Deb Curtis and I have recently published a note which is something which I started several months ago to highlight some of the innovative solutions and players in the Network Performance Monitoring (NPM) market which fit a specific set of criteria. We needed to artificially put a boundary on this market definition in order to avoid having to write on each of the 100+ players in the NPM market who handle polling, flow, and packet based data analysis. We still managed to cover 18 vendors in this market who met criteria we outlined:
These solutions allow passive packet capture of network traffic and must include the following features, in addition to packet capture technology:
- Receive and process one or more of these flow-based data sources: NetFlow, sFlow and Internet Protocol Flow Information Export (IPFIX).
- Provide roll-ups and dashboards of collected data into business-relevant views, consisting of application-centric performance displays.
- Monitor performance in an always-on state, and generate alarms based on manual or automatically generated thresholds.
- Offer protocol analysis capabilities to decode and understand multiple applications, including voice, video, HTTP and database protocols. The tool must provide end-user experience information for these applications.
- Have the ability to decrypt encrypted traffic if the proper keys are provided to the solution.
Optionally, the features of market leaders include:
- High-capacity storage of captured packet data, but this is not required as a core feature, although it can be useful from a diagnostic perspective. Products that do not store the data must provide packet capture on demand and reported in real time.
- Operation in WAN-optimized and virtualized environments through support for popular WAN optimization controllers (WOCs; e.g., Riverbed, Cisco and F5), as well as virtual network tagging, such as Cisco’s virtual network tag (VNTag), VMware’s ESX and Citrix’s Xen.
These products are what we would call AA-NPM due to their ability to not only fit the needs for network engineers needing to debug and diagnose issues, but also the elevation of that data into business relevant application views. Many Gartner clients speak to me asking for APM products, but when confronted with the task of agent deployments often find themselves wanting AA-NPM functionality versus APM functionality. Based on the maturity, complexity, and overall design of the applications different product types will be the best fit to allow visibility and troubleshooting of problems.
Additionally, I am excited that we have started really covering the Network Packet Broker (NPB) market, which consists of devices that facilitate monitoring and security technologies to see the traffic which is required for those solutions to work more effectively. They could be called “monitoring switches” “matrix switches” or other terms, but we felt this term fit the best as far as what they do and what they do not do. These products are often required once you start dealing with more complex networks. Here are the criteria we used for these products:
- Many-to-many port mapping, with a configuration interface (graphical user interface [GUI] or command line interface [CLI]) for real-time adjustments of packet flow, including port mapping and paths.
- Filtering of packet data based on the characteristics found in the packet headers, allowing filtering of Open Systems Interconnection (OSI) Layers 2 through 4.
- Packet slicing and deduplication, which allows a subset of the full packet data to be passed to the monitoring device, thus allowing monitoring tools to scale more efficiently.
- Aggregating multiple packet stream inputs into one larger stream, for example five 1Gb links into a single 10Gb link. Alternately, the reverse also will work, where a single 10Gb link would be fed into multiple 1Gb connections. The destination would be a monitoring tool with the proper interface.
- Distributing traffic load per device by sending it to different probes or appliances in order to scale the monitoring, or to provide redundancy in the monitoring technology.
- Insertion of hardware-based time stamps that can be used by the monitoring tools to provide more accurate measurements. These hardware-based features can change the accuracy of the packet time stamp from milliseconds to microseconds, enabling more granular time measurement.
Optionally, the features of market leaders include:
- Deep packet inspection, allowing for the filtering and routing of packets based on data characteristics in the header or payload, and support for filtering on OSI Layers 2 through 7.
- The ability to capture ingress port identification data, enabling unique identification of traffic from multiple ingress ports.
- The capability to mask specific data in the packets, which could be applied in compliance use cases, which contain confidential regular-format fields (e.g., Social Security numbers, credit card numbers, etc.).
We included 9 NPB vendors in the research. I realize it’s been almost 2 months since my last post, I will try not to let that happen again.