NOC Overview
A Network Operations Center (NOC) is a centralized location for network monitoring, management, and control. The NOC is the first line of defense against network disruptions and failures. It allows organizations to gain full visibility into their network infrastructure including computer networks, telecoms networks, databases, firewalls, and other related network infrastructure. The infrastructure may be located on-premises and/or with a cloud-based provider, depending on the company’s needs. In a NOC, IT teams can continuously monitor the performance and health of a network. Its management services include monitoring customer support calls, help desk ticketing systems, and integration with customers’ network tools.
NOCs are often considered essential and critical to the operation of most businesses today because they play a key role in keeping networks running smoothly. Without them, many organizations could not tell when something goes wrong with their network. For example, if a base station goes down, the NOC will notice the failure early enough and escalate to the response team to identify and resolve the problem. However, without a NOC, the organization wouldn’t know about the failure early enough. A NOC detects a problem and notifies the appropriate response team, so they can investigate and resolve it.
How NOC Works
A NOC is designed to have its own dedicated room with several rows of desks and workstations all facing a video wall, which typically shows the real-time status of network devices and their metrics, along with details of active alarms, ongoing incidents, and general network performance. The information on the video wall is also available on individual workstations throughout the room, where staff is assigned to monitor a specific device and associated alarms. Alerts and alarms tell engineers where an issue is occurring and what device is affected. From there, they can drill down on related issues and follow protocols that have been developed to resolve the incident. Each workstation includes multiple monitors, making it quicker and easier for engineers to analyze information and respond more efficiently. Some companies choose to operate a NOC internally and locate the infrastructure and operations hub on-premises, often within the data center. But for other organizations, this work is outsourced to a third party that specializes in network and infrastructure monitoring and management.
NOCs typically operate in a tiered or hierarchical fashion based on their skill and experience in resolving specific issues. Incidents are categorized from levels 1 to 3, with 1 being the lowest level, such as assessing alerts from infrastructure devices, and 3 being the most severe incidents, such as a ransomware attack or network outage. Once a NOC technician discovers a problem, he or she will create a ticket that categorizes the issue based on alert type and severity, along with other criteria. NOC engineers then troubleshoot problems that arise and look for ways to prevent future network downtime and connectivity issues. If the NOC engineer assigned to a specific problem level fails to resolve an issue promptly, it moves up to the next level and continues to escalate until the ongoing issue is fully resolved. The combination of powerful equipment and highly skilled staff operating under very specific protocols enables the NOC to operate nonstop.
Requirements for NOC Setup
Aside from the human resources and expertise needed to man the NOC facility, the following are some of the key resources required to set up the NOC facility:
1. Environmental Requirements:
- Spacious rooms with large walls for installing screens and unhindered viewing.
- Quadrants to form workstations for each team member to monitor specific elements.
- Redundancy for connectivity and power to make sure that operations are unhindered around the clock.
- Ability to scale the center to support the growing needs of the organization.
- Comfortable office furniture and cubicles
2. Technical Requirements:
- Video Wall Display—which consists of screens arranged in a grid and connected to function as one display unit.
- Workstations—with multiple monitors assigned to individual staff to monitor specific devices and associated alarms for improved response speed and efficiency.
- Control Interface—the entire technologies used in a network operations center must be controlled from a central point, and the standard method of doing this is to use a control interface.
- Fiber optic cabling and transmitters
- Integrated audio outputs and inputs
- Video servers and routers
- Network switches and routers
- Integrated encoders and decoders
- Camera control units
Difference Between NOC and SOC
The NOC is the team within an organization that is responsible for ensuring that the corporate network infrastructure is capable of meeting the needs of the business, while the SOC is the team responsible for protecting an organization against cyber threats. The NOC and the SOC are two teams with very similar roles. Both teams can collaborate to resolve major incidents and issues.
Although it is not best practice to merge the functions of NOC and SOC when it’s not economically feasible to establish a separate NOC and SOC, a NOC can serve both purposes: monitor the network infrastructure and detect and resolve network issues and security threats. Whichever case, the goal of a NOC and a SOC is to ensure that the corporate network can adequately meet the needs of the business. However, they do so in different ways, as captured in the table below:
NOC | SOC | |
---|---|---|
Responsibility | The NOC is responsible for ensuring that the corporate network infrastructure is capable of sustaining business operations. | The SOC is responsible for protecting an organization against cyber threats that could disrupt business operations. |
Objective | The NOC focuses on ensuring that the network is capable of meeting SLAs during normal operations and addressing natural disruptions, such as service outages. | The SOC focuses on protecting the network and business operations against interference by cyber threat actors. |
Required Skills | NOC analysts’ skill sets are geared towards network and endpoint infrastructure optimization, network monitoring, troubleshooting, and resolution of “natural” issues within the network. | SOC analysts’ skill sets are geared towards ensuring the confidentiality, integrity, availability, and resiliency of corporate IT assets. This includes the skill to prevent, protect, and respond to cyber threats. |
Opponent | NOC and SOC are fighting against different adversaries. The NOC is primarily focused on network events that are common and occur naturally such as power outages, Internet outages, and natural disasters | SOC analysts, on the other hand, protect against cyber risks, malicious actors, and other human-driven disruptions. |
Personnel and Tools | NOC consists of personnel and tools that focus on network performance and optimization like NMS and searching for issues that could impede network speed and availability | SOC consists of personnel and tools like SIEM software for monitoring, detecting, and analyzing an organization’s security health |
Network Operation Best Practices
The following are some of the best practices that should be observed for a Network Operations Center:
1. Design Your NOC Operation for Scalability: A NOC’s scalability is its ability to handle a growing amount of work without compromising the level of service. It measures a system’s ability to increase or decrease in performance and cost in response to system changes and demands. It is best practice to design a NOC that can grow with an enterprise as it expands its services, markets, and customer base. It should be designed to be scalable enough to support daily or seasonal fluctuations in traffic. The ability to grow or absorb expansion requires careful consideration of the following factors:
- Systems and Network: The performance of the NOC needs to be monitored closely to make sure there is enough capacity to handle growth. The ability to easily deploy additional resources enables you to handle sudden spikes in growth.
- Tools: It is not unusual for tools used by the NOC such as monitoring tools, ticketing systems, knowledge base tools, and others to under-perform if they are not built to cope with growth, resulting in service-level degradation and a loss in productivity. Tools must have additional capacity built into them to handle the projected growth.
- Staffing: It is important to measure the staff utilization percentage from various NOC activities and keep it below 80%. This enables your NOC to absorb growth while allowing enough lead time for recruiting additional resources.
- Process Framework: A NOC operating model should be based on a process standard that fits their industry needs. A consistent process framework and methodology for delivering high-quality service is one of the key features of a scalable NOC.
2. Implement a Tiered Organization/Workflow: Organizing your NOC activities and workflows based on your specific technologies and skill levels is the key to a smooth functioning NOC. A multi-tier NOC model effectively distributes responsibilities among different NOC levels, according to the skills and experience of NOC engineers and the complexity of issues they deal with. By choosing a multi-tier model with proper escalation procedures for your NOC, you can resolve IT infrastructure issues of different complexity promptly and make your IT infrastructure truly reliable. The following are the recommended hierarchical model for organization NOC workflow:
- Tier 1: This level is represented by staff who receive infrastructure-related requests and deal with simple network issues, such as login problems, and checking proper network configurations. Problems that require a higher level of technical expertise are escalated to Tier 2 specialists.
- Tier 2: This level is represented by more tech-savvy specialists who deal with more challenging network issues such as resolving configuration issues, account administration, services restart, and others, which often require a deeper understanding of the supported IT infrastructure. Problems that require a higher level of technical expertise are escalated to Tier 3 specialists.
- Tier 3: This level represents the topmost escalation point for more advanced issues, such as major outages and downtime. Resolving issues at NOC Tier 3 requires more advanced skills and experienced engineers.
3. Deploy the Right Set of Tools: Invest in tools that will enhance performance and service delivery in your NOC activities. The following are some of the recommended tools:
- Helpdesk System: Helpdesk software is a tool that serves a wide range of customer support activities. The help desk uses tickets for communication, and that’s why it’s also known as a ticketing system. It automates key functions to make NOC support staff more responsive and efficient. Some helpdesk systems are equipped with a knowledge center for documenting and sharing practical experiences and best practices.
- Reporting System: It is important to report the real-time health status of the network as well as the performance of the operating center. The more information you have about the status of your network performance, the better decisions you will be able to make. This empowers your team with actionable insight for increased efficiency.
- Monitoring Infrastructure: These tools are designed to monitor and track the performance and availability of the network infrastructure. This allows operators to identify and resolve problems before it gets out of hand.
4. Training and Development: Training and development involve improving the effectiveness of the individuals and teams within the NOC. Development is related to the progress of longer-term organizational and employee goals. Your team must at all times possess the required expertise in monitoring, managing, and resolving network and customer-related issues. This is why frequent training on procedures and protocols for resolving problems, when to make the quick decision to escalate, and keeping up with changes to your own IT environment is important.
5. Use a Standard Process Framework: Implement a standardized process framework that provides your NOC team with detailed and clear instructions for handling various network-related issues. There are lots of frameworks you can adapt to manage incidents and problems, including FCAPS, TOGAF, MOF, and ITIL framework. These frameworks include a number of best practices for delivering technical support services. It also offers a high level of flexibility, as you can include your company’s customized procedures under its umbrella.
6. Activity Documentation: The need for documentation in any system or environment cannot be overemphasized. Your NOC is only as good as its documentation. As a form of knowledge management, documentation helps to achieve organizational objectives by making the best use of knowledge. Some NOCs have several technicians and engineers working on different sites. So in a situation where a client’s site has an emergency, but their assigned team is engaged somewhere else, a document containing the configuration settings or work history of that client will guide another team in resolving their issues. A successful NOC knows everything about the technology, system, and infrastructure it monitors and manages, and this would be impossible without comprehensive documentation that covers the varied aspects of NOC activities.
Thank you for the in-depth explanation and references, those of us building and learning about NOCs appreciate your efforts.