Seeing is believing for DISA’s James Travis when it comes to network security.

Nov 02 2015

Agencies Strive for Network Visibility

As networks become more complex, federal leaders eye ways to gain the visibility they need.

Federal networks continue to grow in complexity, to the point that 45 percent of federal government IT decision-makers name it their greatest challenge in a recent study from Riverbed Technology. That complexity can lead to confusion, especially when the network fails to perform and affects other areas of the enterprise.

According to the study, 27 percent of respondents cannot quickly find the root cause of network performance issues, while 50 percent say detecting and fixing those issues takes a day or longer. But agencies are finding ways to navigate this complexity to get results.

Security Concerns with Network Visibility

Limited network visibility can be dangerous. Diminished performance can result from a security breach. The longer it takes to determine whether a hacker has infiltrated your network, the more information that hacker can steal. The ability to quickly identify breach-related performance issues justifies spending on tools that enable greater visibility.

“End-to-end visibility is the cornerstone of a strong cybersecurity strategy,” says Davis Johnson, Riverbed’s vice president for the public sector.

Multiple factors have increased complexity in recent years, such as growing use of cloud-based services and bimodal infrastructures, where agencies need to deploy new technology without disrupting legacy systems that have years of life left.

James Travis knows these challenges — and how to overcome them. He’s chief of the Defense Information Systems Agency’s NetOps division, an office created during an agency reorganization to consolidate network management.

Travis and his team at DISA — 44 employees and 150 contractors — used commercial, off-the-shelf (COTS) products, such as IBM’s Netcool, to create an integrated network management system that provides a unified view of events, performance, problems and services. He calls it a major improvement over the previous fragmented setup.

“Every technology was deployed as a silo, and each silo had its own operations support element that created its own view — giving us dozens of views,” Travis says. “When you wanted to correlate something, you had to go to multiple screens in multiple network operations centers colocated in the same building.”

Automate Everything to Improve Visibility

DISA’s network consolidation process began in 2003. “The first challenge was to build interfaces with the COTS products so they could communicate with each layer,” Travis says. “The next stage will be to integrate the compute side with the transport side, so the same tool provides visibility into both.”

Travis also wants tools that can automate some discovery tasks, requiring less manual configuration. The goal is to take advantage of the increased automation vendors are building into products.

“The idea is ‘automate everything but leadership,’ ” he says. “That’s a metaphor for what my division tries to do: Look at every step of the process involved with operating IT and find ways to automate every bit we can.”


The percentage of federal IT decision-makers who say insufficient funding prevents them from achieving greater network visibility

SOURCE: Riverbed Technology, “The Federal Network Visibility Crisis: Get to Know Your Apps,” May 2015

Besides creating a macro view for its own needs, DISA needs to create specialized views for its customers. A military hospital, for example, wouldn’t need visibility into the Air Force’s drone networks, or vice versa.

DISA’s ability to create simplified views depends on its customers. Travis says many have an idea of what they want, but lack the ability to explain it.

“The technicians, engineers and requirement analysts must take those dreams and turn them into actual screens,” Travis says. “The challenge with visibility comes down, in part, to communication. Can we adequately take information from our customers and give them the view they want?”

Examining DISA’s Roots

New architectures such as software-defined networking and network functions virtualization provide an emerging challenge. Travis acknowledges that SDN and NFV create new challenges, but he isn’t fazed.

“It’s just what we do,” Travis says. “We have to find a way to solve it. Most of what we use focuses on autodiscovery. If we’ve done it right, we should be able to create the views they need.”

DISA’s approach has roots in the Defense Department’s Operational Activity Decomposition Tree, which breaks down capabilities into discrete functions. When a new capability arrives, the tree enables DISA to assess how it will affect the infrastructure.

This enables DISA to design a visibility component into the system when the requirement comes in. That lets the agency be proactive in creating a system that can be better monitored, rather than adding visibility later in the process or sometimes not at all.

“This architecture component allows me to quickly analyze a problem and provide a solution,” Travis says.

One solution agencies turn to is a network visibility controller, what Gartner calls a network packet broker. This rack-mounted device aggregates network traffic from Switch Port Analyzer ports or network taps and then manipulates that traffic (or copies of it) to enable more efficient use of network security and performance tools.

The Role Mobile Networks Play in Visibility

Michael Roetto, information security specialist at the U.S. International Trade Commission, says mobile devices complicate the picture. As more federal data travels over cellular networks, agencies have to figure out whether performance problems are due to their infrastructure or the mobile operator’s. Some agencies draw the line where their network hands off.

“Mobile is not a huge part of the picture here,” Roetto says. “We tend to monitor the other side of the connection [internal resources] to perform monitoring.”

Others want monitoring to extend all the way out to smartphones and notebook computers, where visibility into an application’s or device’s performance helps determine whether problems are due to network errors.

“We see mobile as one of the two main issues that are making this problem of performance management more complicated,” Johnson says. “Whatever device you’re using, you need a way to measure all the way down to the individual transactions inside the application, how long it takes to do every URL call coming out. That’s how to see results.”

Photograph by Khue Bui

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT