Network performance monitoring, and especially network optimization, is more of an art than a science because there are so many factors that figure into network and application responsiveness. In addition, because there is a vast amount of data traversing the network, determining the right kind of data you need to monitor (and where you should you be capturing the data from) can become very difficult. As an example, according to research conducted by Enterprise Management Associates in October of 2016, 41 percent of IT personnel spend more than 50 percent of their time working on network and application performance problems.
The data collection process is further complicated by the fact that tactical data loses up to 70 percent of its value after 30 minutes. This makes the speed and accuracy of data analysis critical if you hope to resolve your network or application issues.
There is one easy way to improve your lot in life, though: Add a network visibility architecture. Most IT personnel have a security architecture and a network architecture, but very few have a visibility architecture. Network visibility is what enables you to capture the right data at the right time, so you can do something useful such as quickly isolate potential problems.
Setting up a visibility architecture is straightforward. There are four main components:
- Data access
- Data manipulation
- Application intelligence
- Purpose-built analysis tools
Data access can be provided by physical taps, virtual taps and bypass switches. These devices give you timely access to the data you need. A SPAN port also can be used; however, there can be issues with the quality of the data from this type of device, so it is not recommended.
After you have acquired the monitoring data you need— probably along with a bunch that you don’t need—the next step is to send it to a network packet broker (NPB). This device provides granular filtering capability to maximize the flow of relevant information to your monitoring tools. Specific types of data can be segmented out and sent to specific tools to improve efficiency and faster time to resolution. NPBs can provide the following services as well: data aggregation, deduplication and load balancing of Layer 2 through 4 (of the OSI model) packet data.
Application intelligence is another capability available through an NPB. This functionality provides additional filtering and analysis at the application layer, i.e. Layer 7 of the OSI stack. For instance, you can leverage application intelligence to prevent application bandwidth overloads on your network. You can literally see the amount of traffic on your network based upon application type (e.g. Hulu, Netflix, Pandora, FTP, HTTP, RTP, etc.). You also can use it to identify slow or underperforming applications.
The final layer of the visibility architecture is made up of your security and monitoring tools. These devices typically are special-purpose tools (e.g., sniffer, network performance monitoring [NPM], application performance monitoring [APM], etc.) that are designed to analyze specific data. For instance, APM tools can provide real-time data analytics to help you manage your network and lets you see problems before your users do.
However, standalone deployments of these tools can run into different problems, such as overloaded disk space and processing, the need for different interface ports based upon network traffic speed and the need for lots of input ports to capture data across the network. An NPB can be used to capture network data and filter that data before it goes to the NPM tool. This increases the efficiency of the tool by reducing clutter. The additional filtering of duplicate data further enhances the efficiency and also removes the storage waste associated with storing irrelevant data.
Network administrators need network visibility solutions to help them discover, isolate and solve problems related to the network and its applications. This architecture gives your network tools a complete picture of the network so they can resolve issues faster.
— Keith Bromley
