SSL Insight provides visibility into secure web transactions (HTTPS) and allows IT administrators to monitor all the secure web applications being served by the NetScaler ADC by providing integrated and real-time and historic monitoring of secure web transactions. With this visibility the administrator can assess following:
When SSL Analytics is enabled on a NetScaler instance, SSL statistics are recorded and logged for every SSL transaction. The statistics show the details of the SSL flow. Also, every successful connection is logged and displayed by NetScaler MAS Analytics.
SSL Insight provides the following critical information, which is displayed by NetScaler MAS Analytics:
For successful SSL connections, SSL appflow logging happens at the end of every transaction.
This document includes the following informaiton:
SSL Insight Metrics are included in Web Insight reports if you enable the following elements:
You can enable the Appflow feature either from NetScaler MAS or from each NetScaler instance.
To enable the AppFlow feature from NetScaler MAS
You cannot enable data collection on a virtual server if the operational state of the virtual server is other than UP.
To enable the AppFlow feature from the NetScaler command line
On a NetScaler instance, at the command prompt, type:
enable ns feature AppFlow
To enable the AppFlow feature by using the NetScaler GUI
In a NetScaler instance's GUI, navigate to Configuration > System > Settings, click Configure Advanced Features, and select AppFlow.
After you enable ULFD mode on the NetScaler instances on which the virtual servers are configured, the ULFD server streams the analytics data from the NetScaler instances to NetScaler MAS.
To enable ULFD mode by using the NetScaler command line
1. On the NetScaler instance, at the command prompt, type:
enable mode ulfd
2. Add the NetScaler MAS IP address as the ULFD server on the NetScaler instance by entering the following command:
add ulfd server <your_MAS_IP Address>
On each NetScaler instance, you have to enable some HTTP parameters to display SSL Insight records in NetScaler MAS.
To enable SSL Insight parameters from the NetScaler command line
At the command prompt, type:
set appflow param -httpDomain ENABLED -httpHost ENABLED -httpMethod ENABLED -httpUrl ENABLED -httpUserAgent ENABLED -httpContentType ENABLED
To enable SSL Insight parameters from the NetScaler configuration utility
SSL Insight metrics in NetScaler MAS provide a detailed view of the performance of the SSL transactions served by the NetScaler instances. You can view the SSL Insight metrics at the client, server, or application level, and the SSL success and failure transactions’ metrics. With the help of these metrics, you can analyze and optimize your NetScaler HTTPS settings and SSL-certificate settings, and track performance issues.
To monitor SSL Insight Metrics in NetScaler MAS
The pie charts display the metrics of all the applications, clients or servers.
4. To display details for a specific application, client, or server, click the corresponding value on the bar graph.
5. To View the Failed SSL transactions, on the SSL section, select the radio button on the SSL section.
The following use case describes how you can use SSL Insight to assess the usage of various SSL Parameters in applications, clients and servers, and improve security measures.
Consider that you have a set of applications that are using SSL transactions (HTTPS) for communication, and you have configured NetScaler MAS to monitor the SSL components. You might need to frequently review the applications so that you can focus first on the applications that need the most attention. The SSL insight dashboard provides a summary of various SSL parameters used by your applications over a time period of your choosing, and for a selected NetScaler device. They are:
In the following example, you can see list of clients (identified by their IP addresses) and the SSL hits per client. Also, at the right, you can view the SSL Parameters for all the clients.
To display SSL details for a client, select the client on the bar graph or in the table below the graph. In the following example, the selected client's transactions use an SHA1 SSL certificate and four major protocols: TSLv1.2, TSLv1.1, TSLv1, and SSLv3. You can also see that ciphers of various strengths were negotiated. The color code indicates the strength of the SSL protocol, which gives you information about weak ciphers and strong ciphers.
Similarly, to view the information about the failed SSL transactions, select the radio button on the SSL section. SSL Frontend and Backend failures are displayed separately in two pie charts. In the following example, you can view that the major Backend SSL errors are Handshake failures and major Frontend SSL errors are Illegal parameters.