Adding application objects
Application objects are used to classify traffic on the network and are made up of layer 7 signatures or TCPTransmission Control Protocol/UDPUser Datagram Protocol port numbers and port ranges. Application classification can be used to monitor traffic or to create application-specific policy. There are many predefined applications on the appliance. You can add any applications that are not already in the list.
Applications can be created from various combinations of L7layer 7, the application layer of the OSI signatures, TCP/UDP port numbers or ranges, and network objecta logical definition created and stored in the Exinda lilbrary, can represent any network component. The following are valid combinations.
- Applications based on L7 signatures. For example, you can create an application for a particular website by selecting http, host, and entering the domain of the website.
- Applications based on L7 signature and TCP/UDP port numbers or ranges, which are OR'd together. For example, you could define HTTP based on TCP port 80 OR 'http' L7 signature.
- Applications based on network object and TCP/UDP port numbers or ranges, which are AND'd together. For example, you could define an application based on a particular port number on a particular server (specified by network object).
- Applications based on only network object. For example, you could define an application based on a particular application server (specified by network object).
- Applications based on only TCP/UDP port number or ranges. For example, you could create an application based on a particular port.
Network objects cannot be used in conjunction with a layer 7 signature.
Adding a new application object.
NOTE
When creating applications based on ports, any given port number can only be defined once for TCP and once for UDP. The same port number can be defined for TCP and UDP. For example, if you define an application object with a port range TCP 500-510, you cannot then define another application object on TCP port 505. However, you can define another application object with UDP port 505.
You can define duplicate ports/port ranges if a network object is also specified.
Many of the L7 signatures have sub-type classifications, which makes layer 7 visibility much more granular. For instance, for reporting on specific web applications, most vendors can only report on port 80 traffic. Exinda allows a deeper look into Layer 7 applications. For example, by comparison:
- Layer 4 reporting tools report on web applications as: port 80 or HTTP
- Layer 7 reporting tools report on web applications as: Yahoo or Skype
- Layer 7 with sub-type classification report on web applications as: Yahoo video, Yahoo voice, or Yahoo webchat.
This allows you to monitor at a much more granular level.
Adding application objects in the Exinda Web UI
Chart displaying bandwidth throughput for applications.
Related Topics
Adding application objects in the EMC
The Exinda Management Center provides a comprehensive set of built-in Applications for you to use, These cannot be edited, but you can define Custom Applications. You can add the custom application as part of an ignore policy at the bottom of the optimizer tree that is sent to the appliances.
NOTE
if you use a custom application in the definition of a virtual circuitlogical definitions that partition a a physical network circuit and used to determine what traffic passes through it and how much or policy for a given appliance group, then the custom application is automatically added to the appliance-group configuration.
Applications can be defined in the Library directly, and then later assigned to an Optimizer Policy Tree. Applications can also be created in an Optimizer Policy Tree, in which case they are also saved to the Configuration Library for use elsewhere. All applications within a tenant must have unique names. When an application is modified, all uses of it are also modified.
Where do I find Applications?
Application librarythe Exinda repository for network objects and their definitions items can be found in Library > Applications. You can define custom applications for each appliance group. Go to the desired appliance group in the Optimizer Policy Tree.
How do I view built-in Applications?
Built-in application library items can be found in Library > Applications > Built-in. You can view built-in applications, but not edit.
To create a Custom Application in the Library
- Go to Library > Applications.
- Click Create new application....
- In the Name section, key-in a name for the application. The name must be unique in the tenant.
- In the Definition section, choose either the Layer 7 Signature, or select a combination of Network Object, Ports, DSCPDifferentiated Services Code Point and Protocols.
- Click the Create button. The custom application will be added to the library list.
To create a new Application directly in the Optimizer Policy Tree
- Go to Configured Appliances > (desired appliance group) > Applications.
- Click Create new application....
- In the Name section, key-in a name for the application. The name must be unique in the tenant.
- In the Definition section, choose either the Layer 7 Signature, or select a combination of Network Object, Ports, DSCP and Protocols.
- Click the Create button. The custom Application is added to the Optimizer Policy tree for this current Appliance Group and is also saved to the Library.
To add an Application from the library to an appliance group
- Go to Configured Appliances > (desired appliance group) > Applications.
- Click Add Application from Library.
- Select one or more applications to apply to the current appliance group, and then click application to <group_name>.
To use a Custom Application in a policy definition
When creating a policy, you can use a custom Application to filter traffic to or from this application. The custom Applications appear in the Application list within the Filter section. For more information refer to Policies.