What Questions Should I Ask Before Buying a Network Monitoring Tool?

Monitoring means data collection, so identifying the alerts metrics and their domains requires knowledge. if you don't have that get help because the answers will also require them.

-Ask about automation, it can simplify both setup and operating the tool.
-Ask about data handling, filtering, preprocessing, correlation, storage, trend and historical analysis.
-Ask if the tool performs automated discovery and visual network mapping, it will offload your onboarding and administration
-Ask how data processing at the edge i.e. as close to the source as possible can be done to offload the server.
-Ask about tool scaling, high availability (if needed), how events/sec if can handle, whether proxies exist and if so how do they ensure data integrity and zero data loss
-Ask about out-of-the-box integrations. Tools are only a part of the tried People, processes, tools. Your processes may already be automated or instantiated in tools for IT Service Management or ticket management.
-Ask about training, how it's delivered, what % of the tool capabilities it covers, and what expertise the trainer has in particular of production situations NOT just product knowledge. If there are not certification exams at the end, ask how the company can assist your staff to get the best of the product, if there is a user community and if so how the company participates in it.
-Ask about visualization and reporting. ALL monitoring should help operators and experts to make decisions faster about what they need to do next. That means correlating events and reading into performance trends to determine where business risks lie.
-Ask about support, when operators have issues you want to know how fast the company can react and how they qualify issues, even if they try to reproduce them.
-Ask about versioning. You DON'T want too many / year or your staff will be spending time administering the platform.
-Ask if it can be hosted but only if the data held isn't at risk.
-Ask how data and connectivity are secured with encryption.
-Ask if access from remote devices is supported ( as appropriate to you)
-Ask how many installations worldwide have been successfully made
-Ask for references and study the case studies, especially the business and environment have similar characteristics to your own.

1- What are the tool's capabilities for the monitoring perspective? Can this tool monitor :
1. Capability for Business Service Monitoring (BSM) including setup effort and ongoing BSM chain management (i.e. component changes affects on BSM)
2. Application Performance Monitoring integration – native vs feed from Dynatrace, New Relic, AppDynamics
3. Containers and Kubernetes capability
4. Azure specific integrations/APIs
5. Holistic Hybrid Cloud environment management, specifically on-prem/private cloud/hosted IaaS + Azure
2- How extensive is the tool?
1- Does it only use SNMP?
2- Can we build custom-built monitoring scripts using Python, Powershell and ask the tool to run and monitor the Metrics?
3- Can we create custom-built dashboards and Widgets?
3- How capable is the tool for integration?
1- Can it be integrated with other applications using API or REST API?
2- Does the tool react to the incoming emails and generates events and kicks off automation?
4- Can this tool be used to implement the zero-touch operations?
5- Does the tool is capable of AIOPs?

What are the main KPIs for my operation? Is this tool helping me to measure those KPIs?

o NetFlow/CFlow
o SNMP
o Wireless metrics
o Packet capture

- Does it do Synthetic monitoring (emulating user’s transactions) or monitors real users’ transactions?

- Does it support monitoring for multiple brands of devices/applications?

- What is the differentiator with its competitors?

- Does it have a complete API with instructions to do every possible transaction through command line/scripts and integrate with other systems?

- Can it correlate events from multiple sources, within the same tool and other tools?

- How simple is it for the main users of the tool to do what they are intended to do (User Experience)?

- How easy/complex is the deployment? Will I need an army of Sr. professionals ($$$) or a couple of interns with some guidance can roll it out?

- What kind of support will I get during deployment and after it’s fully deployed? (Bronze, Silver, Gold, Platinum…) What does each include and what are the SLAs?

- Does the cost include training for my agents?

- How scalable is it
- Does it integrate with other tools to provide a full suite of services for your entire enterprise?
- What platform does it take: Unix, Linux, Windows or all three. Many only work on certain operating systems.
- What level of support is needed and does the product have reliable support matrix?
- Can it be clustered for high availability?
- Costs and simplicity of set up should be low on the list but essential too.

Network monitoring is a broad topic with many different sub-topics that may or may not be relevant to your immediate or foreseeable circumstances. You owe it to yourself to build a list of what you need to monitor with some general weighting as to how important each one is to you. If some items are absolute requirements make sure that's noted but be prepared to consider adopting multiple tools if the list strays outside the strict bounds of pure network monitoring. Increasingly, new network technologies are breaking away from industry-standard approaches to monitoring such as SNMP so, if any such equipment is within scope you'll need to be extra vigilant to ensure that its monitoring is covered.

Basic functionality would include automated network device discovery, interconnection/topology discovery, end host to access switch port discovery, device resource monitoring, interface traffic/utilization monitoring, event generation to warn of reachability problems, threshold crossings, status changes and a multitude of other relevant concerns. You may also need to consider reporting and network device configuration monitoring and management. As networks tend to have frequent changes to their configuration and interconnections it is important that these be handled in as automated a way as possible to minimize the administrative overhead and stay accurate to the reality of the network. If the nature/mix of traffic and conversations needs to be understood then technologies such as flow analysis (NetFlow, sFlow, etc) may need to be added to the mix.

One aspect of network monitoring often overlooked is the number and type of servers that need to be provisioned to host it in a production environment. The most efficient deployments for a small to medium sized network would allow the entire monitoring system to be hosted on a single server which could be either physical or virtual. If, in order to host the production (not evaluation) system you need to deploy different parts of the system on different servers, possibly including a database on its own server, you need to factor that into your decision making.

Finally, you need to be acutely aware of exactly how the product is licensed. If, for example, the monitoring of each interface counts towards the overall license consumption it is tempting to cherry-pick a few key interfaces on each device to monitor. This often skips the monitoring of the interfaces connecting the end-user PCs and means that you're building blind spots into your monitoring architecture from the outset. A bad foundation often leads to an unsatisfying end result.

Most solutions operate the same way, have API's, REST, Dashboards, LDAP Integrated Authentication, Remediation, among others. However, few have natively integrated with IT Service Management and CMDB solutions. Automatic Ticket Registration and CMDB update I find extremely important.

Someone who does not know anything about monitoring and technicals terms, could ask :

1 - What are the functional areas of the solution : Fault managenement, security management, performance management, configuration management or accounting management ? ( according to ISO/IEC 7498-4 )

- Fault management : does it monitores avalaibility of all the IP equipements of the networks : servers (physical and virtuals), routers, switchs, access points, etc ?

- Performance management : does it monitores internet trafic or MPLS interconnection ? does it monitores disk space and partitions ? etc.

2 - What about network autodiscovery : does the solution automatically detect equipments connected on the network ? how does it display the items dectected ?

3 - What about notification : does the solution have email or sms notifications for fault or performance management ( for example)? are notification's messages customizable ?

4 - What about network map : does the solution automatically design basic network statefull map or have the options to design customizable one ?

5 - What about historics and reports : does the solution have the options to automatically generate network statistics (about trafic interruptions for example) ?

6 - What about configuration : does the solution easy to install and configure ? does it needs a particular server operating system, Linux or Windows ? Etc.

7 - What about prize and licensing: is the solution openseource ? is the solution free ?

has been functionally tested. If a new business application has not yet been signed off by the guy paying the bills, I will waste my time carrying out operational tests.
has capacity. Sysadmins may want to scale up the disk space for a storage service and the bandwidth for a video chat service. They may scale down to a pocket calculator for a monitoring service.
is resilient. This is the world of High Availability: double up on single points of failure, improve code quality, and even if something does fail, make sure the service handles it gracefully.
is recoverable. If the student deletes half the files or the computer room catches fire, service can be restored.
is reliable. Customers use Internet services 24 hours a day, but an intranet may only be needed during office hours. An intranet that is down every night may still be perfectly reliable.
is scalable. What if the new service has traffic spikes or gets really popular? I may need to scale out by adding more servers. Wading through treacle is not attractive.
is monitored. The operational support people must be alerted immediately if someone breaks into the computer room, if upstream services disappear, and if a process goes berserk.
is supportable. If an architect designs an Internet bank that only runs on one server, how pleased will customers be when an operator turns off the bank to upgrade the memory?
is secure. Vulnerabilities get patched, an IDS (Intrusion Detection System) watches the network, and the security team have signed on the dotted line.
has been pushed to the limit. The whole system has been thrashed, bottlenecks fixed and the system thrashed again and again. The service owner then knows how much performance can be squeezed out of her service.
has integrity. The customer support people won't be plagued by calls from customers whose data is inconsistent, whose files have disappeared, or whose transactions were duplicated.
will operate within the SLA. The people sponsoring this service deserve to know how their investment is doing. The service builders automate the measurement and reports of the service level. Stakeholders can then help a failing service to succeed.

Correlation is the most important thing. Only with a strong correlation you can see the root cause and the impacts to other devices or services.
Network monitoring should based on a broad range of data sources. Not only SNMP and ping, also telemetric data, logs, IPFIX/NetFlow, voice quality and the relations between the devices.
To realize this you need modern time series databases. The correlation, sometimes also named than analytics has to include all the diffrent datasources.

1. Tool capabilities
2. Local product support - in the city/country of deployment. Its easier to get local support than OEM for any product in the world
3. Will the vendor deploy it for u or the OEM
4. What is the purpose of you investing in the tool
5. Have you check-out the tools offered by the OEMs of your networking equipment and will they do a similar job for you, especially if you have a single vendor setup e.g Cisco switches, firewalls, routers etc
6. Will your users be trained by OEM or vendor to support the product yourselves to a large extent
7. What is the annual subscription cost
8. Is there an open source version of the product

1. SNMP Polling Historical Data
a. To support SNMP polled data (e.g. interface utilization)
historical statistics (Last 24 hours, Last 7 days, etc.)

2. SNMP Traps and Informs Collector
a. To support SNMP V2c and V3 traps and informs

3. IP SLA Monitor/Manager
a. To monitor latency, jitter, MOS, and other network performance indicators between Cisco routers on a network, or from a Cisco router to an
IP device over the network.

4. NetFlow & IPFIX Collector and Analyzer
a. To collect information from network devices (for physical and virtual network trending, visibility, security and behavior analysis - what applications, how much bandwidth, flow direction, etc.) that support protocols and tools such as NetFlow, Internet Protocol Flow Information Export (IPFIX), sFlow, etc.

5. Network Configuration Manager
a. To automate network configuration and change management (e.g.
add/modify banner, SNMP community strings, passwords, ACLs, etc.).

6. Syslog Server
a. To collect System Logs (Syslogs) from all network devices, such as routers, switches, firewalls, and many other syslog supported devices. It
should analyze and generate reports for the same. The Syslogs are then archived for forensics and regulatory compliance needs.

I've been to a meeting recently and someone asked if the "wonderful" solution was really capable of doing all the things we were talking about. I believe i gave some mid ground answer to not heat things up cause of the limited time for discussions, but thinking later about it i came to the conclusion that beyond the technical questions we always ask, like licensing, capabilities and features, someone willing or in need to buy a monitoring tool or any other tool for that matter, should ask yourself if you're also willing to take on the challenge! Am i willing to take on that challenge? Do i want to make monitoring great in my company? Do i realize the importance to me or the company? Am i ready to invest resources in it?

Why am i saying that? Because most customers i've seen won't learn enough about technology to make the tool really useful, they expect "great things to happen" like magic. I see a lack of commitment when it comes down to things like that, and the tool will become obsolete in the near future or it will be underused. This behavior generates the eternal search for an awesome tool that will solve the problems for them w/o them doing anything! For anyone who wants to control information, it's important to remember that there are no shortcuts, you can't delegate responsibilities to someone else if you want to have control over something. Of course buying new tech is always great and should be on the roadmap, it will usually allow you do more in less time, on the other hand you can hire a service as an alternative method and someone will make the magic happen for you or teach you how to extract more value, but the tool alone won't do much!

- Does it integrate with all my equipment? What does it cost?
- Does it offer real-time alerting of useful data?
- Does it have a great interface, NOC dashboard view?
- Does it offer network device config backup, monitoring and alerting? So if a change is made to a cfg and something goes wrong.
- Does it have the intelligence to tie the 2 together and offer remediation?
- Does it offer good looking reports, detailed and good summaries?
- Does it offer good performance metrics views and network topology view? Again, a nice NOC view. That can be edited after it auto-draws the Topology and published as a dashboard that can be viewed by everyone in the NOC.
- Does it support SNMP and NetFlow and others, possibly WMI etc for MS devices if inclusion is necessary?

- Scalability
- Availability
- Number of NMS modules in the tool
- Licensing criteria
- Polling criteria
- Integrations
- Hardware requirements

I would begin with my own needs :
- Why is it that I need a monitoring solution?
- What visibility or feedback do I need and why?
- Are my needs of a technical nature - like finding and resolving challenges before they become outages, or are my needs business-driven, e.g. how many of my users spend more time on Youtube than in the company cloud?
- If I can verbalize/document this, it means that I can start looking for something that meets my needs. Too many companies buy monitoring as a grudge purchase and then the $ amount you spend is more important than the WHY you need to spend it, translating to white elephant systems that nobody uses/trusts because it doesn't provide the answers to pertinent questions.

Once I have the needs squared away, do some research, look at the Gartner quadrants, perhaps put out an RFI, or attend a conference or workshop where this technology is showcased, chat to some vendors and study their material and websites. Check their references - customers will often tell you more of the poor than the brilliant. If the technology meets the grade, the skills/experience of the vendor is acceptable, the capabilities of the solution meet your requirements, the solution is flexible and can be used in multiple settings - whether fixed-line, mobile or IT networks, well, then you have 80% of the go decision.

Ensure you understand the proposed monitoring architecture and why all the components are needed. Avoid getting caught with jargon terms you THINK you know the meaning of ... Now you must just manage the implementation to ensure that configuration, dash-boarding, reporting and data sharing is done fine, as poor configs = untrustworthy outputs. Finally, ensure that the after-sales support and pro-active maintenance are managed to be of a good and steady quality and you should be good for 5 years!

Compare your choice with others in the market for a great documentation, simplicity of usage, adaptability (customization for company needs), general web interface for all users to use, seamless and painless product upgrades, any opensource to play around with it to learn about the tool in your own sandbox so that anyone can learn at their own pace.

Before buying some network monitoring tool you need to know:
1. What the purpose of the monitoring tool will be:
* just monitor the network
* notify when something happens (warning critical event)
* gathering historical data for previous revision
* show information in graphic time periods, number of events critical or warning.
2. Who will be using the tool, besides the technical guy who will install the application:
* A common user that just will be seeing and perhaps fwd the incident
* Administrative user that should keep upgrade for new devices, alerts or notification
* Technical admin user that should keep up to date software and server
3. If this will help you to detect future issues and apply a fix before happen.
4. If this will help you to identify issues that could cause a malfunction in the network.
5. If this will help you to be proactive and improve network reliability.
6. If this will be friendly to the end-user or not.