Troubleshoot www.attainia.com connectivity and Internet issues
The Attainia application suite is accessed over the Internet using a web browser. The applications themselves are written using the Adobe Flex framework, and utilize the Adobe Flash Player to execute on the user’s pc. Each application is designed to provide an RIA (rich Internet application) experience. To accommodate such an experience, there are certain areas of interest, from an IT perspective, that should be addressed to ensure users are able to work trouble free. What follows is a review of some key areas common to many IT infrastructures that may impact these applications and their functionality.
Bandwidth & Latency
How fast you are and how quickly you can get there are traits that almost always affect internet-based communications in some way or another, and the Attainia applications didn’t want to be left out of the party. In reality, both of these statistics affect the performance of the applications much more than the reliability or functionality. What we instead hope to foster is an honest understanding of what to expect from the application, as well as why it behaves as it does.
For bandwidth, currently, Attainia requires a minimum of a 512/128kbit connection to use our software. We recommend that you have at least a 3Mbit/512kbit connection for best performance. These minimums are for a single user. If there are going to be multiple simultaneous users over the same connection, then you will need to make the necessary adjustments. Since the application is not communicating constantly, a certain amount of overlap can be reasonably assumed. This can be up to as much as 40% based on anticipated usage levels.
Using the minimum as a baseline, we currently gauge the application performance using initial load times as well as delays between changing screens inside the application. Loading the application is considered within normal ranges if completed in less than 90 seconds. Delays between screens should average below 12 seconds. Using the recommended settings, you should expect those ranges to drop below 70 and 10 respectively. Attempting to use the applications with less than the Attainia minimum may result in drastically reduced performance.
When it comes to latency, the picture is not nearly so black and white. Attainia loosely recommends a latency of less than 250ms. \ Most organizations will be able to meet these requirements. You do need to understand, however, that the lower that number is, the better the performance of the application. Since all of the Attainia apps use an RIA-based interface that receives its data using web services that transfer binary data feeds, any delays in that communication layer cause delays in the application’s ability to present the data to the user. While latency on the public Internet is out of your control, a review of any existing QOS or traffic-shaping policies might be beneficial to ensure optimal communication.
Attainia offers a simple speed-test utility on its website to assist in evaluating your current bandwidth situation. We offer this partly because we have found that connections between different locations vary too wildly to trust 3rd-party speed evaluations. By hosting this test on our servers, you’re able to obtain an apples-to-apples evaluation of what to expect from the Attainia experience. In addition, the Attainia Support staff is always available to assist you with challenges that might arise.
Every network has one. And if they don’t, they most likely should. Security appliances protect our networks from the prying eyes of the outside would. In the modern world, there are now many devices that also monitor and police even outgoing connections. It is commonplace to find one or more security devices on the network of just about every professional organization in the world. The concern is that the Attainia software often experiences functionality issues with security devices. In this section, we will cover each type of device, examples, and expectations of what might be faced during implementation.
First and foremost, we have the firewall. These devices are most commonly found at the edge of the network and are the first line of defense against intruders. By themselves, they don’t often cause issues with Attainia software. \ The only exception is if the firewall is deployed with very restrictive policies, in which case the Attainia datacenter IP address will need to be added to a trusted list. Where the firewall can become much more disruptive is in the case of packet inspection functionality. Many modern firewalls include features that allow the device to intercept malicious data such as viruses and spam before they ever enter the network. The reason this becomes an issue has to do with the Adobe Flex framework. \ Adobe Flex, or Flex, communicates with the Attainia servers using a protocol called AMF, or Adobe Messaging Format. AMF is a binary data stream that allows Flex to compress large datasets and transfer them at high speed to the client. \ The problem lies in the fact that packet inspectors, by definition, inspect all binary traffic. This means that inspection devices think the AMF traffic is actually file data, like email attachments or web downloads. Due to the nature of the AMF data format however, the devices are unable to properly classify the AMF data, and in the process, end up interfering in the communication with the user. At this time, there are no known workarounds for this behavior. In addition, this behavior has been observed affecting various devices from numerous vendors. \ In the event that you are using a packet inspection device on your network, the Attainia Support team will work with you to find a suitable solution for your environment.
• Firewall Examples
o Cisco Pix / Cisco ASA
o Checkpoint Firewall1
Next on our list are filters. \ Web filters, or content-filters, are devices that monitor the web browsing of an organization’s users. Often these devices are used to limit access to prohibited or malicious content. If the device is being used in a transparent fashion, where it simply inspects addresses against a blacklist, then you simply need to add the Attainia hostnames to the trusted list. If, however, the filter is configured to also inspect the content of the pages and the traffic, it will cause errors in the Attainia applications. This is due to a similar situation as to what affects the packet inspection devices. The issue in this case lies in how the web filter inspects the traffic. When an AMF transfer occurs, the filter will grab the entire package, look at it, and send it on its way. This seems acceptable, except that since the AMF is compressed and encrypted, it looks like a jumbled mess to the filter. This causes the filter to release the traffic out the other side, to the user, in no particular order. This results in the user receiving various error situations due to corrupted data. The simplest solution is to configure the Web Filter to ignore any and all traffic from the Attainia application domain. \ In the event this is not possible, the Attainia Support team will work with you in an attempt to find a useable solution.
• Filter Examples
The final item we’d like to focus on is proxies. Web proxies can be used for a number of purposes with the most common being a cache from web browsers. They are also sometimes combined with Web Filters, as noted above. Proxies are the most sinister when it comes to interfering in the operation of Attainia applications. When a web proxy caches data, it does so to allow multiple users in one location to only require the actual Internet download a single time, while all the other users receive a copy cached on the proxy. It is this very behavior that causes the issues. When AMF passes through the proxy, it is viewed as binary data, like a downloaded file, and stored in the cache. What the proxy does not know is that this chunk of data will never be valid again. Then, sometime in the future, the Attainia software makes a web service call expecting an AMF response. The proxy then sees this request, and since it appears identical to one it saw earlier, it then replies to the user with the AMF chunk stored in its cache. This then causes the user to receive an error. Web proxies are the only one of the three types covered here that has proven to cause errors 100% of the time. We have not been able to locate a web proxy that does not interfere with the Attainia software. In the event that your organization is using a proxy, and are unable to bypass it, please contact the Attainia Support team for further assistance.
• Proxy Examples
o Microsoft ISA server
No introduction is necessary for what has become standard issue for every professional network. Antivirus software is an essential tool in keeping our systems free from interference. Sadly, in their effort to continuously protect us from ever increasing threats, some software packages have grown to the point where they themselves can become intrusive and affect the behavior of other applications. Such is the case with Attainia’s application suite. Currently, our research has shown that Antivirus packages using “On Access” style features pose the biggest risk. The assumption is that the software is in some way interfering with the Flash execution engine’s ability to cache AMF data to the hard drive. At this time, the only software package that has been confirmed to cause errors in the wild is the McAfee antivirus software. If you are running an Antivirus software package on your user’s desktops that uses “On Access” protection features, or if you’re simply not sure, please contact the Attainia Support team so that they may assist you in testing for any potential errors.
General System Requirements
Trusted IP Addresses
These are the IP addresses of the Attainia servers