Network monitoring comes of age

Because wide-area networks (WANs) have been around for so long, it is surprising that few comprehensive monitoring tools have been available to monitor them, especially at the application level, until recently. NetQoS Inc. has matched two appliances — SuperAgent and ReporterAnalyzer — that are designed to look at all of the important traffic flowing across the WAN. They provide network administrators with the troubleshooting and information monitoring capabilities that they have been missing.

To test the company officials' claims, we simulated an enterprise environment.

For $4,950, NetQoS officials will fly out two engineers for two days to configure the devices and train administrators. There is little to install because the appliances are essentially turnkey, and there are no probes to set on servers or workstations. We figured that, given time, we could configure a large WAN by ourselves. But after conversations with their engineers, we decided that the expert advice is worth the money.

We began by generating application requests to our farm of Web servers from our simulated clients. SuperAgent is designed to watch TCP and other traffic and measure response time based on real end-user traffic. Using a Web interface to SuperAgent, we immediately watched our application and SQL traffic flow through the network wire, complete with network protocol information and client and server subnets and addresses.

Next, we used the Aggregation Properties feature to organize this data into customized logical views. It allowed us to define the views of services, servers and locations that are necessary to accurately represent our organization's traffic.

Network staffs, for example, require statistics that track the physical network layout, but managers often prefer reports that reflect the organizational structure. NetQoS supports both representations.

Although we scoured the product for weaknesses in a large enterprise, we identified none. Features that allow the bulk import of subnets via text files and the crafting of custom views by Aggregation Properties make this product capable of easy management in a large and complex enterprise environment.

We give NetQoS high marks for a thoughtful design, which will accommodate large and distributed information technology shops.

After designing views that displayed relevant network information about our application and its users, we set out to upset our perfect microcosm. On one of our application servers, we started a resource- intensive Out-Of-Control.exe process — appropriately described as a cardiac stress test for computers.

SuperAgent immediately sent us an e-mail alert directing us to a report in its Web interface. This report showed a bar graph comparing response times of all clients. From the graph, we could find conversation specifics. We found that all clients with a slow response time were conversing with our stressed out server.

SuperAgent offered further comparison of all application server response times in the farm. Based on this bar graph, we could clearly see that the stressed server was much slower than the others. To our surprise, in less than one minute, we were focused on the culprit of the problem.

ReporterAnalyzer

To test the Reporter Analyzer, we directed it to one of our core routers. ReporterAnalyzer gathers Cisco Systems Inc. NetFlow or Remote Network Monitoring Version 2 (RMON2) information and data from other sources. We found it easy to get a complete view of the traffic on our network. We could see who was using what bandwidth, when they were using it and what traffic they were generating for each protocol.

This information is not exactly groundbreaking, but the product's complete and historical archive is. The ReporterAnalyzer can store this data for up to 13 months.

We were impressed by the small footprint that the product would have when implemented, even on a large network with thousands of interfaces and network locations. Other solutions providing similar information about a network require physical agents to be deployed at all collection points. ReporterAnalyzer's ability to collect detailed and granular information from a relatively limited number of collection points is a major feature that distinguishes it from other products.

One of our favorite features of this product is its ability to send e-mail alerts when users reach specified thresholds.

SuperAgent and ReporterAnalyzer produce attractive reports complete with appropriate graphs suitable for nontechnical stakeholders. Although HTML is the only format available, we found it simple to cut and paste the reports into a Microsoft Corp. Word file for further editing, or to generate a PDF file with the free PDF995 program, which is available for download at www.pdf995.com.

The bottom line

We were impressed by the speed at which we could take all information into account and, with the help of NetQoS' product, arrive at an accurate diagnosis of network problems. Using conventional tools, we would have been forced to set up a sniffer to catch traffic problems. We would have spent a good deal of time watching traffic samples, trying to figure out which conversations were slow and why.

Greer is a network security consultant. Bishop operates PeoplesInformation.com, an Internet Consulting firm. They can be reached at egreer@thecourageequation.com.