InformationWeek
Defining The Business Value Of Technology
February 28, 2000
 Printer ready |
Better Web-Site Management
AG Group's WatchPoint combines packet-sniffing traffic analysis with Web-application smarts, and is particularly well-suited to Web farms. It gives users better and more-accurate information for managing Web and FTP server performance than traditional log-analysis tools.
| Related links: |
|
|
| And from our sister publications: |
|
|
 Send Us Your Feedback |
anaging Web servers, especially multiple Web servers, can be laborious. Web servers need to be managed both on a real-time network-centric level and on a retrospective application level. Traditionally, IT has relied on two largely unrelated tools to satisfy these needs: a network-services monitoring and alerting application, and a Web-log analysis suite.A simpler way is to use AG Group Inc.'s WatchPoint, which passively watches all traffic flowing to and from your File Transfer Protocol or HTTP servers and creates detailed analysis and reports, including the kind of application-level data traditionally found in Web-log analysis products.
If you have only a single Web server, you don't need WatchPoint--chances are that your server's basic logging capabilities are more than adequate. Where WatchPoint shines is when you have a Web farm; you can use the software to track traffic across any number of Web servers in real time without having to integrate each Web server's log files. Plus, the separation of the WatchPoint traffic-monitoring application from its management console lets authorized users keep an eye on the Web servers remotely--without giving them access privileges to the servers themselves.
WatchPoint's heavy lifting is performed by its traffic-monitoring agent, simply called the Monitor. It's a Windows NT 4 or Windows 2000 packet sniffer (based on AG Group's EtherPeek), which watches its LAN segment for packets flowing to IP addresses that have been specified as belonging to Web or HTTP servers, and logs the HTTP header or FTP instructions contained in those packets. It also logs the message headers the Web or FTP server sends in response, and the delay before those responses were sent.
Finding the right network location for the Monitor was the trickiest part of the WatchPoint installation. Our test lab uses a fully switched Fast Ethernet LAN; the LAN switch is connected via 10Base-T to a Sonic Systems firewall, and that firewall is, in turn, connected to our WAN router.
We could have placed WatchPoint on one of our Windows NT 4 Web servers--but then it wouldn't "see" Internet traffic heading toward our other Web servers. We could have replaced the LAN switch with a 100Base-T hub, but downgrading a system's performance in order to implement a monitoring solution isn't a good idea.
Our ultimate solution: insert an old Ethernet hub between the LAN switch and the firewall, and plug the PC running the Monitor application into that hub as well. That solution lets WatchPoint monitor all incoming HTTP and FTP traffic coming in from the Internet to our three Web servers, while minimally affecting throughput. However, the trade-off is that this location didn't let us monitor intranet use of our Web servers. The PC running the Monitor was a Compaq Presario 5340, with a 400-MHz AMD-K6 processor, 96 Mbytes of RAM, and Windows 2000 Professional Release Candidate 2.
We were disappointed that AG Group's documentation barely covered correct Monitor placement. The manual says, "The Monitor is located on the same network wire as the Internet services that it is tracking," with a single diagram showing a WatchPoint monitor placed between a switch and a router. There's no discussion of the packet-sniffing limitations of a switched network or designing an installation to minimize the Monitor's performance impact on throughput--important for a product aimed equally at Webmasters and network administrators.
We configured the Monitor to watch HTTP and FTP traffic heading toward our three Web servers by specifying their IP addresses; WatchPoint can also monitor HTTP/FTP traffic across blocks of IP addresses. Fine-tuning the WatchPoint Monitor is performed by editing a configuration text file located on its PC, while report generation is performed by the WatchPoint Console, a standalone Java application designed to run on Windows 9x/NT/2000, as well as on Mac OS.
We ran the Console on another Windows 2000 beta workstation, this time a Compaq ProLiant 5610 PC with 128 Mbytes of RAM and a 350-MHz Pentium II processor, without difficulty. The Console needs to communicate with the Monitor via two TCP ports, and it can be placed anywhere on the LAN, or even outside the LAN if a firewall is configured to pass traffic on those ports.
The Console presents a variety of real-time reporting options, including highly configurable charts and tables presenting the log-file-style data: which domains and IP addresses are accessing the Web sites and FTP sites, which were the referrer field, what pages were being accessed, which error codes were returned to the client, etc.
What sets WatchPoint apart is that it can easily aggregate data from multiple servers being monitored. It also tracks the response time of each of the Web servers, and of the network itself, in a way that's obviously not going to affect the servers' response time; thus, it's likely to be more accurate than a Web server's time logs. WatchPoint can also generate several HTML reports, which are written to disk and can be viewed in a Web browser or printed out.
One weaknesses: The WatchPoint Monitor version we examined, 2.0.2, can only watch for HTTP traffic on TCP port 80, and FTP traffic on port 21. This makes WatchPoint of limited use if you've moved HTTP or FTP to another port, or if you're running multiple Web servers on a single server with only one IP address. AG Group's senior software engineer responsible for WatchPoint says this feature will be added in version 2.0.3, expected later this year.
If you're looking merely to track user activity on your Web server--such as the IP addresses using the server and which pages are accessed--WatchPoint doesn't go beyond the normal Web-reporting packages included with many Web server software.
Where WatchPoint shines is in its ability to monitor not just the transactions seen (and thus logged) by the Web server, but to see all traffic going to Web or FTP servers on the network and offer hard performance data on that traffic. It's an impressive package--and the more Web servers you have, the more impressive it will become.
Alan Zeichick is a principal analyst with Camden Associates, which conducts independent technology research. He can be reached at zeichick@camdenassociates.com.
Back to Labs
Send Us Your Feedback
Top of the Page
BP seeking Regional Desktop Coordinator in Houston, TX
Agilent Technologies seeking Marketing Manager in Melbourne, AU
Advancement Project seeking Junior Web Developer in Los Angeles, CA
Johns Hopkins Univ Carey Business School seeking Asst Dean for IS in Baltimore, MD
City of Westland seeking MIS Director in Westland, MI
For more great jobs, career-related news, features and services, please visit our Career Center.
