In this presentation, EMA Vice President of Research Jim Frey and ExtraHop SVP Erik Giesa explain how IT organizations can derive real-time IT and business insights from their wire data, as well as the unique capabilities included in the fourth-generation ExtraHop platform that make this continuous operational intelligence possible. For more information, visit www.extrahop.com
2. Today’s Presenters
Jim Frey
Vice President of Research, Network
Management
Jim has over 25 years of experience in the computing industry
developing, deploying, managing, and marketing software and
hardware products, with the last 20 of those years spent in
network and infrastructure management, straddling both
enterprise and service provider sectors.
Erik Giesa
SVP of Marketing and Business Development,
ExtraHop Networks
Erik guides market strategy and execution with a focus on
helping customers transform their IT operations. Erik offers
keen insight into the goals and requirements of enterprise IT
organizations and ensures ExtraHop meets those needs. Erik
has held executive positions in product management,
marketing, solutions architecture, and business development
for companies like F5 Networks, Holistix, WRQ, and hDC
Express.
11. “With ExtraHop, we’ve achieved the ‘holy
grail’ of IT operations. We’re not just
remediating problems faster, but preventing
problems from occurring in the first place.”
— VP of Technical Operations
Blue-Chip Customers
Technology Partners
Industry Recognition
• Disruptive platform that enables
greater visibility, insight and IT
operations intelligence
• Technology leadership in
analyzing wire data
• Monitoring over 1M systems and
trillions of transactions daily
• Founded in 2007; rapidly
emerging leader
12. Everything Communicates on the Wire
Fat Which clients, users web and browsers, client types mobile are affected?
devices, VDI
clients
What are users doing on the network?
Firewalls, How well are applications How well is load balancers, WAN using accelerators,
the network?
applications?
switches, routers
the network delivering
Which servers are slow? What are the error
Clients
Network Tier
Web Tier messages?
Apache, IIS
Which web services are broken? Which
applications are affected? Am I detecting
anomalous behaviors?
SOAP/XML, JSON, AWS (EC2/SQS/S3), CICS,
X12, AS2, Riak
What Java/.is NET, baseline enterprise performance? apps, custom What apps,
is the
middleware
impact of this code update in production?
Authentication, Is authentication set up correctly on all
systems? Is there DNS, a DNS FTP
misconfiguration?
Which queries are running slow? Which
methods are used? How does this schema
change affect performance?
Oracle, SQL Server, DB2, Informix, MySQL,
Postgres, Sybase
What are file access times? Which users are
SAN, accessing NAS
sensitive files? Are my files
exposed?
Web Services
App Tier
Shared Services
Database Tier
Storage Tier
External
APIs
20. Role-Based & Time-Based Data Visualization
Role-based visualization
Time-based comparison. What happened
yesterday compared to now?
Frequency-based comparison. What are the
most frequently accessed files?
What are the best and worst performing
systems? Are they within my SLAs?
21. Rapid Analysis & Visualization
Simply explore all
metrics you want to
visualize, compare,
overlay, or trend.
Understand the
relationship of the top-level
metric category
with details. Custom
metrics are treated as
first order metrics!
22. Rapid Analysis & Visualization
1. Search and add
metric source
2. Select associated
detail metric(s)
3. Add to dashboard
24. Enriched Insight: Open Data Context API
The Open Data Context
API enables customers to
inject information from a
wide range of third-party
sources (e.g. user IDs)
into ExtraHop’s session
table, giving wire data
more context. The API is
bi-directional and also
allows external sources to
pull information from
ExtraHop’s session table.
25. Turning Monitoring Data into Operational
Intelligence
IT Director
– Payment Processing Co.
Is there a correlation between my order
transaction performance by merchant
and revenue? Can I capture real-time
order information without changing my
apps or creating a rigid, slow, and
expensive BI architecture?
26. ExtraHop Wire Data Stream Processing
From this: REAL-TIME WIRE
DATA STREAM
PROCESSING
of any raw bytes off
the wire into
structured data that
can be measured,
visualized, alerted
upon, and trended.
ExtraHop is the only
modular and
programmable Wire
Data analytics
platform in the
industry.
Customer Requirements:
• Surgically collect and measure
only these elements, no more
Big Data garbage.
• Do it with zero changes to my
servers, apps, DBs, or
infrastructure.
• Implementation should take
minutes, not months or years.
• I want the option to stream this
data and any other to a non-proprietary
NoSQL data store to
combine w/ other data sets.
27. ExtraHop: Wire Stream Processing in Action
IT Director
– Payment Processing Co.
In less than 30 minutes, I wrote an
Application Inspection Trigger and
ExtraHop is correlating order transaction
performance with all unique transactions,
orders, and revenue by merchant.
29. Real-Time Health Care Analytics
ExtraHop’s out-of-band, real-time
parsing of HL7 messages enables a
faster, more accurate, non-invasive,
and extremely cost
effective mission operations
analysis platform. Can easily be
done by location and any attribute
found in the HL7 message.
31. Open Sharing with Other Systems
Precision Transaction Streaming
Non-Proprietary
NoSQL DB
REAL-TIME
stream
processing,
analysis,
and
visualization
POST-HOC
Multi-dimensional analysis
AND/OR
Visualization Tools
Chartio
• Application teams
• DBAs
• Network team
• Security team
• Virtualization
team
• Business owners
• … and more
32. We Believe Data Should Be Set Free
Wire
Data
Machine
Data
Agent
Data
Synthetic
Data
Human-generated
Data
Open Source
NoSQL DB
Open ITOA Principles & Benefits
• Non-proprietary db: No vendor lock-in
• High-performance and scale
• Non-invasive precision data collection
• Lower costs: No data charge for use or growth
• Flexible data exploration / analysis
• Rapid and simple deployment
33. The Need for Storing & Querying Wire Data Transactions
IT Director
– Payment Processing Co.
Finance called and said one of our
merchant customers is complaining that
we’re creating duplicate orders. Their
customers are upset about over-charging.
They’ve threatened to move to another
clearinghouse.
Is our payment processing
application and engine broken?
Which of their customers did
this happen to, when and
how many?
Is it just this one
merchant or are there
others?
How exposed are we to
SLAs?
How much revenue was
involved?
34. Streaming Intelligence to Open Data Stores
Limited only by the NoSQL DB’s
sharding (clustering capability),
ExtraHop can stream an unlimited
number of cross-tier transactions
(up to 400,000 per second from
one appliance). All transactions are
time-stamped and can be stored for
any transaction, protocol and / or
payload type for post-hoc and multi-dimensional
analysis.
All transactions are pre-processed
and surgically extracted eliminating
Big Data garbage. Streamed Wire
Data is stored at no additional cost
from ExtraHop. Use , combine, and
grow data without fear.
35. A Simple Query Answering Hard Questions
Director of IT
– Payment Processing Co.
A duplicate order search of ExtraHop’s Wire
Data in my NoSQL DB is a simple query
across tens of millions of records and I don’t
have to pay for the growth and use of this
data.
36. Rapidly Answering Near-Impossible Questions
Is our payment processing application and engine broken?
It’s not the payment processing app. Duplicate orders are only being
processed from a single merchant indicating the problem is on their end.
Also, in ExtraHop’s real-time dashboards, it shows all transactions have
been processed without errors.
Is it just one merchant or are there others we don’t yet know about?
It’s only one merchant #9145290 which is Acme Inc., the one who called
Finance.
37. Rapidly Answering Near-Impossible Questions
How exposed are we to SLA penalties and how much revenue
was involved?
There will be no SLA penalties especially since we isolated the problem
in under 10 minutes. Overcharges totaling $15K were involved.
Which of their customers did this happen to, when, and how
many?
Only 2 customers were affected. Interestingly, both customers
purchased an item on the exact same data and time, 08/04/2014 at
5:51 PM. A call to the merchant revealed that was when IT was
cutting over two e-commerce apps inherited from their recent
acquisition of Zexel Corp. In the process, one of the appsmust have
allowed multiple commits from an impatient user pushing the submit
button more than once.
Is it just one merchant or are there others we don’t yet know about?
It’s only one merchant #9145290 which is Acme Inc., the one who called
Finance.