Company
Solutions
 Business Solutions
 Resource Management
 Capacity Planning
 Due Diligence/Audit
 SLA Management
 Troubleshooting
 Industries
 Customer Profiles
Products
Resource Center
News & Events
Support
Partners
Contact Us
Search
Root Cause Analysis from Entuity.com

Eye of the Storm for Root Cause Analysis and Troubleshooting

Overview
Visit our Resource Center...Eye of the Storm® (EYE) is a highly flexible IT infrastructure management solution. This brief summarizes its application as a root cause analysis and troubleshooting tool.

Managing the IT Infrastructure
Modern infrastructure management must be proactive, identifying potential problem areas before they become troublesome. However problems will still occur and when they do early and accurate root cause analysis essential.

Collecting Event Data
Eye of the Storm automatically discovers SNMP enabled devices, application servers and applications, with easy upload of new device information when devices are added or moved. Together with support for a range of technologies, e.g., ATM, Frame Relay, Eye of the Storm has up-to-date and accurate end-to-end visibility on what’s happening on your infrastructure.

Eye of the Storm keeps the management overhead low by employing a number of techniques, including allowing one packet to include requests for dozens of different pieces of information.

Generating Events
Eye of the Storm collects key fault and performance data. Thresholds can be set against this data. When the thresholds are passed Eye of the Storm generates events. These built-in thresholds are user configurable, and can be set at different levels of specificity, e.g. port utilization threshold can be set for the global view, for selected devices or for a particular port or ports.

Accurate Root Cause Analysis: Separating the Smoke from the Fire
With its depth of knowledge of inventory and device relationships, when Eye of the Storm raises events, it identifies the root cause:
_ No deductive analysis, the root cause is known.
_ No signature symptom comparison, the root cause is known.
_ No downstream suppression, only one root cause event raised.

Eye of the Storm’s Root Cause Analytics isolates IT related problems using EYE's circuit level understanding of devices. Eye of the Storm can then raise the appropriate event. For example, if an application becomes unavailable because a switch has failed then Eye of the Storm raises an event relating to the switch failure. Eye of the Storm does not raise events for the application being unavailable as changes in state in the dependency chain are attributed to the switch failure.

Eye of the Storm’s Root Cause Analytics allows events to be raised only for the true cause of the event, this is distinct from many downstream suppression techniques that only estimate the cause of a problem and then suppress all other events.

Eye of the Storm helps troubleshoot Layer 2-4 network problems

Event Presentation
Eye of the Storm’s Event Manager - EYE Bulletin Board – provides an easy to use, configurable interface. Events are presented by View; one or more views can be open at the same time. Presentation of events is carefully managed, with a number of options that keep the display transparent and meaningful:
_ Event Aggregation, prevents events from the same source hiding other events.
_ Event Suppression, suppresses events from a particular source using a time-out value or until manually reactivated.
_ Event Ageout, sets how long an event remains in the short term tracker before deletion (events remain in the logger).
_ Event Prioritization, sets the importance of an event type.
_ Event Annotation, allows adding of notes to events.
_ Event Configuration, allows control over the presentation of the event, for example color-coding and sound notification.

Investigating Events

Events are presented through Bulletin Board. Event details include:
_ Event Source, including resolved name and description.
_ Event Details, for example, for Packet Corruption Severe, the numbers of CRCs (Cyclic Redundancy Checks) and packets.
_ Event Impact, the components or services impacted. From Bulletin Board further details on the event source are readily available:
_ View the event history for the asset.
_ Use Asset Navigator to view the source as part of the infrastructure topology.
_ Graph device attribute data.


Bulletin Board shows source and impact of infrastructure events.

Graphic Summary for At-a-Glance Insight
(Click on image to enlarge)
EYE's Connectivity Viewer Enables Real-Time Trouble-Shooting

Eye of the Storm IP SLA Performance
Eye of the Storm's IP SLA Performance module provides monitoring of layer 3 and above. This module implements Cisco IOS IP SLA - formerly known as Service Assurance Agent (SAA) - allowing you to leverage your current investment in Cisco devices and the Cisco IOS®.

Eye of the Storm implements IP SLA by:

  • Identifying links between devices through IP Pairing
  • Identifying the probes each device can support
  • Defaulting sensible probe configuration values
  • Creating probes with a limited life span (450 seconds), so probes expire rather than Eye of the Storm deleting them

Within Eye of the Storm these paired links can be grouped together to form end-to-end paths (EEPs). EEPs can be created to monitor both client-server and infrastructure performance. EEPs can be viewed through Component Viewer and graphed using Attribute Grapher. When problems are observed at the EEP level, for example excessive Round Trip Times between a client and server, then drilling down to the constituent IP pairs will show which 'hop' is causing the problem.

Eye of the Storm currently supports these IP SLA probe types:

  • DHCP _ TCP Connect
  • DNS _ UDP Echo
  • HTTP _ UDP Jitter
  • ICMP Echo IP SLA information is also available through EYE's customizable Flex Reports.

Example EYE IP SLA Probe Report
(Click on image to enlarge)
Example EYE IP SLA Probe Report

Example EYE Troubleshooting Report
(Click on image to enlarge)
Example EYE Troubleshooting Report

Management Reporting
An important part of problem prevention is analysis of fault and performance information. Eye of the Storm contains over three dozen Essential Reports and seventy Interactive Queries, with different reports aimed at different network stakeholders.

Eye of the Storm’s Key Performance Indicator (KPI) reports provide an 'at a glance' management level view of the state of your infrastructure. For example Packet Corruption and Transmit Errors KPI reports identify the general state of the interfaces, with baseline variance and trending charts and TopN tables. Other KPI’s include CPU Utilization, Backplane Utilization, Inbound Utilization and Outbound Utilization.

Also useful to the IT manager are Availability Summary reports that breakdown availability by network, application server and application. More detailed are fault and event reports that are available at the interface, port and domain level.

Integration and Extensibility
Eye of the Storm is integrated with a series of leading system management tools; IBM Tivoli NetView and HP OpenView, amongst others. Entuity also provides a generic integration solution. Notification integration allows notification via pager, e-mail or SMS about any specified event.

Eye of the Storm's COM API allows direct access to the Data Management Kernel, through which you can access its database. This allows you to build your own interfaces, or reports on Eye of the Storm information.

Eye of the Storm Summary
Eye of the Storm combines IT performance, fault and inventory management into one powerful IT network management solution. Its integrated database aligns business applications with IT infrastructure and provides the historical context required to detect, isolate and report performance and service degradations in real time. The highly flexible reporting engine supports both ad hoc data queries and scheduled reports.

EYE users find its ease of deployment, ease of use, and immediate ROI key differentiators. Entuity’s customers are some of the largest companies in the world with the most complex networks imaginable. They include: Banc of America Securities, Credit Suisse First Boston, IBM Global Services, JP Morgan, Lloyds TSB, Nomura, MetLife, O2, Universal Studios, University of Minnesota, Magellan Health Services, Cooperative Financial Services, United States National Guard and California State University.

Eye of the Storm Integrated Network Management
The convergence of different types of information allows Eye of the Storm a unique understanding of network events, changes in network usage and their impact on your business:

  • Performance Management uses Service Degradation Sensitivity to predict problems, so infrastructure managers can take action before users notice.
  • Fault Management distinguishes between network, server and application faults and then reports the True Cause along with its business implications.
  • Inventory Management provides a full inventory of IT infrastructure assets and what they are connected to. Included is a Spare Ports Report that can save you more than the cost of the Entuity solution in a single session.

Download Brief in PDF Format >>

©2008 Entuity Ltd., All rights reserved.  Site Map