Link Search Menu Expand Document

Application Definitions Tab

Configuration > Templates & Policies > Applications & SaaS > Application Definitions

This tab provides application visibility and control.

  • You can search to see if a definition exists for an application and, if so, how it is defined.

  • You can set AppExpress performance monitoring for up to 50 specific applications.

  • To filter the application definition list to show only monitored applications, click the Monitored button in the tab header. Click All to remove the filter.

Orchestrator uses the following eight “application pipelines” to assign an application name to each flow within the SD-WAN fabric:

  • IP Protocol – Matches flows based on IP protocol number. Matches on the first packet.

  • UDP Port – Matches flows based on layer 4 UDP port. Matches on the first packet.

  • TCP Port – Matches flows based on layer 4 TCP port. Matches on the first packet.

  • Domain Name – Uses DNS, HTTP Host Header, and HTTPS/SNI snooping to derive a domain name for each flow. It is expressed in the form example.com or *.example.com. The DNS snooping mechanism matches on the first packet. The snooped DNS queries must be cleartext and must transit the EdgeConnect in both directions. The HTTP Host Header and HTTPS/SNI snooping mechanisms need up to six packets to determine the domain name and cannot match on the first packet.

  • Address Map – Formerly known as IP Intelligence. Given a range of IP addresses, the Address Map reveals the organization that owns the segment, along with the country of origin. Matches on the first packet.

  • DPI – Deep Packet Inspection. These applications are derived by looking into the packet payload. Examples include RTP, FTP, and HTTP. The DPI pipeline requires multiple packets to read the required payload elements and cannot match on the first packet.

  • Compound – Created using multiple application match criteria. First-packet matching varies based on the configuration of the Compound application.

  • SaaS – Deprecated. For use with legacy SaaS Optimization system. AppExpress should be used for SaaS optimization use cases.

You can use any of these application pipelines to define a new application, and you can modify or disable an existing application. Multiple application definitions can match at the same time. When this occurs the application with the highest confidence configured (1-100) is used.

Orchestrator automatically checks the Cloud Portal for updated application definitions every 24 hours by default (Auto update set to ON). Application definition data on the Cloud Portal is updated generally once per month. If new definitions are discovered, Orchestrator downloads the data, merges it with the applications, and pushes the changes to appliances in the network. You can also force an update at any time by clicking Update Now.

Application Definition Dialog Box

From this dialog box you can add, edit, disable, or delete an application definition and enable AppExpress for an application.

Add an Application Definition

Complete the following steps to add an application definition.

  1. Navigate to Configuration > Templates & Policies > Applications & SaaS > Application Definitions.

  2. Click Show Advanced App Definitions.

  3. Click +Add New Application.

    The Application Definition dialog box opens.

  4. From the Type drop-down menu, select an application pipeline.

  5. Complete the fields that apply to the application pipeline you selected.

    Field Description
    Name Enter a name for the application. This application name is used throughout the EdgeConnect system to match and apply various policies. Application names are not case-sensitive.

    NOTE: When you change an application name, you must also change it in any associated policies, such as Overlay ACLs or Firewall policies.
    Protocol Number Applies to IP Protocol. Enter the protocol number for the application.
    Port Number Applies to UDP Port and TCP Port. Enter the port number for the application.
    Domain Applies to UDP Port, TCP Port, and Compound. Enter the domain for the application.
    IP range(IPV4 only) Applies to Address Map. Enter the range of IP addresses that are included.
    Organization Applies to Address Map. Enter the name of the organization that owns the range of IP addresses.
    Country Applies to Address Map. Select the country where the organization that owns the range of IP addresses resides.
    Protocol Applies to Compound. Select the type of protocol used for the application.
    Port Applies to Compound. Enter the port number for the application.
    IP/Subnet Applies to Compound. Enter the IP address or subnet for the application.
    Geo Location Applies to Compound. Matches flows with IPs associated with a specific country. Select the country from the drop-down list.
    Address Map Applies to Compound. Matches flows with IPs contained within an Address Map. Select the address map from the drop-down list.
    Interface Applies to Compound. Matches flows that are inbound to the EdgeConnect through the specified interface or label. Select the interface or label from the drop-down list.
    DSCP Applies to Compound. Click the check box to match the first DSCP value observed for the flow.
    Domains Deprecated. Applies to SaaS Optimization.
    Addresses Deprecated. Applies to SaaS Optimization.
    Notes Applies to all except SaaS. This is a text-entry field where you can enter any notes or information about the application definition.
    Confidence Applies to all except SaaS. Used when two or more application definitions match the same flow. The application with the highest Confidence value is assigned to the flow. Enter a value of 1 to 100. The higher the number, the higher the confidence.
    Microsoft Instance Applies to Address Map. Allows filtering by Microsoft Instance type, such as “WorldWide”, “USGovDoD”, and “China”. Select the instance from the drop-down list.
    Microsoft Category Applies to Address Map. Matches the Microsoft-assigned endpoint category, which includes the following (select one):

    Optimize – High-priority traffic that should get priority QoS treatment, take the most optimal path, and bypass security inspection mechanisms.

    Allow – Lower-priority traffic that should bypass security inspection mechanisms.

    Default – Traffic that should be treated as “regular internet traffic”.
    Proxy Applies to Address Map. If this attribute is set, the EdgeConnect does not learn domain names for the given IP(s). Select No or Yes from the drop-down menu.
    Disabled Applies to all except Address Map and SaaS. Click this check box to disable the application definition. This action does not delete the application definition.
  6. To enable AppExpress for the application, continue to Enable AppExpress for an Application.

  7. Click Apply.

    The definition appears in the Advanced App Definitions section.

    NOTE: To find a user-created definition in the Advanced App Definitions section, click the appropriate tab for the type of definition, such as IP Protocol or UDP Port, and then click Modified.

Enable AppExpress for an Application

You can enable AppExpress performance monitoring for any application. If you choose to have AppExpress steer traffic for an application, you must enable steering and add the application to an AppExpress group. For more information, see AppExpress Groups Tab.

  1. Navigate to Configuration > Templates & Policies > Applications & SaaS > Application Definitions.

  2. Click Show Advanced App Definitions.

  3. Locate the application in the advanced definitions list, and then click the edit icon.

    The Application Definition dialog box opens.

  4. Enter the following information based on the level of monitoring you want to apply to the application:

    Field Description
    AppExpress Off – Click to disable AppExpress for the application.

    Monitor only – Click to enable only AppExpress monitoring for the application. Data is collected about the performance of the application, which is reflected on the AppExpress Summary tab and in reports, but the data is not used to steer the application traffic.

    Monitor and Steer – Click to enable AppExpress monitoring and steering for the application. Data is collected about the performance of the application, which the system uses to steer the application traffic from one transport to another.

    The application must be added to an AppExpress group for traffic steering to occur. For more information, see AppExpress Groups Tab.
    Use Cloud Portal Config Select this check box to use the Aruba-provided AppExpress settings for this application.

    NOTE: Not all applications have Aruba-provided AppExpress settings. You can override these settings at any time.
    Ping Type Select the method used to send probes to the application across the loopback interface. Options include ICMP echo-request/response, TCP connect, HTTP, or HTTPS.

    NOTE: TCP is the default selection and recommended for most AppExpress applications.
    Ping Hostname Enter the hostname or IP address of the server from which the probes originate.
    User Experience Thresholds Enter the two threshold values (in milliseconds) for the application performance. These values are measures of latency and are what the Target QoE is derived from. The defaults are 100 ms for the threshold between Satisfied and Tolerable, and 300 ms for the threshold between Tolerable and Frustrated. When determining the threshold values, keep the following definitions in mind:

    Satisfied – If latency for the application is at or below this threshold, users will have the best experience with the application.

    Tolerable – If latency for the application falls in this range, users will have a tolerable experience with the application, but it could be better.

    Frustrated – If latency for the application falls at or above this threshold, users could have a negative experience with the application.
  5. Click Apply to save your changes.

    The Performance Monitor column shows “Yes” for the application.

Edit an Application Definition

  1. Click the edit icon for an application definition.

    The Application Definition dialog box opens.

  2. Edit the settings as needed.

  3. Click Apply.

Disable an Application Definition

  1. Click the edit icon for an application definition.

    The Application Definition dialog box opens.

  2. Click the Disabled check box.

  3. Click Apply.

Delete a User-created Application Definition

You can only delete user-created application definitions.

  1. Click the edit icon for an application definition.

    The Application Definition dialog box opens.

  2. Click Delete.

    The Delete Record dialog box opens.

  3. Click Delete.

    The definition is deleted and all dialog boxes close.


Back to top

© Copyright 2024 Hewlett Packard Enterprise Development LP.

For third-party trademark acknowledgements, go to Trademark Acknowledgements. All third-party marks are property of their respective owners.

To view the end-user software agreement, go to HPE Aruba Networking EULA.

Open Source Code:

This product includes code licensed under certain open source licenses which require source compliance. The corresponding source for these components is available upon request. This offer is valid to anyone in receipt of this information and shall expire three years following the date of the final distribution of this product version by Hewlett Packard Enterprise Company. To obtain such source code, please check if the code is available in the HPE Software Center at https://myenterpriselicense.hpe.com/cwp-ui/software but, if not, send a written request for specific software version and product for which you want the open source code. Along with the request, please send a check or money order in the amount of US $10.00 to:

Hewlett Packard Enterprise Company
Attn: General Counsel
WW Corporate Headquarters
1701 E Mossy Oaks Rd Spring, TX 77389
United States of America