The financial services industry has led the way in network security and data encryption, but it also relies on frequent transactions that need to go through no matter what. Troubleshooting financial services applications can be difficult because it means having visibility into traffic that’s usually encrypted.
Riverbed’s Network Performance solution can decrypt certain types of traffic giving network operators the visibility they need to troubleshoot problems quickly. AppResponse, part of our Unified NPM suite, focuses on application performance monitoring and provides continuous full-fidelity packet capture of targeted applications. With AppResponse, no data is lost.
Network visibility derived from a completely reliable packet capture is very powerful, but AppResponse can go further by decrypting certain PFS, SSL, and TLS traffic. This gives network operators the ability to troubleshoot problems with traffic that they would otherwise be blind to.
Decrypting Application Traffic
First, IT provides the private server key to AppResponse. We can then intercept the session key and decrypt certain non-PFS traffic in real-time. And though using non-PFS is actively discouraged today, it’s still commonly used in enterprise environments.
Next, to decrypt traffic that does use PFS, AppResponse exposes an API that allows an external entity such as an SSL proxy to send ephemeral keys to it. Typically, this means deploying software agents to Linux and Windows systems, which then send their private server keys to AppResponse. We can also run a relatively simple script on an F5 load balancer to send the necessary keys.
AppResponse isn’t able to decrypt all public web traffic, but for internal applications it can see what’s happening with encrypted traffic on a transaction-by-transaction basis. Whether the issue is with the network, the server environment, or the end-user’s client, AppResponse can provide granular visibility into every component of an IP conversation.
Finding Correlation with AppResponse
When we open AppResponse, we start with a view of all traffic. We can locate our applications on the list in the lower left of the page, or we can open the Insights menu and select Applications there.
If AppResponse has the API key and/or server key, it will be able to show a network operator details for a secure application with full fidelity and granularity. For example, notice in the image below that we can see the transaction metrics of encrypted application traffic including page times, payload transfer times, and server response times.
We can also visualize patterns in network activity, which is a great way to see if there’s a correlation between specific metrics and application behavior. We call this a TruePlot visualization and it can be modified to focus on specific metrics or date ranges.
Correlation is just a clue, though, so from AppResponse a network operator can select a single transaction and launch Transaction Analyzer, a companion tool that allows us to look at every single step in an IP conversation.
Going Deeper with Transaction Analyzer
Transaction Analyzer can look at specific protocols and applications to provide a readout of everything going on between two hosts. For example, a financial services organization experiencing slow application performance can start with AppResponse to identify the possible cause of the behavior. Then they can use Transaction Analyzer to drill down into the back-and-forth communication between the specific client and server. Look at the image below and notice how we easily can focus on one transaction.
Because AppResponse stores all of the packets captured when an application is in use, we can use Transaction Analyzer to get as granular as we need to. Transaction Analyzer works in real time, so we can also use it to take ad-hoc traces between any hosts in the network as the problem is happening.
Network security and data encryption are certainly important to the financial services industry, but so is the ability to resolve application performance problems as quickly as possible. Blind spots in network activity aren’t an option when every application transaction is money.
AppResponse and Transaction Analyzer, two foundational components of the Riverbed Unified Network Performance Management solution, provides IT the ability to troubleshoot encrypted application problems in real-time and keep the business moving.
Visit our content hub to learn more about our solutions for financial services organizations.