• Categories

    • Why You? Why AccelOps?

    Posted on: April 14th, 2010 by Imin Lee 2 Comments

    In the last blog, I wrote about ‘Why Now?’ In this one, I will attempt to answer the ‘Why You?’ and ‘Why AccelOps?’ question.

    To better answer this question, let’s look at some of the very similar characteristics in the security space.

    Security is famous for being dynamic: attack and vulnerability scenarios are constantly changing and changing fast. On top of it, the security infrastructure is also very dynamic: frequent IPS/IDS signature updates, frequent FW rules/policies updates, … User identity can also change fast – once a user logs out of VPN, that same IP is immediately assigned to another user. Security is now also built into the infrastructure in most cases, and becoming part of the infrastructure as security service.

    To address the challenges in security, problem identification/resolution and incident handling need to be very fast, if not real-time, due to the nature of the problem. So it is time sensitive.

    Now, you see that today’s datacenter availability/performance management has a strong similarity with the security management – dynamic environment, dynamic scenarios/behaviors, and time sensitive.

    Let’s look at how security technology advanced in the last few years:
    • Take in all data from the infrastructure: Firewalls, IPS/IDS, Anti-virus, Web proxies, mail gateways, VPN, Wireless Controllers, Server, Applications, Switches, Routers, …
    • Take in netflow data to understand the traffic pattern
    • Take in the user/identify data to understand who and whom
    • Take in the infrastructure to understand their configurations, policies, topological relationships, location, …
    • Cross-correlate all these data to come to a quick conclusion in near real time: (1) is it an attack? (2) is some vulnerability being exploited? (3) who did it, who is impacted and where is the attacker located? (4) what else could be impacted?

    So in the last 5-7 years, cross-correlation technology for security has advanced greatly in algorithms and techniques: scenario based analysis, statistical profiling, cross-domain false positive detection etc. These advances broke the original silo-ed way of managing security: FW-only management, IPS-only management, AV-only management etc. As a result, security management became much more effective and the field SIEM – Security Information and Event Management – was born. By aggregating all the data, SIEM vendors also (almost accidentally) helped to solve the big compliance management problem and as a result SIEM/Log Mgmt vendors became household names in the IT space.

    If you look at how the security space counters the attack detection/identification, the incident response problems, you would probably get the hint of what I am about to write…

    You can see that availability and performance management for data center can learn a few things from security, as their characteristics in todays environment are very similar. What is needed is to take what we have learnt in the security space, push cross-correction to the next level to holistically address the challenges in the availability, performance, security and log/compliance management space.

    In order to do so, lots of innovations and know-how are needed. Basically the cross-correlation techniques need to be enhanced to accommodate a much larger and diverse set of parameters, the system needs to understand a much larger set of devices, different types of datacenter technologies and their inter-relationships and inter-dependencies. The analytics engine also needs to have advanced inbuilt cross-correlation logic that can be used by administrators to describe the complex scenarios and behaviors based on their data center operation knowledge.

    With that, the end result is a bottom up integrated platform capable of doing all the above, and breaking all the traditional product silos in IT and datacenter management space. The current datacenter product sets are technology based and very fragmented: one tool for network management, one tool for system management, one tool for application performance management, one tool for security/compliance management, etc. The integrated platform eliminates blind spots in IT management and the ‘Not-my-problem’ scenes in the workplace and it is also efficient in root-cause detection, proactive in alerting on future problems. It has the all the analytic capabilities to provide executive decision support based on KPIs and trends… It is a single pane of glass that facilitates better collaboration/cooperation, but at the same time, capable of allowing individual focus for different IT functions.

    The innovation does not stop here. It also needs to be very easy to use:
    • easy to collect all the data, by auto detection of data source and format, or with minimum of human intervention to tell how to collect them
    • built-in intelligence or know-how so that administrators do not need advanced IT knowledge to debug and spot problems; instead they can enjoy the benefit of knowledge gained by domain experts over the years with the shipped product
    • easy to allow user to describe new IT problems and security threat scenarios
    • easy to deploy, easy to provision and no requirement of new hardware in the datacenter except the common VM and server architecture in the datacenter.
    • capable to scale in computation and storage for large datasets and complex analytics

    The last, but not least, the product needs to be flexible in distribution to meet various needs. In today’s enterprise IT world: not only it needs to have technology innovation, but the product needs to have flexible distribution channels, e.g. multi-tenancy for SaaS, MSP and cloud providers, and for small enterprise to emerging enterprise.

    Nirvana, isn’t it? If you think of what James Cameron can do with Avatar that he could not have done so 10 years ago, you can see what I have described here can be done, if it is with enough know-how, and be smart about execution.

    What AccelOps has done is exactly that – a platform that allows for end-to-end datacenter and cloud monitoring and management, with the capability of not only the 7 functions that ScienceLogic EM7 or Nimsoft are capable of doing (namely
    Net Mgmt, APM, Sys Mgmt, Asset Mgmt, Event Mgmt, Ticket System, SLA), but also
    SIEM (security mgmt), Log/Compliance Management, Change Management/CMDB
    VM Mgmt and Identity/Location Management.

    However, the breath of the product capability should not induce people to think it is a mere bundling of functions, although that is exactly what happened as the Big 4 IT management companies (IBM, HP, CA, BMC) and even emerging vendors like Nimsoft bought companies and created a patchwork of products. Instead Accelops is a true bottom-up integration using the technology innovations that I had described above. Certainly, a secondary benefit is IT management tool consolidation. Sounds familiar? Datacenter infrastructure is converging, so why not the management space?

    In the next blog, I will try to answer some of the questions of ‘Yes, that is wonderful. But are you jack of all trades and master of none?’

    Stay tuned…

    Imin

    Comments are closed.