Please subscribe to the RSS feed for Adventures in Data Center Automation.
6 Functional Areas (each section discussed below)
- Resource Reconciliation (aka CMDB)
- Process Orchestration (aka RBA)
- Performance & Availability
- Security & Protection
- Configuration & Change
Description – Automation that captures a complete view of all IT resources, assets, services etc. and their relationships, layers 1 through 7. This comprehensive view of all IT resources is the “record of truth” and needs to always be 100% accurate. Once in place, this is the hub of information that keeps all other monitoring and management solutions on the same page so nothing is missed or overlooked.
Top 5 Capabilities
- Comprehensive discovery engine that can automate the identification of and it’s communications relationships for any IT resource (e.g., applications, databases, services, systems, storage, network etc)
- Impressive visibility capabilities including multi-layer topological / dependency mapping illustrations while offering comprehensive reporting options (e.g., graphical summaries down to detailed lists)
- Reconciliation automation where this solution serves as the “source of truth” for the current state of the IT resources in the data center. At a minimum this should offer the ability to report differences between this and other Data Center Automation solutions. The real deal would have embedded automation/integrations that keep all products synchronized, saving major amounts of time for the system administrators and avoiding an event from occurring when it unfortunately wasn’t being monitored.
- Accurate fingerprinting (e.g., discovery-to-data model mapping). Making sure the discovery process has the ability to keep up with newer software versions, new vendors etc for all the possible IT resources in the data center.
- A fast search engine to quickly find an IT resource you are: troubleshooting, need to review prior to putting in a change order to understand potential impact or may be susceptible to a recently announced security threat, etc.
- A policy engine, built on the search engine, that enables users to define desired attributes for specific types of IT resources and be notified immediately when something doesn’t match that desired state so it can be remediated.
Description – Cross-silo automation for mundane manual or high occurrence tasks. The capabilities are focused around helping individual technology domains (e.g., network, windows, unix, database, etc) communicate and collaborate to automate tasks that before required numerous people and passing around a trouble ticket.
Top 5 Capabilities
- Drag/Drop graphical interface for designing process workflows
- Common, normalized Data Model of common/primary attributes
- Library of pre-defined, re-usable actions/triggers/processes for usage out-of-the-box (bigger the better – even a community that shares is a plus)
- Policy/Desired-state engine driving things
- Sandbox, simulator to help test workflows without impacting actual resources/instances within the production enterprise.
Analytics *note: this is a recent change to the DCAB and is still being defined**
Description – coming soon
Top 5 Capabilities – coming soon
Security & Protection
Proactive Identification (proactive searching for a potential exposure point that could become a situation) which includes:
- IP Scanning – query remotely that simply requires IP address to gather information and determine if their is a potential condition of concern. Vendors include: eEye, nCircle, Nessus, Qualys, McAfee, Rapid7
- Configuration/Settings Auditing – query remotely (using credentials) or having an agent on the system to take a more details look at the configuration files, etc. Vendors include: ConfigureSoft, Ecora, nCircle, Tripwire, Solidcore, Skybox Security
- Penetration Testing – remote query attempts to actually expose or harm a data center resource. Vendor include: Core Security, HP (former Spi Dynamics), IBM (former Watchfire), Imperva, Mu Security, BreakingPoint Systems
Reactive Identification (reactive, collecting of events or watching data flows to identify a condition or re-occuring trend)
- Security Event Consolidation (aka. SEM) – unified view of events from a variety of sources with the hope that you can quickly identify a problem and resolve it sooner after it occurred, or seeing something that tells you that problem may be about to happen. Vendors include: ArcSight, NetForensics, EMC/RSA
- Information Archival & Reporting (aka. SIM) – archiving and then the analysis and mining of all that event data to identify a re-occurring situation that could be resolved. This archive is also a great resource for reporting certain compliance situation to auditors. Vendors include: ArcSight, NetForensics, LogLogic
- Data Leakage – monitoring activities or traffic flows to identify if sensitive information is being . Vendors include: EMC/RSA (Tablus), Reconnex, Symantec (Vontu), Vericept
Configuration & Change
Description: Automation around making configuration or software changes in mass or in a more controlled, systematic way even if on individual level. Understanding what the potential impact or risks are associated with making that change and keeping tabs on what is changing and if it is authorized or in line with established standards.
- Making changes easier through a simplified user interface – enables more junior administrators to make traditionally more complex changes that required senior individuals.
- Abstraction layer that enables the same change to be applied to a numerous resources, which includes spanning multiple vendors.
- Ability to recommend when a change is not recommended or even unauthorized…understanding the interdependencies and risks associated with a change.
Another area I’m not sure if it belongs here, security or analytics is Log Management where you maintain historical event/message/alert logs and then have historical reporting and applying advanced indexing and searching technology to quickly find the “needle in the haystack” problems.