For years, corporate end users would complain that their applications weren't running properly, and all network managers could do was confirm that the issue wasn't caused by a network failure.
Now, tools are available that let network managers run analytics so they can gain full network visibility and then deploy an automated fix, often before a problem occurs in the first place.
"Let's face it, when users have a problem with an application, they will still call the service desk and complain that the network isn't working," says Colin Fletcher, a research director at Gartner who covers IT operations analytics (ITOA).
Fletcher says that the industry has started to move from ITOA to what he calls algorithmic IT operations platforms (AIOps).
"In ITOA, network managers were getting analytics about the network after the fact; it was all observational data," Fletcher explains. "Now, we can look at what's going on in the network in real time, diagnose the issue and then automate a fix."
Gartner estimates that by 2019, 25% of global enterprises will have strategically implemented an AIOps platform that supports two or more major IT operations functions, up from fewer than 5% today.
ITOA and AIOps in action
Any number of software vendors offer IT operations analytics and AIOps products today, including Elastic, Evolven, Hewlett Packard Enterprise, IBM, Rocana, Nyansa, Splunk and Sumo Logic, among many others. Network managers say these products help them diagnose and fix networking issues, which leads to better response times and more efficient use of networking resources.
T.J. Norton, wireless architect at Liberty University in Lynchburg, Va., says he's been using Nyansa's Voyance to gain greater network visibility into the university's Cisco and Aruba wireless infrastructure.
"I had all this different infrastructure and each system generated good data, but there was no way to pull all that data together and gain a good network view," he says. "Essentially what Nyansa gives us is the visibility to see what the client is seeing."
In one example, Norton says the Voyance dashboard reported some network latency on a point-to-point connection. Further investigation found that many of the clients were having poor response times on a DNS server.
The fix: Norton redirected the clients to a different DNS server so that traffic would continue to flow properly and then provisioned a new DNS server and installed updated firewall rules to resolve the issue.
"This was our primary DNS server, so if it went down, it would have been a big deal," Norton says. "Nyansa gave us the ability to diagnose and fix the issue before it became a real problem."
At Brandeis University in Waltham, Mass., Mike Fitzgerald, lead infrastructure engineer, also uses Nyansa to gain visibility into his Aruba and Cisco infrastructure.
Fitzgerald says the Nyansa network analytics tool was especially effective at delivering visibility into the wireless network.
"People want the Wi-Fi connection to work like a wired connection," he explains. "While people are used to a dropped call on a cellular line, that's not always the case with Wi-Fi. They expect it to work all the time."
Mike Fitzgerald, lead infrastructure engineer at Brandeis University
Brandeis had a case in which the Nyansa software reported that multiple users were bouncing back and forth from the university's secure 802.1x network to its open network. Fitzgerald says Brandeis runs an open network mainly to support gaming systems, many of which don't yet support 802.1x.
When they took a deeper look into the Nyansa network analytics data, they found that password failures were causing wireless devices to bounce between the 802.1x network and the open network. They then realized that this was tied to a change last fall when the university began enforcing regular password changes. Typically, people would change their password via a web form, but their 802.1x wireless connections would continue to use an old cached version of their previous password. Those 802.1x connections would fail because of an incorrect (old) password, and the device would then try the open wireless network, which would direct the device back to the 802.1x network, having connected to it in the past.
"What's great here is that Nyansa alerted us to a potential problem well before it became an issue and created a significant performance drain on the network," Fitzgerald explains. "It saved us any number of service calls had the issue gone undetected."
More efficient networks with AIOps
At Liberty University and Brandeis, AIOps tools detected, diagnosed and fixed problems before they could do any damage to the network. But these tools can also identify day-in, day-out events that simply make networks less efficient.
Eric Sharpsten, CTO for Federal Health at Lockheed Martin, says ExtraHop's diagnosis of one ongoing problem led to more efficient use of the company's database servers, housed at the federal Centers for Medicare and Medicaid Services in Baltimore, Md.
Sharpsten says when they ran a proof of concept they found that a single database server had 800 million transactions in a week. Examination of the transactions revealed 21.5 million errors as part of the transactions. Out of the 21.5 million errors, 19.8 were from a single source IP address, and 19 million of them had bad username and password pairs.
"We found that the errors were coming from a single server that was retired but we hadn't taken off the network," he explains. "This server was querying the database server with an old username/password pair consuming some 5% of the available database server resources. So while this was not a security issue, it had the ability to adversely impact operational performance. There's no way we would have found that misconfiguration if it wasn't for a tool like ExtraHop."
Another plus: When the company buys new servers in the future, it may need only three instead of four because it can now more accurately tune each one.
Sharpsten adds that many other similar tools require IT staff to run a software agent on the server. ExtraHop resides on the wire, giving his team a complete view of their firewalls, load balancers and Websphere Message Broker.
This kind of setup enhances security, says Sharpsten. For example, for an attack to take place, a hacker needs to put packets on the network. ExtraHop sees these packets and can conduct analysis on the attack as it happens. In the past, the IT team used logs to identify abnormalities in the network. But logs offer a view of what's already happened, so they can be anywhere from five to 30 minutes old, depending on the approach. Additionally, a good hacker can cover his tracks by either deleting or changing log entries.
"So in essence logs can lie," Sharpsten says. "The network never lies. And if ExtraHop sees that there's a misconfiguration, it can automatically write a new rule in the firewall and fix the issue on the fly. As a network manager, I see everything, everywhere on the network."
It's that kind of network visibility that really makes a difference. Corporate end users expect the network to run at work the same way it does at home. With IOTA and AIOps tools like Nyansa, ExtraHop and many of the other products on the market, network managers can know for sure what's causing an issue. And better yet -- they can prevent downtime before it happens.
SDN analytics will lead to most intelligent networks yet
The best IT plans include analytics, big data
Role of network analytics evolves