Why should businesses actively monitor network traffic?
What benefits are there to network monitoring?
Any suggestions for where to start with setting up effective network monitoring?
These are the 3 fundamental questions all businesses should answer before embarking on any monitoring project.
Let's start by saying that Network Monitoring is only 1 component of IT Monitoring. If you only monitor what is going on with the network itself you're driving with most of your car windows covered.
You also need to consider;
- Server Monitoring (hardware, OS)
- Application Monitoring (databases, AD, other middleware, web servers, application executables - the list goes on)
- Environmental Monitoring
- Security Monitoring
- End-user monitoring
Within these areas of monitoring, everything you monitor falls into one or more categories;
- Availability (is it working?)
- Performance (is it working fast enough?)
- Capacity (Have got enough of it?)
As a previous respondent has said, this also should be mapped to what the organization is using the IT for. i.e. what is the line of business systems that a company depends on to exist?
All these factors - the scope of monitoring and the categories of monitoring data when taken holistically, enable a business too;
1. Identify business-impacting events within the IT Infrastructure
2. Identify POTENTIALLY business-impacting events within the IT Infrastructure before they actually impact work.
3. Identify trends in an activity that can be indicative of changing business needs.
4. Identify where and when investment will need to be made to ensure that the business maintains operation (it's no use waiting until that disk drive is full before buying the upgrade - it's too late then).
5. Help to identify potential inadequacies in the IT Infrastructure (you do have a backup network route to your factory in Bolton don't you ?)
6. Identify potentially "rogue" devices on your network. Do you really want Alexa listening into the office activity?
7. Help to identify application improvements - how are people 'really' using your application? (I bet it's not the way that you expected !).
If you take these 7 capabilities that IT Monitoring provides and consolidate them into a single raison d'etre.....
A comprehensive monitoring solution encompassing the entire IT estate will enable an organization to save money by reducing the impact of IT issues. It will enable an organization to better plan the budget for IT investment. It will increase operational efficiency by reducing the number and duration of IT outages.
In a perfect world, IT Monitoring will pay for itself in terms of system availability, performance, and capacity. But it's not a perfect world.....
Only monitoring Network components only gives a network-centric view of any issue. Let's take a silly example..... Your router is reporting a massive increase in network traffic from one VLAN to another. The trend suggests that you're going to run out of capacity when the peak sales season hits. The problem though is that you've recently had an app upgrade that for some unknowne reason is doing full table scans of a 40GB table for each of your 300 users. Why fix the network when the application is at fault?
As for the final point - where to start?
As a previous respondent suggested, "start with an open-source no-cost solution....". That's probably a fair start. I would however consider all my points above first before launching into rounds of "yum install" or "tar -xvf". As far as possible, have an understanding of what your key business system are and how they plug together. Then identify the metrics that matter to the operation of that system. This is your foundation. For each metric consider why you need it, what you're going to do with it, how long to keep it for (that's the capacity side of monitoring) and what is the impact of it going wrong.
Now let me make something clear - and this is a personal perspective from a number of decades working in IT Monitoring - IT Monitoring Software is a mature market. It's a commoditised. Just about ALL monitoring software does fundamentally the same thing.
Large commercial vendors have a user base that's paying for support and upgrades as part of a maintenance contract. In order to maintain that revenue, these vendors introduce features and facilities that frankly very few customers actually exploit. Then the competition introduces the same features and maybe a few more and the whole cycle starts again - it's an example of the Red Queen Effect. The end result is that over time features are added that are of limited value or add to the underlying system requirements. I know of one platform that for a reasonably sized infrastructure needs around 12 - 20 servers just to do the monitoring (and that's excluding the proxies for remote monitoring).
Someone mentioned AIOPS. AI needs to learn in order to adapt. At the moment, AIOPS is MLOPS (Machine Learning Ops). The actual personnel and resource overhead in maintaining the additional components needed to make AI(ML)OPS a reality are beyond most companies - with the exception of very large telcos, service providers, and research agencies. For instance, AIOPS depends fundamentally on having a real-time dynamic view of the entire IT infrastructure and how everything is interconnected. Basically a CMS on steroids. As we enter the era of Docker containers, nebulous cloud services simply maintaining this view automatically is extremely difficult and resource-intensive.
Sure, IT Monitoring tools do network discovery and can identify new and changing environments but maintaining those dependencies is a complex process and I sincerely don't think that anyone vendor has 100% mastered it yet.
If you are a very large organization, with literally a million pounds to spend on IT Monitoring these large commercial solutions are the best. They're not perfect, not by a long chalk, but they are there. Factor in your running costs though.
Back to open-source. Open-source solutions such as Nagios and my personal favorite, Zabbix, are excellent at collecting data. And that is the fundamental, number one, priority. If you can't measure it, you can't monitor it.
My tips are, therefore:
1. Know what is important to your business.
2. Don't (please don't!!!) stick to monitoring networking devices.
3. Make sure you factor in the support and admin costs.
4. Don't forget to monitor user activity (known as Application Performance Management) as well as technical metrics such as CPU and Disk Space.
5. Start with the basics.
Hope that helps guide you.
Feel free to reach out to me on LinkedIn: www.linkedin.com/in/itomdave
@David Collier Thanks for this amazing, in-depth response!
Start with an open-source no-cost solution like Nagios for Network Monitoring to get familiar with the features you like and don't like.
Benefits to network monitoring are the reduction in the meantime to recover and seamless experience to our customers.
Why should businesses monitor network traffic? Each business really needs to grasp its "why" on networking monitoring. Is it reactive and defensive or is it proactive with a roadmap leading to AIOps?
@reviewer1122879 Thanks for your input! Can you elaborate a bit more about how a business can decide on their 'why' for network monitoring?
As already said Network monitoring is just one type of monitoring, and you should monitor on all levels to get a clear picture.
Hnad in hand with monitoring goes a good Event, Alert setup, to be warned when something is happening.
Now to Why?
- Network monitoring is to find the bottlenecks in your network, by looking at Bandwidth and latency.
- check on malfunctionign systems, by looking at Network errors
- find out between which points the most traffic is excahnged.
- you can look at trends, sudden peaks in traffic.
Benefits: Most benefit you will get is to prevent network disturbances. e.g when someone is hogging the internet connection you can quickly resolve it.
- it should also give an idea on where to invest on network equipment based on usage, bottlenecks etc.
- with respect to appliation performance, the network is normally the first thing that one is pointing at. so, it certainly helps to be able to see if the network is overused.
- insights will help wih e.g. QoS implementation, for voip, and business critical applications.
start setting up: I wuld also recommend to start with opensource, (also depend on the size of your network and its complexity).
Start with colelting standard in/out for the most important network components, like internet connection, routers, central switches.
Then based on some initial observations, you can define some alerts on when an connection (e.g. internet) is over used, e.g alarm at 60, 80, 90% capacity.
Thanks for such a comprehensive answer @Raymond De Rooij :)
Why is network monitoring in Place?
Defensive monitoring is in placebecause someone said we need but does not understand how it helps your business.
Proactive monitoring is when businesses mature to understand outages mean lost business lost customer satisfaction and lost opportunities then the why becomes apparent. Proactive AI Monitoring moving to predictive ML resolution is a strategic activity, Although not sexy.
Network monitoring proves clear visibility of your network thereby allowing you to act immediately in case of a network issue or bottleneck. You can easily identify network-related and security related issues that otherwise would take a lot of time in a network with more than 100 devices or more.
The first step would be to identify the devices and applications that you would like to cover under network monitoring. You can start with open source tools or solutions like PRTG or NetCrunch (cost-effective solutions).
@Aji Joseph Thanks for you input!
It is extremely important to be checking network traffic to detect possible failures such as bottlenecks, malfunctioning of a device on the network, or to detect any unusual increases in packets that could be some type of malware.
One of the biggest benefits is that you can see the performance of network traffic, Internet links, and the behavior of switches and routers.
It all starts with the most basic cabling that would be, having quality cabling, implemented in compliance with best practices, then making the network equipment settings according to the use to be made.
@JOHAN ROJAS Thanks for your input! This is really helpful.