"The story of the blind men and an elephant originated in the Indian subcontinent from where it has widely diffused. It is a story of a group of blind men (or men in the dark) who touch an elephant to learn what it is like. Each one feels a different part, but only one part, such as the side or the tusk. They then compare notes and learn that they are in complete disagreement." (Source: Wikipedia)
This parable rings true beyond the animal kingdom. Like in IT, for example. When unified monitoring tools are not part of the mix, sysadmins can't see a full picture of their networks, systems and applications.
The advantages of a unified tool for full visibility could easily make a full switch worthwhile. TechTarget presents a typical use case: It's a wireless access point that seems to be acting up, but the problem is actually in the wired subnet to which it's connected. A technician could lose precious minutes logging into the WAP's web portal only to find that a completely different tool would've localized the problem sooner.
That use case didn't consider applications. Adding application performance management issues into the mix typically adds more tools into the diagnostic phase. Many more could be cited, but here are six pain points you can avoid when you've got unified monitoring tools in place:
1. Apps Stuck in a Network Traffic Jam
This is one of the most common challenges for any toolset that isn't unified. Separating application performance degradation from high network traffic. Is your CRM application the culprit or might it be a problem lower in the stack?
2. Inability to Identify Sources of SLA Threshold Failures
Managing SLA terms can have heavy fiscal impacts in some organizations. And when multiple tools are needed to isolate the cause of a service-level drop, the time to resolve may increase.
3. Inability to Prioritize Alerts
Using many tools can lead to a profusion of false positives. These are especially pernicious amid security threats, which should be placed above capacity management and routine. SANS points out in the context of intrusion detection: "When you consider all the different things that can go wrong to cause a false positive, it is not surprising that false positives are one of the largest problems facing [implementers]."
4. One-Off Project Deployment and Routine Monitoring Tasks
There's a temptation when using one set of tools to configure and test a new server cluster for deployment, and a different set for day-to-day monitoring. The result can be misleading alerts. Using a unified tool can gain visibility into both event families, potentially reducing noise and confusion.
5. Dissimilar Interfaces and Terminology Across Toolsets
This can interfere with expeditious problem resolution, even with trained personnel. When different managers use unique tools to solve different problems over time, your tools portfolio can get pretty overwhelming, and training budgets can become a luxury.
6. Difficulty Developing 'Crime Scene Maps'
This term is popular with Cisco's Denise Fishburn to characterize recurring problems that require tools to operate in tandem. Fishburn reminds IT teams that once a problem has been identified, "it's time to improve (document, prevent/prepare/repair)." Producing useful shareable scripts — manual or automated — makes your job harder.
No Panaceas, but Unified Monitoring Suites Can Truly Be Sweet
An often-quoted truism said by former U.S. Secretary of Defense Donald Rumsfeld in a 2002 press conference reprised a risk management concept that originated earlier in NASA circles: "There are known knowns; there are things we know we know. We also know there are known unknowns. But there are also unknown unknowns — the ones we don't know we don't know. It is the latter category that tends to be the difficult ones."
The underlying wisdom is generally thought to be sound and has appeared in some treatments of risk management, including those that consider the enterprise adoption of cloud services.
There's a strong case to be made for unified monitoring solutions that tie together your network, application and infrastructure. Still, no single tool or set of tools can provide a 100-percent complete, real-time picture of everything happening on a complex network.
What tools can achieve as part of a unified monitoring system, though, is a reduction in the amount of "blindness" and "known unknowns."