You’re not Monitoring for Change on your Network?

BrandPost By Lafe Low
Jun 03, 2021
IT LeadershipNetwork Monitoring

To proactively ensure optimal network operations, network monitoring teams need to monitor for change, as well as performance and availability.

istock 842849518
Credit: PeopleImages

Things happen fast on enterprise networks; any event or change can have a cascading impact on application performance across the entire infrastructure. It’s critical to broadly monitor the network for any changes such as configuration updates or new network devices that might affect performance. Doing so can help ensure continued smooth network operations.

Network operations center (NOC) teams don’t typically look for these types of changes, which have long been the purview of network engineers. However, the ability to monitor for change helps bring these activities into the realm of NOC teams, ensuring they can more quickly and accurately diagnose performance issues and then pass on that information to engineering for mitigation.

The need to monitor change

Monitoring for network changes is really about getting out in front of what NOC teams typically watch on their performance graphs—adding change as a parameter, along with availability and performance. If there has recently been a change, they can then determine if that change may impact performance. When network performance is indeed affected, the next step is to gather information and their findings on possible cause to the network engineers, potential saving the engineers critical time in restoring proper operation..

Monitoring for change has become more critical to ensure resilience and performance as networks have become more dynamic and expansive. In addition, the overall level of complexity has increased in physical and virtual IT environments with legacy systems and emerging technologies like software-defined networks.

It is important to visualize these changes within the context of network performance, and accurately and rapidly determine how one affects the other. When a change is properly executed at the right time and with all configurations adhering to policy, there may not be any negative performance impact. However, when proper monitoring doesn’t occur, there can be a cascading effect, with increasingly damaging network performance issues caused by unnecessary and excessive network traffic. Also, these impacts might not surface immediately, which can further increase difficulty of detection.

Monitoring for these changes can help NOC teams get ahead of any potential disruptions or performance issues, and get that information to the network engineers so they can get to work on the problem. Rapid detection leads to rapid mitigation.

The three dimensions to monitor

Monitoring for change should occur across these three dimensions of all connected network devices:

  • any change in the current live running state
  • any change in configuration and startup settings
  • any change in operating system version or status

When a network problem arises, often the first question is: What has changed? For example, it could have been a change in the live running state, which is essentially an update in the device setting, such as opening or closing a port to enable a service.

These changes could also include newly connected or reconfigured devices that may not be patched or configured to current corporate standards. A simple change in configuration can have unintended consequences, such as the device becoming quickly overloaded with requests.

Another example of change:  When a new network switch is activated to replace a failing one. The change must be monitored to ensure the replacement has the correct OS or configuration settings as established in corporate policies.

A change in the running state of any device can happen when someone simply logs in to the network device and makes a change. There is a configuration file associated with most network devices that stores those device parameters. Once that device is running, any changes made to the running state will affect the device, but not the configuration file. Looking to changes like that as the potential source of any performance problem can expedite resolving resulting issues.

When updates are made to software images loaded onto devices, the configuration boot file and any software version must align with current standards. Any changes made with incorrect versions will eventually cause a performance or operational impact. And again, these may not surface right away, which can further complicate determining the cause.

Steps toward monitoring for change

It is important to ensure all patches and updates are not only properly configured, but also completely up to date. The risks go beyond sluggish performance to include the introduction of security vulnerabilities, which most organizations want to avoid. According to research conducted by Vanson Bourne, 87% of survey participants sought improved visibility over corporate apps, reduced false positive security alerts, and improved response times. Monitoring can address all of these issues.

Also, when a new device is added to the network, it is critical to ensure all software is properly configured and uses the current correct version. Software version or configuration variances with new devices can lead to performance issues.

The benefits of being proactive

Monitoring for fault, availability, and performance are still of the utmost importance, but it’s equally important to add monitoring for changes to any NOC teams’ radar. NOC teams should also have the tools available to address any issues they discover that do not require network engineering involvement. That includes network automation tools to automatically run updates on devices that are out of compliance with corporate policy.

The NOC team has to monitor for changes across those three dimensions of network devices: live running state, configuration, and software version status (including the OS). This will help ensure continued optimal network operating status, prompt and efficient problem resolution, and indeed continued optimal security.

When the negative impact of any incorrect change is determined immediately or nearly immediately by NOC teams, they can rapidly alert the network engineering team to ensure prompt resolution. This type of proactive monitoring is far more effective than simply being reactive to performance issues and then having to hunt down the cause.

For more information, please visit us here.