Enterprise services were usually composed of large number of service servers and/or networks. As evolving of network growth and matured computation virtualization techniques, enterprise applications become more complex. For example, more user applications are moved from a personal computer into a virtual data center (VDC) due to cloud computing, end-users use the remote application by requesting services provided by data center's service server. Distributed applications become more powerful and comprehensive. A single node's performance problem or failure may affect whole distributed system's quality of service (QoS). Compared with hardware failure or resource exhaustion, software problem is hard to detect. Therefore, distributed applications' performance management is desired.
One of current technologies for application discovery is by monitoring application events. This technology installs an agent on each physical server. The agent monitors events reported by applications, and forwards events to a central application management server. The application management server, then, analyzes the application events in a data center, discoveries applications running on the data center, and finds dependency between applications.
One of current technologies for application dependency discovery is instrumenting the middle ware software of Java byte-code. The instrumented codes track requests pass through the middleware and send the tracking logs to a central application management server. Then the application management server analyzes these logs, knows messages exchanges between applications, and discovery dependencies between applications. This technology works on distributed applications communicated through the instrumented middleware.
One of current technologies for application dependency discovery is sniffing the network traffic on each physical server. This technology installs an agent on every physical server to sniff network traffic to/from this server and sends the traffic logs to a central application server. The application server analyzes these traffic logs and generates application dependencies between physical servers. FIG. 1 shows an example of generated application dependencies by sniffing network traffic on every physical server. In the example, an exchange client application connects to one server through well-known Domain Name System (DNS) port 53, connects to another server through well-known Active Directory (AD) port 88, 135, 1024, 389, and connects to another server through well-known MAILBOX port 135. The application dependency map of the exchange client application may be generated as shown in FIG. 1.
Background for the terms of application, process and thread may be described as follows. An application is executable computer software running on either physical machines or virtual machines (VMs). An application may create one or more processes in the operating system (OS). A process is a basic unit of an execution environment in the OS to run user applications. This execution environment allocates resources from the OS, and owns the resources, thus threads running in the process could share these resources. The resources may include memory, open file's descriptors, open network connections, etc. A thread is a basic unit of execution control in a computer system. There may be one or more threads running in one process's execution environment. One application may create many processes to provide services on the physical server, and each process may create one or more concurrent threads that share resources owned by this process. The applications that create many processes with one single thread at each process are called multi-process applications. The applications that create many concurrent threads in one process are multi-thread applications.