A technique has been developed for measuring the performance of network servers within an enterprise network and comparing the current and historical performance to a server to detect performance anomalies. Specifically, the technique passively identifies server response time performance anomalies without knowledge of the function or operation of the server. The tools and methods enable a new paradigm of passive network and server management wherein high-level application performance data can be gleaned from low-level network measurements.
• Passiveness (so that the service is entirely unaffected by the
• Genericity (so that any TCP application–even secure ones–can be measured equally well)
• Infrastructure and deployment is inexpensive
• Works equally well for all types of servers, regardless of what response time distributions are “normal”
• The particular “shape” of the response time distribution is taken into account, as well as the amount of variation for the server, so that the detection is more intelligent and adaptive than a simple thresholding approach.