Application Dependency Mapping: The Complete Guide
Application Dependency Mapping: The Complete GuideAmir Lubashevsky2022-08-09T15:41:36+02:00
Complexity in information technology has been increasing at an exponential rate.
The drive for innovation has fueled rapid adoption of new technologies and a corresponding shift towards cloud computing, open-source software, and a microservice approach to application architecture.
As a result, modern information systems now rely on a bewildering array of interdependencies hosted in both physical and virtual environments across dynamic hybrid cloud and multicloud infrastructure.
Application dependency mapping (ADM) is an IT process that is designed to help operations and development teams overcome this complexity. But what exactly is ADM? Why is it important? And what are the use cases for the product?
This guide answers these questions by taking you through the key concepts of ADM and how it helps address the many challenges of managing complex application deployments.
Key ADM Concepts
What are Application Dependencies?
In the context of application development, dependencies are the various components an application relies upon so it can function as intended. Dependencies include:
• other in-house codebases
• libraries and frameworks
• proprietary software
• files and database systems
• the underlying operating system
• servers and subnets
• specific versions of scripting languages
Dependencies, particularly libraries and frameworks, can very often be a double-edged sword.
On the one hand, they provide off-the-shelf functionality that saves a lot of complex and time-consuming work involved in developing code that performs the same role. On the other, conflicts can arise when third-party developers release updated versions of their software. These typically lead to issues, such as slower performance, loss of functionality, and system crashes.
What is Dependency Mapping?
Dependency mapping is the process of gathering information about all your underlying application dependencies and presenting it in a way you can easily understand it.
This can be in the shape of a manual spreadsheet, listing details about the different services your application uses and the connections between them. However, in view of the growing complexity of their IT systems, organizations are increasingly using specialist software to map their dependencies.
Such tools provide information not only in spreadsheet form, but also visual representations of entire application ecosystems.
These make it easy to see the interactions and relationships between the different components of your applications, and how they work together and affect one another. Furthermore, they continually monitor your applications so you always have up-to-date insights into your deployments.
A fully featured mapping tool will be able to analyze any type of IT environment, providing detailed views of application topologies across physical and virtual servers hosted on both on-premises and cloud-based infrastructure.
What is Application Dependency Mapping?
The terms “application dependency mapping” (ADM) and “dependency mapping” are often used interchangeably and pretty well mean the same thing.
However, “dependency mapping” infers mapping of the underlying dependencies that make up the application stack, such as the host server, operating system, developer frameworks, libraries, and databases.
By contrast, “application dependency mapping” relates more directly to the components of your business applications themselves such as microservices, functions, subroutines, and integrations with other systems.
What is Application Discovery?
Application discovery refers to the mechanism by which ADM tools identify and monitor the various building blocks that make up your application.
The three main methods of discovery are:
Sweep and Poll: Identifies dependencies by pinging IP addresses and gathering information from the responses
Network Monitoring: Uses network traffic analysis to identify the path taken by packets as they move through your system
Agent-Based: Installs agents on your servers to monitor inbound and outbound traffic in real time
However, some application discovery methods leverage other technologies such as orchestration platforms and application performance monitoring (APM) tools, making use of their monitoring capabilities to keep track of application components and underlying server resources.
This guide will cover these in more detail later in this post and discuss the pros and cons of each method.
What is Application Mapping?
This is where application mapping or network discovery tools come in. Application mapping can identify and map out all the instances, communications channels, and applications that are being used in your IT ecosystem as well as the ports and services that are being used. The best solutions can also quickly and easily define VPCs, subnets, and security groups on cloud providers such as AWS, Azure, and GPS.
When displayed on an intuitive map, you have a visual representation of your application dependencies that can be shared, examined, or used for planning and troubleshooting. This visualization can be used for business strategy, organizing by business context, and prioritizing critical alerts and information in real time.
Why is ADM Important?
The sheer scale and complexity of modern IT makes it difficult for organizations to fully understand the anatomy of their information systems. And this makes it difficult to manage them accordingly.
Inventory and network mapping alone aren’t sufficient to overcome this challenge, as companies also need clear insight into the actual workings of their applications.
They need to see what impact a change to one link in the chain could have on all the others. They need to understand the health of the entire application, readily identify points of failure, and determine the best course of action—so they can troubleshoot issues more quickly and efficiently.
ADM helps them to do just that.
But it also helps them do so much more — serving as the basis for so many of the proactive steps that operations teams need to take and as a blueprint for a wide variety of your IT objectives.
For example, it can help teams to:
Respond to problems more rapidly: Through a raft of features, such as the ability to view versions of your maps before an issue appeared, you’ll be better informed on how to deal with problems as and when they arise.
Gain better service visibility: By providing IT operations management teams with a useful reference point for optimizing resources, diagnosing and resolving issues, tackling security incidents, and maintaining your catalog of technology services.
Stay on top of dependency changes: By continually monitoring your application’s inventory of dependencies, ADM gives you the confidence that your maps are always up to date and complete.
Pinpoint performance bottlenecks: Reducing the time it takes to get to the root cause of many application performance problems, such as slow SQL queries and poorly configured or under-resourced dependencies.
Avoid dependencies in the first place: By developing more agnostic applications that are more loosely coupled to dependencies—especially to specific versions of software and operating systems. This will improve the stability of your software and make it more tolerant to issues and changes elsewhere in the application stack.
ADM Use Cases
IT Change Management
ADM can play a useful role in a wide variety of change management use cases. For example, when teams need to:
launch new applications or services
make changes to existing applications — to add new functionality, fix issues, or meet new requirements
provision or procure new infrastructure, such as storage, routers, and servers
perform software patches and updates
make configuration changes to libraries and frameworks, operating systems, and database management systems
integrate DevOps tools into software development workflows
In each of these cases, ADM can help you identify what else you may need to change and potential issues you may need to address.
Given the complexity of modern IT systems, ADM has rapidly become an essential first step to performing these tasks—as there are often so many unknowns involved in such changes.
As well as helping to prevent dependency issues, it can also help you minimize disruption caused by scheduled updates and maintenance. Or more specifically, through better understanding of how different components interact, you’re able to predict and mitigate problems ahead of time and coordinate changes that involve little or no disruption whatsoever.
What’s more, ADM can provide information that’s useful to the human side of IT change management, as you may need to liaise with those departments and people affected by the changes.
ADM can help you identify gaps in your compliance undertakings.
For example, under the EU General Data Protection Regulation (GDPR), you can only generally process and store personal data about European citizens in a data center location within the European Economic Area (EEA) and a limited number of other permitted countries. You can therefore use ADM to determine where your application data resides and check whether it meets applicable data residency requirements accordingly.
Some ADM tools also provide you with an audit trail of the changing topology of your system. You can use this to demonstrate you take appropriate accountability measures to meet compliance.
Data Center and Cloud Migration
Migration projects are particularly risky, as so many things can potentially go wrong.
ADM can support your preparations by helping you to:
understand your existing application architecture
determine what data you need to move
identify what you need to back up before the migration
formulate a plan of action
ensure nothing will be overlooked during the migration process
Teams can also use it to perform follow-up checks after you’ve completed the migration to ensure everything is in place and working as it should do. For example, people can check whether their applications:
can still access your data—because your new addressing system isn’t working properly, you haven’t mapped your data correctly to its new location, you haven’t successfully transferred all of it over, or there are conflicts between source and destination operating systems that render data unreadable or inaccessible
are experiencing performance issues—because you haven’t provisioned enough resources or optimized your application for its new environment
Furthermore, you can use ADM to plan corrective measures in the event you do run into problems following the migration.
Cloud Cost Optimization
The public cloud is pay-as-you-go (PAYG) infrastructure where charges are based on your resource usage. This comes at the risk of skyrocketing bills if you’re not optimizing your workloads.
However, through clearer understanding of your application deployments, you can make smarter choices about instance sizing or resource allocation of containers, and make better use of provisioned storage. What’s more, you’ll be able to formulate a more informed reserved instance (RI) strategy, in which you’re better able to match RI purchases with the resource requirements of your applications.
ADM also gives you an overview into which application components are consuming the most resources. You may then be able to make coding, configuration, or architectural changes that make more efficient use of your cloud infrastructure.
ADM solutions provide a range of insights to help you manage cybersecurity. For example, they are typically able to detect all your SSL/TLS certificates and give you details such as expiry dates so you know when you need to update them.
Furthermore, you can use the network mapping capabilities of ADM to devise a suitable microsegmentation strategy.
This is a security approach where you effectively compartmentalize workloads by defining granular network controls over traffic between the different resources within your application environments. This helps to contain a breach, as it limits an attacker’s ability to move laterally across your network.
However, ADM not only helps you define your microsegmentation strategy but also adapt it to network changes—through the ability to detect and investigate new and unfamiliar connections.
Business Continuity and Disaster Recovery
Most companies now rely so heavily on IT that they simply cannot function whenever their systems go down. That’s why it’s so important to get your BCDR processes right. Because, if they’re not fit for purpose, they’ll be useless should you ever need to use them.
The problem is that failover systems are notoriously complex. Similarly, backup and recovery systems must be properly synchronized and take into account all of the data applications need. However, clear insight into your application dependencies will help you overcome these challenges.
It can also have a hand in the recovery process—by helping you to determine the order in which you should restore your systems. For example, authentication services would likely be high on your list of priorities so users can log straight back into your applications as soon as they become available again.
And you may need to contact a whole variety of different people in the event one or more applications go down. For example:
development, operations, and database administration teams
users of the software and those of any applications that integrate with it
customers and suppliers
ADM can help you draw up a communications plan that will ensure everyone is in the loop during the crisis.
And, finally, don’t forget that ADM continually monitors your applications for changes. So you’ll always have an up-to-date picture of your application topology when you periodically review and test your DR plans.
How Does Application Dependency Mapping Work?
There are two standard types of application mapping solutions.
Agent-based application mapping tools: These solutions require you to install a third-party solution on your computers and servers to create a map of all applications, and therefore include the risks inherent in giving access to third parties. They can also impact your computer’s performance, slowing it down or causing the battery to burn out faster.
Active/scheduled scans: Another option is to schedule scans at specific time intervals in which the system sends pings to network devices and creates a map from the responses. The scans impact latency and performance, so they cannot be conducted on an ongoing basis. Therefore, they only give you a window into your IT ecosystem, and you discover only the things that happen during the time of the scan.
Isolate critical assets or customer data with microsegmentation, seamlessly reducing risk.
How to Choose the Right ADM Tool
Different companies have different needs. And, this is equally so when it comes to choosing an ADM solution. To ensure it will be fit for purpose, it’s therefore important to weigh up a whole variety of different factors. These will typically include:
Flexibility: For example, the software should be able to integrate with a wide range of on-premises and cloud-based environments. This helps ensure it’s not only suited to existing hardware but also to future infrastructure requirements.
Range of features: Capabilities may include alerting mechanisms, cloud-cost optimization tools to help keep monthly bills down, and varying levels of customization and automation.
Pricing: Each vendor has its own unique pricing structure and licensing options, so it can be difficult to compare products on a like-for-like basis. Prospective customers can, at least, make this easier by having a clear idea of how many servers they want to map at the outset.
Visual presentation: Some solutions offer highly detailed insights, geared towards users with a high level of IT expertise. Others provide much more streamlined information for those who only need a general overview. But, in either case, the visual presentation should still be clear and uncluttered, and ideally complemented by useful contextual information.
Ease of use: The product should be quick and easy to set up, be intuitive to use, and deliver insights that are simple to understand. Many vendors offer a free trial, in most cases for either 14 or 30 days, so users can put offerings through their paces before they buy.
However, one of the most important factors to consider is the method of discovery the product uses. This is because each approach has its own unique set of advantages and disadvantages, which an organization should understand before deciding whether a solution is suitable.
So let’s run through each of these again, looking at the pros and cons of each method.
Application Discovery Methods
Sweep and Poll
How it works: Identifies dependencies by pinging IP addresses and gathering information from the responses.
Pros: Lightweight discovery method, which is comparatively straightforward to perform, as it’s able to scan an entire network from a single location.
Cons: Slow for large organizations with large and complex application deployments. Critical assets can potentially go undiscovered in dynamic IT environments, such as the public cloud, because of the time it takes to report changes to network topologies.
How it works: Uses network flow or packet analysis to identify the path taken by data as it moves through an IT system.
Pros: It is usually a very lightweight deployment, where you can map the entire environment quickly. Detects changes to application topologies in real-time. More effective at discovering dependencies in dynamic cloud-based environments and where existing knowledge of an application ecosystem is less well known. It has a minimal performance overhead on the topology, if any. It is considered the most secure since it is non-intrusive. There is no need to install agents on the machines; it doesn’t require credentials to access the servers or to reconfigure firewall rules. The simplest to use with highly segmented environments.
Cons: Lacking in-depth information on the machines since it is non-intrusive – unless you provide credentials to the servers. Information such as installed software and its version, the running processes, and performance data. Can’t actively change the configuration of the machines or the network devices.
Agent on Server
How it works: Installs agents on servers to monitor inbound and outbound traffic in real time.
Pros: Low bandwidth. Real-time capture of changes to application topologies. Able to differentiate between applications running on the same server with the same IP address. Correspondingly able to provide more detailed application-level insights.
Cons: Agents need to be installed on every configuration item, making it difficult to achieve blanket visibility, especially in large-scale enterprise environments. Moreover, installation and maintenance of agent software can become notoriously complex and time-consuming at scale. The user needs to have a prior understanding of an application topology so they know where to strategically install agents. And if an application processes highly regulated or sensitive data then third-party agents may breach compliance or security requirements.
How it works: Leverages the monitoring capabilities of other technologies to keep track of application components and underlying server resources. For example, some ADM solutions gather data from DevOps tools such as Kubernetes, which manages all underlying application components. Other ADM offerings integrate with APM tools, such as Datadog.
Pros: May help keep resource consumption down by leveraging technologies already in use. Able to consolidate information from different tools to provide more comprehensive insights.
Cons: Reliance on other technologies. Consequently, it can be difficult to gain full visibility over the application ecosystem, as the third-party technology needs to be installed on every single server. This, in turn, can make it a particularly cumbersome and expensive solution.
The Mapping Process
ADM tools set themselves apart through not only different methods of discovering dependencies, but also different methods of organizing and mapping them. A specific solution may use one or more of the following mapping approaches.
Pattern-based mapping uses scripts that follow a sequence of operations to work out the attributes of application components and their connections. It is a resource-heavy mapping technique, but generates an accurate and comprehensive representation of an application topology.
Traffic-based mapping uses network flow logs to collect and analyze traffic-related data. It is designed to complement pattern-based mapping by casting a finer net to identify components that might otherwise go undetected by other methods. However, it also tends to map configuration items that do not affect the operation of an application.
An approach that builds up a picture of the application supply chain from tags assigned to IT assets. It is relatively straightforward to set up and configure compared with other methods and can be useful for mapping applications hosted in virtualized, hyper-converged, and multi-cloud environments—where tagging is standard practice. However, tag-based mapping can produce unsatisfactory results if assets are tagged incorrectly.
A service mapping process that uses artificial intelligence (AI) to rank application fingerprints based on the extent to which they appear to be bound to that specific application. For example, an internal application component would rank highly whereas a server used for general system monitoring would be given a low relevancy score.
AI mapping may be useful for complex application topologies. However, it takes time to train the machine learning algorithms in order to achieve the best results.
Categories of Application Dependency
As we discussed earlier in this post, today’s software supply chain encompasses many different types of dependency—from in-house codebases and open-source frameworks to caching services and database systems.
However, most types of dependency come under one of the following three general categories, each of which has its own set of considerations.
Application-to-application dependencies provide the core functionality of any piece of business software. Such dependencies can be proprietary software or other in-house applications.
Mapping application-to-application dependencies helps IT teams to:
track the movement of data between different application components
identify what applications should be migrated or transitioned together
understand the potential impact of infrastructure changes and plan accordingly
ensure any BCDR strategy takes the entire functionality of an application into account
It can also prove particularly useful to developers who are unfamiliar with the codebase, giving them a quick and efficient way to identify the basic building blocks of an application and help them understand the potential impact of coding changes.
As with application-to-application dependencies, service dependencies support an application, but don’t directly affect its functionality. For example, a domain name system (DNS) supports an application by servicing requests to map hostnames to their IP addresses.
Service dependencies can also depend on other services, forming a chain of dependencies as part of the application stack.
At the same time, some types of service dependency are specifically designed to help overcome issues caused by dependency chains. For instance, message queue services, such as RabbitMQ and Amazon Simple Queue Service (SQS), allow applications to continue processing requests whenever a component within the chain is unreachable, busy, or offline.
Service dependencies are often reusable components that can be used by many different types of application. As a result, many of them are open source, as they save organizations the time and money involved in building their service dependencies from scratch.
However, this also comes with a number of implications for dependency management.
For example, organizations will need to keep track of such dependencies to ensure they:
comply with the licensing terms of the open-source software
fix open-source vulnerabilities by applying the latest patches and software updates
avoid compatibility issues between the core application and open-source components and between the open-source components themselves
Beware: Service dependencies are often misappropriated in application delivery and migration processes, leading to rogue connections between production and development environments. However, dependency mapping tools help users identify such misconfigurations and prevent any associated security and compliance issues accordingly.
Host-based dependencies are those between the application and the underlying host environment. They include:
These dependencies are the foundations upon which applications are supported. Likewise, they provide the framework around which dependencies are mapped by ADM tools. And this makes sense when you consider that an application dependency map is basically a visual representation of the different servers used by an application and the network connections between them.
An application dependency map showing servers represented by nodes and connections by arrows
This is the starting point from which users can do everything else with ADM tools, such as investigating application topologies further, checking the health of servers and connections, and drilling down to more detailed server information.
A Dependency Mapping Example
The following screenshot, taken from Faddom’s own ADM solution, shows an example of a dependency map for a demo ERP system hosted in a hybrid-cloud environment.
The navigation tree on the left-hand side shows two different applications, a web portal and the demo ERP system, that use a specific server. This helps the user to evaluate what impact a server event, such as scheduled maintenance or a security incident, might have on those applications.
In our maps, nodes denoted by circles represent single servers while those denoted by squares represent clusters. Each node has two names, where one is the domain name and the other is the virtual machine name taken from VMware.
Each arrow represents a connection between two nodes. The direction of the arrow indicates which node is the one that initiated the connection between them. In other words, whether a connection is incoming or outgoing from the perspective of each node.
Faddom uses the following color scheme to show the status of each connection:
Green: An active connection that has seen traffic in the last few minutes, the exact period of which can be set by the user.
Grey: An inactive connection, which hasn’t seen traffic over a longer predefined period.
Red: A failed connection, where a known application component isn’t responding.
Such maps help users document all incoming and outgoing connections to a server and see the current status of each connection.
Faddom’s ADM Software
Faddom’s agentless dependency mapping (ADM) tools create a real-time, detailed service map of your entire IT environment, with one view for both virtual and physical servers. It’s platform-agnostic and has zero impact on performance.
Faddom’s features include:
Multi-cloud compliance and multi-tenant options
Support for all on-prem technologies and virtualization platforms
Hybrid application dependency mapping—ADM for on-premises IT and cloud topologies that shows both environments in a consolidated map
Dependency mapping between business applications
Real-time mapping—maps are always up-to-date
Agentless and credential-free deployment
Passive use of network traffic protocols in maps
Change management—visibility of real environment architecture before and after an IT change
Impact analysis—shows the network impact of shutting down servers
Cloud migration wave planning
Cloud migration “right-sizing”
Inactive server identification
Export options and APIs
Links to the features pages (if no features pages, perhaps we can create them)
Faddom integrates with virtualization platforms such as vSphere, load balancers, cloud platforms, and monitoring solutions. Our integrations cover AWS, Azure, Google Cloud, Oracle Cloud, Kubernetes, AWS CloudFormation, Docker, VMWare, Hyper-V, ServiceNow, AppDynamics, BMC CMDB, CA CMDB, IBM CCMDB, New Relic, Citrix, MicroFocus, and Slack.
Who we work with
“With Faddom’s cost analysis recommendations, we were able to save as much as 25% of our monthly network costs. This is a great success for us, knowing we can rely on Faddom for accurate dependency mapping.”
Haran B. , VP Product, Cancelon
“Faddom supported us in finding the expensive connections that were having a negative impact on our bottom line each month. We simply didn’t have the visibility into our cloud.”
Dvey Aharon – VP, Research and Development, Windward
“We loved how easily we could create and visualize our application apps, including all dependencies – it made the whole migration process a lot easier.”
Leave your details and we'll get back to you shortly
* These fields are required.
Get Started For Free
Leave your details and we'll get back to you shortly
* These fields are required.
This website stores cookies on your computer. These cookies are used to improve our website and provide more personalized services to you, both on this website and through other media.