Purchasing the right network performance monitor for you

Because network performance monitoring systems consist of a fairly wide range of monitoring, optimization, troubleshooting and reporting tools, it’s crucial that network administrators understand and prioritize the specific tools that are most important to their organization. By doing so, they will develop a better understanding of which vendors and products will best suit a specific network infrastructure. Vendor products each have strengths and weaknesses for each component that must be considered.

Current state of your infrastructure

One of the first things to consider when looking for a network performance monitor is the current state of your network. Some vendors specialize in very large networks consisting of thousands of network infrastructure components in highly advanced data centers. Other vendors focus their energy on providing smaller, easier-to-manage products for the small and medium-sized business market.

Another factor to consider is the amount of virtualization within your network. Whether it’s server virtualization using hypervisors or containers, network overlays or even the beginnings of software-defined networking, network performance monitors differ in their ability to provide visibility inside virtualized environments.

At the same time, make sure you understand a network performance monitor vendor’s capabilities as they relate to your WAN and cloud environments. In terms of the cloud, a service provider may obscure the visibility needed by the vendor to monitor devices and collect statistics. In other cases, that limitation doesn’t exist. It really depends on the type of cloud you are using and what the service provider allows. Some performance monitoring vendors are better than others when it relates to analyzing remote site and cloud performance. If this is important to you, make sure it’s high on your priority list.

Integration with existing network support tools

You may find yourself in the position where you already have — and want to keep — certain network performance monitoring tools. Many production applications have already been heavily customized, and their capabilities would be difficult to replicate with new tools. Yet, at the same time, you may be in the market for a network performance monitor that offers more advanced optimization, troubleshooting and reporting. In situations like this, it’s important to know how the performance monitoring software would integrate with existing tools. While this combination likely won’t be as seamless as a single unified approach, performance monitoring products are capable of troubleshooting and analysis by tapping log data and other sources.

Opportunities for network optimization and troubleshooting analysis

One of the first things to consider when looking for a network performance monitor is the current state of your network.
One way to understand how a network performance monitor will be best used on your network is to think about the challenges you have today. Are certain applications on your network performing sluggishly for some unknown reason? Do you find that your network operations staff is consistently spending time investigating complex performance issues to prove or disprove that the problem resides within the network? These are the types of questions you should be asking when considering the level of optimization and troubleshooting you need from a vendor’s product. Some products are easier to use, but may not provide the level of detail that more complex tools provide.

Performance monitoring products differ greatly in the collecting of packets for deep packet inspection, as well as the methods and types of flow data collected. Some methods used distributed software to collect much of this data, while others use hardware probes or leverage network hardware itself to do the collecting. Each method has varying levels of data-collection detail that you’ll want to investigate, depending on your specific needs.

Scalability and ease of implementation

You should also consider the anticipated amount of growth, as well as issues that might obstruct the deployment of a network performance monitor. Monitoring products vary in both scalability and implementation. Several products excel at scaling easily, while others are far more challenging. Additionally, some vendors offer different products depending on the size of your network. Make sure you understand your requirements so you don’t run into a situation where you quickly outgrow a product and need to perform a forklift replacement with a version that better fits your network.

Difficulty of implementing various network performance monitors can also be a major factor. While some challenges may be related to the current maturity of your network — such as whether network time protocol and centralized logging are configured — some performance tracking products are simply more difficult to set up and fine-tune compared with others. Another factor: Do you want to roll out all monitoring features simultaneously, or are you evaluating a phased approach over the course of several months or years? Depending on your network architecture, you may not be able to use every feature today, but you may have anticipated the need for these features in the future. One example would be the use of monitoring virtualized servers and network overlays. You may not have these technologies in production at this moment, but you might expect to roll them out at some point in the future.

Reporting capabilities

Some performance monitoring tools include both standard and customizable reports. If reports are important for your organization, this is an important feature. Yet, if you do value the benefits of reports, you may already have a reporting tool that you and upper management prefer to use. If you find yourself in this situation, then in-product reporting tools may not be all that important. Instead, you should explore performance monitoring applications that can send analytics data to the reporting tool you rely on. Make sure the tools are compatible and that they provide the level of detail required.

Source: http://searchnetworking.techtarget.com/feature/Purchasing-the-right-network-performance-monitor-for-you


The business case for deploying network monitoring systems

It takes a significant amount of time and money to properly design and implement an enterprise-class network performance monitoring (NPM) foundation. And because of this, you need to understand not only what features are available within an NPM package, but whether those features will actually be beneficial to your infrastructure team.

You may find that only the basic features are needed today, but you may want the ability to add more complex tools in the future. Others might find it’s best to deploy a fully functional NPM on day one. Most, however, will likely fall somewhere in between. In this article, we examine why these performance-oriented network monitoring systems bear watching and which features are most important.

Downtime is becoming increasingly unacceptable

In a perfect world, QoS will be properly configured from one end of the network to the other. But oftentimes, QoS is either not configured or poorly configured somewhere along the data path.
One obvious trend driving NPM is the need to quickly resolve downtime issues that arise. While the ideal solution would be to create a fully redundant network from end to end, in many cases this isn’t possible. This can be due to limitations in the architecture itself, an inability to provide physical redundancy, or budgets that preclude a fully redundant approach. When automated failover isn’t possible, the next best thing is to develop and deploy an advanced network monitoring system platform to identify and alert staff when an outage is occurring — or about to occur. The faster a problem can be identified, the faster it can be fixed.

In some cases, this simply means implementing tools to monitor network devices and individual links. Alerting based on collected log messages is another common tool. In other cases, monitoring all the way to the application layer is required. The vast majority of network monitoring systems today offer the ability to monitor network-only functions or monitor and alert on both network and application issues that arise. Additionally, deep packet inspection appliances can rapidly find performance issues at critical points on the network.

Applications are becoming more time-sensitive

Thanks to a dramatic increase in real-time collaboration applications like voice and video — as well as the growth of distributed application architectures — data traversing networks is more time-sensitive than ever. As a result, data streams for low-latency applications must be identified, marked and treated with a higher priority than other data running across the same network connections. The primary tool to perform these types of tasks is quality of service (QoS). Layer 2 and 3 devices, such as routers and switches, are configured with QoS policies and queuing actions based on those policies.

In a perfect world, QoS will be properly configured from one end of the network to the other. But oftentimes, QoS is either not configured or poorly configured somewhere along the data path. This one mistake can cause major problems for time-sensitive communications. Identifying these problems manually often requires logging in and verifying each QoS configuration along the path. Many network monitoring systems, on the other hand, have QoS analysis capabilities, using NetFlow or sFlow, to automatically identify ineffective or incorrectly configured QoS policies.

Network architecture is growing in complexity

Data center virtualization and network overlays often mask underlying network problems. Suddenly, administrators have to troubleshoot both the underlying physical foundation as well as accompanying virtualized networks in order to find and resolve performance problems. Many IT departments only have tools to monitor one or the other. And if they have the ability to monitor both, they may be completely independent tools.

Many modern NPMs can monitor both physical and virtualized architectures and determine on which network plane the problem resides. This gives support administrators complete visibility into the network, an increasingly important requirement as more virtualization and overlay techniques are added.

Event correlation and root cause analysis is ineffective

Finding and resolving network and application problems is one thing. Finding the root cause of the problem is another. On very large and complex networks, it’s very possible to implement fixes or workarounds that resolve the immediate issue, yet never address the underlying cause. Many times, this leads to drastic and inefficient network changes to fix a problem — when the root cause was actually due to upper-layer problems that went unchecked.

Many network monitoring systems offer added intelligence to collect and analyze various network and application events. By doing so, reports can be created that correlate — or at least isolate — the origin of the initial problem began. When properly configured and tuned, this significantly reduces root cause investigations by helping the administrator focus on the problem and verify the correlated information. And since modern NPMs collect data up to the application level, many root causes that previously went unnoticed can now be identified and properly remediated.

Seeking single-pane-of-glass monitoring and troubleshooting

The potential of integrating so many useful network and performance monitoring tools into a single, unified system is highly appealing. Gone are the days of independent SNMP monitors, logging servers, NetFlow collectors and packet sniffers. We now have the ability to unify all of these useful features into a single NPM product. What’s more, by creating a single pane of glass, we also create a single data repository for which reports and intelligent decisions can be made with powerful data correlation methods.

Source: http://searchnetworking.techtarget.com/feature/The-business-case-for-deploying-network-monitoring-systems


How have network performance monitoring tools evolved?

Once upon a time, enterprise network engineers had to provide network access and sufficient bandwidth to various connected servers, applications and end devices. From an OSI model perspective, the focus was on Layers 1-4 only. Upper OSI layers were more or less ignored, as all traffic and data flows running across a network shared all bandwidth and queuing resources.

As time went on, network equipment became sophisticated to the point where different data flows could be identified and treated differently on the network. Various quality of service (QoS) and application-level traffic shaping techniques can be used to accomplish this goal. Additionally, the ever-increasing reliance on business-critical applications has forced network engineers to understand upper layers of the OSI model so they can help to identify any inefficiencies or problems related to the network, server OS, virtualization software and applications themselves. But in order to do that, a tool is needed to identify such problems.

So, it’s important to understand exactly what your organization needs — and properly gauge the tradeoff between granularity and complexity.

In many cases, network performance monitoring tools evolved from more traditional and less sophisticated network monitoring software. These monitoring tools commonly used ICMP ping and Simple Network Monitoring Protocol (SNMP) polling/traps to verify the health of a network. More modern additions include the ability to monitor, baseline and intelligently analyze possible images all the way to the application itself. Most modern network performance tools have the ability to perform the following five functions:

Depending on the network performance monitoring vendor, these tasks are performed with varying levels of granularity. And the more precise they are, the more complex implementation and management can be. So, it’s important to understand exactly what your organization needs — and properly gauge the tradeoff between granularity and complexity. That being said, let’s further explore the five functions today’s network performance monitoring tools commonly offer.

Network and application monitoring

As mentioned earlier, today’s network performance monitoring tools evolved from network monitoring that leveraged ICMP ping and the SNMP protocol. Routine pings from the network monitoring server were sent to various networks, servers and other end devices that required monitoring. If the monitored device stopped responding to the ping requests, the monitoring tool would mark the device as “down” and would alert support staff.

SNMP collects and organizes various types of data from network and server components capable of supporting the protocol.

For network devices, this commonly means monitoring specific device interface states and data throughput rates over time. It can also monitor hardware health, including power supplies, fans and memory utilization, among others.

Some network performance monitoring tools are also capable of collecting and triggering from various syslog messages. Syslog is a common standard for infrastructure device log messages. The messages are sent to the centralized network monitoring tool to be stored, analyzed and used to notify support engineers in the event of a system malfunction.

Network monitoring tools have the beefed-up capability to monitor availability and performance statistics all the way up to the application level. This type of monitoring usually relies on software plug-ins or OS settings configured to send monitoring data back to the centralized monitoring server.

Virtualization and OS problem detection

Issues also can — and do — arise between the network and the application. This includes problems at the virtualization level, server operating system and any middleware the application relies on to operate. Virtualization hypervisors can be individually monitored for performance problems that can cause slowdowns at the application level. The same is also true for monitoring the host OS and middleware that orchestrates communication over distributed systems. Network performance monitoring vendors use differing methods to monitor these types of problems and some support a greater variety of hypervisors, operating systems and middleware software than others.

In addition to providing simple up/down status and utilization information, network performance monitoring products can perform more sophisticated and automated network troubleshooting. This includes routing protocol monitoring and alerting when unscheduled routing protocol changes occur. Additionally, some products possess intelligence to understand how various WAN technologies, virtual overlays and QoS features operate. They, too, can be set to automatically alert when problems occur and even take automated actions to resolve issues.

Application data and flow capture analysis

The most important duties of modern network performance monitoring tools revolve around data and flow capture analysis. There are a few different methods to capture data packets on various parts of the network to be used for automated and/or manual analysis. Among the most common:

Deployment of distributed data collection agents throughout critical parts of the network
The ability to leverage packet capture functionality built into certain router/switch hardware
The ability to examine packets to perform more granular application analysis is a growing need in many enterprise organizations. By using deep packet inspection, network administrators can identify more application-related communication problems that would otherwise go unnoticed.

Network flow collection sweeps up IP network statistics as data enters and exits network interfaces. Once this data is exported to a centralized server and analyzed using network performance monitoring flow analysis tools, network support administrators can identify traffic source and destination information, as well as detail QoS policies the traffic encounters as it traverses the network. Ultimately, the data can be used to identify any configuration issues or congestion along various network paths, between network devices.

Root cause analysis

The ability to combine various events collected and analyzed on a network performance monitoring tool can also be used to form an automated root cause analysis. If an issue occurred on the network that triggered events on multiple components, many network performance monitoring tools use artificial intelligence to correlate the events and determine a likely root cause to the problem. This is one of the trickier functions to configure, since it requires all devices and monitoring systems be configured perfectly. For example, if device times are not synchronized using the Network Time Protocol, event times will be incorrect. This can negatively affect the accuracy of the root cause analysis engine. But once set up and properly maintained, automated root cause analysis tools can save a tremendous amount of time from a troubleshooting perspective.

Source: http://searchnetworking.techtarget.com/feature/How-have-network-performance-monitoring-tools-evolved


Which monitoring tools suit your enterprise network design?

As enterprise network design becomes more complex and more distributed, the tools companies use to keep tabs on network and application performance are changing as well.

No longer just products that rely on ICMP ping and the Simple Network Management Protocol to deliver results, today’s monitoring tools are multifaceted. As such, they analyze enterprise network design problems, capture application and data flow, perform root cause analysis and detect problems with virtualization and operating system software. Armed with this information, IT can not only keep tabs on network and application performance, but address problems before they become serious.

These capabilities become even more important as applications become more intricate and discrete. Applications must be properly identified and treated. A low-latency application like video conferencing needs to have a higher priority than one in which response time isn’t as critical. At the same time, individual application components, which may come from various third-party providers, must also be managed correctly.

Virtualization and network overlays, meantime, pose additional monitoring challenges. Fortunately, most network performance monitoring applications can track both physical and virtualized environments to pinpoint where a performance problem may exist.

Selecting the right network and application performance monitoring tool will depend on a wide variety of factors, not the least of which is understanding your enterprise’s network design and the challenges that network currently faces today.

You’ll also want to know what kind of methods your monitoring tool will use to collect performance data. Some use agents; others use dedicated hardware probes.

Source: http://searchnetworking.techtarget.com/buyershandbook/How-to-buy-network-performance-monitoring-tools


Top seven network traffic monitoring challenges

Network traffic monitoring is often touted as a way for enterprises to meet performance, security and compliance goals. But implementing network traffic monitoring tools can also pose a series of challenges that range from difficulty in creating network baselines to trouble finding the right tools and strategies for monitoring content in a proxied environment.

Here are the top seven networking traffic monitoring challenges:

Challenge 1: Network baselines. Frequently network and security practitioners hear that the start of any network-centric project is to baseline the network. Just what is this supposed to mean? Simplistic approaches concentrate on bandwidth utilization over time, typically focusing on spikes and troughs. Some try to describe traffic in terms of protocols and port numbers. More advanced approaches try to classify traffic according to flows or even content. Regardless, there is no single accepted taxonomy for creating a network traffic baseline.

Learn how these network traffic monitoring challenges affect the channel.

Challenge 2: Topology, locating the problem. If the network baseline challenge is related to traffic passing a single monitoring point, this involves multiple locations. By placing instruments in enough locations, it should be possible to visualize the network based on observed traffic patterns. Doing this in an automated way would prove extremely useful to network administrators and defenders.

Challenge 3: Visualization at scale. Trying to meet the two previous challenges is likely to be possible when the networks involved are small to midsized. In truly large networks, analysts are likely to begin reaching the limits of some tools to digest and render network data. Tools which comfortably depict dozens or hundreds of nodes face severe limitations when working with thousands or millions of nodes.

Challenge 4: Knowledge management. As techniques and tools derive information from network data, it’s often the analyst’s responsibility to derive knowledge from the information. But how should the analyst capture that knowledge? Consider the “simple” problem of applying tags to network flows. Depending on the data set and the classification involved, tagging individual items in a packet or flow record can be difficult. Still, analysts should have a way to annotate network information for their benefit and the benefit of their teams.

Challenge 5: Privacy. Too many network tools assume the user is fully privileged. In other words, rarely do tools recognize that analysts might have to limit their activities in order to meet privacy or other regulations. Historically, lawful intercept tools have tried to honor these restrictions by applying filters to include or exclude certain traffic. That approach is too crude to handle modern protocols, especially when a large percentage of traffic is carried using HTTP. Entire methods for meeting privacy concerns are needed.

Challenge 6: Mixing and matching record types. IP addresses are an important element of network traffic but, increasingly, content is becoming more significant. Anyone working in a heavily proxied enterprise will appreciate this problem. Network flows between proxies are almost useless. With the rise of proxy-in-the-cloud solutions, network tools will need to spend more time looking at HTTP requests in traffic to the proxy. Associating these “level 7” records with the mixed “level 3” records from the original host can complicate analysis.

Challenge 7: Not another platform. The final obstacle involves how to extract value from network traffic. Countless vendors are likely to read this article and reply: “Drop my box on your network!” Unfortunately, this response reflects a lack of appreciation of the limits imposed by many IT organizations on deploying new equipment. Often, IT staff must cajole and plead to deploy the hardware currently watching network links. Some of those same deployments also required signing elaborate agreements concerning the nature of the work done at those sites. Ultimately, it can be unrealistic simply to add yet another appliance to a link of interest. Rather, networking teams should be willing to consider deploying their tools and techniques to open platforms so they can devise and deploy their own network appliances. In fact, they should be unwilling to spend any effort installing closed vendor platforms.

Source: http://searchnetworking.techtarget.com/tip/Top-seven-network-traffic-monitoring-challenges


Essential network monitoring system features for the enterprise

Network availability monitoring systems are often the first line of defense that network managers rely on when applications go down. In the ensuing blame game that occurs among different teams in the IT organization, the network availability monitoring system can prove essential.

In fact, with the right system in place, the blame game doesn’t even have to happen. With good alerting and fault isolation functions, the availability monitoring tool can allow the networking team to adopt a proactive posture toward service problems.

The network availability monitoring system market offers a wide variety of tools, ranging from open source technology that is limited in functionality and scale, to large enterprise products from venerable enterprise IT management vendors like IBM and HP Enterprise. When shopping for a monitoring system, the procurement team must map the needs of their enterprise to the network monitoring system features of the dozens of products currently available.

When assembling a request for proposal (RFP) from vendors, there are several essential things to consider: ease of deployment, usability, compatibility with existing infrastructure, scalability and integration options with the broader IT management tool set.

Deployment model

It is important to determine the maximum size and level of distribution that a network monitoring system can support — and, more importantly, how the vendor achieves that scalability.
When looking at how a network availability monitoring system is deployed, the first question to ask is about licensing models. Vendors vary widely in their licensing approaches. Some sell separate licenses for different types of monitoring capabilities, while others charge based on how many devices or how many logical objects or interfaces an enterprise wants to manage. Examine this closely to determine how costly the system is and how complex it will be to maintain.

The next consideration is the actual deployment model. The procurement team should determine if the vendor offers best practice guidelines for configuring its system. Additionally, some monitoring systems are deployed as a single software package, while others require separate installations and separate servers for each component, including the database, the polling engine, the analytics engine and the front-end console. Vendors that offer a deployment with multiple components typically do so to enable maximum scalability and flexibility for their customers, but this approach also adds complexity that not all enterprises want.

Ease of use

A procurement team may assume the existing need for a network availability monitoring system will guarantee the system it chooses will be used productively. This is not always true. Research by Enterprise Management Associates revealed the prevalence of enterprise shelfware — tools that cost significant time and money to acquire and install – that is never used.

Modern management of a virtualized network: Tips and techniques

The layout and flow of the management console is one of the most important network monitoring system features for networking staff to evaluate. Do the charts and graphs presented in the system make logical sense to the typical administrator? Are the commands intuitive enough? How much training will the system require? In this context, a proof-of-concept evaluation, where network management personnel actually interact with the system, will help ensure it gets adopted and provides value to the enterprise.

Compatibility with existing network infrastructure

Many organizations operate in a mixed-vendor infrastructure environment. For instance, they may have one or two switch vendors and another that supplies edge routers. Yet another vendor might provide the wireless infrastructure. When evaluating network availability monitoring systems, the networking team needs to determine which vendors and platforms the tool supports.

This evaluation might extend beyond network infrastructure. Many enterprises monitor their servers and storage with these systems, too. When examining which vendors and which devices a management system can monitor, the procurement team must scope out the types of technologies it wants to manage. This includes virtualization technologies and cloud services.

System scalability

Network availability monitoring systems vary widely in terms of the size of the networks they can manage. While some vendors can monitor hundreds of devices, others can monitor tens of thousands. Furthermore, while some systems can monitor only a single location, others can span an entire enterprise.

It is important to determine the maximum size and level of distribution that a network monitoring system can support — and, more importantly, how the vendor achieves that scalability. One vendor might monitor a large distributed network with thousands of devices using a single server. Others might deploy multiple servers across the enterprise and tie them together with a front-end console. These variations will influence the usability and complexity of the system.


In all likelihood, this network monitoring system will be part of a larger IT management system. The procurement team should evaluate whether the enterprise will require integration with other management products. For instance, the network engineering team may use the availability monitoring system to monitor and manage the network, while the network operations team might use a higher level service assurance system. Integration between the two will encourage collaboration.

Other potential network monitoring system features include network performance management, log analytics, application performance management, network change and configuration management, reporting capabilities and much more. In fact, many network availability monitoring vendors offer a broad suite of IT management tools with varying degrees of integration among them. For third-party platform integration, however, the procurement team should evaluate the technology partner ecosystem of vendors and the types of certifications and joint support these integrations ship with.


Each of the above network monitoring system features should form the outline of the RFP, underpinning the procurement of an availability monitoring system. There is a large amount of variability in the market, and many vendors will promise more than they can deliver. It is important for the networking team to fully understand requirements for a monitoring system and to map those needs to the capabilities of the products they evaluate. The procurement team should get answers to all of these questions and fully test those answers in a product evaluation before making commitments to any product.


Source: http://searchnetworking.techtarget.com/feature/Essential-network-monitoring-system-features-for-the-enterprise


The Top 8 Challenges with Network Monitoring

What network monitoring challenges keep you up at night? Is it difficult to see exactly who is consuming all the network bandwidth? Are you struggling to identify the faulty device that keeps bringing the network down?

You’re not alone. IT professionals all over the world share similar network management challenges.

Check out the infographic below for eight of the most common challenges and how network monitoring tools take care of them

Source: https://www.helpsystems.com/intermapper/infographic-top-8-challenges