My advice would be dont mix the configuration backup need with the node health monitoring and trending. Spectrum is several half-products sewn together. There are plenty of better (and cheaper) ways to manage large network configuration repositories (and do a MUCH better job of alerting on config deviations from standard, revision control, etc.)
Solarwinds makes an acceptable small to mid-sized network monitoring solution, however I would not waste the time or cash on the configuration management piece (Is it still called Sirus?)
Remember that the ability to manage incidents is as important as the ability to detect them, you dont want a link failure to generate 300+ tickets to OPS when all the unreachable devices could be automatically childed up to one parent ticket. Having poor integration with your ticketing system results in delayed time to repair, lost revenue, increased support cost, etc.
So with that in mind, can Extrahop integrate with the rest of the operational toolset? Or does the vendor that makes your other pieces also make a node monitor? etc.
the more that i've been around these types of issues, the greater my frustration grows with vendor lock-in. most monitoring/config management/all-in-one vendors don't adequately (or at all) document their apis and how you can hook systems into them. its their way of locking you in to their software suite. we hock solarwinds -- a lot. i can see where it has its place in that commercial-select/small enterprise market where you don't necessarily have the vision at the top that spurs the opex in manpower for things like homebrew provisioning and config management systems. these solutions are often "all-in-wonder" in the sales slicks, but it doesn't give you the flexibility to change what you don't like.
i'm starting to think more and more that you find a ticketing/incident management system that you like and has an open api -- then you put together some perl/php-fu to homebrew your provisioning system and config management -- then tie it into a system with expect, ciscocmd, or the like -- potentially using some of the modules provided through rancid (clogin for example) and then hooking your config management/backup system into its own archive but tie it via some nifty web frontend with some egrep functionality.
q. -- "...if I in my north room dance naked, grotesquely before my mirror waving my shirt round my head and singing softly to myself..."
This is so epic-ally frustrating. Currently CA's Spectrum does everything we want from a 1 Console product. I have looked at solar winds stuff but that means like 3-4 different consoles need to be up to accomplish stuff we have current functionality in Spectrum.
Its clear we need a software that can pulling RFC MIBS, SNMP traps, syslog stuff, build a good graphical topology of how stuff interconnects. Without the absurd per node pricing we are currently charged.
To be more precise we are very IBM 1970 Mainframe with SNA networks we use Tivoli monitoring (thinking at looking at their network mon stuff), We kinda of function like a service provider as in we provide Managed Router gear and Frame relay/MPLS/etc connections back to us so they can send transactions back to our mainframes for processing.
Yes we could add the Extrahop unit which is simply a network based Application Performance Management unit with Elite levels of monitoring and t-shoot capabilites.
We host critical website infrastructure with payment solutions and that stuff is currently on Coridant. Lately we have lots of clients who have problems with their POS or transaction software getting errors when trying to process to us. So we really on my team to setup our edge based wireshark sniffers to do filtered analysis of traffic coming from their hosts to our network so our Web teams and Prod analyst can debug stuff for them.
We using Service Now for ticketing system (slow shit) but it gets auto generated alert traps from our CA's Spectrum which intern auto populates Ticket numbers in that application.
Help me solve this an Ill buy ya beers /dinner if you go to this Years CES in Las Vegas
[Vendor jumping in here ... I'm the technical marketing manager at ExtraHop.]
From a price-per-device standpoint, ExtraHop is going to beat the heck out of CA Spectrum. However, it's a bit of an apples-to-oranges comparison because the two products are doing different things. Concerning ecosystem, we can send alerts or events to managers-of-managers through rsyslog and SNMP traps.
Where it sounds like ExtraHop could really help is with the POS scenario you described. For one thing, we scale much better than Coradiant (sustained 10Gbps) and offer custom-defined transaction analysis that does a great job of giving you just the data that you need to look at. We can inspect the HTTP payload to extract transactions matching a specific account ID, for example. This demo given at Splunklive shows how easy it is to run this type of customized analysis and answer questions. The demo part starts at 14:00:
ExtraHop also recently introduced precision packet capture that enables IT teams to set policy on automatic packet captures. What's really cool about this is that it not only triggers the packet capture, but pulls the packets from the buffer that preceded and caused the event. So you could see what request caused an application error, for instance. Here's a four-minute demo of the precision packet capture functionality: