Application and Network Performance Management Buyer's Guide ...

  • 350 views
Uploaded on

 

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
350
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
20
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Network Performance Management Buyer’s Guide A Summary of Best Practices for Optimizing Your Networks and Applications including Comparison Chart Introduction The more effectively information technology supports and protects Feedback from IT professionals reveals that they have more infor- business goals and objectives, the greater its value to the organi- mation and sources of data than they need, however they lack the zation. Where most large organizations today rely heavily on their means to correlate that information within the context of business networked infrastructure to support their business operations, they priorities. A well-articulated performance management platform re- believe it is imperative to take advantage of the most advanced, veals current status, provides data to proactively resolve anomalies, proactive approaches to comprehensive network and application and helps the IT manager develop command of the enterprise’s net- performance management. work. This opens the door to optimizing the cost-to-value proposi- tion for the entire solution. Without the right tools, managing performance can be tricky. As new applications and networking technologies have been adopted, This guide discusses the best practice areas for application and networks have grown in size and intricacy. These multiple layers of network performance management, introducing features and capa- complexity have made it more difficult to gain essential insight into bilities to keep in mind when evaluating performance management performance, which has led to a proliferation of disparate, loosely tools. By examining alternatives against these factors, the potential integrated intelligent data sources and management tools, each for purchasing a solution that will provide the critical business intel- solving a subset of the performance management puzzle. This col- ligence needed will dramatically increase. The Appendix contains a lection of disparate approaches has hampered access to meaning- comparative matrix that can be used to track how well each alterna- ful, actionable information and resulted in an unacceptable cost of tive measures up in managing complex IT environments. ownership for today’s enterprise and government organizations. The Essentials: Support the Primary Even more daunting is the requirement to tie resource decisions Performance Management Tasks back to the needs of the business. Without visibility into the how the business actually uses corporate resources, quantifiable business- A great variety of tasks are often associated with network perfor- related decisions regarding the network are impossible. The need mance management. From troubleshooting to response time analy- for visibility into actual packet flows for all applications is further sis, a true performance management solution must support all the magnified by the delay in troubleshooting degradations the impact activities necessary to optimize the network and provide common the business bottom line – revenue, customers, manufacturing, to informational ground for disparate IT staff members. In order to es- name a few. tablish a best practices solution, the chosen platform must deliver the functionality to support key performance management tasks, including application and network monitoring, troubleshooting, ca- www.netscout.com
  • 2. pacity planning, application profiling and response time analysis, n Peer-to-peer applications: Designed for file sharing, and accelerated fault detection. The only best practices method to these applications have made music sharing one of the gain this level of intelligence and analysis is to rely on a solution that most popular fads of recent times, although they are leverages the actual packet flow data in the global network. evolving into business usage as well. While business-ori- ented peer-to-peer activity is not common, it is important Application Monitoring to distinguish these services to ensure that they are not Since many of today’s business processes and services run over the creating bottlenecks in the enterprise network. network in the form of applications, it is vital to identify all applica- tion traffic. This information supplies a view of how the organization n Unknown applications: Most networks have extrane- uses the infrastructure, allowing networking decisions regarding ous applications running on them that need to be identi- time allocation, growth, budget, and policy to be based on concrete, fied and tracked. The performance management solution business-quantifiable metrics. Best practices in application moni- should automatically keep track of unknown applications toring must contain the following functionality: and ports that it encounters. n Full application identification: In order to avoid blind spots, n High-definition application metrics: For a detailed under- a performance management solution must distinguish among standing of the network, the management solution should all types of applications, including: mission-critical business track and report upon a wide range of metrics historically and applications, non-revenue-producing applications, custom- in real time for all applications, including utilization, volume, developed, recreational, and unknown applications: servers and users (hosts), conversations, locations, response time, availability, packet decoding and application server er- n Well-known applications: Recognition of well-known rors. In addition, this data should be stored historically in one- applications, such as web browsing (HTTP), email traffic minute increments. This level of granularity can detect even (SMTP, POP3), or multimedia traffic (RTP, SIP) is a very low-bandwidth applications, aiding in application profiling, important first step in tying network usage to business application debugging, micro-burst identification, possible need. emerging external attacks, and the elimination of network misuse. n Custom applications: Many organizations have applica- tions that were custom-developed to serve a critical busi- Network Monitoring ness process, such as tracking the delivery of shipments Complexity and heterogeneity are hallmarks of network services at a manufacturing company or managing balances in today, such as switched networks, load-balanced configurations, re- food stamp accounts for a state government. A perfor- dundant segments, virtual circuits, and technology improvements to mance management solution should recognize, correctly achieve higher speed delivery transport, e.g. 10Gigabit Ethernet or identify and report on these custom applications. OC-48. A solution that provides comprehensive support throughout such mixed environments, regardless of topology, across the core, n Complex applications: Many applications, such as SAP distribution, and access areas of the network is essential. Monitor- R/3, Microsoft Exchange, Citrix- or IP Multicast-hosted ing solutions must profile traffic in a manner that reflects not only applications can be classified as complex because they the physical network but also the logical flows of applications as use a range of TCP ports for network communications they utilize these services. Best practices in network monitoring or encapsulate higher-level applications. Not all perfor- must include the following: mance management solutions can identify the unique- ness of these applications, and will classify them as n Incorporation of multiple intelligent data source types: “other.” For accurate business-relevant reporting, the Performance data can be retrieved from a wide array of sourc- performance management solution must identify and ag- es, each offering a different level of granularity (see “Data gregate ranges of TCP ports, IP address, and also discern Sources”). Rather than individual management solutions to between individual applications being delivered by means handle each data source type, a performance management of middleware such as Citrix. solution should incorporate all types, taking advantage of the strengths of each to provide an overall picture of the network n Web-based applications: Increasingly, client-server and its applications. In doing so, a significant level of invest- applications are migrating towards a web-based model, ment protection can be achieved by leveraging existing data using HTTP as a transport mechanism. A performance sources where available and adding advanced instrumenta- management solution must allow the ability to distinguish tion where greater levels of detail and application visibility are a business-critical web-based application as a unique ap- required – particularly for the most costly and highest utilized plication separate from standard web browsing traffic. network segments. This classification should have the flexibility to track an application by a single URL, such as www.WXYZ.com/ n Coverage of a broad range of topologies: Today’s global product/orders, or as aggregated set of URLs using a networks are built from diverse network topologies in the wildcard, such as *WXYZ.com. core, distribution, access and storage areas of the network. To ensure consistent visibility throughout the enterprise, the performance management solution should support a full range of topologies, including those in the WAN and LAN, and those that will be grown into and/or migrated to, such as MPLS or 10Gigabit Ethernet. 2
  • 3. Data sources Standard SNMP MIB Monitoring: Monitoring standard SNMP MIBs from individual devices such as switches and routers provides basic visibility into traffic volume by byte, bits, packet utilization, errors, and packet size, while also checking on the basic operating health of the device. The performance management solution should be able to collect and display MIB II, Frame Relay MIB, and mini-RMON in real time and historically. Flow-based data sources: Conversation flow records provided by a router or switch, such as NetFlow and sFlow, offer application-level conversations metrics on well-known, IP-based applications. Distributed RMON analyzers: These devices provide seven-layer visibility into well-known applications, in addition to the lower-level data link layer statistics, utilization levels, and packet capture capabilities. nGenius Probes: The most encompassing of the data sources, they provide everything the generic probes do plus packet flow-based application visibility and response time metrics from virtually any application in the network, including well-known, complex, custom, web-based, peer-to-peer and multimedia. This data can be used for multiple purposes including application and network monitoring, capacity planning, troubleshooting, accelerated fault detection, application profiling, response time analysis, modeling, billing, and more. Continuous packet recording and monitoring appliances: Appliances that combine the equivalent real-time and historical monitoring and analysis of nGenius Probes with storage for large packet trace captures for high performance, high reliability, high capacity recording and infrastructure monitoring. n Visibility into encrypted networks: While technologies Troubleshooting such as VPNs and MPLS are being used for security, among For those times when the network suffers degradations and out- other purposes, the challenge is that it also obscures the de- ages, troubleshooting tools are needed to identify problem sources tailed data most network professionals require for trouble- and accelerate the resolution process. The longer a degradation shooting and traffic engineering. The performance manage- exists, the greater the likelihood of substantial damage to customer ment product must have a solution for seeing the details, loyalty, revenues, and employee productivity. At a time when man- including the applications that are traversing these secure agement by objective goals for IT staff may be increasing focus links. on reducing the time to resolve problems and close trouble tickets faster, the goal is to restore services as quickly as possible. Find- n Visibility into QoS and other complex network configu- ing the source of a problem without having the right tools can be rations: Network configurations are becoming increasingly both frustrating and time-consuming – and this applies to both complex. Deployments such as Quality of Service implemen- the right tool for collecting the intelligent data packets, as well as tations, redundant WAN links for fault tolerance, and Fast for analyzing those packets. For best practices in troubleshooting, EtherChannel and Gigabit EtherChannel configurations for the performance management solution must provide the following load balancing have been introduced to help improve net- packet-flow collection and sophisticated analysis: work efficiency. A performance management solution must transparently measure and report upon the network activity n Seamless, streamlined top-to-bottom drill-down: In order in aggregate across such configurations while also retaining to quickly pinpoint trouble spots, a performance management the detail of what traffic, i.e., applications, is flowing across solution must provide the capability to see the network from each individual link or service class. a high-level, holistic perspective, but an enterprise-wide view should not be a barrier to further detailed analysis. An opera- n Visibility into virtual networks: Most networks today use tor using the performance management solution must be able some form of virtual network technology, typically seen as to quickly and easily navigate directly from an overview graph VLANs in the LAN, PVCs or DLCIs in the WAN, and subnets down to a sub-second level of detail when needed in order to or VRFs in MPLS networks. A performance management pinpoint the exact users, applications, conversations or inner- solution must quantify traffic by virtual network and should packet details associated with a network disturbance. provide a full set of application and volume performance sta- tistics for each virtual segment. n Simultaneous views of disparate data: Switching from screen to screen to determine the context of a problem is a n Continuous 24x7 monitoring that supports real-time major impediment to fixing it quickly. A performance manage- and historical analysis: The performance management so- ment solution must facilitate work process by giving the ability lution must continuously monitor, collect, display and store to create work areas for simultaneously viewing the precise information in multiple time frames to meet the needs of the combination of metrics, applications, segments, data sources key performance management tasks. Real-time information and/or time frames needed to diagnose a problem. Further, is required for status monitoring and troubleshooting, while the solution must be able to save each of these customized longer-term historical metrics are stored for capacity plan- views for quick, repeatable access when performing on-going ning, trend analysis, baselining, and forecasting. and repetitive troubleshooting tasks. 3 www.netscout.com
  • 4. n Real-time and near-term historical information: When n Vertical industry specific expert analysis for FIX and Mul- diagnosing a network problem, a performance management ticast applications: to address latency intolerant financial tool must provide real-time and near-time historical informa- trading services, expert analysis of FIX-based applications tion in order to discern what is happening now and what hap- and IP-multicast applications is essential. It will be neces- pened in the recent past (last few hours or days) which led to sary to have detailed analysis of FIX-based order flows, a the problem. broad library of performance measures that goes beyond basic response times so network teams can view order n On-demand, expert packet analysis: For researching the single latencies, overall transaction delay distribution, and most difficult problems, a performance management solution customized views targeted at troubleshooting for individual should contain expert level analysis based on packet capture multicast streams or specific packets. of traffic flows, support for hundreds of protocols decodes, and flexible, easily-defined pre- and post-capture filtering. Es- sential capability includes the ability to apply analysis across Capacity Planning multiple traces simultaneously. Many factors affect the continued growth of network traffic – cor- porate initiatives and applications such as a CRM system, voice n Continuous packet capture and storage: To investigate over IP, or even recreational network usage like streaming radio. As intermittent performance problems, policy violations, conduct demand for bandwidth escalates, it is necessary to proactively plan security audits, reconstruct voice calls and web sessions, or for upgrades in order to avoid the congestion that might otherwise to supply additional troubleshooting insurance on the most disrupt critical networked business processes, employee productiv- critical of network segments, the performance management ity, or even transaction-based revenues. At the same time, in order solution must capture and store every packet traversing the to effectively manage network growth and its corresponding bud- network. These packets must be seamlessly accessible in the get, it is essential to understand which business services and appli- performance management application graphically down to the cations drive growth in order to provide quantifiable information for sub-second and in traditional decode format. In addition, it is defending upgrade and policy decisions. Best practices in capacity essential that packet analysis occurs on the same device that planning mandate the following: the packets are stored in order to eliminate any network con- gestion that would otherwise occur by pulling large amounts n Network baselining: The performance management solution of captured packets over the network for analysis on a client must contain the analytical capability to profile network activity. machine. Finally, the solution should be able to support flex- A network baseline identifies a normal pattern of behavior con- ible configuration of both the applications recorded and how structed from historical metrics gathered over a period of time. much of the packet should be saved. This satisfies two major In terms of capacity planning, baselines are used to identify objectives: first, to make efficient use of the storage in the those segments and circuits that are either over- or under-uti- device and/or second, to retain only header information – not lized when fine-tuning load or upgrading/downgrading link size. payload – when it may be necessary to protect sensitive date This information identifies whether or not a network segment e.g. credit card information in PCI compliant situations. has enough capacity to support new business applications, and provides metrics to calculate usage trends for forecasting pur- n Sophisticated, intelligent, packet-based analysis: In order to poses. Other important points on baselines: extend troubleshooting capabilities, robust, customizable anal- ysis, leveraging continuous packet capture solutions, needs to n Multi-tiered baseline technology: Sophisticated base- be applied to the packet flows. lining capability calculates multiple baselines, including an average, maximum, and one custom-defined baseline. This n General application focused expert analysis: that recog- ability to view traffic from many statistical perspectives is nizes hundreds of well-known applications “out of the box,” extremely powerful. A performance management solution such as SAP, MS Exchange and Oracle, as well as, custom must support a custom-defined baseline in order to avoid applications. The analysis needs to provide a combination over-provisioning by using a maximum baseline or under- of rich high level and detailed metrics that highlight such provisioning using an average baseline. things as TCP efficiencies or server response time for a specific request. It should be easy to use and rapidly pro- n Guided user interface for capacity planning: Since vide a “lock” on the packets, transactions, or IP addresses capacity planning reports use long-term historical data, the you need to investigate. resolution often lands in days if not weeks. Because of this, many short-term but significant events will be averaged out n VoIP focused expert analysis: to achieve higher quality te- with long-term durations. The performance management lephony and video service, this level of analysis trouble- solution you chose should allow users to set threshold and shoots VoIP packet-based call control and multimedia report on the number of data points that fall into each buck- transmissions. Rapidly analyze converged networks for et. The benefits of this approach are that short-term signifi- specific latency, jitter, and packet loss issues. It should cant events will not be diluted regardless of time span. This be possible to easily isolate calls of interest, drill down to information can be used to determine sites that need band- per-call performance and quality metrics and, as needed, width upgrades, analyze the improvement of infrastructure detailed protocol decode analysis and integrated call re- upgrades, prepare for site consolidation and many other play. capacity planning related activities. 4
  • 5. n Forecasting technology: In order to proactively avoid network n Application baselines and forecasts: In addition to reporting congestion, growth trends must be identified to predict when upon available bandwidth, the performance management appli- and where bandwidth will run out. A performance management cation must provide a solid understanding of each application’s solution must have segment, circuit, and application forecasts, behavior on the network, reporting on application flows, long- which identify for each, the number of days until the component term trends, and how all applications share network resources. will meet a custom-defined threshold of usage. The ability to understand and predict the needs of different ap- plications is invaluable when evaluating application design and n Quantifiable justification for bandwidth decisions: Using deployment issues. only utilization statistics is inadequate when making and justify- ing capacity planning decisions. It is imperative to demonstrate n VoIP quality metrics: For environments with VoIP, the per- to executives that bandwidth is being consumed by business- formance management solution should be able to collect and critical applications, not by recreational web surfing or music report on metrics including jitter, call set-up time, call aborts, downloading. To better manage growth and expenses, a perfor- MOS, packet loss, failed calls, in order to determine voice call mance management solution must show why various network quality. segments are growing by providing visibility into the applica- tions consuming bandwidth. n Key Performance Indicators: Key Performance Indicators (KPIs) can help to meet the challenge of detecting application n Enterprise-wide reports: Manually correlating data from performance issues and outages. Key performance indica- multiple data sources, tools, across servers and geographies tors measure errors and response degradations for key ap- is a time-consuming and often unscientific process. For a thor- plications and provide early detection of emerging application ough and productive capacity planning process, a performance problems on the network. Monitoring response time provides management solution must automatically provide reports of information regarding how fast the application is running and most- and least-utilized segments, circuits, server ports, switch comparing this data to baseline measurements the network ports, and router interfaces, from across the global network, in- professional can determine if the response time falls within ac- corporating data collected from all infrastructure devices and ceptable parameters. Determining if client or server errors exist application-aware devices. and by looking at the success rate for applications or network areas provides key indicators as to where potential problems Application Profiling and Response Time Analysis may exist. And finally, packet loss measurements provide an Because networked applications are the cornerstone of today’s understanding of the quality of voice in converged networks. business operations, it is essential to understand how they perform and what their patterns are through the network in order to proac- Accelerated Fault Detection tively detect and fix degradations. Application response time, vol- The ability to identify a network fault and react to it has been a long- ume and traffic flow supply a view into the end users’ experience, standing function of network management. Performance manage- the success of application distribution, and impact each application ment focuses on a more proactive approach to managing faults by has on the infrastructure. Best practices in application profiling and continuously monitoring for conditions that indicate an emerging response time analysis should offer the following capabilities: problem or degradation. This proactive approach is essential to re- ducing mean-time-to-repair and rectifying potential issues before n Granular application response time measurements: Re- end users ever notice. To support best practices in accelerated fault sponse time is a primary indicator of network or application detection, a performance management solution must include the service quality and often the primary complaint of end users following: regarding the network. Tracking and isolating the sources of re- sponse time problems are crucial not only to the success of an n Anomaly detection alarms: The performance management IT organization, but also in establishing network services at the solution should deploy advanced analytics algorithms to model appropriate quality levels. A performance management solution patterns in the physical and virtual links in the network and must provide application response time as a core component then automatically detect abnormal behavior. In addition the without additional modules or costs. performance management solution should have the ability to diagnose the anomaly to specific traffic types, e.g., applications, n Application activity and response time in context: The per- broadcasts, or KPIs e.g. response time and availability. This will formance management solution should display all application improve IT staff productivity so less time is spent setting and information side-by-side for comparison purposes. It is nec- re-setting static thresholds and responding to false positive essary to show application flows in context with one another alarms. for determining what impact each has on network resources, whether any consumes more than its fair share of bandwidth, n Conditional and evidence-gathering alarms: Many times or provide insight into the reasons why an application has poor when an alarm is received, it contains only the information that response. a threshold has been violated or a response time has been crossed, with no further instruction on the potential problem cause. A performance management solution should gather evidence of what is occurring during a performance event and attach that information to the alarm, along with the ability to di- rectly link into contextual data to facilitate the workflow process. This information is crucial for troubleshooting the problem. www.netscout.com 5
  • 6. n Response time and availability alarms: Application re- n Customization for the organization: The performance man- sponse time alarms, set per application type, notify when agement solution must be configurable to fit within the context an application is approaching poor performance, such as a of a company’s business environment, for example, customized 3 second response time for an application that typically re- groupings of applications, geographies, departments, or spe- sponds within 800 milliseconds. cific custom applications for real-time monitoring and historical reporting. n Microburst alarms: Traffic microbursts can severely dis- rupt the flow time-sensitive applications such as voice over n Personalization for the individual: In today’s streamlined IP, streaming financial market data, or trading applications, organizations, nothing is more ineffective than having to wade yet are often hard to detect or diagnose. The performance through reams of irrelevant data to uncover the information management solution should be able to detect and alarm on needed to solve a problem or accomplish a particular task. The millisecond microbursts of activity and gather evidence dur- performance management solution must be able to easily tailor ing the microburst alarm interval. views and reports for each individual user to reflect only the information they need to perform their job responsibilities. n Rising and falling threshold alarms: Setting thresholds of network activity to identify resources at risk of failure is key n Ease of navigation: The performance management solution to staying ahead of network problems and ensuring that net- must provide prompt access to conclusive information, pro- worked business services continue to run smoothly. A perfor- viding a rapid time to value. It must include an intuitive means mance management solution must support threshold setting of finding information, as well as a consistent user interface and alarming on network and application statistics, including across the product, regardless of data source type. the following alarming capabilities: n Collaboration and knowledge transfer: In today’s environ- n Utilization alarms: Utilization alarms are needed to identify ments, a multi-threaded, web-based performance management potential areas of congestion, such as 70% utilization on a solution is essential so that multiple users can perform multiple particular segment, or indicate potential failures, such as the tasks at the same time without creating system conflicts. For ex- disappearance of traffic on a load-balanced link. ample, two users, one in London and another in New York, may be troubleshooting a problem together, while another colleague n Application alarms: Thresholds on application utilization in Chicago is performing capacity planning functions, and a identify undesired traffic patterns (e.g., increasing amount of fourth in Singapore is capturing packets, all at the same time. ICMP traffic indicating a potential denial of service attack) or This helps to stimulate cross-departmental collaboration, which an undesired network usage (e.g., AOL traffic). is fundamental to rapid problem resolution and avoidance. Administration, Usability, and Collaboration n Product security: Networks carry sensitive corporate infor- The breadth and depth of information required to effectively man- mation. For the purposes of protecting information, the perfor- age network performance is significant, and the mechanisms to mance management solution must allow system administrators maintain these systems are often equally as complex. To success- to grant different privileges to different users, defining what fully administer the management environment, the chosen solution they can and cannot do, including the ability to perform various must make the configuration and monitoring tasks as simple as product tasks, to see only certain portions of the network, and possible. The features required include: to view only designated reports. n Automatic and on-demand reporting: Reporting is a nec- n Enterprise scalability: The performance management solu- essary function of performance management. While the timely tion must scale to support large geographically dispersed en- restoration of service in the wake of an outage is crucial, report- terprise networks, and have the ability to collect, aggregate, and ing network status, trends and activities can be equally as im- report upon information from thousands of devices around the portant to an IT department, as IT becomes more accountable globe, with the least amount of overhead. to the rest of the organization. Information such as application utilization, network status, response time, etc., must be available n Support disaster recovery: To support a disaster recovery in both scheduled and on-demand reports. effort, the performance management solution must also have a redundant system with regularly occurring data and con- n Data aggregation across geographies and technologies: figuration back ups. This is important for companies whose Data collection and aggregation are essential for effectively performance metrics are absolutely necessary and to help in analyzing network and application performance, from both real- the disaster recovery process by maintaining visibility during a time and historical perspectives. A performance management crisis by showing which systems and applications are online, solution must collect and aggregate information from across which sites and users can continue to conduct business, and the global infrastructure to allow views of multiple segments how business services are performing on backup or redundant at the same time for rapidly isolating problems, or for group- networks and systems. ing locations, elements, and applications in any way to facilitate higher-level analysis and business relevant summarizations. 6
  • 7. Managing the budget and productivity Conclusion While the above features and functionality are necessary for com- Networks have matured into a vital business resource, serving as plete network and application performance management, more the foundation for corporate communications, organizational pro- is required from a performance management solution in order to cesses, and strategic competitive initiatives. A solid and innovative be efficient and cost-effective. The ability to combine multiple per- network and application performance management solution is re- formance management tools into a single product eliminates tool quired to optimize delivery of key business applications through the clutter and provides a common data structure that can effectively complex, multiple layers of network technologies, and to effectively deal with the multitude of data source types across the enterprise manage IT expenditures and headcount. network. By minimizing the number of tools and maximizing the available data sources, a well-architected network performance In order to achieve high quality networked services that will help the management system can result in a lower total cost of ownership organization operate at peak efficiency, the performance manage- and offer a significant return on investment. ment solution should ideally contain the entire breadth, depth, and scalability to serve all your needs, specifically, application visibility, n Functionality for multiple performance management tasks comprehensive and seamlessly integrated functionality, and to fa- seamlessly integrated into a single tool: Efficient perfor- cilitate intuitive access to meaningful information which shows all mance management requires all the functionality to perform the network activity in context. And as demonstrated throughout this primary performance management tasks as described above in discussion, the best practices method to gain this level of intelli- one seamlessly integrated product as opposed to multiple point gence is to rely on packet flow-based solutions as the source for tools. Product integration can result in significant cost savings analysis. by making the IT staff more effective, helping them to become more collaborative because they are speaking to one another from the same set of data, and reducing time to resolve perfor- mance problems. Further, it can save on the expense of training, maintenance, and upgrades on multiple sets of tools. n Consistent, extensible data architecture: Cost-effective performance management requires a well thought-through data architecture, which can facilitate data collection from mul- tiple data sources across the network for use in a single man- agement application. Ideally the data architecture will provide a common structure into which the metrics collected from each data source type can be easily read and stored. The creation of a similar data structure enables the consistent presentation of performance information from across the enterprise, regard- less of the source of data. Such an architecture, with a common data structure model, is readily adaptable to incorporate new technologies, applications, and data sources, providing invest- ment protection by making use of the best data available. n Open system for collaborative data sharing: The system must be open so that the consolidated performance informa- tion can be shared with and used to empower complementary tools and systems, such as enterprise management systems, modeling and simulation, usage-based billing, and information security systems. 7 www.netscout.com
  • 8. Performance Management Product Features Checklist Application Monitoring Yes Somewhat Not at all Full application identification: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Well-known applications (e.g., e-mail, VoIP, Oracle, PeopleSoft) . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Custom applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Complex applications (e.g., MS Exchange, SAP R/3, Citrix) . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Web-based applications (including URL-by-URL tracking) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Peer-to-peer applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Unknown applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q High definition application metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Uses packet-flow data for application identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Network Monitoring Yes Somewhat Not at all Incorporation of multiple data source types: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q SNMP polled (e.g., MIB-II, mini-RMON, FR MIB, CPU, Memory) . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Flow records (e.g., NetFlow, sFlow) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Distributed RMON2 standard probes (e.g., Distributed Sniffer Systems) . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q nGenius Probes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Continuous packet recording & storage appliances (e.g., InfiniStream, nGenius AfMon) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Coverage of a broad range of topologies: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Core. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Coverage of high speed networks (e.g., 10 Gigabit Ethernet, OC-48) . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Visibility into encrypted networks (e.g., VPNs, MPLS). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Visibility into QoS and other complex network configurations (e.g., load-balanced, fault tolerant, multi-channel links) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Visibility into virtual networks (e.g., ATM PVCs, Frame Relay DLCIs, Virtual LANs, MPLS sites) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Continuous 24x7 monitoring that supports real-time and historical analysis . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Troubleshooting Yes Somewhat Not at all Seamless, streamlined top-to-bottom drill-down . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Simultaneous views of disparate information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Real-time and near-term historical information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q On-demand expert packet analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Continous packet capture and storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Continous packet capture configurable by application (e.g. record only packet header for credit card authorization applications) . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Sophisticated, intelligent packet-based analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q General application focused expert analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q VoIP focused expert analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Vertical industry specific expert analysis for FIX and Multicast applications . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Capacity Planning Yes Somewhat Not at all Network baselining: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Multi-tiered baselines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Forecasting technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Quantifiable justification for bandwidth decisions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Enterprise-wide reports for network-wide planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Guided user interface for capacity planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q
  • 9. Application Profiling and Response Time Analysis Yes Somewhat Not at all Granular application response time metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Application activity and response time in context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Application baselines and forecasts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q VoIP quality metrics (jitter, MOS, packet loss) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Key Performance Indicators (KPIs) (e.g. application response time, availability) q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Accelerated Fault Detection Yes Somewhat Not at all Anomaly detection alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Conditional and evidence-gathering alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Response time and availability alarms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Microburst alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Rising and falling threshold alarms: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Utilization alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Application alarms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Administration, Usability and Collaboration Yes Somewhat Not at all Automatic and on-demand reporting capabilities: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Scheduled reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q On-demand reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Executive Summary reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Capacity Planning reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Response Time reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Situations To Watch reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Asset Management reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Custom reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Data aggregation across geographies and technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Customization for the organization for business relevant reports . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Personalization for individual’s job responsibilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Ease of navigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Collaboration and knowledge transfer (e.g., multi-user, web-based, file sharing)q. . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Product security (e.g., role-based access). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Enterprise scalability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Disaster recovery support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Managing the Budget and Productivity Yes Somewhat Not at all Functionality for multiple performance management tasks seamlessly integrated into a single tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Consistent, extensible data architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Open system for collaborative data sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . q Corporate Headquarters European Headquarters Asia/Pacific Headquarters 310 Littleton Road NetScout Systems (UK) Ltd. Room 105, 17F/B, No. 167 Westford, MA 01886-4105 100 Pall Mall TunHwa N. Road Phone: 978-614-4000 London SW1Y 5HP Taipei, Taiwan Toll Free: 888-999-5946 United Kingdom Phone: +886 2 2717 1999 www.netscout.com Phone: +44 (0)20 7321 5660 www.netscout.cn ©2008 NetScout Systems, Inc. All rights reserved. NetScout, the NetScout logo, Network General, the Network General logo, nGenius, Sniffer, InfiniStream, Business Container, Business Forensics, NetVigil and Quantiva are trademarks or registered trademarks of NetScout Systems, Inc. Other brands, product names and trademarks are property of their respective owners. NetScout reserves the right, at its sole discretion, to make changes at any time in its technical information and specifications, and service and support programs. BG0805-01_revB 2008-06-09