IT organizations are constantly trying to optimize operations and troubleshooting activities and for good reason. Once established, end users' perception of "slowness" can be hard to get rid of. According to research that Enterprise Management Associates (EMA) performed in late 2016, 41% of organizations surveyed spend more than 50% of their time responding to network and application performance problems.
This is obviously a large source of time and energy. It can also be an unwanted high-profile activity. Let's look at one example for the medical industry. Networked applications, such as electronic medical records (EMR), are vital for hospitals to provide outstanding service to their patients and physicians. These applications enable 24x7 application transaction monitoring, packet storage, and network analysis, while providing integrated software add-ons for dependency mapping, SNMP reporting, database monitoring, and pre-deployment application testing.
However, a networking team can often not be aware of slow response times on the remotely hosted EMR application until a physician or someone else calls in to complain. Once the problem is identified, it takes time to get troubleshooting equipment into place to sort out if the root cause of the issue is the application or the network.
A simple solution to the problem is to add taps and network packet brokers (NPBs). Taps can be inserted anywhere in the network, They make a complete copy of all traffic between the network data flow and your monitoring tools (or NPB) to improve the quality of monitoring data and time to data acquisition. Once the tap is installed into the network, it is a permanent passive device that gives you constant and consistent access to your critical monitoring data. This means that in most cases, you don't have to ask the Change Board for permission to touch the network again. You touch it once to install the tap, and then you are done.
Next, you will want to deploy a NPB between those taps and the security and monitoring tools to optimize the data sent to the tools. You can plug in (as well as unplug) whatever tools you want into the NPB with no impact to the network. With the NPB, you can perform data filtering, deduplication, packet slicing, header stripping, and many other functions to optimize the data before it is sent to your application performance management (APM) tools. It is not uncommon for 50% or more of the monitoring traffic to be duplicate packets, especially if you are pulling data from a SPAN port (instead of a tap) or have overlapping data taps in your architecture. Duplicate packets are bad because they can decrease the processing efficiency of your APM tool. It can also lead to less available on-board storage capacity for useful packet data (essential for "back in time" analysis).
Just by implementing taps and NPBs, it is possible to reduce your mean time to repair (MTTR) by up to 80%. A significant portion of that time reduction comes from the reduction (and probable elimination) of Change Board approvals.
In the end, some of the benefits of this type of monitoring architecture include:
■ Complete network traffic visibility for application performance analysis
■ Faster troubleshooting that reduces problem isolation from days to hours
■ Proactive observation and resolution of issues before they become problems
■ Improvements in the efficiency of APM system by removing duplicate packets
■ The elimination of interference with other department's network probes thanks to SPAN and tap sharing
■ Easy access to data to perform application performance trending
■ A reduction in your MTTR and other key performance indicators — due to focused root cause analysis