back caretBlog

Run Your "Microsoft Shop" Better with Wire Data Visibility

ExtraHop simplifies IT operations for Exchange, SharePoint, SQL Server, and other Microsoft technologies.

ExtraHop simplifies IT operations for Exchange, SharePoint, SQL Server, and other Microsoft technologies.

If you run a "Microsoft shop," then this blog post is a must-read. ExtraHop can help you improve the performance, efficiency, and security of your Microsoft environment by delivering real-time visibility through wire data. Wire data is complete applications and infrastructure communications—not just who is talking to whom, but what they are saying. ExtraHop analyzes the standard protocols used by Microsoft products and extracts powerful insights. Do all this and more with ExtraHop:

  • Identify the name of a corrupt storage file without running CHKDSK.
  • View detailed SQL Server database transaction metrics without turning on a profiler.
  • Find all SSL certificates that are going to expire without enabling verbose server logging.
  • Monitor the success or failure of all .NET web services calls without  instrumenting application code.
  • Determine whether slow SharePoint performance is due to server or network latency.
Come see how it works at TechEd North America 2014 this week in Houston. If you're at the show, be sure to stop by booth #1034 and catch a demo.

How Is This Different from Everything Else?

ExtraHop takes a new, elegant approach to seeing what's happening in your Microsoft environment. Unlike traditional monitoring tools, ExtraHop requires no agents or host-based instrumentation. All you need is an IP address and a way to get a copy of network traffic, usually through a network tap or SPAN. As traffic flows to ExtraHop, it reconstructs sessions, flows, and transactions in real-time—at up to a sustained 20Gbps throughput—and then extracts valuable metrics from the network, web, VDI, middleware, database, and storage tiers.
The ExtraHop platform deploys passively from a SPAN or network tap, equipping IT teams with a real-time view of communications. The above diagram illustrates how ExtraHop deploys to support Exchange ActiveSync projects.

The ExtraHop platform deploys passively from a SPAN or network tap, equipping IT teams with a real-time view of communications. The above diagram illustrates how ExtraHop deploys to support Exchange ActiveSync projects.

Examples of Real-Time IT Operational Intelligence

We're excited to be at TechEd and talking to Microsoft IT pros because ExtraHop works perfectly for a wide range of Microsoft products. Consider the following examples:
  1. .NET web services – As applications morph into mash-ups of various services, the importance of APIs and web services becomes even more critical. Some businesses derive significant revenue from APIs. Expedia's affiliate network earns $2 billion of revenue through its API-dependent services each year. Typically, IT teams would have to install agents on application servers to monitor the success or failure of these APIs and web services calls. For web services built using the .NET Framework, ExtraHop offers advanced payload analysis that requires no agents, and it scales to monitor hundreds of thousands of transactions per second. This provides IT teams with real-time insight into the success or failure of web services calls, plus the ability to interrogate the SOAP/XML payload to discover business insights such as the username, order ID, account ID, or account balance.
  2. SQL Server clusters – Production databases are crucial to application performance, but can be difficult to monitor. The traditional method of using database profilers can add up to 150 percent overhead to databases and require too much time when dealing with hundreds or even thousands of database instances. That's why Concur Technologies, the provider of leading SaaS expense reporting solutions, uses ExtraHop to monitor more than 1,000 SQL Server databases. With ExtraHop, DBAs can find tables with missing indices, isolate repeated or poorly written queries, and identify database workloads to move to cache—all without having to run profilers. Drew Garner, Director of Architecture Services at Concur, says, "Our DBAs could either run a trace on each database, which would be like shining a spotlight on a small section of a highway, or they could use ExtraHop, which is like lighting the entire highway."
  3. CIFS/SMB file servers – There's a very large software company based in Redmond. One of its development teams was facing down a shipping deadline, but some corrupt files in the multi-terabyte file share used for software quality assurance (QA) and testing prevented them from completing regression tests. Unfortunately, CHKDSK threatened to take days to locate the corrupt  files—days the development team could not spare. Enter ExtraHop, which shows real-time file transfer metrics for all CIFS/SMB file servers, including responses, errors, reads, writes, and locks. ExtraHop also details error messages, methods, and the file and user associated with specific transactions. Using ExtraHop, the IT team responsible for the QA environment located the names for the corrupt files and restored them from backup. The fix worked, no CHKDSK required!
  4. SharePoint – Microsoft recommendations for monitoring SharePoint rely heavily on logging. However, this is time-consuming and does not deliver the immediate insights that IT teams need to proactively fix SharePoint problems before users start complaining. ExtraHop offers a solution bundle that automatically recognizes the GUID that SharePoint attaches to each transaction. As this transaction passes back and forth between the web and database servers, ExtraHop measures the latency for each tier and the network transfer time. With this real-time information, IT teams can quickly identify the root cause of slow performance without having to go through hit-and-miss troubleshooting procedures.
  5. Exchange ActiveSync – Do you know what the most widely used enterprise mobile messaging platform is? Exchange ActiveSync synchronizes emails, calendars, contacts, and tasks between desktops, servers, and mobile devices. By parsing inbound HTTP requests, ExtraHop provides visibility into mobile user activity when accessing Exchange, their device types, the specific commands against mailboxes, and their user experience from both the network and server processing perspective. In addition, ExtraHop also analyzes SMTP transaction metrics for Exchange, including senders, recipients, errors, and methods.
  6. SSL management – Last October's Patch Tuesday put ExtraHop into stark contrast with traditional approaches to managing Microsoft environments. Microsoft warned that the patch would invalidate RSA keys using less than 1024-bit encryption and recommended that system administrators turn on verbose logging on relevant servers to find under-sized keys. While that certainly could work given enough time, the much simpler solution using ExtraHop was to check SSL activity on the network, including envelope analysis that includes certificate subject and expiration dates.
There are dozens of other situations where ExtraHop can help to make life easier for IT professionals that rely on Microsoft products and technologies. Want to see for yourself? Try our [free interactive demo](/demo/).
Download the ExtraHop for Microsoft-Based Applications datasheet.
ExtraHop Reveal(x) Live Activity Map

Stop Breaches 87% Faster

Investigate a live attack in the full product demo of ExtraHop Reveal(x), network detection and response, to see how it accelerates workflows.

Start Demo

Sign Up to Stay Informed