Alluvio IQ’s approach to unified observability begins with the full-fidelity telemetry our market-leading NPM and DEM products provide. It applies artificial intelligence and machine learning (AI/ML) on this cross-domain data and correlates incidents across the data to identify business-impacting performance problems. Alluvio IQ then leverages automated workflow intelligence to gather additional evidence, build context, and set incident priorities. By reaching back into the Alluvio full-fidelity telemetry, IQ can fill in the supporting details—like affected clients, impacted devices, network round trip time, and more—to provide relevant perspectives to the Impact Summary.
This blog will dig into the importance of using full-fidelity telemetry with the Alluvio IQ unified observability service. But first, let’s define what Riverbed means by “full-fidelity.”
What is full-fidelity telemetry?
Full-fidelity data means you see and preserve every session in detail. It’s the capture and retention of every flow, every packet, every application transaction, and all user experience metrics so you see every incident. Having all data at your fingertips means you can rapidly search, pivot, and filter on any and all traffic of interest. Full-fidelity data enables quick answers to difficult questions—even if it happened weeks or months ago.
Alluvio full-fidelity telemetry
Riverbed offers a broad set of telemetry across multiple IT domains. Alluvio IQ currently supports network, infrastructure, and end user experience metrics from the following products:
- Alluvio NetProfiler leverages full-fidelity network flow monitoring to proactively identify and quickly troubleshoot performance and security issues.
- Alluvio AppResponse captures and stores all packets. It delivers all-in-one packet capture, application analysis, transactional details, and flow export on the same box.
- Alluvio NetIM is a holistic solution for discovering, modeling, monitoring, and troubleshooting your IT infrastructure. It supports SNMP, streaming telemetry, WMI, CLI, and syslog.
- Alluvio Aternity provides rich visibility into employee experience for your organization’s cloud, SaaS, thick client, and enterprise mobile apps.
The problem with sampled data
Sampling is the opposite of full fidelity. Metadata generated from sampled metrics can leave significant gaps in visibility and lead to blind spots that makes it difficult to detect performance and security issues. For example, some vendors only collect packet metrics based on KPIs. While this may be okay for many incidents, but not storing the actual packets means when you do need more details, it’s not available.
Another example is using sampled flow data. Sampling is typically employed to reduce the volume of flow records exported from each network device. While this practice allows you to deploy cheaper, lower spec’d telemetry solutions, it also effectively cuts corners on providing the complete view that IT needs for fully effective visibility and forensics. As such, Riverbed does not recommend sampling if you are using flow, and instead, encourages using raw flows whenever possible.
There are trade-offs when it comes to using sampled flow, especially for security or forensics analysis. Metadata generated from sampled flow leaves a big gap in visibility. If we consider a 10G link where the sampled flow data is generated by typical sampling 1 in 2000 packets, that means 99.95% of traffic is not being viewed or stored for future use. This also means we are only getting visibility into 0.05% of traffic flows; this might be fine for capacity planning but it’s not nearly sufficient for good visibility or observability.
Alluvio IQ leverages full-fidelity visibility
Alluvio IQ works best with full-fidelity telemetry. In fact, it can analyze more than 10 million data points per minute from supporting Alluvio telemetry. Because Alluvio telemetry captures everything and doesn’t sample, you’ll never miss a performance problem. The fact that Alluvio solutions provide deep and broad visibility, it’s perfect for providing baseline metrics for Riverbed’s new Alluvio IQ unified observability service.