Gartner Blog Network

Application Aware Network Performance Monitoring (NPM) and Network Packet Broker (NPB) research

by Jonah Kowall  |  April 21, 2012  |  26 Comments

Vendor Landscape for Application-Aware Network Performance Monitoring and Network Packet Brokers –

Deb Curtis and I have recently published a note which is something which I started several months ago to highlight some of the innovative solutions and players in the Network Performance Monitoring (NPM) market which fit a specific set of criteria. We needed to artificially put a boundary on this market definition in order to avoid having to write on each of the 100+ players in the NPM market who handle polling, flow, and packet based data analysis. We still managed to cover 18 vendors in this market who met criteria we outlined:

Application-Aware NPM

These solutions allow passive packet capture of network traffic and must include the following features, in addition to packet capture technology:

  • Receive and process one or more of these flow-based data sources: NetFlow, sFlow and Internet Protocol Flow Information Export (IPFIX).
  • Provide roll-ups and dashboards of collected data into business-relevant views, consisting of application-centric performance displays.
  • Monitor performance in an always-on state, and generate alarms based on manual or automatically generated thresholds.
  • Offer protocol analysis capabilities to decode and understand multiple applications, including voice, video, HTTP and database protocols. The tool must provide end-user experience information for these applications.
  • Have the ability to decrypt encrypted traffic if the proper keys are provided to the solution.

Optionally, the features of market leaders include:

  • High-capacity storage of captured packet data, but this is not required as a core feature, although it can be useful from a diagnostic perspective. Products that do not store the data must provide packet capture on demand and reported in real time.
  • Operation in WAN-optimized and virtualized environments through support for popular WAN optimization controllers (WOCs; e.g., Riverbed, Cisco and F5), as well as virtual network tagging, such as Cisco’s virtual network tag (VNTag), VMware’s ESX and Citrix’s Xen.

These products are what we would call AA-NPM due to their ability to not only fit the needs for network engineers needing to debug and diagnose issues, but also the elevation of that data into business relevant application views. Many Gartner clients speak to me asking for APM products, but when confronted with the task of agent deployments often find themselves wanting AA-NPM functionality versus APM functionality. Based on the maturity, complexity, and overall design of the applications different product types will be the best fit to allow visibility and troubleshooting of problems.

Additionally, I am excited that we have started really covering the Network Packet Broker (NPB) market, which consists of devices that facilitate monitoring and security technologies to see the traffic which is required for those solutions to work more effectively. They could be called “monitoring switches” “matrix switches” or other terms, but we felt this term fit the best as far as what they do and what they do not do. These products are often required once you start dealing with more complex networks. Here are the criteria we used for these products:


  • Many-to-many port mapping, with a configuration interface (graphical user interface [GUI] or command line interface [CLI]) for real-time adjustments of packet flow, including port mapping and paths.
  • Filtering of packet data based on the characteristics found in the packet headers, allowing filtering of Open Systems Interconnection (OSI) Layers 2 through 4.
  • Packet slicing and deduplication, which allows a subset of the full packet data to be passed to the monitoring device, thus allowing monitoring tools to scale more efficiently.
  • Aggregating multiple packet stream inputs into one larger stream, for example five 1Gb links into a single 10Gb link. Alternately, the reverse also will work, where a single 10Gb link would be fed into multiple 1Gb connections. The destination would be a monitoring tool with the proper interface.
  • Distributing traffic load per device by sending it to different probes or appliances in order to scale the monitoring, or to provide redundancy in the monitoring technology.
  • Insertion of hardware-based time stamps that can be used by the monitoring tools to provide more accurate measurements. These hardware-based features can change the accuracy of the packet time stamp from milliseconds to microseconds, enabling more granular time measurement.

Optionally, the features of market leaders include:

  • Deep packet inspection, allowing for the filtering and routing of packets based on data characteristics in the header or payload, and support for filtering on OSI Layers 2 through 7.
  • The ability to capture ingress port identification data, enabling unique identification of traffic from multiple ingress ports.
  • The capability to mask specific data in the packets, which could be applied in compliance use cases, which contain confidential regular-format fields (e.g., Social Security numbers, credit card numbers, etc.).

We included 9 NPB vendors in the research. I realize it’s been almost 2 months since my last post, I will try not to let that happen again.

Category: it-operations  monitoring  npm  

Jonah Kowall
Research Vice President
3.5 years with Gartner
20 years IT industry

Jonah Kowall is a research Vice President in Gartner's IT Operations Research group. He focuses on application performance monitoring (APM), Unified Monitoring, Network Performance Monitoring and Diagnostics (NPMD), Infrastructure Performance Monitoring (IPM), IT Operations Analytics (ITOA), and general application and infrastructure availability and performance monitoring technologies. Read Full Bio

Thoughts on Application Aware Network Performance Monitoring (NPM) and Network Packet Broker (NPB) research

  1. […] than the “coming of age” of this category. Gartner’s Jonah Kowall and Debra Curtis published the vendor landscape for application aware Network Performance Monitoring and Network Packet Brokers… The Anue NTO is covered as an offering in the Network Packet Broker category. Simply put it […]

  2. Mark Weiner says:

    Am personally glad to see this several year — but now growing rapidly — market has formally been defined by Gartner.

    Customers can now define their market requirements with a common label, and evaluate vendors under the same umbrella. Looking forward to seeing customer awareness, and mutual benefit, grow in the coming years!

  3. […] Packet Brokers (NPBs) is the latest name coined by Gartner Analyst Deb Curtis and Jonah Kowall to define a set of hardware based appliances that help optimize the access and visibility of a […]

  4. […] Six criteria define an NPB, according to Kowall: […]

  5. […] Packet Broker (NPB) is a new category defined by Gartner in their latest research. This category basically covers what was used to be “Network […]

  6. Kirk OConnor says:

    Riddle me this Batman….Where does the application aware NPM solutions offered as a managed services sit?

    XO has an managed service offer called APM. Level 3 also has a managed service offer called APM. Verizon offers AAS as a managed service. AT&T offers Enhanced Reporting.

    All these are available as a monthly recurring charge as an operations cost that can be rolled into a 3 year WAN MPLS RFP.

    Why would an enterprise go spend capital dollars when they can get aaNPM from a managed service? This allows the enterprise WAN managment team to concentrate on migration to the cloud, BYOD, VoIP, and Video, and data center consolidation without having to own the infrastructure of an aaNPM solution.

  7. Jonah Kowall says:

    The delivery of solutions doesn’t change the segment, only the delivery model. There are several service offerings on the market.

    Most service providers tie the NPM to the network services, hence you cannot see within your environment. Other VARs and SIs will do fully managed offerings, which can sit anywhere.

    The delivery models vary, but NPM is far behind APM in terms of true SaaS, which is the way of the future for management technologies.

  8. Kirk OConnor says:

    So the segmentation is really about technology…Pinging/Polling (NPM) versus NetFlow (aaNPM).

    Fair enough, as mentioned the 100+ players that know how to ping and poll in NPM is not really helpful in identifying aaNPM issues. If NPM is defined as pinging/polling for up/down and utilization then that is typically given away or a very cheap offer. It definitely is not always on. But it is a good start in isolating an event. but the assumption is that the device is up and on. (The cloud is always “available.”) Yes, I would not want to write about 100+ pinging/polling solutions or 100+ NetFlow solutions…

    So, the delivery of future management technologies as a true SaaS has some issues with the actual “technical delivery” of the features listed for this market segment for both NPM and APM.

    For example:
    • NetFlow must be encrypted, or a VPN tunnel created, to send data into the cloud. No enterprise is going to send their IP addresses into a collector in the cloud if it is not encrypted.
    • If NetFlow stops transmitting, than the always on scenario falls apart. If the collector needs to be upgraded, than the NetFlow data will not be collected. A lot of inbound and outbound streaming data is blocked by firewalls.
    • Active testing/pinging and polling does not allow for the always on scenario, but active testing can simulate end user response time measurements, when testing is enabled. (from where? Which location? How often?) How is NetFlow going to provide end user experience? Oh, right…Through IPFIX once the enterprise buys more routers and upgrade the IOS…
    • An APM solution requires proximity to the data, but the “cloud” scatters data to the wind and different service arenas. Back to active testing or agents.
    • Flow based technology that does not support port hopping protocols requires NBAR to be turned on in order to decode applications, otherwise application traffic is identified as a single port for every flow…Does the collector save every flow or just top N?

    The services offered have removed the network as the issue and are concentrating on the applications. They are the premier US service providers who have a service titled “APM” which has similarities in SaaS: web access, reduction of IT support costs, expert support of the service offered, monthly recurring charge, etc. The delivery of these aaNPM solution is available now and not far behind…They provide real time and historical network, application, VoIP (with MoS scores) all time synchronized with Layer 1 visibility, SLAs, on demand packet capture, server connect and server response time and summarized dashboards all offered and available on the next WAN RFP and in some cases even tomorrow.

  9. I have to add that agent based APM mostly, not all, but definitely the leaders in Gartners M Quadant are human resource intensive to the extreme. This goes seriously against the need to reduce costs in the MSP space. MSP’s are looking for solutions that are the simplest to install and simplest to maintain.

    Note that more & more APM is being offered through MSP’s. Yes it is just another “delivery model” but the needs of these entities are substantially different to to the standard enterprise. A glaring point is the typical lack of multi-tenancy.

    My opinion is that essentially APM needs to be divided into:
    1. Agent based APM split into synthetic & real transaction analysis
    2. Passive probe based APM which can include transactional analysis, I think you are lumping this under aaNPM.
    3. Simple polling based APM which under no circumstance you can confuse with (2).

    After these are defined then Gartners 5 criteria for APM apply but still ease of installation and ease of maintaining the solution should be carefully considered as some of the leaders can put a tick next to every feature but they need just as many support engineers to run the solution. Not ideal for MSP’s!

  10. Jonah Kowall says:

    Not surprising considering you guys are a network VAR, but honestly you cannot pinpoint an issue with an application without an agent. Network approaches are valid and can be of great help with much less time to turn up, but the agents have become much more intelligent and self configuring. You should have a lot at some of the full SaaS capable APM products, they are all very simple to get up and running.

    Network approaches can handle 3 of the 5 dimensions of APM, hence they are limited. We are working on a slew of new research around AA-NPM and NPM shortly.

    “Polling” is another topic we will be publishing research on, specifically the synthetic transactions often used to try to determine end user experience.

  11. Do me a favor. Please apply this simple filter from a MSP perspective to your MQ. Find which vendors don’t have a working multi-tenancy solution and remove them. Also take careful note that some of your vendors have partial product matches through their offerings so a portion of their solution is not multi- tenanted.

    Then the MSP I speak to is not allowed to add any agents onto customer servers. So please remove all vendors using agent based APM, also take into account which ones have a partial match. Your MQ will now look very different.  How can this ever apply to an MSP?

    Delivery model is very important and the type of APM; agent based, passive or polling is just as important to define correctly. Your definition is flawed in that it is leaving out a big chunk of the market (MSP).

    The intelligence of agent based vs passive monitoring was not part of the debate. Trust me I know a lot more can be achieved with agent based APM. I will be marketing them soon. However you are not considering the MSP environment where clients flat refuse to accept the use of agent based APM.

    Sorry ,I don’t see the APM market the way do.

  12. This is a really good tip particularly to those fresh to the blogosphere.
    Simple but very precise information… Appreciate your sharing this
    one. A must read post!

  13. Ksl coupons says:

    This is really interesting, You are a very skilled blogger.
    I have joined your feed and look forward to seeking more of
    your great post. Also, I have shared your site in my social networks!

  14. I just like the helpful info you provide in your articles.
    I will bookmark your weblog and test once more here regularly.
    I’m reasonably sure I will be informed many new stuff proper here! Best of luck for the following!

  15. Pretty part of content. I simply stumbled
    upon your weblog and in accession capital to claim that I acquire in fact enjoyed account your weblog posts.
    Any way I will be subscribing on your augment or
    even I success you get right of entry to consistently quickly.

  16. I’m extremely impressed with your writing skills as well as with the layout on your weblog. Is this a paid theme or did you modify it yourself? Either way keep up the excellent quality writing, it’s rare to
    see a great blog like this one nowadays.

  17. coupon says:

    Simply wish to say your article is as astounding. The clearness in your
    post is just spectacular and i can assume you’re an expert on this subject. Fine with your permission let me to grab your RSS feed to keep updated with forthcoming post. Thanks a million and please carry on the rewarding work.

  18. Hi, I do believe this is an excellent site.
    I stumbledupon it ;) I may return once again since i have book-marked it.
    Money and freedom is the best way to change, may you be rich and
    continue to help others.

  19. […] aaNPM – Again, Gartner has created a definition for this market segment which you can read about here… […]

  20. […] aaNPM – Again, Gartner has created a definition for this market segment which you can read about here… […]

  21. […] blog I plan to write about why this name is pretty appropriate for the products that fall into this Gartner classification.  I recently went to work for Gigamon as a sales engineer selling products in this space, while I […]

  22. […] blog I plan to write about why this name is pretty appropriate for the products that fall into this Gartner classification.  I recently went to work for Gigamon as a sales engineer selling products in this space, while I […]

  23. […] aaNPM – Again, Gartner has created a definition for this market segment which you can read about here. […]

  24. […] You can find a definition of Application-aware Network Performance Monitoring here. […]

  25. pradeep says:

    Great Article, as mentioned there are lot of players in the market but when it comes to Application Aware Network Performance Monitoring as a cloud based SaaS offering there are none .At APPanalyz we offer real time packet analysis as service (SaaS) to provide complete visibility into how the network and applications are performing.

  26. […] aaNPM – Une fois encore, Gartner a créé une définition pour ce segment de marché qui peut être lue ici… […]

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.