The network is the unsung hero of any business; transporting information — actually, business value — to and from every resource, application, and employee, functioning quietly and invisibly in the background. Until there is a problem, that is. Then the resource everyone takes for granted is a major problem, a topic of great interest. Avoiding becoming the subject of that kind of discussion is one reason why IT professionals spend so much effort ensuring their network is stable, high performing, and secure.
The central network used to be the IT professional's primary concern. Now, remote and edge networks are a vital part of every organization. Savvy businesses monitor network performance and security all the way to the edge, giving them key insights on how to optimize business and improve operations. But, what type of analytics help drive this intelligence? Let's look at 10 key insights worth monitoring from remote networks.
Network Performance Metrics
The reliability of networks has increased over the last decade even as they have become more complex. Balanced against this increased reliability is the staggering expense of any network downtime or performance degradation. At the end of the day, an organization with fewer – but more costly – issues will find visibility into key network performance metrics is even more critical than it has ever been.
There are four metrics that determine acceptable performance of a distributed network and its activities:
1. Network Bandwidth: Approaching maximum network capacity is a vital indicator of an impending problem. Identifying which users, applications, or protocols are using the most bandwidth enables organizations to manage their network resources wisely and act on bandwidth issues quickly
2. Packet Loss: A well-performing network has little or no packet loss, so even if retransmits mean that no data is lost, substantial packet loss is a useful indicator of network congestion, link failure, or hardware/software issues on network devices. It isn't enough to know that packet loss occurred; seeing the issue as it happens and understanding the root cause means the right action can be taken quickly and effectively.
3. Latency: Latency issues impact productivity and decrease user dissatisfaction. The severity of the effect and user expectation vary from one use case to another. For example, sensitivity to latency for applications like financial trading is much higher than traditional web applications and VoIP. Once you know the accepted latency for your network and applications, then when it goes beyond the threshold you know to pay attention.
4. Errors Rate: Ideally, all packets would arrive to their destinations intact, but, a small fraction do not. The error rate is the percentage of bits or packets that are lost or damaged during delivery. Measure error rates when traffic levels are high in order to have a good understanding of error rate risks. The impact of even small error rates can be large since it can produce a major impact in throughput for applications.
Application Availability Metrics
Networks and applications are inseparable. Network congestion and application latency increase as the data has further to travel between locations. For distributed networks with remote locations, this distance can be a particularly challenging hurdle for application performance and availability. Bandwidth bottlenecks can cause critical applications like VoIP, WEB, ERP and CRM to slow down. Insight into applications at their operational location will speed up application incident analysis and resolution.
IT professionals require application awareness combined with overall network visibility; otherwise they risk being confronted with the signs and symptoms of an issue without the ability to identify and address the root cause.
For edge networks, the following application metrics are needed:
5. Application Performance: Poor application performance impacts user experience, productivity, business transactions, and most importantly, revenue. Real-time insight into application performance metrics such as throughput and response time allows organizations to know the status of each one of their applications wherever they are being used.
6. Application Responsiveness: Every application has an "accepted" response time. Significant deviations from this baseline directly reduce application usability. Measure response time per application to optimize quality of service, manage resources, and ensure application usability.
7. Application Distribution: How can you know if there is an application issue without first learning which applications are in your network? Are social media activities slowing down your entire network? Who is using which application on a daily basis? Visibility into application locations allows insightful business decisions and ensures compliance with policies and SLAs.
Security Metrics
Enterprises, under constant threat of attack, have implemented systems for prevention and detection of security threats. This isn't enough. Security incidents can and will occur, and when they do, the investigation into the breach must be timely and comprehensive in order to rapidly understand, contain, and eliminate the attack.
Network-level information critical for speedy breach forensics and productive investigations includes:
8. Network Packets: Investigations without access to the original network packets that carried the intrusion are invariably less effective. Logs and binaries on drives and memory can be altered or deleted, but packets contain critical information about the attacks, attackers, and information transmitted even before the attack initiates. It is a saying among security investigators: "packets don't lie."
9. Long-term Packet Availability: The challenge all enterprises face is that more often than not attacks remain undetected for weeks or even months. With this much time without discovery, attackers are able to inflict higher levels of damage and disguise themselves. Long-term packet-level information is required for effective security investigations of these most damaging breaches.
10. Decryption: For obvious reasons, today, most of the network traffic is encrypted and the percentage is increasing as security becomes a serious concern for most organizations. Without visibility into packets and their content, investigating a breach is not feasible. Having visibility into encrypted traffic eliminates blind spots and enables effective incident investigation.
The ability to actively monitor and act on performance, application and security data is critical for IT professionals today. For organizations with remote locations, the performance and security of their entire network is largely reliant on visibility into these ten metrics.
Mandana Javaheri is CTO of Savvius.