Saturday, November 8, 2008

Transaction Monitoring – Network Appliances

Yet another way to implement Transaction Monitoring solutions is via a Network Appliance. This approach is defined here as any approach that collects data by non intrusive "Network Sniffing". Two good examples of vendors that provide this type of solution are B-Hive and Correlix.

How it Works

Network appliance solutions usually connect to a port mirror in order to collect the traffic, and then try and re-construct the entire transaction. Information needs to be collected directly from every node that is of interest.


  • Any application where transaction latencies need to be monitored in a production environment
  • Managing SLAs
  • Systems which cannot be tempered with at all and need a "plug and play" solution


  • Zero Overhead
  • Full time monitoring
  • Immediate installation
  • Instillation only concerns the network administrator
  • There is no risk of crashing the system ( some "Deep Dive" solutions will cause system failure if they are used to monitor too many transaction due to high overhead)


  • Uses an algorithmic approach to track transactions which limits accuracy of metrics, latencies are not right, you do not know the accurate flow of the transaction through different tiers and so on.
  • Tracking is not really end-to-end since you cannot see what is actually happening within the servers (cannot achieve full visibility)
  • Even if you collect data from all nodes, correlating that data into a single transaction path (or topology of the entire transaction) accurately has yet to be done (if you can give a concrete example, then let me know and I will post it)
  • Receiving data at the network level makes measuring encrypted data close to impossible
  • Once an event has begun processing, it cannot be controlled (say for resource allocation purposes)


When trying to give an understanding of a general approach to a solution, all potential advantages and drawbacks (which people who develop or promote the specific solution would prefer to ignore) are listed. Comment with any objections (as people have done in the past) and I will at some point post everything.


dmcclure said...

There's another series of vendors that I'd put in this category.

While many fit into protocol level tracking, many are maturing into flows (netflow) and more traditional transaction tracing and monitoring.

Network level transaction discovery, tracking and monitoring is ripe for development, especially by vendors such as Cisco.

Here's a short list to dig into here.

Network General/NetScout
Network Associates
Network Instruments
Compuware Vantage Service Check, App Vantage


Alon said...

I plan to write an article that includes End User Monitoring which includes vendors that utilize network appliances in order to execute the solution. Tealeaf, for example, may use a network appliance, but from what I can tell they are more interested with EUM than the entire network. Compuware, as I understand, has more than just a network appliance solution.
Thank you for the great comment, I will insert it into a summary that will include various comments.

lanman said...

i have worked with another vendor called SeaNet.

they offer real time latency measurement of transactions at the application layer in business context. They use passive probes for data capture and then correlate multi tier applications event streams.

SeaNet should be on anyone's list when looking for application layer latency measurement and alerting and reporting.

sgorkoff said...

Companies in the processing space need to develop the ability to sense unexpected patterns and anomalies instantly and respond rapidly. A number of processors, retailers, telcos, and service bureaus use INETCO's business transaction management technology to discover and react to emerging issues faster, increasing revenues, reducing costs, and decreasing risk. Check out a demo:

