With the rapid increase in network complexity – as well as customer dependence on enterprise network applications and services – it’s more and more important that operators understand what, how, and when traffic is traversing the network. Network monitoring is the increasingly powerful connected set of tools used in controlling, maintaining, and optimizing networks.
A network management system (NMS) is a set of devices and applications that allow a network operator to supervise the individual components of a network.
Network management system components assist with:
- Device discovery – identifying what devices are present on a network.
- Device monitoring – monitoring specific devices to determine their health and performance capacity.
- Performance analysis – tracking indicators like bandwidth utilization, packet loss, latency, availability, and uptime.
- Intelligent notifications – collecting or sending alerts that respond to set network scenarios.
Network monitoring is a cornerstone of network management, especially when troubleshooting and understanding performance of network applications and services. Network monitoring allows an operator to harness the rich information available via direct inspection and analysis of network packets.
So what is needed to integrate effective monitoring with a network management system (NMS)? The first recommendation is to add a network monitoring switch, also called a Network Packet Broker (NPB), to optimize the interconnection and flow of data to the monitoring tools that will be used. The second recommendation is to determine the type(s) of monitoring tools required. A variety of monitoring tools and technologies exist which leverage this approach, spanning network management, application performance management, as well as security management.
In general, the most prevalent tools used are:
- Packet Analyzers. A packet analyzer (also known as a network analyzer, protocol analyzer, or packet sniffer, an Ethernet sniffer, or wireless sniffer) is a device or applications that intercepts and logs traffic passing through a network. The sniffer captures traffic and exposes the values of the packet fields. It then analyzes its content according to the appropriate RFC or other specifications.
- Intrusion Detection / Prevention. An intrusion detection system (IDS) is a device or application that monitors the network for suspicious traffic or activity. Intrusion detection and prevention systems (IDPS) focus on identifying incidents, recording them, and reporting the detection. In addition, organizations use IDPSes to identify security policy issues, document existing threats, and deterring policy violations.
- Data Loss Prevention. A data loss/leak prevention system is designed to detect and halt potential data breaches by monitoring, detecting, and blocking sensitive data while in-use (endpoint actions), in-motion (network traffic), and at-rest (data storage). During such incidents sensitive data is captured by unauthorized personnel, usually through covert incursions. Examples of sensitive data include private or company information, intellectual property (IP), financial or patient information, credit-card data, and other types depending on the market the industry.
- Application Performance Management. Application performance management (APM) is the oversight of network application performance and availability. APM detects and diagnoses application performance problems in order to maintain the user’s expected level of service.
Two sets of performance metrics are closely monitored: the end user application performance experience and the stress placed on the network while running the application.
An example of the first metric would be the average response times under peak network load, where “response time” is the time required for an application to respond to user actions. Without load, most of the applications are fast enough, which is why programmers may not catch performance problems during development.
The second metric establishes whether there is adequate capacity to support the application load, while determining where there may be performance bottlenecks. Measurement of these quantities establishes an empirical performance baseline for the application.]
- Data Recorder. A data logger (also a data recorder) records data over time. They are usually small, battery powered, and equipped with a microprocessor and internal memory for data storage. Some data loggers interface with a personal computer and use software to activate the data logger and view and analyze the collected data, while others have a local interface device (keypad, LCD) and can be used as a stand-alone device.
- Compliance. Compliance monitoring verifies that whatever regulations and/or limitations that are in force from some governing agency (such as government institutions) are being followed and maintained.
- VoIP / Unified Communications / Video analyzers. Multi-media analyzers assess the quality of real-time communication services like instant messaging, video conferencing, data sharing, VoIP, video playback, and speech recognition with non-real-time communication services such as unified messaging.
So what are the current trends with these common network monitoring tools? Recent studies have shown, for the most part, a solid and steady increase in the deployment of network management technologies over the last few years.[i]
(Note: all charts were taken from EMA’s Network Management 2012: Megatrends in Technology, Organization, and Process)
Over the years, deployment levels have risen slowly amongst the most common tools. IDS/IPS deployments remain virtually identical, but data loss prevention is a new tool that has gained widespread use. Meanwhile, data recorders, compliance monitors, and voice/video analyzers have all seen significant gains in adoption.
In conjunction with the strategy regarding the types of network management tools, the choice of what types of data are being reviewed and monitored showed interesting results.
Overall, less data sources are being collected than previously. Back in 2008, participants selected an average of seven different types of source. In more recent studies, the average dropped to just 5.5 sources – indicating that organizations are becoming more discrete and distinct in which data sources they find to be most valuable. Or, conversely, enterprises may be increasingly overwhelmed with an abundance of data sources, and out of shear survival are only focusing on the sources that they deem most important.
Another aspect of network management on the rise is automation. The automation of network management tools and technologies offers increased efficiency, decreased errors due to manual tasks, and is a hedge against rising complexity due to growth, virtualization, and cloud services – it is a buffer against the steady increase and expansion of applied automation in selective tasks and workflows. The figure below shows the distribution of automation over various network management functions.i
Finally, it is relevant to see what is driving the increase in network management tool use. What are the enterprise plans, needs, and goals that are behind the use of specific network management technologies? In a recent survey, almost 50% of respondents indicated plans to invest in more network management resources.
Generally speaking, the need for improved and more comprehensive network management resources is not only growing, but exponentially expanding due to the increased complexity of networks. This complexity is driven by user demands and service expectations. The trends are only projected to continue to rise, and the investment in network management technologies will experience a related increase.
For more information on Ixia network monitoring and visibility solutions, see our website.
Thanks to Ixia for the article.