In a digitally transformative world where the end-user experience (EuE) is a #1 business priority, understanding how applications perform, especially in hybrid IT environments with multiple security layers, is critical.
Here are four best practices that can ensure application health in these environments.
Best Practice #1: Having the right level of plumbing
Start by knowing if you have the right level of plumbing; that is, ensuring that all relevant packets are captured as they travel across the infrastructure.
Since security policies often take precedence when it comes to managing the entire IT infrastructure, when we look at deployment strategies specific to security appliances, we find that most strategies align these appliances with the application streams. Depending upon the company size and other factors, there may be multiple security appliances, which creates additional security zones (or segments).
This calls for the development of a schematic, conceptual overview addressing all branches/remote offices, datacenter(s), and cloud services, including the application flows.
Example of a schematic, conceptual overview of branches, the data center(s), and application flows
In this distributed, multi-segment set-up with its potential traffic volumes, a number-cruncher vs. packet-cruncher approach is preferred. The number-cruncher approach allows for accelerated identification and resolution of application issues impacting users and sites. It also allows for the identification of those security zones/segments that are impacting performance, whether in a negative or positive manner. (See white paper on number vs. packet crunching.)
Best Practice #2: Detailing the plumbing for the datacenter
For larger organizations, often the data center infrastructure includes 10 Gbps network devices with fiber connections. That is why collecting packets utilizing port mirroring offers limited-to-no value. While security appliances, routers, and switches may possess port mirroring capabilities, they are not designed and sized for that purpose.
To collect the packets going in and out of a given security appliance, we believe in installing fiber taps for each of the relevant connections as each tap comes with two additional TX ports connected to the number-cruncher. These two additional ports are the result of the full-duplex fiber connection.
The physical aspects of utilizing fiber cabling and a tap
Best Practice #3: Detailing the plumbing for the branches
So how would this work for the branches/remote locations with 1 Gbps copper connections? It depends. If the aggregated traffic volume of all full-duplex connections is well below 1 Gbps, port mirroring is a consideration. Anything above 1 Gbps requires copper taps.
Best Practice #4: Checking for leakages
Once the number-cruncher is connected and fired up, start checking for leakages in the plumbing or anywhere else (i.e., dropped packets).
Check the performance stats of the ESX host; in particular, the stats about dropped packets on the network cards assigned to packet sniffing. These should read all zeroes. If not, it could be either the plumbing or that the hardware of the ESX host cannot keep pace with incoming packets.
Check the number-cruncher(s) via the CLI command “analyzer,” once expectations are met at the ESX level.
Check the CPU workload on the number-cruncher(s) using the monitoring graphs of the web-ui (i.e., if there are dropped packets). Depending on what you uncover, leakages may exist due to a lack of CPU resources. One approach to fixing this is by adding more virtual CPUs.
Want to know more about ensuring application health in hybrid environments? Read this latest User Guide, “Best Practice: Application Healthcheck for Hybrid Environments.”
Interested in application performance? Download “How to Optimize End-to-End Performance of an Application.”
Author: Will Moonen is an experienced, results-driven consultant with a proven track record in improving the performance of IT processes, applications, and infrastructure while keeping an open mind for human aspects.
About Accedian: is a leading provider of application performance management (APM) and network performance management (NPM) solutions, Accedian (Performance Vision) delivers exceptional end-to-end network and application performance visibility for control over the best possible user experience. Accedian is an established expert at instrumenting networks of every size, with SkyLIGHT™ platform solutions that scale to monitor multinational enterprise and service provider networks More than 250 enterprise customers count on SkyLIGHT PVX for their application and network performance management needs. Since 2005, Accedian has partnered with its customers to deliver solutions around the globe, helping them and their users Experience Performance.