Sniffing at the Datacenter vs the Branch
A recent question seemed pretty straightforward at first glance but stimulated a whole bunch of debate back in the office: Should we sniff traffic for passive analytics at the branch offices or back at HQ in the datacentre?
Well a few short years ago the answer would have been a lot simpler. It would have revolved around the financials of a big costly centralised capability versus a large number of smaller lower-priced units. We would then have considered the likely affect, based on topology, of the distance of the branch offices from HQ and whether we could expect valid user experience figures in such an environment.
Indeed this debate is still being waged by many suppliers.
The world has moved on and so must our thinking.
The first question must determine what kind of applications are being monitored – browsers, voice calls, conferencing, VDI, think client, IoT, EFT, Kiosks, SelfService terminals?
Next we need to consider the nature of the branch access network, are we dealing with a shared environment, VPN or private network.
Now the third question. Of the applications we are interested in, how many are actually based in an HQ datacenter, how many are further upstream from there but concentrated through the datacentre network hub and how many are out in SaaS land and never touch the datacentre.
This last question will help determine the visibility gained through a centralised monitoring tool – no point monitoring the ‘hub’ if the use of SaaS directly from the branches means you no longer have a pure hub network.
It will also help determine the validity of monitoring at that point if you do have a hub network – you could be monitoring an arbitrary midpoint if your SaaS traffic just exists at the hub and carries on its merry way to the west coast of the the USA.
If this makes sense then stay tuned as we will shortly throw Passive vs Active monitoring into the mix.
Contact us if we can help shape your thinking in this space. Always happy to chat.