I had a chance last week to speak with a couple of folks at Solarwinds about the release of their Network Performance Monitor (NPM) 11 product, which is being announced today. I don’t cover network management products too often, but Solarwinds is adding something interesting with this release, and I think it deserves a mention.
Solarwinds
Solarwinds offers a pretty wide range of IT management and monitoring products covering networking, servers and virtualization and from what I see, the company’s aims seem to be to:
- offer products at prices that Small to Medium Businesses (SMB) can afford;
- offer all products with a free 30 day fully-functional trial;
- offer no professional services – you buy it, install and configure it. Instead there’s an active online support community;
- try to disrupt the “big guys”.
That said, there are going to be limits on how far this can be taken. You cannot, with the best of intentions, build a Rolls Royce for the price of a Ford Pinto. Perhaps though you can figure out what it is that people like about a Rolls Royce and see how close you can get for the money. Sure, there won’t be any umbrellas built into the doors, and there certainly won’t be a mini-fridge in the back, but maybe you can take a good enough swag at the ride quality and most commonly used interior features that people without RR money might be tempted to buy it. Lest I’ve created an image in your mind of a fake Rolex, perhaps the better way to look at it is as a respectful homage to the market leaders, in the same way that High Street clothing retailers might make clothing that looks surprisingly similar to that made by a designer label yet costs a tenth of the original, wears well and looks good.
NPM 11
And so it is with the latest update to Solarwinds’ flagship Network Performance Monitor (NPM) product. In NPM 11, Solarwinds is entering the memorably-named Application Aware Network Performance Management (AANPM) space currently occupied by companies like Compuware, Fluke and NetScout. Solarwinds sees these products as mature and solid, but painfully expensive. On the other end of the spectrum there’s, well, I don’t know. A crash cart, Wireshark and a SPAN port, maybe?
Solarwinds proposes to use a number of network sensors around the network that can capture packets (up to 1Gbps sustained throughput) and do some deep packet inspection to analyze the network application traffic for performance issues. In particular the analysis intends to diagnose where latency is occurring, calculating the contribution of the network and the application/servers involved. Going back a number of years I remember deploying VitalAgent on PCs – a tool which could do the same thing on a per-user basis – and it was tremendously useful to figure out where the problems were with your connection:
If you can measure performance, you can also monitor your users’ quality experience, that is, how the application is performing for them – and thus you can spot when an application is going bad, and know whether it’s the application/server or the network and start troubleshooting the right thing hopefully before the first irate user calls. But what defines “bad” performance? I spoke to Solarwinds about this, because simply setting a fixed threshold is really not a great way to determine when you have a problem, and they confirmed that NPM 11 uses both KPIs and dynamic metrics to determine when performance is changing from a normal state.
Sensors
As I mentioned earlier, this whole system is based on capturing packets via sensors. The sensors themselves are where Solarwinds seemed most proud. Solarwinds sell only the sensor software – there are no appliances here – and you install it on your own servers running a Windows OS.
Network Packet Analysis Center (NPAC)
An NPAC is a sensor you build by installing Windows 2008 64-bit (or later) on generic x86 hardware that you provide. You can then hook in a SPAN port (or tapped link) so that the server can see traffic going past. The limitation here is clearly that you can’t tap more than 1Gbps of traffic per NPAC. For some switches that may be your limit anyway, but for a higher capacity switch that may not be so helpful; but then this is SMB we’re talking about isn’t it, so perhaps it’s not such a problem. On the other hand, deploying an NPAC sensor to a remote site and tapping the edge link could be a great way to provide full time monitoring for remote site performance.
Server Packet Analysis Center (SPAC)
The SPAC sensor is created when you install the Solarwinds sensor agent on a Windows server running application traffic. No SPAN port is required, as you’re only monitoring traffic to and from the server or VM itself, but it has the advantage of running analysis full time on that server. The advantage of the SPAC is that it’s scalable – as you add more servers, you add more sensors, and you’re not limited by your ability to SPAN traffic.
Windows Server OS
Right now, the NPAC can only be installed on Windows 2008+, and as I understand it the same applies to the SPAC sensor agent. Solarwinds has always been a Windows-centric software company (all of the client software is Windows only), but having the software sensor agent available only for Windows may be a limiting factor in some environments. Arguably though, if you’re running lots of non-Windows servers, you can still get the same benefit by using NPAC sensors in the network; functionally NPAC and SPAC are identical. Solarwinds could not comment on whether the agent would be available for other operating systems in the future; watch and see, I guess.
Application Identification
In order to identify applications, Solarwinds is using a library of 1200 common application signatures that they are sourcing from an OEM, rather than trying to develop this themselves. This is probably a smart move, and means that you can see reporting on applications by name rather than just watching TCP ports go by. Users can create custom signatures for HTTP-based web applications, based on the URLs requested, but cannot do so for HTTPS since the sensors only see encrypted traffic. Again, while the Rolls Royce might have totally customizable applications and might even allow you to load certificates for SSL decoding, that comes at a Rolls Royce price, and these are the compromises.
Reactive Versus Proactive Monitoring
My initial concern when I heard about the NPAC was that you can’t typically SPAN all your traffic all the time, so you don’t get full time performance monitoring which means you can only react to issues, change the SPAN to look into that traffic, then see what the sensor analysis says. That really limits the benefits of having trend-based performance alerts; you’d potentially have to deploy quite a few network-based sensors to monitor everything all the time. One of Solarwind’s arguments then is that this is not such burden so long as the NPACs are priced competitively so that you can have a number of them deployed.
Pricing
NPM 11 starts below $3000, and included in the price of the software are licenses for 1 x NPAS and 10 x SPAS sensors. After that, sensor software runs about $1000 per sensor as I understand it. That might sound like a lot, but if you go and price something similar from one of the “big players” it will become clear what a good deal that is.
The Proof…
I’ve not had any hands on for this product. However, if the product is capable of doing what they say it is, Solarwinds may have once again come in with a product that is disruptive in its segment, by offering the features that people are most likely to want at a price that’s extremely aggressive. If you’re already running NPM, this upgrade is a no-brainer, because of the 11 sensors that come for free with the upgrade. If you’re a small to medium business looking for a management tool to use, you should certainly consider evaluating Solarwinds’ NPM. The addition of the new AANMP feature set may add a compelling element that makes this unique in the marketplace, and almost certainly so at this price point. And hey, it costs nothing to trial the software, remember?
Disclosures
Thanks to Solarwinds’ Francois Caron (Director, Product Management) and Rob Hock ( Group Product Manager) for taking the time to speak to me. My opinions remain my own, and as usual there is no quid pro quo for this stuff.
Interesting John, thank you!
*versus needs an extra ‘s’
Thanks! Fixed.
This is one of the better reviews describing how Deep Packet Analysis works in NPM 11. It’s about time we had a good DPI solution that is inexpensive enough for the masses.
It would be great to see a hands-on review comparing packet analysis performance on 10 Server Sensors (SPAS) versus 1 Network Sensor (NPAS) monitoring the same 10 servers via span port.
Can 1 NPAS monitor 20 servers or even 100 servers if only looking at a single type of application traffic (like RDP)?
Thanks for sharing and I hope to read more from you.