If you are
responsible for operating a network that you have no visibility into, stop
reading right here and go fix that. When managing something – anything – you
need visibility into it. Network devices usually have some visible indicators
on them about what they are doing. Those can be very useful when troubleshooting
certain problems. On networks with more than one or two switches in them, you
need more information than can be conveyed by LEDs on the box.
You need to
see how the SYSTEM is working. Network management tools can collect data from
various devices and allow you to see how they interact with each other. Tools
like Wireshark allow you to see the data flows down to the last bit. (pun
intended) That level of detail is great when you need it, but it is a
distraction when you do not need it.
continuum between “no information” and “all the bits,” there are a variety of
ways to look at what is happening in your network. A basic network monitoring
system might show you the interfaces on your devices and how much data is
traversing them and various kinds of errors on the physical interface. Some
systems may add additional detail such as what protocols are used on the
connection. Both of these are quite typical of network monitoring products.
Sometimes even more detail is needed in order to visualize what is flowing
through your network.
where systems that will extract URL information, or other upper level protocol
details, come into play. Typically, you will find this type of reporting from a
URL filtering or firewall product. In many cases, you can run this type of
report by user, time period, or other criteria. Some systems even allow
encrypted traffic to be decrypted to permit this information to be extracted.
managers should not be surprised by any of these monitoring solutions. We use
many of them already, and even if you do not use all these tools, vendors have
certainly been trying to sell them to us. Though some systems we manage have
notably poor monitoring capabilities.
Telephone systems – How many channels do you use in
your PRI circuit? How about POTS line utilization? You can probably pay your
carrier to do a Busy Hour study to get this information for you, but it
generally is not readily available from the equipment that processes these
connections. This is a frustration point for me. This may improve over time,
but I do not think it will ever get to the level of visibility that we have
today on networks. After all, that lack of insight helps carriers sell more
service. The telephone manager wants to make sure they have sufficient capacity
to handle calls. Without good data, they buy more capacity than they really
need, and without usage data to see that the second PRI never gets used, for
instance, they just keep paying for it month after month.
Mobile data – Many schools provide MiFi devices
to staff or administrators in order to ensure that they will have access to the
Internet at all times. These are great solutions but what visibility do you as
the network manager have to them? At the end of the billing cycle you may see a
bill that has chunks of data with a timestamp. Perhaps you get access to a
carrier portal that allows you to run reports where you get to control the time
interval, but you still see no detail on the URLs that were accessed, detailed
time of day information, or even any information about the users connecting to
How do you
ensure that the device was CIPA (Children's Internet Protection Act) compliant when you cannot manage it? How would
you even know if it was being used appropriately when you cannot see how it was
used? The carrier solution to solve this issue is to use a custom APN. The APN (Access
Point Name) would be configured to route all traffic from that MiFi to your
network where you can apply your policy to it and monitor it just like you do
for traffic originating on your network.
can be a great solution, but they add complexity and more stuff for you to
manage. IU13 has recently begun using a product called Kajeet for our MiFi
devices that offers the visibility and manageability that we desire without
adding the complexity of an APN to our network.
their own APN to force the traffic through their network. They then apply URL
filtering and a suite of monitoring and management functions all accessible through
their portal. This is the first “visible” and “manageable” MiFi solution I have
seen. I think it is a great solution to gain visibility, and manageability into
MiFis. My only question is why don’t the carriers offer those features as part
of the service they sell?
that retrofitting monitoring and management functions into existing systems is
cost prohibitive. Additionally, when those functions are not your core
business, or even worse, when they erode your core business, then they will
never see the light of day.
network managers begin demanding visibility features in products and services
before purchasing them, will the sellers of those products and services see
that visibility is good for them too.