SolarWinds Unveils Deep Packet Inspection with NPM 11

Some time ago, I had the distinct pleasure of working with the SolarWinds team as they rolled out a new version of the Virtualization Manager (VMan) product. The results were published in a post entitled New SolarWinds Virtualization Manager 6.1 Creates Voltron-Like Monitoring and the experience was a lot of fun. Here it is a few months later and I get to do it all over again, this time with their Network Performance Monitor (NPM) product as it hits version 11. New to this version is Deep Packet Inspection and a Quality of Experience dashboard.

Wanna see it in action? Great! Let’s put on our magic homelab hats (you did bring your magic homelab hat, right?) and dive right in.

Up, Up, and Away

From an installation and configuration perspective, there wasn’t much to do. I already have Server and Application Monitor (SAM) installed, so I decided to install NPM into the same server and use the same back end database. Because of this, the installer wizard is ridiculously simple. Next, next, grab a coffee, finish, done.

Hey, other vendors out there: all software should be this simple to install, take notes!

If you want the full integration experience that SAM and NPM have to offer as a combined product, it makes sense to use the same database. There’s also an option to use a standalone database or install the products onto different servers, but I wanted to consolidate them both into one. Once NPM is done installing, browse to the standard home page for Orion and make sure a new Network tab has appeared.

Tabs, tabs, and more tabs
Tabs, tabs, and more tabs

NPM will draw upon your existing nodes and can be configured to discover and poll additional objects. I ended up adding my HP V1910 switch and all its various interfaces to NPM. If you’re not using the wizard, just head over to Settings > Node & Group Management > Manage Nodes and find your switch node (or add it). Next, click on the List Resources button in the node’s management box.

Manage that node!
Manage that node!

Add any interfaces that are missing.

Check boxes or choose the All checkmark
Check boxes or choose the All checkmark

Pretty simple. If you don’t see an interface pop up right away, it may take a minute.

Deep Packet Inspection

But what about Deep Packet Inspection (DPI)? Good question. There’s two options to get this configured. Let’s review:

Option 1 – Use a SPAN port (mirror port) to pull data from a network device.

Using a SPAN port to sniff network traffic
Using a SPAN port to sniff network traffic

Option 2 – Use the Windows agent to gather networking data.

Deploying an agent into a Windows server / workstation to monitor traffic
Deploying an agent into a Windows server / workstation to monitor traffic

It’s a bit of a bummer that you’d have to SPAN traffic into a Windows box, but given that SolarWinds doesn’t sell switches, I suppose there’s few other ways to get to the flow data. Perhaps a future version will let users deploy a stripped down Linux box / OVA, instead? Oh well, let’s move on.

Adding Nodes

I decided to test out the second option which involves deploying an agent into the Windows OS. This is rather simple to do – select the Deploy Packet Analysis Sensors for Servers link from within the Quality of Experience (QoE) wizard (shown in the previous image). A new wizard will pop up that walks you through selecting objects to monitor. I chose a pair of my Windows virtual machines named File (my file server) and SQL (my SQL database server). Alternatively, click on Settings > Node & Group Management > Manage Agents to add or configure agents.

Two servers will have the SolarWinds agent deployed
Two servers will have the SolarWinds agent deployed

You can then monitor the status of the deployment from the wizard page or by visiting Settings > Node & Group Management > Manage Agents. It took a minute or so for the two new agents to report a status of Connected and Agent is running.

Deploying agents to my two VMs in the lab
Deploying agents to my two VMs in the lab

If you don’t already have a credential saved for the servers, you can create one – either temporarily or permenantly – within the Assign Credentials option. Just make sure to choose <New Credential> in the drop down menu.

Plug in credentials that can install the agent
Plug in credentials that can install the agent

There’s also a mass deployment option available with an .MSI or .MST file for the agent. This is handy for organizations that want to bake in the software by way of System Center or Group Policy.

As a final step, you’ll need to add any QoE applications to monitor for the new servers. To do so, either use the Wizard page that was used to deploy the agent, or browse Settings > Settings (yes, twice) > QoE SettingsManage QoE Packet Analysis Sensors. I added MS SQL and SQL Services to my VM named SQL.

Now I can see how well my SQL box is handling user requests
Now I can see how well my SQL box is handling user requests

A Billion Statistics

Now that I have a server with the agent installed and data flowing in from a QoE monitored application, I can begin to see how it’s doing. By navigating to Home > Quality of Experience, I can see a number of new dashboards that provide what seems like a billion statistics. Here’s some of the data points that are available to your curious fingertips:

  • Application Response Time (Time to First Byte)
  • Network Response Time (TCP Handshake)
  • Data Volume
  • Transactions
  • Risk Level
  • Business Related vs Social Traffic
  • Category
  • Various dashboards with QoE Application Statistics
  • Thresholds Exceeded
The QoE Dashboard for my SQL server
The QoE Dashboard for my SQL server

Pulling It All Together

Here’s the real magic. I have three tools from SolarWinds all installed and integrated with one another: Server and Application Monitor (SAM), Network Performance Monitor (NPM), and Virtualization Manager (VMan). This means that I can see the Quality of Experience data for networking, AppInsight for deep application stats, and all of the various physical and virtual components in between. When bundled together, the amount of data I can interrogate for my SQL server is insane. And all of the various tabs (on the left) let me dive into deeper areas of the operating system, network, storage, virtualization stack, application stack, or the quality of experience.

More data than you can shake a stick at
More data than you can shake a stick at

The end result? I can safely pinpoint just about any bottleneck sitting between a user and the application, along with any issues between the application and the underlying infrastructure. No more blame games with vague “the network is slow” tickets to ponder over. Just pop into the QoE dashboard and see for yourself exactly how awesome or poorly things are going for your users. Less time spent futzing with tickets is more time spent learning new skills, improving the data center, and playing Xbox uh working hard on work things.

Licensing

One last thing – licensing! According to the documentation I received, SolarWinds NPM is licensed by the largest number of the three following element types:

  • Interfaces: interfaces include switch ports, physical/virtual interfaces, VLANs
  • Nodes: nodes include entire devices (routers, switches, servers, APs)
  • Volumes: volumes are equal to the logical disks monitored

And here’s the packaging and pricing details.

npm-pricing

Thoughts

It’s sad how little I was able to put into this post around NPM – it really does have a long list of features, but I don’t want to ramble on about all of them. Take one of the products, such as Virtualization Manager or Network Performance Monitor (NPM), for a test drive yourself and see what you think. I wish I had software like this available to me when I was a single sysadmin for an SMB wearing every hat. Assuming I could snag budget for it, this would really have taken a lot of burden off my day-to-day administration stress.

The QoE engine comes with unlimited licensing for 30 days so that you can set up all sorts of monitoring scenarios – just make sure to turn on the unlimited licensing trial once you’re ready to configure it. It will show up in the QoE Packet Analysis Sensors page as a trial option.

You have unlimited Packet Analysis Network and Server licenses for the next 30 days
You have unlimited Packet Analysis Network and Server licenses for the next 30 days