AAA Stats Test

Data security is one of the important features that you must consider while making the data accessible to public over the Internet. Authenticating the user requesting for an access to the network resources is one of the methods to secure data for unauthorized access.

On a NetScaler appliance, you can use various authentication techniques to secure the data. One of the techniques is the Authentication, Authorization, and Accounting (AAA) technique which can be used when the Secure Socket Layer (SSL) Virtual Private Network (VPN) is deployed on your network. The AAA authentication technique includes three steps to secure the network. The first process, Authentication, ensures that the access is granted only to an authorized user of the network. The second process, Authorization, ensures that depending on the profile of the user, the user is authorized to perform only a set of specific tasks on the network. And finally the third process, Accounting, measures the resources the user has used during a session.

This test enables administrators to measure the effectiveness of the AAA authentication technique. This test monitors the AAA sessions on the NetScaler and reports the count and percentage of authentications that were successful and those that failed on the NetScaler. This way, the test turns the spotlight on unauthorized access attempts that were detected and prevented by the AAA technique. 

Target of the test : A NetScaler VPX/MPX

Agent deploying the test : A remote agent

Outputs of the test : One set of results for the NetScaler appliance being monitored.

Configurable parameters for the test
Parameter Description

Test Period

How often should the test be executed.

Host

The IP address of the host for which the test is being configured.

NetScaler Username and NetScaler Password

To monitor a NetScaler device, the eG agent should be configured with the credentials of a user with read-only privileges to the target NetScaler device. Specify the credentials of such a user in the NetScaler Username and NetScaler Password text boxes.

Confirm Password

Confirm the NetScaler Password by retyping it here.

SSL

The eG agent collects performance metrics by invoking NITRO (NetScaler Interface Through Restful interfaces and Objects) APIs on the target NetScaler device. Typically, the NITRO APIs can be invoked through the HTTP or the HTTPS mode. By default, the eG agent invokes the NITRO APIs using the HTTPS mode. This is why, the SSL flag is set to Yes by default. If the target NetScaler device is not SSL-enabled, then the NITRO APIs can be accessed through the HTTP mode only. In this case, set the SSL flag to No.

Measurements made by the test
Measurement Description Measurement Unit Interpretation

Authentication successes

Indicates the number of user authentications that were successful during the last measurement period.

Number

 

Authentication failures

Indicates the user authentications that failed during the last measurement period.

Number

A high value is indicative of too many authentication failures. You may want to investigate the reason for this phenomenon.

Percent of authentication successes

Indicates the percentage of user authentications that is currently successful.

Percent

A high value is desired for this measure.

HTTP authorization successes

Indicates the number of HTTP connections from the user that were authorized successfully during the last measurement period.

Number

 

HTTP authorization failures

Indicates the number of HTTP connections from the user that failed authorization during the last measurement period.

Number

A high value is indicative of too many authentication failures. You may want to investigate the reason for this phenomenon.

Percent of HTTP authorization successes

Indicates the percentage of current HTTP connections from the user that is authorized successfully.

Number

A high value is desired for this measure.

Non HTTP authorization successes

Indicates the number of connections other than the HTTP connections that were authorized successfully during the last measurement period.

Number

 

Non HTTP authorization failures

Indicates the number of connections other than the HTTP connections that failed authorization during the last measurement period.

Number

A high value is indicative of too many authentication failures. You may want to investigate the reason for this phenomenon.

AAA sessions

Indicates the number of AAA sessions during the last measurement period.

Number

 

Timed out AAA sessions

Indicates the number of AAA sessions that timed out during the last measurement period.

Number

NetScaler maintains a session timeout after which users must authenticate again to regain access to the intranet. This timeout is configurable.

If the value of this measure is very high - i.e., timeouts appear to be occurring too often - you may want to consider changing this timeout value.

Current ICA sessions only

Indicates the number of ICA sessions during the last measurement period.

Number

 

Current ICA connections_smart access

Indicates the number of ICA sessions with smart access during the last measurement period.

Number

 

Current ICA connections only

Indicates the number of ICA connections during the last measurement period.

Number

 

Current TM sessions

Indicates the number of TM sessions during the last measurement period.

Number