Skip to main content

A survival guide for battling network zombies this Halloween

Zombies are a staple of the horror film industry despite being absurdly ill-equipped to play the role of a predatory force unleashing Armageddon on the human race.

They're embarrassingly slow and brainless, for starters. They have terrible personal hygiene, can't operate machinery of any kind, they can't drive and they even don't know how to use a computer or a smartphone. As if that wasn't bad enough, no one has properly explained why some people they kill become zombies and others are completely gobbled up.

Network zombies, on the other hand, are an all too real menace for the modern-day IT administrator. They are smarter than the average zombie, impossible to predict because they appear randomly without warning and dangerous because they cause downtime and lost productivity. Without the right approach, they are nearly impossible to locate and kill.

Network zombies are real

The process required to detect and eliminate network zombies is far more challenging than the swift headshot that eradicates their human counterparts. Network zombies are much harder to track down and kill because they often appear, wreak havoc and disappear. There's no trail of abandoned vehicles and half-eaten bodies to follow.

The only trace evidence is captured in event logs that are often buried in large volumes of hard to connect data. The root cause can be hidden almost anywhere because most business applications are complex entities that interact with multiple resources, such as databases, web servers, directory services and the network itself. That complexity forces the administrator through a slow, labour-intensive investigative process that can delay other daily tasks and projects.

Without a clear view of the zombie, the system administrator is forced to review event logs from every part of the application environment, analysing long lists of events in multiple logs item by item to find an outstanding event, error condition, or combination of conditions that correlate to the timeframe in which users began to complain. The process can take many hours, if not weeks.

Hunting for zombies doesn't have to be hard – using the tools you have

The greatest challenge in hunting zombies is where to begin. Is the zombie in an application, database or web server? Or is it a network issue? Without a valid starting point, there is no way to select the right diagnostic path and conduct an efficient hunt.

Effective Application Performance Monitoring (APM) can overcome this impasse by linking all application dependencies. Most organisations have a tool already in place to do this, but it is often underused or even overlooked as a tool for battling zombies. If used well, targeted, real-time monitoring puts administrators on the right diagnostic path, while clear graphic displays make it easy to follow that path to find the zombies causing the problems.

The APM uses application profiles to locate and identify zombies. Application profiles define how an application is monitored and what actions should be taken when an application or one of its components fails. The most useful APMs also define complex relationships and dependencies – from simple n-tier applications to large server farms to complete IT services.

In a SQL server farm, an application profile can be created to monitor each SQL server instance for zombies. Individual profiles can then be embedded into a higher-level profile to monitor the entire SQL server farm. Once the server farm profile is created, it can be embedded into an even higher-level profile that encompasses the entire service it is part of, such as CRM.

Replicating this process for each IT service component creates a comprehensive service profile to hunt and trap network zombies. The profile ensures the administrator can view the status of the entire service or drill down to any component within that service, to a specific instance or component of an application.

The resulting comprehensive service monitoring profile is the foundation for fast, accurate zombie eradication. Completing a service profile generally takes less than two hours but after that small investment in time, the process of hunting zombies can be collapsed from hours, days and weeks of time into a straightforward process that takes just minutes. If you multiply this by the number of zombie complaints an administrator receives, the amount of time saved could be considerable.

Expanding APM capabilities to the network can also help an administrator to identify the root cause of a network zombie attack easily.

Greater protection against the zombie menace

Once zombies have been caught, system administrators can use an APM to create multi-step action zombie traps to address future invasions more quickly. Traps can include event logging, real-time alerts and PowerShell self-healing scripts such as reboot and service restart. Setting zombie trap policies can be assigned at the service, application and component level. Dependency-aware application profiles enable coordinated multi-tier zombie traps to ensure optimal performance of complex applications and IT services.

An APM tool can streamline the process of hunting and trapping zombies, whether they reside in a device or in the network itself, from many hours of exhausting work into a few highly-productive minutes.

Now there's a weapon people confronted with shuffling zombies in a horror film might wish they had at their disposal.

Austin O'Malley is chief product officer at Ipswitch.