With all the talk of big data and its potential uses, there's little said about the heavy burden that collection, management and analysis of massive amounts of data places on the networks used to carry it.
While the potential uses and value of big data can be huge for an organization, a majority -- 69 percent to be exact -- say that big data initiatives are significantly impacting their network performance, as reported in a 2013 TRAC Research study. With so many operational functions relying on the network, outages and downtime are not acceptable, and we certainly don’t want new big data solutions to contribute to the problem. To maintain a high performing network in the presence of big data, organizations must make network performance management (NPM) data more actionable.
Why is that? Let me explain.
What is Actionable Data/Analytics?
As the name implies, “actionable data” is information that can and should be acted upon. The key with actionable data is in deciding what data to present and how best to represent it so that action can be taken quickly. Action typically takes the form of following cues from the data representations and digging more deeply into the data on the basis of business relevant metrics, with results returned to the user in a highly responsive manner.
When it comes to networks, organizations install software and appliances to monitor network activity 24/7 so that they have a record of everything that’s traversing the network. Capturing all of the network data gives IT engineers the precision they need to assess service level agreement (SLA) compliance, perform capacity planning or compare network behavior with previous baseline measurements.
These systems are designed to recognize specific conditions on the network that indicate problems. Analytics showing irregularities on the network are called actionable analytics. Actionable analytics are automated and provide the analysis without the user having to ask for it. Network administrators are notified of these irregularities through the user interface (UI) or, more often than not, through out-of-band communications like emails or texts.
What Does Actionable Analytics Mean for IT Departments?
Network administrators and IT engineers are busy. They spend their days managing, monitoring and troubleshooting all of the activity and issues that occur on a network. They’re so busy, in fact, that they don't have time to sit in front of a network analysis console all day. And the introduction of faster networks, at 10G, 40G and even 100G, and the large volumes of data traversing networks, make this increasingly difficult. As a result, organizations must rely on solutions to analyze all of this data for them and to provide actionable insight for IT engineers that identify irregularities that deserve attention.
Actionable analytics optimize the efficiency of troubleshooting network issues and enhance the productivity of IT engineers, allowing them to focus on their strategic projects instead of spending time on troubleshooting. Additionally, network administers and IT engineers are not working at the office 24/7, but networks are still operating and there is still the potential for something to go wrong. Software does operate 24/7 and performs its function around the clock, providing alerts for problems that need an urgent response. This helps engineers manage network issues as they happen so that they don't turn into larger problems over time.
The two main benefits for network administrators are that (1) the analysis is done in advance for them, and (2) it is automatically brought to their attention.
Key Challenges for Making Data Actionable
The TRAC Research study referenced above also found that the most pervasive challenge for making data actionable was the time spent correlating performance data (63 percent). While the other top challenges included the amount of performance data that is not relevant (61 percent), followed by the number of false positives (42 percent) and the number of false alerts (32 percent). The good news though is that there are ways to make network data and analytics more actionable.
Correlating Performance Data
In network performance analysis, three key metrics rise to the top when it comes to data correlation -- utilization, users and applications. Being able to correlate any combination of this data together, for example isolating the network utilization of a single user of a single application over a span of time, significantly simplifies the analysis task at hand. Since no system is smart enough to predict in advance the data a network analyst needs to correlate, the UI for the analysis system must provide a simple and intuitive mechanism to quickly choose various data sources and metrics and update analytical results to quickly reflect the choices made by the analyst. Correlation is typically the first critical step in isolating the specific data that requires more detailed analysis.
Irrelevant performance data
When it comes to high speed network analysis, you never know what the problem will be, so you need to collect all of the data on the network to be prepared. But once a specific problem is identified, or even suspected, you’re left with a tremendous amount of irrelevant data. Correlation is key in identifying problem areas, but it’s filtering that helps eliminate irrelevant data and provide focus in a specific area.
Filtering can be done at several levels. First, it can be done at the collection phase. If you know some of the characteristics of a problem, you can easily define a filter that only collects the relevant data, allowing more system resources to be dedicated to analysis and leaving more resources for data storage. It is sometimes prudent to have two active data sessions, one collecting all network traffic, just in case other problems surface and one filtering the traffic down to isolate one specific issue.
Filtering can also be done as part of the data analysis. All network data is still captured in this case, but specific data can be filtered and re-analyzed, generating results for only the relevant data. In both cases, filters must be able to be defined and applied easily, and in the case of analysis filters, results must be generated quickly based on filtered data.
False positives and false alerts
Pre-set alerts don’t always tell the whole story of a network, which fluctuates naturally based on several factors including time of day and special events. Busy IT personnel only want to spend time responding to true problems. Sophisticated alerts and notifications can help ease the network monitoring process. These allow users to specify dependencies between indicators, which reduces false alarms, while ensuring that IT is alerted to problems that need to be addressed. But since every network is unique, it is well worth the time to tune alerts and notifications to reflect the typical characteristics of your network.
Big data may be contributing to network performance problems, but it is also providing a solution for network performance analysis. As networks grow in size and speed and the number of metrics being monitored grows, network performance data creates an opportunity for big data solutions. Making data more actionable is a key tenet of big data, and it’s actionable data that keeps IT organizations nimble and responsive, even in the face of expanding networks and contracting IT resources.