How to Build an Effective APM Platform for Enterprise IT Operations

1. Introduction

After graduating, the author has worked in IT support for many years and now shares hard‑earned knowledge about network operations and APM (Application Performance Management) to help teams avoid firefighting and improve service quality.

2. Kingsoft Group Overview

Kingsoft is best known for WPS Office. It also owns subsidiaries such as Cheetah Mobile (mobile tools, NASDAQ‑listed), Xishanju (games like the "Jianxia" series), and Kingsoft Cloud, which focuses on video and gaming services.

Kingsoft Cloud provides video and game‑related cloud services, while Kingsoft Office serves over 200 million monthly active users.

3. Why APM and Its Goals

Network operations often become the scapegoat when incidents occur because there is no concrete evidence to prove responsibility. APM provides measurable indicators and visual tools to demonstrate network health, reduce blame‑shifting, and enable proactive problem solving.

3.1 Decomposing IT Infrastructure

Typical enterprise infrastructure consists of a monitoring layer (environment monitoring), a network layer (switches, routers, VPN, wireless), and application layer (ERP, OA, desktops, printers). Operations must protect the entire stack.

3.2 Pain Points of IT Operations

Infrastructure ages, leading to higher failure rates. Without proper tools, teams lack predictive capability and can only see symptoms, making root‑cause analysis difficult.

3.3 Defining Operational Goals

Stage 1 – Visualization : Make network status (devices, links, traffic) visible to both engineers and users.

Stage 2 – Automation : Automate repetitive tasks to free engineers for higher‑value work.

Stage 3 – Intelligence : Predict and proactively eliminate IT risks.

4. Early APM Results

4.1 Detecting DDoS Attacks

The platform recorded a low‑volume DDoS scan (≈500 requests) and logged source IPs, ports, and timestamps, enabling early alerts before the firewall was overwhelmed.

4.2 Visualizing Abnormal Firewall Connections

Analysis revealed an internal IP using a free VPN to scan overseas resources, consuming excessive firewall resources; the issue was identified only through visual correlation.

4.3 Monitoring WAN Quality

Packet loss and latency spikes were detected on a leased carrier link, prompting timely communication with the ISP and supporting SLA enforcement.

4.4 Wireless User Drop‑out Analysis

Seven drop‑out categories were identified; roaming and authentication failures were common, while unknown errors highlighted problematic APs or terminals, leading to targeted fixes.

4.5 Resolving Unstable Wi‑Fi Connections

A user experienced frequent roaming despite staying at a desk; analysis showed 2.4 GHz interference and an old NIC. Upgrading to a 5 GHz client resolved the issue, illustrating the benefit of dense AP deployment and 5 GHz usage.

5. APM Tool Stack

Monitoring tools evaluated included Zabbix, Nagios, Cacti, MRTG, and log‑analysis platforms such as ELK. Zabbix was selected for its flexible alerting (email, SMS, WeChat) and topology visualization.

6. Building the APM Platform

6.1 Architecture Design

Zabbix servers collect metrics, while ELK handles real‑time logs; both feed a KPI dashboard that triggers alerts via email, SMS, or WeChat.

6.2 KPI System

KPI metrics are divided into user‑experience KPIs (what users see) and system KPIs (backend health). The two sets form a closed loop: healthy systems produce good user KPIs, which in turn reflect overall service quality.

6.3 KPI Examples

Availability : monitor packet loss, interruptions, and latency; e.g., a 3‑minute outage is flagged when connectivity drops to zero.

Health : DNS response time, with a threshold of 500 ms over a 5‑minute window indicating degradation.

Thresholds are tuned based on historical data (e.g., normal DNS latency <200 ms, so 500 ms is a safe alarm level).

6.4 KPI Visualization

The dashboard shows line status with colors (green = normal, red = interruption, yellow = packet loss, blue = latency) and allows drill‑down into historical data for each link.

7. Weekly Operations Reporting

Teams use a structured weekly report to capture completed tasks, pending items, and upcoming plans, ensuring clear communication and preventing information loss.