by Cathy Fulton
Monitoring business transactions over the network has never been more critical to operational efficiency. Yet, there’s much confusion over methodology.
The implementation choices consist of different deployment strategies (client-site or server-site, agent or appliance) and distinct monitoring technologies (active or passive). Each of these options has individual strengths and weaknesses. This series of articles discusses industry best practices for effectively monitoring business transactions in a global environment.
Part 1 of 2: Deployment Strategies
One of the most important decisions is the deployment strategy for the business monitoring solution. Should monitors be deployed at the client sites or should they be deployed at the data centers? Should software agents or hardware appliances be used? While this may seem like a minor matter, it has the most serious ramifications from both an immediate “headache” and long-term recurring cost standpoint.
Client-site Approaches
Client-site approaches require that software be installed on clients’ desktops or hardware be installed at the clients’ sites. For large enterprises, this approach may prove to be a deployment and management headache that requires cooperation among multiple management fiefdoms. The individual who manages the network is often different from the individual(s) who manages the desktops at the various sites.
Indeed, deploying either software or hardware at client sites may not be possible and is rarely easy. It can also be quite painful to maintain large numbers of remote monitors, keeping them continuously running and up-to-date.
From a technical standpoint, client-site approaches have some important weaknesses. First, they usually have a very limited view of the client-application-network environment. Because of cost, maintenance, and load issues, they are typically deployed in limited quantities across the network. Therefore, they only get sample, (hopefully “representative”,) measurements of the overall environment. Client-site software agents are particularly bad in that a single computer at a site may be selected to represent behavior for the entire site…or even multiple sites. Client-site hardware appliances (using passive monitoring technology) may be placed at the access router to measure performance for all clients at that site.
Also, client-site approaches may unduly stress the network or servers. The network may be stressed as remote monitors upload their performance statistics to a centralized data store. It is wise to ask the vendor for bandwidth usage metrics per monitor as a function of number of transactions – and then measure yourself to verify. If active monitoring technology is used, additional traffic is inserted from the synthetic transactions; this may unduly load the network links or the servers themselves. Unacceptable network or server stress is another reason that the number of client-site monitors is often reduced to a “representative” sample, resulting in a limited view of the environment.
Because of their location, client-site approaches have difficulty separating out the server delay from the network delay. A common technique is to measure the network delay based on the initial TCP connection setup time and then assume that the network delay is constant throughout the session. This approach can be grossly inaccurate, particularly when persistent sessions (now common with web) or long sessions (common with telnet, FTP, etc) are involved. It also completely ignores the effect of serialization delay since the connection setup involves the smallest sized packets. It also ignores self-induced queuing delay. Some augment their network delays by periodically actively sending ping (ICMP) packets but this approach suffers from similar drawbacks.
Server-site Approaches
Server-site approaches allow monitors to be placed at the datacenters rather than at the clients’ sites. This reduces the number of monitors, greatly easing deployment and management issues. Not only are there fewer systems to manage, but datacenters will have people more experienced in their maintenance.
Special care must be taken if the approach requires software be installed on the actual production servers. Systems managers are rightfully nervous of potential software conflicts, and some have had negative experiences with the monitoring software crashing their systems. They do not deem such as a career-enhancing event. Usually the easiest solution, and certainly the one with least risk, is that which allows a hardware appliance to be placed near the servers off of a tap or span port – rather than one that requires software be installed on the servers themselves.
Server-site passive approaches have a wonderful vantage point. They can see all users interacting with all servers at the datacenter, on a 7×24 basis, because that is where they are located. Server-site active approaches have a horrible vantage point if network information is important (and it generally is) – they only see the datacenter LAN.
Server-site monitors place much less stress on the network and servers. The performance statistics are uploaded over well-provisioned links since the (passive or active) monitors are already located at the datacenters. Likewise the additional traffic from active monitors’ synthetic transactions occurs over higher-capacity links, and the stress to servers is generally much lower since fewer monitors are needed (compared to client-site deployment).
Because of their location, server-site approaches have no difficulty separating out the server delay from the network delay. However, they will have trouble identifying client processing time from client silence. That is, they will not know whether the client CPU is busy or the client is simply drinking coffee and chatting.
Deployment Summary
The preferred deployment strategy uses the server-site approach. It greatly reduces deployment and maintenance headaches, places minimal stress on the network, and can provide a virtually unlimited view of the environment. To reduce risk, deploy a hardware appliance to avoid installing software onto the production servers. If client-site monitors are deployed, their numbers may be greatly reduced by also deploying a server-site monitor.
For more information, please see:
Agent-based or Agent-less Network Monitoring, IT-Observer
Performance management from the client’s point of view, Network World
This article is part 1 of 2 and will be continued.
Cathy Fulton is CTO of NetQoS
No comments yet.