What is our primary use case?
We were looking for something that would tell us what our bandwidth utilization is. My security guy uses it every once in a while to see if an IP address or URL has ever crossed our network. He can get that kind of information from a security standpoint. I know there are other uses that we really haven't used it for, but our primary still remains the bandwidth utilization.
Whenever it happens that my first responders get a call about a problem at one of our 16 locations, it's one of the primary tools that they'll grab to see what it's saying.
Currently, we have Plixer deployed on-premise. We have just recently moved some of our servers to the cloud, and I am looking to talk to them in the next month or two about setting up monitoring on the cloud, because we are on AWS.
How has it helped my organization?
I once got a call from one of my branch operations and they said that the teller line had just frozen up and they just flat were not able to do business. It just wasn't working. I said, "Okay, well let me do some troubleshooting." I grabbed Scrutinizer and looked to see if, in fact, the bandwidth was being slammed pretty hard. It revealed, really quickly — within a couple of minutes after I started troubleshooting the problem — that somebody was running a video capture across a very slow link. I was able to find out who the employees were, via Plixer. I quickly called the lady who was in charge of our security cameras, and said, "Wait a minute, you're taking the whole place down. Can you turn it off and let me see if that fixes it?" She said, "Oh, I'm sorry." She turned it off, and as soon as I saw her turn it off in Scrutinizer, they were back in operation.
It has definitely helped to reduce time to resolution for network and security events. This is the tool that I grab first. It gave us better than 50 percent accuracy when we started using it. My boss was a little bit skeptical and I was a little bit skeptical. I told the sales team at Plixer, "We'll go ahead and purchase it for the first year. If everything that you guys are telling me is true, then we're going to be really happy with it." And my boss and I have been very happy with the product.
Whenever I have Microsoft SQL or even workstations that all of a sudden start running amuck, taking way more bandwidth than what they normally should be taking, I can usually pinpoint things very quickly. I've got to be able to see what's going on in the wires, so, I call Scrutinizer my "Superman X-ray vision" for looking at the wires.
What is most valuable?
It's agnostic as far as what your network gear is. As long as it supports an sFlow, JFlow, NetFlow, some kind of flow monitoring, Plixer will support it very well.
It also facilitates the enrichment of the data context of network traffic because you get a very clear picture of what's going on across your wires. I gave my managers the following example: If I can't see into the wires regarding what's going on across them, then I can't really manage them or troubleshoot things. Scrutinizer allows me to do a little bit of both. It allows me to analyze things — not to the point of being a packet analyzer; it doesn't do that and that's not its function — and can give me an idea and point me in the right direction if I'm troubleshooting something.
It can also be what I would call a "projection tool." If you do daily or weekly or even monthly reports, it'll keep pretty good track of how much your bandwidth utilization goes up or down, allowing you to do predictive analysis via some of their reports. It's helped me know whenever I've had a circuit that was heading towards saturation.
The insight the solution provides as a result of its correlation of traffic flows and metadata is unique. It provides you with a unique perspective that I've only found with a couple of other tools. There are other tools out there that will do what Scrutinizer does. But what I have found with Scrutinizer is that it does it very quickly. I've taken 25 million individual data fragments from the different sensors, and it has graphed that and mapped it and presented a picture within 30 seconds. It has a very efficient database algorithm that I am really impressed with.
I do believe, if you ask the CEO of Plixer, that speed is one of their guiding milestones. They have a goal of being able to present data to the user, whenever it's requested, within 30 seconds or 60 seconds. In comparison to what I had previously, I could start a report, go to lunch for an hour or hour-and-a-half, come back, and it would still be grinding away on the database and not have generated the report. When I do that same type of analysis with Scrutinizer, I'm able to see that report within 30 seconds.
What needs improvement?
They're working on the security areas, so it can provide more insight. What they have is still pretty much IP-concentric. If they were to make it IP and URL, they'd be a little bit ahead on that. I'm not sure exactly where they're at on that topic.
For how long have I used the solution?
I've been using Plixer for about three to four years.
What do I think about the stability of the solution?
It's one of the most stable platforms I've worked with.
What do I think about the scalability of the solution?
The scalability comes from Plixer's ability to have different log collectors. You can separate the database collection point from the log collectors. You can also have different database points as well, and roll those up. That seems to be very scalable. Although, to be fair, I didn't have to scale mine up that much for 63 devices. I just have the one device which is also the log collector, so I was able to keep it all on one server.
We do not have plans to increase its usage. The majority of current usage, about 80 percent if not higher, is as a first-responder type of setup. If we have a problem, Scrutinizer is almost the first thing that we look at to determine what's going on, traffic-wise.
How are customer service and technical support?
Whenever we call in for support, 99 out of 100 times, the first person we talk to can resolve our issue. They have an extremely good support team set up. Their folks are very knowledgeable. And that covers everything from troubleshooting a problem to actually doing upgrades.
I have called in and said, "I really don't have the time right now, but I know I need to upgrade. Can I just give you access remotely and then let you upgrade it?" And they've done it for me. We're very happy with their support.
Which solution did I use previously and why did I switch?
I work with a small credit union near Seattle, Washington. I found Plixer by checking and doing some blog searches and asking for recommendations from other network engineers.
Previously, we used SolarWinds' NetFlow Traffic Analyzer module. It did the job, but it was extremely slow. That was the primary reason we switched. So we looked around, and this was the best solution that we came up with, as far as bandwidth utilization goes.
How was the initial setup?
The initial setup was fairly straightforward. I did engage their engineers during the setup to make sure that I was following their best practices. Overall, it's fairly straightforward, not only for the installs but for their updates which are very consistent as well. I don't even think updating takes it offline, except for whenever you have to do a reboot. You're online 24/7 and 365, unless you have to reboot for an update. And then it takes about 15 to 20 minutes to reboot it. It checks itself all over the place.
The full deployment took me about a week and that also involved the configuration and acquiring the sensors. Fixing up the base unit for Scrutinizer took a very short time. I did that in almost an afternoon, four hours or less. What did take some time — and if you do go with Scrutinizer, I will tell you to allocate the time — was that I had 60 devices that I had to go around and configure and get working. It took me a week to get it all dialed in, but that was just making sure that everything was recording correctly and working.
Our deployment plan was to first get the Scrutinizer base unit installed, up, and operating. We tested that by having one device report into it, a device that we were pretty familiar with what it was doing. Once we got that one base unit up and running, we configured the one device so that it was reporting JFlows, because we're using Juniper. Once we were satisfied that the unit was up and was accepting traffic and that we could do what we wanted, I had a total of 63 other devices that I went around to within my organization and pointed them at it.
What was our ROI?
We believe we have seen ROI with Plixer.
I said, "I need a tool." And they said, "Well, okay fine. One, tell us the cost. And two, tell us how long your projected return on investment is going to be." I found Plixer, and I said, "For the cost of what we're paying," at that time for SolarWinds, which was well over $20,000 a year, "this will do everything that we need it to do and will reduce our costs from what we currently have."
There was an ROI calculation done on SolarWinds, but once their licensing exceeded $15,000, because it just kept going up and up, we were actually losing ground with them. That's one reason we replaced SolarWinds with the Scrutinizer.
What's my experience with pricing, setup cost, and licensing?
They charge you by the number of sensors. The licensing model that they use, because it's on a number basis, means you don't have to have any cryptic SSL certs or anything else to install that are really difficult. For that part of it, the deployment and the installation, you have to make sure that server is right. Once it's up and running, you start pointing your devices towards it and there's no crypto that you have to decrypt or anything else. The licensing is all maintained through the number of sensors that are reporting into it.
Compared to some of the other tools we have, it's incredibly reasonably priced. The best part about that is that if you talk to their sales force, they'll give you a demo for either 30 or 60 days. In that 30 or 60 days, when we set the server it was for a couple of devices, just to test-harness it and see if it was going to do what we thought it was going to do. They'll let you see if you think you're going to be happy with it.
There are some additional modules that can be activated. I believe there's advanced reporting but I don't actually use some of their advanced features. There are additional modules that come with additional costs.
Which other solutions did I evaluate?
We did compare it against SolarWind's NTA and against another product as well.
SolarWinds was more of an all-things-to-all-people type of tool with a lot of different blades on the Swiss Army knife. Whereas Scrutinizer is pretty much one blade. I've got to be careful when I say that, because it still does a lot. But its main function is traffic analysis on the wire. And that's what makes it shine, because it does that one thing really well.
What other advice do I have?
The biggest lesson I have learned from using Scrutinizer is don't be afraid to give the little guy a chance.
In terms of advice, every environment is different. You really need to kick the tires on it a little bit and try it before you buy. While it met my needs, and it met our environment very well, your mileage could vary on that. While I believe it to be a very solid, very good product, I would say: Put it in your environment and kick the tires on it a little bit.
When I did kick the tires, during that initial demo time, I wasn't able to get everything set up that I wanted to. They immediately gave me an additional 30 or 60 days. They're really good about that.
Plixer is a fairly young company, as far as Scrutinizer goes. That's usually a strike against somebody but, in their case, I think they went into it without any preconceived notions. Instead of being all things to everybody, they said, "Okay, we want to be able to do one thing really well," and they did it. That's what they specialize in. Although they could branch out and do all kinds of things with it, they're staying pretty true to what they originally planned to use the tool for. I'm going to be very surprised if they're not bought up by a bigger company which integrates Scrutinizer into its product as a module, because it's just that efficient.
It's its own little data silo. It's got a database in it. We've never really used it for eliminating data silos, although it certainly could be used for that.
I'm just now deploying an SD-WAN. When I saw that they were supporting that, I was ecstatic about it. I called them up to make sure that the SD-WAN we had chosen would be supported. In talking with them, they said they didn't have support yet for the particular brand that I had selected, but they were very interested in working with me, once I got it deployed and that they would support it. That was really nice.
Something that I hope they keep doing is maintaining the database efficiency that they get the speed from. It is just absolutely astounding how they can take data in and get those graph pictures, which they call "Plixers," painted. If they can keep doing that, and keep that efficient with all the changes that they make, they're going to be miles ahead in my book.
We have five different roles using it. My managers will look at it occasionally for reporting. My desktop folks will use it as a first-responder tool. My security manager will look at it to see if something has crossed our network that was never picked up. In my role, as a network engineer, I will use it the same way as the desktop people, as a first-responder. Finally, I haven't had anybody doing this until now, but I've got one which is going to be for cloud, for my developers to use. For maintenance of the solution, it's just me.
Which deployment model are you using for this solution?
Which version of this solution are you currently using?