Tuesday, November 10, 2009

Building The Narrative

Pictures build narrative. Building the narrative of your network is learning to tell a truthful and richly illustrated story. This narrative will help you display your best work, and to help others in your organization understand what it is you actually do.

The most common way to display information is the humble graph. Graphs come in many shapes and sizes, and are most commonly associated with quarterly power-point presentations that everyone sleeps through. But graphs lead a secret and powerful second life. Graphs can build narrative and create context. It just depends on how you use them.

For example, take Joseph Minard's flow graph of The War of 1812. Not only is it a graph, it's also a map, and a narrative of Napoleon's worst defeat. The tan line indicates the advance, and the black line indicates the retreat, while the thickness indicates the number or Napoleon's troops that remain.

Edward Tufte, in his praise of Minard's map, identified six separate variables that were captured within it. First, the line width continuously marked the size of the army. Second and third, the line itself showed the latitude and longitude of the army as it moved. Fourth, the lines themselves showed the direction that the army was traveling, both in advance and retreat. Fifth, the location of the army with respect to certain dates was marked. Finally, the temperature along the path of retreat was displayed. Few, if any, maps before or since have been able to coherently and so compellingly weave so many variables into a captivating whole. (See Edward Tufte's 1983 work, The Visual Display of Quantitative Information.) [via CSISS Classics]

It would have been a simple matter for Minard to graph a single element, or to create multiple graphs each tracking a single element. But Minard's brilliance is shown when he combines Space, Time, Value, and Context into a complex narrative with a rich presentation of events.

System Administrators have a wide range of avalible graphing tools, several that I have used include: RRDTool, graphiz, and gnuplot. Each of these tools have their own strengths and weaknesses and should be used in the right situation.

There are many excellent external data sets that can be used as well: Firewall logs from DShield, temperature information from weather.com, even google trends can be accessed via API.

Combining external and internal data into single graphs can help create the narrative we're looking for. Server room temperature and external temperature can be combined to demonstrate the effectiveness (or ineffectiveness) of your HVAC. Dsheild logs can be coordinated with your own firewall logs to identify ongoing attacks. New CVE entries can be combined with IDS alerts. Your only limit is your imagination.

Blending Space, Time, Value, and Context allows people (like your boss) to understand complex events or problems without getting lost in the weeds. Being able to create and display simple and informative graphics will enable you to clearly define what needs to be done the next time a decision needs to be made.

Never underestimate the power of a pretty picture.

