Traffic collection options
Application Discovery can collect traffic using statistical capture with NetFlow/SFlow methods or full capture.
Tip: You can also configure Application Discovery to use multiple methods, with or without direct collection, to create the collection methods that work best for each part of your network.
We recommend using statistical capture with NetFlow/SFlow methods for high traffic systems. System requirements for the Application Discovery sensor may differ depending on the traffic collection options you configure.
Statistical capture |
Statistical capture is quicker as it passes a summary of the traffic instead of the full content. Additionally, statistical capture usually does not need additional sensor installations other than the default sensor installed with your Application Discovery server. Note: Application Discovery supports NetFlow/SFlow using the VSphere Enterprise Plus edition. For more details, see NetFlow system configuration requirements. |
Full capture |
Full capture collects more details about your traffic, and may require additional sensor installations. For more details, see Deploy additional Application Discovery network sensors. |
For more details, see Statistical vs. Full Capture.
Note: Regardless of your configuration, configure a physical router or switch, or a Virtual Distributed Switch, to direct traffic to your sensor. For more details, see the documentation for your router or ESX or NetFlow/SFlow packet broker.
The following table compares the traffic collection features available for statistical capture using NetFlow/SFlow or full capture:
Feature |
NetFlow/SFlow |
Full Capture |
---|---|---|
Discovery of business service maps based on a server/port entry point |
Yes |
Yes |
Change detection and change alerts |
Yes |
Yes |
Business service dependencies |
Yes |
Yes |
Subnet dependencies |
Yes |
Yes |
Activity monitoring |
Yes |
Yes |
Topology view |
Yes |
Yes |
Identification of SSL certificate expiration dates |
No |
Yes |
Identification of database (schema) names |
No |
Yes |
Identification of URLs |
SFlow only |
Yes |
Monitoring of failed connections in business services |
No |
Yes |
Identification of web server type |
No |
Yes |
DNS name resolution using captured traffic, without the need to access a DNS Server from Application Discovery Server. |
No |
Yes |
Large scale deployments |
Yes |
More complicated |
Support for ESX inner traffic |
Only for enterprise plus edition |
Promiscuous mode |
When using NetFlow:
NetFlow version support |
|
Traffic ports |
|
Separate server and sensor |
|