A survey on online monitoring approaches of computer-based systems

This report surveys forms of online data collection that are in current use (as well as being the subject of research to adapt them to changing technology and demands), and can be used as inputs to assessment of dependability and resilience, although they are not primarily meant for this use

Using SNMP for creating distributed diagnostic tools

In this paper we describe how SNMP (Simple Network Management Protocol) can be extended to do control system diagnostics. Our solution consists of a SNMP agent for LynxOS and a configurable MIB (Management Information Base) browser. We have reused diagnostic modules from the existing diagnostic system and integrated our development into a commercial network management product

Multi-service management in a multi-provider environment

As the spread of digital networks makes access to data communications globally available, the interest of communication service providers is switching away from the provision of these bearer networks and towards the provision of the value added services that will operate over them. At the same time the liberalisation of telecommunication markets is precipitating a dramatic change in the profile of communication service providers. In this complex telecommunications markets the open management, not only of the networks, but of the services themselves will become increasingly important. The large number and diversity of roles of the market players makes the management of inter-organisational relationships fundamentally important to the management of services. The ITU's series of recommendations on the telecommunication management network (TMN) provides a basis for inter-domain management, however, this and other standards have so far concentrated on the management of individual network components and of networks operated by single organisations. This paper provides an initial example of how the management of multiple services in a complex multi-player market can be modelled using TMN techniques for implementation on existing management platforms. The paper begins by briefly outlining current work in this field before describing aspects of this multi-player multi-service management problem and how they can be modelled and implemented in a real system

Event management of large distributed system and network management environments

University of Technology, Sydney. Faculty of Information Technology.Co-ordinated event management across system, network and application environments is a challenging task. The wide diversity of industry and commercial standards, differing business and technical requirements and a huge variety of environments mean there are no simple solutions. This thesis proposes a highly scaleable, flexible and resilient event management architecture that has been applied to the outsourcing activities of HP Services worldwide. Our solution is based on industry standards such as SNMP and commercial products. It provides a framework for all aspects of event management, including event detection, logging, notification, and correlation. It was initially applied and refined in an outsourcing IT environment, then further developed in larger outsourcing environments. It was developed using a standard solution architecture methodology (known as ITSA) that enabled the partly developed architectures to be continually refined, improved and deployed. The technology aspects of the solution work closely with ITIL event management processes. To achieve a unified event display and a standardised event message format, all events from all sources are reduced to a standard format that includes the “raw” event information plus business intelligence, called the business string, added to the event for display and routing purposes. This extra information identifies the nature of the event and allows filtered displays of events. It is extracted from configuration management extensions added to the standard event management tools. The extended format is flexible enough to handle the different commercial tools. The first generation of the solution was based on Computer Associates’ Unicenter TNG and was called the Event Monitoring Utility (EMU). This was later significantly extended by switching to HP OpenView, and the extra development of further central event management functions, especially event correlation, in a solution called DECADE. Significant agent extensions were achieved by the creation and deployment of a solution called SMSPI, which included an extended configuration management and policy database, and further event automation. The extended solution is now deployed across HP Services’ entire global outsourced environment. The solution has proven very successful, winning two Computer Associates Software Achievement Awards, including the Grand Prize, and generating two US patents. It will be progressively deployed to several million servers and network devices globally over the next few years. The work described here is at once self-contained and a basis for on-going development of event management in the face of ever more complex systems, and increasing demands for more detailed event management

Experiences in Multi-domain Management Service Development

The developers of management systems and the management services that operate over them will be faced with increasing complexity as services are developed for the open service market. This paper presents experiences in the development of management services that span several administrative domains and which are therefore representative of the complexities of the open service market. The work described involved the development of TMN based management systems that provided management services in support of multimedia teleservices operating over broadband networks

Policy based roles for distributed systems security

Distributed systems are increasingly being used in commercial environments necessitating the development of trustworthy and reliable security mechanisms. There is often no clear informal or formal specification of enterprise authorisation policies and no tools to translate policy specifications to access control implementation mechanisms such as capabilities or Access Control Lists. It is thus difficult to analyse the policy to detect conflicts or flaws and it is difficult to verify that the implementation corresponds to the policy specification. We present in this paper a framework for the specification of management policies. We are concerned with two types of policies: obligations which specify what activities a manager or agent must or must not perform on a set of target objects and authorisations which specify what activities a subject (manager or agent) can or can not perform on the set of target objects. Management policies are then grouped into roles reflecting the organisation..

Automated IT Service Fault Diagnosis Based on Event Correlation Techniques

In the previous years a paradigm shift in the area of IT service management could be witnessed. IT management does not only deal with the network, end systems, or applications anymore, but is more and more concerned with IT services. This is caused by the need of organizations to monitor the efficiency of internal IT departments and to have the possibility to subscribe IT services from external providers. This trend has raised new challenges in the area of IT service management, especially with respect to service level agreements laying down the quality of service to be guaranteed by a service provider. Fault management is also facing new challenges which are related to ensuring the compliance to these service level agreements. For example, a high utilization of network links in the infrastructure can imply a delay increase in the delivery of services with respect to agreed time constraints. Such relationships have to be detected and treated in a service-oriented fault diagnosis which therefore does not deal with faults in a narrow sense, but with service quality degradations. This thesis aims at providing a concept for service fault diagnosis which is an important part of IT service fault management. At first, a motivation of the need of further examinations regarding this issue is given which is based on the analysis of services offered by a large IT service provider. A generalization of the scenario forms the basis for the specification of requirements which are used for a review of related research work and commercial products. Even though some solutions for particular challenges have already been provided, a general approach for service fault diagnosis is still missing. For addressing this issue, a framework is presented in the main part of this thesis using an event correlation component as its central part. Event correlation techniques which have been successfully applied to fault management in the area of network and systems management are adapted and extended accordingly. Guidelines for the application of the framework to a given scenario are provided afterwards. For showing their feasibility in a real world scenario, they are used for both example services referenced earlier

Moving from a Sales Led to a Product Led Business: Evaluation and value delivery in SaaS products self-service

Dissertation presented as the partial requirement for obtaining a Master's degree in Data Driven Marketing, specialization in Digital Marketing and AnalyticsSaaS companies are transforming their traditional sales processes by taking advantage of their products as the main vehicle to acquire, activate, and retain customers. We focused on the SaaS software evaluation process and value delivery to examine how SaaS products that can be evaluated in self-service, by the users, deliver value along the customer journey. For this, we conducted qualitative research through in-depth interviews with senior executives from companies in different growth stages and geographies and observations to explore the strategies and organizational initiatives to seize the opportunities associated with product-led business models. Our findings evidence two main categories - evaluation and value. Evaluations start top-down, driven by a clear strategic direction from the management team or to address a pressing need that is hindering the business from moving forward, or bottom-up, started by the users with a clear use case, and connected to an urgent, often daily, need. Value, in the product-led model, is now delivered sooner on the customer journey creating a shift to the left in value delivered, now closer to the start of an evaluation, and value captured is going right, now after value is delivered and the product is started to be adopted. A discussion on how sales-led and product-led evaluation and value delivery, across the customer journey, differ is presented. Finally, we offer recommendations to business leaders wanting to move to product-led growth

Opnet, Arne, and the Classroom

This paper examines OPNET Technology, Inc\u27s management programs, and Regis University\u27s Academic Research Network (ARNe) needs to find out which OPNET programs can meet the needs of ARNe. The method used was to examine ARNe\u27s needs, and research Microsoft\u27s SMF/MOF management framework, research OPNET\u27s program and module offerings, research OPNET\u27s University Program, and research how OPNET\u27s programs are used at some other universities. The research was used to create a match up between Microsoft\u27s Service Management Functions and OPNET\u27s programs and modules. And it was used to create a list of textbooks, labs, and lab manuals that would work with OPNET\u27s IT Guru and Modeler in a classroom to help teach networking theory. The examination was combined with the research to create an evaluation criteria matrix from which project recommendations could be drawn. The conclusion was that the following OPNET Technology programs and modules could be of benefit to Regis University\u27s ARNe - ACE, Automation module, Commander, DAC module, Flow Analysis module, IT Sentinel, IT Guru, NetDoctor, Report Server, and VNE Server

AI Solutions for MDS: Artificial Intelligence Techniques for Misuse Detection and Localisation in Telecommunication Environments

This report considers the application of Articial Intelligence (AI) techniques to the problem of misuse detection and misuse localisation within telecommunications environments. A broad survey of techniques is provided, that covers inter alia rule based systems, model-based systems, case based reasoning, pattern matching, clustering and feature extraction, articial neural networks, genetic algorithms, arti cial immune systems, agent based systems, data mining and a variety of hybrid approaches. The report then considers the central issue of event correlation, that is at the heart of many misuse detection and localisation systems. The notion of being able to infer misuse by the correlation of individual temporally distributed events within a multiple data stream environment is explored, and a range of techniques, covering model based approaches, `programmed' AI and machine learning paradigms. It is found that, in general, correlation is best achieved via rule based approaches, but that these suffer from a number of drawbacks, such as the difculty of developing and maintaining an appropriate knowledge base, and the lack of ability to generalise from known misuses to new unseen misuses. Two distinct approaches are evident. One attempts to encode knowledge of known misuses, typically within rules, and use this to screen events. This approach cannot generally detect misuses for which it has not been programmed, i.e. it is prone to issuing false negatives. The other attempts to `learn' the features of event patterns that constitute normal behaviour, and, by observing patterns that do not match expected behaviour, detect when a misuse has occurred. This approach is prone to issuing false positives, i.e. inferring misuse from innocent patterns of behaviour that the system was not trained to recognise. Contemporary approaches are seen to favour hybridisation, often combining detection or localisation mechanisms for both abnormal and normal behaviour, the former to capture known cases of misuse, the latter to capture unknown cases. In some systems, these mechanisms even work together to update each other to increase detection rates and lower false positive rates. It is concluded that hybridisation offers the most promising future direction, but that a rule or state based component is likely to remain, being the most natural approach to the correlation of complex events. The challenge, then, is to mitigate the weaknesses of canonical programmed systems such that learning, generalisation and adaptation are more readily facilitated