The Power of Full-Fidelity Telemetry in Unified Observability

Heidi Gabrielson
SHARE ON:

Riverbed IQ’s approach to unified observability begins with the full-fidelity telemetry our market-leading NPM and DEM products provide. It applies artificial intelligence and machine learning (AI/ML) on this cross-domain data and correlates incidents across the data to identify business-impacting performance problems. Riverbed IQ then leverages automated workflow intelligence to gather additional evidence, build context, and set incident priorities. By reaching back into the Riverbed full-fidelity telemetry, IQ can fill in the supporting details—like affected clients, impacted devices, network round trip time, and more—to provide relevant perspectives to the Impact Summary.

This blog will dig into the importance of using full-fidelity telemetry with the Riverbed IQ unified observability service. But first, let’s define what Riverbed means by “full-fidelity.”

What is full-fidelity telemetry?

Full-fidelity data means you see and preserve every session in detail. It’s the capture and retention of every flow, every packet, every application transaction, and all user experience metrics so you see every incident. Having all data at your fingertips means you can rapidly search, pivot, and filter on any and all traffic of interest. Full-fidelity data enables quick answers to difficult questions—even if it happened weeks or months ago.

Riverbed full-fidelity telemetry

Riverbed offers a broad set of telemetry across multiple IT domains. Riverbed IQ currently supports network, infrastructure, and end user experience metrics from the following products:

  • Riverbed NetProfiler leverages full-fidelity network flow monitoring to proactively identify and quickly troubleshoot performance and security issues.
  • Riverbed AppResponse captures and stores all packets. It delivers all-in-one packet capture, application analysis, transactional details, and flow export on the same box.
  • Riverbed NetIM is a holistic solution for discovering, modeling, monitoring, and troubleshooting your IT infrastructure. It supports SNMP, streaming telemetry, WMI, CLI, and syslog.
  • Riverbed Aternity provides rich visibility into employee experience for your organization’s cloud, SaaS, thick client, and enterprise mobile apps.
The Alluvio Unified Observability portfolio consists of a broad range of full-fidelity telemetry, from DEM to NPM.
The Riverbed Unified Observability portfolio consists of a broad range of full-fidelity telemetry, from DEM to NPM.

The problem with sampled data

Sampling is the opposite of full fidelity. Metadata generated from sampled metrics can leave significant gaps in visibility and lead to blind spots that makes it difficult to detect performance and security issues. For example, some vendors only collect packet metrics based on KPIs. While this may be okay for many incidents, but not storing the actual packets means when you do need more details, it’s not available.

Another example is using sampled flow data. Sampling is typically employed to reduce the volume of flow records exported from each network device. While this practice allows you to deploy cheaper, lower spec’d telemetry solutions, it also effectively cuts corners on providing the complete view that IT needs for fully effective visibility and forensics. As such, Riverbed does not recommend sampling if you are using flow, and instead, encourages using raw flows whenever possible.

There are trade-offs when it comes to using sampled flow, especially for security or forensics analysis. Metadata generated from sampled flow leaves a big gap in visibility. If we consider a 10G link where the sampled flow data is generated by typical sampling 1 in 2000 packets, that means 99.95% of traffic is not being viewed or stored for future use. This also means we are only getting visibility into 0.05% of traffic flows; this might be fine for capacity planning but it’s not nearly sufficient for good visibility or observability.

Riverbed IQ leverages full-fidelity visibility

Riverbed IQ works best with full-fidelity telemetry. In fact, it can analyze more than 10 million data points per minute from supporting Riverbed telemetry. Because Riverbed telemetry captures everything and doesn’t sample, you’ll never miss a performance problem. The fact that Riverbed solutions provide deep and broad visibility, it’s perfect for providing baseline metrics for Riverbed’s new Riverbed IQ unified observability service.

 

Related Content

selected img