Network management may be a moving target, but that makes it a challenge to be relished, not avoided. So says Douglas Smith, president and co-founder of Network Instruments, the company behind the Observer line of expert analysis software.

"There's a couple of really interesting challenges, one is the ability to handle bigger, faster, more dispersed networks," he says. "Wireless networking is becoming part of the landscape too - it's no longer anything special.

"The other thing is we're seeing lots of interest in VoIP, so there's a whole new group of people who want our product. Network managers never had to run the phone system in the past, but now they do.

"As people implement VoIP it's going to take a lot of bandwidth and it needs management. People tend to hide problems by adding bandwidth, but VoIP is going to expose those problems in a big way. You can't just add bandwidth, you have to traffic-shape."

Observer entered double figures this month with the release of version 10, while 2004 also sees the tenth birthday of Network Instruments itself. Smith says its relative longevity should not be a surprise to anyone who understands the need for network analysis.

The new essentials
"These tools aren't new and earth-shattering - they're an absolute requirement for any network of size, like a carpenter needs a saw and a hammer," he declares. And he adds that while they are relatively expensive, that is changing.

"I'm shocked at what users pay for some management apps, but there's a certain cost of doing things like this," he says. "Competition makes a difference, and in our space prices have come down, but areas such as application analysis are still new and expensive.

"Still, the average analyser price two years ago was £8,000 on the street, Sniffer was around £13,000. What we're seeing is the likes of us, Fluke and WildPackets have gravitated towards a price of £2,500 to £3,000 for equivalent products, and now Sniffer is coming down too."

His advice for network managers is simple: budget for it before you build up the network, not afterwards, and make sure you plan for plenty of probes, because you'll always end up needing more than you think.

Planning ahead
"The more points of visibility you have, the easier your job will be. Part of the process of making a network large is money to manage it, and it's much harder to get that afterwards," he explains.

Smith says that Observer 10 encapsulates many of the changes he sees underway in networking. For example, it adds probes capable of doing their own expert analysis at remote locations, plus features to make it easier to analyse VLANs and mixed wired/wireless networks.

"We've always had remote probes in the past, the problem is the speed of the WAN hasn't kept up with the LAN," Smith says. "It's especially problematic with Gigabit because we have to process the entire packet. If you capture a Gigabit network for even a few minutes it generates an immense amount of data, and moving that over a WAN for analysis is simply unreasonable. So we moved the expert processing and decoding into the probe.

"Another big thing is that lots of people use VLANs for security and access control, or to separate voice and data. A unique feature of Observer is the ability to see VLANs in aggregate so you can compare them, without the grunt-work that it needed before. And historically we had to start and stop the capture process, then analyse. Now we can analyse in real-time."

On the wireless side, he acknowledges that the medium of radio means that the network has very different characteristics and needs its own probe or data collection system, but argues that it must still be treated as just a part of the whole.

Hybrid networks
"Don't look at wireless analysis as a separate tool, you need an analyser to look at all aspects of the network," he says. "Some information is available from the packet headers to any analyser, but you also need the ability to look inside the payload, and then we've added features such as rogue access point detection and signal/noise ratios as standard."

Looking forward, he predicts that SNMP will become a bigger part of managers' lives as the number of devices on the network continues to grow. He notes that Observer 10 supports SNMP v3 security, but warns that this is harder to work with too, thanks to the extra complexity it brings.

"We're looking at 10Gig too - it's inevitable," he adds. "Plus there's this idea of application analysis - people really want to see the result, for example the Exchange server's transaction rate, but that's the hardest stuff we do because the information is often hidden. You can only get it while the server is functioning, and aggregating it across multiple sites is a real challenge."