Entry Name:  LAB-LAZARIKOS-MC2

VAST 2013 Challenge
Mini-Challenge 2: Situation Awareness Display Design

 

 

Team Members:

 

1.    Demetrios “Laz” Lazarikos, LAB (Laz, Andrew, Brad), IT Security Strategist, beta@laz.com  PRIMARY

2.    Andrew Hoernecke, LAB (Laz, Andrew, Brad), Principle Application Security Engineer, ahoernec@gmail.com

3.    Brad Lindow, LAB (Laz, Andrew, Brad), The Security Architect, lindow.brad@gmail.com

 

Student Team:  NO

 

Software Used:

 

1.    Apple QuickTime

2.    Adobe Acrobat

3.    D3 Dash

4.    Flip Player (Mac OS)

5.    Grab (Mac OS)

6.    Google Apps

7.    Google Chrome

8.    Google Docs

9.    Google Drive

10. Google Spreadsheet

11. iMovie (Mac OS)

12. JavaScript

13. Microsoft Excel

14. Microsoft Visio

15. Microsoft Word

16. Skype (video conferencing)

17. TextEdit (Mac OS)

18. VMWare

 

May we post your submission in the Visual Analytics Benchmark Repository after VAST Challenge 2013 is complete? YES

 

Video:

 

lab-lazarikos-mc2-video.wmv

 

 

High-Resolution Image:

 

lab-lazarikos-mc2-design.tiff

 

 

Storyboards:

 

lab-lazarikos-mc2-storyboards.pdf

 

 

Description of Your Design:

 

Team LAB focused on the following Big Enterprise core requirements for the Big Enterprise dashboard:

 

1.    Must display how the various pieces of the environment are operating, communicating and collaborating;

2.    Several conditions need to be displayed, along with facilitating a way for the staff to be alerted appropriately;

3.    Health, Security, and Performance data need to be specifically highlighted;

4.    Must aid the users to view connections between different events; and

5.    Should accommodate network growth, large numbers of locations, and nodes.

 

Team LAB dashboard design went through two iterations before agreeing on the final layout. The original design (Figure 1) was a cross between a dock at the bottom of the dashboard and a handful of alert displays. The team felt the design had several flaws, such as the ‘dock’ being able to display limited locations and the graphics taking up too much screen space.

Figure 1.

 

In the second iteration of the dashboard (Figure 2), the team incorporated sparklines in order to quickly identify patterns and trends. “Zones” were also incorporated into the design to allow a user to quickly identify how distinct locations are performing. Security, System, and Network Alerts were also added to the dashboard.

 


Figure 2.

 

The next version of the dashboard (Figure 3) laid the foundation for the final design.  Team LAB created this and future versions of the dashboard utilizing D3 Dash, an Open Source Visualization tool created by LAB team member, Andrew Hoernecke.  D3 Dash is currently in Beta release and information can be found at the Website:  www.d3dash.com

 


Figure 3.

 

After numerous iterations, Team LAB agreed on the final design in Figure 4.  Team LAB struggled with using motifs and glyphs to visually represent the overall network on the primary dashboard. After weighing multiple factors, it was decided that the focus would be on using existing sections in the dashboard. However, the dashboard was designed so a user would still see network visualizations utilizing motifs and glyphs when clicking through on regions, zones, and alerts.

 

Figure 4.

 

General Features

 

Every table title and column header is clickable to access additional information and to sort information.  Regions and zones are clickable to obtain detailed information.  Some examples limited to: local time, contact information for the region, and alert history. Clicking on a heatmap cell will retrieve the alerts and/or zones that are encompassed by that cell. The current date and time is included in the dashboard with a ‘help’ link to additional information for effectively using the dashboard.

The final design incorporates five separate sections:

 

1.    Alert Timeline

2.    Zone Performance

3.    Region Alerts

4.    Individual Security, System, and Network Alerts

5.    Heatmaps

 

Alert Timeline

 

The alert timeline (Figure 5) was included to exhibit alert history and help determine possible root causes of recent issues.

 

Figure 5.

 

Zone Performance

 

Team LAB created the Zone Performance table (Figure 6) to display different network performance indicators of individual zones.  Zones encompass datacenters and offices in numerous worldwide cities.  Zones are assigned a Zone ID (ZId), which includes the associated Region ID (RId).  Latency, error rate and bitrate were chosen to display because these indicators should reveal any network-specific performance issue.  The current numeric figure for each indicator provides support staff precise data while sparklines provide a visual display to identify patterns and trends.

 

The Zone Performance Table can accommodate many different zones with problematic zones rising to the top of the list.  Solid red dots are used to indicate potential issues that need immediate attention.  The intensity of the hue signifies the criticality of the issue while hollowed-out dots indicate that support personnel are currently responding to the particular issue.

Figure 6.

 

Region Alerts

 

Team LAB added the Region Alerts section (Figure 7) so regions could be monitored for systemic problems at a higher level than zones. The Regions were created using the United Nations (UN) classification system for Regions and Sub-Regions.  This also allows for a potentially large increase to supports zones and nodes within the dashboard.  The sparklines were included to help identify regional patterns and trends.  Team LAB determined that the bullet graphs were important in order to allow support staff to quickly determine how the current level of alerts compares to the regional average.  Regions are assigned a region id (Rid) and red dots were again used to highlight issues.

 

Figure 7.

 

Individual Security, System and Network Alerts

 

Team LAB included the three alert tables (Figure 8) because there is a strong commitment to providing actionable alert information so users understand the types of threats being conducted in the Big Enterprise environment.  Alerts are assigned their own Id number and also indicate which Zone is affected. The age of the alert is displayed and red dots are utilized to raise the awareness of the most critical alert.  Each alert includes a Standard Operating Procedure (SOP) link that leads to clear steps of what to do for each event.  If an issue is non-routine then there may not be an actual SOP and therefore, a link to facilitate research is included.  The number of alerts can grow and the most critical alerts will be shown on the initial screen. 

 

Figure 8.

 

Heatmaps

 

Team LAB included heatmaps (Figure 9) for each alert type and performance indicators.  The heatmaps are color coded based on a linear scale with light blue being good moving towards a red, which indicates that immediate attention is required.

 

Support staff can drill down from the Region or see how the alerts are affecting the Zone or overall Region. The heatmaps also facilitate the identification of connections between different types of conditions to help the support staff correlate complex issues and discover root causes. The heatmaps can accommodate very large amounts of regions, zones, and alerts as the network grows over time.

 

 

Figure 9.