Identifying critical network and application entities

US 7,853,685 B1
Filed: 07/10/2006
Issued: 12/14/2010
Est. Priority Date: 07/10/2006
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of identifying critical entities in a computer network, the method comprising:

collecting network flow records for a predetermined period from a plurality of source devices;

applying, using a visualizer, a plurality of rules to a plurality of application-server pairs based upon the collected network flow records;

identifying, among the application-server pairs, one or more candidate application-server pairs that satisfy at least one of the plurality of rules during the predetermined period for each of the sources;

determining, using the visualizer, a global application-server list including the candidate application-server pairs identified across all of the sources;

adjusting, using the visualizer, importance levels assigned to the application-server pairs based upon said application-server pairs being included in the global application-server list;

repeating the steps of collecting network flow records, applying a plurality of rules, and identifying the candidate application-server pairs during a subsequent predetermined period;

determining another global application-server list based upon the candidate application-server pairs identified across all of the sources during the subsequent predetermined period; and

adjusting the importance levels assigned to the application-server pairs to a lower level if the application-server pairs are not included in said another global application-server list but are included in said global application-server list.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Critical servers are identified in a network, based upon network flow records collected from the network for a predetermined period. A plurality of rules are applied to application-server pairs based upon the collected network flow records to identify, among the application-server pairs, candidate application-server pairs that satisfy at least one of the plurality of rules during the predetermined period in excess of a predetermined number of times, in which case the application-server pair is identified as a candidate application-server pair. A global application-server list including application-server pairs identified across all of the sources is determined. A critical server list including servers corresponding to the global application-server list is generated. Various network mappings comprised of the servers in the critical server list are created, and network measures corresponding to the mappings are displayed.

Citations

21 Claims

1. A computer-implemented method of identifying critical entities in a computer network, the method comprising:
- collecting network flow records for a predetermined period from a plurality of source devices;
  
  applying, using a visualizer, a plurality of rules to a plurality of application-server pairs based upon the collected network flow records;
  
  identifying, among the application-server pairs, one or more candidate application-server pairs that satisfy at least one of the plurality of rules during the predetermined period for each of the sources;
  
  determining, using the visualizer, a global application-server list including the candidate application-server pairs identified across all of the sources;
  
  adjusting, using the visualizer, importance levels assigned to the application-server pairs based upon said application-server pairs being included in the global application-server list;
  
  repeating the steps of collecting network flow records, applying a plurality of rules, and identifying the candidate application-server pairs during a subsequent predetermined period;
  
  determining another global application-server list based upon the candidate application-server pairs identified across all of the sources during the subsequent predetermined period; and
  
  adjusting the importance levels assigned to the application-server pairs to a lower level if the application-server pairs are not included in said another global application-server list but are included in said global application-server list.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein applying a plurality of rules comprises determining whether each of the application-server pairs satisfies at least one of the plurality of rules in excess of a predetermined number of times during the predetermined period.
  - 3. The method of claim 1, wherein the rules comprise determining whether a total number of bytes of traffic coming into and going out of a server for an application exceeds a predetermined number of bytes, both the server and the application corresponding to one of the application-server pairs.
  - 4. The method of claim 1, wherein the rules comprise determining whether a total number of clients accessing a server for an application exceeds a predetermined number of clients, both the server and the application corresponding to one of the application-server pairs.
  - 5. The method of claim 1, wherein the rules comprise determining whether a percentage of application traffic for an application into a server out of a total application traffic for the application exceeds a predetermined percentage, both the server and the application corresponding to one of the application-server pairs.
  - 6. The method of claim 1, wherein adjusting the importance level comprises assigning high importance levels to the application-servers included in the global application-server list.
  - 7. The method of claim 1, further comprising:
    - generating a critical server list including the servers corresponding to one or more of the application-server pairs in the global application-server list;
      
      generating mappings comprised of all applications, only the servers in said critical server list, subnets, and a location; and
      
      displaying a plurality of network measures corresponding to the mappings.

8. A computer program product stored on a non-transitory storage module and adapted to perform a computer-implemented method of identifying critical entities in a computer network, the method comprising:
- collecting network flow records for a predetermined period from a plurality of sources;
  
  applying a plurality of rules to a plurality of application-server pairs based upon the collected network flow records;
  
  identifying, among the application-server pairs, one or more candidate application-server pairs that satisfy at least one of the plurality of rules during the predetermined period for each of the sources;
  
  determining a global application-server list including the candidate application-server pairs identified across all of the sources;
  
  adjusting importance levels assigned to the application-server pairs based upon said application-server pairs being included in the global application-server list; and
  
  repeating the steps of collecting network flow records, applying a plurality of rules, and identifying the candidate application-server pairs during a subsequent predetermined period;
  
  determining another global application-server list based upon the candidate application-server pairs identified across all of the sources during the subsequent predetermined period; and
  
  adjusting the importance levels assigned to the application-server pairs to a lower level if the application-server pairs are not included in said another global application-server list but are included in said global application-server list.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer program product of claim 8, wherein applying a plurality of rules comprises determining whether each of the application-server pairs satisfies at least one of the plurality of rules in excess of a predetermined number of times during the predetermined period.
  - 10. The computer program product of claim 8, wherein the rules comprise determining whether a total number of bytes of traffic coming into and going out of a server for an application exceeds a predetermined number of bytes, both the server and the application corresponding to one of the application-server pairs.
  - 11. The computer program product of claim 8, wherein the rules comprise determining whether a total number of clients accessing a server for an application exceeds a predetermined number of clients, both the server and the application corresponding to one of the application-server pairs.
  - 12. The computer program product of claim 8, wherein the rules comprise determining whether a percentage of application traffic for an application into a server out of a total application traffic for the application exceeds a predetermined percentage, both the server and the application corresponding to one of the application-server pairs.
  - 13. The computer program product of claim 8, wherein adjusting the importance level comprises assigning high importance levels to the application-servers included in the global application-server list.
  - 14. The computer program product of claim 8, wherein the method further comprises:
    - generating a critical server list including the servers corresponding to one or more of the application-server pairs in the global application-server list;
      
      generating mappings comprised of all applications, only the servers in said critical server list, subnets, and a location; and
      
      displaying a plurality of network measures corresponding to the mappings.

15. A system for identifying critical entities in a computer network, the system comprising:
- a processor;
  
  a storage module coupled to the processor, the storage module including instructions that when executed by the processor cause the processor to implement;
  
  a network flow record collection module for collecting network flow records for a predetermined period from a plurality of sources, the network flow record collection module repeats collecting network flow records during a subsequent predetermined period; and
  
  a critical network entity identification module for applying a plurality of rules to a plurality of application-server pairs based upon the collected network flow records, and identifying, among the application-server pairs, one or more candidate application-server pairs that satisfy at least one of the plurality of rules during the predetermined period for each of the sources, determining a global application-server list including the candidate application-server pairs identified across all of the sources, and adjusting importance levels assigned to the application-server pairs based upon said application-server pairs being included in the global application-server list;
  
  wherein the critical network entity identification module repeats applying the plurality of rules and identifying the candidate application-server pairs during the subsequent predetermined period; and
  
  the critical network entity identification module determines another global application-server list based upon the candidate application-server pairs identified across all of the sources during the subsequent predetermined period and adjusts the importance levels assigned to the application-server pairs to a lower level if the application-server pairs are not included in said another global application-server list but are included in said global application-server list.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The system of claim 15, wherein applying a plurality of rules comprises determining whether each of the application-server pairs satisfies at least one of the plurality of rules in excess of a predetermined number of times during the predetermined period.
  - 17. The system of claim 15, wherein the rules comprise determining whether a total number of bytes of traffic coming into and going out of a server for an application exceeds a predetermined number of bytes, both the server and the application corresponding to one of the application-server pairs.
  - 18. The system of claim 15, wherein the rules comprise determining whether a total number of clients accessing a server for an application exceeds a predetermined number of clients, both the server and the application corresponding to one of the application-server pairs.
  - 19. The system of claim 15, wherein the rules comprise determining whether a percentage of application traffic for an application into a server out of a total application traffic for the application exceeds a predetermined percentage, both the server and the application corresponding to one of the application-server pairs.
  - 20. The system of claim 15, wherein the critical network entity identification module adjusts the importance level by assigning high importance levels to the application-servers included in the global application-server list.
  - 21. The system of claim 15, wherein the critical network entity identification module generates a critical server list including the servers corresponding to one or more of the application-server pairs in the global application-server list, and the system further comprises:
    - a network mapping visualization module for generating mappingscomprised of all applications, only the servers in said critical server list, subnets, and a location and for displaying a plurality of network measures corresponding to the mappings.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NetScout Systems Incorporated
Original Assignee
Network General Technology
Inventors
Maturi, Mohan Kumar
Primary Examiner(s)
Najjar; Saleh
Assistant Examiner(s)
Kim; Edward J

Application Number

US11/484,482
Time in Patent Office

1,618 Days
Field of Search

709/224
US Class Current

709/224
CPC Class Codes

H04L 43/0876   Network utilisation, e.g. v...

H04L 67/025   for remote control or remot...

H04L 67/535   Tracking the activity of th...

H04L 67/63   Routing a service request d...

Identifying critical network and application entities

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Identifying critical network and application entities

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links