Spectrum has the best network discovery configuration application, as it allows for discovery by address, range and type. Any of these can be assigned to separate schedules, so we could set differing frequency for discovery of the backbone (an area that changes little) and user subnets (which change frequently and sometimes in bad ways).
The resulting discovery isn't bad either. Like InCharge, Spectrum supports Layer 2 discovery. But it's not a perfect process. During our testing, we discovered connections between devices that were no longer on the network. Even if the error was due to a faulty cache, it was annoying and time-consuming. Also, devices to be managed can be selected manually. Spectrum refers to this process as modeling. Unlike InCharge, Spectrum includes "not" filters, which makes creating subnet and device filters much easier.
The integrated network discovery found all of the hosts, but a separate BMC integration piece was required to integrate the BMC Knowledge Modules. Viewing the KMs also requires additional software on the SpectroGraph, Spectrum's Motif-like console.
Strangely, sometimes the discovery ran rather quickly, and sometimes it seemed to hesitate. It may have been due to the load on the server (the vendor had no explanation), but this process of discovery and modeling can be distributed, which we like as a production control function in systems or network operations.
Events
Spectrum's new and vastly improved Web console, Web Operator, is a great place to view events and topology information. Selecting an alarm showed us the views that included the object, such as topology and organization.
We had some good results when looking at events from our Knowledge Module test bed. Downstream suppression has been Spectrum's hallmark for years; it maps ports to attached devices and makes the determination to suppress events based on that connectivity.
In the case of getting a memory event from a Microsoft Windows NT server, we got summary information and could drill down to get specific, accurate probable cause.
Another event, relating to an IBM AIX Sybase server, had less detail but did supply enough information to make a clear determination that Sybase had the problem. In both cases, we found the event's source and determined what devices contained and were adjacent to the problematic equipment. Correlation and root cause were specified in the Alarm Manager client.
Spectrum deduces root cause using its own secret sauce--Inductive Modeling--but it isn't as obvious as with InCharge. Although the product has good downstream suppression, de-duplication and Layer 2 connectivity, the BMC agents had to be attached manually to the servers hosting them. This isn't a huge burden, since it's an occasional task, but it's one we didn't have to perform within InCharge.
Usability
Spectrum's client, with its Motif-like look and feel, has always taken some getting used to, which has nothing to do with Motif and everything to do with the huge number of tools Spectrum has added over its 11 years in the business. However, Web Operator is a very useful Java interface. We highly recommend giving this suite to operations and business units.
The Web Operator screen displays alarms with filters, an alarm ticker that scrolls open alarms across the screen, a device browser, reporting and a custom collection view. The custom collector gave us a fast way to make our own groups. With a couple of clicks, we could check the status of the network devices applications that matter.
Spectrum's architecture is also generously appointed with all the network management modules, the BMC integration modules and server redundancy. Aprisma has taken aim at the high cost of network management in the enterprise, putting its money where most offer only mouth. In our single-site pricing scenario, the package sells for just $66,000, plus 20 percent of the list price per year for maintenance. Training is even included. This price is substantially lower than the prices of the others we tested. Although the multisite price far surpassed that of any other product, Aprisma chose to provide each site with a server, rather than provide several centralized units, as the other vendors did. This option provides the additional benefit of leveraging Spectrum's redundancy.
Spectrum xsight, $25,000. Aprisma Management Technologies, (603) 334-2100, (877) 437-0291. www.aprisma.com
Micromuse Netcool/OmniBus
Widely adopted, Micromuse's Netcool/Omnibus is known for its speedy event processing, distributed event filters, and an in-memory database that scales very well. It had a midrange price in our single-site scenario and the lowest price in our large-scale scenario; however, it's more difficult to use than most of the competition.
Netcool has always provided very fine control over the way in which events are viewed. A graphical Boolean filter wizard combined with savable sorting tools lets you quickly build event views for every user, hardcore administrator and business owner alike.
For our tests, which focused on MoM functionality, Micromuse decided not to include its performance and topology products, so we had no discovery to perform. In this respect, Netcool acted like BMC Software's Patrol Enterprise Manager and Managed Objects' Formula, focusing on underlying management platforms' event streams. There was no correlation based on topology or any polling of network devices.
On the other hand, Netcool has so many options for filtering and sorting events, it's almost an art to administer. Netcool is an event-viewing development environment. Events can be filtered and saved as Boolean logic, making any combination of filtering possible.
Out of the box, Netcool's correlation really amounts to simple event matching. For example, a down event on a particular node is checked periodically for matching incoming clear events, using the node, module, interface and type of event (node down in this example), to clear the new node up event and the existing node down event.
We achieved visual correlation by grouping like devices. By creating an event filter that represents a network device and systems location class, and creating a map or icon representation, we could monitor the status of all services, then double-click to see more specifics.
Nothing about Netcool is very easy. The event list isn't terribly difficult to figure out, but the product's heritage comes through, having Motif, Windows NT and Web-based clients. This complexity, however, is mostly an administration problem; the admin must coordinate and understand the client's capabilities. Netcool's Webtop is really the future for Micromuse, since it makes most of Netcool's functionality available remotely. The Webtop was okay, but had minor failures, such as not bringing up help files consistently.
Netcool/Omnibus, starts at $150,000. Micromuse, (415) 538-9090, (800) NETCOOL. www.micromuse.com
Software Patrol Enterprise Manager
Patrol Enterprise Manager has been around since 1989, but even before that, it existed for years as Command Post, from Boole and Babbage. BMC Software updated the interface, adding wizards and Web clients, while retaining a very rich architecture for gathering events. Yet, Patrol Enterprise Manager's heritage does not mean that it has any tighter integration with the BMC Software Knowledge Modules, though BMC has a road map indicating a deliberate move to have all products work within the same Web environment in the future.
BMC Patrol Enterprise Manager doesn't care how many managed nodes, site locations, or managed objects you have in an environment. It discovers the enterprise based on events it receives. This is one reason that Patrol Enterprise Manager is so scalable. Like Managed Objects' Formula and Micromuse's Netcool products, Patrol Enterprise Manager relies on the domains it's managing to provide network inventories. This works when another network management application is firmly rooted. The downside to this is that topology-based correlation depends on an external source.
Event management in Patrol Enterprise Manager is really about data collection. Patrol Enterprise Manager has had years to collect events from many different serial devices and mainframe applications.
The Active Alert Display (AAD) is the center of Patrol Enterprise Manager's event display universe. Like Micromuse's Netcool, Patrol Enterprise Manager has filter engines that preprocess events and cut down the number of events allowed into the system. These preprocessing engines are distributable, so event processing can happen close to the source of the events, an approach that has proven to be very scalable.
The AAD in our test bed's BMC Software Knowledge Module did a great job summarizing useful information about the events. In our test of an Windows NT memory threshold violation, we knew from the event line that we had a problem with the NT memory usage on that server. We didn't have to dig for additional clarification.
Unfortunately, Patrol Enterprise Manager doesn't show how one event affects the rest of the network devices and services: There's no integration with an underlying topology. So downstream suppression, though possible, is brittle because the rule engines need to be configured to suppress based on specific events. Get a new event, and you need a new rule. Yech!
BMC Software has moved to a unified Web interface. In the current version, the Unix Motif GUI is still needed to configure and administer the product, but the operations interface works well on the Win 32 client. The Web client is really more of a customer or business unit's current status view. BMC has indicated that more of the operational interface will be rolled onto the Web, but for now you're on your own.
During testing, we had problems with our operating system and our database. Although we got help in solving both, we concluded that PEM, while very flexible, has plenty of rough edges that will require careful professional attention. This overhead makes Patrol Enterprise Manager fit best where many sites are generating huge numbers of events that need to be filtered.
BMC Patrol Enterprise Manager's prices for our scenarios were $182,500 and $197,500, plus 20 percent of the list price for annual maintenance. The single-site price far exceeded the competition, but the multisite price fell in the middle of the pack.
Patrol Enterprise Manager, prices available from BMC Software. BMC Software, (713) 918-8800, (800) 291-4262. www.bmc.com
Managed Objects Formula and Business Service Analyzer
Managed Objects' Formula wowed us from the moment we got it installed. From its great looking GUI, which sports a must-see topology display, to its innovative architecture, Formula figured to be a very strong contender. All of this made the bumps we experienced during our testing a bitter disappointment. To be fair, Managed Objects offered new code quickly, but frankly, what the vendor calls a finished, shipping product behaved more like beta.
Rather than perform Layer 2 network discovery, Formula represents the inventory as a direct extension of the devices being managed. It's a very faithful representation because of the object-oriented ORBs (Object Request Brokers) that Managed Objects has created for the domains to be managed. These ORBs on the management server directly gather data from the network management systems at an API level. The data is then relayed to the Formula server and displayed in what appears as the native management console.
The look is so close to native that the topology and groups appeared as if we were using our Tivoli NetView test bed's management software. Formula performed the same trick with HP OpenView Network Node Manager and for our test system's BMC Software Patrol Console. With BMC and OpenView we had bidirectional communications, were able to acknowlege events and configure BMC Software Knowledge Modules. NetView was a one-way view-only access.
Given this close integration, it was no surprise when we saw BMC events populate the Formula console. Correlation is accomplished within Formula by grouping network devices and services. This makes errors show up in the group, indicating that there could be problems. Filtering, what Formula calls "Profiles," is very granular, with filters arranged by class, device or regular expression. Each profile could have a separate retention policy for historical analysis.
Formula doesn't attempt to do the more traditional MoM functions of deduplication and downstream suppression; it relies on the underlying management applications for those functions. We didn't get far collecting events within groups, as we had difficulty getting historical event data to register. Initially it appeared that our BMC agents on AIX may have been problematic, and then we had a problem with the internal database under load.
The console runs either in a JVM within a browser or with the Java Web Start client. The console worked fine with the JVM, but we could not configure the Java Web client to work. We also occasionally ended up with more JVMs running than we were actually using, leaving a JVM open unused after closing the last window at the end of a session.
We upgraded Formula a couple of times during our tests. The process was easy, but we found ourselves spending a significant amount of time troubleshooting the installation. At $165,000 for a single site implementation and $217,000 for our multisite scenario, plus 18 percent for annual maintenance, this product is among the highest-priced solutions we tested.
Formula and Business Service Analyzer, $165,000 (Formula Jump-Start Package). Managed Objects, (703) 208-3330, (800) 275-6014. www.managedobjects.com
Bruce Boardman is executive editor of Network Computing, testing and writing about network management and systems. He has 12 years' IT experience managing networks and distributed computing for a financial service provider. Send your comments on this article to Bruce Boardman at bboardman@nwc.com
RSS
