Technical Focus : instrumentation standards
Alaloop portals are open to the integration of market instrumentation (standard or proprietary). This article reports on the different standards and approaches to instrumentation used for measuring performance of infrastructure and / or applications.
Instrumentation for IT performance is based, in order of importance, of the 3 following metrics:
1. performance measurement of services delivered: this metric is expressed in time units (min, sec, ms). These measures are intended to validate that the services delivered meet the performance targets generally included in a Service Level Agreement (SLA). We distinguish the SLA for infrastructures (network & hosting) and global SLA (and User Applications);
2. workload of sensitive resources : the metric should be expressed as a percentage of the rated load. These measures aim to validate the design to ensure optimal performance at an optimal cost;
3. traffic analysis: this metric is to identify an origin of traffic (IP address, application, etc..). These measures aim to control the use of facilities by user, application or any other analysis.
Performance measurement use two complementary techniques adapted to various uses. The active monitoring, also called synthetic monitoring validates the performance of delivered service (network connection, application, ..) by simulating its use with a ROBOT at regular intervals 24/24h - 7/7d. This technique is well suited to the identification of performance issues and monitoring of SLAs. Among the popular robots, note that IP SLAs is embedded in the majority of Cisco devices and allows for testing performance of network infrastructure and accommodation through many tests (OPERATION) predefined in the robot. Another robot is widespread JMETER for testing performance of applications with different protocols.
Conversely passive monitoring is based on the capture of network traffic between the user and the applications (analyzer). It is more suited for troubleshooting problems identified or the analysis of traffics between client and server during development phase.
Workload measurement of IT sensitive resources is also using several techniques. The standard SNMP (Simple Network Management Protocol) to access the MIB (Management Information Base) resources is the well-known standard of the IETF (Internet Engineering Task Force) for all network and mediation (proxy, firewall, etc. .) devices. There are also many MIB for software components (Oracle, notes, etc..). The website MIBdepot (www.mibdepot.com) records approximately 10 000 MIBs representing 1 380 000 objects manageable.
Another important standard and most recent is the WBEM (Web Based Enterprise Management). Under this term are collected a set of technologies and standards of DMTF (Distributed Management Task Force) to unify the management of distributed computing environments. The central point of recording information is CIM (Common Information Base). This standard is more widely used for monitoring servers and applications.
WMI (Windows Management Instrumentation) is the Microsoft implementation of WBEM and CIM standards of DMTF. Initially, remote access to WMI was only possible through DCOM (Distributed Component Object Model: Technical owner Microsoft). More recently, Microsoft has made available the method WinRM (Windows Remote Management) based on standard WS-Management (Web Services for Management) of the DMTF. The advantage of this method is to use standard web protocols (SOAP messages) for secure remote access to information in a CIM resource. For this reason Alaloop uses WinRM as a means of access to WMI and not DCOM.
Many hardware / software unfortunately does not have a standard interface (SNMP / MIB or WBEM / CIM). In this case, it will be necessary to "parse" the relevant indicators published by the proprietary application.
We finished our review of standard instrumentation with traffic monitoring provided by recorders. There are basically packet recorders and flow recorders packages. Flow recorders (a flow is a kind of "conversation" between 2 IP addresses) can have a general overview of traffic. The standard IPFIX (IP Flow Information Export) of the IETF is derived technology from Cisco Systems Netflow. It defined an export format of traffic information to a collector that will store them, typically in a database to allow any type of analysis. Many network equipment (routers and switches) have a Netfow / IPFIX feature embedded. It allows to have many points of traffic analysis without installing additional equipment, and with a centralized vision.
Packet recorders are rather used for "troubleshooting". There are many packet recorders based on the PCAP interface : an API used to capture network traffic. (Libpcap is the Pcap implementation on Unix / Linux platforms and WinPcap is an implementation on Windows platforms). The vast amount of information collected does not allow export. The recorders will have packages to allow local traffic analysis.
SFlow is a standard to capture traffic on switches and routers. Its architecture is similar to Netfow / IPFIX namely a collection of software agent embedded in the equipment (switch / router) which exports its data into sFlow datagrams to a collector. Beyond this similarity of architecture, the nature of the information sent in the sFlow datagram is totally different. SFlow agent carries 2 types of operations: sampling and counting packets on interfaces. Alaloop chose not to stand for sFlow because traffic analyzes based on packet sampling lead to misinterpretation and information counters interfaces are easier to obtain with the snmp Mib2.
In summary, this article has an update on the different techniques of instrumentation and many current acronyms involved. The figure summarizes instrumentation integration within Alaloop portal. Details are available in a new guide entitled "Alaloop instrumentation guide".
These efforts have strengthened the partnership with Cisco to support the NAM (Network Analysis Module) as a new source of Alaloop portals. The NAM is a multi sensor network analysis available as a module to a large number of Cisco devices (routers or switches) and also as appliance. It supports many analysis features as application response time (ART NAM) and can also measure the benefits of Waas (Wide-Area Application Services) devices. The objective of this partnership is for Alaloop to have a new and rich source of data and for Cisco to have a new and powerful reporting and analysis portal associated with ease of use.
Page Up
