Patent Application
20110066719
The field of Application Dependency Mapping (ADM) is not yet mature and designers are actively developing the discipline. A common approach involves modeling each application and parsing configuration data to identify other IT elements upon which the applications depend. The process is very time consuming and entails much customization for each supported application. Due to the complexity of producing application models, the number of applications that are recognized by the conventional ADM systems is not very high.
An embodiment of a computer-executed method for network management automatically maps applications to network infrastructure. The method comprises monitoring network activity on one or more managed computers and collecting network activity data on the managed computers. The association of executable files to applications is identified and network activity data and the association of executable files to applications are analyzed. Connections from applications on the managed computers are established according to the analysis.
Embodiments of the invention relating to both structure and method of operation may best be understood by referring to the following description and accompanying drawings:
Embodiments of a network system and associated operating techniques are described for determining software application relationships using network connections in combination with the detailed software application inventory information made available by the discovery system.
Application Dependency Mapping (ADM) is a technique for tracking dynamically changing computing environments by monitoring how applications and their underlying components interact with one another. The monitored data facilitates analysis of the impact that a change in one application or application component will have, prediction of consequences of slowing or stopping of an application, and determination of procedures to resolve the problem. ADM is useful in a Configuration Management Database (CMDB) to enable identification and creation of a visual map of devices that support an application including servers, routers and switches. ADM also enables monitoring and analysis of software components and code dependencies relied upon by an application, as well as network configurations such as routing tables and port assignments that allow applications to travel across an enterprise. In an example implementation, ADM enables an organization to dynamically allocate resources and improve server utilization based on business need to better use overall data center resources.
Application Dependency Mapping (ADM) is a technique for discovering installed software applications and resolving application interdependence and dependence with respect to Information Technology (IT) infrastructure. Application dependency information can have many uses, for example in the milieu of Enterprise Systems Management. Uses can include populating a Configuration Management Database (CMDB) with relationship information, service and change management, and data center management.
Thus an improved, automatic approach is sought to ease the implementation and improve application coverage of Application Dependency Mapping.
One ADM approach involves maintaining a comprehensive model of configuration data for each supported application. To collect data for such a model, various up-to-date credentials for logging into the system and/or the application are used. A discovery system connects to the computer which hosts the application remotely and runs various scripts and detection logic to identify the application version and the detailed configuration of the version. Overhead of the ADM approach includes operations of collecting the credentials and maintaining a current list since many security policies enforce the change of passwords on a regular basis. Maintaining such models can be time consuming since the configuration of applications can change from one version to another. Maintaining the models is usually suitable for large and complex applications, such as Applications and Database Servers (ADS) in which additional discovery information detected during the time consuming deep discovery can be useful.
Another ADM technique captures and interprets network packets passing through the network and, based on the content of the packets, resolves which applications are sending and receiving the packets. The discovery application or appliance has to be connected to a switch that passes through all network traffic, a connection that is not always possible. Increasingly encrypted communications are used to secure communications between applications, even on the local area network, which prevents investigation of the actual content of network packets and derivation of application dependency from the actual content.
In an illustrative embodiment of an Application Dependency Mapping (ADM) technique, dependencies between applications are determined by discovering the actual network communications between the applications. In some embodiments and/or in some conditions, since the majority of network communications today is done using the TCP/IP network protocol, the network discovery can monitor the TCP/IP network activity on each managed computer. In other embodiments or operative in other conditions, the technique can be applied to other network protocols. The technique can be implemented using an agent that runs continuously on all managed computers, collecting information including Start/End timestamps of a connection, Local and Remote host and port information, the absolute path to the executable file that established the connection, and the like.
The collected network connection information can be stored on each managed computer for a specific period of time, for example one month. The collected network activity data is combined with the software inventory information. The software inventory can be used to identify installed applications using a file-based software recognition process. The recognition process uses a Software Application library, a knowledge base that captures details of files that comprise various applications, including file name, size, signature, and executable type. For example, an executable in question can be msaccess.exe, which is deduced to be a part of Microsoft Access based on the information stored in the Software Application Library. However, a file or files with the same name, signature and size can be part of many different applications, so the recognition process employs a sophisticated algorithm that takes into account other files located in the same directory as well as elsewhere on the computer, allowing accurate recognition to take place. The recognition process identifies which executable files belong to which application. Once the information is collected for all managed computers, a topology determination process can be invoked that analyzes network connectivity on all computers and uses the timestamps and host information to establish the connection from an application on one computer with the application on another computer, thus obtaining the correct Application Dependency Mapping data.
Software inventory is more mature discipline than application dependency mapping and thus has higher application coverage. The illustrative new technique exploits availability of existing and mature software application inventory data and can enhance application relationship information.
The illustrative technique can be implemented without development of complex application models and uses mature file-based application recognition technology that is simple to maintain. As a result, the technique enables much higher application coverage than other methods and functions well even in cases of encrypted network communications.
Referring to
In an example embodiment of an agent 106, file information can be sourced by a component called a scanner that collects the inventory. Software inventory includes detailed file information, for example that can be used in recognition such as file name, size, other attributes, and the like. The agents 106 can be configured to operate by continuously or periodically collecting the network activity data, for example start and end timestamps of a connection, local and remote host and port information, identification of an absolute path to an executable file that establishes a connection, and the like. In some embodiments, the agents 106 can collect the data continuously or can be selectively activated and deactivated to collect information in a non-continuous manner such as periodically or intermittently. For example, when a user, customer, system manager, or the like does not want to install an agent permanently on a computer, the utility can be configured so that the agent runs periodically.
The agent instances 106 can be configured to collect network activity data on the managed computer 108 using a predetermined collection, protocol, for example Transmission Control Protocol/Internet Protocol (TCP/IP) or any other suitable network protocol. The agent instances 106 also monitor network protocol activity on the managed computers 108.
The agents 106 instance can operate by discovering network communications between network applications 114 and operating in combination with the software recognition process 110, which determines application dependencies based on the discovered network communications.
In some embodiments, the network system 100 can further comprise a software application library 116 for usage by the software recognition process 110. The library 116 compiles data of executable files 112 associated with applications 114 including file name, file size, file signature, file version data, file executable type, and selected file attributes. The software recognition process 110 identifies association of executable files 112 to applications 114.
In some embodiments, the network system 100 can further comprise multiple agents 106 that collect network activity data for all managed computers 108 which operate in combination with a topology determination process 118 that analyzes the network activity data and the association of executable files 112 to applications 114 on all managed computers 108. The software recognition process 110 establishes connections among applications 114 using timestamps and host information.
The network system 100 can further comprise a configuration is management database 120 which can communicate and operate in combination with the software recognition process 110 and receives relationship information of executable files 112 to applications 114. For example, software recognition 110 can accumulate or develop a list of applications installed on the computer. A utility that calculates application topology stores the application dependency information into a local database. The application dependency information can be used to populate the configuration management database 120.
The illustrative network system 100 performs a universal method of automatic application dependency discovery that is not constrained to the development of complex application models. The illustrative utility 102 can combine existing file-based application recognition technology and network topology information, for example within the OpenView Enterprise Discovery system from Hewlett Packard Company (HP) of Palo Alto, Calif., with information of active network connections on a host and the processes associated with the connections to determine interdependencies between applications and the IT infrastructure.
In contrast to basing the discovery system on complex models such as scripts and the like, and also relying on the user intervention and/or adjustment, the illustrative network system 100 can be fully automated and can recognize particular applications and associated dependencies without use of complex models and/or scripts. The network system 100 is also robust and adapts to changes in application behavior, even if the behavior evolves over time, changes rapidly, or otherwise has a dynamic character.
The technique performed by the network system 100 is non-intrusive and, although using installation of an agent 106 for ADM functionality, does not require port scans, capturing and monitoring of the network traffic, and the like. Network connection and/or process information is “passively” observed. In some implementations, the incremental load on the system imposed by ADM functionality can be reduced by combined ADM functionality with a software utilization agent that is used for other functionality.
The network system 100 and utility 102 can operate continuously, based on historical data, and does not miss occasional dependencies and/or applications that run infrequently. The network system 100 and utility 102 are highly accurate and can use a software library to recognize processes, and are adaptable to changes without amending the complex scripts and/or models.
Application Dependency Mapping (ADM) is considered by many in the IT industry as an insufficiently developed component affecting Business Service Management (BSM), Configuration Management Database (CMDB), and Information Technology Service Management (ITSM) strategies. ADM technology is viewed as strategic piece of most current IT implementations, and has grown in importance with the heightened interest in data center consolidation projects. Market adoption of initial ADM implementations has been slow, at least partly due to the complexity of producing application models, so that the number of applications that are recognized by the current ADM vendors is not very high—up to a few hundred applications. In contrast, HP so OpenView Enterprise Discovery can identify about 20,000 different application versions using an associated software inventory capability. In an illustrative embodiment, the network system 100 and utility 102 enable an improved automatic approach for facilitating implementation and improving application coverage of ADM by leveraging the existing OpenView software inventory capability.
Referring to
The file-based application recognition technology 210 that can be used in the ADM technique can be a process operative within the HP OpenView Enterprise Discovery product. The Enterprise Discovery product also implements agent technology that detects software application utilization by monitoring the running processes and associates the data to the associated applications. The illustrative ADM system and operating method extends the discovery technology further to collect network activity data, and adds a new server module to process the connectivity information and determine application dependencies.
Network activity data can be obtained by existing system tools, such as netstat and Isof. Netstat (network statistics) is a command-line tool available in Unix, Unix-like, and Windows NT based operating systems that displays network connections including both incoming and outgoing connections, routing tables, and various other network interface statistics. Lsof is a command to list open files which is used in Unix and Unix-like systems to report a list of all open files and the processes that opened the files. The netstat command can be extended beyond typical functionality, for example by adding code that runs in kernel mode, to obtain the full executable file name and process information for the application that establishes TCP connections on operating systems such as Windows NT and Windows 2000.
The illustrative ADM system and operating method can exploit the file-based application recognition technology within the OpenView Enterprise Discovery to generate a view of the actual dependencies without building complex models of applications, and hence is more widely applicable to applications. Functionality of the disclosed ADM system and technique are complementary to configuration-based modeling techniques that give an expected view of dependencies.
Referring to
In an example implementation, the network activity can be monitored 304 by agents installed on the managed computers. Analysis 310 of executable files to applications can exploit network discovery and inventory tools in existence in the network.
In an illustrative embodiment, the action of collecting 306 network activity data can comprise collecting start and end timestamps of a connection, local and remote host and port information, identification of an absolute path to an executable file that establishes a connection, and other suitable information.
The network activity data can be collected 306 on the one or more managed computers using a predetermined collection protocol. The connectivity information can be collected for a predetermined time period. For example, rather than collecting the information for a limited time period and then stopping, a more suitable protocol may collect the information for a sliding time window. In a specific example, historical network data can be collected for, for example, the most recent two-week period or for the last month. In another example protocol, information can be collected periodically. Network connectivity data can be feasibly collected for a few hours per day with historical data maintained for a sliding window of on the order of weeks of time.
Referring to
In the illustrative method 320, the software application library is used to resolve and identify applications to which a particular process belongs. Because a process with a particular name can belong to several applications or to multiple versions of the same application, the combination of the inventory of the computer with the application recognition based on the application library that reliably identifies the exact application in use is effective.
Referring to
Referring to
In some implementations, the network communications can be discovered 344 by monitoring network protocol activity on the managed computers. For example, an agent can be run 346 continuously or periodically on a remote host that monitors network protocol activity. For example, Transmission Control Protocol/Internet Protocol (TCP/IP) or any other suitable network protocol can be monitored to enable determination of application dependencies on infrastructure.
In an example implementation or under selected conditions, the collection of the network connection information along with other data, such as processes associated with the data is continuous, in contrast to a one-time snapshot that determines how infrastructure is connected at any particular moment in time when the discovery process is running. The illustrative technique 340 enables constant monitoring of network connections and maintenance of historic connection/process data from all managed computers, enabling detection of application dependencies for those connections that are established infrequently/for short duration periods.
Referring to
Terms “substantially”, “essentially”, or “approximately”, that may be used herein, relate to an industry-accepted tolerance to the corresponding term. Such an industry-accepted tolerance ranges from less than one percent to twenty percent and corresponds to, but is not limited to, functionality, values, process variations, sizes, operating speeds, and the like. The term “coupled”, as may be used herein, includes direct coupling and indirect coupling via another component, element, circuit, or module where, for indirect coupling, the intervening component, element, circuit, or module does not modify the information of a signal but may adjust its current level, voltage level, and/or power level. Inferred coupling, for example where one element is coupled to another element by inference, includes direct and indirect coupling between two elements in the same manner as “coupled”.
The illustrative block diagrams and flow charts depict process steps or blocks that may represent modules, segments, or portions of code that include one or more executable instructions for implementing specific logical functions or steps in the process. Although the particular examples illustrate specific process steps or acts, many alternative implementations are possible and commonly made by simple design choice. Acts and steps may be executed in different order from the specific description herein, based on considerations of function, purpose, conformance to standard, legacy structure, and the like.
While the present disclosure describes various embodiments, these embodiments are to be understood as illustrative and do not limit the claim scope. Many variations, modifications, additions and improvements of the described embodiments are possible. For example, those having ordinary skill in the art will readily implement the steps necessary to provide the structures and methods disclosed herein, and will understand that the process parameters, materials, and dimensions are given by way of example only. The parameters, materials, and dimensions can be varied to achieve the desired structure as well as modifications, which are within the scope of the claims. Variations and modifications of the embodiments disclosed herein may also be made while remaining within the scope of the following claims.
| Filing Document | Filing Date | Country | Kind | 371c Date |
|---|---|---|---|---|
| PCT/US08/52602 | 1/31/2008 | WO | 00 | 11/30/2010 |
