Configuresoft

Analytics; What are the top capabilities?

Recently, I made some adjustments to the Data Center Automation Blueprint where we combined 2 original areas and added a new one for Analytics.  Steve Henning just posted a great guest blog entry over at Doug McClure’s blog called “Why Real Time Analytics?” I personally liked the analogy to TQM and the manufacturing industry.

He also recently jotted down some of his thoughts on capabilities within the comments section for the posting “Data Center Automation Blueprint; now includes virtualization thoughts.”

Here are some of my initial thoughts that I will take another pass at cleaning up in the next week or two.  I wanted to get this posted in a timely manner to hopefully inspire some discussions:

1) Inter-domain Integrations - Steve called it “Cross Silo” in his comment post. But the analytics solutions need to have a data model and API/SDK that is not specific to one domain (e.g., databases, windows systems, network devices, websphere applications).  To perform holistic analysis you need more then one point of view.

2) Pattern Logic Automation- Automation through algorithms, rules etc that work to mimic the human problem solving / analysis process.

3) “Advanced” Graphical Visualization- more then summary graphics, pie charts etc…what I’m think here is something I can look at that helps me see the pattern or some unique situation/trend affecting the business (e.g., correlation of trouble ticket and performance monitoring details).  A better name then “advanced” is needed here for sure.

So far the vendors I’m thinking of when I’m creating the above functionality list (as noted in the DCAB) include;

• AlterPoint (offers specific analytic module “Lifecycle” built upon their NCCM product)
• ConfigureSoft (built upon their ECM product, integrations with MOM, Remedy)
• Opnet (variety of products)
• Netuitive (real-time performance analytics)
• Integrien (real-time performance analytics)
• BMC (acquried ProactiveNet, real-time performance analytics)

Who else do we believe should be in this analytics bucket? Thoughts on these 3 capabilities?  What are some others?

Digging into the DCAB 6 functional areas: Security and Protection

The massive number of security management vendors make simply covering this portion of the DCAB a very intimidating task. So many technology approaches and different data center technology focuses (e.g., networks vs. system vs. applications etc). I’ve attempted a first pass at sub-dividing this functional area. I know that do to it’s vastness, I’m going to miss tons of vendors I already know about and also stretch the categories a little in my attempt to limit the number of sub-divisions.

Proactive Identification (proactive searching for a potential exposure point that could become a situation) which includes:

• IP Scanning - query remotely that simply requires IP address to gather information and determine if their is a potential condition of concern. Vendors include: eEye, nCircle, Nessus, Qualys, McAfee, Rapid7
• Configuration/Settings Auditing - query remotely (using credentials) or having an agent on the system to take a more details look at the configuration files, etc. Vendors include: ConfigureSoft, Ecora, nCircle, Tripwire, Solidcore, Skybox Security
• Penetration Testing - remote query attempts to actually expose or harm a data center resource. Vendor include: Core Security, HP (former Spi Dynamics), IBM (former Watchfire), Imperva, Mu Security, BreakingPoint Systems

Reactive Identification (reactive, collecting of events or watching data flows to identify a condition or re-occuring trend)

• Security Event Consolidation (aka. SEM) - unified view of events from a variety of sources with the hope that you can quickly identify a problem and resolve it sooner after it occurred, or seeing something that tells you that problem may be about to happen. Vendors include: ArcSight, NetForensics, EMC/RSA
• Information Archival & Reporting (aka. SIM) - archiving and then the analysis and mining of all that event data to identify a re-occurring situation that could be resolved. This archive is also a great resource for reporting certain compliance situation to auditors. Vendors include: ArcSight, NetForensics, LogLogic
• Data Leakage - monitoring activities or traffic flows to identify if sensitive information is being . Vendors include: EMC/RSA (Tablus), Reconnex, Symantec (Vontu), Vericept

Alright, that will have to do for now. Identity & Access Management is a whole other area but this will have to do for now. Wow, I’m really starting to realize that this DCAB was biting off more then I could honestly chew Hopefully, it will prove helpful to someone out there. When I do start to make updates the best way to manage that may be moving this to a wiki.

Quick status check, I’ve now taken a first pass on 4 of the 6 functional areas (and most of them require/deserve a return visit sometime soon). Each functional area alone probably could/would be topic enough for an individual blogger (any volunteers). I’ve also had some great recent conversations with people on virtualization, process orchestration and resource reconciliation that i’m eager to talk about. So as I’ve stated before, comments are open for anyone and everyone to add thoughts and commentary. Which vendors did I miss, what capabilities/functions did I miss as we monitor the security in our data center.

Digging into the DCAB 6’s functional areas: Configuration and Change

There seem to be two key components or approaches to this functional area. Some vendors are focused on auditing & monitoring the configuration/state of a device while others are focused on that and the provisioning/deployment of configuration/software to a device. Typically, the vendors going across data center technology categories are audit-centric.

Vendors doing both Deployment & Auditing (listed alphabetical)

• AlterPoint (for network devices)
• BladeLogic (for appilcations, servers)
• BMC (for applications, servers with Marimba acquisition and networks with Emprisa acquisition)
• CA (for systems)
• Cassatt (for systems, applications, networks
• Cisco (for network devices)
• ConfigureSoft (for applications, servers)
• Ecora (for servers, applications)
• EMC (for network with Voyence acquisition, for storage with ControlCenter)
• HP (former Opsware for applications, servers, networks, storage)
• IBM Tivoli (for applications, servers)
• mValent (for applications)
• Phurnace (for applications)
• Scalent Systems (for servers, applications)
• Symantec (for servers, applications with Jareva, Altiris and storage with CommandCenter)

Vendors focused on Auditing

• Solidcore (for servers, databases, networks)
• Tripwire (for servers, databases, networks)

Vendors that do both primarily for desktop’s which extends to provide some server configuration and change capabilities for the data center

• Avocent (from Landesk acquisition)
• Lumension (former Patchlink)
• Microsoft (former SMS product)

Just as with my previous post on Performance & Capacity I’m not done with this one. I started going through the laundry list of vendors in the “virtualization” space but simply ran out of my allocated time for today. So I’ll pick back up on it at a later time

Recent activities in Configuration Management, tis’ the season of webinars

December is a time when things typically “slow” down for the holidays.  Many data centers are under a freeze where no major changes can occur (or should occur), etc.  So I guess it’s a great time to do a little research for next year.  Bring on the webinars which many vendors seem to be offering up this time of year:

BladeLogic had a very successful webinar, over 400 people, where real customers talked about real benefits of configuration management automation for their data center.  The press releases on the survey results & the webinar sound like a infomercial (which it should be since it’s marketing).  I was hoping to take a watch but their archived link doesn’t allow me to register and watch.  I enter my registration information and it says the event is full.  Oh well, another time.

ConfigureSoft also had a webinar, more process centric (PLAN-DO-CHECK-ACT: Closing the Loop on Change), but it’s archived and I was able to check that one out.

 Tripwire, not wanting to be outdone, had 4 differerent webinars recently.  The one I checked out was The Five A’s of a Healthy Data Center.  Where their focus was around the 5 step process of monitoring your configurations in the data center (Assessing, Assuring, Auditing, Achieving, Automating)

Ecora back on the 11th had a webinar around surviving audits through monitoring your configurations.  Unfortunately, I couldn’t find it archived anywhere to check it out.

Solidcore didn’t have a new webinar to offer but did put out a press release highlighting how they can help with the upcoming PCI deadline on December 31st with monitoring configurations.

mValent, who focuses on very the specific challenges of application/middleware configuration management, had a very interesting press release with some hard ROI numbers;

• The average application migration project takes 20+ man-weeks with an average labor cost of just over $72,000.
• Total IT direct-headcount costs associated with application migration initiatives range from $500K to $800K.

AlterPoint, focused on the network side of the data center, announced their analytics solution can now extend/compliment a customers previous investment in CiscoWorks (if they are a predominately Cisco networked Data Center) without requiring replacement.

I also looked to see if their was anything new from HP (Opsware), EMC (Voyence), BMC, IBM, CA but didn’t see anything specific.  And I recently talked about configuration vendors that are focused on virtualization so I didn’t rehash that.

I know I must have overlooked some vendor(s) out there, throw your information in the comments section (if your the vendor) or if your an enterprise using another product please tell us who your using and what you think.  I’ll take a look and update the post if appropriate.