In Part Two of APMdigest's exclusive interview, Shane Pearson, Vice President, Product Marketing for HP Software, shares guidance on APM challenges including mobile performance, security and event management.
Click here to start with Part One of APMdigest's interview with HP's Shane Pearson
APM: What are the main challenges to monitoring mobile performance?
SP: Not all mobile applications are the same. There are two basic types of mobile applications, native mobile applications and browser-based applications. Native applications reside on user devices and communication over HTTP(s). Browser-based applications use modified browsers to access applications online. When monitoring these applications you should consider how the user experiences the service from a native application and from the browser. If access from a browser, does the entire page render? How long does it take? Does it perform differently from one device to another? Customers may have a very different experience using a mobile browser than using the native application. When monitoring these new services it is important to be able to gauge how your customers experience the mobile application and how they experience it from various devices.
Feature-greedy users generate change and complexity. Let's face it -- everybody loves the latest gadgets with all the latest bells and whistles. This is great for the consumer markets but this can introduce complexity when trying to manage mobile applications. As in the example above, the user's experience may be different from device to device. So when looking at monitoring mobile applications, not only do you have to consider browser and native applications but also the various devices. Some management vendors offer a service where you can rent cradles of phones to test and to monitor mobile applications. This can be a costly option. Another way is to emulate the application for multiple devices. This is a more cost-effective way to understand how your applications will perform for the various mobile devices.
Visibility into chaos can help you troubleshoot issues. Not only do you need to understand how end users experience these new mobile applications, but when something does fail what was the cause of the failure? How do I know if it's an issue with the application, the device, and the carrier? Also, with many mobile applications built to leverage the already underlying business services, applications and supporting infrastructure, this can complicate and lengthen the time it takes to find the root cause of an issue. When monitoring the mobile application you should also be monitoring all dependencies and be able to visualize the entire end-to-end service. Having an end-to-end service view is key to understanding the complexity of IT environments.
APM: How do security issues impact application performance management?
SP: Security information is rarely integrated with IT operations or application data. Often, the Security Operations Center (SOC) and the Network Operations Center (NOC) are silo groups, working independently, without any integration or even communication. And without any type of integration between these two groups, you don’t have the complete visibility you need in order to troubleshoot and find the root cause of a problem.
Here’s a typical example. If operations is seeing a key application slowing down, where the end users are being impacted, they don’t know if it is related to some usage spike related to an unusual load, if it is a piece of failing hardware, or some sort of security attack. Customers don't have the insight or context they need to react quickly, and drill down to the root problem, so they can protect their business. In this type of scenario, the operator may just throw more resources at the host to meet the demand spike. But, if there is some type of security breach, that approach is just wasting money, and won't solve anything.
As you can see, a new approach is needed.
APM: What is the solution?
SP: The solution for this type of dilemma is by having better communication with, and tool sets for, the NOC and the SOC. HP’s integration of ArcSight and BSM is helping bridge these two groups to give better insight to the root cause of a problem.
With BSM 9.1, the operations team has the capability to now bring security events from ArcSight Enterprise Security Manager (ESM) and Logger products into one central Operations Bridge, which we call Operations Manager i (OMi).
The ArcSight integrations with BSM leverage HP's unique strengths in both IT Operations and Security and provide a great differentiator for HP.
The three main benefits of this integration include:
1. Logs for Ops: Archive historical data center behavior by collecting and storing raw logs and correlated event data from varied data sources (300+ sources) OOB
2. Event Search and Analytics: Search, analyze and report on IT events from a single console
3. NOC and SOC collaboration: visibility into the health of the entire IT infrastructure including security aspects
APM: Explain how HP event management integrates with third-party monitoring technologies?
SP: HP brought to market Operations Manager i (Omi) which has become the Managers of Managers within IT operations as it brings events from various different parts of the data center into one single console. This includes events from each of the BSM monitoring tools for systems, network, and applications, but also 3rd party vendors such as Nagios and SCOM.
Additionally, OMi now shows security events coming in from ArcSight. And because OMi is built upon the Run-Time Service Model, it not only pulls in all events across the data center, but it can grab topology and CI information as well. This is called Topology-based Event Correlation, which is built on patented technology from HP labs. Having topology information with the events gives you the ability to determine the root cause of the problem and prioritize the remediation of those events based upon the business impact of the issue. Our customers are now using Omi as their single pane of glass or presentation layer for events consolidation and correlation.
APM: How does Topology-based Event Correlation work?
SP: HP's Topology-based Event Correlation (TBEC) utilizes detailed, comprehensive, and automatically updated discovery and relationship information to analyze alerts and events, and ultimately determine the event that is most likely the cause of an incident.
Using TBEC, operators are presented with a clear representation of which event they need to investigate and what symptoms can be ignored, which then helps them determine the team best suited to resolve an incident. With TBEC, there is less need to guess at the cause of an incident or spend time chasing symptoms -- so operations staff can fix issues faster, handle more incidents, escalate fewer issues to expert staff, and collaborate more effectively to resolve problems -- all of which ultimately help make incident management more efficient.
Click here to read Part Three of APMdigest's interview with HP's Shane Pearson
Click here to read Part One of APMdigest's interview with HP's Shane Pearson
