Frequently Asked Questions
General
-
What is the release schedule? How frequently will Riverbed IQ deliver new capabilities?
-
Which Riverbed Network Performance Monitoring (NPM) products are supported with Riverbed IQ?
Data Ocean
-
What data is available to Riverbed IQ for automated investigation?
-
Is it possible to customize the data processed by Riverbed IQ?
Automation and Runbooks
Security
General
What is Riverbed IQ?
-
Riverbed's new AIOps software as a service (SaaS) is named Riverbed IQ, and it provides unified observability with a data analytics pipeline and a full suite of automation capabilities that enable it to surface critical issues and automate an investigation.
-
Additionally, Riverbed offers a suite of observability products in our portfolio (AppResponse, Aternity, NetProfiler, NetIM, and Portal) - and now, with the arrival of Riverbed IQ, Riverbed provides an overarching AIOps SaaS to bring it all together.
What is the release schedule? How frequently will Riverbed IQ deliver new capabilities?
-
Riverbed IQ is a software as a service (SaaS) solution.
-
As a SaaS solution, Riverbed IQ can grow/evolve quickly, and releases updates on a regular basis in order to facilitate rapid expansion of capabilities.
Which Riverbed Network Performance Monitoring (NPM) products are supported with Riverbed IQ?
-
The supported data source types (and recommended versions) are:
Riverbed IQ supports the three most recent data source release versions.Data Source Type
Minimum Version Required
Recommended Version
NetIM
2.6.1
2.7 and above
NetProfiler1
10.24.2
10.25 and above
AppResponse2
11.12
n/a
Aternity
n/a
n/a
NetProfiler will dictate requirement(s) for any subtending AppResponse.
These version requirements apply to AppResponse connecting directly to IQ.
-
There are no hardware requirements for Riverbed data sources, just the software version.
-
Customers will also need to install Riverbed Edge in their enterprise environment to interconnect on-premise data sources with the Riverbed IQ SaaS platform.
Does Riverbed IQ support third-party integration?
-
Riverbed IQ SaaS provides a generic HTTP-based framework to support two variations of third-party integrations:
-
Riverbed IQ Webhooks enable third-party tools/systems to execute Riverbed IQ runbook automations on Riverbed IQ by calling a Riverbed IQ API.
-
Riverbed IQ runbook HTTP Request nodes enable Riverbed IQ to interact with third-party tools/systems (via third-party API) while executing an automated investigation.
-
-
This generic HTTP-based approach provides a great deal of flexibility and allows customers to not be locked in to specific integrations.
-
Riverbed Professional Services can use the APIs to build additional integrations as needed.
Does Riverbed IQ learn from the customer environment?
-
Yes, Riverbed IQ learns from the customer environment in multiple ways:
-
Key Measurements — These are metrics that stream into Riverbed IQ from connected data sources that provide full-fidelity observability into the performance of the entities in the customer environment. In this way, Riverbed IQ learns of the various entities in the customer environment.
-
Analytics Pipeline — The Riverbed IQ analytics pipeline applies machine learning (ML) algorithms to model the behavior of key measurements in order to continuously learn what is normal for the customer environment, and evolves as the behavior changes to surface unexpected anomalies. In this way, Riverbed IQ learns the behavior/patterns of the various entities in the customer environment.
-
Runbook Automations — Automation capabilities enable Riverbed IQ to gather additional data over the course of an automated investigation and build a full 360-degree view of the environment for the time the event occurred. In this way, Riverbed IQ is able to reconstruct the environment at the time of the event, and apply logic to surface actionable insights based on that information.
-
Additionally, Riverbed IQ runbooks can be customized to incorporate organizational knowledge and thereby tune automated investigations to the customer environment.
-
-
Data Ocean
What are the implications of moving the data from our large on-premise data sources to Riverbed IQ SaaS?
-
Riverbed IQ has access to a wide array of data served up by the Data Ocean. The Data Ocean comprises all data sources connected to Riverbed IQ, including Riverbed Network Performance Monitoring (NPM) products, and any integrated third-party tooling/infrastructure.
-
The vast majority of the data available to Riverbed IQ in the Data Ocean is retained in the constituent data sources (i.e., it is not moved to SaaS).
-
Only a small subset of the data available in the Data Ocean is moved to SaaS, which amounts to negligible traffic volume:
-
Key Measurements — These are the subset of high-value metrics that are streamed from Riverbed Network Performance Monitoring (NPM) data sources to Riverbed IQ SaaS. Key measurement data is compressed and encrypted, and amounts to a negligible volume of traffic that is streamed to the SaaS.
-
Automation/Queries — Riverbed IQ automation is able to tap in to all data sources connected to Riverbed IQ in the course of an automated investigation, including Riverbed Network Performance Monitoring (NPM) products, and any integrated third-party tooling/infrastructure. Riverbed IQ automation has the ability to target retrieval of specific additional supporting data/context from a data source to help execute an investigation (i.e., additional metrics, properties, attributes, other integrated third-party information/capabilities, …). Again, this also amounts to a negligible volume of traffic as it encompasses a very targeted subset of available data.
-
What data is streamed from available Riverbed Network Performance Monitoring (NPM) products into the Riverbed IQ Analytics Pipeline?
-
Riverbed IQ has access to a wide array of data served by the Data Ocean. The Data Ocean comprises all data sources connected to Riverbed IQ, including Riverbed Network Performance Monitoring (NPM) products, and any integrated third-party tooling/infrastructure.
-
Riverbed Network Performance Monitoring (NPM) products are currently the only data sources that stream a preconfigured subset of high-value metrics that are leading-indicators of critical issues (i.e. key measurements) into the Riverbed IQ analytics pipeline for processing.
-
The following table summarizes the key measurements that can be streamed from the various Riverbed Network Performance Monitoring (NPM) products:
Alluvio Analytics Pipeline - Quick ReferenceData Source Type
Entity
Key Measurement
(Streamed Metric)NetProfiler
Application / Client Location
User Response Time1
MoS
Interface
In Utilization
Out Utilization
AppResponse
Application / Client Location
User Response Time1
Throughput2
% Retrans Packets
% Failed Connections
NetIM
Device
Device Status
Device Uptime
Interface
Interface Status
In Packet Error Rate
Out Packet Error Rate
In Packet Drops Rate
Out Packet Drops Rate
In Utilization
Out Utilization
Aternity
Application / Client Location3
Activity Network Time
Page Load Network Time
Notes:
1 - [Metric: User Response Time] is:
-
an approximation of AppResponse [user-response-time] because NetProfiler does not yet account for [connection_setup_time] - while AppResponse does, i.e.
AppResponse User Response Time calculation: [user-response-time]
= ([connection_setup_time] / [connection_setup_time_n])
+ ([request_network_time] / [request_network_n])
+ ([response_network_time] / [response_network_n])
+ ([server_delay] / [server_delay_n])
NetProfiler User Response Time calculation: [user-response-time]
+ ([request_network_time] / [request_network_n])
+ ([response_network_time] / [response_network_n])
+ ([server_delay] / [server_delay_n])
-
only processed for “named” applications (e.g. excludes: ICMP, SNMP, TCP_Unknown, UDP_Unknown)
2 - [Metric: Throughput]: only monitored for VoIP-related applications: {VOIP, SIP, RTP}.
3 - [Client Location]: Aternity City/Country/State.
-
What data is available to Riverbed IQ for automated investigation?
-
Riverbed IQ has access to a wide array of data served by the Data Ocean. The Data Ocean comprises all data sources connected to Riverbed IQ, including Riverbed Network Performance Monitoring (NPM) products, and any integrated third-party tooling/infrastructure.
-
Riverbed Network Performance Monitoring (NPM) products are currently the only data sources that stream a preconfigured subset of high-value metrics that are leading-indicators of critical issues (i.e., key measurements) into the Riverbed IQ analytics pipeline for processing.
-
Riverbed IQ automation is able to tap in to all data sources connected to Riverbed IQ in the course of an automated investigation, including Riverbed Network Performance Monitoring (NPM) products, and any integrated third-party tooling/infrastructure. This is a vast array of information that provides Riverbed IQ the ability to gather additional supporting data/context to help progress an investigation (i.e. additional metrics, properties, attributes, other integrated third-party information/capabilities, …)
Is it possible to customize the data processed by Riverbed IQ?
-
Riverbed IQ has access to a wide array of data served by the Data Ocean. The Data Ocean comprises all data sources connected to Riverbed IQ, including Riverbed Network Performance Monitoring (NPM) products, and any integrated third-party tooling/infrastructure. Some of this data is preconfigured, and some can be customized.
-
Riverbed Network Performance Monitoring (NPM) products are currently the only data sources that stream a preconfigured subset of high-value metrics that are leading-indicators of critical issues (i.e., key measurements) into the Riverbed IQ analytics pipeline for processing. Key measurements are preconfigured and cannot be customized.
-
Riverbed IQ automation is able to tap in to all data sources connected to Riverbed IQ in the course of an automated investigation, including Riverbed Network Performance Monitoring (NPM) products, and any integrated third-party tooling/infrastructure. Riverbed IQ automation has the ability to target retrieval of specific additional supporting data/context from a data source to help execute an investigation (i.e., additional metrics, properties, attributes, other integrated third-party information/capabilities, …). This data can be customized to varying degrees:
-
Riverbed Network Performance Monitoring (NPM) products can be queried by Riverbed IQ automation for various combinations/permutations of the data the NPM products collect. The desired combinations/permutations of data needed by an automation is configured in the associated runbook Data Query node. In this way, the NPM data needed for an automated investigation can be customized to need.
-
Third-party tooling/infrastructure can be integrated into Riverbed IQ automation (via a provided third-party API) by configuring the desired API call[s] using runbook Integrations HTTP Request node ( or an available subflow, and any other nodes needed to accomplish the desired objective). In this way, a variety of third-party tooling/infrastructure can be leveraged to customize an automated investigation.
-
Automation and Runbooks
How many runbooks are included, and can customers create their own?
-
Since its inception, Riverbed IQ has vastly expanded the automation capabilities provided by runbooks to now include:
-
Incident Runbooks — Runbooks that are executed automatically when a new incident is generated.
-
Incident Lifecycle Runbooks — Runbooks that are executed automatically whenever an incident event occurs (i.e., incident events include: Impact Analysis Ready, Status Changed, Indicators Added, Ongoing State Changed, Note Added, …)
-
Webhook Runbooks — Runbooks that are executed automatically when a Riverbed IQ webhook is called.
-
On-Demand Runbooks — Runbooks that can be executed on-demand (outside the context of an incident or a webhook).
-
Subflows — These enable “containerization” of complex workflows or customized integrations into a single new runbook processing node which provides value when reused in other runbooks. This simplifies the runbook creation process and reduces the amount of touchpoints necessary when editing.
-
-
For certain categories of runbook, Riverbed provides an out-of-the-box generic implementation to help provide benefit from day one:
-
Incident Runbooks — Riverbed packages an out-of-the-box generic implementation for all possible triggering incidents:
-
Interface Incident
-
Device Down Incident
-
Multi-Device Down Incident
-
Application Location Incident
-
-
Incident Lifecycle Runbooks — No out-of-the-box runbook provided.
-
Webhook Runbooks — No out-of-the-box runbook provided.
-
On-Demand Runbooks — No out-of-the-box runbook provided.
-
Subflows — Riverbed packages a set of common reusable workflows.
-
-
Customers can easily duplicate runbooks, export/import them, edit, and even easily create new runbooks. Customers can also purchase professional services to assist in building runbooks.
-
Customers can create multiple runbooks of all types.
-
The expectation is that a customer already has their own processes/procedures for performing the work done by the out-of-the-box runbooks, and that they will customize those out-of-the-box runbooks to automate those processes/procedures.
-
NOTE: For automatically-executed runbooks, only one runbook instance can be configured as the active association to execute when a triggering event occurs (e.g., there may be many runbooks created to perform automated investigations of application-triggered incidents, but only one can be configured as the active executable at any time the associated trigger occurs).
-
-
-
Riverbed IQ does not limit the number of runbooks on a system.
-
NOTE: While the number of runbooks on a system is not limited, the number of runbook executions is directly related to the licensing to which a customer is entitled (i.e., a customer may build out a large runbook library at no extra charge, but the customer will be limited in the number of runbooks they can execute in a given period of time). Runbook execution entitlement usage will include those incident runbooks automatically executed on creation of new incidents, those incident lifecycle runbooks automatically executed on lifecycle events, those webhook runbooks executed in response to an external API call, those on-demand runbooks that are executed as needed, etc..
-
What skills are needed to build a runbook?
-
Runbooks are built using a graphical user-interface to construct a graphical workflow. The Runbook Editor provides a GUI that:
-
Presents a list of available runbook nodes in the palette (there are a variety of node types available to perform various functions, e.g., query network sensors, perform logic tests to make processing decisions, render collected data into a desired visualization, …).
-
Supports drag/drop of runbook nodes from the palette to the canvas, or, alternatively, runbook nodes can be added using the plus-sign icon on a runbook node already present on the canvas.
-
Allows each runbook node to be configured for purpose (e.g., query a network sensor for specific information in a certain time-period).
-
Allows runbook nodes to be interconnected into logical investigative paths that collect data, apply logic, and format output to expedite problem resolution.
-
-
The goal of the runbook is to allow an experienced troubleshooter to build the scripted workflow that they would normally go through to troubleshoot an issue, so that a less experienced resource can view the output of the incident report.
-
The available runbook nodes cover the spectrum from simpler no-code/low-code nodes to the more complex nodes (e.g., HTTP Request node used for third-party integrations). Troubleshooters experienced in gathering debug information from network sensors should easily be able to codify workflows using available no-code/low-code nodes. Troubleshooters experienced in gathering debug information via APIs should be able to codify workflows that integrate third-party tooling/infrastructure using more complex nodes.
-
Security
Does Riverbed IQ allow a user to self-service a password reset?
-
Riverbed IQ never stores customer user passwords; it relies on the authentication mechanisms outlined below:
-
Option A: Azure Business-to-Business (B2B) — When your organization supports Azure B2B collaboration (e.g., enrolled in Office 365), authentication is handled solely by your Azure Active Directory (AD) and its policies/capabilities.
-
Option B: Microsoft Account — When your organization does not support Azure B2B collaboration, a Personal Microsoft Account needs to be linked to Riverbed IQ. In this case, password reset is provided through the Microsoft User Portal for the account.
-
Option C: One-time Passcode Fallback — Suppose none of the preceding options is chosen. In that case, Riverbed will Email a one-time passcode to the Email address configured for the user account whenever it tries to authenticate against Riverbed IQ.
-
What security standards does your SaaS meet?
-
Riverbed IQ holds the following security-related certifications and attestations:
-
ISO/IEC 27001 — Certification of Riverbed’s information security management controls for areas such as data security and business continuity.
-
SOC 2 Type II — Assessment of Riverbed's internal controls and systems related to security, availability, processing integrity, confidentiality, and privacy of data.
-
-
Detailed copies of this material may be viewed or requested by visiting the Riverbed website, The Trust Center at https://www.riverbed.com/trust-center/.
-
In general, direct security questions to the Riverbed IQ SME team and product management.
What protocol is used for communication to the Edge device and from the Edge to the SaaS? Is it TLS 1.3? Secure Restful API? Other?
-
Riverbed IQ Edge communication employs a variety of communications channels depending on those entities with which it interconnects. The various channels can use different technologies/protocols. The specific protocols in use are described in Firewall Rules.