11/7/2023: VMware Edge Network Intelligence is now VMware Edge Intelligence! Announced at VMware Explore Barcelona, Intelligent Assist for VMware Software-Defined Edge will bring VMware Edge Intelligence together with generative AI to provide intelligent remediation and security for both OT and IT environments. Read our blog post to learn more.
Updated 10/13/2022
Part 2: AIOps Provides SD-WAN Branches Superior Performance and Security
Note: This is the second in a four-part series about how VMware Edge Network Intelligence™ enables better insights for IT into client device experience and client behavior. In this article, learn more about AIOps for SD-WAN security.
Data analytics makes network branch sites (including home offices) more secure and efficient
Our first blog post looked at how data analytics powered by AIOps provides companies with the insight to get the most out of their investment in an SD-WAN platform. Any technical infrastructure using SD-WAN generates a massive amount of data, and AI and machine learning help companies glean actionable information from it.
This post details how data analytics makes network branch sites (including home offices) more secure and efficient. Analytics supplies the essential real-time data that lets network administrators ensure optimal performance at every point accessing the SD-WAN platform.
Devices connected to SD-WAN platforms provide useful data sources
VMware Edge Network Intelligence provides comprehensive cross-data correlation and analysis with cloud-native, AI/ML engine and big data analytics.
AIOps platforms can analyze more than one source of data. As noted in the previous post, SD-WAN systems generate information about application flows across an entire network. However, they don’t provide any insight about the other parts of the client to container to application journey. The diagrams below show how VMware Edge Network Intelligence provides a panoramic network view.
Traditional SD-WAN viewpoint: Internals of the branch/campus is a black box.The new picture with an AIOPs platform incorporating additional data sources describing end-client performance and behavior at the network edge.
Specifically, as client devices access applications, they do so from an access network, a branch, or even a home office. These provide additional data sources that can be fed from SD-WAN into an AIOps platform. In many cases, this data arrives over a wireless system. This data includes information on the wireless access point, its location, signal quality, and if there are any rogue access points interfering with the signal.
Wired devices, including IoT devices, provide another source of valuable information on SD-WAN network performance. This includes the wired devices connected to an access point, their physical locations, and the overall port health.
Get insight into network services
Feeding all this data from wired and wireless devices into an AIOps platform such as VMware Edge Network Intelligence provides keen insight into network services. For example, network administrators are able to verify if client devices are able to authenticate to the network. If not, determining the underlying problem becomes simple.
You can add insight from other network services such as DNS and DHCP, either by getting data directly from the servers themselves, or from analyzing packet data from within the enterprise branch or campus. This lets enterprises look at individual network transactions to analyze the performance of every client device.
You can also glean data directly from the client device itself as an additional data point. Installing a VMware Edge Network Intelligence client application measures many of the data points previously mentioned, but from the perspective of the client. The ultimate goal is providing more insight into that leg of the journey as clients are connecting to applications.
Data from applications
API calls get application data that describes the user experience for every single client device – for example, data from Zoom on voice, video and screenshare quality, resolution, frame rate and more. In healthcare, applications such as Citrix XenApp or VMware Horizon provide data offering a critical point of insight into the experience of client devices accessing the network. It allows network engineers to drill down into the root causes of any issues relating to the overall application experience.
Being able to analyze data from client devices accessing the network, as well as the applications those devices are using, offers visibility into the overall performance of the SD-WAN network. The ability to feed all this data into AIOps remains the key link in gleaning that actionable information from the masses of data supplied by the network, devices, and applications.
How AIOps helps network administrators monitor SD-WAN
Using an AIOps platform such as VMware Edge Network Intelligence on this data goes beyond just the application insights on the WAN network. For example, its auto discovery features can identify the actual devices accessing these applications from inside the branch, campus or home.
It also specifically recognizes IoT devices – for example a specific sensor, camera, or barcode scanner. The AIOps machine learning algorithms group discovered devices by their type as they learn how these device clusters are similar and different.
Additionally, the analyzed data helps determine exactly where a fault is occurring. For example, does the fault lie in the client LAN, the SD-WAN, or even the data center? Instead of just describing faults, VMware Edge Network Intelligence isolates the fault location and root cause. This helps administrators focus on resolution, not root cause analysis.
The AIOps platform sees application performance data at multiple vantage points to determine which segment is faulty. The next obvious question is: Within the faulty segment, what’s the root cause? That’s where additional data sources feeding AIOPs come in.
This approach adds efficiency to network troubleshooting processes. If multiple wireless devices in the same location are having problems, perhaps something is causing wireless interference near that spot. Slow application access might be due to high latency on the DNS server used for that application. Network engineers become more effective at diagnosing and fixing issues as a result.
The ability to provide specific information on the root cause of a network problem improves based on the amount of data available to the AIOps platform. The internal algorithms leverage similar techniques employed for the WAN-only data. It automatically learns the performance baselines, detects deviations, and correlates those to a likely root cause. This additional data fed into AIOps expands insight, making it useful not only to WAN network engineers but also to other personnel across the IT organization, including LAN engineers and the application team.
How AIOPs helps address work from home
People who work from home mostly use non-enterprise grade network connectivity (e.g. a Netgear, Apple, or basic ISP-provided Wi-Fi router). Because of this, many of the data sources mentioned above are not readily available to feed into the AIOPs platform.
Yet two critical data sources, when fed into an AIOPs platform, help shed light on work-from-home users:
Client application data: Because it gets measurements directly from the end-client device, it is completely networking equipment/vendor-agnostic
Data directly from critical applications: Because data is coming directly from the application server, it describes the application performance of devices connecting from the office or the home
VMware Edge Network Intelligence uses machine learning on top of these data sources. It provides enterprise IT with a unified view of home users’ experience and the root causes of any critical application issue. For example, it can determine that poor Zoom performance was caused by poor Wi-Fi, then provide insight into the specific before-and-after ROI due to any change – how much did installing a VMware SD-WAN Edge benefit the user? Finally, it can surface employees with problematic devices so that IT can reach out and be proactive in improving their productivity.
Before-and-after use case: Infusion pumps
Recognizing and classifying devices by their type and location can be critical. For example, multiple failures to access Microsoft 365 in one wing of an office can be annoying, but failures in a cluster of IoT devices in an emergency room can be life-threatening.
Infusion pumps are used at hospitals to automatically deliver medicines or fluids to patients intravenously. If these pumps can’t connect to their server, then they can’t identify the substances they need to infuse, putting patients at risk. With traditional network monitoring tools, hospital staff would not necessarily know a MAC or IP address belongs to an infusion pump. They would only see that the device using that address is malfunctioning. The AIOps routines identify these devices as infusion pumps, understand their importance, and detect the current connection failure.
Identify problems before patients get sick
In another example, say these infusion pumps are hijacked by someone in another country or a malicious server in the cloud. Before AIOps, this is something that hospital IT would have to notice manually. They might not see the problem until patients start to become sicker, or it might take too long to correlate infusion pump failures with network failures. AIOps would have already established a baseline, understood that this cluster of infusion pumps should not be talking to a rogue endpoint, and alerted IT staff before problems started to happen.
VMware Edge Network Intelligence is a cloud-native solution. Its collective insights and learnings about device behavior and threat intelligence on one network can be shared anonymously across all customers. In this infusion pump example, a cohort analysis could show that many pumps in different hospitals are experiencing similar failures, pointing to a potential hardware problem with all pumps from a specific manufacturer. In this way, anonymized data from one customer can potentially benefit all customers in the same vertical or using the same hardware.
More data allows more effective performance baselining
An important AIOps feature noted in the previous blog is the automatic baselining of network performance data. This information lets the system detect if performance degrades to a point below a baseline, then alert network personnel to the problem.
When the AIOps system detects a change in the network or configuration, it automatically annotates the baseline. This ultimately provides critical information on whether the change worked. For example, if a traffic steering decision on a VMware SD-WAN Edge is made, the system notes whether or not the overall application experience actually improved.
With more data fed into AIOps, it’s able to include more systems in its analysis. For example, a configuration change in a wireless controller, a Radius server, or a DNS server could have a significant impact on user experience. Automatically correlating all these data sources and using the baseline in conjunction with those annotations provides more insight to network engineers.
Data at the client device level is another critical source for actionable information. For example, with what protocols, geographies, or applications does a device normally interact? The similar technique of baselining the behavior of these devices and figuring out deviations from that behavior provides meaningful insight to IT on when these devices are behaving in an abnormal way.
Applying AIOps to network security and user authentication
VMware Edge Network Intelligence follows VMware’s core security principal: Rather than simply keeping out bad software or people, it’s a best practice to establish a baseline of “known good” parameters and then detect deviations from that baseline. This comes into play with Secure Access Service Edge (SASE) data sources. For example, a unified access gateway provides a lot of information about the security posture of a particular client device. Similarly, the next generation secure web gateway and the next generation firewall give important insights, both from a performance and a security perspective.
From the performance side, access control lists (ACL) or deny lists configured on these devices have an important impact in terms of user experience. Perhaps certain end points can’t be accessed because of ACLs being configured on these devices? From a security standpoint, being able to baseline the normal things accessed by a device and automatically figure out when it accesses something outside of that baseline is vital.
Ultimately, VMware Edge Network Intelligence ensures network branch sites receive superior performance in tandem with critical network security.
