How SysTrack Works

Introduction

The desire to mine IT metadata for meaningful insights, while at the same time having immediate access to actionable information without having to know where and for what to look, is a paradox facing anyone looking to truly understand the intricacies of a multifaceted infrastructure. In a sense this is the classic dilemma that has plagued both data analysts and IT administrators from the very beginning of enterprise computing, as it's exceptionally difficult to strike a balance between simultaneously providing an extensible data collection framework, processing and managing complex datasets, and proactively taking actions without impacting end user productivity.

This is the problem that Lakeside Software set out to solve with SysTrack. After nearly two decades of recording directly at the source of end user interaction, SysTrack has evolved into an ideal data actionable analytics platform, providing complete insight into any environment by exposing all facets of technology which impact and control end user experience.

The Desktop Agent Dilemma

One of the most maligned pieces of software on the enterprise desktop is the client side agent. There's a perception of a heavy-handed, user experience crushing application that hogs resources and drives cascading performance problems. Often times this is driven by experience with high overhead applications like some anti-virus components, file scanning software, or alternative data collection engines. Much of this notoriety has to do with the high-risk approach taken by some architectures, including un-user experience friendly runtime injection of drivers, kernel mode components, or wasteful file system operations. Some espouse that alternative solutions to client-side agents are remote data collection or only instrumenting after the fact to try and collect representative data by replicating issues, both approaches that fundamentally do not work. Any non-point of interaction collection for end user activities on a workstation or application host lacks the granularity, depth, and breadth to understand the context and surrounding activity around issues or risks that users may experience. At Lakeside Software, one of our core charters was to be people-centric in our design, but since SysTrack itself requires an agent – how have we solved this issue?

Lakeside Software was founded in a computing era a little different from today's landscape. Originally targeting shared terminal services environments with limited computational abilities, the original iterations of the SysTrack agent had to treat every system resource (memory, disk, compute) as an extreme luxury and present as small a footprint as was technologically possible. We accomplished this through creative use of extensible, self-pruning, demand driven data collection, leveraging a patented distributed database approach to information management.

Figure 1: An example SysTrack architectural layout

Similarly, because of the higher density of users in those environments, kernel mode components or low-level interactions presented too much of a potential for problems, meaning that SysTrack works entirely in user mode. The net result of this initial resource optimization is our industry leading data collection agent, a tool that can run continuously on any end user system without impacting user experience. Table 1 (below) contains some directly measured resource utilization metrics to compare to the benchmarked values in the SysTrack Resource Footprint document. These are actual selfreported values from the agent in real, active usage scenarios, representing a breadth of different use cases and configurations.

CPU

Memory

IOPS

Network

SysTrack Agent Services

0.11% (750 MIPS)

35.6 MB

1

140 KB/day

Table 1: Directly Measured Agent Resource Utilization

A Question of Data

The most commonly asked questions about the agent always relate back to what, exactly, is being collected. This can be a little bit complicated because the answer depends on what the administrator wants from the agent. The platform ships with a core set of default computational counters and proprietary continuously calculated values that are shared commonly, but SysTrack features an entire role based collection configuration ability that allows the collection of nearly any feasible entity. This includes components such as performance objects, WMI values, registry keys, event log entries, and more. SysTrack ships with a host of standard configurations for everything from physical workstation management to SQL server monitoring.

With all of this data comes an element of difficulty: How can one compare metrics across a large number of disparate platforms? This is an issue for any data collection system, and one the majority of tools solve in generally wasteful ways. For unstructured data frequently the suggested solution is to centralize every item that gets collected and throw tremendous compute and storage at it to attempt expensive analysis from a repository. This represents net investment in infrastructure simply to process the data to enable discovery; an approach like this requires a number of processing nodes that scales linearly with the scope of collection, a potential management nightmare for large-scale enterprises.

The architectural philosophy behind SysTrack, in contrast, is to take advantage of the underutilized end-point to performance client-side normalization and detailed data storage. This patented amalgamated database approach allows the point of collection to use a small amount of its resources to prevent the need for central processing and make cross platform comparison simple. The result: A collection platform that scale to millions of systems with a simple, easy to manage hierarchical architecture and a minimal number of supporting servers.

What about Privacy?

What does the agent not collect? The SysTrack agent does not collect sensitive information like the contents of files or emails, keystrokes, and personal information about users. In fact, anything that might be considered protected intellectual property or sensitive user information is avoided to protect the privacy of end users. Many other metadata classes, like user names or web site visitation tracking, can also be disabled or tuned for countries or companies with stricter requirements on what data collection is acceptable. Essentially this represents a deeper level of flexibility in our customizable data collection engine.

How Can a Desktop Agent Help Me?

The core function of the SysTrack agent is to feed the Lakeside Software DataMine™ engine with rich, representative metrics from systems in the enterprise. This means that all of the extensible data collection can be made available for use as needed. More importantly, though, there are a number of SysTrack tools built on top of the DataMine to provide guidance and give immediate insight into what's most important to avoid the need for custom development or lengthy data analysis. There are a few white papers, like

End User Computing Success, SysTrack for Pre- and Post-VDI Deployments, and SysTrack Server Management for Citrix XenApp that cover some management use cases and highlight some of the tools in the SysTrack portfolio. Simply put, the agent allows for the use of Lakeside developed tools for quick reporting, detailed root cause analytics, or environmental issue triage to quickly get the information you need without sifting through everything available. With the launch of SysTrack 7.2 there's also a dedicated mechanism to allow both Lakeside and community subject matter experts to create curated content and deploy it quickly to anyone using SysTrack.

SysTrack Kits introduce a new ability to rapidly fetch and configure reporting and dashboard contents for any SysTrack deployment. This leverages areas of data collection, both inside and outside the core agent data, to provide solution specific value for a large number of different scenarios. Examples include PCoIP session quality analysis, Citrix XenApp capacity and health reporting, and environmental security visualization. These are basically unique ways of viewing datasets collected by the agent designed to be quickly customizable and easily interacted with to expand visibility into all aspects of an environment. This means that for expanded collection it's simple and straightforward for an enterprise to create meaningful views into anything collected by the agent and even integrate in external data from other sources. With a wide variety of reporting mechanisms built on top of an industry leading data collection and normalization engine it's possible to establish a true continuous assessment of how all the pieces of an environment fit together. But, even more is possible by enabling the agent to proactively alert and automatically resolve some of the driving problems for end user experience.

Automation is at the core of any forward thinking IT organization's approach to managing and configuring systems. For management of an environment this usually takes the form of proactive notifications and alarms coupled with threshold based response and prescripted actions. In many ways this represents the culmination of agent function: correct collection and data management, dynamic analysis, and automation of actions without the need for direct intervention. This allows massive time savings and avoidance of much of the need for manual interpretation or data review in the first place.

A Core Component of End User Computing Success

The SysTrack agent balances the real-time visibility requirements IT operations require with a flexible, lightweight data collection architecture that provides unlimited depth of analysis as needs become more advanced. Through the use of an innovative distributed database architecture and extensible collection configuration the agent can provide insight into any computing environment, guaranteeing continuous insight and control for delivering optimal end user experience.