The present invention relates to network monitoring and management, and more particularly to expert services in a network application monitoring system.
Networks are used to interconnect multiple devices, such as computing devices, and allow the communication of information between the various interconnected devices. Many organizations rely on networks to communicate information between different individuals, departments, work groups, and geographic locations. In many organizations, a network is an important resource that must operate efficiently. For example, networks are used to communicate electronic mail (e-mail), share information between individuals, and provide access to shared resources, such as printers, servers, and databases. A network failure or inefficient operation may significantly affect the ability of certain individuals or groups to perform their required functions.
A typical network contains multiple interconnected devices, including computers, servers, printers, and various other network communication devices such as routers, bridges, switches, and hubs. The multiple devices in a network are interconnected with multiple communication links that allow the various network devices to communicate with one another. If a particular network device or network communication link fails or underperforms, multiple devices, or the entire network, may be affected.
Network management is the process of managing the various network devices and network communication links to provide the necessary network services to the users of the network. Typical network management systems collect information regarding the operation and performance of the network and analyze the collected information to detect problems in the network. For example, a high network utilization or a high network response time may indicate that the network (or a particular device or link in the network) is approaching an overloaded condition. In an overloaded condition, network devices may be unable to communicate at a reasonable speed, thereby reducing the usefulness of the network. In this situation, it is important to identify the network problem and the source of the problem quickly and effectively such that the proper network operation can be restored.
Often applications running on the network are a source of the aforementioned problems or adversely affected by such problems. There is thus a continuing need for a new application-monitoring system for domestic enterprise management. Such a system should enable administrators (such as Network Managers) and service providers to introduce real-time application monitoring into service offerings. There is also a need to offer application monitoring since a large number of business and end users stand to gain significant understanding of their networks applications, performance and security.
A system, method, and computer program product are provided for expert application performance analysis. An application is monitored. Performance data is gathered during the monitoring. A set of metrics is generated based on the performance data. A performance of the application is measured from at least one of a client perspective, a server perspective, and a network perspective using the metrics.
In one embodiment, a set of enabled applications is received. A network is monitored for traffic related to the enabled applications. Performance data relating to the enabled applications is filtered from the network traffic and categorized into flows. The flows are prioritized, with low priority data going to a low-priority queue to reduce the packet arrival data to prevent dropping of packets. Note that this can also include giving each flow the same priority or no priority. The flows are processed based on the priority. A set of metrics is generated in real time based on the processed flows. A performance of the applications is measured using the metrics.
In an embodiment, performance data is gathered for transaction-oriented transactions, stream-oriented transactions, and/or throughput-oriented transactions. The metrics generated for the transaction-oriented transactions may include a command time per transaction, a response time per transaction, an elapsed time from a start of a command to a start of a response, an elapsed time from a start of a command to an end of a response, and/or a number of failures. The metrics generated for the stream-oriented transactions may include a type of service expected during setup, a type of service actually received, a number of transactions, a number of successful transactions, and/or a ratio for an accumulated time of disrupted service over transaction time. The metrics generated for the throughput-oriented transactions can include a number of transactions, a number of successful transactions, throughput calculations per transaction, byte rate during the transaction, and/or response size.
In another embodiment, an application content expert can be used to identify application subtypes within the application to identify tunneled applications and generate more precise metrics.
In a further embodiment, multiple applications are monitored. Each of the applications is monitored simultaneously when in a flat mode. Each of the applications is monitored sequentially when in a roving mode. As an option, the sequential monitoring can be based on an amount of time allotted to each flow and/or application.