At VMworld 2012, VMware announced the vCloud Suite, two editions of which (Advanced and Enterprise) include vCenter Operations. VMware has therefore now signaled that monitoring at the operations level is just a feature of a larger suite. Prior to VMworld, VMware also announced that it had acquired the Log Insight technology and team from Pattern Insight. While nothing was said at VMworld about the future integration of Log Insight into vCenter Operations, one has to make the reasonable assumption that this will occur. VMware also said nothing about integrating its APM solution (vFabric APM) into the suites, but we have to also make reasonable assumptions that this is a matter of when and not if. Now ExtraHop Networks and Splunk have partnered to create an entirely different kind of suite.
Reinventing Performance Management
It is very clear the the legacy approach to performance management is completely out of step with how modern applications are build, deployed, run and need to be managed. The legacy approach is wrong for the following reasons:
- Legacy solutions do not actually measure performance – they measure resource utilization and try to infer performance (response time) from resource utilization. This does not work in virtualized environments due to how resources are abstracted and shared. It does not work in most cloud environments, because most clouds run on top of a virtualization layer of some kind.
- Legacy solutions are not built for highly modular, scaled out, distributed and inexpensive deployment platforms. In many cases, the per server cost of a legacy solution exceeds the cost of procuring the server hardware itself and its entire software stack. This puts legacy solutions completely out of step with the modern economics of the IT business.
- Legacy solutions are not built for the applications that are distributed across on-premise data centers and public clouds. The entire manner in which their agents communicate with the back end management systems does not work for organizationally distributed applications and systems.
The ExtraHop and Splunk Integration
What is significant here is that two vendors who are each leaders at their respective layers of the monitoring stack have chosen to partner up. Splunk is the undisputed leader in the collection of log data and clearly collects more log data of different types for different customers than any other vendor in the market. ExtraHop is a leading participant in the new Application Operations segment of the APM industry – a segment focused upon allowing customers to understand the performance (response time) of every application in the environment. Every application in this case means custom developed and purchased and it also means deployed on physical, virtual or cloud infrastructure.
What is significant about this partnership is that both vendors cover a very broad range of environments and applications and both vendors bring extremely unique data to the table. ExtraHop brings unique application response time and throughput data to the table as well as all of the data about the behavior of the network that affects application performance. Splunk obviously not only collects a wealth of log data, but makes that data actually useful through its big data indexing and correlation capabilities. Therefore together, ExtraHop Networks and Splunk create a suite of APM functionality is breaks new ground in the new APM market.
The ExtraHop Networks and Splunk Announcement
SEATTLE, WA – September 11, 2012 – ExtraHop Networks, the leading provider of network-based application performance management (APM) solutions, has collaborated with Splunk, the leader in real-time operational intelligence software, to offer businesses unprecedented end-to-end visibility of application environments. The collaboration was precipitated by a number of thought-leading joint customers that have retired legacy APM tools in favor of a combination of the ExtraHop system and Splunk software. One of these joint customers is the world’s largest online travel company, which uses a combination of the two solutions almost exclusively to manage application performance. Splunk and ExtraHop take new and better approaches to solving application performance challenges and were both recently listed in the Gartner report, APM Innovators: Driving APM Technology and Delivery Evolution.
“ExtraHop and Splunk have proven invaluable to our organization and have radically improved our application performance monitoring capabilities,” said a Senior Director of Architecture and Engineering at the travel company, which operates a portfolio of leading travel sites. “I am excited about the new integration between ExtraHop and Splunk; it makes my IT operations data easier to visualize and more actionable.”
ExtraHop provides real-time application performance monitoring and trend-based alerting using a non-invasive, network-based deployment. Splunk Enterprise provides the platform to monitor, analyze, and manage the data from ExtraHop and other sources. The ExtraHop system plays a vital role in providing visibility into network and application activity across all business services; Splunk software provides the analysis, trending, and visualization of this data in the context of all other data in the datacenter. Together, they provide a complete view of the health and performance of all applications for which the IT Operations team is responsible.
The Splunk App for ExtraHop helps to visualize and analyze ExtraHop data in Splunk. The policy-based logging capability in the ExtraHop system enables IT Operations teams to achieve the following goals:
- Generate consistently formatted logs across heterogeneous datacenter components, such as network storage systems. For the first time in the industry, the ExtraHop system provides logging of networking, application, database, and storage metrics in a consistent manner regardless of vendor.
- Log high-priority events, anomalies, or thresholds with precision and according to set policies.
- Log specific correlated network, web, VDI, database, or storage events monitored by the ExtraHop system, such as when database transactions exceed a set amount from one or more specified clients or file access times across heterogeneous networked storage systems exceed a certain threshold.
“We are excited about the ExtraHop and Splunk integration,” said Jesse Rothstein, CEO, ExtraHop Networks. “Our policy-based logging capability enables customers to export metrics to Splunk Enterprise that they otherwise could not because of performance concerns—such as end-user experience, network performance trends, database queries, and storage internals. Several forward-thinking customers are already using ExtraHop and Splunk together to meet their complete application performance management needs. The integration of our products will accelerate our customers’ time-to-value and enable them to retire their legacy APM tools.”
“Both Splunk and ExtraHop are pushing the envelope for application performance management,” said Bill Gaylord, SVP of Business Development, Splunk. “With the correlation that Splunk Enterprise provides between ExtraHop data and other IT data sources, datacenter operations teams have a whole new level of visibility and control.”
For more information about ExtraHop’s award-winning network-based APM solutions, visit www.extrahop.com/products, and for further background on Splunk’s operational intelligence solutions for applications, security, the cloud, and more, visit www.splunk.com/solutions. To read more about the partnership, visit the ExtraHop and Splunk partner page.
By combining application performance data and log analysis, ExtraHop Networks and Splunk have broken new ground in the APM industry. Understanding why response time has degraded (root cause) requires collecting response time data, collecting data about its cause, and effectively cross-correlating these disparate types of data. This combination of products is an extremely effective and new attempt at solving a problem that has vexed everyone supporting business critical applications in production for years.
Share this Article:
Latest posts by Bernd Harzog (see all)
- VMware vSphere 6 Attacks Amazon with “One Cloud, Any Application” - February 9, 2015
- VMware vSphere 6 Attacks Red Hat: VMware Integrated OpenStack - February 3, 2015
- Will the Public Cloud Be the Next Legacy Platform? - January 20, 2015