Machine learning is a modern wonder, but as with any new technology, opinions differ as to what the future holds. Some label it a fad, while others see limitless applications.
We are firmly in the optimistic camp. Machine learning, even as it continues to develop, is already widely understood, and open-source libraries and cloud computing engines make the technology accessible to every software engineer. Most important, machine learning solutions are finding their way into enterprise networks. We already see machine learning applied to problems such as network management, enterprise security and IoT.
As various enterprise networking vendors and startups incorporate machine learning, they are adopting very similar architectures, reinforcing a change in the way we view the network.
Machine learning engines nearly always live in the cloud, for a number of reasons. First, they have significant computing and storage requirements, and clouds are the best place for these. Then, data sets can be expanded by aggregating across customers: If an event has occurred at one site and a similar situation is seen at another, it is easier to predict what will ensue. And cloud services enable frequent updates, allowing DevOps adjustments as these techniques continue to evolve.
Although the engine is cloud-resident, data is sourced from the enterprise network: Some solutions use span ports to gather user data, while others tap into the WLAN control plane or APIs from other network functions such as DHCP, firewalls, network management stations and authentication servers. Most use a combination. These solutions require an appliance be placed on site, collecting data locally then compressing and encrypting it for transmission to the cloud.
Once data reaches the cloud, it can be processed. This normally requires some domain knowledge. For example, experts prime a model by identifying when various parameters are outside normal or safe thresholds. For a Wi-Fi connection, they might flag excessive errors or retries, a low signal level or link speed, or, for security purposes, a user uploading files to an address in a distant country. These events are logged, then fed into an engine that identifies patterns and clusters, drawing conclusions such as: 37 percent of users in this building have been seeing unacceptable performance since 3 p.m. Friday.
Machine learning systems identify the root cause of a problem
Identifying significant trends from masses of data is useful in itself, but these systems go a step further and seek to diagnose root causes. Sometimes a problem can be linked to a particular event, such as a configuration change or a software upgrade on a family of clients. Or the engine can compare similar situations, on the same site or elsewhere, and recommend changes that should improve performance. The remedy for the "37 percent of users" above might be: "increase (this) AP’s transmit power to 13 dBm."
Suggesting remedies is helpful, and often that is as much as an enterprise wishes for. But it is relatively simple to have the machine learning engine automatically implement the recommended changes, perhaps by modifying the WLAN configuration or blacklisting a user. This requires activating APIs to the customer’s network equipment.
The general architecture—mirroring data from on-site equipment, compressing and encrypting it for transmission to the cloud, processing for anomalies, identifying top-level issues and their causes, and implementing corrections in the network—can be used for many different solutions. We already see a few.
Network management has always tried to extract headlines from a mass of noisy events. Historically, this was achieved by thresholds, graphs and simple statistical techniques. Machine learning offers more powerful insights because it identifies shifting patterns in huge data sets across multiple dimensions and sites.
There are opportunities to approach enterprise security from a new direction. Rather than relying on gatekeepers, such as firewalls and user authentication, machine learning engines will watch internal user traffic packet by packet to establish patterns and, more important, changes in user behavior. This monitoring can detect data breaches from compromised user accounts or disgruntled employees, which might not otherwise be caught for many months.
And as the Internet of Things grows, machine learning can assist network engineers by identifying, classifying and monitoring headless devices that may be attached to the network by others. This provides alerts for compromised or infected devices on the network, and it restores some visibility and control to the IT organization.
These machine learning solutions demonstrate a change of emphasis in enterprise network architecture. Existing network elements sense events and traffic flows, but now report them via APIs to cloud-resident services—which then determine actions and instruct the network elements via APIs to enforce these actions. The intelligence and services functions of the network are separated from connectivity and traffic forwarding—this may be seen as a pragmatic implementation of the software-defined networks (SDN) architecture.
http://www.networkworld.com
