Every agency’s IT staff needs a high-performing network to support its overall mission, and at the Defense Information Systems Agency, the stakes are often a matter of life and death. “War fighters would be negatively impacted if something goes wrong with our network,” says James Travis, division chief of DISA’s CyberNetOps Solutions Division.
This helps explain why DISA — like many government agencies — relies on sophisticated monitoring tools to optimize network performance. As the CyberNetOps division’s name implies, the responsibilities of Travis’s team merge network reliability with enhancing cybersecurity and developing real-time understanding of the overall IT environment.
“We need to immediately understand why a system starts to experience a spike in traffic that’s orders of magnitude higher than normal,” Travis says. “Otherwise, end users could see latency issues or a widespread network outage that would be catastrophic in a wartime context.”
Thanks to its extensive toolset, the division keeps its networks running reliably. “Our uptime has gone up dramatically,” Travis says.
Demand Increasing for Network Performance Monitoring
The growing importance of networks in modern enterprises is spurring a nearly 21 percent annual growth rate for network performance monitoring and diagnostic tools, according to Gartner’s 2017 Magic Quadrant for Network Performance Monitoring and Diagnostics.
When choosing tools, IT managers have options from Riverbed, Cisco Systems, Hewlett Packard Enterprise, CounterACT, Red Hat and other vendors. These companies are rapidly evolving the applications into comprehensive suites that cover more than just performance monitoring.
“We’re increasingly seeing security as an important use case,” says Shamus McGillicuddy, senior analyst at Enterprise Management Associates. “Some performance monitoring tools apply analytics to identify behavioral patterns indicative of security threats.”
For example, if an agency website suddenly sees a traffic spike from overseas servers, network administrators can alert the security team to a potential denial of service attack, he explains.
For his part, Travis declines to identify the commercial monitoring products used to manage, sustain and operate the Defense Information Systems Network, a sprawling communications infrastructure that connects DOD sites worldwide with nearly 25,000 miles of fiber cabling. But he notes that hundreds of thousands of software agents run status checks on the network’s individual servers and routers, as well as on virtual circuits associated with videoconferencing and classified Voice over IP calls. The agents are part of a system that helps administrators forecast impending network failures, according to Travis.
“We see when performance is starting to degrade so we can fix problems before they affect customers,” he says. The monitoring tools also watch traffic flowing through internet access points for a private DOD network segment and the public internet. “Our tools let us segregate war fighting and non-war fighting capabilities and then deliberately slow the throughput of packets for non-mission-critical applications, if necessary,” Travis says.
The Transportation Department also uses a host of performance monitors to help the IT and cybersecurity teams boost network performance, resiliency and security. “As DOT began to move more of its applications to the cloud, we wanted to see the impact on end-user experience at our field sites and data centers,” says Kristen Baldwin, the department’s deputy CIO.
Keepign Network Configurations Up to Date
Monitoring tools also provide IT leaders an accurate inventory of all devices attached to the network. For example, Richard McKinney, the Transportation Department’s previous CIO, reports that Riverbed’s SteelCentral suite of products revealed software on the network that had outdated patches and other security issues. The tools also discovered roughly 1,000 devices — about 200 more than administrators expected — communicating with the agency’s networks, he said.
Going forward, the tools will continue to keep DOT abreast of any devices with obsolete configuration files and operating systems. “We are able to identify gaps in inventories, identifying unknowns, and audit configuration files against the department’s security policies and industry best practices,” Baldwin says.
An in-depth view into DOT networks is helping the agency plan for future changes, including data center consolidation and optimization, a transition from IPv4 to IPv6, more cloud services and heightened cybersecurity.
“The department realizes the criticality of accurately understanding the architecture of our current environment in order to optimally plan for the future target architecture,” Baldwin says.
A Cure for Data Overload
“In the past at VA, there were many logs and fault and performance metrics being collected that ultimately overwhelmed IT staff,” says Tatjana Christian, a department spokeswoman. “The lack of clearly-defined requirements on how the data would be utilized was the primary culprit for data overload.”
With this approach, if performance degrades, network monitoring tools are helping the agency comb through massive volumes of data to quickly determine if a network or server delay is contributing to the problem.
Some of the tools also help the agency apply standard metrics for reporting on asset management and security compliance. This is improving decisions about traffic prioritization and capacity planning, and aiding problem resolutions, Christian says.
“The tools allow IT professionals to perform trend analyses on key performance metrics, such as bandwidth utilization, which ultimately assists in defining the future design of the network,” she adds. “Understanding today’s network will help the VA ultimately answer questions like when migration to the cloud will be most appropriate.”