Network-based Application Performance Management
What is the ExtraHop system?
The ExtraHop Application Delivery Assurance system is a passive network appliance built to ensure that business-critical transactions do not fail.
The ExtraHop system combines the troubleshooting capabilities of Network Performance Managers with the superior application-level visibility of User Experience Monitors. Performing real-time analysis of application transactions across the network, database, and storage tiers, the ExtraHop system accelerates troubleshooting efforts and proactively warns of potential problems.
How is the ExtraHop system different?
The health and performance information needed to manage growing IT complexity is on the wire. The ExtraHop system leverages recent gains in processing power and storage capacity to extract this valuable information and deliver a level of visibility and analysis that only recently has become feasible. While many tools rely on legacy technologies, such as NetFlow collection, SNMP polling, or TCP-header inspection, the ExtraHop system performs full-stream reassembly and full content analysis, processing tens of thousands of transactions simultaneously and in real time.
ExtraHop Protocol Modules
The ExtraHop Web Module, included with all ExtraHop systems, provides real-time L7 analysis for HTTP transactions. Analyzing all HTTP transactions on the wire, the ExtraHop Web Module records detailed performance and health metrics by client IP, method, host, and URI. The ExtraHop Web Module supports advanced HTTP behaviors that confuse many other tools, such as request pipelining, early responses, and NAT proxies. Used for troubleshooting and performance tuning of webservers, appservers, and load balancers, the ExtraHop Web Module also can provide proactive early warning of potential problems.
The ExtraHop Database Modules provide real-time L7 analysis for supported databases. Analyzing all database transactions on the wire, the ExtraHop Database Modules record detailed performance and health metrics by client IP, database instance, method, table, and user, to offer exceptional visibility into production databases without the overhead of custom performance agents or SQL profilers. Used for troubleshooting and performance tuning of appservers and databases, the ExtraHop Database Modules also can provide proactive early warning of potential problems.
ExtraHop Database Modules are available for Microsoft SQL Server, MySQL, PostgreSQL, Sybase, Oracle, Informix, and DB2 databases.
The ExtraHop Storage Modules provide real-time L7 analysis for Ethernet-based NAS and SAN systems. Recording detailed performance and health metrics by client IP, method, user, and file name, the ExtraHop Storage Modules offer visibility that is unavailable in other tools and access to information that is absent in log files. Used for troubleshooting and performance tuning of storage arrays, the ExtraHop Storage Modules also can provide proactive early warning of potential problems.
ExtraHop Storage Modules are available for CIFS, NFS, and iSCSI storage protocols.
Directory Services Module
The ExtraHop Directory Services Module provides real-time L7 analysis for local and upstream LDAP directory servers. Recording detailed performance and health metrics by client IP and method, the ExtraHop Directory Services Module offers visibility that is unavailable in other tools and access to information that is absent in log files. Used for troubleshooting and performance tuning of directory services, the ExtraHop Directory Services Module also can provide proactive early warning of potential problems.
ExtraHop Product Features
Application Activity Maps
Application Activity Maps visually display dependencies based on device and application auto-discovery.
The ExtraHop system processes traffic at network speed both in terms of throughput and transactions per second. This level of analysis only recently has become feasible due to gains in processing power and storage capacity and is delivered by a proprietary networking microkernel and real-time datastore. The ExtraHop system also scales horizontally through the use of the ExtraHop Aggregator, which provides centralized management and reporting for distributed deployments of the ExtraHop Application Delivery Assurance system.
The ExtraHop system auto-discovers devices that are present on the monitored networks, inferring device names and roles through traffic analysis. Devices are categorized automatically by role, such as webserver, database, or directory server.
The ExtraHop system can be configured to group devices automatically according to a variety of criteria including name, VLAN, and IP address.
Advanced TCP Analysis
The ExtraHop system performs the most advanced TCP analysis available in the industry. By simulating the TCP state machines at the endpoints of the connection, the ExtraHop system can infer when problems occur, detecting issues such as bad congestion avoidance, Nagle delays, and PAWS drops.
The ExtraHop system employs a wide array of intelligent protocol modules to inspect and analyze network traffic. These modules understand application wire protocols at the transaction level, extracting valuable health and performance information in real time. The ExtraHop system offers modules for protocols across the web, database, storage, and directory-services tiers.
Rich User Interface
The ExtraHop system includes a rich web UI that supports advanced workflows for accelerated troubleshooting. Start at a high-level overview and zoom down to transaction-level details. Navigate up and down the protocol stack or left and right to peer devices.
Generate instant PDF reports of the metrics that are currently in view with a single click.
Sophisticated Alerting Engine
The ExtraHop system includes a built-in alerting engine that supports both simple threshold-based alerts and sophisticated trend-based alerts. Trend-based alerts use historical context to learn normal behavior and send notifications when anomalies are detected. Alerts can be configured for most metrics that the ExtraHop system records, including webserver errors, database errors, payload length, and slow transactions. Trend-based alerts for webserver and database errors are applied automatically to all discovered webservers and databases with no configuration.
ExtraHop – How it Works
The ExtraHop system performs sophisticated network-traffic analysis to ensure that business-critical transactions do not fail. While many tools rely on legacy technologies, such as NetFlow collection, SNMP polling, custom performance agents, or active service checks, the ExtraHop system performs full-stream reassembly and full content analysis to extract and archive valuable performance and health metrics in a real-time datastore.
The ExtraHop Application Delivery Assurance system is a passive network appliance that is easy to deploy. Using a network tap, SPAN port, VACL capture, or other data-access technology, the ExtraHop system is an out-of-line device that analyzes a copy of the production network traffic in real time, extracting the valuable health and performance information. Rather than sample a portion of network traffic, the ExtraHop system processes every packet at wire speed.
While other products only inspect L4 headers, the ExtraHop system performs full-stream reassembly. With this approach, the traffic flows are reconstructed to analyze the payload from L2 to L7. The ExtraHop system is purpose-built for production enterprise environments, supporting real-world traffic patterns such as IP fragments, out-of-order segments, and microbursts. When packet loss occurs on the monitoring link, the ExtraHop system resynchronizes and recovers.
The ExtraHop system includes a self-contained, streaming datastore for recording and retrieving performance and health metrics in real time. This real-time datastore bypasses the OS filesystem and accesses the underlying block devices directly. The ExtraHop system achieves levels of scalability that exceed other products that use conventional relational databases.