I get to have some very interesting and varied discussions with people interested in BSM. They generally start off with a high level strategic goal for their IT organization and go from there. A common theme that’s emerged in a large percentage of them lately is the topic of Application Performance Management (APM) and its relationship with BSM. More specifically, I’ve been spending a lot of time talking about End-User Experience Monitoring (as a subset of APM) as a key element of IT management strategy.

The most important factor when organizations look towards End-User Experience Monitoring (EUEM) technologies is of course that user experience is the ultimate success criteria by which IT services should be evaluated. If I could provide highly responsive application services that were always up and running, what else could be expected of me? The end users would be happy and the lines of business would be realizing the value of their application investments. The underlying technology at that point becomes largely irrelevant. Whether the applications run in corporate datacenters, are hosted by a 3rd party, run in a cloud, or are 100% virtualized, it just doesn’t matter. I am of course oversimplifying the matter by focusing on performance and availability of applications, while leaving out other elements such as security, but, for the sake of discussion, let’s stick to performance and availability for now.

The benefits for having an EUEM solution in place are obvious:

-- Instead of waiting for the phone to ring at the IT Ops Help Desk, you are proactively notified about application failures and brownouts (“this application is so slow!”)
-- Is the reported issue real; is the application really slow or is it performing the same as it always does?
-- Quickly get a handle on the scope of an issue; how many users impacted, which locations, is it all applications or just a few, etc.
-- Get initial diagnostic information to start the triage process; who gets called into the war room? Visibility always sounds great, but I always like to ask – “Have you considered the downside of total visibility into end user performance?”
-- Issues that previously went unreported will be obvious on the chosen EUEM products reports – If an application performs slowly and no one calls it in, was it a real problem? The answer is now Yes, whereas before the EUEM tool, it never happened.
-- Don’t be surprised when you hear talk about establishing internal service level objectives for performance, availability, and MTTR not for IT infrastructure elements, but End User Experience.
-- How well equipped are you to handle an increase in the number of events that need troubleshooting?  Now that you know every time an app fails or is slow, how quickly can you figure out WHY it happened?

This is where the BSM discussion starts to come up organically (unless it was the starting point, of course). Having a defined service model in place for the key applications & services that IT provides to the business is key to the WHY side of the EUEM equation. We talk about having a BSM implementation that ties together the best of breed End-User Experience Monitoring solutions, Service Desks, Fault and Event Management solutions, Element Management platforms, IT infrastructure performance monitoring tools, and other types of products to build a complete strategy for IT and Business Operations. Integration discussions quickly follow but that is a topic that has been covered extensively in other blog posts (but if comments suggest it’s time to revisit the topic, we certainly can).

I often wind up talking about specific types of EUEM technologies and vendors because of my background in this space (see full disclosure below) wanted to capture some of those discussions in a series of posts. First off, I generally group EUEM tools into one of three categories:

1. Passive monitoring systems

    -- Generally appliance offerings which capture and analyze IP packets to provide insight into End-User Experience of a wide array of applications
    -- May have specialized analyses for standards-based apps such as Web, Voice, and Video
    -- Deployment is usually at datacenters or wherever the applications are hosted
    -- Vendors providing solutions in this space (in alphabetical order):
            -- CA’s Wily Customer Experience Manager (via Wily)
            -- Compuware’s ClientVantage (via Adlex)
            -- Coradiant
            -- HP’s Real User Monitor software (via Mercury Interactive)
            -- IBM Tivoli
            -- NetQoS
            -- Nimsoft
            -- OPNET Technologies
            -- Quest’s Foglight End User Management

2. Active monitoring systems w/ synthetic transactions

    -- In most cases this involves recording sample user activities (e.g. login, search for info, run report, etc.) and using deployed robot agents/appliances to replay them at varied intervals.
    -- Most frequently these solutions tend to be oriented exclusively towards Web apps, but there are specialized vendors that focus on large enterprise application suites such as SAP and Oracle.
    -- Generally deployed at user population centers such as campuses or representative locations such as selected offices in Europe or Asia.
    -- Market was pretty much created by Mercury Interactive (now part of HP) so they are the dominant player here.
    -- Some of the vendors in the passive monitoring space also have some active monitoring elements in their portfolio to “poke” the applications when users might not be utilizing their applications (after business hours, for example); other smaller vendors offer lower cost solutions when compared to the HP suite including Managed Objects’ own Business Experience Manager.
    -- For internet facing applications, services from companies like Gomez and Keynote Systems are great sources of performance data without having to deploy your own monitoring “robots”

3. End-user behavior monitoring & analysis

    -- A few of the passive monitoring vendors offer aggregate or high level data, but I tend to group solutions into this category that have detailed analysis not just performance, but also business analytics about user behavior.
    -- Some of the defining elements in this category include capture and playback of complete user sessions, tracking time spent on each page, click-through rates, and error or missing content identification.
    -- Solutions in this space are specialized by applications (e.g. Web, SAP, Oracle, etc.)
    -- Deployment can be a combination of appliances and software agents. 
    -- A few of the vendors in this space (in alphabetical order):
            -- Aternity
            -- Knoa
            -- Tealeaf

The list of players in the EUEM space is not comprehensive, just a short list of those whom I have some level of familiarity. Some quick Google searches or a call to your favorite analyst should turn up more.

I would like to explore this area in more detail and plan a series of follow up posts with topics such as: details about what information from EUEM solutions should be incorporated into the BSM fabric (Hint: it’s not just events); sharing field experience on deployment strategies that have worked & pitfalls to avoid; detailed coverage on specific vendors including strengths, weaknesses, integration details, etc.

If you have experience with any of the products mentioned, other vendors that feel should be mentioned in any of the categories, general feedback, or would like to have a one-on-one discussion on this (or other) topic I’ve covered, leave me a comment below.

***Disclosure: The author of this post, Abbas Haider Ali, held roles at OPNET Technologies and IBM prior to Managed Objects.

Martin Atherton’s recent blog post “Are your systems falling down on resiliency?” calls out some alarming survey results that all corporate IT and business executives should pay attention to. Chief among these is the finding that 20% of today’s companies have significant, business impacting IT disruptions each and every quarter. It’s even more alarming when these results are juxtaposed with a similar survey conducted by Managed Objects in June of 2007 which found that up to 50% of large enterprise companies have significant business impacting outages up to 5 times a year. Among the Retail Banking sector this percentage goes up to 67%.

It’s tough to look at these results and say that we’re getting any better – besides as a business colleague used to tell me: “you need at least three data points to make a trend.” And yet, when the layers of the onion are peeled away in the Managed Objects survey, respondents felt that a good percentage of these outages were caused by changes to the application configuration. In fact, about a third of Retail Banks responded that between 25% and 50% of IT outages were caused by application configuration changes.

And while this further affirms Martin’s call for better focus on application development processes, it also brings into play the need for better process and technology focus applied to IT Operations change and configuration management. Even with the best designs and most careful plans, well-built production business applications can deteriorate in quality over time as fixes and enhancements are applied. So, while IT service quality improvements can be obtained through better development processes and technologies, process and technology improvements need to carry through to today’s IT operational environment as well as to achieve long-term IT service quality improvements.

IT governance is a main motivator for corporate entities in their decisions to create compliant IT systems that include CMDBs. The CMDB is supposed to model (as closely as possible) a "vision of the truth" about those corporate entities’ IT systems. To that end I would like to discuss the governance of how a CMDB is constructed. By CMDB governance I mean: the performance, risk assessment and compliance of a CMDB to the actual true state of the IT system being modeled; I might also add to this the confidence in that CMDB as it relates to its accuracy in modeling the IT system.

How then are CMDBs constructed? The best way is to tie together existing data and complement that data with discovery tools and old fashioned data-entry. The latter may be done through the use of various scripts or the mining of databases that hold certain aspects of the system, but in large part these would be grouped under ‘formal methodologies.’

At this point the CMDB construction is already fraught with danger, for example holes in the data, or data that is inaccurate or stale. The confidence factor of such a CMDB may be quite low, which makes it rather useless. This problem is exacerbated by that fact that building it can be a very time-consuming and difficult procedure. There is a very well known decision matrix called the ‘Impact/Effort’ matrix. The idea is that if an activity has a high effort, but a low impact, then that activity is not worth doing.

This is a major problem in creating a useful CMBD. What to do?

Well, before I attempt to answer that question, let me introduce a different way that CMDB’s can be created: social networking tools.

The idea is that the IT systems knowledge (at least on a high level) is contained in the heads of many human beings. The raw data can be managed by the discovery tools and formal tools, but the structural knowledge and ability to correct or fill in knowledge requires constant, dynamic human intervention.

That’s why tools like Managed Objects myCMDB that allow ‘Wiki’ like intervention into the construction of a CMDB are so useful. This works by taking the view that the CMDB is a dynamic living entity that never really attains a static ‘state of truth,’ but instead has major portions that are basically static, and ‘outliers’ that are being dynamically changed as network needs change, as virtual machines are created and destroyed, and as complex applications go into and out of existence. The truth in a complex IT system is a living, breathing, and most importantly, changing beast. This is why the traditional methods of creating a CMDB always seem to end up with something that is out of date with the real thing.

To make sure that the data is maintained in the CMDB correctly, a ‘governance’ policy needs to be instituted between the ‘gathering’ of the data, and the ‘structuring’ of the data within the CMDB itself. Obviously there will be many things that can be instituted as boiler-plate within this policy, but there will be many aspects of this policy that will be unique to the corporate entity that is instituting them. The policy is itself stored within the CMDB which introduces an aspect of feed-back that will help to tailor this policy to better capture and structure the dynamically collected data that ultimately forms the CMDB model.

The feedback loop is essentially a human interaction activity and could be compared to idea of domain experts who edit an encyclopedia (or a Wiki).

These experts examine the current structures of the collected knowledge within the CMDB to the real world, and modify the policy so that the collection and structuring of data more closely fits with, and changes with, the real world. The ultimate hope is to get to a policy that produces the closest possible CMDB model to the real world.

As the policy improves within the enterprise, the confidence factor rises and, of course, the usefulness of the CMDB within the enterprise also rises.

- David

• Poor application performance translates to lost revenue, research shows
  (tags: application performance)

  
  
• Technobabble: analyst twitter index
  Who's who of analyst tweets
  (tags: social networking)
  
  
• IT Automation – All the Things We Are Talking About
  (tags: IT alignment)

  
  
• BSM in the Clouds
  Doug McClure on BSM and Cloud Computing
  (tags: BSM Cloud computing alternative delivery model)
  
  
• Inside the CIA's Extreme Technology Makeover, Part 1
  CIO Magazine uncovers the CIA's secret to IT and busienss alignment
  (tags: BSM IT business alignment)

Sometimes people learn to live with pain. The pain may be real, enduring and chronic but people choose to ignore the pain -- which isn't the same thing as making it go away.

I was speaking with a prospect recently about our BSM solution, and though after listening carefully to our presentation this person’s first reaction was "we just don’t have the pain" to drive this sort of initiative. However, as conversation evolved, we began to uncover that not only was this organization living with pain -- the pain was in fact excruciating and had a direct impact on the highest levels of IT leadership. They had in effect, chosen to ignore the pain. Here’s the story as conveyed:

We have a heterogeneous IT management environment. Our tools report silos of information that must be manually correlated to understand the overall health of the IT infrastructure. As such our users usually provide IT with the first indication that there is a slowdown or outage. For example, a user in California will call the helpdesk in New York to report that an application is running slow.

Upon receiving the call, IT looks at their tools, but the screens are all reflecting green: IT can’t see the problem. Frustrated their issue isn’t being resolved, the users begin to assume IT isn’t worth their salt, and consequently stop calling to report incidents or problems.

Later our CIO goes on a company-wide townhall tour, to visit users and better understand how IT can support the business. He’s taken aback when he gets blasted by users during a meeting (ambush?) at the California office because the PeopleSoft application has been running slow for weeks.

Determined to get to the bottom of this issue the CIO returns to the office with this anecdote and thoroughly questions his staff. "Why wasn’t this problem addressed?" he demands, noting how critical the application is to the business. "No one reported the incident," is the response.

This is a quintessential business case for BSM if I’ve ever heard one. By integrating those existing IT management tools, BSM can consolidate those silos of information and link the underlying infrastructure components to the service being provided (in this case a PeopleSoft application). The benefit of doing this has been proven time and time again: IT will be able to rapidly determine root cause of incidents and problems, often before their customers are even aware, and dramatically reduce the mean-time-to-repair (MTTR). This supports the overall organization’s maturity to move from a reactive to a proactive IT organization. Why not eliminate chronic pain instead of learning to live with it?

As for my prospect, well, we have a second meeting soon and the CIO will be involved.

- Randy

As the first company to embrace the term, business service management (really, do a Lexis-Nexis search), we’ve observed market entrants are repositioning themselves in the BSM space at an increasing rate. As a competitive vendor, we find this trend has both benefits and drawbacks.

For example, we find a level of satisfaction in the validation of what we have long since envisioned to be a market for BSM, but as new vendors enter the space, they also tend to creatively redefine the market to better fit their solution. While this is a fact of life in a competitive and free market, we find sometimes our customers and prospects rightfully seek clarification.

Here are a few industry leading definitions of BSM:

Gartner: BSM is a category of IT operations management software products that dynamically links the availability and performance status of underlying IT infrastructure and application components to business-oriented IT services that enable business processes.

Forrester: Software that dynamically links business-focused IT services to the underlying IT infrastructure. A business-focused IT service may be a specific IT service or part of a business process, but it must support a significant, visible business metric for a business owner.

Enterprise Management Associates: BSM is a strategy to align IT and business goals by helping business managers to understand how the performance and availability of IT resources affect and power their business processes. BSM fuses the goals of IT and business, providing real-time monitoring of business service health and status, using a set of tools designed to help organizations meet their corporate objectives and business goals.

Freeform Dynamics: Business Service Management (BSM) is a strategy and approach for linking IT components to the goals of the business. It promotes understanding and prediction of how technology impacts the business and how business impacts the IT infrastructure.

ITIL: An approach to the management of IT Services that considers the Business Processes supported and the Business value provided. This term also means the management of Business Services delivered to Business Customers. (ITIL v3, Service Operation).

CSC: BSM measures how a business’ IT services are performing and delivering business value. It is a model where IT services are fully aligned with business objectives, requirements, metrics and results.

Some of our own customers have characterized BSM as follows:

1.  Maps technology… to applications… to the business

2.  Creates a trusted source for IT and the business

3.  Turns data into powerful intelligence

4.  Makes visualization relevant to a diverse community

5.  Is a platform of information that illustrates the impact of IT with respect to the business -- it is the holy grail of IT

Several other blogs in the industry have also consolidated some meaningful definitions: For example, Adrian Bridgewater wrote on ZDNet that, "BSM translates event data - that is, data about the status of an individual component - into impact." Ryan Shop provided an excellent post summarizing some of his findings, and Doug McClure offers the BSM community this: BSM is the integration and consolidation of systems management with business management.

Though all of these definitions have similarities, we tend to favor those provided by our customers, which raises an important point: you should determine what definition of BSM best suits your purpose and compare the different vendors against your requirements.

- Jim

Daily updates keep rolling in and all indicate that our Early Evaluation Program (EEP) for myCMDB continues to progress nicely. We have been contacted numerous times by both customers and internal employees with feature suggestions, questions and bug reports. A handful of folks with whom we have never spoken with previously have even sent inbound requests to give the software a try.

In many ways, the EEP has also become an extension to our QA department. Many people find that it is fun to find a bug and to report these to us. While we don’t necessarily “like” having to fix these bugs since we would rather be working on features -- we know this is a vital part of the process and are very happy to find them early in the development process where the overall cost to fix is dramatically lower.

We have been following standard practice by categorizing the enhancement requests and bugs and placing them into our ticketing system so that they can be reviewed and addressed by the proper personnel during the proper time in the schedule. We are working to manage these fixes in between preparation for our next “formal” code drop for the EEP. We have been updating the code periodically during our maintenance periods for a few fixes we deem necessary, however, we are not delivering additional major features to the product until our next code drop in August.

Currently we are aggregating overall usage data and it will be interesting to see if there are significant trends: What type of user logs in most frequently? Who uses it less frequently? Who is leveraging the community aspects? Are the CIM standard for CI’s useful or have they constructed their own classes? Stay tuned. 

- Adam

For example, a recent poll at Gartner’s IOM conference found that 33% of respondents are currently implementing a CMDB -- another 19% plan to do so in the next six months -- while another 12 percent will do so within a year.

A separate study summarized in this article by EMA’s Dennis Drogseth found that "50% [of respondents] are in active [CMDB] planning and 50% are in deployment." Results may be dependent on a number of variables, but what’s remarkable is that both surveys show a marked contrast from another poll conducted a year ago by searchdatacenter.com which found that almost half of all of respondents had no plans for a CMDB.

While the numbers are interesting and certainly something to which we as a vendor pay close attention -- we find how this market is evolving most interesting of all. The nearby graphic indicates how we at Managed Objects have seen things shape up.

Yesterday was a big day for the myCMDB team. We launched our initial code drop for the myCMDB Early Evaluation Program. The team is eager to get some feedback from our participants.

Overall the launch has gone very well. We had very few problems with user account setup, DNS problems, or any other technical issues. In fact, we have been surprised (and pleased) by the number of people that are already using the application.

We are eating our own dog food for this program so we can easily monitor statistics and auditing of the system: we can watch as people login, logout, and perform other activities. This was vital to our program so that we can monitor usage accordingly as part of our feedback.

We also setup myMO -- our  Web-based portal framework -- as the front end web site for all communication to the participants of the myCMDB EEP program. The site contains an overview of the program, instructional movies, beta documentation, a Blog site, calendar of events and other cool stuff to provide an easy means of communication between the participants and the myCMDB team. Personally, as the project manager, I am interested in hearing feedback on both the product as well as the Early Evaluation Program in general.

So far, my favorite thing about this program has been watching the community feeds as people register CI’s, update attributes, join communities, etc. In fact, it looks like a bit of competition may be brewing between the participants to see who can register CI’s the fastest. Interesting thought for those wanting to foster usage and coverage with a CMDB.

- Adam

We’re thrilled to see the buzz gathering around our newest announcement - analysts and media alike seem to agree that we’ve added something new and noteworthy to the market. We think this kind of innovation is especially welcome in a market that has little confidence in those larger competitors.

With myCMDB, we’ve really unleashed the power of the CMDB by adding the community features that should logically be part of any project that requires the input from so many different people within an organization. Heck, using email and voicemail for CMDB communication is like using a rotary dial for a smartphone.

Instead, we’ve brought CMDB communications and process into the 21st century, by adding a combination of Facebook interactivity, Wikipedia information quality management, and Google’s searching model. Basically, these features make it easier to get more users involved in its creation and maintenance, which means the CMDB quickly becomes a more accurate representation of the infrastructure, relationships, and services. This allows organizations to use the CMDB to better control the impact of change and move it into a decision support role.

Stay tuned as the buzz continues to build!