NetScaler 10 introduces a lot of cool features. Today we look at ActionAnalytics.

I got my first real taste of BigData when doing complex network models in grad school. In one particular project, we were modeling road traffic and calculating how pollution impacted the environment. The system would generate data at each step of the way and then reuse that data for computing the next step having taken in new inputs along the way. The feedback loop was interesting and changed the way our models not only reflected data, but the lessons we took away from it.

Good times.

ActionAnalytics reminds me a lot of those experiences because the core of the idea is the same. How do you take real-time data being kicked off by the system and reuse it back in decision making?

In the case of ActionAnalytics, the real-time data are the internal streams of AppFlow that go through the system and belt out a volume of detailed connection and application data. Normally, that data goes out to a third party analytics engine, but with ActionAnalytics, we can grab a copy for ourselves and use it for maintaining an active state on what is happening in the system. For example, ActionAnalytics can maintain a list of Top 50 URLs being accessed in the system so only some kinds of operations can be done on those objects but not others, etc.

For administrators, ActionAnalytics is a way of parsing through the volume of data that streams out of AppFlow without having to wait for post-processing of the data. By making that rich vein of data immediately actionable, administrators are able to make quick work of establishing rules that work based on the real-time state of the system instead of having to wait for an administrator to enable them when the time is right.

The data that is generated from ActionAnalytics becomes usable in two places: the NetScaler policy engine and the NetScaler built-in management tool. The policy engine use is especially interesting as it lets the results of the analysis be circled back and reused in the policy making process. This can become an especially powerful way to selectively act on traffic based on real-time conditions such as load. The management tool takes the data from ActionAnalytics and quickly tracks common graphs by IP addresses, subnets, URLs, domains, amongst other things. The administrator is then able to effectively pivot off of key values and see how the perspective changes based on specific views. For example, if a single subnet seems to be generating a large amount of traffic, a quick pivot off the subnet lets you see what URLs are being accessed so an overaggressive bot vs. a DDoS attack can be differentiated.

ActionAnalytics is a Game Changer

There are a lot of examples of network infrastructure that kick out an abundant amount of data which has in turn created a rich ecosystem of tools that can analyze this data. It’s all great and powerful, but at the end of the day the value of that data is directly proportional to whether or not you can act on it. When you have to wait for post-processing to know what to do next, you’ve already missed the opportunity to make a difference.

ActionAnalytics changes the rules of what we should expect from the data that comes out of our network infrastructure. The new rule is simple: we should be able to see something happen and immediately make an impact on how we process traffic. That could mean something as simple as logging an activity or something as complex as conditional rewriting and rerouting of traffic. Whatever it is, the key is that the action happens immediately.

Next time you’re looking at a problem and wishing that you could just capture that one event when something happened, think about ActionAnalytics and ask yourself how it could be helping you… Right Now.