Where to Deploy Agents in Enterprise Networks

Posted by on July 20, 2016

As you might have noticed, over the last few months we have slowly but steadily extended our range of Enterprise Agent deployment models. Since then we have been getting requests to provide guidance as to what is the best way to deploy Enterprise Agents. In today’s blog post we will explore the different deployment models and which one is best suited for your environment and also share our learnings from customer networks and common Enterprise Agent deployment.

What are Enterprise Agents?

Before we get into the trenches, let’s quickly recap what Enterprise Agents are. An Enterprise Agent, commonly placed with your enterprise, is software that probes your network at intervals to determine the health of your infrastructure and performance of critical applications. For example, Enterprise Agents located between your branch office and data center can help visualize your WAN network and monitor voice quality metrics between those points of your corporate network.

Enterprise Agents: Deployment Options

Enterprise networks are complex in terms of both architecture and the types of devices present. That is why our Enterprise Agents are available as different deployment methods to best suit your environment. Enterprise Agents available as virtual appliances on VMware ESXi and Oracle Virtual Box (in OVA format) are the most popular option for data centers and larger branch offices, as procuring a virtual machine or a server to run a virtual machine tends to be relatively easy.

Docker based deployment is favorable in a DevOps type of environment where Linux containers are popular and widely used. Docker is an operationally efficient deployment model if you have to maintain and manage a large number of agents in your network. If you are debating moving to a container environment, feel free to read about our own migration story to Docker.

There are also deployment options for Linux servers directly, as packages for CentOS, RHEL and Ubuntu. And in Windows environments you can use a Hyper-V appliance (in ZIP format) that installs directly on the hypervisor or on Windows Server.

These virtual and container-based deployment models are great if you have a favorable environment to host the agent. But, what if you are a remote office with limited or zero virtualization infrastructure and no specialized IT personnel. Visibility into your network should not suffer because of that. Our certified deployment option for Intel NUCs come handy in such situations. Enterprise Agents deployed on Intel NUC come with the same functionality and can now give visibility into your corporate network all the way from remote locations to your data center or performance into your billing or inventory systems.

At the beginning of July we announced our support for Cisco IOS XE Routers, translating into yet another deployment option for your enterprise network. Enterprise Agents can now be deployed as KVM-based containers on the Cisco 4000 Series ISR and ASR 1000 Series routers. Together, the ISR and ASR represent a vast majority of routers in enterprise branch offices and WAN headend locations. In circumstances where it is challenging to procure new hardware or server to host network monitoring applications, using existing routers to host third-party applications can be more cost and time effective. You now have the luxury to collocate network monitoring atop WAN services, doubling down on your existing hardware investments.

Where to Deploy Enterprise Agents in Your Network?

The adoption of SaaS and telecommuting has modified network architectures, increasing the dependency on the Internet. This makes monitoring your Internet Service Providers (ISPs) as critical as monitoring your internal WAN network. In this section of the blog post, we’ll explore some of the most common deployment models and best practices for monitoring your enterprise.

Figure-1
Figure 1: Modern Enterprise Network.

SaaS and ISP Monitoring

When your business relies on SaaS-based applications, dependency on your ISPs is high. Enterprise Agents located within the DMZ of your datacenter monitoring cloud applications like Salesforce or O365 can not only provide visibility into application level performance like page load times, server availability but also give insights into network level bottlenecks or BGP routing issues within your ISP. With the introduction of the reverse path visibility feature, you can also understand the impact of your ISP provider on the reverse path from Enterprise Agents located at the internet edge of your data center.

Enterprise Agents can also be located within your branch offices to monitor cloud-based applications. If your branch offices are backhauled through the data center, you can gain additional visibility into the WAN network along with ISP performance. For example, Cisco IT was able to detect a 100% packet loss on a corporate gateway that was affecting majority of Cisco locations by placing Enterprise Agents deeper into the corporate network.

WAN Monitoring

MPLS is still the most commonly deployed WAN infrastructure in corporate networks. Depending on the size and business needs, an organization can engage with a MPLS service provider to provision the circuits between their branch offices and data center or possibly maintain their own MPLS network on leased circuits. The latter is most commonly seen in network that require a high degree of data security and integrity, for example, financial institutions.

To get comprehensive visibility into your global MPLS network, deploying Enterprise Agents either at or before the Label Edge Routers (LER) will be the most beneficial as LERs define the entry and exit domain of a MPLS network. Agents can be deployed at branch offices, aggregation locations or data centers on a Cisco ISR 4000, Cisco ASR 1000 router or nearby VMs. When deployed in a full mesh capacity, Enterprise Agents can map out your entire WAN network providing insights into MPLS circuits. Agent-to-agent tests can also be instrumented to provide visibility into reverse network paths that can precisely and more accurately pinpoint where an issue lies.

Figure-2
Figure 2: Visualize MPLS tunnels along with network measurements like loss, latency and jitter.

Apart from measuring network performance and monitoring your WAN, ThousandEyes agents can also be used to validate and benchmark network upgrades with your WAN. By comparing performance of the WAN in terms of network latency, loss, page load times before and after an upgrade enterprises can asses the quality of the upgrade.

Troubleshooting VoIP

Voice is one of the most critical applications in a corporate network. However, the sensitive nature of the application makes troubleshooting harder. Enterprise Agents simulate voice calls to mimic the flow of real application traffic, thereby determining voice quality metrics like MOS score, PDV, jitter etc. Monitoring voice applications is unique in the sense that two Enterprise Agents are required on both ends of the monitoring path as voice packets run over a UDP transport that has no inbuilt reliability. Find out more on how to troubleshoot VoIP using ThousandEyes.

If you want to monitor voice quality within your network, then installing agents between branch offices, either as a virtual appliance or atop Cisco branch routers is an option. If you are a UC-as-a-Service provider, Enterprise Agents located between your customer locations and your data center can quickly help troubleshoot your service by correlating application performance.

What is Right For Me?

Deciding the right type of deployment model and choosing where to place an agent within your network depends on what problem you are trying to solve. For example, if you are interested in monitoring your SaaS application you can deploy an agent from your data center or branch office as a virtual machine or piggyback atop your Cisco router. But, if you are interested in monitoring how your remote location connectivity, then an agent on Intel NUC might be a more feasible option. One easy way to think about what to monitor is to think of the agent as the tiny person on Google Street View and visualize what would you like to see. Is it is the performance of your SaaS application? If yes, then target the SaaS application. If it is the performance of your MPLS links between your branch offices, then target the branch office from a data center or other branch office. It’s really that simple!

See for yourself how simple it is to deploy an agent by signing up for a free trial. If you are interested in learning more about common deployment models and best practices join us for our upcoming webinar on Enterprise Agent Deployment Best Practices.

Processing...