We are pleased to share with you all an interesting article contributed by Ari Chakrabarti.
The Monitoring Dilemma:
Is Your Networking Monitoring Strategy Still A Silo-ed One?
Monitoring has been always like the step child with the networking team; sometimes it’s a long battle to figure out which team will be responsible for funding a network monitoring initiative; security, business or networking. If we somehow figure out the funding part, the next question is, do we require it, and aren’t my SNMP tools and other freeware which does basic checks, not enough ?
Well, its time for a reality check; time to really rethink the monitoring strategy that most of the companies have been, in some way ignoring for a long time or not having enough focus on this critical aspect of the networking that can provide more value for every dollar you spend on it.
Most of the time we understand the criticality of proper network monitoring solution only after going through a network attack or experiencing a major network outage. So it’s time to ask your network administrators:
Just as an example, let’s recap some of the losses we have seen in the industry due to lack of a proper monitoring tool. Again, these are just few examples of many out there.
Sony Loss: $171 million 2011
Sony is by far the most famous recent security attack. After its PlayStation network was shut down by LulzSec, Sony reportedly lost almost $171 million. The hack affected 77 million accounts and is still considered the worst gaming community data breach ever. Attackers stole valuable information: full names, logins, passwords, e-mails, home addresses, purchase history, and credit card numbers.
Citigroup Loss: 2. $2.7 million 2011
Citigroup was not a difficult target for hackers. They exploited a basic online vulnerability and stole account information from 200,000 clients. Because of the hacking, Citigroup said it lost $2.7 million. Just a few months before the attack, the company was affected by another security breach. It started at Epsilon, an email marketing provider for 2,500 large companies including Citigroup. Specialists estimated that the Epsilon breach affected millions of people and produced an overall $4 billion loss.
Stratfor Loss: 3. $2 million 2012
Last Christmas wasn’t so joyful for Stratfor Global Intelligence. Anonymous members hacked the US research group and published confidential information from 4,000 clients, threatening they could also give details about 90,000 credit card accounts. The hackers stated that Stratfor was “clueless…when it comes to database security”. According to the criminal complaint, the hack cost Stratfor $2 million.
The million dollar questions for the CFO/CTO; can you afford to make the same mistake again.
Benefits of a Well Designed Monitoring Solution
Monitoring can help detect failure or abnormality before they really becomes an issue, administrators can be notified through emails, texts, emails or a network message. Administrators will be notified of any problem on the network allowing them to remediate the network immediately. Lack of a proper network monitoring solution, force them to manually examine the network or wait for the issue to be reported for them to work on a remedy.
Better Replacement Strategy
Monitoring enables you to study a persistent problem much closer. If a piece of hardware is constantly tripping, it may be the time to plan a change. The same would apply for a constant crashing service if a service or a particular application is frequently crashing, it might be a good idea to look into troubleshooting the application.
Self-Healing Networks by Proactively Diagnose Issues
Monitoring enables you with a proactive approach without which you may not be able to predict the problem before poses a real threat. Network monitoring will help you pinpoint the root of failure, saving you time and money when having to diagnose the problem.
Monitoring reports can help you spot trends in system performance, demonstrate the need for upgrades or replacements and prove your value, by documenting the otherwise ‘unseen’ work that keeps the IT systems you manage, in top form.
Remediation of problems, anytime, anywhere
Monitoring products provides web based single pane of glass administration; most of the time. These offer support for any server or workstation in your environment. Apart from providing a much faster service, web based access also saves you a lot time/money without having to commute to branch offices or customer sites.
Monitoring optimizes network availability by monitoring all aspects of your network, including servers, workstations and network devices and applications. Whenever a failure is detected, you will immediately be notified through alerts allowing you to take remediation action in a highly efficient manner.
Safe Guarding Revenue Loss by Preventing Outage
Monitoring products identifies issues faster with instant alerts, pin point root causes, eliminate the need for manual checks on event logs, backup systems, antivirus systems, hard disks and other devices. Having a network monitoring solution avoids the need of complex and expensive systems. All this in turn facilitates cost saving by preventing outages.
What it takes to Migrate or Adopt a Next Gen Monitoring Solution
A survey by IDG reveals what it takes for the customers to move to a new monitoring tool as depicted below.
As per another study by IDG, the diagram below represents customer feedback on current monitoring solutions and their take on ROI justification for additional network monitoring spend.
Traditional Monitoring Tool vs Fabric Based Monitoring Solutions with the above Migration/Adoption Criteria in Focus
As the title suggests, this discussion is about a "Total Solution" vs "Legacy Tools based Approach" with IDG’s key metrics in mind. The age of those box based monitoring tooling approach has gone. The time demands more agile, flexible, stretchable, extensive, ubiquitous Monitoring Fabric.
Typically the legacy monitoring tools are very sticky to its physical location, which means if they are located in one Datacenter and you plan to come up with another Data Center; we generally have to replicate the tools and thereby invest on the same set of tools to maintain consistency/symmetry in your datacenters for monitoring your network. Needless to say these niche tools are pretty expensive and gets even more expensive when we have to replicate the same set of tools at different locations.
The advantage, that a Fabric Based Networking approach can bring to the table is not only just reducing the CAPEX by not having to invest in replicating and purchasing the same set of tools for different physical locations but also making the fabric based solution more programmable. Programmability of the solution will help customers embed it in their home grown solutions/tools and also the same programmability will help with having the tools sets from different vendors exchange state information with each other creating a perfect harmony. The real gain is not just CAP/OP-EX reduction but also in network wide visibility with ubiquitous fabric.
Now, it’s not like the industry don’t have a compelling monitoring solution with all the bells and whistles you need for a day to day network monitoring. There are companies like Gigamon, Apcon, Arista who all provide networking solution that customers use today for monitoring; but all these tools suffer from the same quandary; the box by box approach, costly and non-scalable.
The one solution I have been playing lately and am pretty impressed with is from BigSwitch Network, it's called Big Monitoring Fabric aka BMF. What BMF solves is the core architectural issue that we see with traditional box by box approach and its also adds the flexibility that the traditional vendors lacks with the introduction of Fabric Based Monitoring approach. A pair of Northbound Controllers are responsible for managing, provisioning and maintaining the Fabric; the Fabric on which rides all the monitoring data with a X86 DPDK based Service Node for specific functionalities like De-Duplication, Packet Slicing and Deep Packet Inspection. These provides a comprehensive “Total Solution” that stretches across Data Centers, Colos, Remote Branch offices and helps in consolidating and centralizing the “Tool Farms” for customers thereby reducing the CAPEX and providing a compelling TCO. The Fabric is a SDN Fabric with Zero Touch Patching/Upgrade.
The Fabric comprises of inexpensive White or Brite Box switches providing a compelling solution to scale from 1G to 10G, 10G to 40G and from 40G to 100G without a rip and replace approach. Its provides an easy migration path from 1/10G to 40G and 100G network monitoring with its unified ports concept which can work in 1G/10G/40G/100G modes, just by changing the transceiver on the ports; thereby protecting the investment. It can play in a brown field deployment too as it enables you to bring any existing Network Packet Broker (NPB) tools to the Fabric through its Service and Delivery Ports.
To sum it up; the monitoring industry needs a better approach than a traditional legacy box by box approach; what BMF solves is the inherent architectural issue that common with typical competitors; BMF is pretty impressive monitoring solution which addresses and introduces the lacking Fabric based approach to the network monitoring world.