Why should application performance management (APM) solutions include packet capture abilities?
Do you have a question for Jesse?
Submit your question directly to our editors at firstname.lastname@example.org
Packet capture is a critical part of any application performance management solution because it provides a definitive record of application and user activity. As network engineers are fond of saying, “Packets don’t lie.”
The challenge is that traditional packet capture requires network teams to guess which packets to capture and when to do so. The alternative is to perform continuous packet capture, which is increasingly expensive and cumbersome as the amount of network traffic grows. When networks ran at 10 Mbps, traditional packet capture worked fairly well. Today, a fully saturated 10 Gbps network link can fill 100 TB worth of packet data in 24 hours. This approach may still be required for forensics and compliance purposes, but it is not suitable for real-time troubleshooting.
Read more of Jesse's advice
What IT organizations benefit from application performance management?
The benefits of non-agent-based application performance management tools
How application performance management aids network health
New techniques for performing packet capture eliminate the need for guesswork and expensive storage. By reconstructing application flows and analyzing transactions in real-time, network-based APM solutions can precisely capture the packets of interest according to a policy-driven rules engine -- essentially giving IT organizations an "instant replay" capability. If the traditional packet capture method is like searching for a needle in a haystack, the new method of packet capture is like using a magnet to extract the needle from the haystack.
Packet capture is essential to APM solutions because it allows companies to identify and solve difficult problems, but the choice of which approach to take really depends on the industry and needs of each company. Generally speaking, the faster and easier it is to find the relevant packet capture the better.
This was first published in December 2012