Happy new year to everyone, I just finished taking a week off post new years and I’m already hitting the road. On the research front we’ve published a new update to the RFP template for APM tools. Expect more refreshed and new content this month. Now on to the pick of the week (which is happening monthly).
SolarWinds released a pretty major update to their very popular Network Performance Monitor. This is one of the most popular tools out there to handle basic network monitoring needs, and it does so well. The product can also be extended to many other areas as well. Most implementations consist of SNMP polling of devices, syslog collection for faults, and many extend it towards netflow analysis. It’s also frequently coupled with SolarWinds Network Configuration Manager (NCM) for NCCM use cases. In the latest large update they did, they introduced some major new capabilities in version 11, these included the ability to do basic deep packet inspection (DPI). What this means is that SolarWinds can now observe packet level detail, instead of relying on vendors and devices to send it summarized data. The unique part of the solution is that it’s very flexible in the deployment models, the product can be placed on a dedicated device and span and tapped network traffic be sent to it (See : http://cdn.swcdn.net/creative/v11.4/images/landing_pages/Use-Case/img/screenshots/network_sniffer.png) or you can deploy the sniffer as an agent on your servers. This allows for the understanding of detailed application network traffic along with the ever important measure of latency, the key metric in determining network performance. Solarwinds is doing this for very low cost, disrupting a market which otherwise has not been inexpensive to enter. Let’s have a look at the new product and what it can do:
In order to evaluate SolarWinds has always made it very easy to download and try the product. After the download the setup wizard is run, which needs a Microsoft Windows host and a SQL server for the product install. It also uses IIS since the product is web based. These screenshots and my lab testing were done back in October, but I’m getting around to the posting now.
There are lots of features which can be selected which enhance the capabilities of the product, here are some:
Once you login to the web interface you are presented with the dashboard. They setup the basic monitors for the SolarWinds server itself. Quality of Experience (QOE) is the method which is using the packet inspection capabilities, you can see that measured here.
Here are the details on the QOE for SQL server
Here the deployment is explained in the product, as we’ll go through setting up the agent on other hosts:
Some more detail on the various data captured with the QOE sensor, you’ll notice it’s summarized but you can see the response time by protocol for the host. Here you’ll see MSSQL, CIFS, and HTTP traffic being captured and reported upon.
When you install a new sensor you can manage them all from this view:
You can also tune what is being captured from each sensor, you’ll notice there is a large array of standard applications which can be recognized
When you want to add a node, you can do so completely remotely and the agent is pushed as you can see below
Many people will ask what the overhead is, and the answer it that is depends. In production workloads based on the level of traffic being send and what you are analyzing there will be some CPU usage by the monitoring, but with today’s processors and computers it shouldn’t be more than a few percent utilization (4-6%). It also shouldn’t block any IO or introduce any latency unless it’s under very heavy load.
Overall this product is a good first move for SolarWinds to commoditize the ability to do decentralized deep packet inspection for network performance. We expect others to move as well, and bring the cost of these tools and solutions down significantly.
Next up will be Greylog2!