The user experience is always a priority at Cross Country Healthcare, a healthcare staffing firm based in Boca Raton, Fla. But as more applications move to the cloud -- and as more users access them remotely and from mobile devices -- monitoring network health to optimize the user experience has become a challenge for IT pros like Forrest Schroth.
But traditional network monitoring software and tools can only do so much, according to Schroth, director of network engineering services at Cross Country Healthcare.
"They can tell you if there's enough bandwidth, whether there are flooding errors or how IP-address-to-IP-address calls are being handled. But none of that tells you about end-user performance," he says.
Schroth is frustrated with this dilemma, especially as his company is turning more and more to software as a service (SaaS) applications. The company's email has shifted to Microsoft's Office 365 cloud-based service and several business units are using SaaS-based ERP systems. With no sign of cloud momentum slowing down, Schroth is in search of a single tool that would help him monitor and troubleshoot the end-user experience for all applications.
"Right now, the network group is running its set of tools and the apps group is running its set of tools and, if an event occurs, we get together in a war room and combine data to find the issue," he says.
Even with that collaboration, pinpointing problems with most network monitoring software can be difficult because SaaS providers usually don't let you see inside their environment.
"They tend to push back and say, ‘Our database looks great,' when you've ruled the transaction was fine until it hit their network," he says.
To avoid the potential impact on users, IT managers like Schroth are relying on workarounds that simulate the user experience for cloud-based applications or act as a watchdog for events that impede application and network performance. For instance, some IT teams are deploying sensors and agents throughout the network to mimic and monitor what users face in terms of application response times. Others are doubling down on existing gear, such as firewalls, to gain deeper insight into events that could block or slow traffic.
The lack of transparency in the cloud can hinder or delay problem resolution for networking teams. But SaaS providers have no incentive to let you monitor their internal systems' performance, says John Burke, CIO and principal research analyst at Nemertes Research.
"It will always be the place where visibility stops for network managers," he says.
There are only three ways to approach this obstacle, Burke says. One option is to use application performance management (APM) probes, either in line or off a span port, to watch traffic and make sure requests and responses are both functioning well. Another alternative is to use an optimizer or proxy -- either a device or service -- that can provide performance data. The third possibility is to put agents on devices and desktops to monitor transaction times.
"However, if you need both solid and predictable response times for network transactions, using SaaS over the public Internet should automatically be a suspect strategy," Burke says.
Out of the shadows
The level of frustration that network managers like Schroth have with SaaS providers is not uncommon, according to Shamus McGillicuddy, senior analyst of network management at Enterprise Management Associates.
Shamus McGillicuddysenior analyst for network management, Enterprise Management Associates
"Our research shows that a lot of networking guys don't become aware of shadow IT adoption of SaaS until they get asked to support it because something is wrong," he says. "So networking teams don't have control, but they get blamed."
In addition to relying on traditional sources for performance data, such as firewall logs or traffic data from switches, network managers can deploy synthetic monitoring tools to better understand the user experience with cloud-based services. Synthetic monitoring tools use probes at various network locations to perform ping tests in order to check application response times. They also conduct tests to see how long a Web-based presentation takes to load in a browser window, for example, among other tasks.
But McGillicuddy does not believe SaaS providers need to provide full visibility into their networks. That doesn't mean letting them off the hook, however, if your network monitoring software and tools detect a problem on their end that violates your service-level agreement (SLA).
"You're paying for a service -- not for infrastructure," he says. "If you are monitoring your network adequately and assuring that it is performing at a high level -- and you can prove that a specific user experience problem is traceable to your SaaS provider -- then you can make sure the SaaS provider is aware of the problem and fixes it in a timely manner."
Loading the sensors
Stevenson University in Baltimore supplements its network monitoring toolbox -- which includes SNMP traffic monitoring, Windows system monitoring and service monitoring -- with "more elaborate tools," says Robert Hutter, the university's manager of network and enterprise systems.
Stevenson, which has 4,000 full-time students, nearly 1,500 faculty and staff and three campuses, ensures the user experience is optimal by using Paessler's PRTG Network Monitor sensors to simulate common scenarios like logging in and downloading files from the Internet.
"This takes the manual aspect out of testing," Hutter says.
The sensors assist in identifying and troubleshooting other problems as well. For instance, if sensors reveal that users can't log in from multiple campuses, then Hutter knows there is most likely an issue with one of the hosted services or applications the university uses.
"It helps us gain some leverage in enforcing our SLAs," he says.
The ability to do historical analysis is another benefit of sensor-based tools. This data is aggregated and analyzed by the PRTG platform, and in some cases archived for up to a year.
"We can, for instance, review the resource utilization of a specific server over the course of a year or track how our Internet utilization has changed during peak periods," Hutter says. "Without long-term historical data or consistent monitoring, you could be left scratching your head. If you have sensors, you can drill down, troubleshoot and come to a resolution faster."
He recommends being transparent with users about network availability and performance. The university publishes a webpage that lists current, past and scheduled outages.
"Users have learned to check the website," he says. The result: a better and more trusted user experience, even when performance temporarily dips.
Fortifying the firewall
At City College of San Francisco, Tim Ryan, the college's technical operations manager, has had to adapt his IT team's support strategy to accommodate changing traffic patterns with more than 60,000 students and 2,000 staff members at eight locations across the city.
Tim Ryantechnical operations manager, City College of San Francisco
"We used to be able to ensure that everyone had the same experience by standardizing down to the network interface cards and switch port," he says. "Wireless has introduced variation such that every user experience is different."
Rather than invest in even more network monitoring software and other tools, Ryan has his existing fleet of firewalls from Check Point and Palo Alto Networks taking on a heightened role in monitoring the on-premises and cloud-based user experience. In addition to checking fixed permissions, firewalls now determine if latency increases beyond a certain threshold or if dropped packets hit an unacceptable level.
"Both have an obvious impact on the user experience," Ryan says.
The firewalls, which generate over 50 million log entries a day, also show threats and vulnerabilities -- providing additional insight when a virus or malware might also be affecting network or application performance for a group of users.
With more applications like email moving to the cloud, Ryan expects he'll depend on those logs for intelligence even more.
"If our cloud-based applications show slow performance, there will be actionable information available," he says.
For Cross Country Healthcare's Schroth, user experience nirvana will occur when he finds a holistic tool that provides the same end-to-end visibility for SaaS-based applications he has with on-premises applications. His dream: network monitoring that comingles network performance measurements with transaction times at the applications tier.
"I just haven't found it yet," Schroth says.
Quality of Experience: Monitor networks or apps?
Monitor UC apps for a smooth user experience
Everything you need to know about APM tools