Entuity Embraces Event Management


In June 2013 Entuity announced the release of Entuity 13.5, marking the latest evolutionary edition of its solution for enterprise class network and infrastructure management. While the release included a number of important incremental enhancements, it also included a substantial new set of functionalities for advanced event management. Capping a multiyear research and development effort, the new events system offers rule-based customizable interpretation and actions based on both asynchronous and synchronous data streams, filling important gaps in turning monitoring data into operational intelligence.

Event Management in Enterprise IT Operations

Within the field of network management, and more broadly infrastructure management, there are a number of core/essential management technology areas. For monitoring, there are asynchronous data sets, typically composed of traps and notifications gathered from managed systems, and synchronous data sets coming from the same environment but typically harvested through a proactive polling cycle. Fault/availability management has typically been focused primarily on asynchronous data and complemented by synchronous data. Performance monitoring has typically focused almost exclusively on deeper and more extensive use of synchronous data sets.

While both fault/availability and performance systems do a great job of harvesting data and metrics that reflect upon the activity and health of the managed environment, they can only do so much out-of-thebox. Network managers are often left with the need for adapting basic, default capabilities to address the specifics of their environment. While most network management tools allow plenty of opportunities of this type, they are often only at the presentation layer. Much more difficult is providing features and functions that can truly reflect the specific relationships and complexities of a managed environment. This is where correlation and customised, environment-specific automated actions lie.

discipline of eventThe discipline of event management is far more than simply collecting and displaying faults. Management or monitoring events can have many sources and many meanings, depending upon the context and timing of their occurrence. Proper event management systems recognise that common, everyday, mundane correlations are the easy part and that the environment-specific correlations must be defined for each individual managed setting. Historically, this specialised customization has only been possible via complex rule definitions.

Rule-based events management and correlation can be immensely powerful, however, has typically suffered from several intrinsic qualities that prevent the mainstream from adopting it and embracing it fully. Firstly, rule-based approaches to event correlation often bring with them a significant learning curve for understanding how to formulate and express correlations and actions in a management product-specific rules language. Further, rule syntax compliance and backward compatibility during upgrades render the approaches “brittle” and resistant to long-term flexibility. In part due to these difficulties, rules-based event management platforms have typically required a substantial investment in training and/or professional services, both for initial deployment as well as long-term maintenance. The value of these systems can be tremendous, but so is the cost, and so they have typically remained out of the reach of most IT operations teams.

The Entuity 13.5 Event Management System

Entuity has a long history of providing focused, enterprise–class network management solutions that excel at ease of use and a combination of fault/availability and performance management features. The system has evolved over the years to include a number of advanced features, including the topology-based root cause analysis and integrated, application-aware performance monitoring based on NetFlow and similar data records. The most recent release of the Entuity platform, version 13.5, includes a number of useful enhancements ranging from administration, usability, and map presentation improvements. But together with these new features is a substantial expansion in the functional scope of the platform, in the form of the event management system.

Over the course of nearly 2 years, Entuity embarked upon an ambitious effort to research, design, develop, and deliver a highly customizable, rule-based event management function as part of its core solution. The result of the efforts appears to deliver fully on the promise, and Entuity has successfully avoided many, if not all, of the major pitfalls of historical approaches to event management.

result of entuityThe features are directly embedded into the Entuity platform, so there are no separate products or modules that must be installed. The features operate directly off the same management information that is used for all the rest of the platform’s capabilities, so there is no coordinated integration required. The system comes with pre-existing templates and rules that can be put into use as is or extended and adapted as needed to tune event management to environment-specific needs. Finally, definition, configuration, and management of event handling rules are all done via graphical user interface, so no new scripting language must be learned and no resource files must be edited.

A few feature highlights include the ability to detect flapping, “N of M”, or other patterns of events, and to then provide enrichment and correlation capabilities. Events can be drawn from multiple devices and multiple networks, including traps, syslog entries, and internal Entuity events. The system uses “incident” templates (over 100 pre-defined templates are provided) for consolidating, prioritizing, and defining actions for individual or combinations of events. Notification, escalation, and closure can be automated as well.

While this set of capabilities will not be as broadly capable and flexible as a full-blown independent event management platform, it will certainly provide sufficient means for adapting and tuning alert and event management to be more effective and more efficient. The features are both broad and flexible, but also intuitive and simple to leverage. This is a powerful combination that represents immediate incremental value for network and infrastructure managers who seek to identify and establish unique handling for priority situations and automated assistance for recognizing complex problems with minimal administrative effort and little or no external services required.

EMA Perspective

There is an art and a science to event management as a part of IT operations. The science portion of it is pretty straightforward. You find ways to gather events from various sources, using various interfaces and interpretive algorithms and ways to present them so that IT operators can gain a quick understanding of activity within the managed environment. There are many management tools vendors, both commercial and open-source, that provide this basic capability. But that can only take you so far. From the basic nuts and bolts of gathering events, the art of event management is where advanced functionality is required. Here, a high degree of flexibility and customized adaptability are truly essential elements because every shop’s needs are unique.

Entuity has been a part of the network management community for many years, steadily building the sophistication of its products and expanding its community of adoptees. Its choice to embark upon the challenge of delivering a fully functional, advanced event management system is no small undertaking. Rules-based event management, if not done right, can be more of a burden than a boon. But Entuity has done it right, providing flexibility and advanced features for events management and correlation in a way that avoids the pitfalls of historical approaches. This subsystem represents tremendous value add for Entuity platform users, bringing the potential for great rewards with a minimal investment of time and resource. Further, the fact that such rich capabilities have been added to the core system at no additional charge should be nothing short of a delight for network and infrastructure managers everywhere.

About EMA

Founded in 1996, Enterprise Management Associates (EMA) is a leading industry analyst firm that provides deep insight across the full spectrum of IT and data management technologies. EMA analysts leverage a unique combination of practical experience, insight into industry best practices, and in-depth knowledge of current and planned vendor solutions to help its clients achieve their goals. Learn more about EMA research, analysis, and consulting services for enterprise line of business users, IT professionals and IT vendors at www.enterprisemanagement.com or blogs.enterprisemanagement.com. You can also follow EMA on Twitter or Facebook.