Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

F E A T U R E

2003 Survivor's Guide to Network & Systems Management

December 15, 2002
By Bruce Boardman

>> continued from previous page

Correlating the Kitchen Sink

	Issue TOC
	Print full article
	Print this page
	Download as PDF
	E-Mail this URL
	Flame the author

	In this article
	Introduction
	Quality of Experience
	Standards Freeze
	Correlating the Kitchen Sink
	Companies to Watch
	Down But Not Out
	Web Links

The average enterprise network generates a fire-hose stream of events. Even in midsize networks, channeling all this data means filtering, scaling, and most important, understanding the relationships between applications and the underlying infrastructure.

Most vendors try to harness this data power by creating Layer 2 port-level connectivity maps and models. Beyond inventory, knowing how the network is connected is the most basic requirement for correlating network outages. Of course, this still comes down to a human understanding of the network topology at Layer 2, but management vendors, such as Aprisma, Entuity, Hewlett-Packard, Micromuse, Peregrine Systems and Smarts, are trying to internalize these relationships and apply diagnostic procedures to events based on network topologies.

Poorly instrumented SNMP agents, improperly behaving switches and no standard protocol to identify Layer 2 neighbors mean results will vary. This is true from vendor to vendor, but also network to network and even discovery to discovery. Results do seem to be improving, but it's far from a shrinkwrapped function.

Containing the big fire-hose stream of information takes big strategic management architectures. BMC's Patrol, Micromuse's Netcool, Aprisma's Spectrum and Smarts' InCharge all have distributed-computing architectures that let them size to swallow any event stream. They do this through distributed filtering and collection engines that split the event stream into smaller pieces by application and geography. But taking it to the next step--understanding how connected devices, systems and applications relate--is much more difficult.

Grouping is one method to define relationships. This is where devices that are performing similar functions are held in the same container. The containers can be geographical, revenue, organizational, application or customer groupings. A few years ago the DMTF began defining CIM to take these relationships to the next level. The holdup is that that the data gathered had to be normalized, or made non-device-specific, and had to support the notion of dependency.

This effort continues, though some vendors have begun deploying the concepts while they wait. Smarts, for example, has created its own version of CIM and applies it to every device it discovers. This allows for a hierarchy of device relationships, so that when something does fail, not only are the devices' related services obvious, as is the case with grouping, but you can also pinpoint the failing device's overall significance.

Bruce Boardman is executive editor of Network Computing, testing and writing about network management and systems. He has 12 years' IT experience managing networks and distributed computing for a financial service provider. Write to him at Bruce Boardman at bboardman@nwc.com.