Network General has beefed up the forensic capabilities of its NetVigil software, allowing it to monitor virtual servers as well as physical servers, correlating both virtual and physical processes with with each other and with traffic on the network.

NetVigil comes from the acquisition a year ago of Fidelia, and gives the ability to "look inside a server" and gain insight into the active processes, said James Messer, Network General's technical marketing director. He said that Network General has linked that technology to its other tools, and enabled it to study more than just physical servers.

"Now we have the integration to correlate that back to the network," he added. "We have provided a way to automatically identify VMware and Virtual Server systems - we will add others later - automatically detect the services running on them, and begin looking at it at the virtual level." The software reports via dashboards called Business Containers.

He noted that as more and more enterprise IT components go virtual, it becomes harder to see what's going on: "We are heading towards having a virtual server, on a virtual switch, on a virtual LAN... It becomes very complex and you can easily lose visibility."

"The virtualisation forensics solution allows us to monitor virtual machine activity on our VMware ESX servers, as well as their physical hosts - all from one monitoring tool," said Bruce McMillan, emerging technologies manager at Solvay Pharmaceuticals.

"In addition, the Business Containers enable us to quickly set up and monitor business services that rely upon virtual machines, allowing us to identify IT service performance issues and then drill-down into application flow details."

NetFlow analytics

Messer said that Network General has also built NetFlow analysis into networkDNA, the data collection side of its software. He said this would work with its Sniffer systems to give improved anomaly detection and management reporting. The company has also added application awareness to its Sniffer Infinistream network traffic recorder, allowing application flows to be stored for later analysis.

A number of other network monitoring companies have similar capabilities, for example Network Instruments has the Gigastor network traffic recorder, while Fluke has Visual UpTime, which integrates network and application performance analysis, plus NetFlow tools.

However, Messer claimed that Network General's edge is the breadth of data that it can collect, allied with its ability to record that data over time and replay it for subsequent analysis.

"The network intelligence suite can take the information we gather from the network and correlate it with information from inside the components on the network - no-one else can do that, for example to correlate a database service with its network traffic," he declared.

And he said that Network General's Visualiser tools, which can provide ad-hoc reports, role-based access, and multiple views into the data that it collects and correlates, will help technical specialists to work together on problems.

"Our networking end users are now on business service teams, working with web and database administrators and other specialists," he said. "The silos are fading away, so the network person needs to share information."

Messer added that virtual server support will be a no-cost addition to NetVigil, but that the NetFlow collector and the application intelligence add-on for Infinistream will be charged for separately. He did not announce pricing, however.