Every day, network executives face complex challenges managing the performance of WANs. However, there are simply too much data and too little time to address these challenges effectively. To resolve them, network executives need relevant, meaningful information to help identify the root cause of the performance problems.
New tools, called root cause performance systems (RCPS), are designed to correlate data from multiple sources to solve complex network performance problems.
An RCPS is a metatool that facilitates identification and correction of complex performance issues that occur across an enterprise-scale network. It operates on the global system rather than focusing on individual segments or units, and correlates information from vastly diverse data sources. An RCPS encompasses a full view of a network rather than a specific device or data source.
Traditional tools address problems by trying to simplify the data through TopN Reports: Top 10 protocols, Top 20 hosts, Top 25 SLA violations and others. Unfortunately, many important issues require correlating multiple variables obtained from different tools. While a TopN Report may provide a starting point, it is seldom the final point of data interpretation.
Because there is so much data to analyse, network managers need software that performs logical troubleshooting processes for them with useful recommendations for improving network performance. An RCPS handles this by correlating multiple data sets from a variety of tools, such as topology, configuration, MIB2, Remote Monitoring 2/NetFlow, response times, device statistics, protocol statistics and application statistics.
RCPSs go beyond traditional tools and mine the data to identify unusual and/or suspicious behaviour, anomalous changes, excessive values or variations, underutilized resources, configuration issues, atypical patterns and other issues. It cross-validates data from different sources, and alerts on inconsistencies, and cross-correlates data for root-cause analysis. Upon isolating an issue an RCPS recommends corrective action.
An RCPS typically taps directly into the SQL or flat-file databases of its sources so that information may be exchanged efficiently with minimal configuration – the RCPS can automatically discover much of the information it needs. If a company already has an SNMP poller, the RCPS would tap into the poller’s database (via Open Database Connectivity or a small software push agent) rather than double-poll the devices.
Installation involves placing an RCPS slave component in each network operations centre and pointing it to the different databases, then pointing a master RCPS component to the slaves. RCPSs require minimal configuration, but some tuning – defining logical aggregations and known dependencies – is recommended.
The differentiator of RCPSs is their problem-solving capability. They provide in-depth correlated analysis of network services and recommend improvements.
The purpose of an RCPS is to identify and resolve immediate and future application performance issues across an enterprise network. It is a performance analyst’s primary investigative tool because it brings disparate data sources into a single interface. Whether a performance engineer is given the task of application deployment, resource optimization, performance diagnosis or technology evaluation, the information is readily available. RCPSs also search for problems and solutions independently, providing a dedicated resource to proactive performance management.
Cathy Fulton is executive vice-president and CTO of NetQoS Inc. She can be reached at[email protected].
