When I’ve thought about monitoring tool (s), especially in the context of API monitoring tools recently, I’ve been reminded of this famous phrase from The Lord of the Rings saga:
One Ring to rule them all,
One Ring to find them,
One Ring to bring them all,
And in the darkness bind them
It’s about the magic ring Bilbo found in The Hobbit. Basically, with the one ring you can control and bring together all the other magic rings in Middle Earth.
I’m getting much the same feeling about monitoring tool and product use. There’s a general (but very, very strong) feeling out there that there’s one tool to rule them all. One tool to find all the problems. One tool to bring all the data together and provide answers.
And like the One Ring, there is a strong compulsion to fall in love with the data from the tool that tells you whatever makes you feel good.
Can we stop this right now?
And there’s a good reason for that. It’s a terrible idea.
Your preciousssssss monitoring tool
Different parts of your stack, especially if you’re running hybrid cloud, with lots of distributed services, do different things. What your stack monitoring tells you, is going to be different to what you need to know about the network traffic to optimize that. The end user experience you want for your web users isn’t going to be the same as your API users. What the regulators need to know, warts and all, is different to what your head of operations needs to know. And that’s probably different to what the VP of customer success needs. And the CISO and CIO might have some interest these days too.
Everybody has different, and, sometimes, conflicting goals from what monitoring should tell them. Rather than trying to find one version of the truth, we should be scouring systems looking for objective data where we can. And we need to provide each of the critical audiences with what they need to know even if it isn’t what they might like to hear.
Operations teams should be embracing this, not fighting it. It might be that there are problems AND they’re nothing to do with you. But they still might be very real to customers and regulators – and unless you know about them and can clearly defend yourself you’ve got potentially expensive problems. And in a world where banking regulators are looking at APIs, you won’t be able to hide.
Security monitoring, for example, isn’t just about Denial of Service attacks, or penetration. It’s about verifying what shouldn’t work, doesn’t work. Just because everything is working as expected, that doesn’t tell you anything about when things work in ways that aren’t expected. And you share user details without realizing it in an API call that shouldn’t do that.
Networking performance issues might have nothing to do with your stack. You might well have the best stack for your solution. Your largest client or partner though? Do they?
Can you tell if calls from their systems to yours take 25 seconds when you know you serve responses in half a second?
This isn’t about fighting the hybrid cloud. This about embracing it and the diversity and benefits it brings. And just like Bilbo, Frodo and poor old Gollum before them, don’t get beguiled and sucked into one particular solution because you think it does everything and makes you feel good.
Your precious preferred monitoring tool? It might be corrupting you.