Adrian Lane, CTO of Securosis, recently wrote an article titled Database Monitoring Best Practices: Using DAM Tools for SearchSecurity.com. The article plays on a security angle but provides a nice opportunity to discuss the parallels of monitoring database performance.
Lane notes, "The complexity of the relational [database] platform, coupled with multiple applications moving data in and out of the system—each supporting a variety of business functions—makes it difficult to differentiate good from bad. DAM is unique in that it analyzes database queries in near real time to differentiate between normal operations and attacks."
While ExtraHop isn't a Database Activity Monitoring (DAM) tool, it supports Database Administrators (DBAs) similarly from a performance perspective, monitoring the database in real time and alerting on small problems before they turn into large disasters. The network-based ExtraHop Application Performance Management (APM) solution also can be very complementary to a DAM solution because of the amount of metrics it collects on the wire. In fact, when our teams visit a prospective or current customer, DBAs are astonished at the amount of metrics the ExtraHop system collects from their databases, particularly without ExtraHop having sysadmin access.
In Lane's article, he discusses various ways to capture database events, saying that agents are the de facto deployment for security of critical databases. Agents are common, he notes, because they capture all SQL activity, which is necessary for knowing if a query has malicious intent, without compromising the databases' performance.
We agree with Lane that agents are common for database monitoring; however, surprisingly to many, they are NOT required. Agent-based profiling tools certainly provide deep metrics into what is consuming resources on the database, but they are too resource-intensive to run in production, in our opinion. Only when an issue is discovered are agents really helpful. In fact, we recently heard from one of our customers that the first step in troubleshooting with agents is to turn off the agents.
ExtraHop provides agentless visibility into database performance through various metrics, including the following:
- Method-level transactions timing – These metrics can pinpoint sources of latency. If profiling needs to be enabled, it can be enabled for just the object that is slow.
- SQL-syntax errors – SQL errors can indicate that a problem is either on the server or client.
- Server problems indicate that the schema was modified incorrectly. The ExtraHop system can help identify elements of the schema that were not modified.
- Client problems indicate that the schema was modified correctly, but the applications weren't updated. In this scenario, the ExtraHop system can help to identify DB clients that are sending incorrect SQL-based code to the old schema.
- System-level errors – System errors can indicate deeper problems, such as exhausted connections or blocking.
Lane closes his piece saying, "Careful selection of deployment options is needed to avoid creating administration headaches or performance problems." While he is referring to DAM solutions, the same rings true when selecting an Application Performance Monitoring solution. And one of the best ways to avoid creating administration headaches or performance problems is to deploy an APM that doesn't rely on agents.
What is your experience with agents? We'd like to hear your comments.