Securely Connected Everything S1-4: From Troubleshooting to Optimisation: True Beauty Lies in the ThousandEyes of the Beholder

Discover the cutting-edge world of network visibility and observability as host MVR sits down with Heath Russell, ThousandEyes' technical solution architect, in a session that will revolutionise your understanding of digital infrastructure.

As ThousandEyes joins forces with Cisco, we navigate the complexities of modern network monitoring and the indispensable role of active techniques in managing SaaS applications. Heath takes us from the inception of ThousandEyes at an academic level to its current status as a critical player in Cisco’s toolkit, offering a lens into the deployment of agents that ensure digital experiences remain seamless.

The conversation heats up as we unpack Cisco’s strategic acquisition of Splunk, a move that’s reshaping the tech giant’s approach towards a software-driven future and its quest for recurring revenue. This integration not only fortifies Cisco’s security landscape but also brings about a new era of enhanced network analytics. Heath sheds light on the synergy between ThousandEyes and Cisco’s broader security ambitions, and we get an exclusive peek at the AI-fueled predictive capabilities now in the testing phase with Meraki, poised to transform SD-WAN management.

Wrapping up, we venture into the expanding universe of network visibility tools, where Cisco’s acquisitions of SamKnows and Exceeding are setting new benchmarks for monitoring and device management. Heath walks us through the transformative impact these technologies have on mobility, IoT, and the next wave of 5G networks, ensuring that every byte of data contributes to an intelligent, AI-optimized network. For those hungry for more, the ThousandEyes blog awaits, brimming with insights on the backbone of our digital world. Join us for a journey through the nuances of network stability and the heroes dissecting each SaaS hiccup to keep our digital domains running smoothly.

Heath Russell: 0:00

With Thousand Eyes. You do a click and say I want to do a voice call from here to there. It does the voice call and then it shows you oh, between this hop and this hop. That’s very cool. It got changed for the quality of service, and I mean that alone. I was sold.

Michael van Rooyen: 0:13

In a world where every device is communicating, we’re no longer concerned only with connection, but protection. Welcome to Securely Connected Everything, your gateway to understanding the intertwined worlds of connectivity and security. We have a great conversation today, so stick around and we’ll jump right in MUSIC. Today we’re talking all about visibility and observability with Heath Russell, a technical solution architect for Thousand Eyes, part of Cisco. Welcome, Heath.

Heath Russell: 0:48

Oh, thank you Glad to be here.

Michael van Rooyen: 0:50

Yeah, great For those who are listening and don’t know about Thousand Eyes, it’s been around a little while. Are you able to give customers an overview of what Thousand Eyes is?

Heath Russell: 1:02

Yeah, so Thousand Eyes is pretty unique in the visibility space because what it’s been able to do is essentially help people control or help people understand networks that are beyond their own remit, right. So typically observability in the past was really it was a very passive thing. So you would take packet captures or you know NetFlow data and from networks you control and you would ingest the data and then look at it.

Heath Russell: 1:28

you know kind of post, but what Thousand Eyes has done is kind of done active monitoring and it’s essentially allowed us to look into the SaaS space and, you know, with the advent of SaaS everywhere, it’s definitely very topical.

Michael van Rooyen: 1:41

So Thousand Eyes you came across and it solves that problem from an end-to-end point of view of saying I’ve got now visibility and we’ll talk more and more about the full stack, but it really gives you that snapshot of helping troubleshoot, identify. You know where the root cause is.

Heath Russell: 1:56

You know a lot of our product guys say it. It’s like you know, typically in the past we’ve looked down, you know, at a forest with a microscope right and we’re looking at everything and very much needs a thousand eyes. It gives us that broad view where we can go. Oh, it’s that fault domain over there. Let’s go look at that Wow wow, wow.

Michael van Rooyen: 2:12

And for the listeners or people viewing the podcast is a thousand eyes. Maybe give a bit of the background, where it started, how it became about. You know what the objective was. They’re trying to solve and then lead to the SysCAC position.

Heath Russell: 2:27

So basically it was founded, I believe, in early 2010, 11, with two chaps called Mohit and Ricardo, and basically they did a kind of university view into basically how are we gonna be able to observe the internet, right? And then it was actually originally called RoutBuddy.

Michael van Rooyen: 2:49

RoutBuddy?

Heath Russell: 2:49

well, I don’t know that actually, basically, Mohit brought it up on the wall, the kind of last year, and said hey, you know, imagine if we were still called RoutBuddy, routbuddy.

Michael van Rooyen: 2:58

I didn’t know that actually.

Heath Russell: 3:00

And I think thousand eyes was, you know, definitely the much better name, definitely catchy.

Michael van Rooyen: 3:04

Yeah, yeah, and I guess that thousand eyes says it all. Right, you’re having a thousand eyes on the infrastructure network. That’s the concept. Right Is being able to sit from everywhere and on that, you know, how does thousand eyes enable business to gain bit of visibility across the digital experience?

Heath Russell: 3:22

Well, because we’re not passive monitoring. Well, you know, passive monitoring comes with its own kind of issues, right? So you know with the advent of SaaS. Basically, if we were doing passive monitoring, we’re observing the internet at large right.

Michael van Rooyen: 3:35

Mm-hmm.

Heath Russell: 3:36

And for us to observe the internet at large. You know, if we were doing packet capture, everything’s encrypted now and we need a private key and you know Office 365 is not gonna give us their private key yeah, definitely not.

Heath Russell: 3:47

So we can’t do that right and we can’t instantiate net flow across the whole internet, right, we just don’t have the ability or control to do so. Yes, so kind of like the last, you know Bastion is okay. Well, let’s do. You know, let’s get a robot to do the test right, synthetic testing to initiate that test, and then look at you know multiple layers of this.

Heath Russell: 4:07

You know show me the network path, show me the loss, latency and jitter at the same time, to give us that same kind of well, just detailed information that we can piece together and go okay, this is the view of how the user experience would be at a particular time.

Michael van Rooyen: 4:21

Right, right. And so if I’m a new customer or someone who hasn’t seen the product set, I can deploy it. You know, it does go to endpoints, does it go? Yeah?

Heath Russell: 4:33

good question. So essentially there’s kind of multiple ways you can do it. There’s what we call the endpoint agent, which is a little agent that you put on your laptop. It essentially looks at what we define as interesting websites. So interesting websites are defined by you know the customer. They say hey, every time I go to Office 365.com I want to know what the experience is for my user and we can track that through their browser as well as do running. You know tests we test their Wi-Fi and you know too, basically gather all that kind of looming information.

Heath Russell: 5:03

That’s kind of one facet of our product, the endpoint agent. Then we have what’s called the enterprise agent. The enterprise agent is, you know, as a little virtual machine which is basically just a little robot. That little robot runs tests, right, and we run tests against different kinds of networks. You know, we, even you know some of our really large customers like Microsoft and SAP. They’re running enterprise agents from their locations as well as what we call cloud agents, and cloud agents are enterprise agents that are hosted out on the cloud. And it basically says you know what, if I’m thinking from Microsoft’s perspective, I want to know what the user experience looks like in Mogadishu, right, we can literally have an agent fired up on the internet out there. We run that same test from that location and we know, hey, this is what the user experience looks like for that particular application right and we can see that.

Michael van Rooyen: 5:57

Oh wow, so I can really decide if I want to replicate, if I’m having a, I’ve got a global business or certainly people are working remotely. You know we want to prove that the networks are not the challenge so we can simulate those from anywhere effectively. You got this footprint that is globally spread. Spin up an instance or certainly just ask the test to happen and from what I’ve done and played, et cetera, you know you’ve got ability to run those tests as often as you want. You can obviously make them very complex. You can go the way through transactions.

Heath Russell: 6:28

you can really replicate it, even voice call simulation, I mean to be honest, that’s where I really came across the product, you know, in voice and paging and messaging. And one of the things that really blew me away was, you know, as a old UC guy, you know at heart, right, I came across trying to solve quality of service in networks. Right, it was a real, you know, I want to say pain point, because you’d have to take packet captures every layer, three node, and go, oh hey, I’m still here, I’m still here, I’m still here for the traverse and then eventually you would find a packet capture along the way and go oh, I’ve seen it’s been stripped.

Heath Russell: 7:04

Yes, with Thousand Eyes. You do a click and say I want to do a voice call from here to there. It does the voice call and then it shows you oh, between this hop and this hop. That’s very cool, it got changed quality of service, and I mean that alone. I was sold.

Michael van Rooyen: 7:19

So I guess when people listen to this they think, oh, you know, just another network monitoring management tool. I’ve already got 17 of these in my network, or you know, and I know you’ve touched on a bit, but maybe you could solidify a little bit further around the differences so people understand that this is just another network monitoring or management tool, right?

Heath Russell: 7:36

Yeah, I think what the big key difference right is that typical network monitoring is called network performance management, npm. What we do, it’s a kind of new category and it’s called DEM or digital experience management. And because we’re actively doing those synthetic tests, we really defined a new kind of market space and that’s what really set us apart and, to be honest, we have customers that are actually utilising other network tools beside ours when they wanna do, you know, granular packet level analysis on, you know, some kind of voice network or issue they may have. You know there’s still a use case out there for that kind of stuff. Where we really, you know, become a different or differentiator in the market is when you’re working with a SaaS platform right, because there’s no other way for you to get the data that we can get, and that’s the really thing that you know steps away.

Michael van Rooyen: 8:25

So you know the listeners out there, if you’re having an issue with a SaaS platform?

Heath Russell: 8:29

definitely, you know, have a look at our stuff, because you’re gonna be very impressed with the detail you can get right and the amount of times that I’ve worked with content delivery networks as well. Yes, yes, where you know you’re talking to a SaaS provider, you’re noticing some weird results and you’re working with a and you’re seeing hey, this website is not really performing right and there’s a problem with the content delivery network. Yes, it’s unbelievable, to be honest. You see it quite a lot.

Heath Russell: 8:55

Yeah, so having that visibility and that kind of different view on these SaaS platforms. Just remember, it’s just other people’s service, it’s just not yours.

Michael van Rooyen: 9:04

So with that, obviously, you’ve talked a lot about how network observability, visibility, digital experience is really evolved. You know, across SaaS and cloud and remote workers, where do you think, where do you see you know discussions, because I know that your role’s really you know, up and coming, what’s the future look like for the product? Well, you know, where do you see the future of observability and that intelligence heading?

Heath Russell: 9:31

Yeah, so certainly within 1000 hours we are heading towards what’s called network assurance. Okay, you know I can’t comment too much about where we’re heading, but the things that times are exciting.

Heath Russell: 9:42

And our founder, you know, normally what happens when, when someone Cisco comes and buys the business is that someone buys a very large yacht and then lives somewhere far away from internet. But our founder has been basically, you know, promoted within Cisco to the head of network assurance right for, and that involves not just, um, that’s nice right, that involves, you know, the net flow team and other parts of Cisco that are now under our business right. So, you know, watch this space. You know you’re gonna see some, um, you know, big announcements around uh, thousand eyes and the network assurance message coming forward and, um, us probably may be doing other types of visibility.

Michael van Rooyen: 10:22

So nice, nice. We should probably lead on to the uh, the more recent news around the acquisition of Splunk.

Michael van Rooyen: 10:31

Yeah, the 28 billion billion dollar license renewal Is. What does that mean? I know it’s early days, I think. I think Cisco has been interested in the Splunk for a long time. But do you see, and I appreciate you, you can’t comment in some areas, but Is that really to supplement? I mean, to me the acquisition makes a lot of sense from a security point of view, really putting in a lot of network analytics. You have this platform, uh uh uh, early indicators, or your thoughts, be that there’ll be good, tight integration with that, or that just be a supplement To the service?

Heath Russell: 11:02

Yeah, look, it’s. Um you know, I can certainly give my point of view, what I think and what two things that, um you know, Cisco is Very much pivoting to being a software company and I think, you know, they’ve definitely signaled with all the recent acquisitions that they’ve made around pivoting to a very much a software company. Yes, and recurring revenue Um, the market wants recurring revenue. Recurring revenues good for business, good partners.

Heath Russell: 11:28

You know it’s pretty much good for the customer as well, because they have the flexibility to Go up and down in there and what they need right. So I think that’s a really good for Good. Good for Cisco. It’s good for Splunk. Um, I think it’s going to make, uh, Cisco’s security story and observability story Much more compelling.

Michael van Rooyen: 11:49

Well, we, we tread a good point and I was going to ask you about this as well. So we’ve talked a lot about thousand eyes giving us True network end-to-end visibility right, which we’ve we should never had before. Um, you know, we we also think about it from a point of view of cyber. How can we use it to feed out our cyber soc and and same services that we offer customers? Are you seeing a bit of that? Or or over you got customers who drive it for that?

Heath Russell: 12:10

reason, definitely. And look where where. One thing that where I know working on is, uh, tightening the, the SASE story. So, yes, one thing that thousand eyes does really good is being able to measure.

Heath Russell: 12:23

You know, the internet and these sassy, you know, like umbrella. They all live on the internet, so we’re being able to see the path you know to to the sassy edge. Getting that information is obviously super important and getting the visibility beyond Um. You know, the sassy edge can be very challenging as well. Um, watch this space because I think there’s going to be some some exciting stuff coming In, you know, in the near future as as that integration gets tighter. I mean, we’ve already started, um, basically with the very latest version of the VPN client I forget the exact name, but any connects, any connects.

Michael van Rooyen: 12:57

So it’s a cure client. Whatever, it’s a cure client.

Heath Russell: 12:59

Exactly, it’s just changed. Just a cure client. Thank you, yeah, um, and you know we’ll see that get deeper. That’s already now got the thousand eyes endpoint agent built into our, to our right, you’re gonna see this get tighter and tighter as we move forward.

Michael van Rooyen: 13:10

Yeah, so if I was to have a bit of a whiteboard you know we have all these different ingests and points, thousand eyes, endpoint client, any connect which is a, a secure client, but really feeding into this analytics engine right. So, but being able to get that visibility not only just from a network, which is important plumbing’s, plumbing’s got to work Um, I would ever saying that, you know, if plumbing’s not working, people can’t hack. So Now we’re going to just bring that security data into it, which probably then leads on to, you know, the big topic of the year around AI, chat bots, etc. Etc. What, what, what’s happening? Are there any plans in that space around?

Heath Russell: 13:46

so we’ve already released the first phase of Cisco’s AI with thousand eyes. So basically we have what’s called predictive network. So essentially, what we do is we take several billion measurements of the internet every day within thousand eyes, right, and what’s really cool about that is we start to build a very kind of wide and varied and accurate picture of the state of the internet at any given time. Now, working with Cisco as research, um, what we’ve been able to do is essentially integrate that into what’s called predictive networks. Now, what that means is that you can, if you’ve got Cisco SD-WAN, you’ll be able to integrate that in and then it will help you choose what traffic at what time goes on what link to give you the best performance. And it essentially predicts poor performance of your Office 365 traffic and would say, instead of having this on BizInternet one, maybe move it to this other carrier on BizInternet two at this time as a prediction.

Heath Russell: 14:49

So that’s the first phase and there’s more that I can’t comment on, but definitely watch this space and again, that’s something gonna be strengthened with the sponsor.

Michael van Rooyen: 14:59

So that phase one you just spoke about is that available to customers now on the platform.

Heath Russell: 15:03

Yeah, so basically, if you’re running Viptela today and you’re a thousand-ice customer, you’ll be able to integrate that now. Okay, great.

Michael van Rooyen: 15:10

And I think there’s also been quite a bit of play. We’ve got quite a few customers, and the market have adopted Meraki over the last number of years for visibility, interestingly enough, as well as simplified SD-WAN et cetera. Can you talk a little bit about the integration you guys are doing with Meraki?

Heath Russell: 15:27

Absolutely so it’s available on Beta right now. So from version 18 on in the software so you can try this out today. Basically you’ve got to have I believe it’s SD-WAN plus to get some thousand-ice included as part of your kind of base service. Or you can essentially add it to your existing Meraki with using just the thousand-ice. And they’ve made it Meraki simple, right. You literally just go into the dashboard, go into the visibility part, where you would have insight. You go in there and click it and say I wanna deploy the agent to all my Meraki’s and then off it goes and deploys it and it’s pretty impressive. To be honest. I was for a version one. I was very impressed. So I’ve gone through the demo a couple of times and there are some limitations. The MX obviously doesn’t have a lot of horsepower to be able to run the full agent and all the things, but you can certainly grab a very decent level of information with that base agent.

Michael van Rooyen: 16:26

Yeah well, I guess it comes down to good architecture. So right sizing, footprints probably correct and of course we’ll continue to see improvements in that space with more power. But if I think about it just for a simplified Meraki customer, they were excited about seeing the first with a lot of visibility right At least bytes and usage and all that. And then, if you add this yeah, absolutely.

Michael van Rooyen: 16:48

Back on the AI component. You talk about a bit of phase one there. Is there a future with 1000Is where I can log into the dashboard and say, tell me about your heat’s experience today or tell me what’s going on with a particular user? Is that the vision? That is where we’re going.

Heath Russell: 17:04

Yeah, I mean again, watch out for the network assurance stuff because there’s a lot of announcements to be made and then, coming year-round, what that’s going to look like, and that’s definitely part of it.

Michael van Rooyen: 17:14

Is that because customers are demanding a bit of that? I mean, we see even consumer-grade products giving you great visibility. We see some of the competitors in your space not 1000Is but to Cisco particularly bring a lot of user experience reporting. Is that to really make that? Yeah, definitely.

Heath Russell: 17:28

And probably one of the key things that I think kind of brings people to Meraki is the visibility story right Having that insight data back.

Heath Russell: 17:36

You know, I’m talking a few years ago now when I first seen it and I was like this is really good, you know what I mean. It’s got a lot of data there and you were gathering information, but it was really pertinent to inside your WAN. And what we’re doing now is we’re going okay, we’ve given you that inside WAN stuff, let’s go beyond your WAN and seeing into the SAS provider to give you that end-to-end experience and that’s going to be a total game changer. And the customers that I’ve spoken to the quite large customers, mutual customers, by the way they’re very excited about getting that visibility into the cloud providers, for sure.

Michael van Rooyen: 18:08

Yeah, fantastic, fantastic. I think it’s great and again, much more a customer expectation to write. I mean, if we’ve all potentially those who haven’t even getting services from certain service providers being able to get a portal and actually know what’s going on, we kind of just continue to lift this game in, absolutely. Is there also some plans around mobility devices? We talked a lot about client for agents. What about people use iPads, for we got an airline that use iPads to do maintenance, or we all travel the phone and probably use that more than a laptop. Yes, to some extent, really cool.

Heath Russell: 18:46

So one of the latest acquisitions we’ve made from a thousand-usd perspective is a business called SamNose. Okay, samnose is really going to help us grow our footprint into the last mile, wow. So basically, samnose has been used by governments and kind of other large organisations to help pinpoint exactly getting into the home user space mobile phones and all that kind of stuff and there’s actually even an app. Now you can download SamNose app. You’ll be able to basically run a test and say, okay, what’s the experience like right now? And then basically gather that information now With with Sam knows there now I think it closed last week or the week before. So that’s that’s. They’ll be integrating into our platform. Nice, so what does that mean for the end user? Is that we’re gonna be able to have the thousand eyes agent embedded into you know, home routers, right, and very low footprint. We’re gonna be able to have a mobile agent that’s already been built and, you know, pulling all that information in. So, yeah, very cool.

Michael van Rooyen: 19:49

So I could, I could deploy, excuse me, set a Sam knows across my mobile fleet, whether be integrating MDM or or a Microsoft, from whatever the customer bed. At least I can then give my dashboard that user experience using a you know a Wi-Fi hotspot or connecting to the carrier. And I guess then, if you think about the security view for yet that data, we can also then sign and sign and force that well, you’re on a Wi-Fi hotspot that’s open. We probably, we want to probably, bump you off that. So it’s a some pretty some correlation gonna happen in that space, I mean at the moment, the test is initiated by the user.

Heath Russell: 20:21

So you know, they say I’m having a problem, so initiate the test, but I mean, that’s so handy If you’re traveling is super handy right. So, like someone’s having a problem, you can say, hey, do run, run this test, that’s a semi-share link and let’s see what’s going on and we can look at, we can run the problem together. Excellent with that third party. But you know what’s this space. There’s gonna be some interesting stuff there.

Michael van Rooyen: 20:39

And he’s well that will that extend into. There’s obviously a lot of drive into 5g, a lot of drive into IOT. We know that there’s still an explosion of devices joining the network Is, the idea being that that low footprint can end up in IOT devices can end up in really the 5g space To give us an enhanced capability.

Heath Russell: 20:55

Yeah, so that kind of goes into another acquisition that Cisco’s recently made around exceeding right. Exceeding is essentially really playing in that 5g space and what, where they sit is. They basically analyze that last mile from a carrier perspective and. The you know some. Something that we’re certainly exploring is bringing in that information into the thousand eyes platform and what that’s going to look like. Yes, I mean Again, I don’t think the deal is actually closed yet or it’s about to, but that would be something that we would be definitely looking to do right, right.

Michael van Rooyen: 21:28

So we’re really expanding where we are today from a Edge device point of view to cloud hosted running the synthetic tests, and they’re really pushing into every, every. Potentially every device could have some sort of participation in contributing to the statistics.

Heath Russell: 21:44

Absolutely and you know that that data set just gets richer and richer for the AI to be able to go. You know what’s the best way to send my traffic right. Yes, you know, is carry a better than carry a be? Or where does that all fit?

Michael van Rooyen: 21:54

Yes, yes. So I guess, as we wrap up the session, you know, are there any knowing that you’ve been a firefighter on the ground and dealt with that and have this nice I’ll call it easier life of of being able to press some buttons and get the statistics? Have you got any insights or wisdoms for any of anyone listening to share in relation to you know? Seamless and optimised digital experience.

Heath Russell: 22:18

Yeah, look, I mean there’s a. There’s a lot to it. You know, and I can certainly talk with authority from a SAS perspective. I’m actually running a lab at Cisco live, so come, come see my lab in December for those. And basically it’s going to be around optimising your network for SAS performance, right? So? And the key differentiator or Keith Keith thing to Understand about SAS applications is they’re designed to be internet first, let your SAS applications be on the internet because that’s where they want to be and that’s how they’re optimised for.

Heath Russell: 22:48

Second to that, dns plays a super important, key role in SAS experience. Right, if DNS is Misconfigured or configured in a legacy manner, you’re gonna have a lot of problems. Yes, so you know. Making sure pretty much any of those three acronym things that are the base services on your network. Yes, make sure that they’re optimised, because they have a huge impact on the performance of your network.

Michael van Rooyen: 23:13

Yeah, great, great. And for for any of those who are watching, watching or listening, who want to dive deeper into the world of visibility, observability, is there any? Obviously there’s a thousand eyes website need to do a search for Cisco. But is there anywhere else?

Heath Russell: 23:27

you, you would suggest people read look at and and go have looked to be honest, the the one resource that is totally, really just really good is our blog. So Go and have a look at our blog. Our blog is really rich. We’ve got a team of what’s called internet researchers and Essentially they go into depth about every SAS outage that happens. You’re gonna see a, you know a full play back of exactly what happens. You know what was changed at what time, what was the root cause, all those kind of things. And also they go into great depth around. You know differences in SAS architectures. You know the integrations that we’re doing with certain Cisco platforms, like into the web exports and those kind of things, so you get a really kind of detailed information and there’s a lot of even kind of old historic stuff in there that’s really interesting around, like Facebook outages, and you know really interesting stuff that you typically wouldn’t see or know about.

Heath Russell: 24:24

But yeah, we’ve got a lot of information because we’ve got those billions of measurements of the internet. We’ve got the information and we can see what’s going on.

Michael van Rooyen: 24:31

Alright, thanks for that heat. I appreciate you coming in today and having a chat. Great, great insights and, hopefully, people who are joining there. They’re all starting their journey towards a much better life. Invisibility and troubleshooting. We’ll look at those nice, no worries. Thanks, thank you, thank you you.

Subscribe to Securely Connected Everything

Other Podcasts

Season Four
Nichole Wynne, CEO and founder of Nicstar, joins us to share her remarkable journey from a small town in New South Wales to becoming a trailblazer in the ICT industry.
Season One
Embark on a critical journey into the heart of cybersecurity as MVR sits down with Michael Murphy from Fortinet to dissect the frontlines of operational technology and infrastructure protection.
Season Two
Unlock the secrets of SASE and transform your network security landscape as MVR sits down with Carl Windsor, Fortinet’s Senior Vice President of Product Technology and Solutions.