Network Monitoring for End-User Experience

What is network monitoring?

Network monitoring is a software application that verifies the correct functioning of networked devices (e.g. routers, switches, and servers). The goal of network monitoring software is to minimize service downtime by detecting problems as soon as they occur. A network monitoring tool runs periodic checks on monitored devices to discover their status and resources utilization. When a device doesn’t respond to a check, or reports degraded performance on one or more resources, the network monitoring tool alerts the network administrator.

What types of network monitoring are available?

There are three types of network monitoring tools: SNMP-based, passive, and active.

SNMP: The Simple Network Management Protocol (SNMP) is an Internet standard used to request information from a device like a router, switch, or server, about the status of its resources, such as CPU, memory, and network interfaces.

The type of information that can be obtained from a specific network device varies based on vendor and model. Each vendor publishes a set of management information base files (MIB/MIBs). MIBs describe the parameters or resources that can be queried from a specific device (SNMP agent). Most of SNMP solutions allow the import of MIB files to integrate with a specific device.

• Pros: Suited for monitoring network devices and servers.
• Cons: Is not used to verify that the network is forwarding traffic and well performing.

Passive Monitoring: Passive network monitoring is a technique that relies on “listening” to user traffic to determine network utilization. By doing so, a passive network monitoring tool can reveal which users, applications, and protocols are using the available bandwidth. This methodology is also adopted by security and SIEM tools. There are three ways to passively monitoring a network: network TAP, SPAN port, and flow-based protocols. Network TAPs are dedicated devices that are installed in-line where the traffic has to be analyzed. A SPAN port is created on a switch by instructing it to send a copy of the traffic from a specific port or VLAN to another port on the switch itself or on another switch that has been connected to a network collector. Flow-based protocols are implemented by network hardware vendor, such as NetFlow by Cisco, and provide application and protocol statistics about network traffic forwarded by a specific device.

• Pros: Can identify top talkers or top applications as well as bandwidth consumption.
• Cons: Is not proactive to detect end-user application issues, and requires considerable resources (storage, bandwidth, …) to scale.

Active Monitoring: Active network monitoring is real-time testing performed by software/hardware sensors or endpoint clients to verify network connectivity and application performance. Active tests report real-time data such as end-to-end connection, packet loss, jitter, bandwidth, DNS and HTTP/S response time. One of the most common tests run by active network monitoring tools is the ping command, which verifies round trip time to a remote host as well as packet loss. Active network monitoring tools are also used to provide service assurance, network testing, and capture the end-user experience on SD/WAN, WiFi, and remote networks (e.g. WFH).

• Pros: Proactive detection and best way to troubleshoot and address end-user issues.
• Cons: Is not meant to replace SNMP tools, so should be used in conjunction with traditional network monitoring tools.

Putting it all together: we have the pyramid of network monitoring!

About NetBeez

Today’s organizations rely on SD-WAN, SASE and VPN solutions to enable their employees access corporate systems and applications as well as collaborate and serve customers (e.g. call centers). On the other end, the majority of business applications are moving off corporate data centers towards public clouds and hybrid environments.

Network connectivity is a crucial requirement for these applications to work properly, otherwise employees cannot be productive and provide customer-facing services at their best capacity. Moreover, both employees and customers expect to have a good end-user experience, including fast loading applications or excellent call quality with videoconferencing systems.

At the center of these rapid changes, Infrastructure & Operations (I&O) teams are struggling to keep up with increased technical support and trouble tickets. The increased degree of distributed workforce impose new monitoring capabilities, which legacy network solutions don’t provide. For two reasons. First: legacy network monitoring solutions are centralized and monitor from the data center. Second: they are device oriented and just report the status and resources of network devices. Organizations must adapt and change their network monitoring strategy to be truly remote, distributed and at the edge, closer to the users.

NetBeez is a distributed network monitoring system that meets critical network requirements of the modern enterprise. Physical, virtual and software network monitors run active, end-to-end performance tests from on-prem and remote locations (e.g. branch offices and home environments) to simulate the end-user experience. These capabilities enable I&O teams to quickly detect and troubleshoot remote network problems, reducing time to repair network outages.

NetBeez Network Monitoring Capabilities

NetBeez provides the following capabilities:

Real-time and raw data feeds. Within seconds remote monitoring agents report telemetry data to a centralized dashboard controller for alert processing and analytics. Having real-time data allows quick analysis and alert detections within seconds. Legacy network monitoring solutions increase polling interval as the network scales up. This capability is key to reduce the time to detect and repair remote network issues.

Raw data streams provide a better context and more granular visibility into remote network and application performance issues. This level of detail delivers valuable insight regarding frequency of network problems. It also enhances the identification of intermittent problems which could be caused by factors beyond the network.

From the user perspective. NetBeez provide extended visibility thanks to network monitoring from the user perspective. Thanks to telemetry data acquired from the user layer, NetBeez enables to troubleshoot end-user complaints without wasting too much time in collecting required information to identify the root-case. This also reduces unneeded escalations to higher support levels, saving teams time and resources in the process.

“… it would have taken a very long time to even discover the issue after receiving a student complaint. With NetBeez we gained the ability to determine the root cause and solve intermittent WiFi problems in under an hour.” Christopher Pepper, Network Engineer III at URI

Ease of deployment. NetBeez monitoring agents are easy to install at any network environment, whether on-prem or off premises. The on-prem physical sensors gets plugged into switches and connect to Wi-Fi access point. NetBeez offers virtual machines for virtual infrastructures and public cloud environments. The software agents are installed on end-points, such as Windows and Mac laptops and desktop, and are an excellent solution for monitoring work from home users.

Frequently Asked Questions

What is the difference between NetBeez and SNMP?
Network monitoring tools based on SNMP are needed to detect unavailability and performance degradation issues of network devices that could negatively affect the status and performance of network services. Knowing the status of network devices is necessary, but not sufficient to assure availability and performance of network services offered to the users. SNMP monitoring tools can tell you if a router or switch is working, but can’t tell you if users are having connectivity or quality performance to web and cloud applications. For this reason, an SNMP poller and trap receiver should be complemented by a set of dedicated sensors that perform active tests against applications like DNS servers, web servers, and cloud applications. These tests are used to verify that users are having a good experience with the network and application.

What is the difference between NetBeez and passive tools?
NetBeez performs continuous tests and measurements on network and application performance, verifying that users have connectivity and good performance to intranet or cloud applications. Should NetBeez detect a performance degradation issue in the network, NetFlow data can be analyzed to verify if this degradation is caused by oversubscription of network bandwidth.

Where should I deploy the network sensors?
An important factor of active monitoring tools like NetBeez is the location of the sensors. When implementing this monitoring solution, you should have enough observation points to get a complete view of the network. Each network location where there are users (e.g. offices) or applications (e.g. data centers), should include one or more sensors. To deploy sensors in a Wide Area Network (WAN), you can use single-board computers like the Raspberry Pi, the Utilite, or the Upboard. These platforms are also useful to monitor wireless networks, which are intrinsically more challenging to monitor and support than wired networks. On the other side, if you need to monitor a set of applications in a data center, the monitoring sensors can be provisioned as virtual appliances or software containers.

What about work from home and remote users?
NetBeez also provides software endpoints for Windows and macOS systems, so the same data reported by on-premises and cloud agents is available for work-from-home users. The software endpoints are lightweight applications that consume less than 3% of CPU and 40MB of RAM. Endpoints can get easily installed by the end-users or via desktop management tools such as SCCM or JAMF.