NIH Enterprise Architecture Home

Event Management - MOM Brick

Description

Enterprise event management (MoM) systems support the acceptance of events from elements in the IT infrastructure; consolidate, filter and correlate those events; notify the appropriate IT operations personnel of critical events; and automate corrective actionwhere possible.

Event management helps IT operations personnel contend with the deluge of events that come in from the IT infrastructure by narrowing the events to thelikely cause of the problem and associating them with the potential business impact. The goals are to improve the mean time to isolate and repair problems and to prioritizeproblem resolution support efforts according to business process value.

Event Management - Managers of Managers, or “MoM” products generally run on Unix or Windows and provide functionality in the following three key areas:

    1. Event Collection/Consolidation: the ability to accept events from one or more of the following types of IT elements:

  • System (hardware and operating system)
  • Network
  • Storage
  • Database
  • Application (packaged, off-the-shelf and/or custom applications).

     2. Event Processing/Correlation: the automated, out-of-the-box ability toprocess/correlate events through one or more of the following techniques: 

  • De-duplication/filtering (For example, when multiple, repetitive events are received for the same problem on the same element, store the event once and increase a counter indicating the number of times it has been received, rather than flooding the user's screen with redundant events.)
  • Event suppression (For example, suppress the sympathetic events that occur when elements downstream from a known problem are unreachable.)
  • State-based correlation at the object level (For example, if a "link down" event is received for a router interface that then corrects itself and generates a subsequent "link up" event, the event management system correlates the two and clears the original link down event.).

    3. Event Presentation: the ability to present event data to the IT operations staff in one or more of the following ways:

  • On the console screen using color and sound (visual and audible alarms)
  • Through a Web interface
  • By pager and e-mail
  • By logical groupings (presenting groups of events that relate to business processes, IT services, departments, geographic regions or any other arbitrary, user-defined grouping).
Brick Information

Tactical

(0-2 years)

Strategic

(2-5 years)
  • CA Unicenter
  • HP Openview
  • Micromuse
  • Nagios
  • Either HP Openview or CA Unicenter

Retirement

(To be eliminated)

Containment

(No new development)

 

 

Baseline

(Today)

Emerging

(To track)
  • CA Unicenter
  • HP Openview
  • MicroMuse
  • Nagios
  • Other leading or innovative vendors of Event Management tools, such as:
    • Mercury Interactive Topaz Auto RCA
    • Managed Objects
    • HP Event correlation
    • CA Neugent Technology

Comments

  • NIH needs to choose either the HP Openview or CA Unicenter framework as the MOM.
  • Tactical and strategic products were selected to leverage NIH's investment in products that are a proven fit for NIH's known future needs. Leveraging baseline products in the future will minimize the operations, maintenance, support and training costs of new products.
  • Some baseline products have been designated retirement and containment. These products are either not as widely or successfully deployed at NIH, or they do not provide as much functionality, value, or Total Cost of Ownership as the selected tactical and strategic products.

Time Table

This architecture definition approved on: April 21, 2004

The next review is scheduled in: TBD