As an IT or network manager, it is most important for you that your users enjoy high productivity from their IT systems. This in turn, depends on how your IT infrastructure is performing. And with enterprise IT architectures undergoing major changes to support VoIP, cloud-based services and virtualization, network professionals are under continual pressure to provide improved application performance.
So today’s network manager really needs to understand application performance, whether it is to help developers understand what will work on a network, spot poorly performing applications before users feel the effects, or deliver LAN-like application performance over the WAN to remote users. Traditional network monitoring tools alone are no longer sufficient. A new approach, mapping the application path through the network and measuring performance along the way helps us solve current problems, analyze trends and plan future network or application changes.
This opens the doors to the adaptive WAN – a wide-area network that can support business change by adjusting to suit as the mix of applications changes. In order to have an adaptive WAN, you need to be able to measure what is going on over the network, so you can respond to network changes or congestion, for example by adjusting quality-of-service (QoS) parameters or adding bandwidth shaping.
The visibility challenge
WAN optimization products enable you to do things that were not practical before – consolidate branch office IT into a central data center over intercontinental distances, say, or replicate data to a remote disaster recovery site over a Gigabit connection.
However, they also bring new challenges, especially when it comes to network monitoring and management. That is in part because WAN optimization can distort key network and site statistics, for example by disguising traffic or changing the packet headers, and in part because when you accelerate or optimize in one area, it can create unexpected side effects elsewhere – in some cases it simply moves the bottleneck.
And of course before you optimize, you need to know what to optimize and where. As the saying goes, “You can’t manage what you can’t see.” That in turn means you need to know what is running over the WAN, where it is coming from, and what the key problems are – for example, whether it is latency, packet loss, bandwidth congestion, etc.
The need for IT security
Further, IT managers also very commonly find applications on their WAN that they did not know, were there. Most of today’s security tools focus on prevention – of unauthorized access, unwanted activity and so on. But in order to prevent something, we first have to know that it exists and is happening. In other words, we need the ability to detect the unidentified. As threats multiply and become more targeted, we can no longer rely on relatively static tools based on industry-wide shared signatures that represent known vulnerabilities including insider threats.
That is why analysts such as Gartner recommend that enterprises re-balance their security priorities and investments to boost monitoring and threat detection effectively. The challenge is that in most cases we have to work out for ourselves what malicious activity looks like on our network. This can require significant effort to reduce the number of false positives, tune detection systems to suit local environments and include context.
Security – networking convergence
This is where behavioral analytics add the critical value. This reflects and demonstrates convergence between networking and security operations. The two are no longer separate nor can they be – security needs to be intrinsic to the network, not an afterthought or add-on. Typically, one can look for one of the following types of behavior revealing potential security problems.
Protocol – packets that are too short, have ambiguous options or breach specific application layer protocols. These may result from host-level attacks
Rate-based – such as traffic floods, which typically signify a denial-of-service attack
Relational or behavioral – involves changes in how hosts or groups of hosts interact on a network. These can indicate a range of problems, including malware and insider abuse.
Therefore, we need a tool that successfully addresses the following five significant areas in network management:
– Proactive monitoring of application and network performance, with alerting;
– Troubleshooting, with the ability to drill down from the high-level status alert and analyze a problem at the server or even the packet level;
– Discovery and dependency mapping, detecting which systems and applications are using the network and how they relate to each other;
– WAN optimization, analyzing and assessing performance problems and determining what needs to be optimized and where; and
– Security, detecting network attacks and abuse, and finding potential problems, by looking for anomalous behavior.
Adaptive WAN and business services
It is understood that in order to have an adaptive WAN, you need to be able to measure what is going on over the network, so you can respond to network changes or congestion, by adjusting quality-of-service (QoS) parameters or adding bandwidth shaping. Reactive WAN management is therefore giving way to continuous assessment, where IT aims to stay a step ahead of problems and changes, dealing with them before they affect users enough for them to complain.
The result is a WAN adapted to the critical services that need to run across it, plus the ability to monitor and manage application performance globally. Then, as service loads, customer demands or WAN resources change, the network can be re-tuned to suit the requirement. With an adaptive WAN model, organizations can successfully address all concerns that arise around their IT infrastructure’s optimization and security.
Robert Healey is Marketing Evangelist, APAC and Japan, Riverbed Technology.