workshop apm in a cloud & virtualized environment

Performance Vision

© 2012 SecurActive. Proprietary and Confidential

Application Performance in a

Cloud & Virtualized Environment

March 2012

Agenda

• Corporate presentation • What’s the use of an APM?• The different APM approaches• Challenges raised by

virtualization and cloud• Two responses from Performance

Vision• Why a Virtual Appliance?• Questions / Answers

March 2012 © 2012 SecurActive. Proprietary and Confidential

Agenda



Vision• Why a virtual Appliance?• Questions / Answers


Corporate profile

Leading European vendor on:Application Performance Management (APM)Network Behavior Analysis (NBA)

Strong footprint in Western Europe

500 customers30 certified resellers

Based in Paris

Innovative, fast growingListed in Deloitte’s Fast50

Red Herring Global Award winner


Performance Vision


Key References

March 2012

Performance Vision


Concept

Show the Performance of applications and infrastructure as

Users Experience it!

Troubleshooting Monitoring

IT Intelligenc

e

March 2012

Performance Vision


• Usage trends• Who does what• Bandwidth• Traffic mapping• Top reports

• Network Quality Indicators• Congestion & degradations• ICMP / TCP / non IP

anomalies• Packet capture

• Quality of Service (MOS)• Volume reporting• Diagnostic at call level

• QoE Reporting• Troubleshooting workflow• DNS performance & errors

Usage Network

SIPApplication

Core Functions

March 2012

Performance Vision


Top Down = Successful & Faster

Resolution

• Fast resolution• Retrospective

analysis• Answers to « where

is the pain coming from? »

• Usable by whole IT team (Collaborative vs. Expert)

March 2012

Performance Vision


Fast & non-intrusive Implementation

All-in-one Appliance

Capture traffic through SPAN or TAP (3-16 listening port per apliance)

100% non intrusive: • No traffic

overhead• No network

change• No downtime• AgentlessDistributed capture support

March 2012

Agenda





Performance Vision


Before the Cloud…

March 2012

Fog!

Survey 2011: the issue with application performance…

• 96% of the respondents have experienced « slowdowns »

• For 49%, they are permanent or frequent…

• 78% of the incidents have a significant impact on the end user productivity.

• Despite traditional monitoring tools, 94% of the network administrators do NOT have a satifsactory visibility on network activities.– (71% have a SNMP monitoring console, 60% a packet analyzer, 64% a

WAN optimizer)


Performance Vision


What are the Challenges around APM?

Performance is

subjective.

Degradations are intermittent (= hard to

diagnose)

Root cause can

be anywhere

in the

application

chain

March 2012

Performance Vision

© 2012 SecurActive. Proprietary and ConfidentialMarch 2012

Performance Vision


You don’t Know Where it Comes From

March 2012

Performance Vision


What can APM bring?

March 2012

Performance Vision


You have a performance problem, You do not know where it comes from… You can…

FIND OUT IN 4 CLICKS!

March 2012

Performance Vision


Be Informed!

Some users suffered from a performance degradationOn the application Labo RD1 at 10:44 am this morning.

March 2012

Performance Vision


The blue peak indicates there was a server response time issue

Only one server and one user groupwere involved.

Yellow: Network RTBlue: Server RTRed: Data transfer time

March 2012

Performance Vision


We can see that only one userwas impacted.

March 2012

Performance Vision

© 2012 SecurActive. Proprietary and ConfidentialMarch 2012

For that specific conversationwe can see the degraded server response time.By clicking on « PCAP »…

You can view the exact query that caused the slowdown.

Performance Vision


Now… You can fix your problem!

March 2012

Agenda






Performance Vision APM: Three Different Approaches

1. End User Experience Monitoring2. Network based APM3. Agent based APM

2. Network Based

3. Agent Based1. EUE Montiroing

March 2012

Network

Performance Vision


APM Working Methods

End User Experience

•A robot replays predefined scenarios to evaluate the overall end user transaction time.

Agent based APM

•Agents on all servers in the application chain monitor the execution of the application at code and system resource level.

Network based APM

•A set of probes captures the application traffic over the network (between clients and front server and eventually within the application chain).

March 2012

Performance Vision


Benefits & Drawbacks

APM Type End User Experience Agent-based Network-based

Questions answered

What is the evolution of Quality of experience for the standard operations of my key application?

What part of the application chain is causing the slowdown?

What transaction is slow? What part of the code is

executed slowly?

Is there a slowdown? Which applications and users

are impacted? What is causing the slowdown

(network ,server, data transfer) For which transactions?

Limits Not in line with real use Not explanatory (does not tell

you why or what is failing)

No vision of application delivery on the network

No vision of application environment (network, other applications…)

No vision of the root cause when server led degradation (code, server resources…)

Constraints Agent deployed on each client

or robot Configuration of each scenario

Agent deployed on each server

Impact on server performance Pricing per server or

application chain

Traffic capture by SPAN or TAP

Scope One or few critical applications One or few critical applications All applications distributed

over the network

Main Users Helpdesk, reporting for

management Development teams, Q/A. Infrastructure team, helpdesk

March 2012

Agenda



Vision• Questions / Answers


Virtualisation Challenges

Dynamic Resource Allocation

• What’s where and when?

• A data center is not a physical place anymore…

Virtual Network

s• Loss of visibility: how to capture virtual traffic?

• Specific network performance issues

Security Issues

• Which Virtual machine can talk to which other?

• How can I make sure the policy is applied?


Cloud Challenges

The Impact of WAN

Transmission

• Quality of transmission• Name resolution (DNS)

performance

No Control on

Servers

• No Check/Performance measurement is possible on the servers.

Lack of Visibility

• Variability: where are my servers now?

• No vision of application chain


Agenda





Performance Vision


SRV

SRV

SRV

SRV

SRV

SRV

SRV

SRV

SRV

Server Switches

What’s the Issue with APM Virtualization?

SRV

SRV

SRV

March 2012

Network

Core Switches

SRV

SRV

SRV

SRV

SRV

SRV

ESX Servers

Performance Vision


SRV

SRV

SRV

SRV

SRV

SRV

SRV

SRV

SRV

Server Switches

SRV

SRV

SRV

Network

Core Switches

SRV

SRV

SRV

SRV

SRV

SRV

ESX Servers

Key Success Factors

March 2012

Make sure you capture traffic whichever network path is used: distributed capture. Easy to deploy Low impact on network Affordable

Make sure you capture traffic within the virtualization chassis. With no architecture

change Limited impact on

infrastructure load

Network

Performance Vision


SRV

SRV

SRV

SRV

SRV

SRV

SRV

SRV

SRV

Server Switches

SRV

SRV

SRV

Network

Core Switches

SRV

SRV

SRV

SRV

SRV

SRV

ESX Servers

How does Performance Vision Respond?

0,2-05% reporting flow

March 2012

Distributed solution: All APS-1000+ appliance

support external pollers. Only 0,2-0,5% reporting

flow A new poller is installed in

< 1 hour. You go distributed from

24k€; pollers from <6k€.

Several options to monitor virtual traffic with Performance Vision: Virtual pollers Virtual TAPs support

Network

Performance Vision


SRV

SRV

3 ways to monitor virtual traffic

SRV

SRV

SRV

SRV

SRV

PV Virtual Express

SRV

PV Virtual Express: Promiscuous mode or

SPAN on Virtual switch HTTP access to the

Virtual Express for queries

PV Virtual Poller

SRV

HTTPSPV (Virtual) APS

SSH (0,2-0,5%)

PV Virtual Poller: Promiscuous mode or

SPAN on Virtual switch SSH export to an APS

appliance (0,2-0,5%)

PV (Virtual) APS

GRE (100%)

Virtual TAP: No promiscuous mode,

neither SPAN prerequesites

GRE export to an APS appliance (100%)

March 2012

Performance Vision


Synopsis - Intra-ESX Capture

Native VswitchPromiscuous

Mode

Alternative Switch

Openvswitch

Alternative Switch Nexus /

ConnectVirtual TAP

Configuration Change

Description

Native vswitch does not offer any port mirroring feature.

VSwitch allows activation of « promiscuous » mode. It enables forwarding all packets to all the VM within a portgroup (including your analysis device).

Openswicth is an open-soucre alternative to vswitch. It is used by Xen of Citrix. It offers local and remote port mirroring features (SPAN & RSPAN).

These Cisco & HP products are alternatives to Vswitch. They offer extended features of port mirroring (SPAN, RSPAN, ERSPAN).

A Virtual TAP enables filtered traffic capture (for specific VMs and ports for example) and to send a copy of the traffic through a GRE Tunnel to the analysis device.

You can change the VLAN configuration (to force the traffic between VMs to be routed through the physical switches) or the affinity rules with the same objective.

Benefits None

Enables the traffic analysis through a virtual poller / appliance without any architecture change. No license cost.

Enables fine tuned traffic capture. No license cost.

Enables fine tuned traffic capture.

Enables fine tuned traffic capture. Filtering on traffic capture.

Enables the analysis of inter-VM traffic on the physical network. No License cost.

Prerequisites

Native

Creation of portgroupsActivation of the promiscuous mode

Architecture change in the ESX.

Licence Enterprise Plus is necessary. Architecture change in the ESX.

License cost. Support of ESX4 (and not version 5)

Configuration change.

Limits -

The analysis device has to be inside the ESX. Security consideration around the promiscuous mode (even if limited to a portgroup).

The analysis device has to be in the ESX.

The analysis device has to be in the ESX.

If the analysis device is outside of the ESX, beware of the traffic load on the interfaces.

Load on the network interfaces of the ESX.

March 2012

Performance Vision


What’s the issue with AppPerf in the Cloud?

DNS

Questions raised: • Bandwidth & internet transmission quality are key.• DNS response times have a stronger impact. • Cannot recognize a Cloud App per IP addressing URL based recognition. • Change in the Cloud architecture impacts distance latency EU Experience. • No vision of Application chains. Agent based is not an option.

March 2012

Cloud Provider DC1

SRV

SRV

SRV

Cloud Provider DC2

SRV

SRV

SRVLAN

Performance Vision


DNS

Performance Vision: Network based Reports quality of network link to the Internet Reports DNS performance Recognizes applications based URL Regex

March 2012

Cloud Provider DC2

SRV

SRV

SRV

Cloud Provider DC1

SRV

SRV

SRV

LAN

Agenda





Performance Vision


Why a Virtual Appliance offering?

Virtual Appliance ≠ Virtual traffic capture

3 benefits in Virtual appliances:

1. TCO2. Deployment3. Virtual Traffic

March 2012

Performance Vision


What’s a Virtual Appliance?

• Product• Features

Exact copy of the physical appliance

In a software appliance

March 2012

Performance Vision


3 main use cases

• No logistics• Anyone will be able to download from the web

Easier test drives

• Low TCO probe• Low cost• No logistics

• Fast & remote deployment

Entry level product

Virtual network capture

March 2012

Performance Vision


How does it work?

• Physical interfaces in promiscuous mode• Virtual machines in promiscous mode• Receive traffic through a GRE tunnel (Virtual TAP)

Capture modes

• VMWare ESX, ESXi (VMPlayer with restrictions)• Supported configurations:

• RAM: 500Mb, 4Gb, 6Gb, 8Gb, 12Gb or 16Gb;• CPU: 1, 4 or 8

Supported platforms

• Stand alone appliance• Poller for an external collector (physical or virtual)• Collector for other poller appliances (physical or virtual)

Deployment methods

March 2012

Performance Vision


Benefits and limits

Benefits• Reduced

acquisition cost• No logistics for

remote installation

• Virtual traffic capture

• Backup facility

Limits• VMWare

configuration prerequesites

• Performance for high volume collectors due to I/O performance

March 2012

Performance Vision


Product set

Trial Virtual Express

Virtual Appliance

Poller

Virtual Appliance

Supported modules

APS NPS | APS APP NPS | APS

Interfaces 3 3 3 - 10 3 – 10

Retention time 15 days 15 days N/A 360 days

Reporting No No No Yes | Yes

Collector for distributed poller

No No No No | Yes

Telephone support included in maintenance

No Option| Option Yes Yes | Yes

Listprice Free for 15 days 3 900€ | 6 900€ 5 900€ 9 900€ | 17 900€

March 2012

Performance Vision


Possible implementations

March 2012

Performance Vision


Performance Vision

Local

Central Site

Single NodePerformance Vision

Appliance

March 2012

Performance Vision


Single NodePerformance Vision

Appliance

Performance Vision

Applications, Databases, Intranet, Files, Mails... Users Users

Internet

Firewall

Core Switches Monitoring Port(s)

Admin Port

March 2012

Performance Vision


Single NodeVirtual Performance

Vision

Monitoring Port(s)

Admin Port


Internet

Firewall

Core Switches

VMWare ESX

VirtualPerformance

Vision

Virt

ual S

witc

h

Virtual NIC

Physical NIC

March 2012

Performance Vision


Virtual Poller

Network

Appliance Collector

Local

Remote Site

Central Site

Appliance PollerVirtual Poller

Remote Site Remote Site

Appliance Poller

March 2012

Performance Vision


Distributed EnvironmentPerformance Vision Mix

Appliance Collector


Internet

Firewall

Core Switches Monitoring Port(s)

Admin Port

Switches

SPV Virtual Pollers or Appliances

WAN

Remote Site

March 2012


Agenda




March 2012

workshop apm in a cloud & virtualized environment

Technology