WO2019046915A1

WO2019046915A1 - System for monitoring data traffic and analysing the performance and usage of a communications network and of information technology systems using this network

Info

Publication number: WO2019046915A1
Application number: PCT/BR2017/050353
Authority: WO
Inventors: José Rodrigues
Original assignee: Zerum Research And Technology Do Brasil Ltda
Priority date: 2017-09-11
Filing date: 2017-11-22
Publication date: 2019-03-14
Also published as: BR202017019310U2

Abstract

The present application for a utility model patent is characterized by an improvement made to a set of appliances (A), this being a combination of hardware and software (A), constituted by an ethernet packet (1); network packet analysis (2); data preparation (3); search engine (4); data analyser (5); database (6); web platform (7); asynchronous tasks (8); database (9); developed for the purpose of capturing, reconstructing and indexing transactions in diverse protocols, which consists in the analysis of system performance, forensic analysis, analysis of anomalies and security breaches, analysis of the usage and operation of systems, and analysis of network usage, in which transactions are structured and provided on a web interface.

Description

SYSTEM FOR THE MONITORING OF DATA TRAFFIC AND ANALYSIS OF PERFORMANCE AND USE OF A COMMUNICATIONS NETWORK AND TECHNOLOGY SYSTEMS

INFORMATION USING THIS NETWORK

1. BRIEF INTRODUCTION: This application relates to the Model

Utility, to an improvement introduced in the set of appliances, notably a combination of hardware and software, capable of capturing, reconstructing and indexing transactions in several protocols, whose function consists basically in the analysis of system performance; forensic analysis; analysis of safety anomalies and breaches; analysis of the use and operation of systems; analysis of network usage.

2. In turn, the transactions are structured and made available in a Web interface that displays them intuitively, allowing the creation of alarms and customized screens to attend to each event.

3. This improvement is fundamentally characterized by the most practical, fast and secure way in data control and management, with unique, exclusive and innovative functional aspects, differing from the usual and traditionally known models.

4. FIELD OF APPLICATION: The product was developed from the highest technology, with the purpose of supplying deficiencies, alleviating difficulties and solving problems previously encountered by users in the sector, more specifically, the information technology (IT) sector.

5. CHARACTERISTICS AND FUNCTIONALITY: This improvement consists of two distinct appliances, currently called WDC and WDA. The first one has the function of capturing Ethernet network traffic; recognize data streams;

rebuild transactions and export information in text form; while the second has the function of collecting the information exported by the WDC, storing them, indexing them and allowing processes to analyze that information to be executed, with the lowest possible latency.

6. The WDA functions as a cluster and can store large amounts of information, without supply interval or power in the system, with the use of several similar devices in parallel.

7. The present improvement is essential to carry out its functions adequately, being: - Ethernet packets - Ethernet network packets mirrored from the network segments to be monitored;

- Network Packet Analysis - Network packet analysis, ETL (Extract, Transform and Load) processes of the metadata of the transactions in the application layer and search in the content;

- Data preparation: Processes of data aggregation, queuing of events for indexing and indexing extracted data;

- Search Engine: Scalable real-time textual search engine for unstructured data to analyze extracted data;

- Web Platform: Application platform for visualization, analysis, manipulation and management of collected data.

8. Platform applications also allow the creation of alarms (Transaction Performance, Network Usage, Network Errors) and Appliance Execution parameter management: Thresholds configuration, Network Mastering and Application Master.

9. Asynchronous Tasks: Processes for managing tasks execution, such as: Alerts registered, Aggregation of data, Sending of notification by email, Storage of execution results.

10. INNOVATION: In general terms, this product represents an improvement in the ability to structure the selected data (eg HTTP header) and calculated (such as server response time) in text (JSON files) of captured transactions directly from Ethernet network; 2) store and index the information collected in search server that allows the rapid retrieval of information history; 3) visualization of the information in graphs and intuitive tables and creation of customized dashboards.

11. Its use will result in numerous benefits to the consumer, among them we highlight the possibility of detecting failures in applications and infrastructure; detect performance problems in applications, databases, storage systems, webservices; perform forensics analysis.

12. In addition, the product also provides broad visibility into all transactions performed on user systems, helping to possible problems in the IT operation, thus allowing the repair in less time and with less impact for system users, with an increasingly responsive response time.

13. DESCRIPTION OF THE STATE OF THE TECHNIQUE: During the development of this product, numerous researches were carried out to identify the existence of possible antecedents or related products. Such surveys, however, did not point to the existence of any other product with the same preponderant or functional technical characteristics.

14. Of course, you are fully aware of the existence of other products on the market that present their respective functions, as we will see in the following cases: Fluke Truview, Extrahop and Riverbed Steelcenter, which, despite collecting and rebuilding information directly from the network , these systems are not able to make the data available in a text search system (structured searches only, with predefined fields).

15. From the technical point of view, when comparing the particularities of the respective products (although they belong to the same owner), both present significant differences in their handling, operation and functionality.

16. Given this need and commercial opportunity, the product was created, more precisely a set of appliances developed to capture, reconstruct and index various transactions, structured and made available in a Web interface that displays them in an intuitive way, allowing the creation of alarms and custom screens, and is therefore a unique product, which will certainly be a great differential for this segment that has been growing exponentially day after day and with an increasingly demanding target audience.

17. FIGURES: For a clear and objective understanding of the arrangements applied in the present improvement, a flow chart of data will be presented in a demonstrative manner, with references to the following report.

FIGURE 1 illustrates the data flow diagram (A), indicating ethemet Package (1); Network packet analysis (2); Preparation of data (3); Search engine (4); Data analyzer (5); Database (6); Web platform (7); Asynchronous tasks (8); Database (9) · 19. The present application is now more fully described with reference to the accompanying diagram, wherein an illustrated embodiment of the present improvement is shown in sequence.

20. It should be pointed out that the above-mentioned data flow diagram illustrates this in a demonstrative and non-restrictive manner, the conception of which may vary in its technical characteristics, without departing logically, from the principal spouse whose protection is claimed.

21. Therefore, in accordance with Article 9 ^of the Industrial Property Law No. 9,279 / 96 and for all aspects in this report, the object of this patent application is worthy of protection as a utility model, which we hereby pleiteia

Claims

1. A utility model patent application is characterized by a combination of hardware and software and appliances (A) to capture, reconstruct and index transactions to promote system performance analysis , forensic analysis, analysis of anomalies and breaches of security, analysis of the use and operation of systems network usage analysis, consisting of ethemet Package (1); Network packet analysis (2); Preparation of data (3); Search engine (4); Data analyzer (5); Database (6); Web platform (7); Asynchronous tasks (8); Database (9);

2. IMPROVEMENT INTRODUCED IN A SET OF APPLIANCES - The said element (A) is characterized by two appliances, with the function of capturing Ethernet network traffic; recognize data streams; rebuild transactions and export information in text form; and the function of collecting the information exported by the WDC, storing them, indexing them and allowing the analysis processes to be executed;

3. PERFORMANCE INTRODUCED INTO A SET OF APPLIANCES - Characterized by text structure, the selected and calculated data of transactions captured directly from the Ethernet network;

4. PERFORMANCE INTRODUCED IN A SET OF APPLIANCES - Characterized by storing and indexing the information collected in a search server that allows the retrieval of information history;

5. IMPROVEMENT IN APPLIANCES - Characterized by the visualization of the information in graphs and intuitive tables and creation of customized dashboards.