News Stay informed about the latest enterprise technology news and product updates.

Using network flow analysis to improve troubleshooting and performance

Using the network flow monitoring and network flow analysis capabilities of Stealthwatch, a regional blood center improved overall network troubleshooting, performance and reliability.

A regional healthcare organization improved its network flow analysis and network monitoring capabilities by upgrading legacy network switches and deploying flow-capturing probes in remote locations.

The Puget Sound Blood Center (PSBC) in Washington has for several years used Stealthwatch, a network flow monitoring product from Lancope that collects and analyzes packets and NetFlow and sFlow data in order to detect network anomalies and to monitor network performance. PSBC's manager of network services, Vickie Dahl, said Stealthwatch's visibility into her network was originally limited by a lack of probes deployed in remote locations and by a legacy Cisco switching infrastructure that didn't support NetFlow, limiting the ability to collect IP traffic information.


"The system was in more of a passive mode where it would capture some data, but after the fact," Dahl said. "There was no real-time monitoring, and we could not drill down to the user ID level like we can now."

PSBC gained better visibility into the network by upgrading to new HP ProCurve switches that supported sFlow monitoring and by adding probes in remote locations that could collect data in real time.

"Now that we've updated all our equipment, we run sFlow on our HP switches and NetFlow on our Cisco routers," Dahl said. "That allows us to see all the activity that goes on across our network."

Network flow analysis has improved troubleshooting processes at the blood center by allowing the networking team to quickly assess whether an issue is network-related./p>

"If a user calls the help desk and says the network is slow or [he's] unable to reach a website or having trouble with an application, using Stealthwatch, we can dig right down to that user's computer and … see every connection and process [he's] running," Dahl said. "Whenever there is slowness or a problem with an application, everyone always blames the network. Now, we are able to show every step and every connection that a user is making in real-time, and we can show that there is not a problem with network connectivity or bandwidth.… The bottleneck is in the application or happening on a particular server."

Peggy Dunn, the blood center's IT director, said network flow analysis allows her organization to quickly rule out the network as a root cause of most problems.

More on network flow analysis and monitoring
Learn how one organization used network flow analysis to solve bandwidth congestion.


Using network flow analysis to establish a network performance baseline.

Dig into the myths and realities of network monitoring: What really works?

"Network services can rule out that it's a network problem," Dunn said. "Then they can escalate it to an applications or database person. Usually, it goes to the database administrator, and she can take a look at what database that person is trying to access, using some of her own analytical tools. If she can rule out that it's a database problem, then we'll bring in a programmer [to] review the application and see if it's the source of the problem."

Dahl said Stealthwatch's dashboard view allows her team to detect network events in real time. If malware infects a PC on the blood center's network, an administrator can detect the unusual network activity associated with the infection and identify the infected device quickly for remediation.

Having flow-based network monitoring is critical, Dunn said, because her organization does more than simply collect blood and deliver it to healthcare providers. The Puget Sound Blood Center's patient management application, the Blood Establishment Computer System, processes patient information and tracks blood and tissue donations at 185 hospitals across the northwest United States. Because its systems deal directly with patients across so many hospitals, network reliability and performance are critical, she said.

"We have no tolerance for downtime whatsoever," Dunn said. "So having the ability to monitor our systems so they are available all the time was critical, because we're serving patients, not just hospitals."

Let us know what you think about the story; email: Shamus McGillicuddy, News Editor

Dig Deeper on Network management software and network analytics

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.