IT and NetOps teams spend a lot of time planning, deploying, upgrading, maintaining, troubleshooting, and monitoring the network. This requires a complete understanding of the entire network landscape both on-prem, in the cloud, or across hybrid environments. But as networks continue to get more and more complex, teams are struggling to keep pace. Enter AIOps, a technology designed to help automate and enhance IT operations. According to Gartner, “AIOps combines big data and machine learning to automate IT operations processes, including event correlation, anomaly detection, and causality determination."
The basic premise of AIOps is simple. 1) It can conduct analysis across all data sources to identify patterns and correlations, 2) it can provide proactive insights, and 3) it can enable IT to automate processes or solutions to challenges as they occur or before they happen. But unfortunately, recent research shows that technical staff are less likely to believe in this technology. In fact, according to a new EMA report, they are more likely to believe in their own skill abilities as network infrastructure professionals than in the merits of a set of algorithms.
That said, the report shows that individuals with hands-on experience are more likely to believe in the productivity and efficiency benefits AIOps can provide. But, giving technical staff the level of first-hand AIOps experience they need to get on board isn’t always possible upfront.
AIOps use cases
So how can you overcome these AIOps biases and misconceptions and get your team to understand this technology’s tremendous potential? Let’s look at five key use cases that should help technical staff see the benefits clearly:
1) AIOps can be incredibly powerful for streamlining network operations workflows by providing enterprises with anomaly detection, automated security incident remediation, intelligent alerting /escalation, and automated service problem remediation when implementing the technology to network management. This can obviously have a tremendous impact on network security (firewalls, IDS/IPS, device profiling, etc.), data center networking (layer 2, 3 switching, virtual overlays, and public cloud network like laaS). The primary advantage of an AIOps platform is the ability to self-learn. Being able to understand normal and not-normal network and application behavior and then alert on abnormalities helps reduce noise significantly. This fundamentally improves network operations and corresponding workflows.
Let's take the example of setting thresholds for bad application experience. As application experience depends on a variety of factors, including the physical distance between source and destination, last-mile network bandwidth, resourcing of end-user devices, and more, the baseline is relatively different for different applications across the network. Applying thresholds manually for an enterprise-grade network is both challenging and impractical. Using baselining techniques leveraging historical data, contextual baselines can be determined as well as corresponding dynamic thresholds that could change based on the state of the network as time passes by. This ability to adjust thresholds and thereby produce meaningful alerts is a sure-shot way to improve network operations workflows.
2) AIOps solutions can cut down on arduous troubleshooting by eliminating the time network professionals spend going through data to find answers to network flow issues and security incidents. When using AIOps, you can apply advanced Machine Learning (ML) and Artificial Intelligence-based (AI) analytics to automate a wide range of tasks your IT team would typically manage. ML-driven AIOps has significantly improved threat detection and, thereby, security incident response methods. This is particularly true with threat detection such as phishing attacks. By understanding the patterns of Client to Server and Server to Client interactions, bytes sent and received, and the time intervals among them, ML/AI-based techniques can very accurately identify such attacks. These would have been virtually impossible to detect if you were just looking at the state of the sources.
3) AIOps improves productivity by consolidating tools in a single place. The majority of NetOps teams use between four and ten tools to manage network needs and address visibility issues. Allowing AIOps solutions to automate the data review and management protocols for your team can improve productivity. AIOps platforms typically do a better job as more types of network telemetry are available – such as network infrastructure health via device, links, topology status; application health via application visibility; quality of service via corresponding policies, user information, location information, application hosting regions; and more.
By assimilating information from multiple sources, and looking at deeper correlations between these data sets, the root cause of a particular behavior can be unearthed. For example, a typical application performance (lower MOS score) can be due to dropped packets due to congested links, high network device CPU due to a DOS attack, badly configured QoS policy, or incorrect routing and thus a longer path between server and client. Typically network management tools look at a subset of these telemetry sources and thus are able to provide an incomplete picture. However, if an AIOps platform can ingest, process, correlate, and derive from these disparate datasets, a more complete and accurate picture of the root cause emerges.
4) AIOps allows teams to focus on strategic business-driving initiatives, such as capacity planning or consumer application usage via business applications. According to the EMA report, 90% of participants agree AIOps can lead to better business outcomes for their enterprises. The benefits could be directly through a better understanding of existing or historical trends as well as predicting their future or could be simply because the IT workforce can focus on business priorities instead of reactively troubleshooting the network and application issues. An example for the former case would be a greater understanding or mapping of user behavior with app usage in a retail environment. If there is a strong correlation between in-store mobile app traffic in a store WiFi network with demand for a certain category of products (via URL based identification or similar technique), the retailer can either make the searched item widely available or put it in a convenient spot so that it is easily reachable. The usage patterns can also provide insights about potentially increasing the available WiFi bandwidth (or not) to optimize business objectives.
5) AIOps helps automate operations. Ideally, AIOps applies advanced analytics in the form of ML and AI to automate operations that are already handled by IT and NetOps teams, such as change firewall rules to blacklist a source, push a network QoS policy change to improve bandwidth allocation to VoIP, or push a policy change to route application traffic for non-business traffic via the Internet link in an SD-WAN environment. This creates a picture of what your team considers “normal" in a functioning network, and as a result, helps accurately identify any abnormalities they need to investigate and address. Having this insight readily available enables NetOps teams to move quickly when solving networking issues. To elaborate more on automation (in a modern controller-driven enterprise network), AIOps platforms can provide remediation to potential issues by directly integrating with a deployed network controller and pushing configuration changes via controller APIs. This simplifies and streamlines automation reach, compliance, and security considerations.
AIOps has great potential to streamline workflows and increase productivity within IT and NetOps teams. This can improve business outcomes and allow for the reallocation of resources to other projects. Unfortunately, even with the clear benefits mentioned above, the technology still has a long way to go to reach adoption maturity. EMA reports that only 38% of organizations are currently budgeting for AIOps, and most don’t anticipate having available budget for it until 2022. AIOps should begin to rise on the long list of enterprise IT priorities as more organizations begin fully executing AIOps implementations and the broader industry becomes more educated and familiar with the benefits.
If you’re looking to get started with AIOps, here are several good resources to consider, such as Gartner AIOps market Guide (needs a subscription) and Why, When, and How to Consider AIOps For Your Enterprise.
Vishwas Puttasubbappa is SVP of R&D at LiveAction.