Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
It Impact Brief                                                                           FEBruArY 2008 • Issue I

It Impact Brief                                                               FEBruArY 2008

                  I want t...
Packet-based data, such as that           “Probes are one of the most common devices
provided by distributed monitoring,
It Impact Brief                                                            FEBruArY 2008

                  solution an...
Upcoming SlideShare
Loading in …5

Plan for Gathering Performance Management Data


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Plan for Gathering Performance Management Data

  1. 1. It Impact Brief FEBruArY 2008 • Issue I developing a Plan for Gathering Management data IntroductIon In the January IT Impact Brief (The Mandate for Packet Flow Data, http:// NetScout_iib_Metzler_200801_Packet_ Flow.pdf) I highlighted my belief that Jim Metzler the job of the network manager is Ashton, Metzler & Associates changing. In that brief I pointed out managing application performance that it was not that long ago that the is getting significantly more difficult. job used to focus entirely on network For example, as discussed in the last availability. Today the role of the IT Impact Brief, applications that are network manager is much broader developed using one of the emerging and as a result network managers are application architectures will be as likely to spend their time on topics much more difficult to manage than such as application performance as are today’s n-tier applications. This they are to spend their time on purely includes both Web services based networking issues. applications and Web 2.0 applications. Web 2.0 applications may be a ways The expansion of the role of the off for many companies, but that is network manager presents both an not the case with Web services-based opportunity and a challenge. The applications. For example, in a survey opportunity is for the network manager that we distributed in late 2007, we to expand his or her skills, add more asked the NetScout community to value to their current company and to indicate which business technologies increase their marketability both inside are coming into vogue for 2008 versus and outside their current organization. going out of style. The technology that The challenge is to be successful in came out at the top of the list was Web the expanded role. That challenge is services. made more difficult by the fact that In an effort to help identify how network managers can be successful with managing application per- “ a survey that we distributed in late formance, the last brief described how network managers can use flow 2007, we asked the NetScout community based analysis to perform tasks such as quantifying overall link utilization to indicate which business technologies are and identifying which network users or applications are consuming coming into vogue for 2008 versus going bandwidth. That brief also pointed out that in order to perform granular out of style. The technology that came out troubleshooting of complex IT at the top of the list was Web services.” environments, packet-level details are often necessary.
  2. 2. It Impact Brief FEBruArY 2008 I want to use this brief to continue gives the IT organization answers to latency, jitter, packet loss, voice to identify how network managers questions such as: quality, and other network statistics. can successfully manage application performance. With that in mind, • Where does the traffic One common use of IP SLA is to the goal of this brief is to describe the originate? Who’s affected? measure performance by sending one options that IT organizations have or more packets to a Cisco router, • What application is involved? Is for gathering the management data using the timestamp information it one of the critical applications that will allow the organization to on the packet to calculate actual that business managers care effectively and efficiently trouble- performance statistics. These about? shoot a wide range of issues. Those measurements can be one-way, or, if options fall into three general cat- • How much traffic has been the destination router is configured egories: flow collection, distributed transmitted? as an IP SLA responder, two-way. monitoring, and continuous capture. IP SLA operation can be scheduled Because it can provide answers for a particular time, or operated Flow collEctIon to these questions, NetFlow continuously over a time interval. represents a more advanced source Devices configured for IP SLA IT organizations can typically rely on of management data than SNMP operation can trigger SNMP alerts if having access to management data MIBs. NetFlow has its limitations. measurements exceed or fall below a from SNMP MIBs (Management For example, NetFlow does not threshold. One of the limitations of Information Bases) on network provide real-time insight into the IP SLA is that it is only available for devices such as switches and routers. operations of the network and it a limited number of services. Other SNMP data, however, does not only works with IP. While IP is the limitations of flow collection will be provide the network manager with dominant protocol running on most discussed in the next section. information about the applications networks, it is not the only protocol. involved, the servers the data is com- In addition, while NetFlows supplies dIstrIButEd MonItorInG ing from, or the user to whom the data about application usage, it lacks data is being delivered. In addition, As mentioned, in order to perform data about application performance. SNMP data does not provide any granular troubleshooting of complex For this, even more granular data, insight into such things as class of IT environments packet-level detail such as is supplied by Cisco’s IP service, which is important for QoS is often necessary. For example, if a Service Level Agreements (IP SLAs) management. VoIP call were entering and exiting is required. IP SLA, a feature of on different ports, this would cause IOS, is an active traffic monitoring To get more granular information, the quality of the call to degrade and capability, based on synthetic traffic, many organizations turn to flow-level data would not be able that collects real-time information NetFlow. Within NetFlow, a flow to recognize this mis-configuration. about response time, one-way is defined as a unidirectional sequence of packets between a given source and destination. As mentioned, flow-based analysis can “ order to perform granular be used to perform tasks such as quantifying overall link utilization troubleshooting of complex IT and identifying which network users or applications are consuming environments, packet-level detail bandwidth. In particular, flow-based analysis contains information that is often necessary.”
  3. 3. Packet-based data, such as that “Probes are one of the most common devices provided by distributed monitoring, is needed to identify this type of used for distributed monitoring. By looking situation. at the header and into the payload of the Probes are one of the most common devices used for distributed packet when necessary, probes provide the monitoring. By looking at the header most sophisticated and complete class of and into the payload of the packet when necessary, probes provide the management data.” most sophisticated and complete class of management data. This data provides more detailed and granular their memory and processing traffic based on a combination visibility into the real-time operation resources between providing of having access to packet level of the network than is available flow-level data and transferring detail combined with a thorough with NetFlow. For example, probes the production traffic towards its’ understanding of the requirements provide application visibility and destination. of VoIP traffic. This capability is response time metrics from all enhanced by the fact that probes aspects of the infrastructure and can Another advantage of using a also have the ability to monitor provide insight into a wide range of probe is that probes enable a converged links with the ability to applications, including well-known richer set of reporting functionality track data for voice, video (including applications such as Lotus Notes, than is usually associated with Telepresence) and data from a single custom-developed applications, flow collection. For example, the point. peer to peer applications, industry management data generated by specific applications such as FIX, as probes can be used to generate contInuous cAPturE well as complex applications such real-time alarms. This management Some continuous capture tools as SAP and Citrix. Probes overcome data can also be exported to other provide simple ongoing packet the issues that I wrote about in a devices for report generation and recording with terabytes of storage, previous IT Impact Brief (The Port analysis and used for myriad but little analysis capability. 80 Black Hole http://www.netscout. purposes including application However, the more sophisticated com/docs/itimpactbriefs/NetScout_ monitoring, network monitoring, solutions combine continuous iib_Metzler_0807_Port_80_Black_ capacity planning, troubleshooting, capture with the distributed Hole.pdf) by providing sophisticated fault prevention, service level monitoring functionality that was URL (Uniform Resource Locator) management, modeling, and billing. described in the previous section. filtering of the traffic that transits As such, these solutions can store port 80. One of the characteristics of large amounts of data for extended distributed monitoring devices is that periods of time and that data can Probes can be deployed either in the they have relatively little storage. be used for tasks such as post-event LAN or the WAN. The typical LAN As a result, distributed monitoring data mining and network forensics. probe attaches to the network either devices do not capture and store As such, of the three classes of by a passive tap or a switch mirror all of the packet data. Instead, they monitoring options, continuous port whereas the typical WAN probe typically only store packet data once capture with distributed monitoring attaches via a passive tap. One of the a threshold has been reached or the capability is the most powerful. advantages of using a probe vs. using system user launches a data capture flow collection is that when probes manually. Another characteristic is The major advantage of utilizing are used, the IT organization has that they often support enhanced continuous capture solutions with dedicated monitoring devices focused functionality that is application integrated distributed monitoring on that particular task. However, specific. For example, a distributed capability relates to intermittent when flow collection is used, the monitoring device might support troubles. If an IT organization was routers and switches have to ration the capability to monitor VoIP using a distributed monitoring
  4. 4. It Impact Brief FEBruArY 2008 solution and there was some form This brief describes three approaches branch offices as well as a number of of intermittent problem, the IT for gathering management data: flow smaller branch offices. In this case, a organization would typically not collection, distributed monitoring reasonable design might be to deploy have stored enough packet data to and continuous capture. The order a continuous capture solution in the identify the cause of the problem. in which those approaches were de- four backbone sites, a distributed As a result, the IT organization scribed reflects the level of detail the monitoring solution in the twenty would have to wait until the problem management data delivered provides major branch offices and a flow re-occurred. If, however, the IT in terms of relative sophistication - collection solution in the smaller organization was using a continuous with continuous capture being the branch offices. capture solution, the packet data most sophisticated and flow collec- would have been stored and would tion the least sophisticated. Coming up with a design for enable the IT organization to capturing management data is only trouble shoot the problem. Because As is usually the case with most half of the challenge. The other half it enables the IT organization to technical designs, designing a plan of the challenge is getting approval start to troubleshoot the problem to gather management data is a and funding for the design. We immediately, a continuous capture combination of designing the best addressed that challenge in a recent solution tends to lower the MTTR technological solution for the money. IT Impact Brief (Demonstrating the associated with a trouble. For example, it would be simple to Value of Performance Management blithely recommend that network suMMArY managers deploy a continuous pdf/itimpact_0907.asp). As that brief capture solution everywhere based demonstrated, getting approval to Managing application performance on the fact that a continuous implement performance management is a key issue for the NetScout capture solution will provide the technologies is a complex, community. Unfortunately, a number most functionality to help network demanding task. of factors are coalescing to make managers troubleshoot troubles. this task notably more difficult. However, deploying a continuous The next IT Impact Brief will con- Given this increasing difficulty, capture solution everywhere will also tinue the discussion of how network network managers will not be able be the most expensive solution. As managers can successfully manage to successfully manage application such, a balance must be struck. For application performance. That brief performance without a detailed plan, example, consider a hypothetical will focus on the deployment of more and that plan must include how the company that has backbone network effective processes in general, and the organization will gather management that connects its four headquarters use of ITIL in particular. data. facilities, and has twenty major NetScout Systems, through its Sniffer and nGenius® solutions, offers large organizations cohesive views into application services delivered over today’s complex, global networks, helping IT professionals optimize network and application performance and prevent misuse of critical enterprise resources. Based on granular, packet-flow performance information gathered across the enterprise, NetScout delivers key performance management functions, including application and network monitoring, capacity planning, troubleshooting, and user experience assurance, in a single integrated solution. For more information visit IB-0208_RevA