White Paper: Reduce the Headaches of Infrastructure Change in 5 Easy Steps

No matter how well prepared you are, managing change in the network infrastructure can be a bumpy process. There are many infrastructure changes that can cause significant problems for an organization if they are not appropriately planned, implemented, and supported with the right practices and technology. But “infrastructure change” is a very broad term that encompasses a wide range of activities and challenges.

Following are just a few examples of projects that require infrastructure change with some common challenges highlighted:

Virtualization – It is difficult to have a clear understanding of who is accessing computing resources such as disk arrays or virtual machines in a virtualized environment.

How do you:

  • Ensure that network and application traffic is sufficiently distributed so that no single section of the infrastructure is overloaded, especially at certain times such as end of quarter or overlapping time zones?

  • Protect these systems against internal security breaches?

  • Optimally schedule change windows? ?
  • Voice/data convergence – Adding a response-time-sensitive and business-critical technology such as VoIP to the network infrastructure requires an understanding of critical information about the network that can be very difficult to get.

    How do you:

    • Ensure that all VoIP traffic is running across the dedicated VLAN?

    • Know whether other applications running with the VoIP are creating congestion that affect VoIP call quality?

    • Know whether performance of other applications has suffered since the VoIP was deployed?

    Data center migration – Most organizations will need at some point to relocate, consolidate, expand, or segment their data centers due to growth, mergers and acquisitions, or other organizational change. This can be extremely challenging.

    How do you: :

    • Know what applications will be affected?

    • Know which users will be affected?

    • Identify all the services that are in use within the current infrastructure?

    • Identify how applications are used to ensure that prioritization maps to actual business usage?

    Disaster recovery planning – In order to develop an appropriate disaster recovery plan that will allow for a business to continue operation in the event of a serious
    disruption.

    How do you:

    • Know which applications are the most important to the business and must be able to transition to the backup sites?

    • Understand which services (DNS servers, DHCP, etc.) those applications require to function properly at the backup site?

    • Know which applications are used but will not be supported during the disaster recovery process?

    • Understand the bandwidth usage for each application – especially in cases where hot sites are distributed – as opposed to aggregate bandwidth data?

    • Monitor post-transition any resources, users, and dependencies that did not make the transition or are not behaving as expected?

    New application rollouts – Rolling out large applications – such as CRM, ERP, SFA, HER, etc. – is challenging to ensure that the application functionality is made available
    to the users who need it without creating adverse affects on the network infrastructure.

    How do you:

    • Understand pre-deployment who uses which services and components of existing applications?

    • Quickly identify post-deployment performance or availability issues?

    • Understand who consumes the application's resources and when they are consumed for tracking and future planning?

    No matter how your infrastructure is changing, your goal is to optimize the planning and minimize the disruption for the change. All of the challenges outlined above can
    be addressed, but to do so you need to know what is happening on your network both now and historically, what is typical, and who or what could be affected by the
    change. This kind of holistic visibility is critical in order for you to make the best business
    decisions possible.

    There’s a Gap in Technologies
    One area where many organizations struggle is finding the right tools and processes to gain a holistic view of activity across the entire network. While there are many
    tools and approaches on the market today, most suffer limitations. Many tools provide visibility in areas where they are physically connected and for specified conditions.
    Link-based solutions provide only a piece of the picture. Fault-driven technologies are “noisy” and focus on alerts and snapshots. In addition, deployment of many of these
    solutions requires a costly array of agents, probes, or inline devices that ultimately increase the complexity of your infrastructure. Other technologies work very well for
    specific tasks but can't effectively be “stretched” to watch the wire, not just the end points. Similarly, troubleshooting tools (e.g. protocol analyzers or IDS/IPS) are effective when you know what you are looking for and where it is likely to be found; they won’t, however, show you what happened before an event occurred that precipitated
    the problem.

    To fill the gaps, you need a technology that lets you understand the activity of users, applications, hosts, and devices across the entire network and answer any question
    about who, what, where, when, what’s typical, and what’s changed.

    Network Behavior Analysis Fills that Gap
    The Yankee Group defines Network Behavior Analysis (NBA) as systems that “take information from existing network devices about how endpoints are using the network
    (where they go, what they use, typical traffic, etc.).” NBA systems analyze network traffic data – such as NetFlow, cFlow and sFlow – from routers and switches
    throughout the network. The system builds a profile of the behavior of systems, users, and applications inside the network and continuously monitors their activity,
    alerting operations teams of security events, performance issues, and policy violations.

    The Mazu NBA system provides continuous global visibility into how users, applications, hosts, and devices are behaving on your network, and tells you how their current
    activity differs from their typical behavior. You’ll optimize network operations, secure your internal network, and maximize application availability because you’ll
    always know what’s happening on your network: who’s talking to whom, what applications and services are running, where the traffic is flowing, and if there are any
    meaningful changes that indicate a network issue, security threat, or application problem.

    Mazu collects this information across any, or all, of your network using a passive, agent-less deployment model that delivers immediate value. The data is stored in Mazu’s Network Intelligence Database,including both real-time and historical details. With this always-on, global view you'll understand usage patterns, consumption rates, and dependencies between users, applications, and network infrastructure.

    This dramatically reduces the time to troubleshoot network and security issues and provides critical information for accurate planning and impact analysis.


    Before you make any changes, it is important to understand the current environment. This is usually a piecemeal process with data gathered from inventories, old project plans, and interviews. Even if you can construct a complete picture, it will reflect what you think the current environment looks like, not what is actually happening.

    Mazu can easily and quickly provide you with a complete inventory of all applications running and with current and historical profiles that include bandwidth, use, and dependency information. This inventory helps you:

    • Identify undocumented applications – Unauthorized applications can be eliminated from the infrastructure. Authorized but undocumented applications can be incorporated into the planning process to reduce surprises during deployment.

    • Understand activity on the network – Identify the route path of network activity. Understand the dependencies on the network. Understand bandwidth consumption. Identify which application resources are being used and by whom. See which ports and protocols your applications use and how different applications, ports, and protocols interact with each other in real time. Identify servers, hosts, and clients who are generating abnormal levels of traffic and identify whether that traffic is related to a security breach. Compare your current application architecture library to how the applications are behaving.

    • Uncover trends – Understanding bandwidth usage over time, who consumes applications, and consumption fluctuations over time gives planners more complete
      information to incorporate into the process to build in appropriate thresholds.

    2. Pre-Change Planning: Real-Time and Historical Information for Better Change Planning
    Once you understand the current environment, you want to ensure that you have a complete plan to get you where you need to go and that you understand what it will look like when you get there. Mazu provides you with the information you need to:

    • Perform a gap analysis – A gap analysis helps you evaluate what needs to be done and can uncover important requirements. Mazu shows you what you have, who uses it, where it is used, and how it is used, and the dependencies.
      You can then compare this information to the plan and identify the gaps that need to be filled.

    • Perform impact analysis – Once you've identified your plan, Mazu can show you what the impact of implementing that plan will be on the network. This
      helps minimize unintended consequences during deployment.

    • Uncover trends – Understanding bandwidth usage over time, who consumes applications, and consumption fluctuations over time gives planners more complete
      information to incorporate into the process to build in appropriate thresholds.

    3. Change Deployment: Minimize Deployment Disruption
    Even the most carefully planned changes can cause unexpected problems such as network slowdowns and interruptions in service or application availability. Mazu
    enables you to minimize these problems by comparing current behavior to historical norms. As the deployment is underway, Mazu can evaluate how users, applications,
    servers, etc. are currently operating and compare that to historical norms to flag problems. This enables the deployment team to proactively identify a problem
    rather than having to rely on users’ complaints. In the event that a problem is identified, Mazu helps isolate the problem and identify solution areas by providing
    information about what led up to the disruption, who is affected, and what applications/systems/hosts are involved. Mazu delivers time savings throughout the
    deployment process; being able to quickly identify behavior changes, understand why the behavior changed, and verifying that a problem has been resolved helps
    reduce the time needed to resolve issues.

    4. Post-Change Monitoring and Support: Accelerate Problem Identification and Resolution
    Ensuring performance and availability beyond the deployment is necessary for ongoing support. To do this, you need to be able to quickly detect problems, identify
    root cause, formulate and implement a fix, and verify successful resolution. This acceleration allows IT staff reduce the time needed to resolve critical business problems related to infrastructure change planning and deployment.

    • Identify meaningful changes – Mazu continuously monitors the current network activity against typical and expected behavior. Mazu identifies meaningful changes enabling you to act quickly to resolve any issues before they have a serious operational or security impact on the environment.

    • Identify root cause – Because Mazu shows you not just what happened at the time of the problem, but what activity and behavior led up to it, you have important information to help you determine the root cause of the problem.

    • Formulate and implement a fix – Once the root cause has been identified, you can formulate an appropriate response. Mazu’s impact analysis capabilities
      enable you to identify who is affected to ensure that your response doesn’t create unintended consequences. This also enables you to be proactive and helps prioritize resolution actions during a large or complex event.

    • Verify success of fix – After the resolution has been implemented, you can ensure that network activity is back to normal.

    5. Post-Change Monitoring and Support: Improve Support Capabilities and Reporting Metrics
    Ongoing support and appropriate reporting metrics are necessary to ensure that the IT environment keeps pace with the requirements of the business and to improve
    planning for the next iteration of the infrastructure change.

    • Create and enforce policy – With the continuous global visibility Mazu provides into the behavior of users, applications, hosts, and devices on the network,
      you can develop appropriate access and usage policies. Furthermore, Mazu can alert you when violations occur, enabling you to not just develop policies but to enforce them.

    • Reporting – Because Mazu collects and saves information about all the activity across the entire network, virtually any type of report can be generated for a variety of needs including measuring QoS metrics, capacity and usage analysis, planning, audits, just to name a few.

    Mazu in Action
    The network engineering team at a financial
    firm is routinely notified of new applications
    to be deployed. Unfortunately they often
    receive these notifications just prior to the
    deployment instead of during the planning
    process. Since experience has shown that
    new applications usually cause problems in
    the operating environment, they try to delay
    the deployment until they can model the
    application. The modeling tools they used,
    however, did not monitor availability or
    behavior of an application after it has been
    deployed. The IT department now uses
    Mazu to “fingerprint” the relationship of the
    distributed components of the applications
    using rule-based events. If applications violate
    the rules, the network team is notified.
    This enables the group to more successfully
    support the organization as it rolls out new
    applications and services to users.

    You may like these other stories...

    Regulators struggle with conflicts in credit ratings and auditsThe Public Company Accounting Oversight Board (PCAOB), which was created by the Sarbanes-Oxley Act in 2002, released its third annual report on audits of...
    Regulatory compliance, risk management and cost-cutting are the big heartburn issues for finance execs in the C-suite. Yet financial planning and analysis—a key antacid—is insufficient.That's just one of the...
    A review of Financial Accounting Standards Board (FASB) guidance on share-based payment transactions found that the 2004 standard achieves its purpose and provides useful information to investors and other users of financial...

    Already a member? log in here.

    Upcoming CPE Webinars

    Aug 26
    This webcast will include discussions of recently issued, commonly-applicable Accounting Standards Updates for non-public, non-governmental entities.
    Aug 28
    Excel spreadsheets are often akin to the American Wild West, where users can input anything they want into any worksheet cell. Excel's Data Validation feature allows you to restrict user inputs to selected choices, but there are many nuances to the feature that often trip users up.
    Sep 9
    In this session we'll discuss the types of technologies and their uses in a small accounting firm office.
    Sep 11
    This webcast will include discussions of commonly-applicable Clarified Auditing Standards for audits of non-public, non-governmental entities.