System Overview

Riverbed IQ comprises multiple components that apply artificial intelligence (AI) and automation technologies to:

  • Observe and model a customer environment

  • Detect anomalous behavior

  • Correlate related anomalies, reducing noise by grouping the multiple facets of a common event

  • Surface these detections (and all associated context) as incidents

  • Execute an automated investigation to assess business impact and streamline remediation workflows to ensure a high level of user experience.

This system diagram shows Riverbed IQ components relative to the underlying entities and data sources that reside in the customer environment:

System Diagram

Customer Environment

Entities Things deployed in the customer environment that are needed to run the business, e.g.,

  • Devices, desktops, laptops

  • Applications

  • Servers, networking equipment, locations

  • Cloud

Data Sources One or more monitoring/observability tools that watch over the entities in the customer environment, e.g.,

  • Riverbed AppResponse

  • Riverbed NetProfiler

  • Riverbed NetIM

  • other third party tools

Riverbed IQ

Data Collection Riverbed IQ can interact with a multitude of data sources, with native support for Riverbed’s NPM portfolio and its full fidelity data (i.e. Riverbed AppResponse, Riverbed NetProfiler, Riverbed NetIM), and integration-capabilities for other third party tools.

  • Edge gateway is a component of Riverbed IQ that resides at the edge of the customer environment and provides two-way communication between data sources residing in the customer environment and the Riverbed IQ software-as-a-service components in the cloud. Riverbed employs a shared responsibility model for Riverbed Edge that comprises a Riverbed-supplied Edge ISO image or cloud-init file that is deployed on top of a customer-supplied and managed virtual machine (VM).

Data Analysis & Visualization Riverbed IQ employs a pipeline of components to process information streamed in from data sources to intelligently detect issues, execute automations, and, ultimately, surface actionable insights that assess impact(s) and expedite remediation:.

  • Ingest & Analytics

    • observes and models the data arriving from data sources (key measurements) in the customer environment

    • analyzes the key measurements arriving from data sources in the customer environment for anomalous behavior (i.e., a key measurement value that does not match the model, generates an indicator that represents the anomaly in the system

  • Correlation

    • Correlates related anomalies into a single detection (in order to reduce noise by grouping the multiple facets of a common event)

    • Detection may contain one or more indicators

  • Incidents

    • Surface detections as a report (incident) that contains all information gathered over the course of processing through the pipeline and the associated Runbook automation.

  • Automation (LogIQ Engine)

    • Executes the automated investigation (Runbook) associated with this event, and attaches the resulting analysis to the Incident report (e.g. assessed business impact, supporting data/context, …).

  • Miscellaneous Components related to administration and configuration of Riverbed IQ

    • User Management

    • Configuration