cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

This product reached the end of support date on March 31, 2021.

DCRUM operation counts on parallel environments between versions 12.04 and May 2017 for monitored applications are different.

We are migrating from DCRUM 12.04 to 2017 May SP4 currently running on parallel infrastructures. However the number of operation counts are not matching up. After excluding the "SSL connection Hello*" and "Encrypted data exchange", the resulting http URLs are approx 1/3 less than 12.04 versions counts. I have compared the software services configuration and setup parameters, but nothing looks different. Any thoughts?

7 REPLIES 7

Babar_Qayyum
DynaMight Leader
DynaMight Leader

Hello Martin,

Please find the below documented informaiton.

SSL handshake settings after upgrade from 12.4.x to 17.0.4


  • For all software services in your 12.4.x deployment, where reporting SSL handshakes was not an option, that generated ADS data (had Generate ADS data setting checked), after upgrade to 17.04, the Generate ADS data setting for these software services will be preserved and the Report SSL handshakes in ADS data will be set to Inherit from SSL globals. In the Global settings the Report SSL handshakes in ADS data will be unchecked. As a result, your settings for each software service are preserved. Your upgraded configuration will not report SSL handshakes in ADS data in the same way as in the 12.4.x deployment where such reporting was not possible. However, after upgrade to 17.0.4 you will gain the capability to turn on the Report SSL handshakes in ADS datafor each software service individually, or using the Global settings.

Review the below link for the changes in the current release.

https://www.dynatrace.com/support/doc/dcrum/releas...

Regards,

Babar

I am not sure i follow your answer @Babar Q. The post states that even after excluding the SSL Handshake data they are still seeing 1/3 the number of URLs. I am facing a similar issue (even though i am not able to compare to my 12.4 upgrade). I am looking at a pure count of operations against a software service. The service is using the HTTPS analyzer and we have an RSA key to decrypt the traffic. There are multiple different ciphers being used and some are Diffie-Hellman so i understand that we won't be able to see all details about all requests. However, if i just do a simple operation count during a specific hour and compare that to IIS log entries, i am seeing approx. 1/3 less traffic hitting DCRUM.

1.Does your answer above apply to my situation?

2. What are best practices for troubleshooting this type of discrepancy?


Hello @Graham D.

I would recommend to have a look on the below links for better understanding SS decryption.

https://www.dynatrace.com/support/doc/nam/ssl-monitoring/troubleshooting-ssl-monitoring-issues/

https://community.dynatrace.com/community/display/APMEnterpriseKB/SSL+Decryption+Troubleshooting+Guide?_ga=2.102671682.2108530131.1540099403-1710669906.1526479035

Regards,

Babar


Hello @Babar Q.,

Sorry for the misunderstanding, my issue is not with the decryption (i don't think). I expect that some of my traffic will continue to be encrypted because it is using Diffie-Hellman. What i can't explain is why the TOTAL count of operations is so far off from what i can see in other tools. I fully understand that this may not be a DCRUM problem and was hoping to get some guidance on how to remove DCRUM as the cause of the issue. If i can prove that DCRUM is not the cause of the missing data then i can better navigate the other possible causes.


Hello @Graham D.

Please correct me if my understanding is wrong. You are expecting more operations than you can see in the even DCRUM even after excluding the encrypted opertions.

  1. Do you have any drop packets?
  2. Did you SPAN bidirectional?
  3. Do you have any sequence number gap rate?

Regards,

Babar


Hey @Babar Q.,

We are not showing any dropped packets (0% for both types). We have around a 4% sequence gap rate and during our health check we were told that is acceptable. However, i don't think we are set to SPAN bidirectional and i am inquiring about those settings now. Can you give me a quick explanation on why that is needed? I am not a networking engineer and my simple understanding is that data flows 1-way into DCRUM (not bidirectionaly).

Also, thank you very much for your responsiveness.


Hello @Graham D.

Basically bi-directional is to solve the unidirectional traffic which indicates that the NAM Probe cannot reliably monitor and analyze traffic, such that a significant portion of user sessions is not included in performance analysis.

Have a look on the below link for more insight.

https://www.dynatrace.com/support/doc/nam/cas-and-reporting/tools/diagnostics/traffic-diagnostics-report/diagnosing-traffic-quality-issues/

Regards,

Babar