For organizations that depend critically on their network to provide services to both internal and external customers, understanding why quality of service issues occur is critical. An emerging tool in Network Performance Management and Diagnostics (NPMD) is network recording and search, which allows network operations (NetOps) staff to identify issues in service and application delivery. Finding the right data (whether packets, netflows, or otherwise) to understand why your application is underperforming is often like finding a needle in a haystack. In most cases, you have to find exactly the right set of packets to understand why you have a service performance issue or a service failure. As organizations move from 1Gb Ethernet to 10Gb Ethernet to 40/100Gb Ethernet (1GbE, 10GbE, 40/100GbE), the “amount of hay” is increasing by orders of magnitude. However, most network recording and search devices on the market today cannot keep up with data rates beyond a few gigabits per second, and have to “sample” the network traffic. In this context, selecting the right network recording and search device means the difference between understanding and resolving your problem quickly, and spending days or weeks trying to randomly capture the right packets. In this webinar, we’ll explore the different options that organizations have for recording and mining network traffic to identify and resolve ITSM issues. We'll explore what matters most when your applications fail, and share some best-practice insights gleaned from working with customers that run some of the largest and most critical data networks on the planet.

1. 1 Copyright © 2013
Using Network Recording
and Search to Improve IT
Service Delivery
Emulex Corporation
September 11, 2013

2. 2 Copyright © 2013
The ITSM Environment
Most enterprises today are critically dependent upon their
network to deliver products and services to their customers
Meeting internal and external service level agreements is a key
part of this responsibility, and is the focus of ITSM disciplines
How do you get enough visibility into your network to know
you are meeting SLAs and delivering your services?

3. 3 Copyright © 2013
The Cost of Network and Service Interruptions
A measure of the importance of the network to enterprises is
the cost of outages to their business
– These costs typically are in
the hundreds of thousands
to millions of dollars/hour
– Short-term outages (less
than 1 hour) impact revenue
– Longer outages impact
customer loyalty and
brand, and require
remediation expenditures
beyond IT
These longer outages are
the ones that typically are
the hardest to
diagnose, fix, and verify

4. 4 Copyright © 2013
ITSM Challenges Today
Today’s network technologies and trends both enable new IT
services AND complicate IT’s ability to meet customer SLAs
– Traffic is growing exponentially
– Networks are moving to 10Gb Ethernet
speeds and beyond
– Convergence of multiple types of
networks onto a single wire (or two)
– Virtualization of servers can obscure
actual sources and sinks of traffic
– Software-defined networks offer new
QoS tools and capabilities, while at the
same time further obscuring overall
network traffic flows
This is where improving visibility into the network becomes
critical to delivery of SLAs

5. 5 Copyright © 2013
Polling Question 1
What is your most prevalent ITSM issue?
– Meeting customer SLAs
– eCommerce site performance
– Content delivery performance
– Network-based technology performance (VoIP, VDI, storage, etc.)
– Other

6. 6 Copyright © 2013
Investments in Network Health: 4 Categories
1. Prevention
2. Detection
Detect things that may
be bad and were
missed by prevention
tools; generate alerts
Sit in the network and
stop known bad things
from happening
3. Response
4. Root cause
Help engineers
respond to any kind
of network-related
problem fast
Enable engineers to
understand exactly what
happened and why
3
4
2
1

7. 7 Copyright © 2013
BUT, Historical NPM/APM Spending Profiles
Don’t Adequately Address the Problem
Historically, network IT has
been reactive in nature
Tool spending has focused
on prevention and detection
Spending on tools to improve
response times, issue
analysis, and network
adaptation has lagged
Result: more downtime,
longer maximum TTRs

8. 8 Copyright © 2013
How Bad is The Problem Today?
SYMANTEC REPORT – JULY 2012
THE INCREASING PRESSURE ON
DATA CENTER IT OPERATIONS IS
A GROWING COMPLEXITY
DRIVEN BY THE RAPIDLY
GROWING NUMBER OF
BUSINESS-CRITICAL
APPLICATIONS WHICH IN TURN
IS LEADING TO MORE
DOWNTIME.
?Data Center
Consolid’n
Server
Consolid’n
Virtualization FC to 10GE
Transition
Storage
Virtualization
App
Mobility
Network
Security
Network
Virtualization

9. 9 Copyright © 2013
How Bad is The Problem Today?
BETWEEN JUNE 2010
AND FEBRUARY 2012, THE
COST PER HOUR OF
NETWORK DOWNTIME
INCREASED, ON
AVERAGE, BY 65%
ABERDEEN GROUP – 2012
?Data Center
Consolid’n
Server
Consolid’n
Virtualization FC to 10GE
Transition
Storage
Virtualization
App
Mobility
Network
Security
Network
Virtualization

10. 10 Copyright © 2013
How Bad is The Problem Today?
THE ENTERPRISE
NETWORK HAS NEVER
HAD SO MANY BLIND
SPOTS
IDC – JULY 2012
?Data Center
Consolid’n
Server
Consolid’n
Virtualization FC to 10GE
Transition
Storage
Virtualization
App
Mobility
Network
Security
Network
Virtualization
Increased network visibility is critical to addressing these issues

11. 11 Copyright © 2013
Polling Question 2
How many different tools do you regularly use to detect,
identify, and root-cause ITSM issues?
– <5
– 5-10
– 10-20
– >20
– Don’t know

12. 12 Copyright © 2013
How Much Network Visibility Do You Need?
Just as in the video world, there is a big difference between
low-def network visibility and high-def network visibility
– Low-def shows you the overall trends – great for long-term traffic
planning and identifying large deviations from the norm
– High-def lets you see the action (microbursts, dropped packets, protocol
errors) that underlie the most difficult application performance issues
Sampled data
(whether netflows
or packets) cannot
provide the high-
definition picture
you need to
resolve
application
performance
issues

13. 13 Copyright © 2013
Emulex – A Market Leader in Network
Connectivity and Network Visibility
Emulex recently acquired
Endace, a world leader in
network recording
10+ year history selling
network recording solutions
to top tier global clients
– Gov’t, Finance, Content Delivery
Networks, eCommerce Front-
Ends, High-Frequency Trading,
Telco & Enterprise
We deliver 100% accurate
packet and Netflow capture

14. 14 Copyright © 2013
Typical Network Visibility Fabric Deployments
SecOps deployment monitoring
both sides of the DMZ; record
attacks, ID compromised data
NetOps deployment monitoring
north-south traffic; ID inbound/
outbound application issues
NetOps deployment monitoring
east-west traffic; ID internal
application performance issues

15. 15 Copyright © 2013
Customer Case Study
Customer: Large Web 2.0 company
Business problem: The customer needed to generate real-time Netflow
from sliced packets to gain visibility, SLA monitoring and network behavior
analysis. Integration with Arbor Networks Peakflow a must for analysis
reporting.
Products deployed:
– Endace Netflow Generator Appliance (NGA)-3040
Competitors/Ecosystem
– Cisco NGA

16. 16 Copyright © 2013
E7000 4 x 10
Netflow sensor
DAG 2x10G A
MGMT:
2 x 1G
bonded
links2 x 10GbE
links
Workstation
~16Gbps Average
BW of 256B sliced
packets – slicing
done on upstream
routers not on
Endace. 15K new
flows/sec, 30K
transactions/sec,
~8Mpps, ~3M active
flows at any point in
time.
NetFlow
~15K new
Netflows/sec
Arbor
Netflow
collectors
Netflow VM config:
16G RAM
Allocate 6 CPUs to VM
2 x vDAGs
DAG 2x10G
Data pipe config:
2x data pipes snapped at 128B
50% load balanced to each vDAG
Customer Case Study
Production
Network

17. 17 Copyright © 2013
Network Recording Infrastructure
Network Visibility
Headend
Allows EndaceProbe
INRs/ODE to scale to 40 and
100GbE
EndaceAccess™
Hosting platform for
monitoring apps
Up to 32 TB storage 20 x
GbE or 10 x 10GbE
Endace Open
Hosting Platform(ODE)
High Performance Intelligent
Network Recording
Up to 64 TB storage
Mix of 1 and 10GbE ports
EndaceProbe™ INR
High-speed NetFlow
generation
1 and 10GbE ports
Endace NetFlow
Generator

18. 18 Copyright © 2013
Endace Fusion Ecosystem Program – Open APM/NPM
• Most G2000 IT Shops
Have Over 100+ Tools
• More Cost, More OPEX
• Either for NetOps or
SecOps
Silos of APM/NPM
(Competitors Today)
APM/NPM HW
Appliance
APM/NPM SW
Applications
Network Search Engines
(Emulex Today)
• 100% PACKET CAPTURE
• Centralized and Shared
Data
• Lower CAPEX and OPEX
• Detection and Resolution
• Open Platform
Endace Capture Appliance
10/40/100GbE
Network Search Engine
with Fusion Connectors
APM
App
NPM
App
IDS
App
HFT
App

19. 19 Copyright © 2013
Endace Top 10 Use Cases
Investigating suspected security/data loss issues fast
Rapid response to critical network outages
Troubleshooting intermittent application performance issues fast
Optimizing network resources and identifying bandwidth chokes
Monitoring end user application usage policies on data networks
Alerts on bandwidth spikes, microburst and application detection
Reducing time-to-value on IT initiatives like VDI and SDN
Smoothing the path to BYOD through network visibility
Helping 1GbE applications scale to 10GbE
Bandwidth planning

20. 20 Copyright © 2013
Polling Question 3
What percentage of your ITSM issues would packet or netflow
recording help you resolve more quickly?
– <10%
– 10%-20%
– 20%-40%
– 40%-60%
– Greater than 60%

21. 21 Copyright © 2013
Summary – Using Standalone Network Visibility
to Improve ITSM Delivery
Faster Time to Resolution for Difficult Network/Security Issues
– Provides all of the data to identify the problem
– Allows “replay” of the issue to verify its correction
– Archiving the data enables after-action review at Level 3 personnel’s
convenience
Standalone Network Recorders Enable Best-In-Breed Solutions
– Reduce the number of dashboards
– Scale the solution to the extent you need
– Pay for what you need
Other Enterprises Are Using Our Solution to Improve Their
Network Availability and Security
– Eliminating hard to fix/intermittent issues has high ROI
Let Emulex Help You Improve Your Network’s ITSM Delivery

22. 22 Copyright © 2013