1. A situation model of a complex event is an abstract representation of a described or experienced situation that we wish to detect in real-time.

2. Situation models are composed of four primary objects:

a. A spatial-temporal reference framework (spatial locations, time frames, window size)
b. Entities objects (people, objects, system)
c. Properties of entities objects (velocity, amount, size, price, direction)
d. Object relational information (spatial, temporal, causal, dependence, proximity, network, taxonomy, classification)

3. Situation models of complex events may have three levels of model representation:

a. Situation model (event-specific)
b. Episodic model (coherence sequences of events)
c. Comprehensive model (a comprehensive collection of episodes)

Hence, in a nutshell, it is imperative that we have a situation model for representing complex events if we are going to move CEP forward.    The simple model in this post may or may not be the right one to develop, but at least we have something to talk about.  Ideally, the model should be object-oriented, althought it does not have to be.

When we have a workable model for situations in the context of event processing, we will have a working model for complex events.   Then, with a working model of complex events, we can build a working model for complex event processing. 

References: The New Theory for Situation Models

Research Director Patricia Adams and VP and Distinguished Analyst Ronnie Colville presented this thought provoking session. It seemed to echo what ScienceLogic has been talking about regarding our thinking around the practical ways to efficiently accomplish key tactical gains against your Configuration Management Data Base (CMDB) initiatives.

They started out with, what are the prerequisites to a successful CMDB implementation?

Garbage in = Garbage out

There is no miracle occurring in all of these new fancy framework tools; these complex databases are only as good as the trusted source of information inserted. You have to put a bunch of elbow grease into figuring out what to actually put in the CMDB.

So how do you define the metrics?

First you need to know where you are starting from – you will need to baseline the environment. Then baseline what your state is 3, 6, and 12 months after installing CMDB.

Next: break metrics down to 2 strategic areas:

1. Strategic
   1. Operational Costs
   2. Application performance
   3. Compliance - internal auditors doing analysis – keep track of their findings and incorporate into your elements for data gathering
2. Operational Metrics
   1. Changes unplanned (typically 80% unplanned or emergency)
   2. Changes withdrawn (how many changes were withdrawn / roll back)
   3. Application downtime (what did it cost from app being down)
   4. Server downtime (before and after)
   5. Tickets generated (before and after)

Having the data to show how you are performing makes it much easier to show why you need more budget to improve performance in specific areas. Having metrics allows IT managers to do marketing back to the business units about the value you are delivering.

Gartner said that from their Enterprise customers they often hear “I haven’t quantified the value yet”…That is not the right answer.

During the session, Gartner did a real-time wireless poll of the audience with some interesting questions:

What are the tools to build and populate your CMDB with IT services?

Focus of CMDB?

• Inventory 20%
• IT service relationships 68%
• Other 6%
• Don’t know 6%

Interesting to note, a very consistent set of information from year to year polling which equals a mature understanding of the CMDB’s role for analysis and decision process.

Have you heard of ITIL V.2 & V.3 and considered how it impacts this discussion?

ITIL is a process framework, it is not a technology automation framework. Just because something is pink ITIL certified does not mean that it will help at all with the automation of the process framework.

Gartner quantified the market as being about 2 years old this month. So the point here is we are in early days of this technology. The way they see it, the Large Enterprise/Framework vendors selling you is like a lock-in, but the interesting thing about CMDB is that the tools that you need to integrate and federate were only recently acquired, so the entire framework vendor integration and alignment story is mostly incomplete.

Gartner’s Evolution of the CMDB deployment

On average it takes 12 – 18 months to get up and running.

Through 2011 enterprise should recognize that any of the CMDB tools bought today may require significant upgrades to offer near real time service views to support decision support analytics.

Several items from this presentation jump out at me:

1. IT Organizations need to deploy tools that will help to automate the continuous collection of IT asset inventory, configuration and business impact analysis. That is a big gap that exists in the marketplace today… the speed at which information is collected and updated into the CMDB.
2. Investing too much into this immature market before the official standards are set and then adopted by the industry (estimated 18 months after final adoption) is quite risky.

The conclusion that I made from this presentation is that you are better off with our 80 – 20 rule around CMDB’s. Use a tool that will collect 80% of what you need to operate the business in 20% of the time it takes to deploy these heavy, less than automated framework tools!

ShareThis

Three other significant details appear in the release, as well: The network will be free (that was discussed but wasn't entirely clear before), and may includes advertising, sponsorships, and other programs; the network will be focused on outdoor applications, not indoor service, hurray; and there will be no customer support--this will be a best-effort network that you can't complain about when it doesn't work.

So far, promising.

Well, today it’s the ISC2 blog talking about FISMA.

So why is it that nobody addresses the huge pink and chartreuse elephant in the room?  The problem is not the metrics, as flawed as they might be.  The problem is not identifying a security baseline, even though that makes sense to have.  The problem is not demonstrating Return on Security Investment (as flawed as  the concept is, and no, I don’t want to debate whether it’s a valid concept, even though we all know it’s not) even though good CISOs try to do that as internal marketing to their management.

This is the primary problem for the Government when it comes to security:  due to the scale of the Federal Government, we do not have enough skilled security people to go around.  Almost all of our governance models are designed around this flaw:

• Catalog of controls to standardize
• Checklists so that less-skilled assessors can
• Varying degrees of automation
• Prioritization of security practitioners’ time

This is why I’m adding “Fast Food Franchises” to the list of models that large-scale security can draw from.  =)  More to come on this topic once I sort out the ideas.

McDonald’s Checklist photo by myuibe

Bookmark to:

In this first post, I cover the planning process and various considerations that anyone - from a small “mom and pop” shop to a large enterprise – should take into account for successful deployment.

1) What problem(s) are you trying to solve? What are you trying to achieve?

It should come as no surprise that this is the first step but surprisingly it’s a step that is sometimes ignored or not enough time and thought are spent against it in the rush to virtualize. Without really understanding what problem you’re trying to solve and what you’re trying to achieve, how will you ever know that you’ve been successful? Some typical reasons to virtualize:

• Server consolidation and cost savings. ROI and TCO.
• Efficient resource utilization. Chargeback model and measurement.
• Cost-effective growth strategy. Cost avoidance.

2) What resources do you have and what additional resources do you need?

You need to understand your current environment before adding virtualization to the mix. Peel back the onion and look at historical performance. You may not have the right hardware to handle an increase in virtual servers.

Factor in the pattern of the behavior of servers, whether they are running hot during business hours or at night, peak cycles, etc. Are they CPU-intensive or is the gating factor disk or memory or a combination of these? This information forms the performance baseline you must factor into any virtualization capacity planning.

I can’t emphasize enough how important it is to have a capacity plan. People tend to virtualize but don’t always have a capacity plan in place to know when they’re running at full.

Beyond computing assets, you need to look at staffing as well. How will virtualization effect staff resource utilization? Virtualization, done the right way, should gain you efficiencies on the staffing side as well, freeing up resources for other initiatives. But in order to do it the “right way”, that takes an investment in training that should always be factored into your planning.

3) What are your success metrics?

Make sure to draft a document to formally measure your success before, during, and after implementing a virtualized environment. This relates back to the problem you were trying to solve. Depending on what you need to measure, you need to plan for tools and processes to make this a reality.

In the next post, I’ll talk about roadblocks to successful virtualization deployment and how to avoid them.

ShareThis

In this first post, I cover the planning process and various considerations that anyone - from a small “mom and pop” shop to a large enterprise – should take into account for successful deployment.

1) What problem(s) are you trying to solve? What are you trying to achieve?

It should come as no surprise that this is the first step but surprisingly it’s a step that is sometimes ignored or not enough time and thought are spent against it in the rush to virtualize. Without really understanding what problem you’re trying to solve and what you’re trying to achieve, how will you ever know that you’ve been successful? Some typical reasons to virtualize:

• Server consolidation and cost savings. ROI and TCO.
• Efficient resource utilization. Chargeback model and measurement.
• Cost-effective growth strategy. Cost avoidance.

2) What resources do you have and what additional resources do you need?

You need to understand your current environment before adding virtualization to the mix. Peel back the onion and look at historical performance. You may not have the right hardware to handle an increase in virtual servers.

Factor in the pattern of the behavior of servers, whether they are running hot during business hours or at night, peak cycles, etc. Are they CPU-intensive or is the gating factor disk or memory or a combination of these? This information forms the performance baseline you must factor into any virtualization capacity planning.

I can’t emphasize enough how important it is to have a capacity plan. People tend to virtualize but don’t always have a capacity plan in place to know when they’re running at full.

Beyond computing assets, you need to look at staffing as well. How will virtualization effect staff resource utilization? Virtualization, done the right way, should gain you efficiencies on the staffing side as well, freeing up resources for other initiatives. But in order to do it the “right way”, that takes an investment in training that should always be factored into your planning.

3) What are your success metrics?

Make sure to draft a document to formally measure your success before, during, and after implementing a virtualized environment. This relates back to the problem you were trying to solve. Depending on what you need to measure, you need to plan for tools and processes to make this a reality.

In the next post, I’ll talk about roadblocks to successful virtualization deployment and how to avoid them.

ShareThis

In this first post, I cover the planning process and various considerations that anyone - from a small “mom and pop” shop to a large enterprise – should take into account for successful deployment.

1) What problem(s) are you trying to solve? What are you trying to achieve?

It should come as no surprise that this is the first step but surprisingly it’s a step that is sometimes ignored or not enough time and thought are spent against it in the rush to virtualize. Without really understanding what problem you’re trying to solve and what you’re trying to achieve, how will you ever know that you’ve been successful? Some typical reasons to virtualize:

• Server consolidation and cost savings. ROI and TCO.
• Efficient resource utilization. Chargeback model and measurement.
• Cost-effective growth strategy. Cost avoidance.

2) What resources do you have and what additional resources do you need?

You need to understand your current environment before adding virtualization to the mix. Peel back the onion and look at historical performance. You may not have the right hardware to handle an increase in virtual servers.

Factor in the pattern of the behavior of servers, whether they are running hot during business hours or at night, peak cycles, etc. Are they CPU-intensive or is the gating factor disk or memory or a combination of these? This information forms the performance baseline you must factor into any virtualization capacity planning.

I can’t emphasize enough how important it is to have a capacity plan. People tend to virtualize but don’t always have a capacity plan in place to know when they’re running at full.

Beyond computing assets, you need to look at staffing as well. How will virtualization effect staff resource utilization? Virtualization, done the right way, should gain you efficiencies on the staffing side as well, freeing up resources for other initiatives. But in order to do it the “right way”, that takes an investment in training that should always be factored into your planning.

3) What are your success metrics?

Make sure to draft a document to formally measure your success before, during, and after implementing a virtualized environment. This relates back to the problem you were trying to solve. Depending on what you need to measure, you need to plan for tools and processes to make this a reality.

In the next post, I’ll talk about roadblocks to successful virtualization deployment and how to avoid them.

ShareThis

Hot on the heels of posting my 3 Pints link, I received a Google Alert on two other videos I appeared in. One is with Andrew Conry-Murray, senior editor of Information Week that I filmed at Interop this year. We spoke about NAC and blogging.

The second was from this past RSA where I appeared with my good friend Erica Chickowski of Baseline Magazine and we spoke a bit about some recent data breaches.

Ok, I will admit it, I like doing this video thing.  Maybe I am destined to become an actor in my later years.  You know Rodney Dangerfield started at about my age. Yeah, yeah I know, NO RESPECT, NO RESPECT.  In the meantime if you have any scripts you think I might be perfect for a part just email me!

Well, it makes sense once you realize that the ranking is done by the company that sells the software that runs many tournaments. The software “phones home” the results so that there is a steady data stream of teams and scores. They’ve put together an algorithm and whereas there may be logical holes, it is a baseline and therefore you can measure.

Anyway, I saw the ASC Knights FC’s page and that they had 637 points from the algorithm. When I viewed the source of the page I could see the point total in plain text, so it was a good target. I needed to be sure that the page wasn’t redirecting or SSL or any other such thing, in other words, the URL that you use on the Content Verification policy needs to be the URL that will provide the string that you are looking for. EM7 can deal with SSL and proxies, but it takes more careful configuration.

I built the CV policy on a virtual device (didn’t want a production machine going red for a personal CV check):

And sure enough, just this morning, a couple of days after our heartbreaking loss in the semi-finals of the State Cup the CV check was red…the point value had changed. The team had gone up to 757 points and dropped from 2^nd to 3^rd in Virginia, but risen to 54^th in the country.

But there is a dark side to CV policies on public websites! Recently many machines in a development environment were checking the same site every five minutes, and those eagle eyes admins at Slashdot noticed. Suddenly no one at ScienceLogic could reach Slashdot, our source of snarky geek news had been cut off!

Naturally, we stopped the CV checks and explained the situation to CmndrTaco and all is well once again.

That’s all for now, thanks for reading.

ShareThis

Well, it makes sense once you realize that the ranking is done by the company that sells the software that runs many tournaments. The software “phones home” the results so that there is a steady data stream of teams and scores. They’ve put together an algorithm and whereas there may be logical holes, it is a baseline and therefore you can measure.

Anyway, I saw the ASC Knights FC’s page and that they had 637 points from the algorithm. When I viewed the source of the page I could see the point total in plain text, so it was a good target. I needed to be sure that the page wasn’t redirecting or SSL or any other such thing, in other words, the URL that you use on the Content Verification policy needs to be the URL that will provide the string that you are looking for. EM7 can deal with SSL and proxies, but it takes more careful configuration.

I built the CV policy on a virtual device (didn’t want a production machine going red for a personal CV check):

And sure enough, just this morning, a couple of days after our heartbreaking loss in the semi-finals of the State Cup the CV check was red…the point value had changed. The team had gone up to 757 points and dropped from 2^nd to 3^rd in Virginia, but risen to 54^th in the country.

But there is a dark side to CV policies on public websites! Recently many machines in a development environment were checking the same site every five minutes, and those eagle eyes admins at Slashdot noticed. Suddenly no one at ScienceLogic could reach Slashdot, our source of snarky geek news had been cut off!

Naturally, we stopped the CV checks and explained the situation to CmndrTaco and all is well once again.

That’s all for now, thanks for reading.

ShareThis