Home / Reviews / ThousandEyes review: Endpoint Agent

ThousandEyes review: Endpoint Agent

How can Network Engineers ensure a good user experience in today’s Internet-centric enterprises, and how ThousandEyes Endpoint Agent can help?

Traditional network monitoring tools are designed for performance monitoring and fault detection on the monitored networks.The following mechanisms are normally used:

  1. traffic sniffing
  2. traffic injection

Traffic sniffing means snooping the packets on the wire, measuring metrics, and trying to detect problems as soon as they occur. This is also called passive monitoring.

The second case is referred as active monitoring, in which a probe is placed in the network to inject traffic towards a target. This is what ThousandEyes does when using its Enterprise and Cloud Agents.

Nowadays, enterprise scenarios include factors such as the following:

  • Remote working
  • Wi-Fi / LTE networks
  • SaaS applications

How can traditional monitoring systems cope with these new challenges?

There is a strong need for extending the network visibility and monitoring up to the end-users:

  • wherever they are located (office, home, on the move)
  • whatever way they use to connect to the network (wired, Wi-Fi, LTE)
  • regardless of what applications they are using (local, SaaS)

and that’s allegedly why ThousandEyes built Endpoint Agents!

ThousandEyes installs the Endpoint Agent on the user machine, laptop, or desktop, in the form of a browser plugin and a system service, measuring performance and detecting faults based on real user data produced while browsing the Internet. This latter is a key feature since user browsing data is “the real thing” and nothing like synthetic probes injected with the purpose of measuring metrics.

It’s now time to take a deep dive into this new promising ThousandEyes feature. Let’s put it on the test bench!

Disclaimer: This is a sponsored review, however, the content and opinions stated here are independently written by RouterFreak’s team. As always, we provide honest product reviews, unedited.

Endpoint Agents Installation

Endpoint Agents are available for Microsoft Windows (Windows 7 or higher and Windows Server 2012+ or higher – x86 and x64) and Apple Mac OS X (MAX OS X 10.9 -Mavericks- or later). They can be downloaded from the ThousandEyes app and installed in one click using the provided package: MSI for Windows and PKG for Mac.

ThousandEyes Endpoint Agent Installation

The Endpoint Agent package installs two things:

  1. System service at OS level
  2. Browser extension

The extension comes in the form of a plugin and it is available for Google Chrome (41+) and Microsoft Internet Explorer (11+) browsers. Package managers can be employed to deploy the plugin to the corporate laptops. Hardware and software requirements can be found in this article.

Monitor Any Network and Browser Application

If you already used ThousandEyes to monitor your network, you might be asking this question: how do Endpoint Agents differ from Enterprise and Cloud Agents?

The main difference resides in the kind of traffic they use for measuring network performance and detect outages:

  • Enterprise/Cloud Agents: they leverage active probing injecting synthetic traffic towards a target, meaning that the packets are generated by the agents and not by the user.
  • Endpoint Agents: the traffic is user generated in the browser, and it’s used to measure the real user experience in using web applications.

When we read that, the first doubt that crossed our mind was about user privacy. Are we going to be monitored when accessing any app, like a proper big brother?

The answer is: of course not! ThousandEyes allows to select the monitored domain, and those are supposedly the ones used for work duties. For instance: mail.google.com, office.com, salesforce.com. In this scenario, any other domain would not be monitored at all.

ThousandEyes Endpoint Agent Monitored Domains

It’s also possible to specify the networks to monitor in the form of IP subnets, in order to only select the LAN that we need to observe. This is especially useful in the case of mobile users with laptops since we can select, for instance, to monitor those whenever you are connected from within the office network but not from any other network (e.g., home or Starbucks).

Every time a user browses one of the monitored domains, data gets collected and uploaded to ThousandEyes by the browser plugin. So let’s now have a look at the test views!

Endpoint Agents Test Views

The test views are obviously the most interesting sections. Here we can see the data collected by the Endpoint Agents, and the rich set of metrics measured by ThousandEyes.

First of all, we noted that the data views are organized in two main layers, which reminds of the layer-7 and layer-3 of the always beloved OSI model:

  1. User sessions: data related to the user experience.
  2. Network access: data related to the local area network (LAN) in connecting to the Internet.

Let’s now take a peek dive into each of them, including their sub-layers.

User Sessions – Web

The first user session sub-layer is the Web, which presents the data collected by Endpoint Agents when browsing pages included in the domains listed in the monitoring profiles.

There are two metrics available at this layer:

  1. Page success rate: percentage of completed page loads out of the total number of page load requests in the specific user session.
  2. Response time: sometimes called time-to-first-byte, this is the time elapsed from the beginning of the first request until the client receives the first byte of the response.

The timeline allows customizing the bin size, which is the time length of each data slot. In the following picture, we selected a bin size of 30 minutes so the timeline is sliced according to this slot duration. In each of them, ThousandEyes plots the number of web pages navigated (total or per Agent) within the specified time interval, plus the selected metric which in this case is the Page Success Rate.

The Endpoint Agent name is displayed in the bottom table, where we can see a summary of all the measured metrics at this layer.

ThousandEyes Endpoint Views - Web

Since we are looking at Web collected data, another pretty interesting view is provided in the Waterfalls tab of the bottom table. In the following picture, we can see all the pages loaded by the agent during the current session. For each of them, on the right side, we can find a ‘view’ link that takes to the actual waterfall view.

ThousandEyes Endpoint Views - Web

In the following image, the waterfall is shown with its rich set of data which goes down to the single web page item. Every object composing the web page (e.g. images, javascript, tracking codes, etc.) is analyzed in terms of DNS/Connect/SSL/Wait/Receive time. This is a very powerful tool that allows spotting single items that are slowing down (or even failing) the page load.

ThousandEyes Endpoint Views - Web

Now it’s time to move to the next view, the user session > Network. We have to say that this layered approach is pretty straightforward to navigate!

User Sessions – Network

In this view, the focus is on the network data collected when browsing pages included within the monitored profiles.

There are four metrics available at this layer:

  1. Loss: measures the end-to-end packet loss.
  2. Latency: average round trip packet time.
  3. Jitter: standard deviation of latency.
  4. Connection Failures: number of TCP connections failed by the agent in reaching the web server.

The timeline is as usual sliced in bin size slots and allows a bird’s eye view on the number of user sessions. The real juice of this view is the Path Visualization, which provides the full path from each agent to the web server hosting the browsed domain.

This is a great bunch of data because it not only includes the layer-3 hops, as we see in pretty much all monitoring tools, but also information on most common office access device: the wireless gateway. If we look at the beginning of the path, we see the green dot that represents the agent, then an orange one which is the wireless gateway and then a light blue one which is the border router connecting to the Internet. This is the first time we see metrics regarding the local wireless LAN in the client space, and we can only think about good uses for that data.

ThousandEyes Endpoint Views - Network

Another detail not to be missed is the packet loss measured on intermediate nodes. As we illustrate in the next image, hovering on the red nodes on the path, we can get details on the forwarding loss experienced. The information is pretty rich, including the node IP, AS name and number, geographical location, and of course loss and response time.

ThousandEyes Endpoint Views - Network - Packet Loss All

Again, in the bottom table, we can have a summary view of all the collected metrics, which comes handy in case of multiple Endpoint Agents to compare.

ThousandEyes Endpoint Views - Network 02

Last but not least, any Endpoint Agent view offers a filter tool that can be used to customize the view and focus on the interesting data. As we see in the next picture, we can filter using several parameters such as agent, location, domain, and many others.

ThousandEyes Endpoint Views - Network - Filter

Right, time to move down to the next sub-layer!

User Sessions – Sessions Details

The Session view provides details on the user sessions when connecting to a specific target domain.

The metric available in the drop-down menu are the ones from Web layer (i.e., Page success rate and Response Time) plus the ones from the Network layer (i.e., Loss, Latency, Jitter, Connection Failures) so we won’t provide more details here.

As illustrated in the following picture, the bottom table this time is presenting the list of user sessions along with some information such as OS of the client machine (e.g. Windows, Mac OS-X), the kind of connection used by the client (e.g. WiFi, wired), the used public network and start time of the session.

ThousandEyes Endpoint Views - Session 01

The most interesting part comes when we expand one of the sessions listed in the table. What we obtain is a topology with information on the wireless gateway (including signal strength, quality, channel, etc.) and the border router connecting the client machine to the Internet. In the example below, we can see that the connection to gotomeeting.com:80 actually failed.

ThousandEyes Endpoint Views - Session 02

Network Access – Network Topology

The last view provided by ThousandEyes Endpoint Agents is the Network Topology, so we step down to layer-3 data. Due to the change of OSI layer, the proposed data is pretty different and includes the following metrics:

  • Gateway Loss: percentage measurement of lost ICMP Echo Reply packets from the gateway out of the total ICMP Echo Request packets sent.
  • Gateway Latency: average of the round-trip packet time from the Endpoint Agent to the Gateway
  • Proxy Loss: percentage measurement of lost ICMP Echo Reply packets from the proxy out of the total ICMP Echo Request packets sent.
  • Proxy Latency: the average of the round-trip packet time from the Endpoint Agent to the Proxy server.
  • VPN Loss: percentage measurement of lost ICMP Echo Reply packets from the VPN out of the total ICMP Echo Request packets sent.
  • VPN Latency: the average of the round-trip packet time from the Endpoint Agent to the VPN server.
  • Transmission Rate: the rate of data transfer from the agent machine to its Access Point.
  • Signal Quality: Signal-to-Noise ratio, measured as the difference between RSSI (Received Signal Strength Indication) and wireless noise value.

ThousandEyes Endpoint Views - Network Topology 01

A pretty interesting section of this view is the Network Topology table at the bottom. Similarly to the Path Visualization seen earlier, we can see the connection from the client machine to the border Internet router. This time, the focus is on the local connectivity, so we only see out LAN depicted in the diagram.

When hovering the mouse pointer over a link or node of the diagram, we can get more information on the connected nodes and the quality of the channel (wired or wireless). This is particularly useful when the user complains about slow or faulty connection and more often than we think the problem is just on the local LAN.

ThousandEyes Endpoint Views - Network Topology 02

Endpoint Agent Data Reports

We have presented the massive amount of data that can be collected at the various layers. In the live test views, ThousandEyes has a 30-days timeline where data can be surfed interactively, but what if we need to deep-dive into that information?

The Report capability provides an effective solution, allowing to slice and dice the data with customizable reports. With those, you can apply all kind of math you can think of (mean, averages, variance, etc.) and dig for the right information hidden in the collected data.

ThousandEyes Endpoint Agent Reports

RouterFreak’s Verdict

ThousandEyes Endpoint Agents expand the visibility on the network and user experience. Unlike other tools, the data collected is based on real user traffic – and that’s a key factor to understand what’s going on in your network.

In the average corporate office, factors such as poor wireless connection or slow SaaS applications can have a strong impact on employees’ productivity. For a network engineer, it’s paramount to keep the network working perfectly as well as ensure a good user experience. Unlike in the past, network engineers of today are not only responsible for the “plumbing” of the system!

What we really like about Endpoint Agents is their ability of silently collecting data without the user noticing any impact on the browser use. The plugin sits there like a ninja, ready to take action when the domain falls into the monitored ones.

Another cool feature is the ability to trigger an Endpoint data collection manually. The browser plugin provides a button to manually start a data collection. This is especially useful when troubleshooting an ongoing issue, without the need to collect and keep historic data. It’s enough installing and start the plugin, browse the problematic app, and in a few minutes the metrics will show up in the ThousandEyes app.

The real strength of Endpoint Agents is the ability to correlate data at different levels. When an app is showing issues, that can be due to a variety of interconnected factors (e.g., server problems, spotty wireless connection, Internet outages, etc.), identifying and correlating all these problems will take a matter of minutes with the layered approach offered by ThousandEyes.

The visibility offered on key network components such as VPN tunnels and wireless gateways incredibly boosts the ability to quickly pinpoint the issue along the delivery path from the user to the target application. The previous – and still alive – Enterprise and Cloud Agents already provided a good tool to use for monitoring, but Endpoint Agents make ThousandEyes the Swiss army knife of the category!

One thing we did not like is the missing support for Linux OS. We understand that in the enterprise world Windows and Mac are the incumbent OS manufacturers, but we love Linux too and we hope to see this OS supported at some point in the future.


ThousandEyes Endpoint Agents completely change the way you can monitor and analyze the end-user performance. We were really impressed by the richness and granularity of the data, extending the network and user experience visibility where few others can compete.

In today’s hybrid and chaotic networks, with employees moving from the office to home, stopping by a Starbucks and using a mix of SaaS and internal apps, it’s extremely difficult to provide fault detection and, most of all, prevention.

Endpoint Agents can be tried for free by creating a Trial account. This will give you access to the full features for 14 days. We strongly recommend you give this feature a shot. Definitely, you won’ t regret it.

About Daniele Besana

Daniele is a freelancer consultant with 15 years of experience in network security, customer support, Linux and Salsa. He worked for Juniper Networks in Netherlands, providing support and consultancy on security projects across Europe and Middle-East.

Check Also

ThousandEyes device layer

ThousandEyes Device Layer Review

Applications are moving to the cloud, you need a solution like ThousandEyes Device Layer to monitor them from layer-7 to layer-2 and stop worrying about it!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.