the AMD Configuration screen. Finally, select Configuration Sequence Transactions. 199

200 Chapter 16 Monitoring SQL Sequence Transactions The main Sequence Transactions table lists all of the currently defined transactions and their details: Sequence Transaction Name The name of a transaction. Application Name The application that includes the listed transaction. Type The protocol used to define the listed transaction. Steps The number of individual operations involved in the listed transaction. Priority The priority of the transaction. Possible values are 1 (highest priority), 2, and 3. Timeout The maximum time for the transaction to complete. Packaged Applications Identifies whether the listed transaction is a packaged application whose transactions are recognized by the report server automatically. Viewing Sequence Transaction Details On the Sequence Transactions screen, select Edit from the Actions menu for a given transaction to open the Edit Transaction window and examine the steps that make up the transaction. The listed details are as follow: Name, Application, Description: Timeout [s], Slow after [ms], Priority URL, Timeout, Repetition. Managing Existing Sequence Transactions To manage all of the defined transactions, use the Sequence Transactions screen. To create new transactions, click Add Sequence Transaction. The Create Sequence Transaction screen appears, where you can select the AMD devices that will monitor this new transaction. To delete a transaction, select the check box for the transaction and click Delete. NOTE If the transaction you are deleting is monitored by more than one AMD, a new draft configuration must be published to all of the affected AMDs. To edit a transaction, from the Actions context menu for the transaction, select Edit. To copy a transaction to another device, from the Actions context menu for the transaction, select Copy. 200

201 Adding SQL Sequence Transactions You can add a sequence transaction to an individual AMD using the AMD Configuration window. To define a new transaction: 1. In the RUM Console, select Reporting Configuration Sequence Transactions. 2. Click Add Sequence Transaction. The Create Sequence Transaction pop-up window appears. 3. Enter the application and transaction names and a description. If you have configured the Dynatrace connection, click Browse to select a predefined application and a specific transaction within this application. For more information, see Configuring the BSM Connection in RUM Console in the Data Center Real User Monitoring Administration Guide. 4. From the Type list, choose SQL. 5. Select the devices that will monitor the transaction. When you publish the new configuration, it is only applied to these devices. 6. Click OK. On the screen, specify the configuration details for the transaction. 7. Provide the timing and priority values: Timeout [s] The maximum time for the transaction to complete. Transactions must complete in this time to be logged as successful transactions. Slow after [ms] If the transaction execution time exceeds this value, the transaction is classified as slow. Specify this threshold in seconds, for example: 500. Chapter 16 Monitoring SQL Sequence Transactions Priority Determines which transaction is recorded if two or more transaction definitions match the transaction detected in the monitored traffic. The valid priority values are 1 (highest priority), 2, and 3. A multiple transaction match can happen if, for example, you first create a generic transaction definition that can match a number of more specific transactions and then you create another transaction definition that matches a particular sub-type of that generic transaction type. If an observed transaction is found to match the latter definition, it also matches the first (more generic) definition, and the system will need to determine under which transaction name to record the observed transaction instance. By increasing the priority of the second, more specific definition, you can count the occurrences of this particular transaction sub-type, which are then not counted in the statistics for the generic transaction type. So you can use this feature to increase the priority of specific customized transaction definitions that should take precedence over more generic transaction templates. 201

202 Chapter 16 Monitoring SQL Sequence Transactions 8. Specify queries comprising the transaction steps. Both SQL operation and query type can contain an optional wild-card character * to signify any number of any characters or a regular expression. You can use either of the two methods in one line. For example, you can use the regular expression based pattern for the query type, regex:rp[abc]$ and simple search pattern for the SQL operation, set*. For more information, see Reported Database Operation Types [p. 139]. To maintain the sequence of these operations, use the navigation buttons on the right. When using the regular expression in defining the HTTP, Oracle Forms and SQL transaction steps, you have to start the search string with the phrase regex: and follow it a valid regular expression which is applied to the URL, Oracle Forms, SQL operation or query type, for example: regex: For more information, see Using Wildcards in URLs in the Data Center Real User Monitoring Web Application Monitoring User Guide. Using the wildcard character *, you can signify any number of any characters. For more information, see Using Wildcards in URLs in the Data Center Real User Monitoring Web Application Monitoring User Guide. You can Add, Delete, Move Up, Move Down, or Copy the defined steps by selecting the step and clicking one of these actions. You can also make changes in the table itself: click in any of the column cells to edit the values. Using the table, you can determine whether the selected operation may be repeated within this transaction. 9. Click OK to add your transaction definition to a draft configuration. 10. On the Sequence Transactions screen, click Publish Configuration. What to Do Next You can also add a transaction using the Sequence Transaction Inspector. For more information, see Monitoring Sequence Transactions in the Data Center Real User Monitoring Web Application Monitoring User Guide. Filters and Transaction Inspector for SQL Transactions The Edit SQL Transaction screen enables you to select individual steps and construct your own SQL transactions. The Transaction Inspector consists of two main areas: the Filters and the Transaction Inspector itself. Filters Transactions can be defined manually by entering each step, however the Filters area enables you to examine the Current Stream or Recent Data and select the detected steps to build a transaction. The transaction filter consists of two tabs: Data Filter The Data Filter tab enables you to define your filter by selecting the source and range of data to be filtered. 202

203 Chapter 16 Monitoring SQL Sequence Transactions From the list, you can select the report server and create a user filter. Select User Name or User IP Address and either enter the data manually or click Browse to open the Select User window, where you can select the user identified in transaction traffic by the report server. You can highlight or search for the specific user or user IP address and filter the search query based on any of the columns in the transactions table. After the user or user IP address is selected, you can choose to either extract transactions from a Current Stream that is being monitored, or from Recent Data stored on the report server. The Recent Data option requires you to provide a Begin and End date for the time range to be processed. NOTE In the case of HTTP asynchronous transactions, you can only extract transactions from Recent Data and you cannot apply the user filters. Result Filter The Result Filter tab consists of a find field, a transaction detail field, and an interactive legend to filter transactions that have been classified as: Table 8. Result Filter Color Guide The transaction was recognized and matched with the transaction currently being defined. One or more steps One or more steps An operation was in the transaction in the transactions recognized as an currently being for which an error already defined defined were not occurred. and saved completed. transaction definition. Excluded SQL operation which did not match any definition. By selecting and clearing the corresponding check boxes, you can filter the operations or queries from the data source. The color coding of the steps is based on your current transaction definition in the Transaction Definition area. To view the results and enable the filter to receive data, click, located on the right side of the Filters area. Transaction Inspector Transaction Inspector consists of two tables that display the SQL operations and Sequence Transactions detected in the data source defined in the Filters section. The Transaction Inspector enables you to select one or a number of detected steps and add them to your transaction definition. Select the check box corresponding to the SQL operation that you want to add and click the icon located just above the table. You can add the steps from both the SQL operations table and from the Transactions table. After the SQL operation is moved to the Transaction Definition table, you can modify it, position it within a sequence of other steps, clone it as another step, or delete it using the operation buttons to the right of the Transaction Definition table. 203

204 Chapter 16 Monitoring SQL Sequence Transactions Modifying, Deleting, and Cloning Transactions for a Single AMD Modifying a Sequence Transaction To modify the definition of an existing transaction: 1. Open AMD configuration and click Edit as Draft to switch to draft mode. 2. In the Configuration tree, select Sequence Transactions. This opens the Sequence Transactions table, listing all of the defined transactions for this AMD. 3. Right-click the transaction to manage and select Open from the context menu. You can modify any of transaction details. For more information, see Adding Transactions in the Data Center Real User Monitoring Web Application Monitoring User Guide. Deleting a Sequence Transaction To delete selected transactions: 1. Open AMD configuration and click Edit as Draft to switch to draft mode. 2. In the Configuration tree, select Sequence Transactions. 3. Click the transaction that you want to delete. To delete multiple transactions with one step, hold the [Ctrl] key as you click additional transactions. 4. Right-click and select Delete to remove the selected transactions from the list. Cloning a sequence transaction To clone selected transactions: 1. Open AMD configuration and click Edit as Draft to switch to draft mode. 2. In the Configuration tree, select Sequence Transactions. 3. Click the transaction that you want to clone. To clone multiple transactions with one step, hold the [Ctrl] key as you click additional transactions. 4. Right-click and select Clone to duplicate the selected transactions. A cloned transaction is indicated by the original transaction name with (Clone) appended to it. There are differences between cloning and copying. For more information, see Monitoring Sequence Transactions in the Data Center Real User Monitoring Web Application Monitoring User Guide. 204

205 CHAPTER 17 Monitored Traffic from a Business Perspective When you create applications and transactions on the CAS, you organize the monitored data according to a higher level of abstraction. You apply a business view to the data technically divided into tiers and services. After creating applications and transactions, you are able to use dedicated reports to supervise your strategic application performance. This step is mandatory only if you integrate CAS data into BSM. For other product configurations, your system will work without applications being defined. However, if you want to obtain a less technical view and go beyond simple network performance monitoring you should consider performing this part of the configuration. Applications and transactions defined on the CAS are based on and represent your own view of the monitored subjects. The rules are based on the logic imposed by the individual who configures the CAS. These rules are meant to represent an actual software organization running on a web server and the relations between its components. Applications, Transactions, and Tiers Application An application is a universal container that can accommodate transactions. Each application can contain one or more transactions; those transactions can originate from different sources. An application defined on the CAS is a cohesive container that helps you organize information about the application delivery chain. Applications organize the data travelling through your network into logical units or tasks. These tasks are performed over the network. You can distinguish each web application running on a single web server. Transaction A transaction consists of operations that are grouped as steps. Transactions are built out of a single step or a number of steps. For example: A simple, single-step transaction may consist of a single operation such as a web page load. 205

206 Chapter 17 Monitored Traffic from a Business Perspective An extended transaction may consist of a collection of non-sequenced operations (an unstructured transaction). A more complex transaction may consist of sequences of operations, each operation being a single step. DC RUM monitors sequences of web page loads and sequences of XML calls, and it reports on these sequences (as transactions) and on individual operations within sequences. A transaction defines a logical business goal such as registration in an online store. One or more transactions constitute an application. Note that a transaction can have only one parent application. Data for a transaction can come from: Agentless Monitoring Device Enterprise Synthetic agent The same transaction can contain data from different data sources at the same time (for example, data from AMD and from Enterprise Synthetic). However, metrics for each data source are aggregated separately. Tier A tier is a logical application layer. It is a representation of a fragment of your monitored environment. The front-end tier in a user-defined configuration is the layer that is closest to the end user. How Tiers, Transactions, and Applications Are Related Each application is defined as a set of transactions and can be divided into logical layers (tiers) such as web servers, middleware, or a database. Each transaction can be a collection of data gathered across various tiers, as shown in the following figure. Figure 30. Transactions Spanning Three Tiers APPLICATION Front-end Tier HTTP + SSL Middleware Tier SOAP Database Tier TDS Login GET(token) SELECT username FROM Table db_type_1 Search find_items(type2) SELECT * FROM items_table_type_2 Submit order save_order(type3) INSERT order INTO orders_table_type_3 Each transaction can be a collection of operations occurring within one tier. 206

207 Chapter 17 Monitored Traffic from a Business Perspective Each tier is defined as a set of rules dependent on the tier type. All tiers are defined globally. The global definition applied to a specific application shows the appropriate sequence of tiers for that application. Application and Transaction Management To define applications and transactions, define an application for each business application that exists in your environment and then, to see a more detailed view of the applications, supplement the application definitions with definitions for specific transactions. If necessary, review information about applications and transactions and how they relate to tiers. For more information, see Applications, Transactions, and Tiers [p. 205]. Before Configuring Applications and Transactions Before configuring the applications and transactions, ensure that: 1. You have established the sniffing points. For more information, see AMD Deployment Overview in the Data Center Real User Monitoring Agentless Monitoring Device Installation Guide. 2. You have configured software services in the RUM Console. For more information, see Basic Monitoring Configuration in the Data Center Real User Monitoring Web Application Monitoring User Guide. In the most common DC RUM setup scenario you need to first acquire traffic information and allow AMDs to report software service statistics. The information provided by data collectors is accessible via the Business Units Configuration tool and can be used to formulate transaction rules. 3. Tier configuration matches your requirements and network topology. To see data in the Applications and Tiers reports, you have to configure tiers. The data presented on these report groups is based only on tiers that are user-defined. For more information, see Tiers Report in the Data Center Real User Monitoring Central Analysis Server User Guide. Defining applications and transactions is one simple process. Some steps are optional depending on how detailed your reports must be or how much information about your monitored Web applications you are able to provide. Remember that every transaction must have a parent application (it is not possible to create a transaction without a parent application) and that each transaction can have only one parent application. To define applications and transactions: 1. Define an application for each business application in your environment, for example, car rental, holiday booking, or accounting. In the most simple case you need to fine-tune the rules for the application and add at least one software service to the application definition. For more information, see Defining a New Application in the Data Center Real User Monitoring Administration Guide and Defining an Application Rule in the Data Center Real User Monitoring Administration Guide. 207

208 Chapter 17 Monitored Traffic from a Business Perspective By default the CAS assigns one All other transaction to your newly created application. This transaction does not have any rules and you cannot edit it. You will see the All other transaction on reports when the report server receives monitoring data. 2. Optional: To see a more detailed view of your applications, supplement previously defined application definitions with definitions for specific transactions, for example, search a car by type or book a hotel ). This requires adding at least one new transaction to the already defined applications. You will need to fine tune rules for the newly added transactions and add at least one operation or operation mask to the transaction definition. For more information, see Defining Transactions for Application in the Data Center Real User Monitoring Administration Guide. If your CAS is connected to Business Service Management, you can select applications and transactions from lists of applications and transactions recognized by Dynatrace in your configuration. Further configuration may not be required if you configured sequence transactions on the AMD or integrated Enterprise Synthetic with the CAS. For more information, see Advanced Transaction and Application Configurations in the Data Center Real User Monitoring Administration Guide. To validate your configuration steps, display application-related reports on the CAS. Click Home on the top menu to display the report. Note that data for the applications have just been defined is available only after one of the monitoring devices (for example, an AMD) reports data matching criteria for the transaction definitions. NOTE To be able to see monitored statistics for transactions on the onset of monitoring deployment, you can skip using the Business Units tool, which is based only on traffic that has already been reported by the AMD. Instead, define transactions in a text file and copy it to the CAS configuration folder. The reporting server reads the content of this file and automatically presents the data on application-related reports. For more information, see External Definitions of Reporting Groups, Applications, and Transactions in the Data Center Real User Monitoring Administration Guide. 208

209 CHAPTER 18 Alert System The alert mechanism enables you to be proactive when dealing with problems and to remove problems before they start affecting users. In the reactive model of dealing with problems, you react to problems reported by your users (for example, website users). In such a scenario, the CAS is monitoring a given website and the AMD is measuring operation time for every operation, transaction, and user all the time. Then, using the gathered data, the report server displays all details on charts and makes it possible to measure performance and troubleshoot problems. When problems are reported by users, you look at the reports and find out that, for example, the problem is with HTTP response time from a certain server. You then go and fix the problem: reboot or restart the process or take other corrective action. In other words, you react to a problem that has already affected your users. In the proactive model, you detect problems before your users can notice them. For this, you need two things: the knowledge of how the problems manifest themselves in your particular environment, and the means of detecting such situations. For example, if long HTTP response time is the best early indicator of developing problems, you could display a chart showing the HTTP response time metric and take action if the value of the metric is above a certain value. It is even better to automate the process and let the system inform you when the metric exceeds the threshold. This is exactly what the alert mechanism was designed to do. Ideally, the system could inform a designated operator about the problem and feed data into an alert management engine. The engine could then perform a corrective action such as restarting the offending server or process. Thus, the report mechanism enables you to move some of the responsibility and intelligence from a human operator (watching the charts) to the machine (acting on alerts). Defining and Modifying Alerts For an alert to be raised, you need to specify the alert triggering conditions, which requires careful observation and knowledge of the system. You need to ensure that: You understand what you are trying to achieve. You have gathered your requirements. 209

210 Chapter 18 Alert System You know how problems in the monitored system manifest themselves. You can translate your intentions into alert configuration. You must ensure that alerts detect error situations and nothing but error situations. In other words, you must ensure that failure notifications are sent and corrective actions are performed always when needed, but only in those situations. When configuring alerts, first of all you must consider what the system would be showing if you were troubleshooting a failure in a reactive mode. These could be, for example, slow operations, HTTP response time, SSL handshake errors, stopped pages, 5xx HTTP errors on the login URL, or some textual information that needs to be captured with application error recognition. Then you need to ask yourself what values for a given time duration are still acceptable and what values mean a real problem. Thus, for example, 5 minutes of high server time might not signify a problem, but if it stays high for more than 15 minutes it might be a problem, particularly if after 30 minutes you also see 5xx HTTP errors. Then you have to react. With this type of information, you can start to think about looking for the right alerts to configure. It is not enough to detect alert conditions and then trigger and send alert notifications. You need a business process that ensures that this situation will be fixed as soon as possible. In other words, it is not enough to generate many alerts from monitoring tools if you still react to problems only when users call to complain. Usage Scenarios for Alerts The alert system can satisfy various user requirements and operational scenarios, such as: Notifying the recipient of both the beginning and the end of the alert condition. The user is notified when an alert condition is raised and also when the situation returns to normal. Notifying the recipient only if a given condition lasts for a certain period of time, or if a given event is repeated several times. This enables the user to focus on real issues and not on insignificant or intermittent glitches. Notifying the recipient several times at regular intervals throughout the duration of the problem. Types of Alerts Alerts can be divided into different categories based on the underlying detector mechanism and on their function. Alert detectors are the actual mechanisms responsible for analyzing the monitored traffic and for recognizing alert triggering events. The detector mechanism determines such things as the types and number of parameters that a given alert takes (or can be modified to take), the speed of processing, and user access to the actual detector code. In most cases, you will be working with user-defined metric alerts, which provide a simple and fast mechanism for performing complex queries on a set of predefined metrics; or on expressions combined of such metrics. They are easy to create, modify, and use. They execute quickly: up to 1,000 alert definitions can be processed in one reporting cycle. It is recommended that metric alerts be used whenever possible because of their speed of execution and ease of modification. The following types of metric alerts can be configured: 210

211 Chapter 18 Alert System Real user performance (probe) These alerts monitor traffic between a client and a server. They are based on traffic monitored by AMD, including the elements that are configured on the CAS: applications, transactions, reporting groups, tiers, regions, areas and sites. Application user experience These alerts are based on the data provided in the Application, Transcation and Tier data view. Enterprise Synthetic and sequence These alerts monitor transactions and track the HTTP-based software service activity of synthetic agents and standard users. They are based on traffic monitored by DC RUM or Enterprise Synthetic. Citrix/WTS hardware These alerts monitor the performance of Citrix servers or Windows Terminal Services (for example, the number of active or open sessions). Network link These alerts monitor link utilization. Internetwork traffic These alerts monitor traffic coming in and going out of a specific site. Synthetic backbone These alerts report problems related to Dynatrace Synthetic Monitoring transactional traffic. Although it is recommended that metric alerts be used whenever possible, not every possible alert condition can be expressed as a metric alert. This is why a set of pre-defined SQL-based alerts is provided. These alerts perform SQL queries on the traffic monitoring database. The benefit of using them is that there are no constraints to the complexity of the queries: any event that can be expressed in SQL can be detected. However, the SQL queries take a considerable amount of time to execute, so performance problems can result. You cannot create new SQL-based alert definitions or duplicate the existing ones in the RUM Console. You can, however, modify some of the detector settings for example, change the threshold values or delete the alert definitions. Among predefined alert definitions, there are also a few non-sql alerts that were designed for specific purposes and that can be modified in only limited ways. Most of them monitor and report on resources of a report server and cannot be deleted from the system. The predefined alerts are grouped based on the type of event on which they report: Anomalies Alerts sent when an abnormal situation is detected (for example, when there are too many services detected for a single user). Diagnostics Alerts that are related to the resources of a report server (for example, free space on the server hard drives or free space for the server database). New objects Alerts that are sent when a user, server, or service registers for the first time in the monitored network. 211

212 Chapter 18 Alert System Performance Alerts that report mainly errors that occur during the execution of operations and abnormal time metric values for the operations. They also notify recipients about application availability problems. Alert States and Notifications The alert system is a multi-layer mechanism. For a DC RUM user, the most important elements of this mechanism are alert states and notifications. An alert is raised if the monitored traffic meets the conditions specified in the alert definition, such as when a particular metric exceeds a defined threshold value. An optional notification can then be sent. Alert States If a given metric exceeds its threshold value, an alert state might not be triggered immediately. Exactly when an alert is triggered is defined in the alert definition. It often happens that you want to raise an alert only after a threshold has been exceeded a specific number of times in a given time interval. Similarly, notifications are not sent in direct response to the triggering conditions but in connection with alert states being raised, remaining on, or being lowered. For example, an alert can be raised: As soon as the triggering conditions are fulfilled (after just one occurrence of the alert condition). After a specified number of occurrences of a given condition. An alert state can then be lowered, or will expire: Immediately after the condition that triggered the alert has ceased to occur. If the triggering condition has not reappeared for a specified number of minutes. If the triggering condition has not reappeared for a specified number of reporting cycles. A condition can repeat a number of times, but after an alert is triggered (raised), it remains raised until it is turned off or expires (is lowered). Similarly, after an alert condition is raised, a notification can be sent zero or more times while the alert state remains on, and a notification can be sent when the alert is turned off. Notifications After an alert is raised, an optional notification can be sent. Whether a notification is sent depends on the alert definition. Later, if the alert state remains on, repeated notifications can also be sent as needed. In particular, while the alert remains on, an alert notification can be repeated: In every reporting cycle Every specified number of minutes Alert cancellation notifications are also possible: an alert definition can specify that a notification should also be sent when the alert state is lowered, that is, when the alert reverts to the off state. 212

213 Chapter 18 Alert System Notifications are sent not in direct response to triggering conditions, but in response to alert states being raised, remaining on, or being lowered. One alert can send a number of notifications. After an alert is turned on, it remains in the on state until it is turned off or expires. Means of Alert Delivery Alert notifications can be sent to a specified address, via SNMP traps, or delivered to COS. Notifications are sent to recipients based on subscriptions. Users, referred to as alert subscribers, can select which alerts they want to receive, apply additional filtering criteria, and select the delivery mechanism. When is the selected delivery mechanism, all alerts that have occurred within a single monitoring interval are by default sent in one message. Every enabled alert, even if it has no recipients defined, is generated and can be viewed in the alert logs. All alert notifications, whether ed or not, are recorded in alert logs. For more information, see Alert Log Viewer in the Data Center Real User Monitoring Administration Guide. When traps are the selected delivery medium, a separate trap is associated with each alert notification. Each trap has an associated trap definition, identified by an OID, in the MIB in the alarms.mib file. This MIB can be imported on the trap recipient to correctly interpret the meaning of the alert and automate any corrective actions. Refer to your network management platform manual for information on how to install third-party MIBs. Alert notifications can also be delivered to COS Release You can check the release number of the currently running module in the Administration Console. To open the Administration Console from the Windows Start menu, choose Programs Compuware Compuware Open Server Administration Console. 213

214 Chapter 18 Alert System 214

215 CHAPTER 19 Obtaining and Using Kerberos Keys for SAP SNC Decryption on AMD In order to monitor encrypted SAP SNC traffic, AMD needs a copy of the Kerberos keys that are used by the SAP system. These keys are stored in keytab files on Kerberos servers. A keytab is a file containing pairs of Kerberos principals and encrypted keys (these are derived from the Kerberos password). The most common personal use of keytab files is to allow machines to authenticate to Kerberos without human interaction, or storing a password in a plaintext file. AMD needs these files in order to be able to decrypt SAP traffic for full monitoring of all clients and transactions. For security reasons, any authentication or encryption keys stored on the disk by the AMD should be kept in an encrypted form. You need to set up an appropriate decryption mechanism to make these keys available to the AMD process at run-time. To use encrypted Kerberos SNC keys, you need to: 1. Extract the Kerberos SNC keys from the Kerberos system to be monitored. For more information, see Obtaining Kerberos Keys for SNC Decryption [p. 215]. 2. Encrypt the Kerberos SNC keys using the kpaencrypt command. For more information, see Encrypting Kerberos SNC Keys for Secure Storage on AMD [p. 217]. 3. List the Kerberos SNC Keys in the AMD configuration. For more information, see Listing Kerberos SNC Keys in AMD Configuration [p. 218]. 4. Make the encrypted keys available to the AMD process at run time. For more information, see Using KPA to Make Keys Available to the AMD Process [p. 219]. Obtaining Kerberos Keys for SNC Decryption A keytab file containing pairs of Kerberos principals and encrypted keys can be created on any computer with Kerberos. Before You Begin To create a keytab file you need the kutil utility and you need to know your Kerberos password. The ktutil utility is present on any workstation using the Kerberos system for 215

216 Chapter 19 Obtaining and Using Kerberos Keys for SAP SNC Decryption on AMD network security. It is, for example, part of the MIT Kerberos tools in the Kerberos workstation package. You do not need to log into the actual Kerberos server to generate your keytab file. The following procedure demonstrates the creation of the keytab file using MIT Kerberos. A corresponding example using Heimdal Kerberos is also given below. The examples assume that you are logged into a Linux-based Kerberos workstation. 1. Ensure that the ktutil utility is on your command execution PATH. For Unix/Linux systems this could be for example /usr/sbin or /usr/kerberos/sbin. The command type ktutil should tell you where the executable ktutil file resides. If the type command fails, you will need to find the location of the executable ktutil file and make sure that it is on your execution PATH. 2. Start the ktutil utility. On your command prompt, type ktutil. This should result in the ktutil: prompt being displayed as shown on the example output. > ktutil ktutil: 3. Use the addent command to instruct the ktutil utility to add a principal key to the keytab file. The following syntax uses the -password option to gain appropriate permissions, though you can also use the -key option. For full details of ktutil command syntax, refer to Kerberos documentation. Note that you can specify all of the required options to the addent command or only some. Options that are required but not supplied will be prompted for. In the example below, the user is prompted for the password. addent -password -p principal -k kvno -e enctype Where principal is the principal ID, kvno is the key version number and enctype is the encryption type. For example: ktutil: addent -password -p myname@abc.xx.yyy -k 1 -e rc4-hmac Password for myname@abc.xx.yyy: qvnlfc Repeat adding new keys, as required. 5. Use the write_kt (alias wkt) command to write the current keylist to a Kerberos keytab file For example: ktutil: wkt myfile.keytab 6. Use the quit command to exit ktutil. ktutil: quit 7. View the created keytab file The keytab file will have been created in the current working directory. You can list it using the ls command. 216

217 Chapter 19 Obtaining and Using Kerberos Keys for SAP SNC Decryption on AMD Example for MIT Kerberos The following example summarizes the example input and output from the above procedure, while adding an additional key with different encryption type: > ktutil ktutil: ktutil: addent -password -p -k 1 -e rc4-hmac Password for myname@abc.xx.yyy: qvnlfc587 ktutil: addent -password -p joe@abc.xx.yyy -k 1 -e aes256-cts Password for myname@abc.xx.yyy: Pagod005 ktutil: wkt myfile.keytab ktutil: quit Example for Heimdal Kerberos You should use Heimdal Kerberos version 1.5 or older. > ktutil -k myfile.keytab add -p username@abc.xx.yyy -e arcfour-hmac-md5 -V 1 > ktutil -k myfile.keytab add -p username@abc.xx.yyy -e aes256-cts-hmac-sha1-96 -V 1 What to Do Next Store the created keytab file securely in preparation for copying it to the AMD. Remember that the keytab file is not encrypted. If you are transferring it using network, make sure that the network is secure. Once the file has been transferred to the AMD, it needs to be encrypted for security reasons. For more information, see Encrypting Kerberos SNC Keys for Secure Storage on AMD [p. 217]. Encrypting Kerberos SNC Keys for Secure Storage on AMD For security reason, it is advisable that the Kerberos SNC keys that are stored on the disk by the AMD, should be kept in an encrypted form. To encrypt your Kerberos keys, use the kpaencrypt utility. The kpaencrypt utility reads a key from the disk, asks the administrator to define a password to for the encryption and then stores the key in an encrypted form. NOTE The target location where you store the encrypted key can be different than the source location from where the key is read. This means that if for security reasons you do not want to copy the un-encrypted key onto the AMD, but want to supply it on an external removable drive, you can supply the full path to that device and never have to copy the file onto the system. Alternatively, to erase the copied file, you should use the shred utility. The kpaencrypt utility is a binary file accessible through the path/usr/adlex/rtm/bin/kpaencrypt To execute the command, you have to log in as user kpadmin and then execute it using the following syntax: 217

218 Chapter 19 Obtaining and Using Kerberos Keys for SAP SNC Decryption on AMD kpaencrypt sourcefile destinationfile Where both parameters can contain the full path of the respective files. You will then be prompted to enter the password to be used for the encryption. For example: keys]# kpaencrypt./02.keytab./02.keytab.enc enter aes-256-cbc encryption password: Verifying - enter aes-256-cbc encryption password: After you have successfully encrypted the key, you can securely delete the source file, by means of the shred command. This is a Linux command that allows secure deletion so that the information stored in the deleted file is not simply un-referenced by the file system but is actually overwritten. This makes it impossible for any disk recovery tool to re-create the deleted file. Use the -fuz options to the shred command to hide the shredding operation by overwriting the file with 0s and to actually delete the file name form the directory listing while overriding any read protection. For example: [root@amd-35 keys]# shred -fuz./02.keytab CAUTION Secure deletion is not a necessary step in the process of encrypting the keys. This is a security measure which you should follow if you do not want the un-encrypted file to remain on the system. Remember that this command will remove the file without any means of recovery of the removed information. After you have successfully encrypted the key, you must make AMD aware of it by listing it in the keylist file and loading it to AMD memory at runtime. For more information, see Listing Kerberos SNC Keys in AMD Configuration [p. 218] and Using KPA to Make Keys Available to the AMD Process [p. 219]. Listing Kerberos SNC Keys in AMD Configuration Before keys are used by the AMD, the AMD needs to be made aware of their presence by listing the keys in the configuration file referred to as keylist. This functionality is governed by the following configuration properties in the rtm.config configuration file: server.key.dir The directory in which to store encoded files (by default, this is /usr/adlex/config/keys). server.key.list The file in the above directory that describes what keys are to be used for the monitored servers. The default name of the file is keylist. Note that the file lists keys to be used, but does not provide a mapping of servers to keys. This is because the AMD is able to match keys to sessions automatically. The advantage of this approach of not mapping a specific IP address of the server to the private key is that servers residing behind load balancers can also be monitored, even though the same IP address is then apparently using a number of different keys. 218

219 Chapter 19 Obtaining and Using Kerberos Keys for SAP SNC Decryption on AMD The file listing the keys, as specified in server.key.list, is a plain-text file with each line describing a single key and being composed of the following fields. Note that the square brackets ( [ ] ) imply that the given item is optional, and the brackets themselves should not be included in the actual entry. Note also that this file may also be used by other protocols, so entries of other types may also appear there. key_type, [app_name:]key_identifier[, comment] where: key_type for Kerberos SNC is the literal string snc. key_identifier for Kerberos SNC is the name of the file that contains the encoded key. The comment part in square brackets [ ] is an optional comment describing the entry in the line. Example 16. Sample entries with SNC keys snc,mysnckey01, key for service 1 snc,mysnckey02, key for service 2 After updating the keylist file you need to re-start the kpa daemon and re-run the kpadmin utility. For more information, see Using KPA to Make Keys Available to the AMD Process [p. 219]. Using KPA to Make Keys Available to the AMD Process To make keys available to the AMD at run time, the administrator has to arrange for the keys to be decrypted, if they are stored in an encrypted form, then to be loaded into shared memory. Decryption requires a password one per encrypted key file and is accomplished using the kpadmin utility. The procedure is the same for all the types of encrypted keys used by the AMD, such as OpenSSL or Kerberos for SAP. The kpadmin utility is a binary file accessible through the path /usr/adlex/rtm/bin/kpadmin. It accepts no command line options and is executed as: kpadmin Alternatively, to execute kpadmin, log in as the kpadmin user. The kpadmin utility reads the keys from the disk according to the contents of the file named in server.key.list, prompts the administrator for a password to decrypt each file and then stores them in the AMD RAM memory, visible to the kpa daemon. After successfully decrypting all keys and saving them in the AMD RAM memory, kpadmin restarts the AMD process, which then obtains new key information via the kpa daemon. The decrypted keys are stored in the AMD RAM only. They are not written on the disk at any time. This increases the security of the system but means that after a reboot of the AMD, they have to be re-loaded to memory. NOTE The keylist file is shared by all analyzers requiring key storage. Therefore when executing the kpadmin command, you will be prompted for passwords for all of the listed keys, for example for OpenSSL keys. If a particular key is not stored in an encrypted form and does not require a password, it is sufficient to press [Enter] in response to the password request. 219

220 Chapter 19 Obtaining and Using Kerberos Keys for SAP SNC Decryption on AMD 220

221 APPENDIX A Diagnostics and Troubleshooting SAP Architecture-related Issues The product distinguishes between two SAP HTTP components: SAP GUI for HTML (SAP WebGUI) and SAP Web portal. How do I determine which kind of interface is used? You can determine the type of the SAP interface in two ways: If you can access the SAP system, examine the URL in Web browser's address field. If WebGUI is used, the URL will contain the webgui keyword. For example, If you cannot access the SAP system but can access the traffic from a sniffing point or an AMD, a network trace can be created to analyze the URL contained in the HTTP POST. If WebGUI is used, the URL will contain the webgui keyword. Report-Related Issues Central Analysis Server automatically detects a range of exceptions (anomalies) and notifies the report users. Exception notifications are displayed as yellow (warning) or red (error) triangle icons in the upper-left corner of the report window. To see the notification message, position the cursor over the triangle icon. The Slow Operation Load Sequence report is empty for an operation which is part of an XML transaction. Why and how do I fix this? For XML and SOAP, Operation Elements data is identical to Operation Analysis data, so, to avoid unnecessarily keeping the duplicates in the database, a VDATA_FILTER_XMLSOAP filter is set to true by default. Keeping this filter set to true saves disk space but, because the XML and SOAP entries are filtered out, it makes reporting on the Operation Elements level (elements or headers) impossible. To change the value of VDATA_FILTER_XMLSOAP property in userpropertiesadmin, type in the Web browser's Address bar and press [Enter], change the filter's property value, and click Set value to accept the change. To access this screen, you need to have administrative privileges for the report server. 221

222 Appendix A Diagnostics and Troubleshooting The yellow triangle displays AMDs produce no performance data. What do I do? The message AMDs produce no performance data means that AMDs connected to the report server do not produce any new data. To resolve this issue, you have to investigate the configuration of the AMDs and determine why they do not produce the performance data. The yellow triangle displays An AMD produces data stamped with a time from the future. What do I do? The report server has a built-in protection from simple configuration mistakes. One of the related problems is when data is incorrectly time stamped by AMD. This happens when the AMD is running with the system clock incorrectly set and is not being synchronized with the report server. If you see this notification, check the system time on the report server and on the AMD. Ensure the time synchronization option is turned on. To check the time synchronization: 1. Launch the RUM Console. 2. Select the AMD, right-click it and choose Open Configuration. The AMD Configuration window appears. 3. Select Global General. Check the IP address of the server authorized to set the AMD time. Make sure it is the same as the report server IP address. 4. Check the report server time setting. Do this by reading the time that is displayed at the bottom of the reports. Ensure the report server has the time zone set correctly. Figure 32. Example of the Report Time Stamp The yellow triangle displays A daily maintenance task is in progress. Data processing suspended. What do I do? Once a day the report server has to perform a database maintenance and memory cleanup. During that time, the data processing has to be suspended and you will see delayed data on reports. The daily maintenance is usually performed as the first task after midnight and it takes up to half an hour in installations with a large database. 222

223 Appendix A Diagnostics and Troubleshooting It is normal and expected to see this warning just after midnight. But if you see the message during the day, it can be a symptom of incorrect system configuration (check the time settings on the server) or of system overload. The yellow triangle displays No contact with the primary AMD. What do I do? This message indicates that the report server has lost contact with at least one primary AMD. If an AMD is marked as primary and the report server cannot communicate with this AMD, even if the performance data can be downloaded from the other AMDs, the system will wait until the communication with the primary AMD is restored. The yellow triangle displays No contact with any of the AMDs. What do I do? This message indicates that the communication link cannot be established with any of the attached AMDs. Check the network settings on the report server or the configuration of AMDs. The yellow triangle displays Delay in data processing. What do I do? If the last processed data is significantly behind the current time due to slow data processing or idle periods that occurred in the past, the report server displays the triangle icon with the message Delay in data processing. If the server had a delay, but now it is catching up, this message will not appear anymore. To confirm that delay is decreasing, inspect server.log and search for messages similar to this: T REC :10: zdata_43f47e58_5_t is being processed. Sample begin ts = :25. Sample delay 17 min. If the delay becomes smaller, the server is catching up. If the delay values are growing, it can indicate a system overload. The yellow triangle displays The AMD has not yet generated performance data. What do I do? This message indicates that some data files have already been generated on some AMDs, but not on the others. This may not be an indication of a problem and, when you refresh the reports after 30 to 60 seconds, this message may disappear. If necessary, verify the time synchronization among all the AMDs. See The yellow triangle displays Delay in data processing. What do I do? [p. 223]. The yellow triangle displays Data processing is being performed in the debug mode. What do I do? Data processing can be manually suspended and controlled by so-called debug mode, which can be enabled using Control Panel. Open Control Panel by typing: in the Address field of the web browser and clicking Go, then select Controlled data processing from the Configuration Management section. The red exclamation mark displays Data loading is in progress. Reports may be incomplete. What do I do? This message indicates that the report server is currently starting up. Because of this the information presented on reports may be incomplete. Depending on the database size, the startup process may take up to several minutes. If the server restart was not done manually or was not planned, inspect server.log or contact Customer Support. 223

224 Appendix A Diagnostics and Troubleshooting The red exclamation mark displays Low memory. The real-time cache will only be updated. What do I do? This message indicates that the report server has no free memory to process new entities such as software services, servers, and URLs. This message will be cleared when some resources are freed, this usually happens at midnight during the scheduled database maintenance (see The yellow triangle displays A daily maintenance task is in progress. Data processing suspended. What do I do? [p. 222]). All the metric values presented on reports (except user/client counters) will show correct values. However, the predefined tabular reports may not show all the entities they are intended to show. All the charts and DMI reports show correct data. The mechanism of updating the real-time cache, as described above, is a protection that allows the report server to continue the operation instead of closing down due to lack of memory resources. The red exclamation mark displays The number of servers has reached the defined limit. What do I do? The report server has a built-in limit of the number of monitored servers. If the number of observed servers reaches a defined limit, the report server will not accept any new servers and will drop the collected data for those servers. The predefined value of the limit can be customized. However, the report server can automatically adjust the limit in low-resources situations. The red exclamation mark displays The number of clients has reached the defined limit. What do I do? The report server has a built-in limit of the number of monitored clients. If the number of registered clients (which also includes aggregated virtual clients such as Client from... ) reaches a defined limit, the report server will not accept any new clients and will drop the collected data for those clients. The predefined value of the limit can be customized. However, the report server can automatically adjust the limit in low-resources situations. The red exclamation mark displays The number of sites has reached the defined limit. What do I do? The report server has a built-in limit of the number of automatically created sites. If the number of observed automatic sites reaches a defined limit, the report server will not create any new automatic sites and such traffic will be allocated to All Other. The predefined value of the limit can be customized. However, the report server can automatically adjust the limit in low-resources situations. The Sites report for a selected application is empty. Why? If the Sites report for a selected application is filtered for a client tier, such as Synthetic or RUM sequence transactions, it will not show any data. To see statistics for sites, drill down from the Applications report as follows: 1. Click the application name on the Applications report. 2. Click the client tier name on the Tiers report for a selected application. For the Synthetic tier, you will see the Overview Application Status report; for the RUM sequence transactions tier, the Sequence Transactions Log report. 3. Depending on the type of report, click the Overview Site Status or the Sites tab. 224

225 I see gaps on the chart reports. Why are the charts incomplete? Gaps in reports mean that the report server missed some data and was not able to get it into the database on time. Your reports may resemble the example below. Figure 33. Gaps in a Graphical Report Appendix A Diagnostics and Troubleshooting There are several reasons why the graphical reports may have incomplete data: The AMD was not able to detect any traffic from the monitored network, so it was not able to produce any valid data for the report server. To confirm that this was the reason, connect to the AMD using an SSH client and check whether the files named zdata_xxxxx_x_x are located in the /var/spool/adlex/rtm directory. Similar symptoms can be observed if the AMD has been down for some time and data files were not produced for that time. If data files are present and the viewed chart displays only a fragment of the monitored traffic, for example, for a specific server or site, it may indicate that a part of traffic, which was indented to be monitored, is missing. In this situation, the data files are much smaller than usual for the corresponding period of the day. Similar situations, that is, gaps only on some reports, may occur in a multi-amd installation when some AMD s were down or disconnected from the network. In the case when only one AMD is connected to the report server, communication problems do not cause data gaps. If the report server cannot communicate with the AMD, it will wait until the communication is restored and then will process all the data from the past. When there are multiple AMDs connected to the report server and there is a break in communication with only some of them, the report server processes the data from the available AMDs, so in this case, gaps can appear on some reports. If it is a critical issue and your network (or its parts) require continuous monitoring and you cannot miss the data from some AMDs, you have to mark the AMDs as primary. In this case, the report server will wait until the communication with primary AMDs is restored, even if other AMDs are available. Gaps in charts on some reports in multi-amd installations may be caused by unsynchronized AMDs. The reason for that may be that if the report server sees a data file for a specific time period on one of the AMDs, it will wait only 30 seconds for data files covering the same period of time from other AMDs. The 30 seconds are the server's tolerance for time synchronization issues. To verify that this situation occurred, compare the clock readings from AMDs and then check the time synchronization settings (see The yellow triangle displays An AMD produces data stamped with a time from the future. What do I do? [p. 222]). 225

226 Appendix A Diagnostics and Troubleshooting It may happen that a part of data will be missing. This will result in a significant decrease of the aggregated data, used to render the chart bars. Note that this effect relates to metrics that are calculated as sums, for example, number of operations, number of errors, number of users, or bandwidth utilization. Charts showing the averages (RTT, loss rate, operation time) will not be affected. I see gaps on the log-term data chart reports. Why are the charts incomplete? The report server aggregates the data collected during the day into daily (and monthly) rollups. This is a scheduled process. If this process is not triggered, you will see gaps in the daily rollups. The most frequent reasons for missing rollups are: The report server was down in the night; report data generation starts at 12:10 AM local time and if the report server was down at that time, no aggregate data for long-term reports will be generated. The report server was overloaded and it took too much time for other crucial tasks; report data generation for long-term reports was canceled. You can always re-generate data for long-term reports. Open Control Panel by typing: in the Address field of the web browser and click Go, then select Regenerate Reports from the System Management section. I created a report that consists of several charts but it loads very slowly. How can I improve its performance? If you are using exactly the same set of dimensions and filters for every chart but would like to show different metrics on separate charts, there are two ways of improving such a report. In this example, it is assumed that you want a report that shows Client bytes, Server bytes, and Total bytes on separate charts for the HTTP analyzer. First, the simplest and recommended method, is to define one section that contains all these three metrics. Figure 34. Creating One Section with Three Metrics 226

227 Appendix A Diagnostics and Troubleshooting Open the Chart settings panel and from the single chart per list select Metric. If you are using metrics with different units, you can select the Metric unit option instead. For more information, see Displaying Multiple Charts in the Data Center Real User Monitoring Data Mining Interface (DMI) User Guide. The second method requires changes on the Subject Data and Result Display tabs. 1. For each report section (chart), create the same set of metrics. To do this, for each chart add metrics that are displayed on the other charts. Note that the order of metrics must be the same in every section. For example, each section must contain the Client bytes, Server bytes, and Total bytes metrics listed exactly in the same order. 2. Disable showing unnecessary metrics for each chart. Go to the Result Display tab and disable showing the redundant metrics. For example, for chart that is going to show only the Client bytes metric, disable showing the Server bytes and Total bytes metrics. Figure 35. Selecting Metrics to Display on a Chart Application performance and availability data is missing from the tabular reports. How can I fix this? The missing data manifests itself as zero or a hyphen. The most frequent reason for this situation is the incorrect setting of business hours and holidays. Inspect the business hours and holiday settings by choosing Settings Report Settings Business Hours. The following configuration screen shows the current settings. 227

228 Appendix A Diagnostics and Troubleshooting Figure 36. Business Hours Configuration Screen To collect performance data seven days per week, including non-business days and holidays, clear the Holidays check box and select the check boxes for weekend days. In addition, you can collect performance data in 24/7 mode, but be aware that this results in a higher database growth rate and a larger database. To enable collecting data all the time, open the Control Panel by opening the following page: In the Control Panel, click Advanced Properties Editor from the Configuration Management section. Set ONLY_BUSS_HOUR_REPORTING to OFF. To see whether your holiday definition is correct, click View Holidays. 228

229 Appendix A Diagnostics and Troubleshooting Figure 37. Defined Holidays Screen The list of holidays is hard-coded and the default set is for the USA. To select a set, click the Choose holiday definition list. To see the content of the selected set, click Preview. To store the newly selected set, click Save. Why are SQL queries in reports truncated even though full query logging is set on the AMD? By default, only the first 1024 bytes of a query are logged. This is sufficient in most cases to log full queries. However, if you deploy queries that are longer than 1024 characters, change the sql.query.length parameter in the rtm.config file. To edit this file: 229