Active, passive, proactive, and reactive monitoring
Active, passive, proactive, and reactive monitoring: Their differences and what you should choose.
What is active monitoring?
In the realm of monitoring, it is often mentioned how a monitoring tool is active or passive. But what do these terms mean? Let's start with the most commonly used one, active monitoring.
Active monitoring, with its variant of active network monitoring, is based on the concept of creating data for testing and monitoring services, apps, assets, networks, and whatever you have in your infrastructure. Active monitoring means to actively monitor and test, whereas passive monitoring is more akin to collecting the existing data. The data in an active monitoring setting are synthetically generated, as opposed to real-world data. For example, in active network monitoring, packets may be created and sent through a network to test specific use cases or scenarios. Or when monitoring apps, user behaviors can be simulated through ad hoc software to see how the infrastructure reacts and if there are problems.
Active monitoring then is a task that involves creating the right data, for the right scenarios, for the right assets. Active monitoring is often called synthetic monitoring, as the data that are being used for monitoring are indeed synthetic. It is the opposite of real user monitoring, in which the monitored data are created from real users using an app or network.
What is passive monitoring?
As it is now easy to imagine, passive monitoring is in total contrast with active monitoring. Let’s take a common example of a passive network monitoring setup that utilizes a passive monitoring tool. This involves capturing packets from real traffic; if we were using an active monitoring tool, we would instead be creating this traffic and analyzing the reaction of the network infrastructure to it. On the other hand, when monitoring an application, data is routinely polled from the assets running it to monitor how they are running and performing, and to uncover possible issues.
Passive monitoring is much simpler to set up than active monitoring. There is no tinkering with the possible use cases or scenarios before the monitoring. Rather, in passive monitoring settings, these are worked out after the monitored data is collected. In passive monitoring, the changes to the infrastructure necessary to avoid disruptions or provide better performance are determined after the data has been collected. This is a different mindset that administrators need to have compared to active monitoring. Active monitoring requires figuring out in advance what cases you want to test and what your users could be doing with your infrastructure, and creating the right data to test it all.
Passive monitoring removes this phase and is, indeed, more passive, waiting for real user data to come in.
When talking of active vs. passive monitoring, you may encounter another couple of terms: proactive and reactive monitoring. Let's see what they entail.
What is proactive monitoring?
Proactive monitoring is more of an attitude rather than a set of data or practices. Proactive monitoring leverages real-time observability, analyzing monitoring data and taking action on them before issues or disruptions have happened. For example, in the case of proactive network monitoring, instead of acting when a network disruption happens, administrators would analyze the data during normal operations and take measures to prevent any disruption.
Proactive monitoring is about not waiting for issues to fall upon you; instead, you move to prevent them. In a proactive monitoring setting, infrastructure is continuously monitored for performance metrics, anomalies, and early warning signs. Its aim is to improve the overall reliability of IT systems before it is too late and an alert has been issued by the monitoring system. Performance is continuously analyzed to find ways to improve the system and avoid bottlenecks in the future.
What is reactive monitoring?
Reactive monitoring is the opposite of proactive monitoring. It is incident-driven. In a reactive monitoring setting, there is more emphasis on fixing issues than preventing them. The monitoring is more likely to be non-continuous, saving resources, but with scheduled maintenance protocols in action. Most of the attention is on fixing the problems that have been encountered instead of spending time and effort on prevention.
Reactive monitoring is clearly a much different approach compared to proactive monitoring. Neither approach is in conflict with active or passive monitoring; they are simply ways to approach monitoring that have their own advantages and shortcomings. It may be argued that more time is saved in the long term with proactive monitoring as more issues are prevented, but on the other side, more efforts are needed on a day-to-day basis. While reactive monitoring saves resources in the present, if it cannot prevent enough disruptions, it may cost more than a proactive effort would have.
What benefits does active monitoring have over passive monitoring?
Active vs. passive monitoring is probably a debate that is not going to be settled anytime soon. There are supporters of both, and both with very good reasons. It is important to note that the choice of active vs. passive monitoring can depend on what you need to monitor and the type of operations you have in your company.
If you need to test the reliability of applications, active monitoring can greatly help with creating synthetic tests that run specific scenarios your applications may face. These tests can very accurately mimic the behaviors of a user and observe how the application reacts to it.
Testing Quality of Service (QoS) of networks, or its performance in general, is much easier with active network monitoring and a proactive approach. You can generate the right amount and type of data that the network will have to sustain, and quickly see if its performance is up to it. If it isn’t, immediate measures can be taken – measures which would have been delayed in the case of passive monitoring.
On the other side of data monitoring, passive monitoring has its advantages too. In case you want to analyze trends in customer usage or improve their overall experience, you may favor real-world data. Real user monitoring leverages actual data generated by users and is a core part of passive monitoring.
Similarly, monitoring servers’ or networks' health with real data may be more valuable than trying to generate the right data and hoping you have correctly envisioned the quality and quantity of data your infrastructure will serve. Also, undoubtedly, the actual data polled from your devices is never to be ignored, and passive monitoring focuses on collecting it.
There are benefits to both active and passive monitoring. Companies would do well to have a mix of both, choosing a capable monitoring tool that supports both, as Checkmk can.
Synthetic monitoring: Is it active or passive monitoring?
We cited synthetic monitoring at the beginning when talking about active monitoring. Indeed, synthetic monitoring is basically another term for it. The question of synthetic monitoring vs. passive monitoring is thus another way to formulate whether to choose active or passive monitoring.
Synthetic monitoring works in a few steps:
- Writing scripts, called tests, that test an application or user behavior and how it affects your infrastructure in terms of performance and reliability.
- Running the tests.
- Collecting the resultant data.
- Analyzing the collected info, trying to find patterns and trends, and isolating potential issues.
You can run these steps automatically or manually, and every time there are changes to the infrastructure or the application in order to verify if improvements are effective or to detect the presence of new issues.
Given that the data generated and analyzed is synthetic, synthetic monitoring is in opposition to real user monitoring, which only utilizes data generated by real traffic and real users. To put it simply, synthetic monitoring is active monitoring.
Real user monitoring vs. synthetic monitoring
Real user monitoring (RUM) is a monitoring process that collects data about users' interactions and general behavior, usually through an application but also able to be carried out on a network. A series of events and metrics are gathered and analyzed by administrators and improvements and fixes devised out of these data.
RUM encompasses most of what’s involved in passive monitoring. Thus, it is in direct contrast with synthetic monitoring, which focuses on generating users' data rather than collecting it. We only use this contrast as an initial concept, as there is no reason why both systems can’t be used together. This is actually what most companies would be better off doing, because both have a few limitations that can be overcome with the other.
Real user monitoring needs quality traffic to be useful. Using it in a pre-production environment makes it impossible to see what real users will do once the product goes live. Benchmarking the infrastructure is hard with real user monitoring because real traffic and usage is unpredictable, with spikes and moments of calm that make benchmarking the performance more of a guessing game than a precise analysis.
Also, collecting real user data can be resource-intensive. Think of packet capture or simply when a web application receives a large number of visits. It can quickly become difficult to prioritize what to analyze, and what matters in a sea of data.
Synthetic monitoring has neither of these issues, as you can generate the data yourself and thus control its amount, type, and quality. With synthetic monitoring, it is rather the opposite issue: The data can be too predictable and limited. You can only create the data that you can think of, so something may be overlooked, not thought of before real users start to use your application or service. Because synthetic monitoring does not track real user behaviors, you may have a hard time to predict them beforehand, ending up wasting precious resources on what are very rare scenarios in the real world.
Similarly, you may not test all the important use cases, or miss an important one that will show you a flaw in the user experience. Synthetically monitoring all your applications effectively requires constant adjustments to tests, whereas with real users’ data, you simply gather the insights that they give you.
Synthetic monitoring requires more guesswork, especially at the beginning, and may be wasteful in terms of time and effort. But it easily slides into the gaps left by real user monitoring. This is why most companies would do well to use both – to not be limited by a single type of data but to have a holistic approach to their monitoring.
A monitoring system like Checkmk, which can do both synthetic and real user monitoring, is key to staying ahead of problems and improving your users' end experience.