ExtraHop Networks

I have written and re-written this post at least a half dozen times. It’s been nagging at me since Interop in early May. I had a nice format. I even created some nice graphics, but it just felt so clinical and boring. I’m just gonna’ go off the top of my head on this one.

ExtraHop is unbelievable. I’m not just saying that because my company is an ExtraHop reseller. Or maybe that IS why I am saying that. I’ve seen this product run on the production side and the amount of usable data it generates is amazing. Especially given the fact that it uses no software agents. That’s right. It is a completely agentless Application Performance Management(APM) solution.

A Short History Lesson

Many years ago, network monitoring was fairly simple. Check a device status using SNMP or ICMP and pop off an alert when it stopped responding. That wasn’t enough, so we started watching flows. We learned a bit more about what was going through the various devices and how much bandwidth each application was eating up. We could also see QoS markings to gauge how well our QoS policy worked.

Flows were great and all, but the network grew up. It went all layer 7 on us. Standard network monitoring had its place, but wasn’t enough to tell us why a particular application wasn’t working. Applications moved off of a couple of boxes and onto multi-tier monstrosities. I use the term “monstrosities” in a loving manner. 🙂

The market responded. Companies begin to market APM solutions that gave insight as to why a particular application ran slow. Networking people everywhere rejoiced because the network infrastructure started to get exonerated at a faster rate once the APM product could point to a particular node in an obscure application tier as being the culprit. Measuring things like server wait time and comparing it to network wait time could clearly show where the problem was. Sometimes the problem WAS the network, and a good APM tool would show that too.

There’s just one problem with a lot of APM solutions. Well, not one problem. Several problems really. Let’s enumerate a few, and in doing so, maybe it will help you see why I am a fan of ExtraHop Networks.

Some Problems To Note

Software Agents – There are quite a few APM vendors that take the agent-based approach. You load an agent on the required servers and then get data directly from that host. Of course, now you have to maintain the code level on the agents and upgrade as needed. You also just installed software that might cause problems on your box due to the hooks the agent installs to have full visibility. ExtraHop doesn’t do that. No agents at all. They trust the wire to provide them with all the information they need. They use packet captures over software agents.

Streamlined Product Set and Architecture – There are 2 physical models from ExtraHop and 1 virtual model. That’s it. The EH2000 will go up to 3Gbps capture rate and the EH5000 will go up to 10Gbps capture rate. The EH1000V(interesting name for the virtual product since Cisco has a switch with a similar name.) will go up to 1Gbps capture rate. Other solutions might have dedicated boxes for capturing traffic and other boxes to do the actual number crunching or to run reports and dashboards. ExtraHop can function with a single box. If you have more than 1 of their boxes, you can use their Central Manager product, which is free, to aggregate information from multiple boxes.

Install Process – Some APM implementations can take months to get up and running. Not so with ExtraHop. Their box can be up and operational in 15 minutes. Actually, there was an install they did for a local client of ours and it took 11 minutes. That’s 11 minutes from nothing to usable data.

A Different Way

I listed three things above that I think are a pretty big deal. There are more things though, that cause me to like ExtraHop over other APM vendors.

Focus – ExtraHop is not trying to be all things to all people when it comes to monitoring. Because of that, they are exclusively focused on the operations side. They are not interested in making software development tools. There are plenty of other vendors who are doing that. ExtraHop is not going to be one of them.

Speed – ExtraHop writes their own hardware drivers on their boxes. Because of that, the box boots up fast and they can capture in real time using commodity hardware.

Enough of me going on and on. Take a look for yourself.

A Quick Look

This video has a lot more information and also shows you the capabilities of their new Citrix piece:


Of all the APM solutions I have seen so far, ExtraHop is my favorite. It isn’t that all the other solutions are horrible. They aren’t. It’s just that ExtraHop is better, in my opinion.

Easy to setup, easy to understand the architecture, and easy to use. Of course, you could do it the old way. Have a bunch of different boxes with different roles. Bring in a bunch of vendor engineers to setup the various pieces. Spend a fortune training people how to use it. You could always do that.

Or, you can start here and see what APM from ExtraHop looks like.

This entry was posted in monitoring, vendors and tagged , . Bookmark the permalink.