Choosing an application performance monitoring (APM) solution can be a daunting task. A quick Google search will show popular products, but there's also a long list of less-well-known open source products available, too. So how do you choose the right solution?
The advantages and disadvantages of open source software versus commercial software are part of an age-old debate. Which is better or worse? Which is more or less buggy? Which is faster or slower? And what about documentation and support, and a million other possible differences? The truth is that they have very little to do with whether the software is open source or not.
Cost and Support
Characteristics like support and cost are of course very important, and can vary greatly between the two. The cost of open source may be something you pay to ramp up on the learning curve, and to tweak the software yourself, or pay somebody else to do it for you.
Support of open source can be very good, if the solution becomes popular within the community. On the other hand, a commercial product may have very polished, organized documentation and well-established support. In other words, aside from the quality of the product itself, a big part of the decision to go with open source or not is your preference on when to invest money in the product and how to get support. With open source, you have a lot of flexibility about when and what you spend your money on.
With many open source projects there are the completely free options, usually posted on Github as source. There are also commercial components and support provided for a fee from a company supporting the project. This can make getting started reasonably inexpensive if the open source project's functionality satisfies your requirements. As your requirements change and grow, you can develop new functionality yourself, buy components from others, or just wait until somebody else does the work.
One of the biggest benefits of open source from a cost perspective is that once you have something that works for you, you don't have to keep paying for it annually, like you would for a commercial product. On the other hand, paying for a commercial product gives you a well-defined set of features and characteristics that you can count on, and somebody to call and complain to otherwise.
APM Performance: Speed and Scalability
Performance is another good example of a software characteristic that cannot be determined by open source or commercial availability. Performance for APM software is defined by speed and scalability, mostly on the back-end. Sure, the front-end UI must be fast, but the real question and challenge for this type of software is how much analysis it can do on network traffic or flow data.
For smaller networks, let's say 100Mbps or less, this is not much of an issue. But when you start to get above that, the overwhelming volume of packets and flows that must be processed every second exceeds the limits of a single thread. This is where you need to consider whether the solution is multi-threaded or not.
And for networks with speeds in the 10Gbps arena and up, even multi-threaded software on a single server is not going to be enough. In this case, the solution needs to scale by distributing the load across several servers, and aggregating the results into a single pane of glass. In my own experience, I have found open source solutions to be more scalable than commercial products, or at least accessible to more people, mainly because of the invention of open source technologies like Hadoop, and the growing number of open source projects that use them.
Commercial Open Source Hybrids
This brings up an important point, though, because commercial products can use open source components as well. These kinds of commercial products are hybrids, and the fact that you can plug open source components into them says something about the architecture and APIs of the product, which is an important point to consider.
As an example, I like to use the open source ELK stack on my company's appliances, allowing disk space to be shared between packets and events. With ELK, which includes the Elasticsearch, Logstash and Kibana components, an appliance can be used to capture and analyze packets while doing double duty as a SIEM for any security events that are generated as a result of analyzing those packets. Similar set-ups in the APM domain are also very plausible.
The Front End
Now let's turn to the front-end. Ideally, the UI is easy to use. This is where commercial products often come out ahead, while the UI for open source projects might not be as polished.
More importantly, the UI has to perform well and be responsive. Nobody wants to wait 10 minutes for their daily dashboard to populate with charts, or 30 minutes to generate a report on last week's performance. This is a tough one to test as well, because it takes time to collect network data for a week, or a month. So no matter which APM software you are evaluating, test it long enough that you're able to analyze long-term reporting performance before making a choice.
These are all tough questions and important considerations to keep in mind when choosing an APM solution. While open source is certainly not free of cost, it is also not necessarily more expensive, and commercial software is not necessarily better. Many other characteristics like cost, support, and performance have to be considered in order to make a well-informed decision.
