Monitoring Virtual Infrastructure: Problem’s Lack of Knowledge, Not Tools

The problem with monitoring performance of a virtual infrastructure is not necessarily a lack of tools, but a lack of knowledge about what to monitor, and how. Questions about how to monitor VMware ESX installations are common on community forums; but the term “monitoring” covers so much ground and could involve so many tools that the question requires a lot of refinement.

Here are the key areas and my take on each:

Hardware Monitoring: There are a number of tools available to simply monitor the state of the hardware. Among the better known are HP’s Insight Manager (HPSIM), Dell’s Open Manage, and IBM Director. Even VMware’s Virtual Center VM monitoring application can provide some insight into the state of the server itself, but not at the level often required. Among the lower cost options is the free, open-source set of monitoring applications from Nagios.org.

Performance Monitoring: Some performance monitoring capability typically ships with the virtualization software, usually in the form of agents that monitor VM activity and look for bottlenecks. VMware’s Virtual Center does a very good job of providing raw data to be analyzed and trigger alarms when a critical performance issue crops up. Among the range of tools available or suited for this role are VizionCore’s vCharterPro, the VMware-specific Veeam Monitor, and an HPSIM plugin from HP called HPSIM Performance Management Pack. I am sure there are also plugins for DELL Open Manage, and IBM Director; but there is a range of open-source or otherwise free tools available, too, including . There are also several free tools that can also monitor for performance issues: Unnoc , Nagios, Munin , and vmktree.

Machine State Monitoring: Machine-state monitoring refers means keeping tabs on virtual machines and their hosts. For the most basic, “is the host or VM alive?” monitoring, Virtual Center, HPSIM, Nagios or the other general-purpose monitors will fit the bill. If you need to be notified when any unknown or subtle performance changes crop up, look into more specialized tools such as logcheck. Properly set up, logcheck will analyze log files and send an email if it notices anything odd. Training on it can take take a while, but it works quite well.

To monitor and manage patches on VMs, options include VMware Update Manager, or Bluelane’s Virtualshield.

Security Monitoring: Intrusion detection/prevention systems work for VMs in much the same way they do for physical servers. Catbird V-Security and Snort are good bets, as is the judicious use of tools to check for root kits (such as RootKit Revealer), review system log files (logcheck), changes to system files (tripwire ), as well as virus and spyware detection.

Though it’s easy to cover too much ground under this category, it could justifiably include compliance auditing with tools like vmSight, as well as any of the host of non-specific assessment tools that are also available.

There is currently no one-stop-shop toolset to monitor and audit virtual infrastructures, and it’s easy to get off track with the tools that are available. Many VM users pick a variety of tools to use at different levels, depending on what they want to know. So, before you start putting together a monitoring solution, keep in mind specifically what you want to monitor, and remember to pick tools that work well within your specific environment.

Virtualization expert Edward L. Haletky is the author of “VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers,” Pearson Education (2008.) He recently left Hewlett-Packard, where he worked in the Virtualization, Linux, and High-Performance Technical Computing teams. Haletky owns AstroArch Consulting, providing virtualization, security, and network consulting and development. Haletky is also a champion and moderator for the VMware discussion forums, providing answers to security and configuration questions.