With increased attention being given to network performance and utilization, to ensure maximum productivity and network uptime as well as end user satisfaction, businesses are investing more resources into network and traffic analysis. This is good news for companies like Network Instruments (News - Alert), which provides network analysis and forensics products, and has seen solid growth — and has opened two new offices on the East Coast and one on the West Coast already this year. According to Network Instruments’ sales and engineering manager Charles Thompson, much of the growth is attributable to the popularity of the company’s GigStor product and a wider understanding of the benefits of network forensics.

 

The idea behind network forensics is to enable businesses to be able to do more with network monitoring than simply look at real-time data and then try to ascertain the cause of problems they might see. It is much more effective to be able to go back and look at traffic after the fact to determine the specific cause and the best path to resolution. Network Instruments has enhanced its Observer network forensics product line by introducing a new element as well as several enhancements to existing pieces.
 

In conjunction with the Observer version 12 release, NI is also making available its new Observer Reporting Server, which will allow users to condense reports from multiple parts of the network in a single view. Rather than reporting on individual traffic flows, network administrators can now consolidate traffic into larger groups to look at total network traffic, traffic for specific user groups, or even certain types of traffic (e.g., VoIP). Knowing such information will allow network administrators to implement appropriate network strategies to optimize traffic flows and eliminate network congestion. Of course, administrators can also drill down to as deep as they need to for individual call detail as well to isolate problem causes.

 

In terms of reporting, Thompson says there are some 40 pre-programmed reports — like top users, top groups, top applications, and so on — but users can create custom reports as well to suit their particular needs. The reports can be set to run automatically, or users can reactively run them.

 

“It’s easy to do,” said Thompson. “There’s no programming language involved. Instead, it uses a wizard to walk users through the process.”

 

He added that ease of use and implementation was a primary key to this product set enhancement, which included several features that have been added to the GigaStor and Observer products.

 

For GigaStor customers, it has become important to be able to being able to view multiple “angles” of the same problem. 

 

“Previously, if there was slow down, or unavailability of a product or service, it was always blamed on the network,” explained Thompson. “The network administrator then had to look at the network, the security aspect, and the application layer to determine which piece actually caused the problem and then figure out how to troubleshoot.”

 

Network Instruments has now taken its forensic processing capability and made it applicable to all parts of the network, including security functions and the application layer. Now, when there is a problem, the administrator can go back to that time frame from all the different “angles” to determine quickly and accurately where the problem occurred, so that it can be fixed. Some might expect this to cause internal friction, but Thompson says he has been pleasantly surprised that customers are considerably more interested in identifying and repairing issues, than finger pointing.

 

Other enhancements include MPLS integration, which is another feature customers have been asking about. MPLS has now been integrated across the entire Observer product line.

 

In terms of VoIP traffic, Version 11 included major VoIP support for a variety of protocols (SIP, H.323, MGCP, SCCP), and now, Version 12 adds support for Avaya (News - Alert) CCMS and Nortel UNIStim protocols, primarily because NI is seeing many large customers with sizeable Avaya and Nortel implementations.

 

In line with the Federal government mandate requiring that all federal agencies support IPv6 by June 2008, NI has added native support for IPv6 in this version, allowing users to track, monitor, and report IPv6 traffic.

 

For enterprises concerned with data leakage or HIPAA and Sarbanes-Oxley compliance, NI has added data stream reconstruction, a logical progression from the ability to rebuild Web pages and emails and IM streams. Users can now rebuild the files that are attached to those transactions.

 

Other notable enhancements to Observer include application analysis enhancements, which enable proactive error identification and resolution, and the automation of multi-hop analysis, so users can simply identify the stream segments from which they wish to collect data and then let the process run automatically.

 

Overall, each of these enhancements is designed not only to provide a more complete package for network analysis and problem resolution, but also to make the system more automated — and thus, less labor intensive.