Making ACI Configurations Consistent
APM suites are typically large systems that collect and analyze lots of data about an application. The volume of collected data can be huge. The user interfaces are necessarily complex because they must allow the administrator to identify and relate the data comprising complex interactions between all the elements of an application.
I like to think of APM suites as “WireShark on steroids”. They collect a lot of detailed data that has to be correlated and analyzed. It helps if the APM suite has a library of known applications that allow you to jump-start the analysis (the Epic medical record system comes to mind). If you need to map a new application, then expect to spend some time on it. It helps to have a couple of people dedicated to the project.
Dedicate a couple of people? Yes. These systems are big, complex, and expensive. But what they can do is amazing, so spending the money and time to deploy them provides big benefits. Look at the Gartner report Magic Quadrant for Application Performance Monitoring Suites to find a list of vendors and a general description of their suite. Most vendors have a good list of case studies that give you a good idea of their power.
The data collection engines differ from product to product. The Cisco Tetration system uses server-based software agents and network-based NetFlow collectors to gather the first 160 bytes of every packet sent and received by every server that’s instrumented. RiverBed’s AppResponse depends on network taps and packet brokers to capture packets for analysis. Any APM works best if it has data feeds from as many servers as possible, so make sure to include generous estimates for deployment.
Because of the complexity of these tools, it is also a good idea to include some consulting expertise from the vendor or an approved resource. You can think of the consulting as just-in-time, on-the-job training that quickly makes you productive.
Moving applications to a public cloud infrastructure can complicate application monitoring. Virtual appliances, plug-ins, and server agents are being provided by many APM vendors to provide packet capture and analysis within cloud deployments. You may need to work with your potential APM vendor to identify a valid strategy for your cloud architecture.
APM suites, because of their size, complexity, and expense, are typically products that appeal to larger enterprises. What are smaller organizations supposed to do?
Are there a few alternatives to a full-blown APM suite, offering less functionality at a lower price point? One class of products perform active path tests. AppNeta and NetScout come to mind as examples. These tests are based on synthetic transactions that simulate parts of an application. For example, a simple test might be to login to a web site and simulate the ordering of a particular product. Variations in the time for each step in the process can identify when a particular part of the system is not functioning correctly. Unfortunately, because these tools operate at a high level, it is frequently not possible to determine exactly what is causing the malfunction.
These tools are good at determining if a problem exists and the extent of the problem. With the right set of tests configured, they are also able to determine if there is a network problem or if slowness is due to something else. I recommend alternatives to full-blown APM suites in cases where the organization is relatively small and is running a standard set of applications (i.e., no complex, custom applications).
APM is definitely valuable to organizations that develop their own applications. In this case, look for suites that include software internal function analysis. If the applications used by a business are from an external vendor, then things are less clear. Customizable applications or applications that rely on multiple tiers of servers will benefit from the visibility provided by a full-blown APM suite. Smaller enterprises that use stock applications will likely benefit more from the deployment of active path testing products.
If you’re uncertain about what type of APM is best for your organization, look to NetCraftsmen to help work through the options and make an appropriate selection.
Making ACI Configurations Consistent
Six Tips to Help with Your Next Configuration Audit
Does Security Belong Near Endpoints?
Nick has over 20 years of experience in Security Operations and Security Sales. He is an avid student of cybersecurity and regularly engages with the Infosec community at events like BSides, RVASec, Derbycon and more. The son of an FBI forensics director, Nick holds a B.S. in Criminal Justice and is one of Cisco’s Fire Jumper Elite members. When he’s not working, he writes cyberpunk and punches aliens on his Playstation.
Virgilio “Bong” has sixteen years of professional experience in IT industry from academe, technical and customer support, pre-sales, post sales, project management, training and enablement. He has worked in Cisco Technical Assistance Center (TAC) as a member of the WAN and LAN Switching team. Bong now works for Tech Data as the Field Solutions Architect with a focus on Cisco Security and holds a few Cisco certifications including Fire Jumper Elite.
John is our CTO and the practice lead for a talented team of consultants focused on designing and delivering scalable and secure infrastructure solutions to customers across multiple industry verticals and technologies. Previously he has held several positions including Executive Director/Chief Architect for Global Network Services at JPMorgan Chase. In that capacity, he led a team managing network architecture and services. Prior to his role at JPMorgan Chase, John was a Distinguished Engineer at Cisco working across a number of verticals including Higher Education, Finance, Retail, Government, and Health Care.
He is an expert in working with groups to identify business needs, and align technology strategies to enable business strategies, building in agility and scalability to allow for future changes. John is experienced in the architecture and design of highly available, secure, network infrastructure and data centers, and has worked on projects worldwide. He has worked in both the business and regulatory environments for the design and deployment of complex IT infrastructures.