there is a security outbreak, a misbehaving application or network segment, they see the change in behavior probably before a user will experience a service issue," he added.

"Without having eyes on that kind of information, you really don't know how your network is," Duke said. "It gives you the overall health of your network, all around traffic patterns, what's normal and what's not."

If the engineer in charge of a server complains it's not performing well, Duke said he logs into the probe nearest the problem server, checks out the network traffic, and examines several days or weeks of data for abnormalities. Within 5 minutes, Duke said, he can tell whether the network, the application, a desktop computer or some other factor caused the slowdown.

Cancel that Server

Mark Small, NAI's senior vice president of government, health and education, said quick diagnosis can eliminate unnecessary expenses, citing the recent experience of one government organization that implemented nPO Visualizer and quickly learned they could cancel an order for new servers.

"One application out of the 40 they were running was using 80 percent of the CPUs of a cluster system," he said, and the enterprise needed only to fix the application, not increase capacity.

In Indiana, faster diagnosis means less downtime for end-users. The campus-area network is completely redundant, so technical problems can't put it entirely out of business, Duke said, though that doesn't solve all problems.

"An agency might not have redundant connections to us," he said. "If they lose connectivity, their whole agency's affected."

Using network monitoring and management technology to solve network problems in an hour and a half rather than three days provides a benefit "that's definitely quantifiable to the productivity of the agency," he said.

The ability to monitor network use over time also helps DoIT plan for growth. "If [traffic] goes up 1 percent every month, I can say in 6 months it's going to be at 10 percent," said Duke. He can then build or upgrade accordingly.

The new tools provide upper management with historical reports that show as much or as little detail as each individual needs. They also e-mail a set of weekly reports to state agencies that use DoIT's network services. The reports show agencies how well DoIT lives up to its service commitments. Duke also allows agency network engineers to access probes connected to their infrastructure.

Probes at the Edge

The ITN and DoIT are trying to work more closely to share information, Duke said, because of the interface between the WAN and DoIT's network. ITN also installed Sniffer probes on the WAN, he said, which is important because data passes constantly between the two networks. DoIT would also like to place probes at the network's edge, where individual agencies' LANs connect to the wider infrastructure, but that will take time.

"We haven't developed a way to put 800 probes out at these different edges and report on those," he said.

DoIT hasn't calculated how much time and money it saved with the new technology, but the savings are clearly there.

"We spent probably half a million dollars on our network and about $300,000 initially on the network management solution," Duke said. "We have probably solved 30 problems with the Sniffers [this year] that could have taken 5 hours apiece, but maybe we only spent 30 minutes on each problem."

Now, network managers are evaluating another NAI product, InfiniStream Security Forensics, which captures and saves up to 2.3 TB of network traffic, allowing engineers to play back and analyze network events, such as activities of a user they suspect of introducing a virus. DoIT is also evaluating NAI's IntruShield intrusion detection solution, Duke said.

DoIT's network management solution has proven more useful than Duke and his team originally expected. "Unless you have protocol analysis and online reporting, you really don't know what you're missing," he said. "You could be managing all your network devices, but without actually looking at the traffic, you're not really managing your network."

Contributing Writer Merrill Douglas is a freelance writer based in upstate New York. She specializes in applications of information technology. E-mail

Merrill Douglas  |  Contributing Writer