Best Network Monitoring Software

1- What are the tool's capabilities for the monitoring perspective? Can this tool monitor :
1. Capability for Business Service Monitoring (BSM) including setup effort and ongoing BSM chain management (i.e. component changes affects on BSM)
2. Application Performance Monitoring integration – native vs feed from Dynatrace, New Relic, AppDynamics
3. Containers and Kubernetes capability
4. Azure specific integrations/APIs
5. Holistic Hybrid Cloud environment management, specifically on-prem/private cloud/hosted IaaS + Azure
2- How extensive is the tool?
1- Does it only use SNMP?
2- Can we build custom-built monitoring scripts using Python, Powershell and ask the tool to run and monitor the Metrics?
3- Can we create custom-built dashboards and Widgets?
3- How capable is the tool for integration?
1- Can it be integrated with other applications using API or REST API?
2- Does the tool react to the incoming emails and generates events and kicks off automation?
4- Can this tool be used to implement the zero-touch operations?
5- Does the tool is capable of AIOPs?

What are the main KPIs for my operation? Is this tool helping me to measure those KPIs?

o NetFlow/CFlow
o SNMP
o Wireless metrics
o Packet capture

- Does it do Synthetic monitoring (emulating user’s transactions) or monitors real users’ transactions?

- Does it support monitoring for multiple brands of devices/applications?

- What is the differentiator with its competitors?

- Does it have a complete API with instructions to do every possible transaction through command line/scripts and integrate with other systems?

- Can it correlate events from multiple sources, within the same tool and other tools?

- How simple is it for the main users of the tool to do what they are intended to do (User Experience)?

- How easy/complex is the deployment? Will I need an army of Sr. professionals ($$$) or a couple of interns with some guidance can roll it out?

- What kind of support will I get during deployment and after it’s fully deployed? (Bronze, Silver, Gold, Platinum…) What does each include and what are the SLAs?

- Does the cost include training for my agents?

- How scalable is it
- Does it integrate with other tools to provide a full suite of services for your entire enterprise?
- What platform does it take: Unix, Linux, Windows or all three. Many only work on certain operating systems.
- What level of support is needed and does the product have reliable support matrix?
- Can it be clustered for high availability?
- Costs and simplicity of set up should be low on the list but essential too.

Network monitoring is a broad topic with many different sub-topics that may or may not be relevant to your immediate or foreseeable circumstances. You owe it to yourself to build a list of what you need to monitor with some general weighting as to how important each one is to you. If some items are absolute requirements make sure that's noted but be prepared to consider adopting multiple tools if the list strays outside the strict bounds of pure network monitoring. Increasingly, new network technologies are breaking away from industry-standard approaches to monitoring such as SNMP so, if any such equipment is within scope you'll need to be extra vigilant to ensure that its monitoring is covered.

Basic functionality would include automated network device discovery, interconnection/topology discovery, end host to access switch port discovery, device resource monitoring, interface traffic/utilization monitoring, event generation to warn of reachability problems, threshold crossings, status changes and a multitude of other relevant concerns. You may also need to consider reporting and network device configuration monitoring and management. As networks tend to have frequent changes to their configuration and interconnections it is important that these be handled in as automated a way as possible to minimize the administrative overhead and stay accurate to the reality of the network. If the nature/mix of traffic and conversations needs to be understood then technologies such as flow analysis (NetFlow, sFlow, etc) may need to be added to the mix.

One aspect of network monitoring often overlooked is the number and type of servers that need to be provisioned to host it in a production environment. The most efficient deployments for a small to medium sized network would allow the entire monitoring system to be hosted on a single server which could be either physical or virtual. If, in order to host the production (not evaluation) system you need to deploy different parts of the system on different servers, possibly including a database on its own server, you need to factor that into your decision making.

Finally, you need to be acutely aware of exactly how the product is licensed. If, for example, the monitoring of each interface counts towards the overall license consumption it is tempting to cherry-pick a few key interfaces on each device to monitor. This often skips the monitoring of the interfaces connecting the end-user PCs and means that you're building blind spots into your monitoring architecture from the outset. A bad foundation often leads to an unsatisfying end result.

Most solutions operate the same way, have API's, REST, Dashboards, LDAP Integrated Authentication, Remediation, among others. However, few have natively integrated with IT Service Management and CMDB solutions. Automatic Ticket Registration and CMDB update I find extremely important.

Someone who does not know anything about monitoring and technicals terms, could ask :

1 - What are the functional areas of the solution : Fault managenement, security management, performance management, configuration management or accounting management ? ( according to ISO/IEC 7498-4 )

- Fault management : does it monitores avalaibility of all the IP equipements of the networks : servers (physical and virtuals), routers, switchs, access points, etc ?

- Performance management : does it monitores internet trafic or MPLS interconnection ? does it monitores disk space and partitions ? etc.

2 - What about network autodiscovery : does the solution automatically detect equipments connected on the network ? how does it display the items dectected ?

3 - What about notification : does the solution have email or sms notifications for fault or performance management ( for example)? are notification's messages customizable ?

4 - What about network map : does the solution automatically design basic network statefull map or have the options to design customizable one ?

5 - What about historics and reports : does the solution have the options to automatically generate network statistics (about trafic interruptions for example) ?

6 - What about configuration : does the solution easy to install and configure ? does it needs a particular server operating system, Linux or Windows ? Etc.

7 - What about prize and licensing: is the solution openseource ? is the solution free ?

has been functionally tested. If a new business application has not yet been signed off by the guy paying the bills, I will waste my time carrying out operational tests.
has capacity. Sysadmins may want to scale up the disk space for a storage service and the bandwidth for a video chat service. They may scale down to a pocket calculator for a monitoring service.
is resilient. This is the world of High Availability: double up on single points of failure, improve code quality, and even if something does fail, make sure the service handles it gracefully.
is recoverable. If the student deletes half the files or the computer room catches fire, service can be restored.
is reliable. Customers use Internet services 24 hours a day, but an intranet may only be needed during office hours. An intranet that is down every night may still be perfectly reliable.
is scalable. What if the new service has traffic spikes or gets really popular? I may need to scale out by adding more servers. Wading through treacle is not attractive.
is monitored. The operational support people must be alerted immediately if someone breaks into the computer room, if upstream services disappear, and if a process goes berserk.
is supportable. If an architect designs an Internet bank that only runs on one server, how pleased will customers be when an operator turns off the bank to upgrade the memory?
is secure. Vulnerabilities get patched, an IDS (Intrusion Detection System) watches the network, and the security team have signed on the dotted line.
has been pushed to the limit. The whole system has been thrashed, bottlenecks fixed and the system thrashed again and again. The service owner then knows how much performance can be squeezed out of her service.
has integrity. The customer support people won't be plagued by calls from customers whose data is inconsistent, whose files have disappeared, or whose transactions were duplicated.
will operate within the SLA. The people sponsoring this service deserve to know how their investment is doing. The service builders automate the measurement and reports of the service level. Stakeholders can then help a failing service to succeed.

Correlation is the most important thing. Only with a strong correlation you can see the root cause and the impacts to other devices or services.
Network monitoring should based on a broad range of data sources. Not only SNMP and ping, also telemetric data, logs, IPFIX/NetFlow, voice quality and the relations between the devices.
To realize this you need modern time series databases. The correlation, sometimes also named than analytics has to include all the diffrent datasources.