Event-correlation vendors and competitors are advancing the state of automated network management.

By Dennis Drogseth
Network World, 09/11/00

The concept of automated event management is once again moving up the hype curve, propelled by technology advancements and market shifts.

IT managers were pretty bullish on the concept about five years ago, when the first serious event-correlation products came out. But the buzz quickly turned to disappointment. Early rules-based event-correlation software that promised to automate network management required sophisticated knowledge of the network, and then a laborious, build-your-own set of "if-then" rules that were more rocket science than automation. Plus, the first-wave products were too rigid.

---

Event correlation and you: Definitions

Event correlation and you: Vendors

---

But the technology is getting a new life. Event-correlation vendors have moved past the basics - is the device available or not - and now look at threshold conditions, CPU utilization, latency, packet loss and other measures. At the same time, network management is evolving to include servers, applications and desktops. For example, Concord Communications acquired Empire Technologies for server management and FirstSense for application response; and Visual Networks grabbed Avesta Technologies for root cause and Inverse Network Technology for application response over the Internet. In the meantime, Aprisma Management Technologies, the Cabletron spin-off and a leader in event correlation, has long integrated its Spectrum management software with Metrix Systems' technology for root cause at desktops and servers.

In parallel, some systems and application management vendors are becoming more sensitive to distributed, networked requirements, and are beginning to embrace root-cause approaches with automation more characteristic of the network-centric vendors. Hewlett-Packard, for example, has automated availability management of applications such as Microsoft Exchange through its OpenView VantagePoint software.

For the most part, these changes are good. Emerging is a model for managing to a service rather than managing at the element or even the discipline level (network, system, application and so on), as these components are recognized as parts of a common infrastructure. One of the key drivers for this is e-business, and the term "infrastructure management" is becoming increasingly common, often fronted by an "e-."

No doubt, network managers need help, and expect relief through management software. In a recent Web survey of 135 IT managers, market research firm Enterprise Management Associates (EMA), in Boulder, Colo., found that 34% of respondents want to shorten the time for resolving problems, 27% want to improve IT service delivery, and 24% want to reduce staff and overhead. To do so, 50% of those surveyed said they spend upward of $50,000 on event-correlation products, with 27% spending more than $200,000.

In separate interviews with IT managers, EMA found that about 60% use event correlation but that only about half of them are very satisfied with it.

According to the survey, about 43% of users expect accuracy of between 75% and 90% from their event-correlation products. This is probably a realistic goal for most products. A parallel percentage is more discriminating, as 40% seek more than 90% accuracy. Mediocrity, at best, satisfies 12%.

In the same study, EMA found that event correlation is initially implemented on the LAN 87% of the time; in the WAN, 83%; for servers, 76%; for application management, 64%; and for desktop management, 53%. This doesn't mean that one product is applied across the board. Few packages can integrate event correlation across networks, systems and desktops effectively without extensive customization. This will change, though.

For example, performance-management vendors claim, rightly, that problem solving needs to be proactive so that failures are prevented. With the high cost of failure - potentially billions of dollars from one network failure in the e-business model - it's no longer good enough just to fix problems.

You could even argue that nothing is more important for the future of networks than the continued evolution of performance management toward an integrated, automated whole. If this software also provides robust, dynamic topologies, other management applications, such as security, quality of service, configuration and change, even software distribution, could be driven by common information sources and intelligence. This opens the door to a level of automated management that has pretty much just been hype to date. But today, competitive pressures and standards such as Web-based Enterprise Management, Common Object Request Broker Architecture and Java have begun to help this future gel.

Will some of the innovative products spawn a new way of working across management solutions? The answer, in short, is "yes."

Drogseth is a director at EMA and co-author of Network World's "Network Systems Management" newsletter.

To top