it problems & problem management
TRANSCRIPT
Session Date & Time• Date: Wednesday, June 29, 2016
Time: 1100-1145Location: Tuscany Ballroom
• Bill Alderson responds to Information Technology high visibility, high stakes technical problems. Network outage, slowness, slow applications or disasters affecting government and commercial Information Technology Enterprise environments. ABC News told the story of how Bill and his team helped restore communications at the Pentagon immediately following 911. Bill assisted with six deployments to Iraq and Afghanistan requested by Army G2, Joint Chiefs and US Central Command diagnosing Biometrics and others critical systems. One of his missions is to help executives and technologists see both technical and leadership root causes that can be obviated through common sense best practices.
Bill Alderson Infographic Bio
• Deep packet analysis remains essential for definitive irrefutable diagnosis and optimization of complex systems. Bill demonstrates the tools, techniques and methods used to annotate complex technology findings so that technologists, managers, executives and vendors can agree on root cause. Once the problem is identified and agreed upon the true pinpoint mitigation can begin. The days of shotgun style "forklift wholesale upgrades" on everything have passed. We must optimize existing assets allowing them to perform well.
Bill has proven ability to optimize large scale networks and applications from experience in analyzing the Pentagon immediately following 911, analysis of Biometrics applications across Iraq and Afghanistan, numerous optimizations of Joint Chiefs of Staff and OSD network analysis. Experience from analysis of the largest 100 commercial enterprise networks such as Stock Exchanges, Financial, Insurance and Healthcare institutions will be demonstrated with annotated examples for CIO, Executives and top level technologists.
IT Critical Problem ResolutionTechnology and Psychology
“Swiss Army Knife” Portfolio of Tools
Select Well.Avoid SpendingOnly on “Suites”
All-in-one-toolsAlthough easier to “buy”
don’t solve many problems.They leave you “broke and broken”
with a gold plated toolset.
Optimization Troubleshooting Phases
Preparation & Setup
Analysis & Iteration
Reporting & Presentation
Problem Management
Down - Intermittent - Slow
Technical vs. Leadership Root Cause
The Needle
The Environment
Packet Traces
Store Every Packet? Who’s can and is going to analyze them and when?
Finding The Stack With The Problem
Finding The Needle
Measured at the Server
Fast TCP connect time. Fast Ack from F5 does not show true client response time which is why Apalytics provided Internet Monitoring.
1.4 second Get response is very slow which is why detailed platform and application analysis was performed.
The 2nd & 3rd Gets were fast at 1 millisecond proving some commands are fast.
CF Longest Requests
1,958,266ms = ~32 minutes from one request391,692ms = ~7 minutes
Page Analysis from the Internet DNS does not play a role in slowness. Connection time varies and at time approaches 200 milliseconds which can be at the platform, internet, network, load balancer or firewalls. Connection delay analysis will require multiple capture points to definitively pinpoint and should be considered when multi-point capture test points can be configured at the Security Tap devices. But that is not material for improvement of this application at this timeFirst byte time is the most concerning issue in the infrastructure. Last byte time is also a concern as it appears that platform TCP/IP stack services are slow to move data out onto the wire after the first byte has started. It may also be that platform improvements may improve both response times and output speed. Page load time is a composite of all elements of the page that must come together to provide the user with the visual page and the main context of the query. This too is concerning, but it is caused by the slowness of the individual components of the page as they add serially to the response time which are represented in the main concerns. An example of the total page would be small visual images and data making up the user interface view (i.e., logos) that are not part of a computational or lookup, but rather a static image that should be served rapidly by the server.
Network Intrinsic Application Analysis
Multi-tier Analysis
Multi-Tier Identification
Application Monitoring Design Phase
Multi-tier Macro vs. Micro
Event
Process
Net-Ser-Tr-Sw-Q
Security Auth
User ClickClientNetworkWebSvrNetworkAppSrvNetworkSQLSvrNetworkAppSvrNetworkMainframeNetworkAppSvrNetworkWebSvrNetworkClientUser Display UpdateMacro Response
Time
Micro Response Time
HTTP Post from client
Web1 Middlewa
re 155ms
HTTP / SQL Multi-tier 1
Back to clientWith HTTP
SQL Calls completeQuery and returns Rows to Web1
SQL Calls finish .497SQL Call start -.231
SQL Resp Time =.266
Web1 Middleware
12ms
HTTP / SQL Multi-tier 2
Logon A is 72 milliseconds…
Logon B is 420 milliseconds!
Oracle Logon Slow
Micro-Analysis Phase
Web App I/F #1&2 SQL TransLogger MF#1 MF#2 Time Breakdown
TCP Satellite Retrans 3.5 Seconds
Processing Analysis
Packet Loss Analysis
Citrix Session Abort Signature “Chernobyl Packet”
The packet that evidenced a problem on a Citrix server. This pattern was used as a signature on the Infinistream Sniffers to find these problems until they were remediated.
Prior to this users were stuck in this cycle for hours.
Citrix User Filer Access Error Details
Blind vs. Pinpoint Upgrades
Blind Upgrade = Shotgun Approach = Forklift Upgrade
Root Cause Optimization
Definitive Root Cause Analysis Pinpoint Cause Measure ROI PotentialPinpoint Purchases Validate & Prove ROI Award Innovation
OptimizationRoot
Cause Analysis
IT Critical Problem ResolutionTechnology and Psychology