by Cathy Fulton
Monitoring business transactions over the network has never been more critical to operational efficiency. Yet, there’s much confusion over methodology.
The implementation choices consist of different deployment strategies (client-site or server-site, agent or appliance) and distinct monitoring technologies (active or passive). Each of these options has individual strengths and weaknesses. This series of articles discusses industry best practices for effectively monitoring business transactions in a global environment.
This article is part 2 of 2. Click here to read part 1.
Part 2 of 2: Monitoring Technologies
Another important – and frequently contentious – decision for selecting a business transaction monitoring solution is whether to use active or passive technology. An active monitor emulates a client by periodically generating synthetic transactions according to some user-defined script. In contrast, a passive monitor measures the transactions of real clients in all their variability. Which is better? Well, it all depends on what you want to measure.
Active Monitors
Active monitoring approaches generate synthetic transactions. They use a form of robot to periodically perform one or more defined business transactions. The robots follow a script, a sequence of timed commands, in their interactions with the server. They are often installed on dedicated systems to minimize the number of system variables between script “runs”. By always running the exact same transaction in the same manner on the same platform with no other application competing for resources, active monitors provide a deterministic baseline that reflects variations in server and network performance. The client “variability” has been effectively removed.
The advantages of an active monitor are that you know what it is doing, and you know when it should be doing it. You know that any significant deviations in performance measurements are likely due to changes in network or server behavior. You have controlled 7×24 activity which is useful for availability monitoring.
The disadvantages to active monitoring are that you do not know what the real users are experiencing, and the monitors can significantly degrade the real user performance. Addressing the second point first, active monitors place additional load on the network and the servers. Without careful planning, active monitors have been known to congest network links and bring servers to their knees – an avoidable but all too common situation.
While active monitors are useful for availability monitoring, load concerns usually limit their effectiveness. They are typically programmed to perform their transactions only every 15min or so to prevent stressing the environment. This means on average they detect a failure after 7.5min have passed – much better than never, but the helpdesk phone has probably already been ringing if it happens during normal business hours.
The primary disadvantage to active monitors is that they do not capture the real user experience. The script they follow may bear little resemblance to how actual clients are using the application; it is simply a model of a possible transaction. This is useful for monitoring changes in performance of the scripted transaction, but it does not necessarily relate to the real user.
Even if a user were to perform the exact same transaction with the same programmed timing as the active monitor, the performance of the real user may differ significantly from the active monitor because of differences in underlying software. For example, some commercial active monitors do not use a web browser when sending commands to the web server; instead, they use an API to send requests serially within a single session. The real user will be using Internet Explorer or Firefox or the like, and will send requests simultaneously in multiple parallel sessions. The time it takes for a typical web page to download will thus differ significantly for the real user and the active monitor – even though the web page is the same. Differences in hardware, operating systems, drivers, and other software can impact experienced performance.
The performance reported by active agents may also differ substantially from real users due to caching or other acceleration techniques. By periodically repeating identical requests, active monitors may experience a significant performance boost from caching technologies – on the servers, on network devices, or on the client itself. While caching on the client may be disabled, caching on the servers or other network devices can not be disabled without harming the real users. One approach to eliminate this caching benefit is to program the active monitor to send random queries, but this also destroys their deterministic advantage – you no longer know what is being measured.
Passive Monitors
Passive monitoring approaches measure real user traffic and behavior. They accommodate variations in user behavior, systems, web browsers, and networks – they do not assume that a single model is representative. They can provide an unlimited view of performance in terms of different transactions, different network segments, different servers and different application tiers. Passive monitors may either report on individual transactions (verb monitors) or on an aggregation (generic monitors).
Verb monitors provide individual performance statistics for each configured verb, where a verb may be a URL for web applications, a specific query for database applications, or a document download for FTP applications. This approach provides the most granular performance detail at a cost of scalability and ease-of-use (since each verb must be configured). If many verbs are configured, important patterns may be hidden by the noise – the trees may obscure the nature of the forest.
Generic application monitors typically summarize the performance results for the different observed verbs. This approach reduces configuration requirements and improves scalability at a cost of reduced granularity. For example the performance of all FTP document downloads from a particular server that are within a specific size range (e.g., between 23 and 46 Kbytes in size) may be presented as a single average metric using the generic approach, whereas an FTP-specific monitor may require that you configure each document you wish to monitor and then it will report their individual performance statistics.
The preferred passive monitoring solution combines the ease-of-use and scalability of generic monitoring with the flexibility and detail of verb (transaction) monitoring. That is, it provides out-of-the-box generic monitoring but also supports user configuration of custom verbs (transactions). Support for custom transaction configuration in passive monitors will be less flexible than that in active monitors.
There are two main disadvantages to passive monitors. One is that they may not provide the flexibility to define a desired custom business transaction – they may be limited in the applications and transactions that they monitor. Another disadvantage is also their strength: their measurements include the variability inherent in real user behavior.
Technology Summary
Active monitors eliminate uncertainty about what is measured and provide a check for loss of service. They provide a very limited view of performance, limited by number of transactions, locations, and environments. They may receive an artificial performance boost from caching, and they do not capture the real user experience.
Passive monitors capture the real user behavior and provide a potentially unlimited view of application, network, and server performance. They lack the determinism and control intrinsic to active monitors. They may be limited in their support of custom-defined transactions.
Best Practices
The preferred deployment strategy uses passive server-site monitoring in the form of an appliance. The server-site approach greatly reduces deployment and maintenance headaches, places minimal stress on the network, and can provide a virtually unlimited view of the environment. Use of an appliance reduces risk by avoiding the need to install software onto production servers.
The optimal technology approach combines both passive and active monitors. The passive server-site monitor effectively captures the real user behavior and provides a potentially unlimited view of application, network, and server performance. There is no need to deploy active monitors across the network – the passive server-site monitor will report any network performance problem, including loss of network availability. Therefore only a single active monitor placed at the datacenter is necessary to provide a deterministic baseline of custom configured transactions.
For more information, please see:
- Network Management: Proactive Approach or Reactive Measures, podcast on active versus passive monitoring by Richard Ptak (Registration required)
- Demystifying Passive Network Discovery and Monitoring Systems, Usenix.org (PDF)
This article is part 2 of 2. Click here to read part 1.
Cathy Fulton is CEO of NetQoS.
No comments yet.