In the three previous blogs in this series, I answered an often asked customer question – “What can really be done to improve network visibility?” – with discussions on data and packet conditioning, advanced filtering, and automated data center capability. In the fourth part of this blog series, I’ll reveal another set of features that can further improve network visibility and deliver even more verifiable benefits.
Too quickly summarize, this multi-part blog covers an in-depth view of various features that deliver true network visibility benefits. There are five fundamental feature sets that will be covered:
- Data & Packet Conditioning
- Advanced Packet Filtering
- Automated Real Time Response Capability
- Intelligent, Integrated, and Intuitive Management
- Vertically-focused Solution Sets
When combined, these capabilities can “supercharge” your network. This is because the five categories of monitoring functionality work together to create a coherent group of features that can, and will, lift the veil of complexity. These feature sets need to be integrated, yet modular, so you can deploy them to attack the complexity. This will allow you to deliver the right data to your monitoring and security tools and ultimately solve your business problems.
This fourth blog focuses on intelligent, integrated, and intuitive management of your network monitoring switches – also known as network packet brokers (NPB). Management of your equipment is a key concern. If you spend too much time on managing equipment, you lose productivity. If you don’t have the capability to properly manage all the equipment facets, then you probably won’t derive the full value from your equipment.
When it comes to network packet brokers, the management of these devices should align to your specific needs. If you purchase the right NPBs, the management for these devices will be intelligent, integrated, and intuitive.
So, what do we mean by intelligent, integrated, and intuitive? The following are the definitions I use to describe these terms and how they can control/minimize complexity within an element management system (EMS):
Intuitive – This is involves a visual display of information. Particularly, an easy to read GUI that shows you your system, ports, and tool connections at a glance so you don’t waste time or miss things located on a myriad of other views.
Integrated – Everyone wants the option of “One Stop Shopping.” For NPBs, this means no separate executables required for basic configuration. Best-of-breed approaches often sound good, but the reality of integrating lots of disparate equipment can become a nightmare. You’ll want a monitoring switch that has already been integrated by the manufacturer with lots of different technologies. This gives you the flexibility you want without the headaches.
Intelligent – A system that is intelligent can handle most of the nitpicky details, which are usually the ones that take the most effort and reduce productivity the most. Some examples include: the need for a powerful filtering engine behind the scenes to prevent overlap filtering and eliminate the need to create filtering tables, auto-discovery, ability to respond to commands from external systems, and the ability to initiate actions based upon user defined threshold limits.
At the same time, scalability is the top technology concern of IT for network management products, according to the EMA report Network Management 2012: Megatrends in Technology, Organization and Process published in February 2012. A key component of being able to scale is the management capability. Your equipment management capability will throttle how well your system scales or doesn’t.
The management solution for a monitoring switch should be flexible but powerful enough to allow for growth as your business grows – it should be consistently part of the solution and not the problem and must, therefore, support current and potential future needs. The element management system needs to allow for your system growth either natively or through configuration change. There are some basic tiered levels of functionality that are needed. I’ve attempted to summarize these below but more details are available in a whitepaper.
Basic management needs (these features are needed for almost all deployments)
- Centralized console – Single pane of glass interface so you can see your network at a glance
- The ability to quickly and easily create new filters
- An intuitive interface to easily visualize existing filters and their attributes
- Remote access capability
- Secure access mechanisms
Small deployments – Point solutions of individual network elements (NEs) (1 to 3) within a system
- Simple but powerful GUI with a drag and drop interface
- The ability to create and apply individual filters
- Full FCAPS (fault, configuration, accounting, performance, security) capability from a single interface
Clustered solutions – Larger solutions for campuses or distributed environments with 4 to 6 NEs within a system
- These systems need an EMS that can look at multiple monitoring switches from a single GUI
- More points to control also requires minimal management and transmission overhead to reduce clutter on the network
- Ability to create filter templates and libraries
- Ability to apply filter templates to multiple NE’s
Large systems – Require an EMS for large scale NE control
- Need an ability for bulk management of NE’s
- Require a web-based (API) interface to existing NMS
- Need the ability to apply a single template to multiple NE’s
- Need role-based permissions (that offer the ability to set and forget filter attributes, lock down ports and configuration settings, “internal” multi-tenancy, security for “sensitive” applications like CALEA, and user directory integration – RADIUS, TACACS+, LDAP, Active Directory)
- Usually need integration capabilities for reporting and trend analysis
Integrated solutions – Very large systems will require integration to an external NMS either directly or through EMS
- Need Web-based interface (API) for integration to existing NMS and orchestration systems
- Need standardized protocols that allow external access to monitoring switch information (SYSLOG, SNMP)
- Require role-based permissions (as mentioned above)
- Requires support for automation capabilities to allow integration to data center and central office automation initiatives
- Must support integration capabilities for business Intelligence collection, trend analysis, and reporting
Statistics should be available within the NPB, as well as through the element management system, to provide business intelligence information. This information can be used for instantaneous information or captured for trend analysis. Most enterprises typically perform some trending analysis of the data network. This analysis would eventually lead to a filter deployment plan and then also a filter library that could be exported as a filter-only configuration file loadable through an EMS on other NPBs for routine diagnostic assessments.
More information on the Ixia Net Tool Optimizer (NTO) monitoring switch and advanced packet filtering is available on the Ixia website. In addition, we have the following resources available:
- Building Scalability into Visibility Management
- Best Practices for Building Scalable Visibility Architectures
- Simplify Network Monitoring whitepaper
Additional Resources:
Ixia Net Tool Optimizer (NTO)
White Paper: Building Scalability into Visibility Management
Thanks to Ixia for the article.
Consider a typical visibility fabric with 50 taps, eight tools, and one operations department with three users. Each user needs to not impact the traffic of other users, and each user needs to be able to quickly select the types of traffic they need to secure and optimize in the network.
