Configure and Deploy Application Metadata Intelligence

Application Metadata Intelligence allows you to export metadata from applications that are detected in the network traffic. The records can be exported to a collector either in IPFIX or CEF format through the IP interface or the management interface or as JSON to the AMX application.

Application Metadata Intelligence generates up to 6000 attributes for more than 4000 applications without impacting the users, devices, applications, or the network appliances. The feature identifies applications even when the traffic is encrypted. Refer to Application Metadata Intelligence for more details.

Refer to the following content for more detailed information and step-by-step instructions on how to configure and deploy the Application Metadata Intelligence application to use with Gigamon Glimpse.

Important - Recommended Tool Template

When configuring Application Metadata Intelligence application for Gigamon Glimpse, use the recommended JSON template when configuring Exporters. You can download the JSON template from Gigamon software portal. Follow the steps given below to import the JSON file:

1.   Download the Glimpse_AMI_Template_V1.json file and save in your local folder.
2. In GigaVUE-FM, on the left navigation pane, go to >Resources > Tool Templates.

You can view two system-defined templates by default.

3. Click Import. The Import a New Tool Template wizard appears.
4. Provide a name for the new tool template.
5. In the Browse Import File field, click Choose File and select the downloaded JSON file from the local folder.
6. Click Import.

Application Metadata Intelligence (AMI) can be configured on GigaVUE V Series or GigaVUE H Series device. Refer to the following sections:

Configure Application Metadata Intelligence for Virtual Environment

To add AMI application:

1.   Go to Traffic > Virtual > Orchestrated Flows and select your cloud platform. The Monitoring Session page appears.

Note:  Ensure to create separate Monitoring Domains and Monitoring Sessions for Application Metadata Exporter (AMX) and Application Metadata Intelligence (AMI). Even when AMI is deployed virtually, it operates independently and requires its own Monitoring Session.

2. After creating a new Monitoring Session or on an existing Monitoring Session, navigate to the TRAFFIC PROCESSING tab. The GigaVUE-FM Monitoring Session canvas page appears.
3. In the canvas, click the icon on the left side of the page to view the traffic processing elements. Drag and drop Application Metadata from APPLICATIONS to the graphical workspace. The application quick view appears.
4. In the General tab, enter the Name for the application.
5. In the Exporters tab, choose the tool template.
o   For default templates, refer to Create Custom Tool Templates.
o   For recommended tool template for Gigamon Glimpse, refer to Important - Recommended Tool Template.
6. All other configuration values can remain unchanged with the default settings. If you want to change the default settings, refer to Configure Application Metadata Intelligence for Virtual Environment.
7. Click Save.

After configuring the Application Metadata Intelligence, follow the below steps to create an egress tunnel:

1.   In the canvas page, select New > New Tunnel, drag and drop a new tunnel template to the workspace. The Add Tunnel Spec quick view appears.
2. Enter the Alias, Description, and select UDP in the Type field.
3. Enter the MTU value.
4. L4 Destination IP Address - Enter the IP address of the tool port. If using Application Metadata Exporter (AMX), enter the data subnet IP address of the V Series Node where AMX application is deployed. Refer to Application Metadata Exporter for details.
5. Source L4 Port - The port from which the connection will be established to the target. For example, if A is the source and B is the destination, this port value belongs to A.
6. Destination L4 Port - The port to which the connection will be established from the source. For example, if A is the source and B is the destination, this port value belongs to B. The destination port must match the AMX ingestor port number to ensure seamless data forwarding from AMI to AMX. To enable AMI to export metadata in CEF format, ensure that the default destination port (514) is retained.

To deploy the configured Application Metadata Intelligence, follow the below steps:

1.   On the Monitoring Session canvas page, click Deploy from the Actions menu to deploy the Monitoring Session. The status is displayed as Success in the Monitoring Sessions page. The session is successfully deployed on the V Series Node.
2. You can view the Monitoring Session Deployment Report in the SOURCES and V SERIES NODES tab. When you click on the Status link, the Deployment Report is displayed. If the Monitoring Session is not deployed properly, then one of the following errors is displayed in the Status column.
o   Success—The session is not deployed on one or more instances due to V Series Node failure.
o   Failure—The session is not deployed on any of the V Series Nodes or Instances.

Configure Application Metadata Intelligence for Physical Environment

To create an Application Intelligence Session:

1.   On the left navigation pane, select Traffic > Solutions > Application Intelligence.
2. Click Create New. The Create Application Intelligence Session page appears.

Note:   If the Create button is disabled, check whether a valid license for Application Metadata Intelligence or Application Filtering Intelligence is available.

3. In the Basic Info section complete the following:
o   Enter the name and description.
o   Select the required node.
4. In the Configurations section, enter the name and description.
5. Select a GigaSMART Group. You can also choose to create a new GigaSMART Group.
6. In the Source Traffic section, select a source port that require application monitoring in the Source ports field. Source port can be a single port, multiple ports, or port groups.

Note:   Ports already used as source ports in the intent-based orchestrated solution will not be listed in the drop-down.

7. All other configuration values can remain unchanged with the default settings. If you want to change the default settings, refer to Create an Application Intelligence Session in Physical Environment.
8. Click Save. The session created will be added in the list view.
9. On the Application Intelligence page, select the created session. Click Edit from the Actions menu to perform operations related to Application Metadata.
10. On the Edit Application Intelligence Session page, navigate to Application Metadata.
11. In Destination Traffic field, to add an exporter, click + Add New and enter the following information:
a. Tool Name - Enter the name of the tool to which you want to export the application-specific metadata.
b. IP Interface - Select the IP interface through which the GigaVUE‑FM needs to export the application-specific metadata to the tools. You can select either IPv4 or IPv6 interface.
c. Tool IP Address - Enter the IP address of the tool to which you want to export the application-specific metadata. You can provide either IPv4 or IPv6 address.
d. Tool Template - Select the recommended tool template for Gigamon Glimpse. Refer to Important - Recommended Tool Template.
e. Destination L4 Port - The port to which the connection will be established from the source. For example, if A is the source and B is the destination, this port value belongs to B. The destination port must match the AMX ingestor port number to ensure seamless data forwarding from AMI to AMX. To enable AMI to export metadata in CEF format, ensure that the default destination port (514) is retained.
12. All other configuration values can remain unchanged with the default settings. If you want to change the default settings, refer to Create Application Metadata Intelligence for Physical Environment.
13. Click Save.