TIBCO - VPN Remote Work Insights for Cisco ASA

By:
Last updated:
10:09am Jul 30, 2020

 


Back to HomePage

TIBCO LogLogic® provides the industry's first enterprise class, end-to-end log and machine data management solution. Using LogLogic log management solutions, organizations can analyze and archive network log data for the purpose of compliance and legal protection, decision support for network security remediation, and increased network performance and improved availability of systems across the organization.


This Article provides instructions on how to leverage the power of LogLogic’s Operational Intelligence solution for aggregating and surfacing deep insights from your infrastructure. Then augment that data in TIBCO Spotfire to get visual insights on how the infrastructure is behaving using visual insights and geolocation

Pre-requisites

With COVID-19 shifting global organizations to work remotely, leaders need to be sure their people are connected and productive.

As well as being able to understand how the increase in loads do to a now mostly remote workforce is affecting the remote connectivity infrastructure.

Company’s need to be sure that there is no loss in quality of service (QoS) for employees and that any early indicators to a loss in QoS can be quickly deified.

In this article we will examine how TIBCO’s VPN Remote Work Insights (VRWI) for Cisco ASA helps tackle the challenges presented by a rapidly growing remote workforce. By helping to answer some basic questions faced by all IT organizations and leaders.

  • Is our remote workforce connected?
  • Who is connecting and from where?
  • Is our remote connectivity infrastructure stable?

To get insight into these questions, we look at:

  • VPN usage as an indicator of connectivity
  • VPN Concentrator access as an indicator of who has access and from where
  • VPN usage by VPN Concentrator as an indicator of load per region/concentrator

This executive dashboard gives insights into remote work metrics that address these questions, both in terms of real-time use as well as trends over time so we can have context for the new normal.

vrwi exec dash

The first row provides real-time information on the number of workers connected via VPN, real-time number of active VPN sessions and success / failure rates.

The second row shows aggregated daily statistics over time for these same mission-critical indicators: number of VPN logins, number of connected VPN users per country by Concentrator

The bottom of the panel shows VPN connectivity counts by geographic location and average session duration by country. Sudden drops during working hours may indicate connectivity issues.

You also have the ability to drill down into more detailed dashboards for each of these services, as shown below for VPN User and Session Activity.

users_lst_24hrs.png

sessions_last_24hr.png

 

Deploying TIBCO VPN Remote Work Insights for Cisco ASA

Pre-requisites

    • TIBCO Spotfire® Analyst 10.8 (does not work right now with Web Player due to a Spotfire limitation)
    • Administrator rights to run PowerShell commands on Active Directory are required
    • Share location for output file which Spotfire can access
    • Contains Spotfire dxp

Preliminary steps 

Deploy the required Spotfire Plugins/packages

  1. LMI Data Source for TIBCO Spotfire installed on the Spotfire Server
  2. TIBCO LogLogic® Geolocation Toolkit for TIBCO Spotfire®

Deploy the required LogLogic packages

Deploy Active Directory User Export

  1. Download the tib-powershell-aduser-1.0.0.zip package and extract the dcExport.ps1 PowerShell script
  2. Edit the dcExport.ps1 script and update the output file PATH c:\ADusers3.csv to a location which your Spotfire instance can access it. For example, a shared folder.
Note: Please be sure to note down the location of the output file, you will need to update the links in the data table within Spotfire to the new location  
 
  3. Open a PowerShell Console and navigate the location of dcExport.ps1
  4. Execute the script: ./dcExport.ps1
  5. Confirm that the ADusers3.csv output file was created
 

Deploying TIBCO VPN Remote Work Insights for Cisco ASA package

  1. Download the tib-spotfire-vrwi-1.0.2.zip and extract the dxp package
  2. Open the tibco_cisco_asa_vpn_rwi_v1.0.2.dxp  package within the Spotfire Analyst
  3. Browse to the Data Canvas an select Active Directory Users Info from the data table list

Data Canvas 1

   4. Select the ADusers3.csv data table from the canvas and then in the lower right select the three dots to edit the table
   5. Select Replace data source and Browse local file… and select your output file from the location noted in the Deploy Active Directory User Export step.
 

Data Canvas 2

    6. In the Import Settings for ‘ADusers3.csv’ screen change the row type for the #TYPE Microsoft… row in the data preview to Ignore
    7. For the Row which has the column headers change the row type to Name row
 

Data Canvis 3

    8. Select OK
    9. Then OK again in the Replace data source in … screen


Data Canvas 4
 

    10. You should now see data in the lower right of the canvas

Data Canvas 4

 

    11. Now unselect the data caves to return to the reports

Additional Information

This error is seen when no results are returned from the queries in the data tables under the data canvas. You should confirm on your LMI that the data model is returning data from Advanced Search

Import Error

 

Example query:

use ciscoASA_VPN | ll_eventID in ('ASA-6-113004', 'ASA-6-113005') | USE ciscoASA_VPN | group by sys_collectIP ,sys_device ,ll_eventID ,duration_hours ,ll_bytesReceived ,ll_bytesSent ,ll_duration ,ll_group ,ll_sourceIP ,ll_sourceUser ,ll_targetIP ,ll_type ,ll_clientIP ,ll_reason ,tunnelGroup ,ll_eventStatus ,weeks(sys_eventTime) | sys_eventTime in -1


Additional Resources

To learn more about how to use Advanced Data Models and Advanced Search please refer to our documentation at https://docs.tibco.com/products/tibco-loglogic-log-management-intelligence-6-3-0

If there are any general questions regarding the use of these Data Models please post your questions to https://community.tibco.com/answers/product/701891 and for issues that require a support case please open a case with us at https://support.tibco.com

For data models refer to: https://docs.tibco.com/pub/loglmi/6.3.0/doc/html/GUID-20A0508D-EC40-4946-BCD4-621E2C909E06.html

For advanced search refer to: https://docs.tibco.com/pub/loglmi/6.3.0/doc/html/GUID-57BAD002-A765-4B97-8148-0F75A09D1141.html

Attachments

AttachmentSize
Image icon users_lst_24hrs.png245.7 KB
Image icon sessions_last_24hr.png199.58 KB
Image icon dc1.png159.35 KB
Image icon dc2.png145.54 KB
Image icon dc3.png323.65 KB
Image icon dc4.png133.99 KB
Image icon dc5.png26.37 KB
Image icon import-error.png27.39 KB
Package icon tib-powershell-aduser-1.0.0.zip452 bytes
Package icon tib-spotfire-vrwi-1.0.2.zip18.05 MB
Image icon vrwi_-_exec_dash-2.png731.12 KB