ExtraHop from the perspective of a Senior Solutions Engineer

ExtraHop LogoIf you were looking to buy a new car, its possible that you’d check out some of the reviews online before you made the purchase. With the consumerisation of IT a reality rather than a trend, the world of reviews is starting to take off in the world of enterprise tech.   If you look around the internet for unbiased product reviews you may already be familiar with  IT Central Station. One of our Senior Solutions Engineer’s recently provided a review of  ExtraHop that we wanted to share:

1. Name of the product and its vendor (including product version):

ExtraHop EDA and EXA version 5.1.3

2. On a scale of 1-10 (1=worst; 10=best), how would you rate this product?

10. ExtraHop is far ahead of anything comparable in the industry. As a matter of fact, there isn’t anything that really compares. It is a wire-data driven operational analytics platform that provides network flow and application transaction performance monitoring out of the box. That description really doesn’t do it justice, though.

3. For how long have you used this solution?

Almost 2 years as a customer and prospective customer, 4 months as a partner.

4. Which features of this product are most valuable to you? Why?

Autodiscovery and autoclassification of the entire data-center application environment allows ExtraHop to be functional within hours of providing the EDA with a data feed. There is no product I have seen that even comes close to the speed at which it becomes operational.

The administrative overhead to install and manage the tool is ridiculously low. It is completely agentless, passive, and requires zero configuration on any end device for it to work. The only engineering required is providing the data feed. The time administrators normally spend on system administration can be funnelled into customization instead.

The degree to which the tool can be customized is near limitless. Just about anything on the wire can be a metric or a transaction record. It is most broadly used for operational analytics, but has many use cases for security, clinical, and business analytics as well.

The big data back end is a game changer. Every single network flow and application transaction can produce records. The EXA is still in its initial version having only been released a few months ago, and is already very useful. There are numerous improvements already in the pipeline for the next releases that will make it an even better analytics tool.

5. Can you give an example of how this product has improved the way your organization functions?

Like most organizations, the one where I worked had no functional tier 2. This is because systems are so complex the vast majority of support required engineering resources. This also means that any performance ticket could wind up with just about any engineering group and often multiple groups would have to be engaged for troubleshooting. ExtraHop provides metrics and dashboards that allow IT staff to quickly triage issues and get them to the right group for remediation without having to play hot potato with multiple tickets. It makes the idea of building an effective tier 2 operations team a feasible one.

6. What areas of this product have room for improvement, or what changes would you like to see in the next version/release? Why?

The improvement that would make the most impact would be expanding on the new EXA big data back end. Currently the queries are limited to simple ones and visualization of the query results does not exist. That being said, it is still incredibly useful and unlike anything else out there. As one would expect, developers have been working on features since before the initial release and there will be many improvements in the near future.

The second criticism I have is the Activity Map. This tool allows one to see all device and protocol connectivity with a selected device or group of devices. It is a fantastic tool for defining client types and tiers in an application. My criticism is that the maps cannot currently be added to a dashboard. Logical application connectivity maps are very nice to have and I would always want one on an application dashboard, given the option.

7. Did you encounter any issues with deployment or stability or scalability? How so?

I have had no problems with stability. The appliances are scalable up to 40 Gbps and can scale horizontally as well through the use of a command appliance, so no issues there. Deployment is entirely dependent upon the data feeds. The difficulty in engineering those feeds varies widely depending upon the network architecture. My organization already had a Gigamon visibility fabric in place so, in our case, engineering the feeds properly was fairly simple – ‘done before lunch’ simple. The mid-sized appliance had a 10 Gbps limit, which was fine since traffic was generally under 6 Gbps. When datadomain replication or large NetBackup jobs ran, we could just filter that out on the Gigamon to prevent saturating the single link.

8. How would you rate the level of customer service and technical support?

Both customer service and support were outstanding when I was a customer. During our POC, they actually developed a new built-in metric based on our input which was in the wild before we had even completed the purchase. Support has always been responsive and knowledgeable.

9. Did you previously use a different solution, and/or evaluate any others, and, if so, why did you choose this product?

I was looking to reduce the large amount of time I was spending in deep capture analysis sessions to diagnose application issues. I had some OmniEngines in place to make that job easier – which is a great analyser, by the way – but capture analysis was still a long process of finding the needle in the stack of needles. I was looking for a tool that not only made the analysis easier, but empowered the application owners to do their own analysis. I did an extensive bake-off between ExtraHop and NetScout. The conclusion was that they were two very different products. It took a week of banging on NetScout to get it functional in the first place and, once it was up, I realised that it would be a useful tool for me, but would ensure that every issue would continue to come to me because I would be the only one who could leverage it. ExtraHop, on the other hand, was useable the afternoon I plugged it in and solving problems immediately. Not only that, but it was useable by all the IT silos. While engaged in troubleshooting activities I would provide reports generated from ExtraHop, which would usually result in someone asking where that amazing data was coming from. The conversation often resulted in my creating accounts for new users. It was clearly a tool that empowered others.

10. Was the initial setup straightforward or complex? In what ways?

The logical setup is extremely simple. There is also a large body of customization that is simple to deploy thanks to the community bundles that can be downloaded and installed. ExtraHop also has a process called a quickstart, which is a week-long engagement where an ExtraHop engineer executes or validates the install and builds a few dashboards to operationalize the most important applications. The process of defining and dashboarding applications can be a bit time consuming to get it just right, but that is normal for deep customization. The more dashboards there are to provide templates, the easier future ones become. Customization can be as complex as one wants to get – even to the point of bubbling up business analytics from the wire data.

The only engineering challenge is the data feed. As I mentioned, the organization where I worked had a Gigamon, which simplified things. A couple of SPAN ports on core data center switches usually gets the majority of the visibility. If there are challenges in getting east-west traffic to the data feed (server to server traffic on the same subnet and hypervisor, for instance) there are numerous approaches to getting those packets; it’s doable but sometimes a bit challenging depending on the architecture of the data center. That isn’t an issue with the platform, though, just a challenge in accessing wire data in general.

11. Did you implement through a vendor team or an in-house one, and what advice do you have about implementation?

I implemented myself, although the ExtraHop SE was extremely helpful and responsive throughout the POC process. I have since learned that I was an outlier and a grabby customer. I have witnessed several engagements since then and the SEs are always actively engaged in the process and build customization in before a purchase is even made. After purchase, they have a quick-start process which involves a solutions architect spending a week or two getting the appliance operationalized and building the first few pieces of application customization for the customer.

12. What is your ROI and what advice do you have about pricing/licensing?

ROI is tricky, because it depends on how well the tool is worked into the support workflow. In most cases, when used properly, it can reduce root cause from weeks to hours. Sometimes minutes. It can eliminate the majority of the “all-hands” trouble shooting sessions and war rooms by quickly isolating the real issues. It can also proactively identify issues and help prevent outages. In the organization where I worked (and in most others I have seen), there was not a central operations team that handled triaging so adoption was by individual silos. My day job was on the networking team, so I don’t know first-hand the extent to which it was adopted by each group. I do know that requests for packet capture analysis almost entirely dried up and I could spend much more of my time on that day job which, I am afraid, was the primary metric I was concerned with at the time.

13. Do you have any advice for people looking to implement this product, or any other comments?

The ExtraHop website has a demo environment that will walk someone through numerous scenarios. It is well put together, but can be a bit overwhelming without some context or experience. I recommend having a look, but then scheduling a demo with ExtraHop, or with a VAR like the one for which I work. All that being said, these are demo environments and what it the platform can do seems a bit unbelievable at times. As a customer, I know I wouldn’t have believed it without seeing it. The real proof is in the POC. If you can set up SPAN sessions on the core data center switches, ExtraHop would be delighted to send you an appliance and help to get it deployed so you can see for yourself.

14. Do you have any relevant screenshots &/or images we can post with your review? If so, please include them as well.

The demo environment makes screenshots moot.

15. Does your company have a business relationship with this vendor other than being a customer? If so, what is the relationship?

As I stated before, I was a customer or prospective customer for nearly two years. I was so impressed that, when offered the opportunity to work with the platform as a major part of my job description, I left my stable, well-paying job to go to work for a VAR who is an ExtraHop partner. Don’t take my word for it in any case. Do a POC.

Contact us – We’d love to help you

Teneo collects your personal data when you complete our online forms. We will use this information to provide an accurate response to your questions or requests and we will keep a record of your form completion in our CRM system. By submitting this form, you agree to us contacting you for the purpose of our response. For more information explaining how we use your personal data, please see our Privacy Policy.