How to Use Big Data to Transform IT OperationsJesse Rothstein, CEO, ExtraHopDoug McMartin, Director of Product Development Standards, McKesson

Introduction

Doug McMartinDirector of Product Development Standards

Jesse RothsteinCEO

Data Gravity

Signal-to-Noise

Motion of Data

Agenda

• The next-generation IT Big Data approach• Moving toward real-time observational

data• Key considerations for IT Big Data• IT Big Data use cases• Q&A

A Tool-Centric Approach = IT Silos

NetworkAdministrators

Virtualization Team

Database Administrators

VDIAdministrators

Application Owners

Business Analysts

Storage Administrators

Security Operations

A Tool-Centric Approach = IT Silos

NetworkAdministrators

Virtualization Team

Database Administrators

VDIAdministrators

Application Owners

Business Analysts

Storage Administrators

Security OperationsBig Data

for IT

Data-Driven Ops: “See with Data”

BUSINESS & OPERATIONS ANALYTICS

OPTIMIZATION & CONTINUOUS IMPROVEMENT

PROACTIVE MONITORING & REMEDIATION

PERVASIVE SECURITY MONITORING & COMPLIANCE

Tapping New Sources of Visibility

Driven byBig Data

Technology

Machine Data

Wire Data

Wire Data

All communicationon the network from packets to payload

1000 x biggerthan machine data

Definitivesource of truth

Data youalready have

Wire Data: Real-Time Observational Analysis

A small sample of what wire data contains…

All L2-L7 communication on the network

From Unstructured PacketsTo Structured Wire Data

Extracting real-time insight from all

communication and data streams

Business DataProduct ID

Customer ID

Shopping Cart ID

Cart Items

Cart Values

Discounts

Order ID

Abandoned?

Application DataPOST Content

AJAX Data

Section

Sub-Section

Page Title

Session Cookie

Proxied IP Address

Error Message

Availability DataHTTP status codes

Application errors

Connection resets

Heartbeats

SSL certificate validity

Synthetic pingers

SNMP traps

Authentication errors

Capacity DataThroughput

Transactions

Dropped packetsApplication stallsApplication slowdowns

Geolocation/IP mapping

Storage Access (reads/writes)

SSL Offload

Security DataCommand and ControlShadow IT (SaaS, cloud)Network traversalUnauthorized outbound connections & protocolsStorage/DB accessBlacklisted traffic

Brute force attacks

Surreptitious tunneling

Performance MetricsCaching Behavior

Compression Behavior

Base HTML Load Time

Round Trip Time

Client Request Time

Server Reply Time

Server Send Time

Total Time Taken

Self Reporting + Observation = Insight• Self-reported data

(machine data)– “What are your symptoms?”– “When did this start?”– “Does this hurt?”

• Observational data (wire data)– MRI– Blood tests– Heart rate, pupil dilation,

appearance, etc.

IT Operations Analytics SurveyExtraHop and TechValidate partnered to survey 88 respondents from 65 organizations that use the ExtraHop platform.• 65% of respondents are combining data sources for ITOA now, or plan to do so

within one year• 54% of respondents are currently integrating wire data and machine data in

some manner• 67% of respondents saw ITOA capabilities as important for IT security

Key Considerations for IT Big Data

Moving data around can be expensive

Data Gravity

Pull out more of the signal, filter out more of the noise

Signal-to-Noise

Understand when real-time access to data is

important

Motion of Data

Data Gravity

more expensive

DATA

Signal-to-Noise Ratio

Signal

• Garbage in; garbage out• Examples of data

sources with poor quality– Threat detection– Verbose logging

• Time is required to separate signal from noise

Motion of DataData at Rest (Batch processing)Example: MapReduce in Hadoop

Data in Motion (Stream processing) Example: Apache Spark, ExtraHop

DB

DB

DBData mart

user

report

query

source

source

source

Batch 1Batch 2

user

SOLUTION

CHALLENGE

McKesson Managed ServicesBACKGROUND

“ ExtraHop enables us to solve incredibly complex problems in a

matter of hours. Extrapolated across our business, we’re saving

at least $400,000 annually in terms of time spent troubleshooting.”

─ Scott Checkoway, Director of Application Hosting

• Citrix application launch times dropped 75% (40 to 12 sec)• Staff optimization: from 2.6 to 1 engineer for every 4

hospitals - $260,000 savings in first year• Reduced MSFT SQL licenses - $200,000 savings annually• Understand the impact of application updates

• Complex: Hospitals’ and McKesson’s IT environments• Equip IT generalists; lessen reliance on specialists• High coordination costs, slow troubleshooting processes• Operational costs increased while user satisfaction

decreased

• Hosted healthcare applications for hospitals• 7x24x365 mission critical operations• Rapidly growing customer base• Stringent and costly performance-based SLAs

Citrix Environments Are Complex!• Is there latency between the user and web server?• Slow Active Directory server?• Network issues in the Citrix cluster?• Contention in the SAN?

See across Citrix, web, database, storage, LDAP, DNS, etc.

Visibility on the WireCorrelate activity across all tiers with wire data

Monitor SLAs in real time.

Drill into critical KPIs (launch, load times, etc.) per user.

Visibility Into Citrix Application Delivery

McKesson improved Citrix application launch times by

75% with ExtraHop.

McKesson avoided more than $260,000 in staffing costs in its first year with ExtraHop.

Understand the Impact of Application Updates

• Improved user experience

• Fewer surprises for IT Ops

• Faster feedback for app teams

BENEFITDrill down to see how SQL queries are performing.

Compare performance across versions and across time periods.

Identify Active/Inactive Databases

Saved $200,000 annually in reduced database license costs.

BENEFIT

See all database transactions.

Show all activity by every database and degree of usage.

Operations Analytics: Real-Time Patient Tracking

Observe admittance, discharge, and transfers (ADTs) in real time.

Who and how many are being admitted right now? Do we need to adjust staff?

Track admissions by location and gender.

Why are so many males being admitted in Kent? Is it an epidemic?

• Optimize processes and staffing for improved patient quality.

• Identify potential epidemics.

BENEFIT

Questions?

Explore the Power of Real-Time Operational

Intelligence

www.extrahop.com/demo