Many communications networks, such as virtual private networks or other types of enterprise Information Technology (IT) infrastructure environments, for example, are administered by IT professionals (system administrators) who are responsible for secure and efficient functioning of the IT infrastructure. Conventional network management tools fail to provide a system administrator with a real-time understanding of how components making up the network are behaving and interacting operationally. For example, conventional tools permit network traffic analysis based only on static topologies and architecture diagrams that are based on how a network was designed and constructed. Thus, they fail to permit adequate analysis of dynamically changing communicative relations over the network.
Modern networks may be exceedingly complex and dynamic systems, consisting of a variety of entities. For example, entities in an enterprise IT infrastructure environment may include physical and virtual computing machines, arranged at nodes in a communications network, linked by a data transmission medium. The transmission medium could be wired, wireless, or some combination thereof. Various datastores, virtual and physical disks, virtual and physical subnetworks, users, service groups and administrative systems and processes may also constitute parts of the infrastructure environment.
Conventional network management tools and systems can describe logical relationships between enterprise entities, such as, for example, “Enterprise Server A” is linked to “Data Store A”. Such tools and systems, however, fail to consider actual observed behavior of an entity (where no prescribed behavior is configured directly) and are inadequate to represent that behavior such that it can be dynamically correlated with monitored state.
As a result, conventional systems fail to enable a system administrator to understand how the IT infrastructure environment is actually being used in terms of both direct and indirect dependencies. For example, known techniques fail to account for indirect degradation of IT infrastructure entities that have a direct result on other IT infrastructure entities where a “communicates with” relationship exists. For example, an enterprise server “A” may appear by all accounts and instrumentation to be working properly, and the direct infrastructure dependencies such as storage and network devices may also be performing properly. But where an indirect dependency exists between two entities (such as an Enterprise Server “B” that enterprise server “A” has an “application communicates with” relationship) and depends on a third enterprise entity (e.g., a data store that the two entities do not share), known techniques fall short. Such indirect dependencies, undetectable by conventional techniques may cause Enterprise Server “B” to incur degraded performance which would cascade to degraded performance of Enterprise Server “A”.
Absent knowledge of an indirect degradation of IT infrastructure entities that have a direct result on other IT infrastructure entities where a “communicates with” relationship exists, a system administrator cannot quickly resolve such problems, or efficiently identify and isolate a specific entity or group of entities that may be the catalyst of a network performance issue.
Furthermore, existing techniques fail to take into account how entities are communicating and what impact is/will likely take place as a result in a change in the operational usage. The lack of this knowledge makes it difficult to do effective impact analysis.
A need therefore exists for improved network traffic analysis techniques.