There is a special kind of fear known only to network managers. It starts with a cold, dull ache in the pit of the stomach when the phone rings and a distant, irate voice whines, "The network is slow." The complaint is not the problem; the problem is the realization that despite state-of-the-art switching and idling servers, the network is slow and you don't know any more than the tiny voice pressed to your skull. That's when it's time to consider application performance monitoring tools.
There is a clear distinction between application monitoring and
ExtraHop Networks: APM tools with real-time data analysis
ExtraHop was founded by two ex-F5 Networks engineers in response to a challenge: understanding how and where application performance issues occur. This heritage is important because the engineers brought with them features that will be familiar to users of F5 iRules. ExtraHop's raison d'être is that it can be set up easily and can start analyzing real-time data without previous knowledge of the network or of where the perceived issues occur. In fact, with it, engineers drill into the application of concern and enlightening statistics spill forth.
ExtraHop's technology offers a scripting language based on TCL, or Tool Command Language . The Web front end focuses on the network flow, correlating bandwidth, applications and discovered errors. An application identification engine reconstructs network flows and gathers transactional information. So, rather than ID every variant of a Facebook widget, ExtraHop focuses on understanding the mechanical components of such applications as HTTP, domain name system, or DNS; Common Internet File System, or CIFS; and Lightweight Directory Access Protocol (LDAP). This eliminates the need to drill into an HTTP server that is suddenly generating a large number of HTTP 404 errors or into an LDAP client that is spawning expensive queries. The scripting language can be used to analyze custom applications, and ExtraHop is fostering a community approach to allow users to share customizations.
ExtraHop technology records data by intercepting network traffic via taps into physical or virtual appliances. As a result, ExtraHop is relatively unobtrusive in operation, as it eschews deploying agents on the clients and servers. ExtraHop offers a full suite of packet capture tools if they're needed, but many issues can be bottomed out without detailed analysis.
NetDialog NetX: An APM tool that links network performance to cost
NetDialog's NetX Cloud APM solution focuses on bridging the gap between IT and the boardroom. Rather than being a "fix it as fast as you can" troubleshooting tool, NetX marries a company's existing technologies and tools to meet a business objective. It looks at the effects of latency, data reduction and network utilization on applications, and aims to provide visibility to both the network manager and board. Business intelligence reporting transforms raw data into a dollar value associated with network applications. This produces key metrics that quantify the previously unknown, such as WAN costs per application, Opex cost savings for WAN optimization, or the per-site cost of an SLA breach. NetX is also a powerful capacity-planning and utilization-monitoring tool.
The raw data is gathered from the ingress and egress parts of the network, such as packet shapers, routers, WAN optimizers and other sources of flow information. This combined Software as a Service and cloud approach makes the solution very light, because there is no infrastructure to deploy. Instead, information is collected from the existing infrastructure by a virtualized local aggregator, the NetX agent. Once processed by the agent, metadata is forwarded to NetDialog's cloud infrastructure for correlation. The organization's existing configuration and nomenclature can be reflected in the centralized reporting portal, mapping applications to business processes easily. The data is gathered in "near time" -- on a scheduled basis rather than continuously. This approach is ideal for studying such long-term issues as network latency and congestion, but it might not be granular enough for short-term or transient issues.
Riverbed Technology Cascade: APM with integrated Wireshark and more
Riverbed is best known for its WAN optimization technology, but the company also has a complete suite of APM tools under the Cascade banner. Cascade consists of several discrete hardware and software components and has two distinct front ends.
More on application performance monitoring
Developing an application performance monitoring strategy
Application performance management needs packet capture
The Cascade Pilot suite is a Windows Desktop client that pulls raw capture data from Cascade Shark and Steelhead appliances, as well as from local network interfaces. The main party-piece is its ability to sift through gigabytes of raw packet capture data very quickly, using a series of cumulative "views." The views are filters that are dragged and dropped onto the source data, allowing you to hone in easily on which workstation is flooding the Internet pipe and what it's downloading. Wireshark (formerly Ethereal) is directly integrated into both Pilot and Shark, putting a powerful and familiar analysis tool front and center.
The Cascade Profiler appliance focuses on the network flow data captured from such sources as Ethernet switches, routers and WAN optimizers. The Cascade Gateway acts a remote agent for Profiler to gather, compress and encrypt statistics from local appliances. Alternatively, the Cascade Sensor can pull data directly from the network via a SPAN port or Ethernet tap, and feed data back into the Profiler. The Profiler Web interface provides the expected analytics and service monitoring, but also can drill into overlay Virtual Extensible LANs and analyze their impact on the physical network.
I have only scratched the surface of a very large topic, but these technologies all look to address a very common problem in distinct ways. ExtraHop's strength is that it provides a fast path to a resolution for network issues as they occur, or even before. NetDialog creates a window into the network that monitors the health of the existing investment so the business side of an enterprise can better understand what's happening on the network. Riverbed has a powerful suite of tools that cover most requirements. Choosing among these products means having a clear understanding of the challenges facing your network.
This was first published in March 2013