Agent vs Network Data: Choosing the Right Cloud Performance Monitoring Approach

Cloud Business Performance Monitoring: Agent vs Network Data

To reduce costs, boost efficiency, and drive digital transformation, many enterprises migrate their workloads to the cloud. After migration, the number of service nodes can grow from hundreds to millions, making operations and continuous availability increasingly challenging, especially under strict regulatory demands.

Regardless of environment, ensuring business continuity, availability, and stability is the core value of operations. In the cloud era, IT environments become highly complex, spanning physical and cloud resources, public and private clouds. While cloud providers handle some infrastructure maintenance, operators still need to monitor systems and recover from failures, making a robust cloud performance monitoring system essential.

Agent‑Based Monitoring (Bottom‑up)

Most mainstream cloud performance monitoring solutions use agents (code‑injection) such as SkyWalking, Jaeger, or Zipkin, deployed via DaemonSet or Sidecar. Agents instrument middleware, OpenTracing components, or custom services, requiring deployment on servers or SDK integration in code. They provide fine‑grained, code‑level metrics.

In cloud environments, resource sharing and unstable allocations can make monitoring servers complex.

Applications consist of many components, and correlating metrics across numerous modules to pinpoint root causes is difficult.

Additionally, agent‑based distributed tracing relies on server‑level metrics; when underlying infrastructure generates alerts, quickly identifying the impacted business application is hard.

Network‑Data Monitoring (Top‑down)

Network‑data approaches capture traffic using VM probes or virtual probes, working across public and private clouds without invasive instrumentation. They monitor business‑level metrics such as transaction volume, response rate, and success rate, directly reflecting service health.

Distributed systems may embed fault‑tolerance mechanisms that delay error reporting, requiring intelligent fault localization to quickly identify root causes.

Fault propagation can take time; real‑time monitoring is needed to limit latency between detection and response.

Real‑time alerts and precise fault localization are crucial. In microservice architectures, tracing calls across services is essential for rapid issue resolution.

In a distributed tracing system, three concepts are key: Metrics (health indicators), Tracing (call‑chain paths), and Logging (event records). Agent‑based solutions focus on tracing, while network‑data solutions emphasize metrics; both are needed for comprehensive monitoring.

White‑box and Black‑box Monitoring Combined

Monitoring can be classified as white‑box (internal, cause‑focused) or black‑box (external, symptom‑focused). White‑box monitoring exposes internal metrics for proactive root‑cause analysis, while black‑box monitoring provides rapid alerts when services fail, supporting a business‑centric operations model.

Cloud environments pool and virtualize resources, making traditional traffic capture (e.g., switch mirroring) insufficient because east‑west traffic between VMs bypasses physical switches. Dynamic VM lifecycles also break static mirroring configurations.

Traditional network taps capture traffic via physical switch mirrors, but in clouds, VM‑to‑VM traffic often lacks such visibility.

Cloud resources are pooled and virtualized; automated scaling and migration prevent static mirroring from keeping up.

Therefore, cloud traffic collection must move beyond static mirroring, using flexible, automated probes that capture east‑west traffic with minimal impact on servers.

Network‑data monitoring leverages virtual switches, micro‑probes, or SDN redirection to achieve full‑flow, real‑time, precise collection across multi‑cloud and multi‑region networks. Centralized collectors and automated deployment enable both black‑box monitoring of business metrics and white‑box monitoring for detailed fault analysis.

For example, TianDan Business Performance Management (BPC) uses secure, reliable network‑data collection across multiple clouds, supporting distributed architectures and providing an integrated, end‑to‑end monitoring solution that customers describe as “the first perception source for business monitoring.”