ExtraHop Eases Application Performance

The company said its APM appliance gives administrators 10,000-foot to microscopic views of network applications on the same appliance.

Mike Fratto, Former Network Computing Editor

December 8, 2008

4 Min Read

Application management and troubleshooting is important when something goes horribly wrong.

Many products on the market today are too high level or too detailed, with few capabilities to bridge the gap. ExtraHop recently said its ExtraHop Application Delivery Assurance appliance provides both high-level, aggregate performance statistics, application-aware processing, and packet-level decodes, making the product suitable for both the business manager monitoring status and the network and application engineer troubleshooting issues.

The company founders, Jesse Rothstein, CEO, and Raja Mukerji, president, both come from F5 Networks where they developed and managed the F5 TMOS operating system used in F5 BigIP platform. Their combined F5 experience brings extensive knowledge in building high-performing software products and intimate knowledge of network application analysis, and an understanding of the tools required by IT and application developers to proactively manage application performance.

The key element network analysis vendors are focusing on, in particular vendors relatively new to the network analysis space such as Solera Networks and ClearSight Networks, is allowing users to perform free-form searching of network traffic and control the level of detail they need. Capacity planners need to see overall trends of network and application activity running across the network. Application managers need a more detailed view of how their applications are behaving based on servers and services definitions. Network administrators troubleshooting a performance problem may want to drill down to the individual session or even packet level. The same analysis product applies to three users with different needs.

There are many products that can monitor application performance from flow- and packet-based monitors like NetQoS SuperAgent or NetScout's nGenius Performance Manager. For more comparison between the products, InformationWeek has published an independent analysis, Download the report here (registration required).

Flow-based application monitors identify application-based port numbers and may even perform deep packet analysis to determine that traffic on port 80 is HTTP or something else. ExtraHop's protocol adapters are designed to peer deeper, discovering not only the application being used, but the transaction logic as well. Not only can the product tell you that the database application is performing poorly, but you can drill into the actual queries that are manifesting the issue.

Traditional Application Performance Management (APM) products such as NetIQ AppManager or Compuware Vantage use agents and optionally network probes to provide end-to-end statistics gathering. While these products provide application performance metrics, they don't allow the kind of drill-down necessary to identify specific application issues quickly and easily.

ExtraHop's protocol analysis automatically identifies SQL statements and stored procedures for common RDBMS's like Microsoft SQL Server, Oracle, and MySQL, and presents performance data on a per query type with the ability to drill down to a specific query. That's some powerful analysis.

The data captures by the ExtraHop appliance, which are stored for 30 days on the entry-level appliance, are fully searchable and trendable so you can set up reports for HTTP error codes like 404, File Not Found, or 500 Server Error. Within ExtraHop you can drill into those error codes by time, source, and destination, and even identify URLs that are causing the issue and when they occurred. The product isn't able to match a user session to a database request since database connections are shared, but by narrowing the time window to cover a very small area, you can reduce the amount of traffic to examine and pick out the correlated application behavior.

You also can start your investigation or monitoring from the network device and view statistics about the sessions to and from the server, and then continue to drill into any details you like, from Layer 2 up to Layer 7. ExtraHop has the tools to let you search the way you want.

The executives from ExtraHop claim the product out of the box is ready to use, requiring only a connection to a switch span port or a network tap and an IP address for the management interface. The appliance, starting at $50,000, is designed to handle 1 Gbps of traffic with tens of thousands of sessions and 300 network devices. The packet capture, storage, processing, and user interface are all housed on the same server. The appliance can be installed and running in under 15 minutes. ExtraHop also has configuration options for setting threshold alerts and defining reports.

The company is working on refining features, such as using moving averages for alerts. Static thresholds are set so that if network utilization reaches 60%, send an alert, but spikes in utilization might indicate an abnormal event like a flash crowd. Setting an alert based on a 25% spike in utilization might be a more interesting alert, giving you time to respond to a potential problem before performance degrades.

In addition, ExtraHop is working on creating a centralized reporting system so that distributed appliances could roll up data and reports, giving you a global view of your application infrastructure rather than having to touch a bunch of point products.

This story was updated Dec. 9 to correct the spelling of Raja Mukerji's last name.

About the Author(s)

Mike Fratto

Former Network Computing Editor

Mike Fratto is a principal analyst at Current Analysis, covering the Enterprise Networking and Data Center Technology markets. Prior to that, Mike was with UBM Tech for 15 years, and served as editor of Network Computing. He was also lead analyst for InformationWeek Analytics and executive editor for Secure Enterprise. He has spoken at several conferences including Interop, MISTI, the Internet Security Conference, as well as to local groups. He served as the chair for Interop's datacenter and storage tracks. He also teaches a network security graduate course at Syracuse University. Prior to Network Computing, Mike was an independent consultant.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights