Sergey Nivens - Fotolia

ExtraHop 5.0 bolsters IT operations analytics

The latest iteration of ExtraHop's IT operations analytics platform makes search easier and adds historical data.

ExtraHop Networks upgraded its network performance monitoring and IT operations analytics platform, introducing a new appliance that the firm said will provide users with more granular knowledge about the packets flowing across their networks.

ExtraHop 5.0, available now, is based on two appliances: the firm's existing EH series packet capture devices, now called Discover; and the new Explore. Discover provides real-time wire data analytics of all data -- transactional, application, infrastructure and business -- traversing across a network. Explore gives customers an historical view of that data. And where previous iterations of ExtraHop's appliances presented users with only the top-level analysis of packets, ExtraHop 5.0 goes beyond that by storing not just the metadata, but all the details of the individual components that comprise each transaction.

As a result, according to Shamus McGillicuddy, analyst for Enterprise Management Associates Inc., in Boulder, Colo., ExtraHop 5.0 gives IT operations analytics teams -- those charged with gathering data to improve their IT operations -- "deeper insight into the data they're able to collect." Companies can also diagnose performance issues more accurately by tapping into stored data. "By using the structured data [the ExtraHop appliances compiles], a company can go back and perform forensic analysis from the intelligence gleaned from the packets," McGillicuddy said. "Where [ExtraHop] specialized in real-time analysis, this gives [users] the ability to perform forensics analytics, as well. This is going to give their core IT users a lot of value."

New appliance aimed at troubleshooting

One potential customer, John Vaux, enterprise infrastructure architect at Phoenix Children's Hospital, said he believes ExtraHop 5.0 "will be very powerful from a troubleshooting perspective." The hospital currently uses ExtraHop to diagnose network performance. The new appliance, with an intuitive user interface and bolstered search capabilities, "will make it much easier to find what you're looking for," he said.

"It was a little difficult to correlate information [with the older version], but the new version takes that barrier away," Vaux said. "The metadata analysis lets us see what's going on in the network. Now, we'll be able to get a better idea of how applications are performing."

Companies are increasingly looking for ways to extract the value of the data traveling through their networks as a means to improve their own operations. But it's difficult to comb through that information to obtain a clear idea of network performance because of the different types of data -- network, security, Web applications, Internet of Things -- that must be analyzed. "There is a massive amount of data coming from many different sources," said Chris Blessignton, ExtraHop's senior director of marketing. "We believe our ability to inject each of these different tiers of data and types of data, and then bring it together into a searchable and analyzable way" will benefit customers.

Integration with big data tools, IT operations analytics engines

To that end, ExtraHop 5.0 offers a more comprehensive set of search tools, based on the ElasticSearch application, which permits users to gather data from any source. Analyses, Blessington said, can be performed across dozens of data types and the results meshed with big data analytics tools, such as Tableau and Qlik, for further consideration by non-IT business units.

In addition, the new appliance offers an API for REST, adds Apache's Kafka message broker to ExtraHop's Open Data Stream database transmission framework and brings the number of protocols it supports to more than 50 -- including Telnet, DHCP and Microsoft Message Queue. Layer 2 tunneling enables monitoring and analysis of virtual machine-to-virtual machine traffic, including virtual Layer 2 segments such as software-defined networking and private cloud.

The Explore appliance can be deployed virtually or physically, with the virtual version prices beginning at $10,000 per network node. The physical appliance has 22 TB of storage capacity, and ExtraHop has three different Discover appliances, rated at 10 Gbps, 20 Gbps or 40 Gbps.

Next Steps

Bringing big data analytics to IT

Harnessing packet capture in your operation

The future of predictive analytics

Dig Deeper on Network management and monitoring

Unified Communications
Mobile Computing
Data Center