Beyond Layer 7 – Defining the next step in network-based APM

I’m encouraged to see more application performance monitoring vendors adding Layer 7 (or application layer) inspection. You can’t do network-based APM without it. But it takes more than just layer 7 inspection to give application operations teams the visibility they need into application and transaction performance.

Layer 7 is responsible for managing the communication between applications. This communication is achieved by passing messages. So, analyze the messages and you can tell a lot about how the applications are behaving, without knowing anything about the internals of the applications. This is the root of an effective network-based approach to APM.

It turns out it’s easy to do for a single protocol (e.g. HTTP, or FIX), but really hard to do for multiple protocols. In fact, only three companies I know of do it: INETCO, ExtraHop, and HP.

Step 1:  Reconstructing exchanges between servers

We can all monitor message flow between applications (sometimes called “full stream re-assembly”) for multiple protocols. This is Layer 7 monitoring. To do this, the system has to recognize various application messages as they present on the network and the syntaxes used to structure the information in the messages. Basically, it has to reassemble messages (taking into account duplicates, missing parts, and sequencing) and then tear apart the messages to get at the interesting information by parsing, using regex, or, or by some other technique. INETCO Insight uses a table driven decode approach, which handles subtle variations in message formats and encodings more elegantly, allows for more reliable consistent recognition of message types, and allows marking of particular message details at different security levels.

This first step is a major leap forward for network-based APM. You can begin to recognize types of messages, extract important details like dollar amounts, SQL statements, and customer numbers. A few years ago you could only have dreamed of doing these kinds of things without agents inserted directly into the application code.

Step 2:  Reconstructing individual end-to-end transactions

But only one of us can use all this information from the first step to re-construct transactions – to go beyond Layer 7. To do this, the system has to compare messages against a set of semantic models for each protocol (taking into account timings, errors, etc.) to recognize when a meaningful bit of work has been accomplished – a transaction. Then it has to compare these single link transactions against another set of semantic models to pull together a multi-link transaction. If you’re an avid reader of our blog, this should sound like the INETCO Unified Transaction Model (UTM).

If you have a small set of applications, each running on dedicated infrastructure, and you are not particularly interested in end user service levels, you can get away with Layer 7 monitoring…for awhile.  If you have a large set of applications, run multiple applications on shared infrastructure or virtual environments (e.g. a private Cloud, an application server or database cluster), or are accountable to transaction SLAs, you have to go beyond Layer 7.

I’m reminded of a classic quote from a Canadian hockey star (Wayne Gretsky). When asked how he was so successful, he replied: “I skate to where the puck is going to be, not where it has been.” It’s going beyond Layer 7. INETCO Insight is already there.

For more information on INETCO Insight, read the product sheet.