Transcript The Converging Worlds of Network Management and

IBM Corporation
The Converging Worlds of Network Management
and Security Information Management
Craig Farrell
February 17, 2006
© 2006 IBM Corporation
IBM Corporation
Why is Network Management Changing?
 Revenue Growth
– Could charge for Availability and Performance
– Now must Charge for Content and Services
 Cost Control
– Opex pressure is forcing NOC reductions
 No reduction in the number of events (Scalability)
 Service focused
 NOC operators are less concerned with Infrastructure and more
concerned with “is the service running”?
2
© 2006 IBM Corporation
IBM Corporation
Why are Network Management and Security Event
Management Converging?
 Revenue
 Can’t deliver content without security.
 Costs
 Opex pressure is forcing NOC/SOCs to merge
 Capex pressure on IP Convergence projects
 Market Pressure
 Industry Consolidation - Acquisition history
 Service Focus
 Security events are as likely to effect QOS as any other event.
3
© 2006 IBM Corporation
IBM Corporation
4
© 2006 IBM Corporation
IBM Corporation
Customer example 2
5
© 2006 IBM Corporation
IBM Corporation
OSS Impact
The job of OSS systems has to move from identifying
impacted infrastructure and devices to identifying
(and resolving) impacted Services.
 Data Sources
–
More Events, more data sources
 Correlation
–
Need to identify the service effecting events from all the data.
 Topology
–
More Topologies, layer 1 through 7, more arbitrary topologies for services, more
topologies that can’t be discovered.
 Service Models for Service Impact
–
More layered services, more distributed services, faster service rollout, more
kinds of service interdependencies and relationships
 Advanced Visualization
–
.
6
At-a-glance understanding of service status required
© 2006 IBM Corporation
IBM Corporation
Cross-Management Domain Correlation /
Resolution for Service-Affecting Events
(security-related):
– A service provider can’t download the movies fast
enough to their set-top boxes
– A security event is flagged at the root-cause level; the
problem is identified as a DOS attack on the DNS
servers
Management domains correlated:
Security Incident Management, Performance Management,
Availability Management, BSM, RCA
7
© 2006 IBM Corporation
IBM Corporation
Convergence
8
© 2006 IBM Corporation
IBM Corporation
Charging models in a converged world
 Must Charge for Services
– Store your music library
– SMS to pay your bill
 Must Charge for Content
– Buy a ring tone
– Buy a movie (or TV Show)
– Stream commercials on the screen
 Security
– Content providers understand the value of their content
9
© 2006 IBM Corporation
IBM Corporation
Beyond Performance and Availability Network
Statistics
• Standard Network Management Metrics do not include
Quality
Reference
1% packet loss
(evenly distributed)
1% packet loss
(i-frame)
1% packet loss
(buffer discarding)
• 3 examples with same content, different problems and when do we
care?
10
© 2006 IBM Corporation
IBM Corporation
Active Networks
 Consider downloading a program that understood which
(application layers) packets could be dropped to each router
along a path before the transmission occurred.
 Consider security for Active Networks
11
© 2006 IBM Corporation
IBM Corporation
12
© 2006 IBM Corporation
IBM Corporation
Summary
Network management used to care about
availability and Performance but convergence
will force us to care about quality and security.
Why – because it’s all about the service!
13
© 2006 IBM Corporation