System Overview

Riverbed IQ Ops comprises multiple components that apply artificial intelligence (AI Artificial Intelligence. Technology that applies intelligence and automation to observe environments, detect anomalous behavior, and execute automated investigations.) and automation Automated procedures that are executed as the result of a trigger. Automations consist of a single entry point and a sequence of connected nodes that define the processing logic. technologies to:

• Observe and model a customer environment

• Detect anomalous behavior

• Correlate related anomalies An unexpected event or measurement that does not match the expected model., reducing noise by grouping the multiple facets of a common event

• Surface these detections (and all associated context) as incidents A collection of one or more related triggers. Relationships that cause triggers to be combined into incidents include application, location, operating system, or a trigger by itself.

• Execute an automated investigation to assess business impact and streamline remediation workflows to ensure a high level of user experience.

This system diagram shows Riverbed IQ Ops components relative to the underlying entities and data sources that reside in the customer environment:

Customer Environment

Entities Things deployed in the customer environment that are needed to run the business are Entities Things deployed in the customer environment that are needed to run the business, such as applications, devices, interfaces, and locations.. Examples:

• Devices An entity type representing network devices or hardware components deployed in the customer environment that are monitored for performance and anomalies., desktops, laptops

• Applications An entity type representing software applications deployed in the customer environment that are monitored for performance and anomalies.

• Servers, networking equipment, Locations An entity type representing physical or logical locations in the customer environment where entities are deployed and monitored.

• Cloud

Data Sources One or more monitoring/observability tools that watch over the Entities in the customer environment are Data Sources A product in your network that forwards data to the system. This data can be streaming data used to detect anomalies and generate incidents, or data that can be fetched on demand when runbooks are executed.. Examples:

• Riverbed AppResponse

• Riverbed NetProfiler

• Riverbed NetIM

• other third party tools

Riverbed IQ Ops

Data Collection Riverbed IQ Ops can interact with a multitude of data sources, with native support for Riverbed’s NPM portfolio and its full fidelity data (i.e. Riverbed AppResponse, Riverbed NetProfiler, Riverbed NetIM), and integration-capabilities for other third party tools.

• Edge gateway is a component of Riverbed IQ Ops that resides at the edge of the customer environment and provides two-way communication between data sources residing in the customer environment and the Riverbed IQ Ops software-as-a-service components in the cloud.

Data Analysis & Visualization Riverbed IQ Ops employs a pipeline of components to process information streamed in from data sources to intelligently detect issues, execute automations, and, ultimately, surface actionable insights that assess impact(s) and expedite remediation:.

• Ingest & Analytics

  • observes and models the data arriving from data sources (key measurements) in the customer environment

  • analyzes the key measurements A measurement or data point that is monitored and analyzed to detect anomalies and generate incidents. arriving from Data Sources in the customer environment for anomalous behavior (i.e., a key measurement value that does not match the model, generates an Indicator An observed change in a specific metric stream that is recognized as being outside of an expected model. Indicators are correlated into triggers, and one or more triggers are grouped into incidents. that represents the Anomaly An unexpected event or measurement that does not match the expected model. in the system

• Correlation

  • Correlates related Anomalies into a single Detection One or more indicators that are correlated and may act as a trigger for incident creation or runbook execution. (in order to reduce noise by grouping the multiple facets of a common event)

  • Detection may contain one or more Indicators

• Incidents

  • Surface Detections as a report (Incident) that contains all information gathered over the course of processing through the pipeline and the associated Runbook An automated workflow that executes a series of steps or tasks in response to a triggered event, such as the detection of anomalous behavior generating an incident, a lifecycle event, or a manually executed runbook. Automation Automated procedures that are executed as the result of a trigger. Automations consist of a single entry point and a sequence of connected nodes that define the processing logic..

• Automation (LogIQ Engine)

  • Executes the automated investigation (Runbook) associated with this event, and attaches the resulting analysis to the Incident report (e.g. assessed business impact, supporting data/context, …).

• Miscellaneous Components related to administration and configuration of Riverbed IQ Ops

  • User Management

  • Configuration