A centralized approach To end-to-end network monitoring

As Fortune 500 production networks grow in size and scope, so does the demand for achieving total network visibility. One hundred percent visibility is essential to realizing the rigorous five-nines uptime standard, and failing to monitor all points on the network can lead to costly outages or increase the time to resolution -- resulting in revenue losses as well as customer dissatisfaction.

In response, enterprises are investing in farms of monitoring and analysis tools such as analyzers, sniffers, archiving systems and intrusion-detection systems (IDS). To most enterprises, these tools are not an option, but a requirement to maintain a healthy network and meet security and compliance regulations. However, ranging in cost from $25,000 to more than $150,000 each, they also represent a significant capital investment.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

While it is cost prohibitive to put these devices at every network monitoring point, it is equally unwise to have them sit idle until needed. The ideal solution is to deploy devices in a way that allows them to be shared to maximize coverage and utilization. With the adoption of matrix switching technology, efficient device sharing is becoming more common. However, effectively managing this infrastructure from a single, centralized point has remained a challenge.

At its most basic, network monitoring requires the ability to connect a SPAN, Tap or mirror port to an analysis or security device for the purpose of diagnosing network issues. The matrix switch has become a key way to efficiently monitor tool farms -- with all devices wired to the matrix switch and then connections from there made electronically via software.This did away with the conventional (and expensive) approach of sending someone to the data center to manually patch and re-patch connections between devices. Yet even the electronic patching could be time-consuming, requiring logging into each switch to complete the end-to-end connection. In a complex network featuring an expanded switch matrix, you might need to log into four, five or six screens to manage connectivity.

Now, however, software is available that offers seamless, end-to-end connectivity between devices from a single screen in about six mouse clicks. This "device-centric" software enables you to focus on the devices you want to reach while the tool works behind the scenes to manage all of the port-to-port, inter-device connectivity.

So what might a device-centric interface look like? Look for tools that on one screen list data sources (SPANs, Taps, mirror ports) and destination devices (analyzers and IDSs) and make it possible to select a source and destination with two clicks (more if the user wants to multicast to additional destinations). The tool should also let you apply a rate, add a job code or message if desired, and click to make the connection.

Such centralized tools should also offer a dashboard screen that lists all current monitoring sessions. That capability can be especially productive because it provides a snapshot of the source and destination of each monitoring session, as well as the device location, start time and schedule, job ticket, user name, link status and any optional user messaging applied. Up until now, it was difficult if not impossible to obtain a single, cogent view of all this information.