YAO (Yet Another Optimization)

Getting the most out of your monitoring technologies

Sure – you’ve heard of WAN optimization, server optimization, and even storage optimization, but the need for optimization also applies to your management technology -- especially packet-based network, application, and security monitoring and analysis tools.  Tools operating on a packet basis are typically high-powered, often appliance-based, and usually more expensive than alternatives which operate data from agents, and they can and should be optimized.

Last fall, Enterprise Management Associates conducted a research study to better understand current challenges and best practices in place for optimizing the placement and utilization of packet-based monitoring tools.  We had over 150 participants in this research and the goal was to understand how network and security operations teams were getting by with their monitoring tools and practices.

Perhaps the most striking result was the finding that less than 20% believed they had achieved sufficient monitoring coverage for their managed infrastructure. Key reasons for this were a lack of network access to SPANs and TAPs (42%), sub optimal tool deployments due to insufficient budgets or insufficient capacity (72%), and lack of staff or staff skills (24%).  More money, more bodies, and more training certainly would help, but without them we are forced to optimize what we have on hand.

Another big factor affecting deployment of packet-based monitoring today is  the growth in 10G deployments.  According to our research, only 35% of respondents felt they had this nailed.  Most security and network monitoring tools today are designed to handle 1G pretty well -- 10G tools are available, but by and large are much more expensive than their 1G brethren.  So if you can find ways to keep your 1G tools working as long as possible, you’ll win big points with the boss and with the finance department.  

There are two key approaches to extending 1G tool life – media adaptation and filtering.  Media adaptation is pretty straightforward – you need an access device (typically a tap, but this also applies to using a SPAN port on a switch) that can provide a 1G feed to the tool while supporting 10G on the back end.  This works great as long as total traffic volume remains under 1G.  As soon as you exceed 1G, then you’ll need to start applying filters so that you can cut down the volume of traffic coming into the  tool, focusing on those portions of the traffic that are most important for that particular tool’s function. 

Media adaptation and filtering can be accomplished via SPAN (a.k.a. switch port mirroring) however the big challenge is that SPANs are limited to two per switch.  Plus, they are difficult to configure – according to our research, 36% of shops say that insufficient staff skills with CLI is a major barrier, followed by issues such as staff bandwidth, access to network links, and the sheer time it takes for administration. 

A viable alternative exists in the use of intelligent access devices, sometimes called intelligent taps, matrix switches, or using our new terminology today “monitoring optimizers.”  These products are available from vendors such as Anue Systems, who sponsored this research project, and stay resident in the network, providing the ability to have multiple tools access the same stream of network packets from a single instrumented link or a combination of several links.  They go further by allowing filtering so that tools can be focused on just the packet streams that are appropriate and/or are of interest for their particular purpose. 

This isn’t new – these tools have been around for awhile, but what is new is the trend towards  these solutions offering GUI-based configuration for connections and filtering, which can greatly reduce the training hurdle and the amount of time required to set up and tune your monitoring technologies.  Anue Systems is putting a big push in the area, and it’s my belief that this trend will continue as other vendors of monitoring optimization tools embrace this opportunity for improving coverage and staff efficiency.

Want more info?  The EMA summary report can be found here, and the sponsor, Anue systems, also has it on their website here.

Have you found new and innovative ways to keep your monitoring tools going while you wait for budgets to be restored? If so, I'd love to hear about them – you can e-mail them to me at jfrey@enterprisemanagement.com

Copyright © 2010 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022