Automated infrastructure discovery & analysis

CLESS: Credential-less discovery techniques

Configuration management solutions are often limited with regard to their discovery capabilities as well as by what they can manage and for what they have explicit credentials. Consequently, configuration information is difficult or time-consuming to collect, and is often incomplete and out of date. Therefore credential-less discovery techniques nicely complement the managed approach by providing a wide range of data quickly.

We had started out with the IDD (Intelligent Device Discovery) project to research credential-less (no passwords required) low-intrusive active scanning technologies, which were then used since 2002 on customer accounts and on the entire IBM global network to classify devices and identify "rogue" devices. Jointly with the AURORA team we then added traffic flow analytics to the discovery capabilities, in particular also for the auto-discovery of server and application dependencies.

While these technologies were first loosely integrated in the form of the ITT (Intelligent Transformation Technology) toolkit, we then created the AIDA (Automated Infrastructure Discovery & Analysis) service offering, which embraces the new TADDM (Tivoli Application and Dependency Discovery Manager) product. Meanwhile, most parts of the credential-less technologies have been transferred into TADDM as part of our ongoing partnership, improving its day-one capabilities and augmenting its appeal in large heterogeneous IT environments.

Publications

  1. Dimitrios Dechouniotis, Xenofontas Dimitropoulos, Andreas Kind, Spyros Denazis, and Nikolaos Leontiou; "Unveiling the Underlying Relationships Over a Network for Monitoring Purposes", International Journal of Network Management, to appear.
  2. Michel Zedler, Dieter Gantenbein, "Physical location awareness for enterprise IT assets," 1st IEEE Workshop on AUTOMATED NETWORK MANAGEMENT (ANM'08), Self-Configuration for Large-scale Dynamic Networks, April 18, 2008, in conjunction with IEEE INFOCOM 2008, April 13-18, Phoenix, AZ.
  3. Alexandru Caracas, Dimitrios Dechouniotis, Stefan Fussenegger, Dieter Gantenbein, Andreas Kind: "Mining Semantic Relations using NetFlow," Third IEEE/IFIP International Workshop on Business-driven IT Management (BDIM 2008), in conjunction with IEEE Network Operations and Management Symposium (NOMS 2008), Salvador, Bahia, Brazil, April 7, 2008.
  4. Dimitrios Dechouniotis, Xenofontas Dimitropoulos, Andreas Kind, and Spyros Denazis "Dependency Detection Using a Fuzzy Engine," 18th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management (DSOM '07), October 29-31, San Jose, California, USA, 2007.
  5. Andreas Kind, Dieter Gantenbein, and Hiroaki Etoh "Relationship Discovery with NetFlow to Enable Business-Driven IT Management," In Proceedings of IEEE/IFIP International Workshop on Business-Driven IT Management (BDIM), 2006.

Advantage of flow-based dependency discovery

  • Traffic-based analytics does not require credentials into servers
  • Yields data from all network devices, not just managed boxes
  • Interacting with networking-infrastructure owner is conceptually simpler than working with all the different server-domain administrative groups
  • Forwarding netflows is simpler than polling servers behind firewalls
  • Netflow works with ciphered traffic and avoids privacy concerns
  • No network appliance required
  • Performance. Netflow is an effective aggregation and abstraction mechanisms, right in the network itself — fully accumulated connectivity matrix!