7 Replies Latest reply on Feb 29, 2016 9:22 AM by Melissa Herrle

    Active versus Passive Monitoring

    Scott Penn
      Share This:

      Active versus Passive Monitoring for Web Sites


      According to Gartner, there are 5 dimensions of an APM solution1:


      1. End-user experience monitoring — the capture of data about how end-to-end application availability, latency, execution correctness and quality appeared to the end user.
      2. Runtime application architecture discovery and display — the discovery of the various software and hardware components involved in application execution, and the array of possible paths across which those components could communicate, which together enable that involvement.
      3. User-defined transaction profiling — the tracing of events as they occur among the components or objects as transactions move across the paths discovered in the second dimension, generated in response to a user's attempt to cause the application to execute what the user regards as a logical unit of work.
      4. Application component deep-dive monitoring — the fine-grained monitoring of resources consumed by, and events occurring within, the components discovered in the second dimension.
      5. Analytics — the marshalling of a variety of techniques, including behavior learning engines, complex-event processing platforms, log analysis, and multidimensional database analysis to discover meaningful and actionable patterns in the typically large datasets generated by the first four dimensions of APM


      Note 1 Application Performance
      Monitoring Is the First Step to Manage the Hybrid Cloud Application Portfolio
      19 December 2011 ID:G00227693
      Analyst(s): Will Cappelli

      Focusing specifically on the end-user experience monitoring, nirvana would be the ability to monitor every router hop from the customer to the datacenter; the entire components of the user’s screen; monitoring the web server they land on and the entire application path from the web server to the database and back out.


      The reality is that is impossible to instrument the Internet, client equipment, data center infrastructure, application code and hardware all at the same time. 
        picture 1.jpg
      Even if you could provide that level of instrumentation, it would prove useless in determining the actual quality of all end- users’ experience from just the sheer amount of data.


      When it comes to diagnosing how a site is performing, an accurate quality assessment can be made by monitoring the customer's activity, errors and response times. But what methods to monitor the end users are available?  Which are the best - Active or Passive?


      A comprehensive strategy can be made with active monitoring (synthetic or scripted), passive monitoring (network-based packet capture, known as End User Experience Monitoring).



      Synthetic Monitoring

      Synthetic monitoring’s can be considered “Active Monitoring” because you are acting as the client. The earliest beginnings of Synthetic monitoring stem from the data center operator or person in charge hitting their own site from their desktop and declaring it “alive”.  onstantly hitting your own web site isn’t a good use of a person’s time, so scripts were written to continuously hit the site. However, there are valid reasons to have this mechanism in place.

      Some of the benefits that synthetic testing provides are:

      • Consistently determining if the site or page is up or down. Consider the time when a page is not generally available to the public or if there are no end users hitting that particular page or aspect of the site.
      • Synthetic tests can use various protocols (doesn’t always have to be just HTTP/s) that may be difficult or impossible to monitor on the wire (like RMI, Flash, Silverlight, Citrix ICA, FTP, or other binary protocols that cannot easily be decoded).
      • Synthetic scripts can be executed from specific locations – using that locality to determine region-specific problemsActive monitoring is looking at a website from outside-in and will allow for monitoring of timing and errors specific to external web components like mash-ups (like a Google map link)  or third party hosted elements (like the Customer Support Person who drops down on the screen) that are not really hosted from the data center of the web owner.
      • Scripted monitoring can be pointed to your web site or others to show how similar scripts act against ‘golden’ or competitive web sites.


      Some of the drawbacks to this active method of testing are:

      • Can only test the same thing over and over and on a periodic basis.
      • The test is not real – you can’t buy shoes every five minutes on a real web site.
      • A script cannot test everything. Humans are amazing at attempting odd combinations in real life.
      • Scripting does not provide a real time sampling. Periodic sampling does not provide a good indication of what everyone is experiencing on a web site. If Synthetic scripts test a transaction every five minutes and the site is taking thousands of hits per second, thousands of errors or unhappy users would not be reflected by the script's results.


      Products like BMC’s TM-ART provide a comprehensive method to script many types of transactions that would be found in a web environment.


      Network-based packet capture



      Products like BMC's - End User Experience Management (EUEM) are a Network-based packet capture "Passive" monitoring solution.



      Typically, End User Experience Monitoring (EUEM) or Real User Monitoring (RUM) is a passive technology that records and monitors user interactions with a website.   Monitoring the users’ actual activity on a website or an application provides visibility into performance, errors and volume of the web property. For the sake of this discussion, we will focus on true passive monitoring which is via network packet capture.


      Some of the benefits that real end user monitoring testing provides are:

      • Typically sees all users all the time.
      • Typically "Inside your four walls".
      • Provides a real view into what all users see.
      • No overhead – imposes no load on the servers or application.


      Some of the drawbacks to a real end user monitoring method of testing are:

      • Can't see CPU/Memory/Network bottlenecks.
      • Requires a device be located in a central collection spot.



      When the question comes up – “Which is better, Active or Passive monitoring of a web site”? The real conclusion is that both are unique and provide advantages and some disadvantages. Current implementations of web properties include many variations like mash-ups, externally hosted content, Flash or Ajax, for example. The combination of active and passive monitoring provides a more comprehensiveview of website performance and user experience then each separately. Therefore it is recommendable to use both active and passive technologies to monitor web performance.

        • 1. Re: Active versus Passive Monitoring

          EUEM (Real End User Experience Management) has the ability to 'passively' read a copy of the traffic and is considered to be passive monitoring for the fact that it does not interfer with the packets flowing between the end user and the web application.  A new part of EUEM allows an agent to be installed to feed data from the applicatoins' back end and in part - this is considered to be 'active' as it does not read a copy of the traffic.


          Synthetic monitoring works well with giving the performance/availability of a web application but lacks the randomness involved in a real end user session.  Synthetic monitoring also induces a additional load on your web applicaiton where as 'passive monitoring' does not.

          • 2. Re: Active versus Passive Monitoring

            Hello Chris,


            will this Real End User Experience Management with network-based packet capturing, still be in the current Truesight component set, in Truesight App Visibility Manager in November 2015?


            And will this still be delivered as an appliance or only as Software Installation set?




            • 3. Re: Active versus Passive Monitoring

              Hi Ronald,


              Yes, Passive EUEM (real end user experience monitoring via packet capture) is not going away and as a matter of fact, we have plans to further enhance the product. It is currently available in TrueSight App Visibility Manager 2.7 and soon will also be tightly integrated into TrueSight Operations Management/TrueSight Presentation Server.


              Currently there are 2 deployment models:

              Appliance and Virtual Edition. The Virtual Edition is a VM instance of our Passive EUEM solution. In the near future we'll offer a 3rd deployment model, software only (installables).



              • 4. Re: Active versus Passive Monitoring

                hello Melissa,


                can you provide a closer estimation, when Passive EUEM will be integrated in TSOM?



                • 5. Re: Active versus Passive Monitoring

                  Hi Ronald,


                  We are moving over Passive EUEM in a phased approach as there is much to do! We have a release slated for this Spring, currently looking at an early May timeframe (but subject to change) - This release will introduce Passive EUEM into the TSOM family. You will see a handful of dashlets that will be populated by PEUEM data as well as a central location to access all analyzers (the TSPS). We'll also be coming out with the new deployment model at this time, Passive EUEM Software Edition, which provides much flexibility and is cloud agnostic.



                  • 6. Re: Active versus Passive Monitoring



                    if a customer wants passive EUEM now, do we still have to implement a Virtual Edition(in the easiest case) as discribed in App Visibility 2.7?

                    1) how do we integrate monitoring aspects and also the results with TSOM

                    2) then, is configuration and management of PEUEM still carried out within the APM(2.7) console?

                    3) under this assumptions, is there any way to correlate PEUEM and Application Deep Dive results, i mean to make Application Diagnostics avaliable in an PEUEM/APM context?




                    • 7. Re: Active versus Passive Monitoring

                      Hi Ronald,


                      1) Can you please be more specific? What are you looking for here? The data for Passive EUEM will be displayed in the dashboards.

                      2) TSPS is replacing the APM console and will eventually do much more than the APM console does. There is very little configuration and management capabilities in the APM console, the TSPS will have much more in this area (as well as better data visualization)

                      3) There is today in the APM console and we have plans to bring this integration into the TSPS this year.