Overview

The support for customizable management partitions, as described above, is essential to support both VPN and CNM services. Today's network environment requires services that span multiple network providers and multiple services across various countries and continents. In these markets, consortia and regional alliances make it necessary for Service Providers to provide network management that supports partitioned views of the network, where the partitions may be defined according to geographic, administrative, operator, security, or customer criteria. Partitions provide a flexible and scalable means of managing large networks. Operators can be assigned specific management responsibilities over specified regions or partitions.

In addition to describing VPN and CNM, this chapter describes how these advanced services relate to the concept of resource partitioning, and what can be achieved with Cisco Info Center. It also describes, at a detailed level, the basic components of the Cisco Info Center product. Finally, this chapter describes a variety of network management scenarios and configurations where Cisco Info Center can play a role.

VPN and CNM features stem from different Service Provider requirements, however, they are fundamentally based upon the same concept of network and resource partitioning. Both are related to providing customizable views of the network and network services, and rely upon the network management solution to support these types of views. VPN and CNM features span all the functional areas of management - configuration, fault, performance, security, and accounting. In network environments where the infrastructure and offered services are constantly changing, VPN and CNM solutions must be extensible and flexible enough to support rapid customization to fit the constantly evolving needs of Service Providers.

Cisco Info Center is a customized, private-label OEM of Micromuse's Netcool/Omnibus products. The product's focus has traditionally been in the area of enterprise fault management and trouble isolation, and real-time service-level monitoring.

Cisco Info Center provides a highly configurable client/server application that can consolidate, filter, and correlate fault information from a wide range of management platforms and network technologies, including Cisco Wan Manager (CWM). Cisco Info Center's distributed architecture and easily customizable features make it ideal for supporting resource partitioning, in the management functional areas related to the upstream flow of information, from the network towards end-users.

• geographical

• administrative or departmental

• service

• customer

The networking environment is currently going through a rapid change due to ever increasing network size and numerous cooperative ventures between Service Providers to extend market reach. This dynamic environment requires a new network operations model to customize various views of the network and its resources for distributing management responsibilities, sharing protected information, analyzing network usage trends, and other operational reasons.

Service Providers are seeking definable views of network partitions and configurable access permissions on those partitions. This requires a VPN solution that can support more than just regional or geographical partitioning. Different Service Providers require different ways of partitioning the network. Each Service Provider requires a VPN solution flexible enough to meet its own current and future needs.

From these examples, it is clear network partitioning need not be mutually exclusive. Service Providers may have differing reasons for partitioning their network's views, however, the primary benefactor for VPNs is the Service Provider, and the operational model it needs to be supported.

Unlike VPN, however, CNM is focused on providing information regarding the service the end-subscriber has purchased, and not on the network itself. End subscribers are increasingly interested in knowing:

• how well their service is performing, from an end-to-end perspective, including availability, response time, and historical performance reporting

• the current configuration of their services

• what service affecting faults have occurred, and the status of these faults

• information about how their service failures are being addressed by the Service Provider, and whether trouble tickets have been generated

• proof their Service Level Agreements (SLA) are being met by the Service Provider.

Providing advanced CNM services enables Service Providers to differentiate themselves, and is an important component of network management for Service Providers.

Traditionally, CNM has focussed on Layer-2 (Data Link layer) statistics. However, customers are increasingly demanding statistics for Layer-3 and higher, so as to have better control and understanding of the network services they have subscribed to.

This information can then be:

• assigned to operators

• passed on to help desk systems

• logged in a database

• replicated on a remote Cisco Info Center system

• used to trigger automatic responses to certain events.

Cisco Info Center allows diverse management platforms, applications, and Internet protocols to be brought together to provide the administrator a single point of monitoring those platforms and applications. Cisco Info Center does not replace the management platforms. It instead compliments them by providing an enterprise wide event/fault and status exchange. Cisco Info Center can also tie together domain limited network management platforms in remote locations.

Cisco Info Center tracks the state of events in a high performance distributed database and presents information of interest to specific users through individually configurable filters and views. Cisco Info Center Automation functions can be used to perform intelligent processing on the current state of managed objects. Cisco Info Center can build upon existing management systems or applications, therefore, it utilizes existing management skills and minimizes deployment time.

• integrates different and multiple event streams or messages from the source of the data, such as single or multiple CWM hosts, and consolidates them into a single view

• provides a way of normalizing data from different sources and data mapping techniques

• VPN and CNM support for alarm and event management from diverse sources and different vendor's products

• substantial reduction in event and alarm volume due to sophisticated deduplication and correlation mechanisms

• requires little or no configuration to automatically start gathering all messages and events, not just a subset of them

• distributes state information from existing management systems to staff across the enterprise

• transforms fragmented tactical management domains into coherent strategic management domains

• rapid, non-disruptive deployment across the enterprise

• derives state (for example, up or down) from events, forming data into information

• an open and flexible main-memory database, capable of storing and processing all events received, which allows operators to key in on any field describing important aspects of the service they need to monitor

• sophisticated filtering provides views customized to individual user requirements

• provides a single tool to view status information and launch other management applications

• builds on existing systems and expertise, ensuring short learning curves

• enterprise-scale solutions can be installed and productive within hours by using plug-and-play components

• multidomain management using peer-to-peer, hierarchical, and Web topologies

• incorporates high performance distributed Cisco Info Server database technology

• implemented using open protocols

• real-time data available to other applications

• an optional Java based Event List providing consistent, current, web-accessible views of services

• operational facilities include control management, recovery and restore management, and component fail over support

• security facilities for user and group management

• provides an audit trail of actions taken on events through journal facilities.

For example, a managed network service might include a variety of WAN, LAN, and computing resources. With Cisco Info Center, it is possible to create an abstract view of services that provides the status of each customer's services as a whole. This simplifies the monitoring of customer services, and allows the Service Provider to create a management environment that best suits their management model or understanding of what constitutes a service.

The Cisco Info Center solution can support event monitoring on a global network scale, as well as on a user-defined partition of the network.

• UNIX/Motif 1.2 or CDE (Common Desktop Environment)

• Java Event List on Netscape Navigator, Netscape Communicator, or Microsoft Internet Explorer

• Cisco Info Servers

• Info Mediators

• Info Gateways

• Cisco Info Center Process Control system

• Cisco Info Admin Desktops

The Cisco Info Server is an active, main-memory database. It consolidates, associates, and normalizes event data from the probes and monitors, assigning events to tables and fields. Repeated events are automatically de-duplicated using an identifier field. All application functions are active threads that run within the database engine.

The Cisco Info Server transforms events, such as faults, alarms, and warning messages, into alerts that can be easily manipulated by operator-driven correlations, associations, and filters. This also allows the creation of logical service groups, which can include end-to-end applications, VPNs, departments, or business units. This process produces accessible, meaningful information on the status of any component or group within the network. Another key advantage of the Cisco Info Server is that it allows all events throughout the enterprise to be simultaneously viewed by multiple authenticated network operators and users.

The Cisco Info Server is optimized for the handling of large volumes of faults, which is essential for networks where thousands of alarms may arrive each second. It currently runs on Solaris. Wherever possible, the Cisco Info Server exploits the underlying operating system's ability to support parallel processing or multi-threading.

The Cisco Info Server obtains alarms and events from isolated management environments. It then isolates the fault, allowing actions to be taken by technicians, help desk systems, or other applications. It also allows an SNMP trap to be created from the fault information that can then be forwarded to an SNMP management platform (for example, HP OpenView).

Upon receiving a record of a fault in a device in the network, the Cisco Info Server automatically applies a sequence of rules to determine the impact of the fault. The impact is calculated in the context of all information that has been collected on the network, including other faults and connectivity information. The configuration of the rules system within the Cisco Info Server is achieved with the implementation of SQL as a declarative language. A suite of graphical drag-and-drop configuration tools hide the SQL for non-technical operators. In addition, the rules engine isolates the events of immediate concern within the network. When combined with the Cisco Info Admin Desktop tools, this allows for the managing of faults to meet business objectives.

• The Cisco Info Server can be run in secure mode. This option controls the authentication of any probe or Info Gateway's connection requests with a user name and an encrypted password.

• Failover or backup Cisco Info Servers which allow the specification of back up hosts for each server defined.

• A proxy Cisco Info Server which can be used as a buffer to reduce the number of direct connections to the Cisco Info Server. The Info Mediators can connect to the proxy server, which then forwards all information to the primary Cisco Info Server.

The triggers and actions are configured through a GUI tool. Triggers call actions when there are state changes or when specific events occur. The action may be a change to the in-memory status table or the running of external processes. The Automation subsystem uses Cisco Info Center SQL to allow for complex correlations of events.

Future tools provided by Cisco can be added into the existing management environment without recompilation or reinstallation. Tools developed by users can also be easily integrated into a number of menus through the GUI.

• Cisco Layer-2 (L2) WAN switching products (MGX 8220, BPX 8600, IGX 8400, and IPX) managed by CWM and Network Node Manager

• Cisco Layer-3 (L3) routers using either HP Network Node Manager for traps or Solaris Syslog for IOS events.

Info Mediators collect network and system events using rules and look-up tables to define, categorize, and add information to events. They also have standard system properties that control how and where to store data. Info Mediators have a different superset of executable functions depending upon which network management platform they are designed for.

The design of the Info Mediator mechanism allows the software to be installed quickly and to become operational immediately. It is based on the exclusive management paradigm, which enables Info Mediators to recognize all faults from the managed system without requiring user configuration. It also allows user customization of the Info Mediator behavior. Info Mediators can also be configured, using a sophisticated rules engine, to filter and translate certain data.

One of the most significant functions of an Info Gateway in network partitioning is its ability to support the real-time filtering and distribution of faults and events. The discriminators within the Info Gateways facilitate the creation of customized views of the network, whether for VPN or CNM applications. Events relevant to a specified partition can be passed through an Info Gateway to another Cisco Info Server, thus allowing operators or customers a view of what they're allowed to see, as defined by an administrator. Graphical views reflecting the state of services and/or resources defined within the partition help to present a more concrete picture.

Cisco Info Gateways only distribute partitioned event and alarm information; the Cisco Info Gateways cannot be used to distribute performance or accounting statistics.

An unlimited number of Cisco Info Servers can be connected together using Info Gateways, providing a scalable SLM environment. Cisco Info Server Info Gateways can monitor the changes within other Cisco Info Servers, sending appropriate updates to the central application.

• horizontal, for follow-the-sun type management

• hierarchical, for data reduction and firewall VPN visualization

• resilient, allowing fail-over and redundant Cisco Info Server configurations to be established. The Cisco Info Server Info Gateway offers load-balancing and fail-over facilities.

An example of an RDBMS gateway deployment is the Info Gateway to Sybase. This gateway allows historical reporting using a two-phase-commit function, which ensures data integrity between the Cisco Info Server and the Sybase RDBMS. Statistical analysis of Cisco Info Center event archives can then be carried out directly from the RDBMS. This allows operators to create detailed reports on the availability of the network or services over a period of time.

Examples of trouble ticketing and help desk gateway deployment are the Peregrine Service Center and Remedy AR systems. The Service Center and AR gateways are bidirectional gateways that allow trouble-tickets to be created. Trouble-ticket creation is controlled from the Cisco Info Center Desktop tools. Faults can be consolidated, filtered, correlated, and isolated, then created as trouble-tickets that are sent to the counterpart systems. The Info Gateways create records within the counterpart systems and add the ticket number to the event record. The event can then be acted upon by the help desk operators. This allows fault reporting without direct access to Cisco Info Center. The trouble-ticket number is returned to the Cisco Info Server to update the creation record. Trouble-ticket status can be updated in Cisco Info Center when it has changed in the counterpart system. When the fault is closed in either the counterpart system or Cisco Info Center, it closes in both databases.

• Master Process Control Server, from where the complete Cisco Info Center configuration can be managed

• Process Control Agents, which are programs installed on each host with the responsibility of managing processes.

The Process Control system elements allow for a single point of control and administration of distributed systems. The Process Control agents cooperate automatically and have memory for their configuration. Process Control agents start remote processes and are capable of keeping those processes running. When a managed host is restarted, the Process Control agent restarts local components automatically. Any changes to the configuration are automatically replicated to all hosts in the configuration.

Cisco Info Admin Desktop information can be viewed from a UNIX/Motif front-end or a Java-driven Web browser. Event information is delivered in a format that allows operators to quickly determine the availability of services on a network. When an event cause has been identified, vendor-specific configuration tools allow operators to resolve problems quickly.

• Normal

• Administrator

• Super-user

For normal operators, desktops act as the point of access to the event information stored in the Cisco Info Server. For administrators, the Cisco Info Admin Desktop functionality allows for the visual configuration of the Cisco Info Server, and operator desktops. Administrators also have access to graphical configuration editors. Through the configuration editors, complete Cisco Info Center configurations and components can be designed and deployed. They can implement the Cisco Info Center high-availability process control and multi-tiered security access.

The buttons at the top of the window provide quick access to the other tools; the Event List, Filter Builder, View Builder, Browser, Map Editor Automation, Configuration, and Users Administration. The two left-most buttons in the figure shown above, allow automatic start-up of the files that are present. The Personal Library region displays icons of your own configuration files.

Configurable views and filters provide the information you need in an easy-to-use Event List.

The top pane displays the query in a graphical tree display. Immediately below the tree are the Filter buttons. The bottom pane shows the SQL query and the Metric buttons below the query provide summary information associated with each filter.

Modifications to the view are instantly visible in the Display Columns pane near the top of the window. The Column Details region in the center of the window shows width justification and title. The Sort Columns controls at the bottom of the window allow you to sort any column, including columns that are not displayed.

Graphical maps also provide access to third party tools. Advanced entity mapping allows for service level maps, as well as, device level maps.

Users of the Java Event List can, when the Web administrator allows them, do the following:

• view the color coded Event List and use audio sounds when an event arrives

• see severity and acknowledged information

• display alert information

• display alert journals.

• Automation Builder

• User Administration tool

• Configuration Manager tool

• Objective View editor.

For detailed information about how to use these applications, see the Cisco Info Center Administrator Reference.

Triggers, represented by icons on the left, detect states in the system and call actions. Actions, represented by the icons on the right, can modify the internal alert database, or run programs on other machines in the system, to respond to events.

Associations between triggers and actions are shown graphically, by arrows.

Windows are used for selecting icons and images; no editing of hidden command files, only scroll and select.

You can create multi-layered maps with a wide range of supported graphics.

Throughout the system, Help buttons are available on most windows. These buttons display a relevant overview of the current window.

The following sections contain some examples of how Cisco Info Center component configurations can be designed and deployed.