Why you need network monitoring systems and what they can do for you
A collection of articles that takes you from defining technology needs to purchasing options
Editor's note: In part three of our three-part series on network availability monitoring, we compare the leading network monitoring vendors and their offerings. Part one covered the evolution of network monitoring tools in the enterprise, and part two laid out the key features for a successful network availability monitoring system.
An enterprise network availability monitoring system (ENAMS) is an essential tool for any network management team.
Enterprise Management Associates (EMA) regularly assesses this market with its biannual ENAMS Radar report, which compares the technical and go-to-market capabilities of leading vendors. This article draws on the most recent research to compare the leading enterprise network monitoring vendors and lays out the top five criteria to consider when evaluating products.
ENAMS criterion #1: Functionality
Overall functionality is the leading criterion for evaluating ENAMS products. These systems combine a variety of management capabilities that are often available elsewhere as discrete point products. The more functions a platform offers, the better the chance that an enterprise can use it to consolidate multiple tools into one comprehensive monitoring system.
Some of the core capabilities to consider when evaluating an ENAMS product include device discovery, alarming and reporting, and fault isolation and troubleshooting. Many enterprise network monitoring products, such as Centerity Monitor and Entuity Network Management, offer inventory and asset management features. Vendors employ a variety of techniques to execute on these capabilities, which leads to some variation in effectiveness. For instance, some vendors, such as EMC, Hewlett Packard Enterprise (HPE) and IBM, can discover devices and automatically assemble them into a topology map. This provides network administrators with an intuitive view of how the various infrastructure elements fit together. Other systems, however, will require the user to manually build the topology map.
Enterprises rate automated notifications and escalations, alarm management and event correlation as the three most important features in an ENAMS product. These features support core enterprise network monitoring capabilities of alarming, reporting, fault isolation and troubleshooting. When selecting an ENAMS product, pay special attention to how the vendors you evaluate perform in these areas.
In addition, consider the specific needs of your infrastructure when evaluating vendors. Some enterprises want to monitor more than just network devices with their enterprise network monitoring product. Some vendors excel at monitoring servers, storage and virtualization software, and a few have started adding public cloud monitoring so enterprises can integrate the monitoring of internal and external resources. FortiSIEM, for instance, is a product considered a cross-domain monitoring tool that covers all infrastructure domains in the data center as well as being a robust security operations center component. Centerity is also often deployed as a cross-domain monitoring tool.
Most ENAMS vendors offer a very broad and deep set of functionalities. Some of those that often score highest in EMA's assessments for functional completeness include HPE Network Node Manager (NNMi), Infosim StableNet, FortiSIEM and Centerity. HPE NNMi is known for its broad range of discovery techniques and the deep amount of data it can collect on discovered devices. It also excels at alarm management. Infosim often receives praise for its device discovery capabilities and alarm management and correlation features. FortiSIEM is well-known for its device discovery, alarm management, fault isolation and troubleshooting functionality. Centerity is known for its cloud monitoring capabilities and its root-cause analysis functionality.
ENAMS criterion #2: Ease of deployment
In many ways, ease of deployment depends on the preferences of the enterprise--as well as on the number of devices and geographical footprint of the network. Some products are complex, with multiple components that must be installed and configured, including the database and the device polling engine. This complexity may increase the amount of time an enterprise needs to get the system into production, and it may force enterprises to engage professional services from the vendor or its partners to ensure a successful installation.
On the flip side, most vendors introduce this complexity as part of an effort to give customers more flexibility. This complexity is a natural outgrowth of vendors offering support for customization of the system, anything from the insertion of custom management information bases to the use of a preferred database technology in place of the standard database software offered by the vendor. A separation of components in some vendor architectures also helps achieve greater scalability of the product for companies with very large enterprises. For example, HelpSystems InterMapper comes with its own polling engine and it supports third-party databases. It also supports a distributed implementation architecture.
Licensing also contributes to the ease of deployment. Some vendors, like FortiSIEM and HPE, vary in how they license their products, offering combinations of perpetual and subscription-based licenses, as well as license terms that are tied to the number of devices or managed objects that a user wants to monitor. For example, FortiSIEM offers device licenses with a maximum events per second (EPS) restriction attached to them. This combination makes licensing a bit more complex but also allows for more flexibility and right-sizing. Similarly, HPE offers flexible deployment, as well as a host of professional services, such as installation and on-site product training.
ENAMS criterion #3: Ease of use and administration
Ease of use will go a long way toward ensuring that the network management team actually maintains and uses the enterprise network monitoring product. It is not uncommon for a networking team to partially or completely abandon a monitoring system because it is too difficult to use and maintain, especially if there are other tools in place that overlap with some of the capabilities of the ENAMS product.
Studies show the typical large enterprise has six to 10 network management tools in active use. Some report having as many as 25. An ENAMS can consolidate some of those tools and make the network management team more efficient and effective. But if the enterprise network monitoring product is too unwieldy, the networking team will continue to use those other tools. If the system does a poor job of alarm suppression, for instance, users will move away from the product. The failure of a single interface on a switch can trigger separate alarms for dozens of other managed objects that are dependent on the interface. If the network manager can't quickly drill down to the root cause of a problem because of alarm fatigue, the system won't be usable.
Consequently, you should consider how much training an ENAMS product will require and how accessible and usable it will be by a wide variety of IT stakeholders. Many enterprises have assembled cross-domain IT operations groups, which use the same ENAMS product as network administrators. For example, products such as Entuity Network Monitor and Centerity Monitor both boast that they do not require professional services for deployment, and they feature built-in automation for ease of use. Entuity builds topology maps and provides extensive reporting features.
The strength of support and services from the vendor will also be important to consider, especially as it can influence how easy it is to keep the ENAMS product in sync with future product releases and software patches. HPE Intelligent Management Center, for example, supports ease of administration for cross-domain users.
ENAMS criterion #4: Scalability and design
ENAMS products consolidate many functions that were previously only available in narrowly focused management tools. In some cases, these ENAMS products were developed from scratch to provide all of these capabilities. In other cases, vendors expanded their products over time, adding new capabilities as the market dictated. This heritage can influence the scalability and the overall design of ENAMS platforms.
When evaluating an enterprise network monitoring system, determine which capabilities were part of the core product versus those that were added on later in the product's lifecycle. This can help you gauge the strength of a product's various features and determine which are scalable, reliable and fully integrated with the platform, and which are less so.
Also, consider the target customer of each ENAMS vendor. Some vendors sell mostly to large enterprises, while some target small and medium enterprises. Others target both segments. If you need a system that can monitor tens of thousands of devices, you will need to work with a vendor who can certify that scalability and provide you with reference customers to back those numbers up. Some enterprise network monitoring tools that are known for their scalability include Infosim StableNet, EMC Service Assurance Suite, CA Spectrum and ScienceLogic. EMC allows users to create their own service packs to monitor non-traditional infrastructure elements for heavy industry, healthcare and more. Similarly, CA Spectrum has the capability to monitor tens of thousands of devices, and is aimed primarily at large enterprises with a widespread infrastructure.
On the flip side, if you want to monitor fewer than a thousand devices with an enterprise network monitoring product, think carefully about whether you want to work with a vendor who primarily addresses the large enterprise market. The vendor's market strategy does not just influence the number of devices a system can monitor and manage. ENAMS products that primarily serve the higher end of the market will typically be more difficult to use, as they have more features and complexity than a smaller enterprise wants to deal with. Such products tend to cost more and require more resources to procure, install and maintain.
ENAMS criterion #5: Integration
One final criterion to consider during an evaluation of an enterprise network monitoring product is its integration with other infrastructure management systems. The ENAMS product is never the only IT management system an enterprise uses, and rarely is it even the only network management tool in place.
In fact, EMA research has found that less than 20% of enterprises deploy network management tools as stand-alone technologies that have no integration with other management systems. The rest prefer at least some degree of integration, though that integration may take many forms. Some enterprises might loosely tie together products from several vendors with custom or vendor-provided integrations. Others might buy all their network management tools from a single vendor that offers a fully integrated product suite.
Similarly, each vendor offers a different story on integration. Some ENAMS vendors offer no other products, but will develop technology partnerships with other vendors to fulfill customers' integration requirements. Other vendors offer broad suites of IT management tools, but don't necessarily do a good job of integrating their ENAMS product with those other tools. Therefore, you should identify which types of enterprise network monitoring system integrations will be useful to your IT organization and determine how tightly integrated you want them to be. Some products that are known for integration include HPE NNMi and CA Spectrum, both of which are offered by vendors that sell a broad suite of IT management products. Entuity and Infosim are examples of smaller vendors offering a broad number of integrations with third-party vendors.
Evaluating strengths and weaknesses of enterprise network monitoring products
Enterprises have a wide range of choices in the ENAMS market, and there really isn't one tool out there that fits every network. When evaluating the best vendor for your organization, you really need to understand your environment first -- not just the size and shape of your network but also the skills and experience of the people who will be using the tool. If you have a complex network with very strict internal service-level agreements, you will need a granular and versatile ENAMS product, such as EMC Smarts Service Assurance Manager, which is customizable and is also deployed in large networks. If you have a large but simple network, you will need a scalable product, such as Centerity Monitor or Entuity Network Management. If you expect people from outside the networking team to use the product, including non-IT personnel, you will need to evaluate the usability of the tool from their perspective. FortiNet FortiSIEM is an example of a product that provides cross-team monitoring and analytics.
Finally, remember this: All enterprise network monitoring products will have strengths and weaknesses when measured against the criteria detailed above. It's up to you to decide which strengths you need and which weaknesses you can live with.
Read more about how SDN is changing network monitoring.
Learn more about the Merlin Project's new network management tool.
Analytics makes network management more efficient