Anyone ever hear of Viavi Enterprises? I had, but only by name and a thin veneer of what they were capable of. Viavi presented at Tech Field Day Extra (#TFDx) covering Cisco Live 2019 (#CLUS) I thought it was one of the better presentations! May I just say, when the presenter has only two PowerPoint slides the winner is you! If you’ve not heard of them, Viavi tracks client-server transactions on the network to monitor end-user experience via passive data collection. Sounds like a marketing 40-liner, but it’s really what they do.
Viavi utilizes information passively collected from NetFlow/Sflow/Jflow, packet and frame analysis, and SPAN port monitoring sources to reconstruct applications. It then provides a hierarchical “site score” based on deviations from normalized traffic. If your remote office is normally running at a 9.5 health score (on a 10-best), then drops to a 4.3 when you get into the office one morning, you can drill down site-by-site and technology-by-technology to root out the problem. Think of this tool as a way to isolate user-experience into problem domains. These domains would be network transit, system response, and application response.
Sr. Director of Product Management, Charles Thompson, directed our attention to two topics. The first was end-user experience—taking up the majority of the discussion—the other was leveraging Viavi for security monitoring. Viavi has a broad collection of hardware to size for your environment so you’ll want to talk to your technical SEs to spec the correct solution. Let’s get down to brass tacks on the good, the bad, and the ugly of Viavi Enterprises. Well, maybe not ugly…the UI was pretty…
The Bad
There were a few things I was concerned about with Viavi. Now, to be fair, there may be a solution to these questions. Charles only presented for an hour and the questions were fast and furious so there wasn’t much time for clarification. My big question was how to monitor host-related problems if your it’s network-based passive monitoring? What happens if an issue is reported, nothing outstanding shows up in the Viavi console, what next?
There is not a shim to install on the hosts to augment the 200-network counters Viavi can monitor. If your anti-virus program is going SNAFU and eating processor and memory, Viavi isn’t going to tell you this. If there’s a hung process on your app server, Viavi is effectively blind to that fact, unless that process causes the noise to hit the wire. The issues have to be seen on the physical transport (fiber, cat6, switch ASIC) but you may have to leverage other monitoring platforms in your environment to isolate host-side problems. Several of us on the delegate panel asked if there were any host monitoring options, and for now, there are not.
That’s kind of concerning technologically, but also fiscally. This limitation means you’ll have a handful of monitoring platforms rather than the Holy Grail of a single pain of glass giving you vision into network health. That “handful” turns into multiple licensing costs, additional VMs, and/or more probes to manage and care for. Before you say, “I’m out!” you need to know Viavi performs in the spot where no lies can be told. If a packet hits the wire, it really is the truth between the client and server; this is where Viavi shines.
Viavi’s architecture was also used as a security monitoring platform. How? Printers, for example, should really only respond to UDP 9100 and rarely execute a TCP SYN. Anything more, and if they’re transmitting to outside your IP block, you probably have a security issue. Great. In the enterprises I’ve worked, there is a huge disparity between what is supposed to be out in the wild, and what actually is in the wild.
I put this in the “bad” category, not because of the functionality (that’s in the “good”), rather the implementation seemed like it could be streamlined. I couldn’t help but think about having a list of well-defined apps provided in the console where you could match to discovered hosts. Perhaps leverage some AI/ML to automatically define those potential rules and give the administrator the ability to approve/deny/modify what’s suggested. Again, that functionality may be there, or some automation may be available. Perhaps Viavi could answer that for you if you’re interested.
The Good
I absolutely loved the onion peeling in the console. Starting from a general, global, view of your network health, you can begin to drill down when you see an issue. While this isn’t necessarily a new idea, it certainly provides some logic to technical and management staff.
Digging into a problem is therapeutic for most people with engineering-minds. As a husband, when my wife or kids say there’s something wrong…oh boy am I looking forward to fixing the issue. Have my cape tied on and I’m off! Viavi broadcasts where a problem lies then directs knuckleheads-like-me to a focused issue. This certainly saves some cycles in the triage stage of troubleshooting and the business will thank you for it (maybe) as you cut MTTR.
Since Viavi looks at what is happening on the wire, you can get a truthful indication of what’s going on. The Bounce Diagram is very detailed if you need to look that deep at traffic flows. If you understand IP concepts, you can break down where issues may have begun by recognizing problems due to flight time, think time, or other application architecture issues.
From the bounce diagram window they’ve added the ability to download a PCAP file for deeper inspection. I know that seems small, but think about the times where you’ve thought it would be great to have a packet capture of the traffic you’re troubleshooting. Since the problem may or may not be reproducible, you have to get Wireshark installed on the troubled workstation, maybe set up a network-based sniffer if you can’t install it on the server. Then you have to schedule everyone’s time to get on a conference bridge and run the tests only to find out the problem isn’t happening anymore.
Again, Viavi is capturing on the wire so you have access to the data for as long as you care to store it, and, they made it easy to retrieve within the contextually relevant menu.
On the security side Viavi can help you ID strange traffic patterns that would fly under the radar of most IPS/IDS systems. That’s a big deal! The argument is that most systems look for the HOLY SMOKES THAT HOST IS SENDING 800GB TO CHINA, but they don’t recognize the 300-bits from 900 hosts transmitting to China. It’s Viavi’s ability to look for deviations from the norm that give them the ability to alert on the micro and macro issues.
FIN
Overall I really liked the idea of Viavi Enterprises Network Performance Monitoring Tools. As a standalone performance monitor there are some things lacking. Not seeing into the client or server may be a show stopper for some. Viavi’s placement on the network adds some performance visibility into the stack, and that’s a big deal. Viavi provides some details that other performance monitoring products miss and visa versa.
I have yet to find a single platform does provides a comprehensive view of network and system health. Those that do may be so cost prohibitive that only the big players can see that allusive SPOG (Single Pane of Glass). Troubleshooting performance problems is difficult, but my sense with Viavi is that they can provide visibility into the shadows. You may watch the presentation over at Tech Field Day’s website for further details.