Nowadays, the requirement to maintain operations of multiple information systems becomes more important than any time before. Unfortunately, not every company attributes sufficient importance to this topic, although it really deserves much more attention.
First, it is important to explain in general why is infrastructure monitoring being performed. Primary reason is alerting of partial or total system malfunction, outage prevention based on predictive identification of such situations, performance tracking and last but not least security detection of system penetration.
However, it is not an easy task to create sound monitoring system. Company needs to understand the details of processes inside information system and recognize how individual processes influence each other or the whole system. Monitoring can be split into the following categories:
Measuring and interpretation of various parameters from the server’s operating system such as load of processor (CPU), RAM or storage system as well as, proper functioning of all processes required for standard operations of information systems. System monitoring includes also checks of hardware itself, i.e. to assess the risk of hard drive or RAM module outage.
Each application provides defined functionality. In practice, monitoring can work as a virtual user that browses defined web page and monitors whether the server responds with correct content, or within sufficient response time. Alike APM includes also monitoring of specific metrics from defined application parts, i.e. number of requests to web server in given period or how many requests are being processes by database server in given moment.
In principle, the monitoring covers checking of how application on server behaves vis-à-vis its current end users. In case of situation that falls out of standard operations pattern (i.e. web site loads in more than 5 seconds), monitoring creates snapshot of the whole system and related systems in given moment to provide full picture of the environment. This includes list of all processes running during the request, all database requests being processed or number of network connections established in given moment etc.
Basically, it helps control the activities on the network layer, in switches or routers, eventually detects whether the pattern of the network traffic to the server resembles any type of DDoS attack. IDS (Intrusion Detection System) may form part of such monitoring as well.
It is recommended to use all above-mentioned monitoring components, since only their combination provides complex view on your systems. For example, it is useful to learn from the monitoring that your web server responds slowly, however it does not help you identify the root cause of the problem since, it might result from the attack being run and this can be determined from the network metrics, eventually the problem may arise from the database on a completely different server. Therefore, we recommend always to implement a combination of monitoring systems or let the professionals perform the server maintenance and monitoring.