Embed Size (px)
Citation preview
IBM Corporation
February 17, 2006 © 2006 IBM Corporation
Craig Farrell
The Converging Worlds of Network Management and Security Information Management
2
IBM Corporation
© 2006 IBM Corporation
Why is Network Management Changing? Revenue Growth
– Could charge for Availability and Performance
– Now must Charge for Content and Services
Cost Control– Opex pressure is forcing NOC reductions
No reduction in the number of events (Scalability)
Service focused NOC operators are less concerned with Infrastructure and more
concerned with “is the service running”?
3
IBM Corporation
© 2006 IBM Corporation
Why are Network Management and Security Event Management Converging?
Revenue Can’t deliver content without security.
Costs Opex pressure is forcing NOC/SOCs to merge Capex pressure on IP Convergence projects
Market Pressure Industry Consolidation - Acquisition history
Service Focus Security events are as likely to effect QOS as any other event.
4
IBM Corporation
© 2006 IBM Corporation
5
IBM Corporation
© 2006 IBM Corporation
Customer example 2
6
IBM Corporation
© 2006 IBM Corporation
OSS Impact
The job of OSS systems has to move from identifying impacted infrastructure and devices to identifying (and resolving) impacted Services.
Data Sources– More Events, more data sources
Correlation– Need to identify the service effecting events from all the data.
Topology– More Topologies, layer 1 through 7, more arbitrary topologies for services, more
topologies that can’t be discovered. Service Models for Service Impact
– More layered services, more distributed services, faster service rollout, more kinds of service interdependencies and relationships
Advanced Visualization– At-a-glance understanding of service status required
.
7
IBM Corporation
© 2006 IBM Corporation
Cross-Management Domain Correlation / Resolution for Service-Affecting Events (security-related):
– A service provider can’t download the movies fast enough to their set-top boxes
– A security event is flagged at the root-cause level; the problem is identified as a DOS attack on the DNS servers
Management domains correlated: Security Incident Management, Performance Management, Availability Management, BSM, RCA
8
IBM Corporation
© 2006 IBM Corporation
Convergence
9
IBM Corporation
© 2006 IBM Corporation
Charging models in a converged world
Must Charge for Services – Store your music library
– SMS to pay your bill Must Charge for Content
– Buy a ring tone
– Buy a movie (or TV Show)
– Stream commercials on the screen
Security– Content providers understand the value of their content
10
IBM Corporation
© 2006 IBM Corporation
• Standard Network Management Metrics do not include Quality
1% packet loss (evenly distributed)
1% packet loss(i-frame)
1% packet loss(buffer discarding)
• 3 examples with same content, different problems and when do we care?
Beyond Performance and Availability Network Statistics
Reference
11
IBM Corporation
© 2006 IBM Corporation
Active Networks
Consider downloading a program that understood which (application layers) packets could be dropped to each router along a path before the transmission occurred.
Consider security for Active Networks
12
IBM Corporation
© 2006 IBM Corporation
13
IBM Corporation
© 2006 IBM Corporation
Summary
Network management used to care about availability and Performance but convergence will force us to care about quality and security.
Why – because it’s all about the service!
