Network General tool peers inside virtual machines

NetVigil modules track VMware and Microsoft virtual servers

Network General has added modules to its NetVigil monitoring product, which let IT personnel peer into the workings of two popular virtualization products: VMware's ESX and Microsoft Virtual Server.

How we tested NetVigil monitor

Archive of Network World tests

Subscribe to the Network Product Test Results newsletter

As virtual machines propagate throughout the enterprise at astonishing rates -- industry analysts have predicted that this market will ring in close to $30 billion next year -- IT is scrambling to manage virtualized resources alongside traditional physical resources. Until now, the ability to keep a close on on the hypervisor layer in virtual-server environments has been elusive. By tapping into the virtual-service messaging processes, NetVigil now aggregates information about hosted operating systems and applications running on them with physical and network data points.

NetVigil is targeted at IT administrators who require a comprehensive view of application behavior, ranging from responsiveness to underlying virtual-machine platformance to network conditions typically reported on by the wider NetVigil network-monitoring functions (see a test of those capabilities).

The NetVigil modules also can be anchored to the virtual machines' popular rapid-rehosting and resource-tuning capabilities, to provide IT personnel with information about when they should be reallocating business-application resources to gain optimal performance.

In this testing of virtual-machine-monitoring capabilities (see How we did it), we found it takes a lot of preparation and configuration work to yield useful data. But once that work was done, we became addicted to its easily discernible monitoring interface, which provides a view-of-views for all major applications running on our systems.

NetVigil's business end is a management console that provides administrator-crafted views of application process and platform groups as modular containers of information. The containers are meant to represent discrete application functions, such as Web servers or e-mail servers.

Making NetVigil useful takes administrative work and explicit knowledge of network, server, virtual server, operating-system and application parameters in order for it to pay off in terms of tying the information together into logical and sensibly grouped containers. Fortunately, highly articulate views of business objects can be made, then poised toward alarm generation and easily understandable reports about business-object conditions.

Network General NetVigil (Version 4.50.085)Network General
Price:Starts at $50,000.
Pro:Sophisticated application and virtual-machine monitoring; strong forensic analysis for popular products; strong administrative interface.
Cons:Virtual-machine modules require significant system knowledge to install; VMWare MIB provides less information than Windows VMI.

Although NetVigil depends on input data it has no control over -- it taps into Microsoft's Windows Management Instrumentation (WMI) for Microsoft Virtual Server information and -supplied VMware data -- it lets system administrators get useful, broad-brush views of virtual systems' health. It can perform better than the most basic tests to assess system health, such as simple ping tests (are you alive?) and HTTP page loads (is the server up and coughing out pages in a timely way?) in an ad hoc or regularly scheduled fashion. in addition, an administrator can set virtual-machine system performance thresholds that trigger an alarm if exceeded.

Start your engines

Network General divides NetVigil forensics and system health testing into two basic groups, those driven by data movement and network protocol analysis -- a Network General traditional core strength -- and component analysis. The latter comes from NetVigil's standard components called the self-explanatory Data Gathering Engines (DGE) and Business Visibility Engines (BVE), which serve up such system information as hardware data; operating-system statistics, such as disk space consumed and CPU use; and overall system performance parameters, such as a Web server's latency as measured through a NetVigil test sequence result.  

Wrap these pieces of data together, and they become a business-application view. The added capabilities of VMware and Microsoft Virtual Server monitoring let systems managers reallocate resources to sharpen an application platforms' resource use and efficiency. For example, should a Web resource on a server exhibit troubling high use, VMware's Virtual Center Server could be accessed to reallocate resources on a server host to benefit the server needing additional CPU resources.

BVE components aren't quite plug-and-play infrastructure monitors, but with a little engineering, they can make a useful forensic, decision-support, alarm system for applications that live on virtualized host platforms.

NetVigil DGEs are the core licensing components (the more DGEs you have, the steeper the cost). DGEs install on Linux (Red Hat, Fedora Core), Solaris or Windows servers. We found that 64-bit Linux isn't supported for NetVigil DGEs and, though it seemingly installs correctly, it produces odd errors. DGEs get information for each discrete virtual machine, so that it can be viewed apart from other virtual servers and then correlated for a business view with other information. Data flows are shown, with percentile, mean, max and standard deviation assessment for each virtual machine. WMI data provides many more data points on Microsoft's Virtual Server in our estimation when compared with with the VMware SNMP Management Information Base (MIB) data sets.

We were able to monitor VMware-hosted virtual machines (48 of them) as well as more than 24 Microsoft virtual machine hostings of Windows 2003 Enterprise Server -- concurrently. We noticed no latency on the DGE host machine -- a Windows 2003 Standard Edition Server running a 3.0GHz 32-bit AMD Athlon CPU -- in monitoring throughout our tests even when NetVigil was under high loads.

Devices that can be monitored must have static IP addresses; DHCP throws off the ability for NetVigil to poll devices because the address of the device might change. Devices may have to be entered manually if they're stealthily protected from common probing techniques.

After a few installation steps, NetVigil performs a probe of specified network addresses to see what devices live on the network. Administrator-defined, permission-based roles are then applied, so that both IT staff and concerned civilians (think CFOs) can look at system performance and availability reports. This also creates a class of alarm designee for differing events that can occur. It's nice not to bother the CEO when there's high memory thrashing on a Web application, but it might be very important to a Web administrator, and the role definition allows partitioning of information to an appropriate audience.

DGEs probe, listen to and test devices on the network. We configured our DGE to listen for VMware SNMP traps, periodically run a test on an Internet Information Server running on MVS and an Apache server running on VMware. We also set the DGE probes to look for FTP files on targeted virtual machines.

We tested thresholds and settings by randomly killing virtual machines, made CPUs go berserk and generally mucked with numerous threshold tests. NetVigil unerringly delivered the errant information and set off alarms that filled our e-mail in-boxes.

In the pits

We found several oddities while testing NetVigil. The GUI times out after a lack of use, which is good for security purposes. But what's odd is that the password for the console is cached on the logon screen, negating the useful effects of the screensaving.

It's easy to become overwhelmed by the user interface, and while devices and settings can be correlated, it can be easy to attempt to cram too much information on the console's views. Indeed, NetVigil was able to drill down and monitor the CPU use on one of our test servers, twin-CPU quad-core IBM x3650 servers. It's very tempting to clog the user interfaces with information.


It took a significant amount of time to configure and tune NetVigil (we had several fruitful calls to Network General's tech-support personnel, as documentation on configuration isn't very clear), but the reward is a highly articulate console and alarm system with specific ties to monitoring virtual machines without issue.

Henderson is principal researcher and Dvorak is a researcher for ExtremeLabs in Indianapolis. They can be reached at

NW Lab Alliance

Henderson and Dvorak are also members of the Network World Lab Alliance, a cooperative of the premier reviewers in the network industry, each bringing to bear years of practical experience on every review. For more Lab Alliance information, including what it takes to become a member, go to

Independent, unbiased product testing.

Go online for Network World's ethical-testing policy.

Learn more about this topic

Why NetVigil is superior to HP OpenView


Review: Network General NetVigil Enterprise


Network General adds application intelligence to network tools


Copyright © 2007 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022