Our primary use for nGeniusONE is packet inspection.
Our primary use for nGeniusONE is packet inspection.
It helps out with firewall issues. Aside from having the logs that are just on the firewall, we're able to get the traffic as it's going in between, throughout our network. It isolates end sources that are having issues, where we don't have any other tools that would be able to go down to an end-user's computer to find out what's going on.
It's catching quite a few things. Most of them really aren't a big deal and we should probably adjust our tolerances for them. A lot of the things are nice to know about but we really don't dig into them because they're not a huge deal.
As far as bigger issues go, it catches those on a weekly basis. That's how often we find something big enough that the only reason we know about it is because of the nGeniusONE. The bigger issues are mostly security-type issues: odd traffic leaving our network or coming into it, that has found its way past a firewall.
When we first got it, we used a lot of it for DDoS attacks to be able to find out where they were coming from, because we were able to actually see the packets and then get all the IPs. That enabled us to block sections of traffic that were constantly hitting us. After that it's server issues, router issues; just about everything.
Apart from the packet inspection, just being able to drill down into traffic is helpful to see where it's coming from, where it's going to, and everything that's going on with it.
We mainly use it for the packet inspection, but when we come across problems with traffic in general, we're able to isolate a source and the find out where, along the way, we're having the issues, because we're able to see deeply into the packet.
Starting off with the broad scope of everything that you're seeing, they have it set up pretty nicely, where you just keep drilling down into it by further clicks. It's pretty logical the way that it's set up. It's more like humans are meant to use it, instead of bots. I like it.
I'd like to see the nGeniusONE, the nGeniusPULSE, and the OptiView, their three separate products, work a little better together, a little more streamlined. We can hook up an OptiView to our system and it will bring it up on our nGeniusONE splash page where we can go and click on it. But we can't really use the OptiView functionality with the nGeniusONE functionality as far as throughput tests go.
If we wouldn't have to have multiple OptiViews throughout our system, and we could just have one that connects straight back and does all the functionality with nGeniusONE that two OptiViews do, that would be awesome.
Another thing that would help out is if they packaged the NetFlow monitor into nGeniusONE. Their NetFlow monitor works with nGeniusONE where you can actually get the netflow of pretty much anything you hook it up to. But it's a separate box that you have to buy. If there was a way that they could package that into nGeniusONE, it would be a complete package straight out of the box. It does a lot for you without it, but with the NetFlow monitor, in our situation, we'd be able to replace three other tools right off the bat.
We haven't had any issues with it going down or not working. The server that we're using is our own server and we have their software loaded onto it. All the issues that we've had have been our actual server. We had to replace our server once because it died on us. But as far as the software and the actual NETSCOUT appliances that we have going to the nGeniusONE go, like the Packet Flow Switch, etc., we haven't had any issues with them since I've been here, which is three years and counting. It hasn't had any downtime that was not scheduled.
We can definitely scale it higher. There's a lot more that we've found that we could be hooking the nGeniusONE up to. The possibility is there. The only issue we have is our bureaucracy.
As far as what it could be doing for us, if I had my way we'd have it taking care of everything. It's just a matter of getting it done. But the option is definitely there. We're using it mainly just for data center and core stuff, but the option is there to send it out to our distribution nodes as well.
For any issues that we've ever had, we've gone directly through our sales engineer and directly with NETSCOUT. As far as customer service goes, getting everything set up, and with any issues we've had since we started using the nGeniusONE, they've always been great with helping out and getting us completely taken care of, without having to go to a third-party.
Typically the response time is same day, depending on when I call or send an email. I understand that they've got other clients, so 24-hour turnaround is what I've experienced. It's been really good, and that's going directly to our account rep and our sales engineer. The times that I've gone to NETSCOUT technical services, I have been on the phone waiting for an engineer to help me out for five minutes, if that. The customer service part has been really good.
The last issue was doing an upgrade on our nGeniusONE server. We were having some issues with getting the upgrade to take on the server from our end. It turned out that we missed an upgrade in between. That's when we called up the technical support and they actually had us upgraded in about 30 minutes after the phone call was made.
I can't remember the name of it, but it pretty much gave us packet flow and some type of visibility into them, but it was so spotty that it wasn't reliable. They had that solution in place for about eight years, but because it was so unreliable as far as getting the actual traffic that you wanted to see, and getting the information that you were trying to get out of it, that nobody really used it.
From what I understand from the people who were using the previous solution before I got here, when they got it set up people tried to use it and it was kind of a mess and the workflow going through it was just not very well thought out. Once you finally got into it, you could see some stuff, but you couldn't ever see, what you were trying to find. People just gave up on it and it sat there. They renewed the contract on it once and when that contract expired we started looking around and we came across NETSCOUT.
I know when they ended up getting the nGeniusONE, the main reason they got it was for the actual packet inspection. We originally had it set up on the outside of our edge firewall to get visibility into all the traffic that was coming in before the firewall blocked it. A lot of the firewalls at the time wouldn't give us that information. So we'd block traffic, but we could only see some of it, and if we were getting a DDoS attack on it, we wouldn't see everything that came through. That was one of the main reasons that they wanted the nGeniusONE, to see all that information.
We've since repurposed it from that, after we realized what kind of traffic we were seeing and where it was coming from. We were able to mitigate a lot of that and we don't have the effects of the DDoS attacks like we used to. So instead of monitoring a little bit of our inside and everything coming in, we've turned the nGeniusONE to monitor everything within our network, not really caring about anything trying to come in anymore because we've upgraded our firewalls as well. It's actually getting us a lot more functionality now than it did three years ago. It's been nice that we've been able to repurpose it, and doing that has actually been pretty easy.
I wasn't actually with the company when they did the initial setup for the nGeniusONE. That happened about a year before I started. I know that typically, you can have it up and going within a couple weeks.
We're currently in the process of repurposing it again and we're adding an SDN networking solution. We're getting into all those leaves and switches that are back there. We've torn it down and we're rebuilding it so we can get information about what's going on in there and in the rest of our data center.
When they first got it, everyone loved what it did, seeing the outside traffic come in. When we moved it into the actual interior of the network, we were able to pick up a lot of issues before they really manifested: packets dropping and errors going across. We have been able to dig into stuff before it actually becomes a problem where people are really noticing that something is going on.
So it's cut down our troubleshooting time and response time to actual issues within the network itself. In my opinion, we've been able to solve problems before they've become a big issue. That's the main reason anybody would want visibility into their network: If you have fewer people yelling at you, you're doing your job.
There's a five-minute lag time for the dashboard to update itself, but we're able to see if there are any significant changes within every five to ten minutes. Before, our response time would be when an end user actually got to the point of getting annoyed with it and then called in. Typically, that would be 30 minutes down the road, after they'd tried all their troubleshooting, and then they would call in to our basic troubleshooting helpdesk and have to go through things with them for another 15 minutes. So as far as end users are concerned, we're able to work on issues about 45 minutes faster than before because we're able to see the problems that they'd be encountering before the users have to make their way through the channels to get them fixed.
If you're looking to implement it or to purchase, once you actually see the usability of it I think the decision will already be made. If you're looking at other similar options, I would definitely advise looking into NETSCOUT and the nGeniusONE, along with all the other NETSCOUT products; at least the ones we've used, the OptiView and the nGeniusPULSE.
I really feel that anybody who has contacted NETSCOUT to look into purchasing it, and has seen demos and proofs of concept on their own networks, for the most part, will end up purchasing it, regardless of what anyone says. They'll be able to see exactly what it's doing for them and what they didn't have visibility into before. The product pretty much speaks for itself.
In terms of increasing usage, that's why we ended up getting OptiViews and the nGeniusPULSE devices and server, to take care of some of that load in a less expensive way. It's cheaper for us to be able to use nGeniusPULSE devices out on remote sites than to use a virtual NG1 out there, or to have multiple OptiViews. But if we need to dig down into stuff, we have the options there through NETSCOUT products. That's one thing that they've done well. If you don't have the money to put nGeniusONE devices out everywhere, you can get some of that functionality through different products at a cost that's more reasonable.
We have five people using it on a daily basis. Their role is pretty much monitoring, for the most part. We have it set up to get all of the traffic that we want for application services, etc. But for the most part, it's just a monitoring role, and when there is an issue we just dig down into it from there. They are the same people who are dealing with the maintenance.
I would rate it a nine out of ten and the reason is the integration issue with OptiView and the nGeniusPULSE. If they made it so that the nGeniusONE product would be able to do traffic testing with the OptiView, at that point it would be perfect, for what I use it for.
Learn More about NETSCOUT