If you attended some tradeshows last fall, you might have been overwhelmed by the number of times that the word “observability” appeared on booths, banners, brochures, and presentations. What is this word, what does it mean, and how does it apply to networking? Is it just the new marketing buzzword of the moment, or does it reflect a genuine shift in how IT teams and leaders are thinking about and approaching classic monitoring?
Like most cases, the truth lies somewhere between these two extremes. A Gartner report from 2020 defined network observability as “the evolution of monitoring into a process that offers insight into digital business applications, speeds up innovation, and enhances customer experience.” There is some overlap between network observability and the more familiar phrases “network monitoring” and/or "network visibility," but observability does have a distinct meaning and use case. Let's go through this in detail for the benefit of any confused Network Operations (NetOps) professionals.
In short, network monitoring means gathering specific metrics like SNMP, NetFlow, or packet data to track network device health. It answers specific questions about the performance of specific devices, like “is this node overloaded?” Monitoring is reactive because IT must select what and where they want to monitor while setting it up – they need to pick where in the network to place probes or which devices to collect metrics from. As the network gets more complex, especially with the increased use of software-as-a-service (SaaS) applications and public and private clouds, monitoring all these disparate segments gets more difficult.
Monitoring is also limited – it only covers the specific things it is set up to cover and does not provide a holistic view of the network. If an issue arises in a segment where IT has not set up monitoring, they will have a blind spot. More blind spots mean a less holistic picture. Moreover, correlating and making sense out of the collected data from multiple segments of the network is a significant challenge. This leads to an issue called "watermelon dashboards," where the results from the monitoring tool are all showing green, but users are still complaining of poor service experience (green on the outside, red on the inside).
Monitoring tools (like packet brokers and network TAPs) play an important role in network visibility and observability solutions as the “plumbing” that gathers and feeds the data that these more complex solutions rely on.
Network visibility is the result of successful monitoring; IT gains visibility through monitoring. It means understanding everything that is happening on the network in greater detail. Visibility must be comprehensive – there can be no blind spots where issues can go undetected. Depth matters as well; visibility requires detailed data like full packet captures in addition to NetFlow and log data. Monitoring products like packet brokers are important parts of network visibility solutions. But having network visibility also requires packet capture and storage capabilities, as well as the ability to get network data from public cloud deployments and SaaS applications. This focus on detailed, comprehensive data from all parts of the network sets visibility apart from monitoring.
The security team is often interested in network visibility because they need access to full packet data to scan for malware signatures, suspicious behavior, and conduct threat hunting. Network visibility is an important part of a successful Network Detection and Response (NDR) solution. Visibility enables the IT discipline of Network Security Operation (NetSecOps) to emerge.
Saying a network is “observable” means that the IT teams can easily understand the overall picture of how the network impacts the services and experiences depending on it. This is the 30,000-foot, holistic, well-rounded view. Network observability metrics usually focus on an entire connection and the experience of the end-user rather than the individual devices along the way.
A major goal of network observability is to proactively surface network dependencies or issues before they affect users and services. Then IT can look deeper if needed through the network visibility mechanisms in place. Observability may also be automated or made intelligent through machine learning and big data analysis techniques layered on top of the complete networking data provided by visibility solutions. Many CIOs and CISOs are interested in this objective. Observability also paves the way for AIOps, where the fixes to network issues are automated entirely. The hallmark of an observability solution is that it offers the ability to uncover troubleshooting issues automatically, rather than relying on the NetOps team to spot them.
Observability has increased in popularity because the increased use of the cloud and SaaS apps has exposed the limits of traditional network monitoring. The three major public cloud providers used to be black boxes for visibility with no way for IT teams to access the packets traveling between their cloud-hosted applications. Monitoring tools built into the public clouds only cover part of that picture. Observability solutions are part of the push for a more holistic and multi-cloud or hybrid-cloud view of the network.
Modern network environments are complex and distributed. Quickly and accurately identifying the source of issues, even if they are outside of the normal tech stack, remains a significant challenge for IT teams. Observability for the network is becoming popular because it promises to make this challenge easier. Successful network observability can provide significant value to the organization in the form of reduced Mean Time to Resolution, more productive employees, happier customers, and more time for the IT team to spend on other projects.
Nadeem Zahid is Vice President of Product Management and Marketing at cPacket Networks.