NPMD solutions play a key role in helping IT ops support increasingly complex technologies and services with network visibility, detection of performance issues and root cause analysis. Vendors continue to innovate with operational analytics, integrated GUIs and more flexible deployment options.
This document was revised on 15 March 2016. The document you are viewing is the corrected version. For more information, see the Corrections page on gartner.com.
NPMD tools allow for IT operations to understand the performance of application, network and infrastructure components via network instrumentation. These tools also provide insight into the quality of the end user's experience. The goal of NPMD products is not only to monitor the network traffic and infrastructure to facilitate outage and degradation resolution, but also to identify performance optimization opportunities. This is conducted via diagnostics, analytics and root cause analysis capabilities to complement monitoring of today's complex IT environments.
This market is a fast-growing segment of the larger network management space. Gartner estimates the size of the NPMD tool market at $1.1 billion and growing at a compound annual growth rate (CAGR) of 10.0%, according to Gartner's "Market Share Analysis: IT Operations Management Software, Worldwide, 2014." The NPMD market overlaps slightly with aspects of the application performance monitoring (APM) space.
This Magic Quadrant research period has seen a significant reshuffling within the NPMD vendor space, with the leveraged buyouts of Riverbed and SolarWinds (announced); the merging of InfoVista and Ipanema, and Keynote and Dynatrace; and NetScout's acquisition of Fluke Networks. Private equity firm Thoma Bravo has emerged as a key player in the NPMD market, with ownership stakes in many of these entities, including Riverbed, Dynatrace, Keynote, InfoVista and, most recently, SolarWinds (announced).
Figure 1. Magic Quadrant for Network Performance Monitoring and Diagnostics
Source: Gartner (February 2016)
Vendor Strengths and Cautions
Automic is focused on workload automation, application release automation and automated service orchestration. The acquisition of Orsyp in 2014 provided the means to build a dedicated business unit focused on performance around the Sysload and Streamcore product lines. Streamcore is the primary NPMD solution, coupling network performance monitoring capabilities with WAN optimization. Sysload focuses on system performance, endpoint monitoring and workload capacity planning. Automic's performance client base is largely centered in Europe, with limited penetration into other markets. Automic's strategy to leverage broader portfolio and geographic reach to expand NPMD beyond its core market has yet to show progress.
Recent feature updates in Streamcore include new virtual and hardware appliances, and a software acceleration client.
Automic NPMD revenue is between $5 million and $10 million per year.
Automic's user interface (UI) provides a unique visualization of service health using a scorecard dashboard that caters to network operator workflows.
Automic's monitoring, integrated with WAN optimization and automation, provides a competitive advantage.
Automic maintains a strong roster of technology partners and European channels, including BT, IBM and Microsoft.
Automic's performance business is not growing, which may lead to reassessment of current NPMD strategy. This may impact resources devoted to NPMD R&D, sales and support.
Plans to integrate monitoring with Automic's release and workload automation core products are targeted to application development and DevOps use cases, with limited applicability for NPMD.
End users cite dissatisfaction with Automic's cost of maintenance and implementation as compared to other vendors.
CA Technologies has an extensive history and product set for NPMD that was built over many years of acquisitions and organic development. CA has one of the largest focused revenue within the IT operations management (ITOM) area, with an extensive product portfolio.
CA Technologies' NPMD offering is the CA Unified Infrastructure Management (CA UIM, formerly CA Nimsoft Monitor) solution, which is complemented by other offerings, including CA Network Flow Analysis (formerly branded NetQoS), CA Unified Communications Monitor, CA Application Delivery Analysis (formerly branded NetQoS) and CA Virtual Assurance for Infrastructure Managers. CA Virtual Network Assurance (CA VNA) was released in December 2015 and provides visibility into performance bottlenecks and vulnerabilities in software-defined networking (SDN) and network function virtualization (NFV) environments.
CA UIM forms the basis for the company's revised unified architecture strategy, which aims to provide a single user interface and reporting system across its various NPMD products. While this first step in unification is applauded, it highlights the migration away from CA Performance Management, which also aspired to provide unification. This casts doubt on the ability of CA Technologies to effectively realize its integration vision, and leaves its strategy around legacy products such as Spectrum and eHealth unclear.
CA Technologies' NPMD revenue is between $151 million and $300 million per year.
The broad portfolio includes many functional areas, offering clients a set of products coupled with internal services capability to implement and maintain the solutions.
CA Technologies has commenced integration across its broad NPMD solution suite, leveraging both the architectural strengths of the CA UIM platform and agile deployment methodologies.
Positive financial viability continues to show that there is limited risk to business stability in doing business with the company.
CA's NPMD solution is an amalgamation of various product lines from several acquisitions with limited integration, which introduces significant complexity in UI and workflows.
End users report dissatisfaction with the high cost of maintenance and a high percentage of overall spend required for implementation services.
Packet analysis capability from Application Delivery Analysis has yet to be brought into standard monitoring and troubleshooting workflows.
Cisco has a large hardware installed base with its network-hardware-centric heritage, and has broadened its offerings to include unified communications, unified computing, management software and SaaS capabilities for collaboration.
Cisco's NPMD offerings include Cisco Prime Infrastructure (PI) for Simple Network Management Protocol (SNMP) and flow monitoring, configuration management, and provisioning of Cisco network devices. Cisco Prime Network Analysis Module (NAM) is an appliance-based solution for packet analysis. Cisco Prime Collaboration (PC) provides monitoring, configuration management and provisioning of Cisco's unified communications solutions. In December 2014, Cisco introduced Connected Analytics, which is a real-time streaming analytics platform for network and business data.
Cisco's large installed base across network environments gives it a large, addressable set of customers across verticals. Cisco provides workflows for monitoring and troubleshooting, with a focus on integration with Cisco technologies. However, the Prime offerings are not able to provide visibility into Cisco Intelligent WAN (iWAN), with users referred to third-party solutions for this purpose. Additionally, Cisco's cloud-based monitoring and management of its devices through its acquired Meraki product line has yet to be aligned with Prime.
Cisco's NPMD revenue is between $51 million and $150 million per year.
Cisco is in a unique position to support its pervasive networking installed base, offering very deep support for Cisco visibility technologies.
Strong support for wireless LAN infrastructure and performance monitoring, in conjunction with traditional data center technology, is a competitive differentiator in the NPMD space.
Cisco has strong financial viability, resulting in limited business stability-related risk.
With limited support for non-Cisco environments, Cisco Prime Infrastructure is mostly used as a point solution, often requiring buyers to purchase other management tools for comprehensive performance monitoring.
Analytics capabilities remain limited, with Cisco's NPMD solution primarily focused on reporting and presenting large reports of metric data.
The Network Analysis Module has a dated user interface, and packet analysis workflows are not well-integrated into Cisco Prime Infrastructure.
Corvil has historically been focused on electronic trading markets with short-time-scale network monitoring, providing comprehensive multisegment and highly accurate packet analysis. Company and product transitions began in the summer of 2014, with the release of the Corvil streaming analytics platform, called Giga. The Corvil network data analytics platform Tera Release is the third major release since the transformation began.
A focus on providing better application visibility with new decoders and the support of time-stamped application events are helping the company appeal to enterprises beyond its core financial industry customer base. The ability to publish analytics streams to big data and business intelligence (BI) systems also helps broaden the scope of the product past traditional use cases. The user interface, a longtime weakness of the product, is also a strategic priority, and has seen a significant update in the latest Tera Release. The company has recognized the demand for software-based solutions and is working toward a virtual machine (VM)-based option as part of a long-term goal of moving to a pure software-based delivery model.
In 2015, Corvil's resources have rapidly expanded, with the sales team tripling in size while R&D has doubled. With the company experiencing such growth, the ability of senior management to manage this transition will be tested.
Corvil's NPMD revenue is between $21 and $50 million per year.
Integration and interoperability, such as the ability to identify business-relevant events and stream these directly to third-party systems such as Hadoop and Splunk, are differentiators.
Modularity of overhauled product enables rapid delivery of new decoders, analytics and dashboard capabilities outside of the main development cycle, based on an agile development approach.
Corvil's licensing model is causing pricing disruption in the market space, with a separation of software pricing from the underlying hardware.
The company's profile remains low, particularly from a marketing presence that limits lead-generation opportunities.
Despite the recent improvements, the user interface remains geared to the network subject matter expert, limiting the speed of adoption and the appeal to those less technically proficient.
SNMP and flow-based data source support remain comparatively weak.
Flowmon Networks (formerly Invea-Tech) specializes in scalable flow-based monitoring to meet NPMD and network behavior analysis (NBA) disciplines. The company has grown through 100% organically derived revenue generated from sales of its NPMD and NBA products. The Flowmon NPMD tool is focused on flow-based NPMD monitoring, although new modules were introduced in 2014 that expanded the tool's breadth of coverage. Flowmon Traffic Recorder provides full-packet capture, and Flowmon APM delivers end-user experience insight and addresses application performance monitoring use cases. An additional Flowmon DDoS Defender module was released in 2015 to detect and mitigate volumetric attacks. A virtual appliance option and distributable architecture are also available, with Hyper-V support delivered in 2015, augmenting existing support for VMware's virtual environment.
While Flowmon Networks has updated its user interface to include a more modular view and improved reporting visualization, this aspect remains less sophisticated than other tools. Flowmon is primarily aimed at large enterprise and service providers, although its competitive pricing makes it a viable option for small and midmarket enterprises, too. Flowmon Networks is a 100% channel-focused company. With significant focus on Eastern Europe, channel partners are supported by dedicated regional managers that are located centrally in the Czech Republic alongside locally based country managers. With the majority of customers currently based in Europe too, this works well. However, customers based farther afield should ensure local resources are adequate for their needs. While integration with third-party security information and event management (SIEM) tools appears common, customers should confirm that the level of integration for other third-party systems meets their requirements.
Flowmon Networks' NPMD revenue is between $5 and $10 million per year.
Flowmon Networks provides a competitively priced option that would appeal to smaller and midsize organizations with flow-based monitoring requirements.
Flowmon's NPMD solution is highly scalable, with an ability to support 100G environments and 250,000 flows per second.
Flowmon's strong focus on security-related incidents enables it to provide its customers with a greater understanding of how malware, network abuse and distributed denial of service (DDoS) attacks affect network performance, versus traditional NPMD vendors.
Flowmon's solution is designed to support both NPMD and security use cases, but is not optimized for either use case.
Company size and profile remain low from a marketing perspective, limiting growth opportunities.
Support and maintenance is currently limited to 5x8 support based on European time zones, providing a challenge for non-European clients. 24/7 support is anticipated in 2H16.
Genie Networks targets its solutions to the communications service provider (CSP) industry. The company strategy is to provide scalable, yet competitively priced solutions.
Building from a competency in traditional SNMP-based network fault and performance monitoring capabilities, Genie Networks also incorporates deep packet inspection and flow analysis into its current offerings, GenieATM 6300 and VM. Latest enhancements include a virtual machine (VM) software deployment option, although this is limited to the GenieATM ISP and Multiprotocol Label Switching (MPLS) variants of the solution.
The company states a single instance of the product will support up to 110,000 flows per second and up to 100 routers and/or switches. It also provides combined traffic analysis with policy configuration for SDN environments.
The company, based in Taiwan, opened a new Singapore office in September 2015, further strengthening its focus in the South East Asia region.
Genie Networks did not respond to requests for supplemental information and/or to review the draft contents of this document. Gartner's analysis for this vendor is therefore based on other credible sources, including previous vendor briefings and interactions, the vendor's own marketing collateral, public information and discussions with end users.
Genie Networks' NPMD revenue is between $11 and $20 million per year.
Patented technology to identify application types from large datasets in a memory-efficient manner will be increasingly relevant with the proliferation of SaaS adoption by end users.
Appliance and VM-based options offer customers multiple form factors.
Attractive pricing and carrier-grade scalability continue to stimulate enterprise customer interest.
Tight CSP and APAC prioritization may compromise adoption beyond these vertical and geographical focal points, although the company's European client base continues to expand.
The product's user interface is dated and limited when compared to more sophisticated products in the market space.
Analytics capabilities are less sophisticated than competing products, centered on automated baselining to support anomaly detection and security-focused use cases.
Hewlett Packard Enterprise
One of the first vendors to offer enterprise network monitoring tools, Hewlett Packard Enterprise (HPE; spun off from HP in November 2015) has a long history of investment in the NPMD market. HPE has a substantial portfolio and customer base, with thousands of installations worldwide.
HPE's NPMD solution is composed of the Network Node Manager i (NNMi) and HPE Real User Monitor (RUM) for deep packet inspection, and is strong in its end-to-end, discovery-and-topology-based correlation, coupled with automation to improve root cause analysis. These capabilities underlie HPE's traditional strength in network fault monitoring, event correlation and automation.
HPE's IT operations analytics solution, HP Operations Analytics, enables forensic and predictive analysis of network and application performance, and shows a promising vision for advanced analytic workflows.
HPE's latest release includes support for network virtualization and end-user experience monitoring of Web and mobile applications. While modernization of its multiple user interfaces is a priority, and progress is being made, the current solution remains complex to implement and manage.
HPE's NPMD revenue is between $151 million and $300 million per year.
The vendor offers a broad portfolio of complementary availability and performance monitoring products, with unique integration of products such as HP Network Automation.
HPE's product roadmap is compelling, and includes the monitoring of converged infrastructure, SDN and NFV frameworks, and leveraging IT operations analytics (ITOA) for analytics. Execution against this roadmap will be key.
HP Services has a global presence with a strong reputation to implement and maintain its clients' solutions.
With the history of organizational changes at HPE, customers continue to express concern over HPE's direction and vision in the NPMD space.
Product release cycle is slow, with multiple years between major releases of NNMi and RUM.
End users have cited limitations in HPE's ability to integrate with and export to third-party solutions outside of the HPE software ecosystem.
InfoVista is a CSP and large-enterprise-focused NPMD provider, and is owned by private equity firm Thoma Bravo. The company's offerings span NPMD, wireless network design and planning, mobile network optimization, and configuration assurance. Product offerings focused on NPMD include VistaInsight for Networks (which includes the Vista360 UI) for visualization across the interrelated components of the suite. Those components are 5View Service Data Manager for data aggregation and analysis of the raw metric data, which feeds up to VistaInsight for Networks; 5View NetFlow appliances for flow collection, supporting NetFlow, sFlow, JFlow, cflowd and IPFIX data sources; and 5View Applications appliances, which provide deep packet inspection capabilities. The final module is 5View Mediation, which collects data from appliances doing packet and flow analysis for long-term, analytical reporting purposes.
InfoVista contributes to standards bodies for CSP services, such as carrier Ethernet. In April 2015, InfoVista acquired Ipanema Technologies. The acquisition adds further application insight, particularly in terms of voice over IP (VoIP) and unified communications (UC) platforms, as well as optimization and orchestration synergies. Ipanema's enterprise installed base presents InfoVista with an opportunity to expand its presence in this industry vertical. InfoVista has also expanded its OEM relationship with Huawei, which has resulted in local sales resources in the China region. InfoVista cites support of NFV and SDN technolgies for the CSP vertical as a key area of focus going forward.
InfoVista's NPMD revenue is between $51 and $150 million per year.
InfoVista's strategy is to focus on and deliver increased scale to meet the demands of the carrier networks and large enterprises.
VistaInsight and the 5View suite are multitenant, carrier-grade solutions optimized to meet the specific requirements of CSPs.
Extensibility of the InfoVista solution allows it to meet sophisticated use cases that many other vendors cannot meet.
End users continue to report higher than average implementation and maintenance costs.
InfoVista has a heavy reliance on European and Asia/Pacific (APAC) carriers, which make up the bulk of the installed base.
Extended services engagements are common to meet specific requirements of target service provider customers.
NetScout Systems has the largest market share in the NPMD space. NetScout's customers reside in the enterprise, service provider and public-sector industry verticals. NetScout completed the acquisition of Danaher's communication business in July 2015 for $2.3 billion. The deal brings together four major organizations — Arbor Networks (security monitoring), Fluke Networks (NPMD), Tektronix Communications (testing and measurement) and VSS Monitoring (network packet broker [NPB]). The combined head count of the four acquired organizations exceeds 2,000, increasing NetScout's preacquisition employee count significantly. This represents the largest acquisition of third-party technology in the history of the company, the incorporation of which we think could present a challenge. NetScout has also secured an increased credit facility.
Prior to the acquisition activity, NetScout also engaged in a rebranding and repositioning exercise that was revealed in April 2015. This was led by its chief marketing officer (CMO), who joined in July 2014. NetScout's nGeniusONE NPMD solution now stands at version 5.4. In November 2014, a UC-focused monitor and server add-on module was delivered in the form of nGenius UC Performance Management Solution, which replaces the previous nGenius Voice/Video Manager. While the majority of Gartner client inquiries expressing interest in NetScout continue to originate from the U.S., we have seen a reduced number from EMEA.
NetScout did not respond to requests for supplemental information and/or to engage in Gartner's standard procedures to address the contents of this document. Gartner's analysis for this vendor is therefore based on other credible sources, including previous vendor briefings and interactions, the vendor's own marketing collateral, public information, and discussions with end users who either have evaluated or deployed each NPMD product. NetScout has sued Gartner over the content of the 2014 NPMD Magic Quadrant, and that lawsuit is pending.
NetScout Systems' NPMD revenue is between $301 and $500 million per year.
Feedback from end users has been positive on the updated service representation in the latest version of the nGeniusONE platform.
NetScout has a large and loyal customer base.
NetScout's patented Adaptive Session Intelligence technology provides technical differentiation in support of growing scalability requirements.
NetScout's acquisition of Danaher's communication business appears to have resulted in overlapping product lines, which may result in execution challenges.
NetScout has been described as being a premium-priced solution by end users who interact with Gartner (for example, in client inquiries and one-on-one meetings at Gartner events).
NetScout's ability to derive and use application context from network data should not be confused with full APM capabilities.
NetScout Systems (Fluke Networks)
Fluke Networks was purchased by NetScout Systems in July 2015, along with other assets from Danaher's communications business, including Arbor Networks, VSS Monitoring and Tektronix Communications. Fluke Networks' core solution, Visual TruView, is coupled with Network Time Machine (high-performance stream-to-disk appliance), OptiView XG (a handheld application and network diagnostic tool) and TruView Live (a SaaS version of Visual TruView) to complete the NPMD portfolio.
Visual TruView's broad data source support includes packet analysis, flow analysis and SNMP polling. In addition to advanced path analysis, Visual TruView supports applications such as Microsoft Lync, Citrix environments, and distributed VoIP and video. TruView appliances are sized based on network storage and processing requirements. In 2015, Fluke Networks launched its first version of TruView Live, a SaaS-based delivery solution with monthly and yearly subscription options. NetScout management has publicly stated that it had delayed plans to integrate Fluke Networks with its core business, which led to the departure of a few people, and that the company experienced some disruption in both sales and distribution channel (see Evidence section).
Fluke Networks completed the vendor survey and provided customer references prior to the completion of the acquisition by NetScout. NetScout did not respond to requests for supplemental information and/or to engage in Gartner's standard procedures to address the contents of this document. Gartner's analysis for Fluke Networks is therefore based on submitted materials, other credible sources, including previous vendor briefings and interactions, the vendor's own marketing collateral, public information, and discussions with end users who either have evaluated or deployed each NPMD product. NetScout has sued Gartner over the content of the 2014 NPMD Magic Quadrant, and that lawsuit is pending.
Fluke Networks' NPMD revenue is between $100 million and $150 million per year.
Fluke's current offering and strategy are focused on providing powerful root cause analysis capabilities, coupled with an easy-to-use platform for the network engineer.
Visual TruView is a single appliance-based product, but allows the configuration of different personalities so the customer can repurpose and use each appliance for multiple types of data acquisition.
Fluke's strong presence in the EMEA and APAC markets is synergistic with NetScout's extensive North American coverage.
The overlapping functionality between NetScout's and Fluke's product lines and potential integration challenges may challenge Fluke's ability to execute against its roadmap.
Fluke Networks has demonstrated limited ability to harvest business and transaction intelligence from its data sources, with little extensibility or programmability support.
Gartner has observed that marketing remains a challenge for Fluke, with messaging not well targeted toward senior management, and with minimal messaging around its position in NetScout's product line.
Niksun's NPMD products exist under the broad umbrella of the NetVCR Suite, which is designed specifically for large-scale network monitoring. Niksun's security line is branded as the NetDetector Suite. While offering appliances and architectures to suit network infrastructures of all sizes, the vendor's NetVCR appliance supports high-fidelity data capture and analytics at speeds exceeding 100 Gbps. Other products include Virtual NetVCR (NetVCR for virtual environments), NetTradeWatch (for visibility into the trading network environment), NetVoice (for VoIP oversight and administration), IntelliNetVCR (portable NetVCR for field professionals), FlowAggregator Alpine (a flow traffic collector) and NetBlackBox Pro (a scaled-down version of the appliance that is designed for high-performance data capture and simple analytics).
Niksun has primarily focused on global service providers and other highly network-dependent enterprises, including large financial institutions and defense/intelligence communities.
Niksun's NPMD revenue is between $21 million and $50 million per year.
Niksun did not respond to requests for supplemental information and/or to review the draft contents of this document. Gartner's analysis for this vendor is therefore based on other credible sources, including previous vendor briefings and interactions, the vendor's own marketing collateral, public information, and discussions with end users.
Niksun maintains a leading position at high speeds, with packet capture of more than 100G, with faster processing and more storage in the recently released Supreme Eagle hardware platform.
Niksun has a unique strategy for machine-to-machine and Internet of Things (IoT) environments, leveraging its ability to scale.
Niksun has recently added support for deployments in virtual environments, with virtual versions of its NetVCR product.
Niksun's focus on both security and performance buyers may hinder its ability to service both markets effectively.
Gartner has observed limited advances in application level visibility, analytics and root cause analysis.
Gartner has seen limited market presence and visibility compared to other vendors in this analysis, which may limit their growth potential.
Paessler focuses on network monitoring software; its unified offering is PRTG Network Monitor. The solution covers monitoring of network elements for fault, flow analysis, and packet sniffing with a single, simple solution. Additionally, the product supports health monitoring of application instances, servers and virtual environments.
The company places high priority on simplified usability and transparent licensing. The latest product enhancements include automatic device discovery that recommends the right sensor for the device type detected, support for mobile apps via a "push-notification" feature that enables alerts to be sent to mobile devices, support for MongoDB, improved support for Cisco's Unified Computing System (UCS) device, and increased sensor reporting and analysis. The Ajax Web-based graphical user interface (GUI) has also been overhauled, although contextual drill-down is still limited.
PRTG Network Monitor is competitively priced, based on the number of monitors set up in the product, and is available in a "try and buy" go-to-market strategy. The NetFlow monitoring sensor can ingest all standard flow-type technologies, and integration with Google Analytics and an optional ticketing system provide workflow aids beyond the core network monitoring focus. With the introduction of cloud-based sensors providing visibility into nine AWS data centers and a clustered high-availability architecture, the company has started targeting management service providers (MSPs) and cloud-based SaaS providers alongside its core enterprise installed base.
Paessler's NPMD revenue is between $21 and $50 million per year.
Paessler's rapid development stream means that new and updated sensors are released frequently — on a quarterly basis.
Easily accessible freeware options reduce the barrier to adoption and enable a low-pressure sales engagement model.
Embedded clustering allows for fault-tolerant monitoring without the complexity of additional software components or third-party technology.
The packet sniffer module has limited capabilities, including an inability to save packet data to disk, and fewer supported application types and protocols than competitive products.
Paessler focuses on selling via Web and resale channels, limiting their ability to meet specific large-enterprise requirements.
Paessler has recently started targeting smaller and midsize MSP and SaaS providers, which may dilute their focus from their core SMB and midmarket enterprise heritage.
Riverbed focuses on application delivery, acceleration and performance monitoring. Riverbed has assembled a broad set of performance monitoring capabilities, primarily through acquisition. The acquired technologies (from Mazu Networks, Cace Technologies and Opnet Technologies, now all branded as SteelCentral products) have seen further brand and product name updates to better indicate support across NPMD and APM use cases as well as their relationship to each other. The delivery of SteelCentral Portal in 1H15 has helped unify and prioritize the visualization of APM and NPMD data for different target users.
The suite, branded as SteelCentral NPM, includes several appliance lines and software components that support packet inspection, storage and advanced analysis of collected data. SteelCentral's NetProfiler continues to provide the core protocol and flow analysis and reporting interface for network-related data sources. SteelCentral's AppResponse and NetShark provide the packet collection, while SteelCentral Flow Gateway fulfills the same role for flow collection, all feeding both into NetProfiler and Portal for interpretation and visualization.
Riverbed was acquired in a leveraged buyout by a consortium led by private equity investment firm Thoma Bravo in April 2015. Clients and potential prospects need to be aware that Thoma Bravo is also the majority shareholder for several other network performance providers (Dynatrace, Empirix, InfoVista), which could lead to further ownership changes, although there are no signs this will be a likely outcome. Nonetheless, this consideration needs to be part of any NPMD procurement risk management exercise. In addition, Gartner advises end users to carefully examine Riverbed's product roadmap to ensure the rate of innovation aligns with their own organization's future requirements.
Riverbed's NPMD revenue is between $151 and $300 million per year.
Technical breadth and depth are often cited as key differentiators in competitive evaluations.
Corporate reorganization has led to a tighter alignment between Riverbed's core SteelHead line of business and SteelCentral, both technically and commercially.
SteelCentral Portal offers a consolidated application and network dashboard view of several interrelated and dependent resources.
Personnel churn has been observed throughout 2015 in parallel with leadership and organizational changes, creating some disruption.
While we have seen improvements in scalability, Riverbed's SteelCentral NPM product has seen limited innovation in 2015.
Despite progress made with SteelCentral Portal, users are still required to navigate multiple underlying SteelCentral NPM products with varying GUIs and workflows.
SevOne has maintained rapid growth to date. In September 2015, it closed an additional Series C venture capital funding, led by Bain Capital Ventures and Westfield Capital Management, for an additional $50 million. This has helped fuel a 31% growth in head count since the last Magic Quadrant. SevOne has also seen changes in its C-suite, with the former CEO from AppNeta (another Bain Capital-funded company) taking over as chief marketing officer. With the company experiencing such growth, the ability of senior management to manage this transition will be tested.
SevOne's NPMD solution consists of the SevOne Performance Appliance Solution (PAS), Dedicated NetFlow Collector (DNC), Performance Log Appliance (PLA) and the Application Performance Appliance (APA), the latter through an OEM. The PLA solution came through its 2014 acquisition of RapidEngines.
SevOne markets to both the enterprise and service provider markets, and has strong scalability and a flexible distributed architecture. SevOne has updated its offering with added SDN support through PLA/PAS, and also added AWS, Microsoft Azure and VMware vCenter support. However, it continues to have limited UC and VoIP support when compared to vendors offering packet-based performance monitoring.
SevOne's NPMD revenue is between $51 million and $150 million per year.
SevOne leverages its rapid flow analysis engine and patented horizontal scaling architecture to offer very high flow processing and reporting on a single appliance.
SevOne has developed capabilities in the growing IoT monitoring space, with the scalability and granularity required to monitor in such environments.
End users rate SevOne's support highly for delivering on requested enhancements, with its productized xStats adapters that include a 10-day guarantee for new device certification.
SevOne has made limited progress in taking advantage of packet data in its core monitoring and troubleshooting workflows, which are still focused on flow and SNMP data sources, while integration of log data shows some progress.
End users cite issues regarding product stability, and SevOne's steps to improve quality have limited innovation in recent releases.
SevOne's focus on large enterprises and CSPs may limit their ability to serve the broader market.
SolarWinds has a very large network management installed base and wide name recognition. SolarWinds' NPMD solution consists of SolarWinds Network Performance Monitor and SolarWinds NetFlow Traffic Analyzer. SolarWinds has extended its performance capability to include quality-of-experience monitoring through packet capture. SolarWinds' NPMD solution covers monitoring of network elements for fault, availability, performance, flow analysis and packet analysis in a single software offering.
SolarWinds offers a variety of additional capabilities around application and database monitoring that provide a loosely integrated solution for end users seeking simplicity in a monitoring solution. SolarWinds solutions are software-only, which can limit scalability when compared with hardware-based solutions. SolarWinds' disruptive strategy — to offer a low-cost and simple solution for the masses — still appeals to lower-maturity IT shops, but increasingly complex problems are requiring more advanced solutions.
SolarWinds' new capabilities include wireless network monitoring and several automated analysis functions, such as capacity forecasting, automatic dependency and geolocation tracking.
It was recently announced that SolarWinds will be acquired in a leveraged buyout by Silver Lake Partners as the majority partner and Thoma Bravo as the minority partner. Thoma Bravo also has ownership stakes in NPMD vendors Riverbed and InfoVista, and in APM vendor Dynatrace. This vendor evaluation was done before the announcement of this change of ownership, and was not factored into the final results.
SolarWinds' NPMD revenue is between $150 million and $300 million per year.
With a low-cost entry point and strong brand and marketing presence, SolarWinds has amassed a large user base, and it is often the first choice of many SMB buyers requiring NPMD capabilities.
SolarWinds provides an easy-to-use interface with quick value out of the box, with very simple implementations.
The useful ecosystem of tools beyond NPMD gives users a toolbox of capabilities, including topology mapping and network configuration management.
The conservative approach to new technology support has seen support for hybrid IT environments lag behind competitive vendors.
End users cite weakness in SolarWinds' ability to handle large environments, and report limited data analytics for tackling complex problems.
SolarWinds has no outside sales team and offers no professional services. This creates limitations for enterprises requiring nonstandard or complex implementations.
Viavi Solutions was spun out from what was JDSU in August 2015. The new entity has reorganized management of its network and service enablement (NSE) and optical security and performance (OSP) assets, and is taking a more central approach on go-to-market, branding, Web presence and product development strategy. August 2015 also witnessed the CEO of the new company departing weeks after its formulation, with an interim CEO stepping in until a long-term replacement is announced. This means the performance management business unit (BU) of Viavi Solutions (formerly known as Network Instruments, prior to its own acquisition by JDSU in 2014) has now seen itself under three different CEOs in the last two years.
Despite ownership and management churn, the Observer performance management platform remains a technically comprehensive packet-based NPMD tool, with postcapture analysis rates increasing in 2015 by 70% over previous performance figures. Deployment options have also improved with the delivery of a SSD-based portable model of GigaStor that supports line rate 10GB packet capture and storage, as well as a software edition providing all core functionality of the regular hardware appliance, with 250GB and 1TB capacity options available on launch.
Alongside these internal product developments, Viavi has formed a formal technology and marketing alliance with leading NPB vendor Gigamon. Viavi's current NPMD solution set, the Observer performance management platform, includes Observer Apex, Observer Analyzer, Observer Management Server, Observer GigaStor, Observer Probes and Observer Infrastructure.
Viavi's NPMD revenue is between $51 and $150 million per year.
Responsiveness to customer demands is demonstrated through the delivery of a software and portable edition of GigaStor to help address limited deployment options.
Viavi's Matrix NPB is appealing to small-scale enterprises looking for NPMD and NPB capabilities from the same vendor.
Packet capture and inspection (via GigaStor) capability is well-regarded by Viavi clients.
Significant ownership upheaval and senior management churn appear to be slowing down the ability of the performance management BU of Viavi to execute on its vision and strategy.
The NPMD solution requires multiple components with differing user interfaces that are not consistent across products.
Viavi's primary focus is the service provider vertical, which is not in alignment with Observer's core enterprise user base.
Vendors Added and Dropped
We review and adjust our inclusion criteria for Magic Quadrants and MarketScopes as markets change. As a result of these adjustments, the mix of vendors in any Magic Quadrant or MarketScope may change over time. A vendor's appearance in a Magic Quadrant or MarketScope one year and not the next does not necessarily indicate that we have changed our opinion of that vendor. It may be a reflection of a change in the market and, therefore, changed evaluation criteria, or of a change of focus by that vendor.
Flowmon Networks — This vendor qualified for inclusion after adding packet capture support in the latest release.
Paessler — The vendor qualified for inclusion due to a change in the inclusion criteria allowing the ability to support 10G environments at full line rate via multiple instances of the tool.
SolarWinds — The vendor qualified for inclusion due to a change in the inclusion criteria allowing the ability to support 10G environments at full line rate via multiple instances of the tool.
Viavi Solutions — This vendor was spun out of JDSU's network and service enablement business unit.
Hewlett Packard Enterprise — HPE was formed as a spin-out of HP's enterprise-focused business unit.
AppNeta — This vendor has removed NetFlow support from their product, which is part of the Magic Quadrant inclusion criteria.
Inclusion and Exclusion Criteria
Vendors will be required to meet the following criteria to be considered for the 2016 NPMD Magic Quadrant and Critical Capabilities:
The ability to monitor, diagnose and generate alerts for:
Network endpoints — Servers, virtual machines, storage systems or anything with an IP address, by measuring these components directly in combination with a network perspective.
Network components — Such as routers, switches and other network devices. This includes SDN and NFV components.
Network links — Connectivity between network-attached infrastructure.
The ability to monitor, diagnose and generate alerts for dynamic end-to-end network service delivery as it relates to:
End-user experience — The capture of data about how end-to-end application availability, latency and quality appear to the end user from a network perspective. This is limited to the network traffic visibility and not within components, such as what application performance monitoring is able to accomplish.
Business service delivery — The speed and overall quality of network service and/or application delivery to the user in support of key business activities, as defined by the operator of the NPMD product. These definitions may overlap as services and applications are recombined into new applications.
Infrastructure component interactions — The focus on infrastructure components as they interact via the network, as well as the network delivery of services or applications.
Support for analysis of:
Real-time performance and behaviors — Essential for troubleshooting in the current state of the environment. Analysis of data must be done within three minutes under normal network loads and conditions.
Historical performance and behaviors — To help understand what occurred or what is trending over time.
Predictive behaviors by leveraging IT operations analytics technologies — The ability to distill and create actionable advice from the large dataset collected across the various data sources.
Leverage the following data sources:
Network device generated data, including flow-based data sources inclusive of NetFlow and IPFIX.
Network device information collected via SNMP.
Network packet analysis to identify application types and performance characteristics.
The ability to support the following scalability and performance requirements:
Real-time monitoring of 10G Ethernet networks at full line rate.
Ingest sampled flow records at a rate of 75,000 flows per second via a single instance of the product.
Total NPMD product revenue (including new licenses, updates, maintenance, subscriptions, SaaS, hosting and technical support) must have exceeded $7.5 million for 3Q14 through 2Q15, excluding revenue derived from security-related buying centers.
The vendor must have at least 75 customers that use its NPMD product actively in a production environment.
The vendor must have at least 10 customers located in at least two of the following geographic locations: North America, Latin America, EMEA and/or APAC, that use its NPMD product actively in a production environment.
Ability to Execute
Product or Service: Gartner makes judgments from a variety of inputs to evaluate the capabilities, quality, usability, integration and feature set of the solution, including the following functions:
Data source support, including application and network device log data
IT operations analytics
Day-to-day maintenance and management of the product
Ease and simplicity of deployment and configuration
Ease of use and richness of functions within the product
Product deployment options and usability
Overall Viability: We consider the vendor's company size, market share and financial performance (such as revenue growth and profitability). We also investigate any investments and ownership, and any other data related to the health of the corporate entity. Our analysis reflects the vendor's capability to ensure the continued vitality of its NPMD offering.
Sales Execution/Pricing: We evaluate the vendor's capability to provide global sales support that aligns with its marketing messages; its market presence in terms of installed base, new customers and partnerships; and flexibility and pricing within licensing model options, including packaging.
Market Responsiveness/Record: We evaluate the execution in delivering and upgrading products consistently, in a timely fashion, and meeting roadmap timelines. We also evaluate the vendor's agility in terms of meeting new market demands, and how well the vendor receives customer feedback and quickly builds it into the product.
Marketing Execution: This is a measure of brand and mind share through client, reference and channel partner feedback. We evaluate the degree to which customers and partners have positive identification with the product, and whether the vendor has credibility in this market.
Customer Experience: We evaluate the vendor's reputation in the market, based on customers' feedback regarding their experiences working with the vendor, whether they were glad they chose the vendor's product and whether they planned to continue working with the vendor. Additionally, we look at the various ways in which the vendor can be engaged, including social media, message boards and other support avenues.
Operations: The ability of the organization to meet goals and commitments. Factors include quality of the organizational structure, skills, experiences, programs, systems and other vehicles that enable the organization to operate effectively and efficiently.
Table 1. Ability to Execute Evaluation Criteria
Product or Service
Source: Gartner (February 2016)
Completeness of Vision
Market Understanding: This criterion evaluates vendor capabilities against future market requirements. The market requirements map to the Market Overview discussion and look for the following functionality:
Data source support, including application and network device log data
Virtualization (NFV and SDN)
Marketing Strategy: We evaluate the vendor's capability to deliver a clear and differentiated message that maps to current and future market demands, and, most importantly, the vendor's marketing effectiveness to the NPMD market through its website, advertising programs, social media, collaborative message boards, tradeshows, training and positioning statements.
Sales Strategy: We evaluate the vendor's approach to selling NPMD in the appropriate distribution channels, including channel sales, inside sales and outside sales.
Offering (Product) Strategy: We evaluate product scalability, usability, functionality, and delivery model innovation. We also evaluate the innovation related to the delivery of products and services.
Business Model: This is our evaluation of whether the vendor continuously manages a well-balanced business case that demonstrates appropriate funding and alignment of staffing resources to succeed in this market. Delivery methods will also be evaluated as business model decisions, including the strength and coherence of on-premises and SaaS solutions.
Vertical/Industry Strategy: We evaluate the targeted approaches in marketing and selling into specific vertical industries.
Innovation: This criterion includes product leadership and the ability to deliver NPMD features and functions that distinguish the vendor from its competitors. Specific considerations include resources available for R&D and the innovation process.
Geographic Strategy: This is our evaluation of the vendor's ability to meet the sales and support requirements of IT organizations worldwide. In this way, we assess the vendor's strategy to penetrate emerging markets.
Table 2. Completeness of Vision Evaluation Criteria
Offering (Product) Strategy
Source: Gartner (February 2016)
The Leaders quadrant represents those vendors that are pushing the NPMD market forward, including those with comprehensive portfolios and the ability to handle multiple application and technology types. They offer a choice of hardware or software appliances for optimum flexibility, while making formerly premium-priced NPMD solutions attainable by midsize organizations. All Leaders offer a high degree of application-aware insight and visibility, along with advanced troubleshooting and diagnostic workflows.
Challengers consist of those vendors with high market reach and large deployments. Stalwarts in the network performance monitoring and diagnostics market, they are currently striving to deal with new technical demands and rising expectations. These established NPMD vendors generally bring a substantial installed base, but also architectures, feature sets and pricing structures that require modernization (often in progress) to better compete with those in the Leaders quadrant.
Visionaries have built a compelling plan to competitively address current and future NPMD customer demands. The Visionaries are combining elements of ITOA and NPMD in ways that provide deeper visibility than is currently available from other vendors. Presently, execution is limited either by insufficient market reach, or by the extent of existing tools and technology capabilities that are not initially designed, or able, to meet these needs.
Niche Players are those vendors with solutions catering to specific audiences or with limited use-case support today. They have often been unable to address the needs of larger enterprises, or have only done so within specific verticals or market segments. Each of these vendors is working to appeal to the broader NPMD buying community, versus the targeted use cases they serve today. With the right changes to their product plans, positioning and/or business execution strategies, any of these vendors could successfully shift their differentiated technologies to address use cases in ways that today's Leaders might have a hard time matching.
NPMD solutions should be considered as part of an overall network management initiative included in a larger availability and performance monitoring strategy. Utilizing these additional points of reference will yield further unique criteria (such as existing investments, investment plans and vendor relationships) that, when combined with Gartner analysis, can prove critical to proper solution selection.
In the course of this research, several key observations emerged that should be carefully considered during NPMD strategy formulation and solution selection, including:
Industry consolidation through acquisition and activist investors has led to changes of ownership affecting several NPMD vendors.
NPMD technology has seen incremental innovation over this review period, with core functionality across the many vendors largely stagnant.
Normalization of UI and workflows across several vendor's toolsets has shown some progress, but much work must still be done.
Ease of use remains an area that needs improvement, and varies significantly both across vendors and within solutions.
Limited support exists within NPMD solutions for the monitoring of applications hosted in the cloud — private, public and SaaS — and for applications accessed via mobile devices.
While the use of IT operations analytics has not fully materialized to date, vendors have increasingly begun to leverage big data back ends or built operational analytics overlays to facilitate data analytics across all captured data.
Support for monitoring SDN environments remains absent in most NPMD solutions; however, most NPMD vendors now offer virtual instances of their product for instantiation in an SDN environment.
Flow protocol support and actual flow data utilization vary significantly across vendors.
NPMD solutions have a primary data source (SNMP, flow or packet), and have a difficult time leveraging the benefits of each data source for the maximum value to the user.
Pricing and product/capability packaging vary significantly across vendors.
On-premises software and appliances are the dominant delivery model, but SaaS offerings are slowly becoming available although not adopted widely.
Increasing overlaps with APM and ITOA tools are impacting buying decisions.
Many NPMD solutions are assembled from multiple products, which can enable modular adoption of NPMD capabilities, but also can add significant complexity to procurement and ongoing maintenance.
It remains imperative that organizations purchase tools that closely match their current maturity levels. Many network monitoring teams have yet to successfully make the leap from basic, reactive network availability management to proactive performance management. While tool investment can play a part in this maturation, it is clear that simply investing in NPMD tooling without similar investments in training, integration and processes will yield limited results, at best. Gartner recommends that IT operations assess their current state of maturity on a regular basis, both individually and at the organizational level, to provide this perspective. To help, teams can utilize Gartner's ITScore for infrastructure and operations (ITSIO; see"How to Improve I&O Maturity by Using the ITScore" ).
Organizations should not utilize the Leaders quadrant as a shortlist of appropriate vendors, but instead should build a list of criteria describing their current and future needs, and then select from vendors that best meet those requirements. Organizations should select a vendor that has both a history of and future plans for focusing on this market. Careful consideration should be given to required skills, training, process and deployment investments, because these factors will have a much greater impact on the overall value realized from an NPMD investment than any specific functional capability found in a given tool.
NPMD: A Mature Market Evolves in Response to New Demands
For decades, the well-established practice of network management has enjoyed no shortage of available monitoring technologies, tools and vendors; however, the vast majority of those solutions, both acquired and implemented over the years, have been designed to support isolated, reactive resolution of availability issues by network specialists. There have also been many investments in tools and skills, with the specific goal of monitoring the performance of network infrastructure in addition to its availability; however, these efforts have typically been hampered by technology limitations and isolated implementation. This approach, while delivering moderately satisfactory results for many years, has proven inadequate in the face of several key shifts, including:
Increasing recognition that network traffic is a critical source of information about the behavior of the holistic IT stack.
Exponential growth in application and infrastructure dynamism and complexity forces network instrumentation as the key piece of the visibility puzzle.
Rising demand for network services and end-user expectations of their quality.
Growing appreciation of the network as a critical component of IT services and as an agnostic, trusted source of cross-domain availability and performance data.
Closer alignment between IT and the business, with an appreciation that network data can provide value through business intelligence.
Growing reliance of network and application performance tied to the success of the enterprise.
Each of these shifts has pressured network teams to rethink their tooling strategy, so that they can get the visibility they need to truly monitor and troubleshoot the performance of their network resources in the context of the applications and services they support.
NPMD tools provide this required breadth and depth of visibility in both real-time and historical perspectives by uniquely analyzing data from all three of the following sources: SNMP polling, flow-based technology and packet-based technology. Previous approaches that only take into account one or two of these data sources have proven to be inadequate, so all three must be supported for a tool to be considered an NPMD solution (see Product-Related Criteria section above).
Period polling is one method that looks to quantify network usage of network elements to gauge the requirements of the infrastructure. Each network device has embedded agents that "speak SNMP." These agents can then be interrogated with a polling-based approach, returning metrics from the embedded agent. These collected metrics can be stored, reported on, analyzed for troubleshooting or used for capacity planning. SNMP polling can also be used to gather information about hardware or software errors (faults) and capacity data (for example, triggering an alert when a hardware fault occurs, or the device CPU is above a threshold or the interface capacity is abnormal when compared to a baseline). Based on the metrics gathered, the network team can estimate the delta between existing and required bandwidth needs on a per-location basis. A limitation with this method is the minimal granularity it offers, which matches the frequency of the polling and the overhead it may put on the devices being polled, especially if other tools are also polling. In most NPMD technologies, SNMP is used during troubleshooting to collect additional data, whereas in infrastructure monitoring, it's used more regularly to understand the health of the network devices.
While SNMP polling provides information on interface utilization and traffic, it is unable to provide a view into application and user usage patterns. To meet this need, consider solutions that provide flow- and packet-based technology.
Summarized data is generated by the network devices, including characteristics of the IP conversation between two network nodes, and these characteristics are embedded within flows. Flow data is exported from the network devices to the NPMD technologies, which then collect and process this data stream to provide insight into which devices and applications are consuming bandwidth, how long the conversations are lasting, and who is participating in them. Since the data is summarized, a degree of detail is removed to simplify processing and extract meaning from the actual network data.
There are several flow collection standards, such as Cisco's NetFlow (v.5/v.9), Juniper Networks' J-Flow, Huawei's NetStream, Citrix's AppFlow, the Internet Engineering Task Force's (IETF's) Internet Protocol Flow Information Export (IPFIX, which is based on NetFlow v.9) and sFlow from the sFlow.org consortium. Vendor-derived standards are predominant, which hinders integration and comparisons. Flow data collection is a function embedded in the network devices themselves. The device analyzes the network traffic traversing from one interface to another, with the primary purpose of assessing bandwidth consumption, and the level of data being sent and received between various source and destination ports across the network. That data is then summarized into a stream-of-flow record that is sent to the monitoring tools that collect and assess the flow records.
Additionally, the quality and granularity of flow information are always evolving. Many vendors embed additional data within their flows, especially those implementing flexible record types, such as Cisco's IOS Flexible NetFlow, which allows the user to configure the exported data format. Example data embedded in flows contains wireless protocols, link aggregation, URLs, latency information, and other application or infrastructure monitoring data. With such open standards in flow technologies, the architecture varies between network equipment vendors, but most tools collect and process the data regardless of the network equipment implementation. In addition, it can have a performance impact on the devices exporting flow data.
Flow-based data does not provide details down to a specific set of network packets going between the source and destination, nor does it provide any timing information about the conversation itself or the delay components. For this capability, users must consider packet-based technologies.
Examining the current infrastructure in detail on a per-packet basis provides the necessary real-time and historical visibility into volatile traffic behavior from "bursty" modern application types, like today's chatty Web applications, unified communications services (such as voice and video delivery) and the growing footprint of virtual desktop infrastructure (VDI) technologies. Because only raw, unmanipulated packet data is collected, a vendor-agnostic view of performance can be preserved throughout the analysis. This approach affords far greater insight and precision, but it comes with potentially costly (and for some, impossibly costly) appliance or "probe" implementation requirements. Software-based packet capture capabilities have recently been introduced as cost-sensitive alternatives, but with obvious limitations in scalability and storage.
Analysis offered by packet-based technology is packet-timing-based, allowing vendors to identify sources of delay, measure user response time and ultimately pinpoint the root cause of performance problems. The packet analysis vendors range from those providing measurements from a TCP connection perspective to those reporting on timing on a TCP request/response basis. Other vendors move up the stack to measuring at the application layer, providing measurements from an application session perspective, and a much closer representation to real end-user experience.
The modern packet analysis technologies were pioneered more than 20 years ago with Network General's packet Sniffer in 1986. Sniffer was designed to help troubleshoot network issues after they occurred. This technology was acquired several times, and now finds its home with NetScout, as of 2007. Through the years, these high-end proprietary packet analysis technologies have commoditized and moved into open source, with entrants such as Wireshark, tcpdump and libpcap providing the underpinnings of this technique. These particular open-source technologies have, in turn, been incorporated into countless numbers of other critical open-source projects, such as Snort (intrusion detection system), Nmap (port scanning) and ngrep. These technologies continue to evolve, most recently into enabling real-time visibility and, in many cases, supporting the archiving of packet data for forensics and debugging without requiring the issue to be reproduced for diagnosis.
As the NPMD market continues to grow and develop, Gartner expects that future tool enhancements will center on usability, advanced IT operations analytics and virtualization/SDN support. Additional vendors are expected to enter the NPMD market, as well as vendors participating in the larger network performance monitoring market, but they did not meet the criteria specific to the 2015 NPMD Magic Quadrant.
Adjacent and Overlapping Markets
NPMD is, and will likely continue to be, frequently confused with adjacent and component technologies, as it is both a reasonably recent addition to the dynamic availability and performance monitoring market and a superset of multiple network performance monitoring technologies. Because vendors will both intentionally and unintentionally exacerbate this confusion to their benefit, IT leaders are advised to utilize the following definitions to add clarity to their evaluation efforts.
Application Performance Monitoring
APM tracks the end-user performance of application components, and provides granular troubleshooting tools for the application and its components through server-based instrumentation. It provides this insight by monitoring five main functional dimensions: end-user experience (EUE) monitoring, application topology discovery and visualization, user-defined transaction profiling, application component deep dive, and IT operations analytics. APM differs from NPMD primarily in its focus on monitoring the quality of the end user's experience via application interactions across all application and infrastructure tiers, including, but not limited to, the network perspective. There are several vendors in the NPMD space that offer accompanying APM solutions. Several vendors offer integrated APM and NPMD solutions. See "Magic Quadrant for Application Performance Monitoring Suites" for further details.
Infrastructure monitoring (IM) tools focus exclusively on monitoring the infrastructure topology composed of compute systems, storage, virtualization and network devices, using agent-based or agentless polling technologies, such as SNMP, Windows Management Instrumentation (WMI) or API integration-based data collection. These solutions focus on the availability and health of these systems, as opposed to the performance insight offered by APM and NPMD solutions. The difference between these tools and APM products is that they look at server-level metrics and processes, while also looking at the way servers interact with one another, versus living within the application logic and seeing the code execute. Unlike NPMD products, which cater to network professional use cases and speak in protocols and packet data that those buyers best understand, IM products focus on IT operations generalists and often don't include support for packet- and flow-based technologies. These generalists need to determine which part of the infrastructure is contributing to poor performance, as well as understand the application's topology from an infrastructure perspective. Some IM tool vendors have moved partially into the NPMD space with the introduction of flow and packet support. Infrastructure monitoring should be supplemented by log analytics, NPMD and APM tooling to support complex troubleshooting and performance monitoring. See"Assess the IT Infrastructure Monitoring Tools That Are a Must-Have for Your Environment" for more information.
IT Operations Analytics
The coordinated deployment of ITOA technologies is used to discover complex patterns in high volumes of "noisy" IT data by providing a real, automated inference capability not available in most tools. These technologies include complex operations event processing (COEP), machine learning/statistical pattern discovery and recognition (ML/SPDR), unstructured text indexing search and inference (UTISI), topological analysis (TA), and multidimensional database search and analysis (MDSA).
IT operations' future as a big data analysis profession has been cemented by an exponential, continual growth of data (IT and business) generated by highly adaptive systems composed of large numbers of moving parts whose interactions are increasingly transient and complex. These systems' behaviors cannot be characterized, much less managed by inferring the behavior of the whole from the behavior of any individual part, necessitating the use of ITOA's advanced capabilities.
Network Packet Brokers
NPBs assist with traffic aggregation, visibility and overall management of the data being sent to monitoring tools. Vendors in the NPB space often partner and collaborate with NPMD and security vendors as a go-to-market strategy, resulting in marketing messages that can make it difficult to determine which tool is actually performing the monitoring (network performance monitoring or security), and which is facilitating the monitoring by managing the data to be monitored (network packet brokering). We have also seen an increasing number of acquisitions in this space. NetScout Systems and Viavi Solutions, both of which are in this Magic Quadrant, pair NPBs and NPMD tools together in deals. See "Market Guide for Network Packet Brokers" for further details.
The following sample vendors were unable to meet the inclusion criteria to be included in this research, but do come up in NPMD-related inquiries:
Evaluation Criteria Definitions
Ability to Execute
Product/Service: Core goods and services offered by the vendor for the defined market. This includes current product/service capabilities, quality, feature sets, skills and so on, whether offered natively or through OEM agreements/partnerships as defined in the market definition and detailed in the subcriteria.
Overall Viability: Viability includes an assessment of the overall organization's financial health, the financial and practical success of the business unit, and the likelihood that the individual business unit will continue investing in the product, will continue offering the product and will advance the state of the art within the organization's portfolio of products.
Sales Execution/Pricing: The vendor's capabilities in all presales activities and the structure that supports them. This includes deal management, pricing and negotiation, presales support, and the overall effectiveness of the sales channel.
Market Responsiveness/Record: Ability to respond, change direction, be flexible and achieve competitive success as opportunities develop, competitors act, customer needs evolve and market dynamics change. This criterion also considers the vendor's history of responsiveness.
Marketing Execution: The clarity, quality, creativity and efficacy of programs designed to deliver the organization's message to influence the market, promote the brand and business, increase awareness of the products, and establish a positive identification with the product/brand and organization in the minds of buyers. This "mind share" can be driven by a combination of publicity, promotional initiatives, thought leadership, word of mouth and sales activities.
Customer Experience: Relationships, products and services/programs that enable clients to be successful with the products evaluated. Specifically, this includes the ways customers receive technical support or account support. This can also include ancillary tools, customer support programs (and the quality thereof), availability of user groups, service-level agreements and so on.
Operations: The ability of the organization to meet its goals and commitments. Factors include the quality of the organizational structure, including skills, experiences, programs, systems and other vehicles that enable the organization to operate effectively and efficiently on an ongoing basis.
Completeness of Vision
Market Understanding: Ability of the vendor to understand buyers' wants and needs and to translate those into products and services. Vendors that show the highest degree of vision listen to and understand buyers' wants and needs, and can shape or enhance those with their added vision.
Marketing Strategy: A clear, differentiated set of messages consistently communicated throughout the organization and externalized through the website, advertising, customer programs and positioning statements.
Sales Strategy: The strategy for selling products that uses the appropriate network of direct and indirect sales, marketing, service, and communication affiliates that extend the scope and depth of market reach, skills, expertise, technologies, services and the customer base.
Offering (Product) Strategy: The vendor's approach to product development and delivery that emphasizes differentiation, functionality, methodology and feature sets as they map to current and future requirements.
Business Model: The soundness and logic of the vendor's underlying business proposition.
Vertical/Industry Strategy: The vendor's strategy to direct resources, skills and offerings to meet the specific needs of individual market segments, including vertical markets.
Innovation: Direct, related, complementary and synergistic layouts of resources, expertise or capital for investment, consolidation, defensive or pre-emptive purposes.
Geographic Strategy: The vendor's strategy to direct resources, skills and offerings to meet the specific needs of geographies outside the "home" or native geography, either directly or through partners, channels and subsidiaries as appropriate for that geography and market.