Category — Event Management

Let us see if we can find the five leading reasons (maybe more, maybe less) for why we need a proactive or predictive solution these days.

#1: I don’t have effective change control in place that spans into and incorporates the monitoring that I do on end point systems, applications and services.

#2: My boss wants me to “do more with less” so I need to figure out a way to clean up the mess I have today in my resource monitoring and event management solution.

#3: I know that when this thingy begins to slow down and that thingy drops packets that my transactions begin to fail. Now how do I write that policy to correlate all my thingys?

#4: My tool is better than your tool. I need to figure out a way to make you believe that your tool is always wrong so you’ll work my trouble ticket.

#5: My manager told us that we need to become more proactive. I sent the dba an email to tell him that we were going to have an outage to this database in three hours. He’d already gone home for the day.

These are tongue in cheek, but the underlying themes of each one are very valid in nearly all operations and application support groups. Why are we interested in predictive and proactive tools when we probably don’t have our own house in order in the first place?

How would you write the business justification and capital purchase plan to explain why you need them? How will you quantify your reasoning? Are you willing to give up one or more FTEs to purchase this solution? Have you had an honest look into the far reaching corners of your organization to see where the real root causes may be that spark your interest in these solutions? Are you ‘really’ ready to try and be proactive or predictive? Are you ‘really’ doing reactive well? What does predictive and proactive really mean to you? How would you describe the core capabilities such a solution should have? How would you associate expected value and ROI from having those capabilities? Where should we be looking elsewhere for help in these areas (BI, operational BI, BPM, BAM, analytic databases, statistical modeling and forecasting, etc.)

Please share your thoughts and ideas on why proactive and predictive solutions are of interest these days.

Just some rambling thoughts here…feel free to join in.

Is another tool what’s really required here? What should/could be done in domain specific resource monitoring solutions that addresses the problems at the edge? Should I really be monitoring everything that comes out of the box in a default configuration? Why do I have all of these profiles, situations, thresholds, events, etc. in the first place? Do I even now what I’m monitoring and why?

What if I have a multi-vendor, multi-sourced environment where I may or may not have visibility? What if I don’t have a CMDB or other source of topology, relationships and dependencies? What if I don’t even know the state and status of the applications, databases or services to begin with? What will I be able to do with investments into these technologies?

What if I have adopted a “manager of managers” concept where I have a consolidated operations eventing environment with feeds from across the entire business environment (facilities, plant, IT, datacenter, logistics, telephony, manufacturing, contact centers, etc.)? Shouldn’t this dynamic “learning” and “thresholding” concept be really applied at this level for some sort of “intelligent event management” free from manual intervention, policies, codebooks, etc? How about the context of the business calendar and schedule merged with the IT operations calendar and schedule? I doubt that this can all be “learned” magically.

If I invest in a BMC ProactiveNet, Netuitive or Integrien (or other fundamental dynamic “learning” or “trending” tool - my favorite was a company called Premonitia - now defunct, based on research from accoustic modelling of whales and shrimp IIRC), how will I recognize and measure the value from that investment? How should the operations environment change to adopt the promises of the “secret sauce” within these emerging technology areas? Will IT operations and second/third tier support teams need to change the ways they work today? If so, how? Does IT operations know how to respond to a future state that hasn’t occurred or someone stating that a service is “slow”? I think most operations and support teams are still in their infancy here.

I’m all for emerging technologies that speak towards making the lives of the folks on the front line better and for sensing, isolating and resolving issues within complex IT environments before they impact the business services, but will investing in these tools really improve the status quo within the typical operations environment? The Next Generation Operations Center, Command Center, Service Management Center or whatever we want to call it must be enabled with these types of technology, but also must prepared to think, operate and respond differently than they do today.

How are you changing? Will you change? Where’s your value proposition? Is it at the front line, second/third line of the support process, at the LoB? Is it about efficiencies in workflow? Do more, with less? Automation? Availability? Becoming proactive? Do you know the real root causes prompting your interests in this technology? What are your vendors doing about it? What is your monitoring tools group doing about it? Should they be doing something different?

Please share your thoughts on how best to operationalize and really recognize value from your investments into these technologies or what you’re doing to address the real root causes of the symptoms this technology addresses.

I’m making my IBM Tivoli Pulse 2008 session on TBSM available for those who were unable to attend the user conference this year or missed my session. The links below will allow you to download the session slides and an mp3 audio recording.

The session agenda was:

• Overall Migration and Upgrade Planning
• Architectural and Functional Planning
• TIP Planning
• Event Source Planning
• LoB, Service and Application Decomposition
• Service Model Design Planning
• TBSM v3 to TBSM v4 Planning
• TBSM v4.2 Migration, Upgrade and Architecture Options

Please feel free to contact me or your local IBM Tivoli teams if you’d like help in preparing for your next generation deployment of TBSM. I hope that through this session you understand how critically important planning, design and architecture is for your success with Business Service Management, the TBSM solution and enabling products.

Doug McClure’s IBM Tivoli Pulse 2008 Session Presentation : Preparing for the Next Generation of TBSM: Distributed, Mainframe and Beyond

Doug McClure’s IBM Tivoli Pulse 2008 Session Audio

All IBM Tivoli 2008 session presentations are available here. I will be adding the session audio for a few others related to BSM and TBSM soon.

Let’s finish the story. With the hype of IBM’s Impact 2008 conference on all things SOA this week, I noticed an interesting business partner offering from a company called Nastel.

Nastel offers

“application performance management solutions that enable businesses to ensure the required levels of performance, high availability and reliability of business-critical applications necessary for meeting SLA’s. Nastel’s AutoPilot Suite leverages its built-in Complex Event Processing (CEP) engine to deliver complete business situational awareness, speeding problem resolution and providing unique proactive, predictive problem prevention that enables governance in Service Oriented Architectures (SOA), facilitates SLA and regulatory compliance, and provides Business Activity Monitoring (BAM) support.”

These are all very important capabilities that an emerging IT organization must have, but how will they integrate with the broader IT management and monitoring portfolio? We must break down all of the silos of tools and data and ensure that we’re integrating and incorporating all of this valuable data and information into the broader end-to-end service management and monitoring efforts. The information that the Nastel AutoPilot M6 solution can provide is CRITICAL to any maturing business service management (BSM) solution.

There is a SIGNIFICANT opportunity for IBM business partners to take the extra effort to talk about the bigger picture and provide content and capabilities that can be leveraged by the broader family of IBM Tivoli products. Most OPAL contributions take the easy path and simply provide for event based integrations using ITM Universal Agents (UA) or simple SNMP Trap event integrations. How about providing custom Tivoli Business Service Manager (TBSM) dashboards, service models and rules that can provide immediate broad based value to the IT organization? How about operational rules, procedures and expert advice that could be used to help quickly isolate the problem? How about custom launch in context (LIC) integrations from the core presentation layer components (TBSM, TIP, TEPS, TCR, etc) into your domain specific product? How about custom reports based on the standard Tivoli Common Reporting (TCR) framework that make use of the data you’re solution collects? These are all very simple things that can help your solutions and products gain more adoption (or sales success).

I challenge all of our business partners (or start ups, OSS plays, etc…) to take the extra steps to contribute to the broader IT management and monitoring solutions that most clients already have made significant investments in. Your rewards may be more than you expected!

I’ve been following Netuitive for over two years now. You can do a search for them on my blog and see all of the various activities and how they’ve evolved over the years. I was very skeptical of their early claims such as “BSM by Lunch” which I’m glad they’ve now backed away from to focus on their core competencies and value add to the overall BSM solution stack. I wish they would have stuck with the blog they started at BSM Digest, but I understand the challenges.

The power of getting accurate, trusted events free from false positives and false negatives is CRITICAL to the underpinning of any good BSM solution. If you’re putting garbage on the dashboards of your tools that operations, support and executives have to see, you’re NOT going to be successful with your BSM strategy. I’m also now very interested in Integrien and ProactiveNet (BMC) and look forward to digging in deeper into their solutions. Nearly every client I’ve seen and even when I ran the monitoring tools group at EarthLink we all have the same problems that these vendors are addressing. They’re the ONLY ones filling these gaps as best I can tell.

I’m looking for a really good discussion on Netuitive’s Active Behavior Profile (ABP). Which of your nine patents apply to this concept. Does every managed element type have a unique ABP or does every actual component have their own ABP? If I want to model/manage a Windows 2000 server different from a Windows 2003 server, how does this work? Is this where Templates come into play. What data streams are “mashed up” in the ABP? Templates?

What vendors do you play best with? Where are the key details of how/what you leverage from each of these vendor solutions? Please share some details. If a client only has the out of the box hardware and OS monitoring using their vendor’s solution with out of the box configurations, what can I expect to see in SI? What will I be missing? Do you recommend certain things be turned on to get health, workload and other outputs? Please discuss. Is one vendor’s CPU or Memory treated the same as another vendors?

When Trusted Alarms are sent outbound towards an event management solution as SNMP Traps, do they include group and function information? What can be mapped into varbinds? How is the trap constructed? Where does this happen?

I’d love to see some hard tangible ROI discussed on how these products are helping. I’m also very interested to know if the typical reactive based operations and support organizations are ready to get more proactive based on what these three vendors can provide. Can they mature from the comfortable, reactive “it’s broke” world and operate in a proactive, predictive “it’s a problem in this area, trust me” world?

Look forward to the discussion!

In this series of thought provoking posts I’ve asked for the ability to instrument for Business Service Management (BSM) at the managed system source and introduced a concept for an ITM 6.x BSM Profile and BSM Descriptor File. I’ve also proposed new organizational concepts that would establish end-to-end ownership for BSM within the typical monitoring tools group. As I peel the layers of this ITM 6.x product back, I’m now in search of the capability to create purpose built BSM Situations and BSM Events directly from ITM 6.x.

The first level of maturity in Business Service Management (BSM) is achievable by ensuring that a solid foundation in the fundamentals of network, system, application and service management and monitoring is in place. Where we’re failing our clients is not providing the necessary BSM best practices to help them use ITM 6.x with BSM as the end state. If clients have a well instrumented IT environment and if ITM 6.x has this capability, all events generated from ITM 6.x monitoring should include core BSM contextual information that establishes the most basic level of IT – Business alignment.

There’s no reason this needs to happen using more complex technology or products such as Netcool/Impact, TADDM or a CMDB. Sure, it may help make things easier, but the fact of the matter is that not all clients will have the ideal Tivoli environment with all of our enabling technology and products. Every client I’ve been to in the last two years has a heterogeneous environment with core products from all key vendors. If we don’t think about enabling fundamental BSM capabilities in ALL of our core products, we’re letting our clients down.

This BSM Situation and BSM Event concept would enable ITM 6.x clients to build BSM Situations that generate purpose built BSM Events. The key here is that every situation within ITM 6.x needs to allow for a purpose built BSM Situation with its own BSM contextual information, policies, thresholds, business calendars, etc. to be associated with it. This would then enable key BSM Event field information to be mapped into the core event emitted. BSM Situations and BSM Events may stand on their own and never be seen by the traditional NOC/EOC or support operator. Think of certain information such as common system information, metrics, KPIs, performance or capacity data that simply flows northbound to build or drive the BSM models and scorecards within TBSM.

Some of my initial questions:

• What capabilities do we have to do something like this?
• Could a BSM Situation be triggered by another situation and map in key BSM information into the generated event?
• What attributes can be mapped in?
• Is there a limit?
• Can attributes read from a file (the BSM Descriptor file) on the managed system?
• Can there be custom attributes defined in the BSM Situation?
• How many?
• How and where does information get mapped into the event format?
• How can every field of a generated event be controlled, overwritten or customized? (message summary, custom fields, etc.)
• Can I create custom slots/fields in the outgoing event?
• How many?

My initial queries to the experts and skimming of our manuals and other internal training materials leads me to the conclusion that these fundamental systems management capabilities do not exist in ITM 6.x. I hope I am wrong. I hope there is some way to do this. My end state objective here is that I get events flowing northbound from ITM 6.x monitoring that convey the critical BSM information within the event such as business services, applications, transactions, LoB, Clients, server OS, location, support group, compliance/risk classification, business impact, etc. I do not want to have to add this upstream unless it’s absolutely necessary.

In an effort to collaborate on how to generate powerful events that convey the most fundamental IT - Business alignment and help clients reach the first phase of Business Service Management, DevCampTivoli has been created. The theme for this event is “Collaborative Development of End-to-End BSM Solutions”. The desired outcome is to come up various approaches for developing a BSM Situations and BSM Events from ITM 6.x and the necessary configurations within the Tivoli EIF probe, Netcool/OMNIbus and TBSM 4.x that can be easily customized and implemented at any client. Whatever the DevCampTivoli outcome is it will be freely available to anyone to take, modify and use to improve their BSM deployments.

Take a few minutes to visit DevCampTivoli. This event will be the May 17-18, 2008 which is the weekend before the annual IBM Tivoli User Conference Pulse 2008 in Orlando, FL. The thought and hope is that SME’s and practitioners in ITM, Netcool/OMNIbus and TBSM will already be coming to Pulse 2008 and will be able to come in a couple days earlier to participate.

More to follow…

Many of the clients I work with have dedicated groups within the IT organization, operations or monitoring group based on common monitoring or product areas. For example, many larger Tivoli clients have a dedicated distributed systems monitoring group that is responsible for all ITM based monitoring, another group responsible for event collection and management with Tivoli TEC or Netcool/OMNIbus and yet another group tasked with deploying application discovery and mapping (TADDM) and business service management solutions (TBSM). Sometimes these groups fall under the same first line manager, but more often than not they do not.

I get the need for silo based organizational structures such as functional area and product specific groupings. This is the old school way of organizing the SMEs and getting work done. It’s the assembly line, work comes in and work goes out, add a monitor here, threshold there and move on to the next request or problem. It develops and reinforces the SME concept within these areas. Great, we have “lifers” who do one thing or another for a long time.

Business Service Management (BSM) is all about the instrumentation and visibility into the end-to-end service. BSM solutions depend on the ability for highly accurate information flowing from all of the core business service monitoring domains. BSM absolutely requires being able to work within an organizational structure that promotes collaboration and communication between the functional organizations within IT, operations or monitoring groups AND external to these comfort zones out into the business service SME groups (dev, support, etc.) AND most importantly with the LoB. BSM requires a common vocabulary, workflow and “style” that old school monitoring organizations are just not very “hip” to. I find many areas of the traditional IT organizational structure flawed and many are plagued by folks with “blinders” on (not my job, not invented here, etc.) and nobody with a sense of end-to-end ownership for business service management and monitoring. These cancerous attitudes and organizational structures are significant barriers to Business Service Management success.

In an effort to find the ideal collaborative and organizational approaches for creating powerful, value added BSM solutions, DevCampTivoli has been created. The theme for this event is “Collaborative Development of End-to-End BSM Solutions”. The desired outcome is to identify optimal approaches for how to best organize and collaborate within the typical IT, operations or monitoring organization so that the ITM, Netcool/OMNIbus and TBSM groups can work better, smarter and faster with an explicit focus on implementing BSM solutions within those products. We will experiment with various approaches and techniques and share our findings and success (of failure) stories. Whatever the DevCampTivoli produces will be freely available to anyone to take, modify and use to improve their BSM deployments.

Take a few minutes to visit DevCampTivoli. This event will be the May 17-18, 2008 which is the weekend before the annual IBM Tivoli User Conference Pulse 2008 in Orlando, FL. The thought and hope is that SME’s and practitioners in ITM, Netcool/OMNIbus and TBSM will already be coming to Pulse 2008 and will be able to come in a couple days earlier to participate.

More to follow…

Our TADDM product has a pretty nifty capability to help it along in its discovery process. You have an option to create files called Application Descriptors that are simple XML files that describe what business applications are deployed onto the server, what components make up the application and how these various components are organized, grouped or have relationship to the business application. Examples of TADDM Application Descriptors are available here.

What if we took this extremely simple concept and turned it into something for the ITM 6.x BSM Profile? What if we had a BSM Descriptor File? It may contain many different sub-components that help me to express the unique characteristics of what this server and installed software do to support business services and applications.

The BSM Descriptor File may contain:

• Business Service Descriptors: Information on the business service(s) this component supports/enables
• Business Application Descriptors: Information on the business application(s) this component supports/enables
• Transaction, Process or Activity Descriptors: Information on key transactions, processes, daemons, batch jobs, etc. that this component supports/enables
• Impact Descriptors: Information on how this component may impact the business goals and objectives, revenue, customer experience, metrics, KPIs, etc.
• Compliance Descriptors: Information on compliance controls that this component must adhere to.
• Risk Descriptors: Information on business risks that may be associated with this component
• Security Descriptors: Information on security policies applied to this component
• Business Schedule or Calendar Descriptors: Information on when there may be important times during the day, week, month that this component may need to be managed differently (end of month batch jobs, financial runs, maintenance windows)
• Operations Support Descriptors: Information about the on call group, escalation paths, etc.

Part of the XML tagging within the BSM Descriptor File should include annotation on how these unique components are mapped into events generated from individual ITM 6.x monitoring agents and their BSM Profile. With this information flowing freely into the event stream, making use of the powerful capabilities within Netcool/OMNIbus and TBSM 4.x become very easy. These BSM Descriptor concept maps very nicely to the TBSM Design Patterns that I’m also currently blogging about.

In an effort to collaborate on how to create such a BSM Descriptor and the ITM 6.x BSM Profile, DevCampTivoli has been created. The theme for this event is “Collaborative Development of End-to-End BSM Solutions”. The desired outcome is to come up various approaches for developing a BSM Descriptor File and BSM Profile for ITM 6.x, necessary configurations within the Tivoli EIF probe, Netcool/OMNIbus and TBSM 4.x that can be easily customized and implemented at any client. Whatever the DevCampTivoli produces will be freely available to anyone to take, modify and use to improve their BSM deployments.

Take a few minutes to visit DevCampTivoli. This event will be the May 17-18, 2008 which is the weekend before the annual IBM Tivoli User Conference Pulse 2008 in Orlando, FL. The thought and hope is that SME’s and practitioners in ITM, Netcool/OMNIbus and TBSM will already be coming to Pulse 2008 and will be able to come in a couple days earlier to participate.

More to follow…