Infrastructure Management Software Blog

Q&A from EMA webinar on incident management and OMi

Thank you to everyone who attended the EMA webinar on “What is New in the Not-so-New Area of Event Management: Five Tips to Reduce Incident Resolution Costs” (view the archived webinar by clicking on the link).


We had many great questions at the end, some of which we did not have time to answer. Here is a complete list of all the questions that were asked, along with the answers. If you have additional questions, please post them in the comment field on the blog.


 


What effect will cloud computing have on the management strategies you discussed?


In many respects, Cloud computing – if it’s to be successful as a responsible answer to optimizing infrastructure for business applications – will accelerate the need for consolidated event management and its associated technologies.  Cloud computing places many new complexities and a stress and real-time awareness in front of IT managers, including how to manage performance, change, and costs effectively across virtualized environments and potentially across a mix of external service providers wedded together in a dynamic ecosystem.  These requirements will force service providers to become more transparent in support of SLAs, performance management, infrastructure discovery, CMDB Systems and CMS involvements, and shared cost analysis, along with compliance, security and risk management issues.  In other words, Cloud computing cannot succeed except as a niche opportunity without embracing the best practices and process-centric programs within IT to optimize its own internal effectiveness.


As you all know, security event management is a domain in its own right, and there is as much interest in cross-domain integration of security processes & tools as in other areas, if not more so in some cases. How can unified event management help security and IT ops team achieve their common goals?


Security event integration with an overall consolidated event management system is one of the more challenging and also more valuable areas of consideration.  This is partly because rather than being a “component-defined” part of the infrastructure or SW environment, security is pervasively associated with all domains and all disciplines.   It is something like the “phantom” in event management-a more logical than tangible entity.  But as such, defining polices for integration and reconciliation are more complex and overall less evolved.  Of course security has its own well established history in event management, in particular with SIEM—but once again this evolved as a way of consolidating security-related event issues, rather than being a more holistic approach to integrating security events with performance and change related events.  And so to a large degree this challenge still remains unanswered by the industry as a whole.


Is OMi a replacement for OM?


No. OMi is a separate product that adds on to Operations Manager. OMi introduces advanced functionality such as system health indicators and topology-based event correlation using Operations Manager as the event consolidation platform. We designed the products in this way to allow our customers to gain significant new capabilities without disrupting their current Operations Manager deployment. There is no rip and replace, just adding a new component on top of the existing monitoring solution.


OMI looks alot like BAC, are they tightly coupled?  Do I need both?


So is BAC and OMi the same product now?


Great observation. OMi is built on the BAC foundation so they do share a common look and feel. OMi performs advanced event management. BAC handles application management, transaction monitoring, and problem isolation. You can mix and match to components from the two product sets to meet the needs of your organization and you only need to purchase the components that fit your needs. So, OMi and BAC are separate products, just tightly integrated.



Sounds great, but what is the cost?  Is there some way to justify the big cash outlay for IT organizations in SMBs?


The return on investment should be apparent. As we covered in the presentation, if you assume the cost per manually handling an event is $75 and OMi will eliminate processing of around 10% of events (conservative estimate), just determine how many events your Operations Bridge team handles per day/week/month/year and do the math.
And, of course, that ignores the benefits associated with a more rapid fix-time for incidents which will enhance business service availability.


For pricing on OMi, please contact your local HP sales representative.


Can OMi run on the same server as Operations Manager?


No. You need to run the two products on different servers. OMi will run on its own Windows based platform and will be connected bi-directionally to a nominated OM server.


Do I need OMi to use the runbook automation capabilities of Operations Orchestration?


No. Operations Orchestration can use the events from Operations Manager as the trigger to launch flows. You do not need OMi too. Like OMi, OO leverages the power of OM and its agents. I strongly recommend you contact your HP sales rep to schedule a demo of Operations Manager and Operations Orchestration working together.


If everyone uses the same console, how will domain experts perform advanced troubleshooting?


The OMi console is designed for Operations Bridge personnel to view events, identify the causal event, and resolve the incident. Likely users will be Tier 1 operators and subject matter experts (SME) starting to troubleshoot problems and determine what to fix. The SMEs will then use their specialized tools to investigate the problems in more detail within their domain. For example, someone on the server team might see that a server is down and then use HP SIM (System Insight Manager) to identify that a fan has stopped working.
OMi includes the concept of “user roles” so that specific users can be provided with access to the events, infrastructure views and tools that are appropriate for their role. Domain experts could have user roles defined which include direct access to tools utilized for advanced troubleshooting.


Is there any special configuration I need to run OMi?


You need Operations Manager to consolidate events before feeding them to OMi. You can feed events from other tools (such as SiteScope for agentless monitoring) into Operations Manager to get better visibility of your enterprise by expanding the number of managed nodes. Operations Manager can also consolidate events from other domain managers such as Microsoft SCOM or IBM Tivoli.
You do need a recent version of Operations Manager – either OMW 8.10 with some specific patches or OMU 9.0. Existing Smart Plug-Ins will work with OMi but we’ve also been making some enhancements to provide tighter integration and to enable the Smart PlugIns for OMU to populate the topology maps automatically. So in general you need a recent OM version and later SPI versions are ‘better’.
Other than that, there is no special configuration.


Does OMi require ECS (event correlation services) to be built out?


No. As a general rule it’s a good idea to ‘refine’ the event stream that is processed by the OM server and passed to OMi. There is absolutely no point in passing lots of noise to OMi – stuff that we know is noise – so we would recommend making good use of all of the traditional event consolidation and filtering technologies in OM. Time and count based correlation on agents, de-duplication etc.
ECS – Event Correlation Services – can also be used to further refine the event stream as it arrives at an OMU server but it is not a requirement for OMi.


Any issues or challenges to be utilize OMi in duplicated IP addresses environment for company like MSP (managed service providers)?


OMi should work in duplicate IP address environments providing that appropriate DNS resolution and IP routing OR HTTP PROXY CHAINING is in place to enable outbound connections from the existing OM server to the managed nodes (agents) to work correctly. The support for dup-IP is something we included in the HTTP communications protocol which can be used with OM agents after version 8.x of the OM servers. There are a number of different ways that the network 'resolution' can be set up - including http proxies and NAT - and we cannot commit to testing every possible configuration. However, with an appropriate configuration OMi will work in these environments. In general, if you have a dup-IP environment working with your existing OM server then OMi should also work.


Does OMi take into consideration HA (high availability) configurations such that it can identify business degradation as opposed to an outage?


Yes. This is one advantage of having health calculation and event correlation which is dynamically driven by the discovery of the infrastructure. Consider a cluster running some Microsoft Exchange Resource Groups, or a number of VMware hosts with some virtual machines which participate in delivering a business service. In either case, if we have a hardware issue then we may move the ‘application’ (resource group or VM) to another host. This may happen automatically.
The Operations Manager Smart Plug-In (SPI) which is monitoring these resources – so the Exchange SPI (which is cluster aware) or the Virtualization Infrastructure SPI – will detect the movement of resources typically within 1 to 2 minutes. The SPI will update the discovery information in OM and this will be synchronized into OMi a short time later. OMi’s perspective of the topology of the infrastructure will change and the health and event correlation rules will adapt.
OMi will now ‘understand’ that the hardware events which arrived from the cluster or VM host do not impact the business service which is supported by the specific Exchange Resource Group or virtual machine.


 


For HP Operations Center, Peter Spielvogel.


Get the latest updates on our Twitter feed @HPITOps http://twitter.com/HPITOps


Join the HP OpenView & Operations Management group onLinkedIn.

Search
Follow Us


HP Blog

HP Software Solutions Blog

Labels
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation