observeit technical training n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
ObserveIT Technical Training PowerPoint Presentation
Download Presentation
ObserveIT Technical Training

Loading in 2 Seconds...

play fullscreen
1 / 155

ObserveIT Technical Training - PowerPoint PPT Presentation


  • 1499 Views
  • Uploaded on

ObserveIT Technical Training. Ilan Sharoni Director Technical Sales/Pre Sales ilan@observeit.com. Introduction. Agenda. ObserveIT Architecture “One Click” Installation (+Unix Installation) Configuring ObserveIT Basic Use Cases ObserveIT Deployment Scenarios.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

ObserveIT Technical Training


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    1. ObserveIT Technical Training Ilan Sharoni Director Technical Sales/Pre Sales ilan@observeit.com

    2. Introduction

    3. Agenda • ObserveIT Architecture • “One Click” Installation (+Unix Installation) • Configuring ObserveIT • Basic Use Cases • ObserveIT Deployment Scenarios

    4. Lab setup – Course Specific • Each student runs VMware Workstation • 1 VM running Microsoft Windows Server 2008 R2 • Active Directory • Microsoft SQL Server 2008 Express • ObserveIT latest version binaries • Reseller license file • 1 VM running CentOS • 1 VM running Ubuntu (Optional)

    5. WHAT IS OBSERVEIT • Platform for User Activity Monitoring. • Acts like a security camera on your servers • Helps meet the compliance and security challenges • ObserveIT captures all activity, even for applications that do not produce their own internal logs. • Identity Theft Detection • Shared Account handling • Key Logger

    6. ObserveIT Architecture

    7. ObserveIT Architecture • client/server • scalable • distributable software application. It consists of four components: • ObserveIT Agent (s) • ObserveIT Application Server (s) • ObserveIT Web Management Console • ObserveIT Database Server ObserveIT Agent Application Server Web Console Database Server ObserveIT Admin

    8. ObserveIT Agent - Recording • Record user activity (Meta Data + Screen Capture) • Runs on Windows and Unix • Send recorded information to “ObserveIT Application Server” • Recording is based on “Recording Policy” ObserveIT Agent Application Server Web Console Database Server ObserveIT Admin

    9. ObserveIT Application Server • Manage multiple Agents • Receives user activity information from Agent • Stores record data in centralized database (sql server or filesystem) ObserveIT Agent Application Server Web Console Database Server ObserveIT Admin

    10. ObserveIT Web Console • IIS Web application • Main Features: • view stored sessions • Configure “Recording” Policy • Configure “Access Control” Policy ObserveIT Agent Application Server Web Console Database Server ObserveIT Admin

    11. ObserveIT Databases • Support Both Microsoft SQL Server databases and Filesystem storage • Data is secured and digitally signedand encrypted • Data can be archived

    12. Supported Platforms - Agents • Windows : • Windows 2000 - 2008 Server • Vista, XP, Windows 7 • Unix • Solaris 10 u4-u10 • RHEL CentOS 5.4,5.5,5.6, 6.x • Ubuntu 10.0.4 • AIX 5.3

    13. Supported Platforms Application Server • Windows 2003 Server • Windows 2008 Server • .NET 2.0 • IIS 6.0 or 7.0

    14. ObserveIT –Demo(The instructor will do a 30 minutes demo of the product)

    15. ObserveIT –“One Click” Installation

    16. Installing ObserveIT • The "One Click" installation method is the easiest way to deploy ObserveIT • If needed, each of the ObserveIT components can be installed separately as part of a custom installation • Installation order: • Database creation • Web Management Console server • Application server • Windows Agents

    17. “One Click” Installation • To run the ObserveIT “One Click” installer, run the Setup.exefile. • In the main installation screen there are 3 separate configuration sections: • SQL Server settings • Web applications (Web Management console and Application server) settings • Licensing • Installation will also install an Agent locally.

    18. Database The following databases will be created • ObserveIT • ObserveIT_Data • ObserveIT_Archive_1 • ObserveIT_Archive_template The following user will be creates: ObserveITUser (do not delete or change the password !!)

    19. Hands on • VM Setup and ObserveIT “One Click” installation • Follow Student Guide sections 1 – introduction 2 - Prerequisites & System Requirements 3 - One-Click Installation 5.11 – Installation ObserveIT Agent on CentOS 5.12 – Installation ObserveIT Agent on Ubuntu Length: 45 minutes

    20. Configuring ObserveIT • Presentation: “ObserveIT_user_Training_guide__Configuring_ObserveIT_<date>.PPT”

    21. Recording and Web Console Usage - Basic Use Cases

    22. Logging on to the Web Console • Use the following URL to connect to the ObserveIT Web Management Console: • http://servername:4884/ObserveIT • If this is your first time using the ObserveIT Web Management Console, you will be prompted to change the default "Admin" password.

    23. The ObserveIT Web Console – Sessions browser • Areas to replay sessions and study the recorded data: • Server Diary • User Diary • Search • Reports

    24. Windows User Activity recording • Agent will record users and applications that are specified in the recording policy • Only user activity is recorded • User Idle time is not recorded – Movie, script • Video Analysis contains “Windows Tile” and “Application Name”

    25. Unix User Activity recording • Agent will record users that are specified in the recording policy • All SSH in/out is recorded (not related to user activity) • Idle time – relevant for session timeout only. • Video Analysis contains “System Calls” and “Function Calls”

    26. The trainer will show demo of the : • reports • search

    27. Hands on • Basic use cases • Follow Student Guide section : 4. Basic Use Cases 4. 1 Simulating User Activity 4.2 Auditing the User Activity 5.13 Simulate User Activity on Unix 5.14 View Linux Recorded Session Length: 60 minutes

    28. ObserveIT Deployment Scenarios

    29. ObserveIT Deployment Scenarios • A typical ObserveIT installation consists of multiple monitored servers (or Agents), each installed on a separate physical or virtual Windows-based or Unix-based operating system. • There are 4 typical types of deployment scenarios: • Small deployment • Medium to large deployment • High-Availability deployment • Terminal/Citrix Remote Access gateway deployment

    30. Small Deployment • Less than 100 servers • 5-10 administrators in a single data center. • The Application and the Web Management Servers will be installed on the same platform • Database Server can be installed on the same platform (“All in one”).

    31. Small Deployment Agent HTTP Traffic HTTP Traffic Agent “All in one” Database Server Application Server Web Console ObserveIT Admin Agent

    32. Medium to Large Deployment • 100-1000 Servers • Application Server + Web Console on same machine • Microsoft SQL Server on separated machine • If needed, customer’s existing SQL Server can be used, or a new instance can be created. • ObserveIT Events, Metadata and Configuration are stored in SQL Server • Screens/Slides stored on File System

    33. Medium to Large Deployment Agent HTTP Traffic SQL Traffic Agent Application Server Web Console Database Server HTTP Traffic RAID network File System Agent ObserveIT Admin

    34. High Availability Deployment • Multiple Application Servers • Using “Load Balancer” or “Round Robin” • Cluster-based implementation of Microsoft SQL Server. • SQL Server will most likely be using a dedicated storage device. • ObserveIT recorded videos will be saved on RIAD Shared network device

    35. High Availability Deployment DNS Records: oitsrv A 192.168.100.11 oitsrv A 192.168.100.12 Round Robin enabled and record cache set to 0 DNS Server Agent SQL 192.168.100.11 Active Application Server 1 SQL Traffic SQL Agent HTTP Traffic 192.168.100.12 Active Application Server 2 MS SQL Failover Cluster Agent

    36. High Availability Deployment DNS Records: oitsrv A 192.168.100.10 *Offline Mode enabled DNS Server Agent SQL Active Application Server 1 HTTP Traffic SQL Traffic 192.168.100.10 SQL Agent Active Application Server 2 MS SQL Failover Cluster Load Balancing Cluster Agent RAID network File System

    37. TS/Citrix Remote Access Gateway Deployment • Remote connections will connect to the Terminal Server(s) or Citrix Server(s). • On these machines, only the applications required for the remote users' workwill be published. • The ObserveIT Agent will be installed on the Terminal Server(s) or Citrix Server(s), capturing all remote sessions on these machines. • Visual recording will be available for all the remote users' actions. • Less Metadata will be available for the recorded sessions.

    38. Gateway Jump-Server Deployment PuTTY MSTSC Corporate Servers(no agent installed) Corporate Desktops (no agent installed) Corporate Servers (no agent installed) SSH GatewayServer ObserveIT Agent Internet Remote and local users ObserveIT Management Server

    39. Hybrid Deployment PuTTY MSTSC Corporate Servers(no agent installed) Corporate Desktops (no agent installed) Sensitive production servers (agent installed) SSH GatewayServer ObserveIT Agent Internet Remote and local users Direct login (not via gateway) ObserveIT Management Server

    40. PUPM Active-X architecture PUPM Server 10.2.56.78 User desktop Machine 10.2.56.74 Login to this machine only Machine “17” is in “My Privileged Accounts” list in the PUPM server RDP to 10.2.3.17 ObserveIT Agengt CAB Transfer OIT Server 10.2.56.76 Contains the installation CAB DimaW2003 machine 10.2.3.17

    41. Integration with Active Directory Authentication requirement: • Web Console user authentication • Secondary Identification Data query requirement : • Identity theft (email to user) • One Time password (sms to users phone)

    42. Integration with Active Directory LDAP Traffic (TCP 389) Windows Server 2003/2008 Domain Controller Agent HTTP Traffic SQL Traffic Agent Application Server Web Console Database Server HTTP Traffic Agent ObserveIT Admin

    43. About ObserveIT components

    44. The ObserveIT Components • ObserveIT Agent • Windows Agent • Unix / Linux Agent • ObserveIT Server-side components • Application Server • Web Management Console • Database

    45. About each componentObsreveIT Agent

    46. ObserveIT Agent • The ObserveIT Agent is installed on all systems which require monitoring. • There are 2 versions of the Agent: • Windows version – runs on all versions of Microsoft Windows operating systems (32 and 64-bit) • Unix/Linux version – runs on several versions of Unix/Linux (32 and 64-bit)

    47. The Windows Agent • The ObserveIT Agent is a software component that is installed on any Windows-based operating system (servers and desktop versions) that you wish to record. • The ObserveIT Agent is a user-mode executable that binds to every Desktop User Session. • It can be installed on any version of Windows, starting from NT 4.0 up to Windows 7 and Windows Server 2008 R2. • Supports: • 32-bit machine • 64-bit machine

    48. The Windows Agent – Minimum System Requirements

    49. The Windows Agent – Capturing Data • As soon as a user creates a session on a monitored server, the Agent is started and begins recording – based upon a pre-determined recording policy. • The ObserveIT Agent is triggered by user activities such as keyboard and mouse events. • Idle time – when a user is reading, or inactive – is not recorded. • When triggered, the Agent performs a screen capture. • At the same moment it captures textual metadataof what is seen on the screen (window title, executable name, date, time, user name, etc.).

    50. The Agent – Offline Mode (Windows+Unix) • The ObserveIT Agent can be configured to allow offline caching of recorded data. • This is useful in the event of network malfunctions or disconnection, and for NLB scenarios. • When network connectivity is reestablished, the Agent transmits the locally cached data back to the Application Server. • In order not to fill the local disk, by default, the local cache holds 1000 screenshots. This number is configurable.