Expanding IT Forces Expansion of - SevOne · into APM and IT ops monitoring: Cisco/AppDynamics,...

©2017 451 Research, LLC | WWW.451RESEARCH.COM

Expanding IT Forces Expansion of Network Performance Management

Jim Duffy, Senior Analyst, Networking

Cloud, mobility, security and the Internet of Things are driving the network

performance management market to broaden beyond the network and into

applications performance management and IT operations monitoring. Recent M&A

activity has underscored this transition, and further blurred the historically distinct

lines between the disciplines.

JULY 2017

GAME CHANGER

A B O U T 4 5 1 R E S E A R C H451 Research is a preeminent information technology research and advisory company. With a core focus on technology innovation and market disruption, we provide essential insight for leaders of the digital economy. More than 100 analysts and consultants deliver that insight via syndicated research, advisory services and live events to more than 1,000 client organizations in North America, Europe and around the world. Founded in 2000 and headquartered in New York, 451 Research is a division of The 451 Group.© 2017 451 Research, LLC and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication, in whole or in part, in any form without prior written permission is forbidden. The terms of use regarding distribution, both internally and externally, shall be governed by the terms laid out in your Service Agreement with 451 Research and/or its Affiliates. The information contained herein has been obtained from sources believed to be reliable. 451 Research disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although 451 Research may discuss legal issues related to the information technology business, 451 Research does not provide legal advice or services and their research should not be construed or used as such. 451 Research shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice.

N EW YO R K

1411 BroadwaySuite 3200 New York, NY 10018 P 212-505-3030 F 212-505-2630

SA N F RA N C I S CO

140 Geary Street 9th Floor San Francisco, CA 94108 P 415-989-1555 F 415-989-1558

LO N D O N

Paxton House Ground floor 30 Artillery Lane London, E1 7LS, UK P +44 (0) 207.426.1050 F +44 (0) 207.657.4510

BOSTO N

75-101 Federal Street 5th Floor Boston, MA 02110 P 617-261-0699 F 617-261-0688

A B O U T T H E AU T H O R

J I M D U F F YS E N I O R A N A LYST, N E T W O R K I N G

Jim Duffy is Senior Analyst for the Networking Channel at 451 Research. He covers enterprise network infrastructure and associated software, and network performance management. Jim has been covering technology for over 30 years, including 25 at Network World. His coverage focused predominantly on enterprise networking infrastructure, including routers, switches and associated software.

©COPYRIGHT 2017 451 RESEARCH. ALL RIGHTS RESERVED.

II


Key Findings

The network is the nerve center of IT, the element of an IT infrastructure that literally ‘sees’ and ‘touches’ all data. As such, network performance management (NPM) is bleeding into application performance and IT operations management. These disciplines have become interdependent – with the network serving as the foundational element of that interdependence – and require synergistic insight and interaction.

Cloud is an example of the evolution of NPM into APM and IT ops monitoring. Enterprises require the same level of visibility into workloads running in the public cloud that they would for those still on-premises. At the same time, enterprises need to determine if an application anomaly is due to an event in the public cloud network or in the private, on-premises cloud.

As enterprise IT digitizes and embraces IoT, NPM becomes even more critical to ensuring the optimal performance, availability and reliability of the overall IT infrastructure. Concurrently, as more ‘things’ are connected to the enterprise network, the security risk rises. NPM is crucial in providing visibility to detect anomalies and potential breaches.

Recent M&A activity and product developments in NPM and APM demonstrate the evolution of NPM into APM and IT ops monitoring: Cisco/AppDynamics, Riverbed/Aternity, ThousandEyes’ Endpoint Agent, ExtraHop Networks’ 6.0 and Addy, machine learning and behavioral analytics are but a few.

IIIIII

©COPYRIGHT 2017 451 RESEARCH. ALL RIGHTS RESERVED.©COPYRIGHT 2017 451 RESEARCH. ALL RIGHTS RESERVED.

Executive Summary

I N T R O D U C T I O NNetwork performance management (NPM) has traditionally been perceived as the ultra-geek occupation: unsexy, pencil-protector-pocketed loners with broken eyeglasses Scotch-taped back together, using probes, taps and sniffers to take readings of network activity and reporting back to no one who particularly cared.

Now these geeks are the Surgeons General of IT, because the network is its central nervous system. Everything touches the network and the network touches and sees everything: endpoints, applications, connected devices, storage, servers, hypervisors, VMs, containers and microservices. The operation of applications and IT elements depends on the operation of the network. Therefore, NPM must also encompass aspects of APM and IT ops monitoring.

These interdependencies are prompting NPM vendors to increasingly develop, obtain or acquire and add APM and IT ops monitoring capabilities to their products. Some of the leading NPM vendors have recently taken on the task of extending workload visibility from the private, on-premises enterprise cloud into the public cloud. Over the past year, NetScout Systems, Gigamon and Ixia have all introduced new products that instrument workloads in the Amazon Web Services (AWS) public cloud to monitor performance even when those workloads leave the enterprise premises. Other vendors have added endpoint visibility through agents and other instrumentation, allowing end users to monitor the performance of web and SaaS applications and pinpoint the root cause of any anomalies – whether at the endpoint, on-premises or in the cloud.

A chief driver of NPM visibility infrastructure is security, which becomes paramount as enterprises include IoT in IT operations – the attack surface expands with each new connected device. As such, NPM visibility also extends to IT operations through IoT security.

Among the ‘things’ connecting to the IT infrastructure are mobile devices accessing enterprise applications on behalf of remote workers. NPM is responsible for identifying, authenticating and authorizing access to the network based on user, device, role within the business, application accessibility and other corporate compliance and security policies. Visibility into application performance, another key criteria, is based on mobile user location, access method (Wi-Fi and/or cellular), and application and device type.

A handful of recent acquisitions and product development directions serve as evidence of this overall NPM/APM/IT ops visibility trend. Cisco’s multibillion dollar purchase of AppDynamics; Riverbed’s acquisition of Aternity for end-user experience (EUE) management from the endpoint; Gigamon’s Visibility Platform for AWS; NetScout’s virtual TAP and probe products for the public cloud; and Ixia’s containerized CloudLens software for AWS are notable among them.

So geek is now chic, and has become uber-important as IT evolves and extends beyond the enterprise premises with the network as its foundation. NPM has power and influence – that’s sexy.

M E T H O D O LO GYThe profiled vendors for this report were selected based on their current or emerging presence in not only NPM, but the broader APM and IT operations monitoring opportunities.

Reports such as this one represent a holistic perspective on key emerging markets in the enterprise business applications space. These markets evolve quickly, though, so 451 Research offers additional services that provide critical marketplace updates. These updated reports and perspectives are presented on a daily basis via the company’s core intelligence service, 451 Research Market Insight. Forward-looking M&A analysis and perspectives on strategic acquisitions and the liquidity environment for technology companies are also updated regularly via Market Insight, which is backed by the industry-leading 451 Research M&A KnowledgeBase.

IVIV

E X PA N D I N G I T FO R C E S E X PA N S I O N O F N E T W O R K P E R FO R M A N C E M A N A G E M E N T


Emerging technologies and markets are covered in 451 Research channels including Cloud Transformation; Customer Experience & Commerce; Data Platforms & Analytics; Datacenters & Critical Infrastructure; Development, DevOps & IT Ops; Information Security; Internet of Things; Managed Services & Hosting; Mobile Telecom; Multi-Tenant Datacenters; Networking; Storage; Systems & Software Infrastructure; and Workforce Productivity & Compliance.

Beyond that, 451 Research has a robust set of quantitative insights covered in products such as Voice of the Enterprise, Voice of the Connected User Landscape, Cloud Price Index, Market Monitor, the M&A KnowledgeBase and the Datacenter KnowledgeBase.

All of these 451 Research services, which are accessible via the web, provide critical and timely analysis specifically focused on the business of enterprise IT innovation. For more information about 451 Research, please go to: www.451research.com.

V


Table of Contents

1. NETWORKS ARE VITAL – AND PERFORMANCE MANAGEMENT GOES BEYOND THEM 1

Figure 1: In Two Years, More than Half of Workloads Will Run in Cloud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Figure 2: Wi-Fi and Ethernet Underlie Most Digital Enterprises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Figure 3: Network Monitoring Grows Rapidly . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

2. ANALYSIS: THERE’S AN APP FOR THAT NETWORK MONITOR 5

CISCO/APPDYNAMICS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

RIVERBED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

THOUSANDEYES. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

EXTRAHOP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

CORVIL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

NETSCOUT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

GIGAMON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

IXIA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

CPACKET NETWORKS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

PLURIBUS NETWORKS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

BIG SWITCH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

KENTIK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

SEVONE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

SOLARWINDS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

APCON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

NS1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

FLOWMON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

PAESSLER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

3. WHAT NPM VENDORS ARE BEST-POSITIONED TO TAKE ON APM AND IT OPS? 15

4. CONCLUSIONS AND RECOMMENDATIONS 17

VI



5. FURTHER READING 18

6. INDEX OF COMPANIES 19

VII


1. Networks Are Vital – and Performance Management Goes Beyond Them

T H E N E T WO R K TO U C H ES A L L , S E ES A L L

The network performance management (NPM) market is now more important than ever.

Over the years, the network has become integral to IT operations – indeed, the backbone of IT. PC LANs introduced a whole new era of workplace productivity during the 1980s, followed by client/server computing, which distributed enterprise LAN connectivity and application sharing to remote offices and regions. Then came the internet, which quickly morphed from an arcane research network to a consumer novelty and then to a requirement for enterprise networking. Now the latest advance is cloud–a rapidly-growing landscape, as Figure 1 shows.

Figure 1: In Two Years, More than Half of Workloads Will Run in CloudSource: 451 Research’s Voice of the Enterprise: Cloud Transformation, Workloads and Key Projects 2017

54.6%

39.6%

12.7%

14.1%

7.8%

9.2%

9.8%

15.9%

15.0%21.2%

Today (n=443) In Two Years (n=450)

Axi

s Ti

tle

SaaS

IaaS

Hosted Private Cloud

On-Premises Private Cloud

Non-Cloud

OVERALL CLOUD USAGE:

45% of workloads today

60% in two years

All of these transitions have one thing in common: a foundation of Ethernet/IP networking. Since the leading connectivity mediums for IoT, the foundation of the digital enterprise, are Ethernet and Wi-Fi (see Figure 2), the network monitoring and visibility tools for Ethernet and Wi-Fi become those for IoT as well.

1



Figure 2: Wi-Fi and Ethernet Underlie Most Digital EnterprisesSource: 451 Research’s Voice of the Enterprise: Internet of Things, Budgets and Outlook 2016Q: Which of the following network connectivity technologies do you currently, or plan to, leverage for the majority of the

IoT connections?

Q1 n=450

Q2 n=372

Q3 n=444

Q4 n=397

WIFI 71.3% 78.2% 75.5% 79.1%ETHERNET 68.4% 76.9% 69.4% 70.8%

3G/4G 24.7% 36.6% 34.0% 54.2%BLUETOOTH LOW ENERGY 16.9% 30.4% 23.4% 27.2%

LTE-M 12.0% N/A 13.3% 15.4%LTE-A 10.7% 22.6% 26.6% 12.6%

2G/GPRS 3.8% 15.6% 13.5% 10.1%ZIGBEE 3.8% 11.6% 8.1% N/A

LORA 2.0% 5.9% 6.5% 5.0%THREAD 1.8% 3.2% 1.6% 3.0%NB-LTE 1.6% N/A 5.4% 4.0%SIGFOX 1.6% 2.4% 1.8% 2.8%

NON-THREAD 802.15.4 6LOWPAN 0.9% 6.2% 2.3% 4.8%Z-WAVE 0.9% 6.5% 5.0% N/A

WEIGHTLESS-N 0.4% 3.0% 2.3% 3.0%5G N/A N/A N/A 14.1%

As IT evolves to embrace cloud, IoT, mobility, etc., the one constant is the network. Monitoring how that network performs is a vital IT function.

N P M I S N OT J U ST FO R N E T WO R KS A N Y M O R E

NPM is also going through a technological sea change. Capturing and analyzing packets and flows might be sufficient to observe network operations, but determining how networked IT operates requires moving up the stack and gaining visibility into applications.

As a result, NPM vendors have been adding, augmenting and positioning their products as arbiters of application performance. The network sees and touches everything, so visibility must provide insight into what’s running on it (see Figure 3).

2



Figure 3: Network Monitoring Grows RapidlySource: 451 Research, 2017

VENDOR ACTIVITY DATE RATIONALE

APCON IntellaCloud April 2017Virtual TAP agents for visibility into public cloud VMs

CISCO AppDynamics buy January, 2017 Large scale APM for broader IT analytics

CPACKET IoT monitoring, cBurst February, September 2016

Scale to aggregate IoT devices to collect summarized time-series data; proactive alerts for streaming UDP feeds such as financial market data, unified communications and video

RIVERBED Aternity buy July 2016 End user experience mgmt.

THOUSANDEYES Endpoint Agent August 2016 Visibility into overall app. performance

EXTRAHOP ExtraHop 6.0, Addy Sept. 2016, March 2017Network as a rich data source for IT ops; SaaS-based anomaly detection for IT ops

CORVIL Sensor April 2017 Visibility for workloads in the public cloud

KENTIK nProbe server agent September 2016Tie application performance issues to network factors

NETSCOUT

Virtual TAPs, probes, disaggregated packet brokers June 2017 Cloud visibility on par with on-premises insight

GIGAMON Visibility Platform for AWS November 2016

allow AWS tenants to get visibility into network traffic traversing the VPC

IXIA CloudLens April 2017 Visibility into public cloud workloads

FLOWMON Flowmon APM 2015

Agentless probe that monitors HTTP/HTTPs, SQL, Oracle and MySQL application- and database-generated network traffic

PAESSLER Cloud HTTP Sensor April 2015

Monitors the loading time of a web server via Hypertext Transfer Protocol (HTTP) from different locations worldwide using the PRTG Cloud

SEVONE

Digital Infrastructure Management Platform, NFV Assurance May 2016, 2017

Collect and visualize network, storage, IT and IoT behavior and performance, and the impact on user experience; detection of when and where a VNF is deployed on the Red Hat Open Stack

NS1 Pulsar January 2016

Determines the impact of application performance on business in enterprises deploying hybrid- and multi-cloud IT

SOLAR WINDS

Acquisitions of Librato, Pingdom, Papertrail and TraceView

June 2014, January, April 2015, September 2016

Cloud performance monitoring ; synthetic testing and real user monitoring; SaaS-based log management; distributed tracing for monitoring homegrown applications

3



Cisco, the largest networking vendor on the planet, spent billions in January to acquire AppDynamics, an application performance monitoring giant that offers APM, server monitoring, real-user monitoring, synthetic monitoring and logging. With AppDynamics’ analytics platform, which uses machine learning to detect automatic baselines, Cisco can also offer users the ability to examine the relationship between business data and application performance.

As well as monitoring IoT endpoints, Cisco envisions its new acquisition as a chief contributor to a centralized IT operations data repository, from which customers will be able to import data from a variety of Cisco and third-party sources. From Cisco, those sources include its Tetration data analytics platform, network monitoring, Cisco Umbrella and now AppDynamics. Cisco’s not alone in attempting to bring this centralized IT data source to market. We’re increasingly seeing monitoring vendors at the very least discussing this concept, if not actively working on it.

Riverbed is gradually developing and acquiring the building blocks of its own NPM/APM/IT ops monitoring solution. For APM, it acquired Aternity in July 2016. Aternity develops a management agent for laptops, desktops and mobile devices that measures the performance of applications, including internal on-premises and SaaS programs like Office 365 and SAP, accessed from end-user devices. With the Aternity purchase, Riverbed will be able to combine EUE management capabilities with its SteelCentral NPM and APM tools in an end-to-end network and application experience tracking solution for overall IT operations monitoring.

Other NPM pure-plays have been increasing the APM content and relevancy of their products in an effort to tightly tie on-premises and cloud application and IT performance directly to the underlying network behavior (and vice versa, in some cases). Last year, border gateway protocol (BGP) performance monitoring developer ThousandEyes released an endpoint agent designed to enable internet-dependent enterprises to measure their overall experience and network behavior. ExtraHop Networks is targeting IT operations monitoring with ExtraHop 6.0 by transforming the network from a transport medium to a rich-data source. The intention is to enable IT teams to streamline the workflow of real-time performance metrics for application, security, network and business services to associated packets in ‘five clicks or less.’

Advancements in machine learning and behavioral analytics contribute to these efforts. Shortly after debuting ExtraHop 6.0, ExtraHop unveiled Addy, a SaaS offering that harnesses machine learning to automate anomaly detection in the cloud. And while not an NPM pure-play, HPE Aruba acquired Niara, a developer of behavioral analytics for security monitoring that will broaden HPE Aruba’s ClearPass policy-based network access control application into a programmable platform for internal network security.

Other NPM heavyweights, like NetScout, Gigamon and Ixia, are offering ways to gain visibility into public cloud workloads, a sticky wicket that’s been vexing enterprises up to now as they embrace IaaS and SaaS to augment and offload on-premises computing.

4

https://451research.com/report-short?entityId=91474


2. Analysis: There’s an App for That Network Monitor

Evaluation of the vendors in the enterprise NPM market shows a conscious incursion into enterprise and cloud APM, and from there into IT operations monitoring. The results indicate a natural, needed and necessary evolution of traditional packet-level data capture and analysis business concurrent with the increasing importance of the network in IT, especially as cloud pervades the computing landscape.

CISCO/APPDYNAMICSThere’s a reason Cisco paid the highest multiple ever for a software firm with more than $50m in revenue: AppDynamics, its largest acquisition in almost five years, has set the pace (along with New Relic and Dynatrace) in APM over the past seven years. Both were sued by IT operations giant CA Technologies, a sure sign that they’ve been formidable and credible competitors to the larger, more established APM vendors and taking business from them.

AppDynamics’ traditional strength is in managing application performance across end-user, app, database and infrastructure tiers for large-scale deployments. The company targets large enterprises that require application monitoring at a massive scale. AppDynamics focuses on ‘application intelligence,’ providing business and operational insights into app performance. In addition to IT operations staff, it’s looking to attract business analysts, developers and IT decision-makers as potential clients, and has a variety of offerings to do so.

Business iQ is an AppDynamics service that can analyze data collected via all of AppDynamics’ products, as well as data from other business platforms, to display analytics that might be useful for IT users and line-of-business executives. The Virtual War Room is a shared space where IT operations, development teams and business users can work together to view and resolve IT problems. DevOps teams also get shareable preconfigured reports that can be automatically generated and sent to key stakeholders. Additionally, AppDynamics offers deep-dive database monitoring of SQL and NoSQL apps, including Microsoft SQL Azure DB cloud database services. The company makes its programs available in the cloud as SaaS and as licensed, locally installed software.

AppDynamics is one of three strategic IT analytics pillars for Cisco, the other two being its Tetration data analytics platform and DNA, a new data abstraction platform designed to connect application performance impact to users, devices, locations, security posture, policy compliance and multiple other contexts.

Cisco already offers visibility into application performance on the wire, with both passive and active monitoring technologies involving deep packet inspection, application recognition, packet capture, anomaly detection and synthetic transaction tests. These technologies are embedded in its devices and deployed/visualized network-wide in tools such as Prime Infrastructure and companion Network Analysis Modules (available as appliances and VMs). However, the company acknowledges that there is further potential work in this area involving the big-data and machine-learning capabilities of its newly evolving Network Data Platform, as well as centralized automation and analytics with Cisco DNA Center.

With the acquisition of AppDynamics, Cisco has added the ability to look deep into the application stack from the top down, based on code insertion and targeted data collection around app service performance and troubleshooting across datacenter infrastructure. Complementing this is the ability to discover application dependencies and relationships across datacenters, networks, users and application infrastructure – the role of Tetration – in order to easily deploy policies, derive service impact and remediate app performance issues with priority from a business perspective. With StealthWatch, Cisco already has the ability to detect security anomalies based on highly granular application and user traffic flow analytics.

Cisco is expected to tightly integrate DNA Center, Tetration, StealthWatch and AppDynamics into a cohesively operational whole for a broad and comprehensive IT analytics offering. With key focus on solving use cases involving users, networks, application performance and policy, Cisco is looking to tie together the three dimensions of users, network stacks and application stacks; provide visibility across the stacks; and enable deep troubleshooting analytics and threat/anomaly detection. Partner ecosystem integrations will provide remediation across business applications, collaboration tools, L4-L7 network services, and edge-distributed hosted containers and analytics for the digital enterprise.

5



RIVERBEDRiverbed’s SteelCentral product line includes NPM, APM and EUE monitoring. The last is where Aternity fits in, and it aligns more closely to the APM portfolio.

Aternity’s software is a management agent for laptops, desktops and mobile devices that measures the performance of applications, including internal on-premises and SaaS programs like Office 365 and SAP, accessed from end-user devices. (Existing end-user APM is typically at the browser level for external applications.)

Riverbed already offered network and APM in SteelCentral (it acquired APM vendor OPNET in 2012), but it lacked internal EUE management from the endpoint device, though SteelCentral supported EUE and application management from the browser for external applications. With Aternity, Riverbed now claims an end-to-end offering in network and APM.

Aternity discovers three streams of data that affect EUE: users and their locations; devices and their operating systems; and applications, processes and health indicators. User data covers attributes such as identity, role, department, office and geographic location, subnet and VPN. Device data includes make and model, number of cores, disks and shared drives, OS type, version and service pack, boot services, running processes, and the top processes consuming CPU, memory and I/O resources. Additionally, Aeternity reveals all local, cloud, web or instrumented enterprise mobile apps running on any physical, virtual or mobile device. The software generates a baseline for every application, device and user performance metric collected. Baselines can be split by location, subnet or target server, so that a granular baseline exists for different groups of users. Users can also set manual thresholds for acceptable performance.

If performance deviates from a baseline or threshold, Aternity generates alerts and opens trouble tickets, analyzes the business impact and affected groups, and identifies probable cause.

Additional analytics in the management application include application performance through a color-coded score and a User Experience Index that accounts for application wait time, crashes, hangs and errors; compliance assessment against service-level objectives across the enterprise; and alert generation to third-party service desk and IT operations and administration systems.

THOUSANDEYESEndpoint Agent allows end users to measure their overall experience and network behavior. It marks ThousandEyes’ entry into EUE management and broader APM functionality.

Enterprises need to have visibility and management control over facilities they do not ‘own’ as their private networks. VPNs provide security and virtual privacy, but not visibility into application performance. ThousandEyes’ Endpoint Agent extends network visibility to employee laptops and desktops, as well as enterprises’ network access infrastructure. Along with the company’s Enterprise and Cloud Agents, it enables IT teams to pinpoint and troubleshoot end-user performance issues for applications deployed on-premises or in the cloud.

The endpoint becomes a vantage point from which to monitor the performance of SaaS suppliers, allowing organizations to determine if a loss, latency, web response time or page load completion problem is with the application vendor, the public/private network infrastructure or the enterprise. As applications and workloads share the resources of on-premises and off-premises clouds, monitoring the EUE from the end-user device becomes increasingly necessary.

Endpoint Agent discovers the network environment employed by each user, regardless of location (on-site or off), and feeds data to ThousandEyes’ map of the enterprise network infrastructure. That infrastructure includes wireless access points, gateways, proxies and VPN termination points monitored by Endpoint Agent, as well as branch-to-branch/datacenter/cloud monitored by Enterprise Agents, plus SaaS application and ISP infrastructure performance metrics gathered by Cloud Agents.

6



EXTRAHOPExtraHop introduced ExtraHop 6.0 to not only augment its network visibility through NetFlow support, but also position network visibility as a rich-data source for APM and overall IT operations monitoring.

ExtraHop 6.0’s new ExtraHop Trace Appliance (ETA) performs continuous packet capture and write-to-disk at a sustained 10Gbps. It ingests data from a SPAN port or TAP monitoring tool, and encrypts the packet data at rest.

ETA also enables users to drill down into packet transaction records stored in the ExtraHop Explore Appliance (EXA) and into auto-discovered devices for analysis and other visual queries. NetFlow collection in the ExtraHop Discover Appliance (EDA) gives the device visibility into remote sites and edge routers. The EDA ingests NetFlow v5, v9 and IPFIX flow reports for storage and query, then combines them with wire-data metrics for a more holistic view of the IT environment.

With NetFlow and packet capture, ExtraHop 6.0 now gives users transaction-to-packet correlation capabilities to search and download packets linked to a specific device, application or transaction record. This capability is woven into the ExtraHop 6.0 workflow so that IT administrators can quickly zero in on any transaction, message or flow on the network and identify the records tied to any particular incident.

In addition to ExtraHop 6.0, the company unveiled Addy, a machine-learning-based SaaS for anomaly detection and overall IT operations monitoring. Addy detects anomalies in wire-data metrics collected from ExtraHop’s Discover appliances located on-premises. Machine-learning computation occurs in the ExtraHop cloud.

ExtraHop’s heritage is in stream analysis of wire data. The company’s products use stream processing and reassembly to inspect real-time Layer 2-7 traffic flowing over the wire. The data is structured into the intended transaction, flow or session, and enables users to drill down into the individual metrics, users, applications and packets. Machine learning augments this by enabling the visibility infrastructure to learn about changes and anomalies on the wire, and make problem resolution and security detection far more intuitive, proactive and immediate through this added intelligence and automation.

The linchpin of Addy is ExtraHop’s Discover appliance. Using wire-data metrics from Discover, Addy builds continuous baselines for every device, network and application, then proactively detects and surfaces potential issues in the environment. The Discover appliance provides visibility into network elements through reassembly and analysis of packet streams at a sustained 40Gbps.

The ExtraHop Command appliance federates data across multiple appliances and presents them through the ExtraHop user interface. Addy alerts are presented in near real time, and anomalies and outages are represented graphically.

CORVILCorvil’s Sensor software aims to provide packet-level instrumentation of VMs in public, private and hybrid cloud environments. As is Corvil’s tradition, Sensor, a low-overhead software daemon that can be instantiated on a VM, uses streaming wire data analytics optimized for real-time monitoring, forensics and analysis of cloud workloads.

Sensor offers access to time-stamped packet data streams across private and public infrastructure. Corvil’s streaming analytics can be instrumented for insight into HTTP, database and storage, and other applications displayed on existing customer dashboards. Additionally, Sensor facilitates comparisons of performance and application behavior between on-premises and cloud-deployed workloads, and between different cloud providers, side-by-side on the same dashboards. The impact of cloud infrastructure, such as software, network, load-balancers and firewalls, on application performance can also be monitored.

7



NETSCOUTNetScout is introducing new software versions of its probes for extending on-premises instrumentation and visibility into large server farms in the datacenter as well as to off-premises clouds. These software probes are intended to offer the same level of visibility as traditional probes deployed in conventional on-premises datacenters. With this release, NetScout enables enterprises to retain holistic visibility into applications and their dependencies across IT infrastructure and control service assurance, including application and network assurance, as they migrate applications and other workloads to public clouds. For cloud environments that cannot be instrumented by the new software probes, such as SaaS, NetScout provides synthetic testing of application performance through nGeniusPULSE.

Probe software versions include vSCOUT and vSTREAM, which complement the existing Adaptive Session Intelligence (ASI+)-based probe appliances such as InfiniStreamNG. They provide real-time visibility into live packet and flow data for workloads in public, as well as private, clouds. As NetScout officials said at a recent analyst event, ‘With software, you can put probes where you couldn’t put them before.’

NetScout’s vSCOUT probe can operate in two modes. In the continuous monitoring and source processing mode, it utilizes ASI+ technology to process the collected application data in real time at the source, and offers proactive reports of critical key performance indicators (KPIs) to the Virtual nGeniusONE and/or the nGeniusONE Service Assurance platform. In the forwarding mode, vSCOUT tunnels the collected data to the vSTREAM and/or InfiniStreamNG appliance for aggregated processing. The tunneling encapsulation may vary based on the support by the public cloud provider – AWS supports generic routing encapsulation tunnels while Microsoft Azure requires IPSec tunneling.

ASI+ analytics are aimed to support service architecture design, capacity planning, SLA and user experience monitoring, root-cause analysis, proactive triage of application and network issues, anomaly detection for service- and security-assurance purposes, and service dependency. The Virtual nGeniusONE and/or the nGeniusONE Service Assurance platforms aggregate the information from all the ASI+ probes and provide an overarching view into the performance characteristics of all infrastructure and application components associated with delivering IP-based services and their interdependencies. These platforms offer service-contextual workflows and role-based access controls to allow the different IT team members to utilize the platform in a fashion tailored to their respective needs. The ASI+ includes metadata on RAN and Wi-Fi for mobile access to the enterprise/cloud network. With vSCOUT and vSTREAM, NetScout is looking to make ASI+ instrumentation pervasive, enabling enterprises and service providers to implement what is essentially a global ASI+ sensor network.

GIGAMONGigamon’s Visibility Platform supports Application Session Filtering (ASF), a feature that identifies applications based on signatures or patterns that can appear across any part of the packet payload. ASF extracts entire sessions corresponding to a specific application, and optimizes security tools for application inspection by forwarding only the relevant application(s) and offloading application identification to Gigamon’s GigaSMART applications. GigaSMART performs further network traffic optimization – such as NetFlow/IPFIX and network metadata generation, SSL decryption and VLAN header stripping – before sending that traffic to the appropriate monitoring or security tool.

With the rising use of SSL/TLS encryption in enterprise networks, APM tools deployed out-of-band need to get access to decrypted traffic. The move to Diffie-Hellman key exchange in enterprises today complicates this, as decryption of modern cipher suites such as Diffie-Hellman can only be done in line. Gigamon’s SSL Decryption GigaSMART application is intended to address this for IT administrators who need access to decrypted traffic for their application monitoring tools. The Gigamon Visibility Platform can decrypt SSL traffic and deliver it concurrently to both out-of-band APM tools and inline security tools.

For public clouds, Gigamon Visibility for AWS is designed to allow AWS Virtual Private Cloud (VPC) tenants to get visibility into network traffic traversing the VPC using this platform. The solution consists of an AWS agent (G-vTAP) in the tenant VM selected for monitoring, and traffic policy filters configured to mirror the VM’s interface traffic to a Gigamon virtual visibility node (GigaVUE-V Series). The GigaVUE-V Series node then filters traffic and applies additional traffic intelligence, such as slicing, masking and sampling, before delivering the traffic to the tools in the same VPC, a different VPC, a different availability zone or the on-premises datacenter for a hybrid deployment.

8



To simplify on-boarding, the GigaVUE-FM Fabric Manager acts as the orchestration plane and integrates with Amazon EC2 APIs and Amazon CloudWatch to understand the inventory of instances (tenant VMs) that need to be monitored and any changes as new tenant VMs come up/are torn down. The Gigamon Visibility Platform also has the capability to perform Automatic Target Selection, wherein the system can extract any traffic that matches policies of interest without the need to apply the policy to any specific tenant VMs – an important attribute in auto-scale architectures.

For private clouds, Gigamon’s GigaVUE-VM allows VMware and OpenStack VM traffic flows of interest to be selected, forwarded and delivered to the monitoring infrastructure centrally attached to the GigaVUE platforms. The program can use VMware NSX’s Dynamic Service Insertion feature to associate visibility policies with security groups, providing traffic visibility for applications as they scale up. GigaVUE-VM is part of the Gigamon Visibility Platform for end-to-end visibility across physical and virtual network infrastructure. This integration can also enable aggregation, replication and sharing of traffic streams across multiple monitoring tools and IT teams.

IX IAIxia unveiled CloudLens Public in April, around the same time that network tester vendor Keysight Technologies announced intentions to acquire Ixia for, among other assets, a strong software-based network test and monitoring business. CloudLens, a SaaS network visibility offering, uses a container-based application residing in the data source, as well as security and monitoring tool instances. For now, it is intended to provide insight into workloads in AWS public clouds.

CloudLens Public uses a serverless architecture, leveraging a microservices-based design with two components: a SaaS web interface where cloud visibility is managed and a Docker-based container that sits within source instances (sensors) and tool instances (connectors) in a customer’s environment. Filtering and packet brokering take place via the sensors in the source instance, and filtered packet data is sent over a secure overlay path – independent of the network infrastructure – to the CloudLens connector in the security and monitoring tool instances. One CloudLens sensor can route to multiple tools.

With CloudLens Public, customers identify source and tool instances and load the Docker-based components – sensors and connectors, respectively. These elements gather metadata from instances, which they share with the management layer in the SaaS component. Using metadata, customers define source and tool instance groups. Then a secure visibility path can be dragged, dropped and load-balanced between associated source and tool groups based on security and monitoring policies. Filter rules are configured at the source sensor, so traffic is optimized for tools. As new instances appear, they are automatically categorized into groups based on their metadata details, expected behavior or duty within the visibility context. The new instance’s packet data is filtered and sent to tools, just like other instances in its group, with no additional configuration or human intervention necessary.

The goal of this cloud visibility workflow is to enable elastic scalability, as groups of source instances can be divided among targets of tool instance groups. Single points of failure are avoided because CloudLens Public is not routing packet data to a virtual in-line packet broker; it is filtering at the source instance and then sending packet data securely to the tool instance.

Ixia plans future expansion of the CloudLens platform in 2017 to support Microsoft Azure public and VMware vCenter private clouds.

Ixia also offers two products (Hawkeye and IxChariot) that simulate and synthetically test applications to determine how they would perform on a network. Hawkeye offers a single web-based interface that scales to monitor hundreds of endpoints at remote sites, datacenters, headquarters, or private or public clouds. These endpoints generate synthetic traffic to inject into and receive from the live network, reproducing real users’ traffic patterns.

IxChariot uses software agents called Performance Endpoints to simulate application traffic and deliver performance metrics to a central management console. It assesses the performance and reliability of networks and applications running on wired and wireless infrastructure and in virtual datacenters. Performance Endpoints run on mobile, PC, Mac or in any hypervisor or cloud service. KPIs on emulated applications include throughput, packet loss, jitter, delay, Mean Opinion Score and over-the-top video like Netflix and YouTube.

9



Ixia also has AppStack for signature-based application layer filtering. Applications are identified and filtered based on signature, browser, OS, IP address and geolocation, while traffic flows are separated by application type, device, OS, browser, carrier or BGP AS#. They can then be forwarded to the appropriate security tools.

CPACKET NETWORKSAs NPM and APM increasingly overlap with traditional network-monitoring tools, cPacket continues to evolve its traffic-visibility offering – and as IoT becomes an increasingly integral part of IT and the digital enterprise, cPacket’s Intelligent Monitoring Fabric (IMF) distributed network visibility architecture assumes even greater significance. For instance, cPacket’s cVu monitoring appliances can be scaled out to aggregate IoT devices to collect information such as summarized time-series data. Additionally, IMF provides visibility to intra-server traffic on each hypervisor by leveraging the hypervisor’s virtual tap feature.

IMF also includes a microburst detection feature called cBurst. The cBurst software leverages cPacket’s cVu monitoring (capable of 8x100Gbps, 4x100Gbps and 32x40Gbps real-time line-rate performance analytics and packet inspection across L2-L7) and cStor forensic storage appliances, enabling these devices to perform real-time monitoring of 1,000 data streams per port at one-millisecond resolution. Typical NPM systems running a one-second resolution would miss microbursts, cPacket says. Furthermore, cBurst allows individual configuration of the analytics on each of the 1,000 data streams, providing proactive alerts for streaming UDP feeds – such as financial market data, unified communications and video – and ensures packet stream continuity across link-speed transitions (e.g., 40Gb via 10Gb through trunks, stacking or infrastructure).

PLURIBUS NETWORKSOver the years, Pluribus and other software-defined networking (SDN) datacenter fabric startups honed their focus on the analytics use case for SDN. In a virtualized environment like an SDN, visibility into network behavior and application performance and security is lacking – so why not software-define a fabric for capturing packet- and flow-level metrics to ensure datacenter network uptime and application availability, and to detect suspicious patterns?

Pluribus’ Netvisor fabric software is a virtualized NOS that provides layer 2 and layer 3 forwarding and distributed fabric intelligence and virtualizes the switch hardware, similar to the way that VMware virtualizes a bare-metal server. A single switch can instantiate multiple per-tenant virtual switches, each with integrated telemetry, policies, state and virtualized network services and functions. These switches can be configured as virtual network packet brokers as well, and each can be accessed and managed independently.

Netvisor telemetry generates metadata on individual TCP connections, east/west and north/south traffic flows and virtualized workloads for network and application performance monitoring. Netvisor vPort technology collects and updates all switch-to-switch communications, configuration, policies and state information across the fabric, as well as the location, identity, policy and history for each endpoint – including fabric-attached VMware server clusters in private or public clouds (such as AWS and Azure).

A Pluribus analytics application called Insight Analytics (IA), hostable on Netvisor, offers flow-based views of the datacenter network for insight into application performance. IA is intended to offer a business context view into datacenter network operations, helping translate raw analytics into business decisions. The application adds business metadata and the ability to incorporate it in relation to the flow of information between various datacenter resources. It includes specific business attributes, among them organization, location, project type, funding source and ownership, and maps these to flows from Nutanix hyperconvergence software, VMware and IP storage (iSCSI, NFS).

Each flow of information or transaction is tagged with these attributes and stored for subsequent trending analysis. Users can also utilize any combination of these tags to create role-based ‘project views’ and dashboards.

IA is offered by Pluribus partner Dell as a network-monitoring option from its software-defined Open Networking ecosystem.

10



BIG SWITCH Big Switch is another SDN datacenter fabric software provider that has singled out NPM and analytics with a separate product offering and then extended it with more APM/IT visibility features. The company’s SDN offering for analytics is Big Monitoring Fabric (BMF): network packet-broker controller software that runs on bare-metal and white-box switches equipped with Big Switch’s Switch Light operating system. It is designed as a visibility fabric that enables enterprise-wide monitoring as well as multi-tenancy for multiple IT teams (NetOps, DevOps, etc.) to simultaneously perform network monitoring using in-line or out-of-band tools and policies.

BMF extends visibility into cloud-native application traffic, which includes dynamic monitoring of VMs, containers and public cloud environments like Amazon Web Services (AWS). For private clouds, the fabric provides VM-to-VM traffic visibility in VMware vSphere environments through the Big Monitoring Fabric Controller, which Big Switch says alleviates the need for a specific monitoring VM in every vSphere host, as well as its associated cost and server performance hit. The fabric also provides container-to-container traffic visibility when deployed on bare metal hosts or within vSphere VMs.

In addition, BMF can be configured into a security visibility fabric. This so-called Big Secure Architecture includes BMF as an SDN-based inline fabric deployed at the datacenter edge or in the DMZ for connecting third-party security tools and creating service chains. The BMF SDN controller supports programmatic operations of multi-system interactions, load balancing and security service chain reconfiguration through RESTful APIs.

Once a security tool detects an attack, it can interact with the BMF controller via programmatic APIs to redirect incoming traffic for mitigation. Depending on the type of attack, the controller activates SDN fabric and compute resources for attack mitigation, reconfigures the service chain to redirect traffic to mitigation infrastructure, and load-balances traffic across a cluster of service nodes and NFV hosts for scale-out mitigation.

Big Switch has strategic partnerships with Dell EMC and Accton Technology (Edgecore Networks), as well as several others across a broad spectrum of networking industry players, including A10 Networks, ExtraHop, Riverbed, FireEye and Symantec.

KENTIKKentik was founded by network operators who believed they lacked the tools they needed to manage large, complex networks and identify the root causes of application performance issues, security problems or outages. They realized that pinpointing faults can be a complex, multi-step process, requiring the isolation of specific variables and involving a large number of devices and interdependencies. These intricacies complicate the creation of baseline network performance, the ability to identify trends in bandwidth growth and the capacity to troubleshoot application-performance issues.

Kentik offers the Kentik Detect service, which operates on top of the company’s Kentik Data Engine big-data platform. Users/operators access the Kentik Detect service (available on a SaaS subscription basis) via the Kentik Detect portal – a web-based interface – or APIs. Kentik Data Engine ingests tens of billions of network data records per day in real time and allows users to run multidimensional queries and receive visualizations in a few seconds. Kentik Detect applications can access this data for DDoS detection, peering analytics and network visibility. Through the Kentik Portal, network operators can filter and group the data for subsequent analysis. Third-party applications, such as existing network operator management systems, can also access this data via SQL queries or a REST API.

Early this year, Kentik unveiled a server agent – the results of a partnership with ntop – that resides on app or load balancer servers in any DC or cloud environment. This nProbe agent, a component of Kentik’s NPM offering, is designed to monitor latency, retransmits, out of order and fragmented packets based on actual application traffic flows. The nProbe agent then sends performance and flow data to Kentik Detect via IPFIX packets. Kentik Detect ingests the performance data and stores it unsummarized, along with billions of other pieces of flow, BGP and GeoIP data, for 90 days.

Kentik NPM is intended to optimize networked and distributed application performance by monitoring HTTP and database calls for three-tier networked applications. It helps IT understand whether application performance issues are related to network factors.

11



Kentik NPM also evaluates network API communications for highly distributed applications to recognize and diagnose emergent performance issues and measure the relative performance of API partners for vendor selection. It also helps guide IT decisions on distributed application architecture, such as when to locally cache network API calls.

SEVONESevOne’s Digital Infrastructure Management Platform is designed to collect and visualize network, storage, IT and IoT behavior and performance, as well as the impact on user experience. The appliance integrates network metrics, flows and logs in one device, or a cluster of devices for scale. Monitoring and logging capabilities include SNMP, NetFlow, sFlow, VM spins, HTTP, VoIP, DNS, ICMP and others.

With baseline metrics, users can attempt to understand what happened; why it happened (through logs); and to whom it happened (through flows). Behavior and performance data can be viewed to improve user experience, perform capacity planning, reduce MTTR and optimize resources in enterprise LANs and WANs, carrier networks, Wi-Fi deployments, IoT infrastructure and cloud datacenters. The target customer is the head of an IT operations team.

The most recent version of the Digital Infrastructure Management Platform includes analysis and interaction with SDNs, SD WANs, VMs, containers and hybrid cloud. Upcoming releases will include further support for container-based microservices, such as visibility into load and memory, and container performance management. The platform also supports visibility into VMware server virtualization environments, Docker containers and Cisco ACI SDNs. Sample use cases include keeping tabs on the opex of policy-based automation, automated mappings of Cisco ACI physical and virtual elements, ACI service assurance, and understanding how infrastructure performance affects applications and services.

The Digital Infrastructure Management Platform can also collect topologies of Mesos, Docker and Kubernetes container-based cloud implementations, as well as performance metrics from AWS VPC-based cloud environments. It integrates alerts and conditions from other operational and automation tools through a RESTful API, and tests network paths by using synthetic traffic to measure application and service performance, as well as EUE.

In addition to the application and cloud performance extension in the Digital Infrastructure Management Platform, SevOne also allied with Red Hat to provide multi-layer service assurance of virtualized network functions (VNFs) and NFV infrastructures for OpenStack clouds. The SevOne Carrier NFV Assurance Solution enables detection of when and where a VNF is deployed on the Red Hat Open Stack NFVI; it draws a broad range of metrics from flow, log and metadata information across diverse elements at both the physical and virtual layers of the NFV implementation.

Both the NFV Service Assurance Solution and the Digital Infrastructure Management Platform are intended to provide real-time analysis of data, with automated baselining to inform the enterprise how an application should be performing and anomaly detection to alert the enterprise when it is not.

SOLARWINDSSolarWinds has perhaps been the most aggressive in expanding from NPM into APM.

The company’s traditional business has been in NPM and 50% of its revenue is still derived from on-premises NPM. But over the past few years, SolarWinds has been adding APM and server monitoring to its Orion on-premises IT monitoring platform and, at the same time, acquiring several SaaS companies addressing various areas of APM and IT operations monitoring. These companies include Pingdom, Librato, Papertrail and TraceView.

TraceView is the most recent of these acquisitions, obtained last September from APM vendor AppNeta. It provides a distributed tracing system for monitoring homegrown applications that uses code-level agent instrumentation to detect internal tiers of an app, as well as external dependencies such as APIs. The tool detects hosts and services that appear or disappear as an app scales or a new deploy is pushed, and offers standard metrics about resource usage as well as real user monitoring.

12



As for the previous acquisitions, Pingdom offers synthetic testing and real user monitoring for web/internet performance management services. Services include uptime monitoring, web performance monitoring, web transaction tracing, and alerting and reporting. Librato provides tools for performance monitoring of infrastructure and applications on public clouds, such as AWS and Heroku, or in its own datacenters. Its services can help determine workload capacity planning, among other use cases. Papertrail offers SaaS-based log management and analysis tools targeted at IT performance and operations management use cases, specifically for web-based applications.

These cloud services offerings join SolarWinds’ on-premises Orion NPM platform, which in and of itself offers agent and agentless cloud application management, database performance management and public cloud instance monitoring via integration with AWS’s CloudWatch API. Orion’s NetPath feature shows the network impact on hybrid apps, and its AppStack component offers an ‘app-centric view’ of the IT environment, including discovery and dependency mapping. Orion can support over 200 applications ‘out of the box’ and 1,000 more from the ecosystem community, SolarWinds officials say.

Some of the capabilities of Orion overlap with those of other cloud-based SaaS offerings. But SolarWinds’ strategy is to offer three distinct ways to manage IT – on-premises for the CIO and IT executives, cloud-based off-premises for DevOps teams, and outsourced via managed service providers. Surgical integration between all three modes is an ongoing development.

APCONAPCON is also attacking the public cloud opportunity, but for smaller mid-market enterprises. The company’s IntellaCloud offering is targeted initially at AWS public clouds, but Microsoft Azure support will soon follow.

IntellaCloud performs visibility, aggregation, filtering and forwarding. It includes virtual TAP agents that install on targeted VMs and forward mirrored traffic to an IntellaCloud Virtual Controller. The Virtual Controller is its own VM instance in the cloud that aggregates mirrored traffic, applies user-configurable filters and establishes GRE tunnels over which it forwards conditioned traffic to virtual tools within the cloud or backhauls it to an APCON storage device in the on-premises datacenter.

IntellaCloud performs packet slicing to reduce the data load, and for more efficient backhauling, while the filtering capability is intended to optimize performance and security tools by forwarding only relevant data.

NS1NS1 provides managed DNS service to a number of internet companies and CDN providers. But, like other vendors, it is eyeing opportunities for leveraging DNS beyond the everyday use as the ‘address book’ for websites, branching out into the enterprise with the addition of its Pulsar DNS and traffic management service. Pulsar adds real-user measurement along with network monitoring, both of which NS1 believes are critical ingredients for determining the impact of application performance on business in enterprises deploying hybrid- and multi-cloud IT.

Pulsar is intended to adjust infrastructure strategies on the fly in programmatic fashion, based on a real-user measurement steering component combined with network and infrastructure performance data that feeds into its cloud-based DNS offering. Customers are able to use real-time telemetry on latency, throughput, packet loss, jitter, application-specific information and other data to route traffic to an optimal server location.

Telemetry data, collected via JavaScript code, can be generally applicable to end users, or specific to an application or object, such as a large file download. Pulsar takes those measurements and builds routing tables based on the criteria and other live data, rather than just referring a DNS query to the nearest datacenter.

NS1’s services can be managed via APIs that enable an IT staff to keep up with cloud VM deployments. This would be difficult, if not impossible, if the staff had to manually adjust DNS settings all the time. Customers can also feed data to the Pulsar service through the APIs to program custom routing decisions based on business need.

13



FLOWMON Flowmon specializes in NetFlow network visibility and security, while also offering APM on Flowmon Collector, its NetFlow collection appliance, based on network visibility and probes that perform deep packet inspection. An agentless probe (requiring no server-side agents), Flowmon APM monitors HTTP/HTTPs, SQL, Oracle and MySQL application- and database-generated network traffic.

Via TAP and SPAN, Flowmon APM captures and time-stamps packets, and decodes the content to report a variety of metrics. These include number of transactions; application response time; number of concurrent application users; time spent on the transport layer and data size; transaction overview and SLA levels over time; number of error codes over time; and details of individual transactions. Using this information, Flowmon APM provides an APM index that numerically represents application performance in relation to desired SLA levels, where 100 represents performance within SLA limits. Transactions that fall outside the SLA lower the APM index by weighted average, which helps identify problems in HTTP/HTTPs and database applications, as well as affected users. The APM index and metrics are compared with static (predefined) and dynamic (based on application structure) groups, and custom and pre-configured reports are generated.

Flowmon also offers synthetic testing of applications to pre-determine how they would perform under certain scenarios. A combination of synthetic testing and real-time traffic analysis might yield the best insight, Flowmon believes.

For security, Flowmon offers a security monitoring module in the Flowmon Collector GUI that performs behavior analysis for anomaly detection. The company’s probe and collector appliances also support machine learning for intelligent and automated security monitoring and IT analytics.

PAESSLERPaessler’s PRTG platform is primarily positioned as a network monitor, but is also marketed as a visibility platform for all aspects of IT, including applications. It includes WMI and Windows Performance Counters, and SSH for Linux/Unix and MacOS systems. It also monitors HTTP requests and push data, and SQL database transactions.

PRTG uses ‘sensors’ specific to each managed environment – bandwidth monitoring, HTTP, SNMP, Windows, Linux, database, cloud services, etc. – that run on a dedicated PRTG probe server. One of the web server sensors, for example, is Cloud HTTP, which monitors the loading time of a web server via HTTP from different locations worldwide using the PRTG Cloud. The sensor can show response time and response code of the target server, monitored from Tokyo, Ireland, and Northern Virginia and Oregon in the US. From there, it can deliver the global average response time of HTTP web servers.

For Windows, one of PRTG’s sensors is a PerfCounter IIS Application Pool sensor, which monitors a Microsoft Internet Information Services (IIS) application pool using Windows Performance Counters. It can show the overall status of the application pool, such as ‘running,’ ‘initialized or shutdown pending’ and ‘unavailable, uninitialized, stopping, stopped or delete pending’; number of worker processes; number of failures in worker processes per second; number of ping failures per second; number of shutdown failures per second; and number of startup failures per second.

Database sensors include MySQL, Oracle Tablespace and Oracle SQL, Microsoft SQL Server and others. The Oracle SQL sensor monitors a database on an Oracle server and executes a defined query. It can show execution time for the whole request – including connection buildup, query execution, transaction handling and disconnection – execution time of a given query and number of rows addressed. The sensor can also process the data table and show defined values in individual channels.

The Cloud Services options contain several sensors for Amazon CloudWatch, as well as a ‘common’ sensor for SaaS, Dropbox, Google and Microsoft. The Amazon CloudWatch sensor for Elastic Cloud Computing (EC2), for example, monitors performance elements such as CPU utilization, network load in and out, disk I/O, CPU credit usage and balance, and EC2 status checks. The common sensor monitors the availability of several SaaS providers and generates alarms if cloud services are not reachable anymore. This sensor shows the response times of Bing, Dropbox, Facebook, GitHub, Google Apps, Office 365, Salesforce, Twitter and YouTube.

14


3. What NPM Vendors Are Best-Positioned To Take On APM and IT Ops?

It’s hard to argue against the big boys here. They have the incumbency, the financial wherewithal and the human resources to obtain, acquire and/or develop a broad, comprehensive NPM/APM/IT ops offering that encompasses key attributes from each discipline. But needs will, of course, differ among enterprises of varying sizes and IT implementations.

Among networking and NPM vendors, Cisco and SolarWinds appear to have the all-encompassing vision and offerings. Cisco’s approach combines NPM (DNA), data analytics (Tetration) and APM (AppDynamics). It’s a huge integration task to bring it all together, but Cisco’s been down this road before. A complete solution will appeal only to the company’s largest accounts (the Cisco 100), but the parts will take root among its vast installed base in one form factor or another.

SolarWinds has been acquiring many of its APM and IT operations monitoring capabilities to offer as a cloud-based service for DevOps teams. Integration with its Orion on-premises NPM/APM/IT platform appears to be minimal and low priority, as Orion and the Monitoring Cloud arsenal of Pingdom/Librato/Papertrail/TraceView are targeted at different IT constituencies desiring different consumption and implementation models. Still, without tight integration between Orion and Monitoring Cloud, those on-premises customers looking to harness cloud could be enticed by SolarWinds’ competitors.

ExtraHop ranks high on vision and recognition that the network is the richest source of data for IT operations monitoring and analytics. Adding NetFlow support was a necessary, albeit delayed, feature that helps fill out the network traffic visibility story. By harnessing machine learning, Addy should also help remediate application and IT performance issues quicker. ExtraHop might want to better explain how ExtraHop 6.0 and Addy complement each other, and how behavioral analytics comes into play, if at all.

Next up are the public cloud crew, which include established visibility vendors NetScout, Gigamon and Ixia, as well as smaller players Corvil and APCON. NetScout’s entry is the most recent, coming more than six months after Gigamon’s Visibility Platform for AWS. Ixia rolled out the interesting container-based CloudLens in between. Did this give Gigamon an advantage? It’s hard to imagine any customer moving to a rival cloud instrumentation implementation based on a six-month head start, but it will be interesting to see if moving off-premises motivates customers to replace their visibility vendors in the cloud. Corvil and APCON will likely continue to sell into and upsell their bases. APCON may win some new, smaller mid-tier and SMB accounts.

Riverbed, ThousandEyes and SevOne are all targeting the EUE-management end of APM and compete with each other little, if at all. Riverbed focuses predominantly on the MPLS enterprise – retail, government – where its WAN optimization incumbency is a strong beachhead, while ThousandEyes targets large BGP router networks in service and content providers, and in large, internet-centric businesses. SevOne also targets large IT shops in enterprises and service providers. All three companies are shooting for greater end-to-end visibility of application performance and how it correlates to network events. Each should find traction in its respective target market and customer base.

ThousandEyes might compete more directly with Kentik, which also targets a similar customer profile – service providers and web-heavy enterprises. Kentik built its platform on big data SaaS, so it’s modern in design, but as the company attempts to scale down into traditional enterprises, as it is expected to do, its APM story might have to reach the EUE level as well.

The SDN fabric players, Pluribus and Big Switch, perhaps have the most advanced implementations of NPM that also feature APM and IT monitoring extensions, but they’ll face stiff competition from incumbents with implementations that might be more familiar to enterprises. BI is increasingly being targeted by pure-play NPM vendors that compete most directly with Pluribus in datacenter network analytics. And while SDN is a differentiator for Big Switch, established competitors in NPM with more hardware-intensive approaches have been at this for many years, with customers deeply entrenched and familiar with those products and their operation. It may take more than SDN to make a sizable dent in the market.

NS1 pretty much stands alone as a provider and DNS management service looking to dive deeper into enterprises through real-user measurement, application performance, hybrid cloud support, etc. The DNS heritage will likely make NS1 an appealing partner or acquisition for larger NPM players/managed service providers looking to cover all the bases in NPM/APM/IT visibility.

15



Flowmon is strongest in Europe and APAC, and will continue to do well in those theatres. Its APM enhancements are bound to appeal to its base in those regions and in the 30 countries where its customers are located. Similarly, Paessler has a loyal customer base in its 170-country footprint. APM and IT operations extensions aren’t likely to move the meter much but will solidify loyalty among its advocates.

Distributed architecture will make cPacket remain appealing to those enterprises it currently serves, such as financial institutions, and to organizations implementing IoT. Its ability to scale out and detect microbursts through the cBurst software feature will be key to monitoring network impact on application performance in those environments in particular. One potential drawback of the cPacket IMF is its reliance on distributed hardware appliances, which may not appeal to enterprises adopting a more software-oriented approach to network and application performance monitoring. Then again, high-speed and high-performance monitoring is in large part dependent on the horsepower of hardware.

16


4. Conclusions and Recommendations

NPM isn’t a geeky loner profession anymore. For enterprises, as IT becomes more network- and cloud-centric, NPM is the health check. The network is the backbone of IT; NPM ensures that it won’t break.

Extending visibility beyond the packet and into the application and cloud workload is a necessary evolution, and one that will crystallize NPM’s importance in networked IT. It’s also important for service providers that offer or plan to offer managed NPM and/or security services. Tying visibility, troubleshooting and anomaly detection back to the enterprise application will help resolve problems quicker, and will pinpoint and isolate malicious traffic.

Thus, it behooves NPM vendors to continue broadening the APM and IT operations monitoring capabilities of their products. This will increase marketability to enterprises and service providers and will underscore the tight and important synergy between the network and IT and, by extension, the vitality of NPM products.

As the network becomes even more integral to overall IT operations, including cloud adoption, expect more NPM products to assume APM, cloud visibility and IT ops monitoring capabilities. The network will be assumed; visibility into and troubleshooting of overall IT operations, be they on-premises, off-premises or a hybrid of the two, will be the key selling point of NPM tools. It will also be a key selling point for the vendors themselves, with more consolidation like that of Cisco/AppDynamics, Riverbed/Aternity and Keysight/Ixia. NPM/APM/cloud/IT ops monitoring will be too important an asset to ignore.

17


5. Further Reading

Riverbed brings APM to the end user with Aternity buy, July 2018

Awaiting Keysight close, Ixia focuses its lens on the cloud, April 2017

Voice of the Enterprise: Information Security, Annual PowerPoint Charts and Figures Summary, April 2017

Voice of the Enterprise: Internet of Things, Annual PowerPoint Charts and Figures Summary, April 2017

Voice of the Enterprise: Cloud Transformation, Workloads and Key Projects - Quarterly PowerPoint Charts and Figures, May 2017

Corvil extends streaming analytics to the cloud with Sensor, April 2017

ExtraHop adds machine-learning SaaS to IT operations monitoring, March 2017

With Endpoint Agent, ThousandEyes provides insight to end users, August 2016

AppDynamics looks beyond the IT department with Business iQ, December 2016

Cisco wins new software business with $3.7bn AppDynamics buy, January 2017

Gigamon peers into the public cloud with AWS trials, May 2016

Big Switch goes big on security and visibility, December 2016

Pluribus reintroduces SDN software as Adaptive Cloud Fabric, May 2017

SevOne scales operational network insight with v5.6 of digital infrastructure platform, May 2016

NS1 aims Pulsar, managed DNS at Web-scale enterprise market, January 2016

SolarWinds finally makes its SaaS products first-class citizens, March 2017

18



https://451research.com/report-long?icid=4314















6. Index of Companies

Amazon Web Services IV, 3, 8, 9, 10, 11, 12, 13, 15, 18, 19

APCON VI, 3, 13, 15

AppDynamics III, IV, VI, 3, 5, 15, 17, 18

Aternity III, IV, 3, 4, 6, 17, 18

Big Switch VI, 11, 15, 18

Cisco III, IV, VI, 3, 5, 12, 15, 17, 18

Corvil VI, 3, 7, 15, 18

cPacket Networks VI, 10

ExtraHop Networks III, 4

Flowmon VI, 3, 14, 16

Gigamon IV, VI, 3, 4, 8, 9, 15, 18

Ixia IV, VI, 3, 4, 9, 10, 15, 17, 18

Kentik VI, 3, 11, 12, 15

NetScout IV, VI, 3, 4, 8, 15

NS1 VI, 3, 13, 15, 18

Paessler VI, 3, 14, 16

Pluribus Networks VI, 10

Riverbed III, IV, VI, 3, 4, 6, 11, 15, 17, 18

SevOne VI, 3, 12, 15, 18

SolarWinds VI, 12, 13, 15, 18

ThousandEyes III, VI, 3, 4, 6, 15, 18

19

Expanding IT Forces Expansion of - SevOne · into APM and IT ops monitoring: Cisco/AppDynamics,...

Documents

Transcript of Expanding IT Forces Expansion of - SevOne · into APM and IT ops monitoring: Cisco/AppDynamics,...