Patent Application
20090171730
This invention relates, in general, to managing customer environments to provide support for business resiliency, and in particular, to non-disruptively changing the environment based on detected changes associated with business applications of the environment.
Today, customers attempt to manually manage and align their availability management with their information technology (IT) infrastructure. Changes in either business needs or the underlying infrastructure are often not captured in a timely manner and require considerable rework, leading to an inflexible environment.
Often high availability solutions and disaster recovery technologies are handled via a number of disparate point products that target specific scopes of failure, platforms or applications. Integrating these solutions into an end-to-end solution is a complex task left to the customer, with results being either proprietary and very specific, or unsuccessful.
Customers do not have the tools and infrastructure in place to customize their availability management infrastructure to respond to failures in a way that allows for a more graceful degradation of their environments. As a result, more drastic and costly actions may be taken (such as a site switch) when other options (such as disabling a set of applications or users) could have been offered, depending on business needs.
Coordination across availability management and other systems management disciplines is either nonexistent or accomplished via non-reusable, proprietary, custom technology.
There is little predictability as to whether the desired recovery objective will be achieved, prior to time of failure. There are only manual, labor intensive techniques to connect recovery actions with the business impact of failures and degradations.
Any change in the underlying application, technologies, business recovery objectives, resources or their interrelationships require a manual assessment of impact to the hand-crafted recovery scheme.
Based on the foregoing, a need exists for a capability to facilitate management of an IT environment. In particular, a need exists for a capability that enables the environment to be changed non-disruptively, in response to detected changes in resource scope of business applications of the environment.
The shortcomings of the prior art are overcome and additional advantages are provided through the provision of a computer-implemented method to manage changes of an IT environment. The method includes, for instance, determining one or more changes to be made to the IT environment, in response to a change in resource scope of a business application of the IT environment; and non-disruptively effecting the one or more changes to be made to the IT environment, wherein the non-disruptively effecting includes continuing to manage to an existing resource scope of the business application.
Computer program products and systems relating to one or more aspects of the present invention are also described and claimed herein.
Additional features and advantages are realized through the techniques of the present invention. Other embodiments and aspects of the invention are described in detail herein and are considered a part of the claimed invention.
One or more aspects of the present invention are particularly pointed out and distinctly claimed as examples in the claims at the conclusion of the specification. The foregoing and other objects, features, and advantages of the invention are apparent from the following detailed description taken in conjunction with the accompanying drawings in which:
In managing a customer's environment, such as its business environment, there is a set of requirements unaddressed by existing technology, which causes unpredictable down time, large impact failures and recoveries, and significant extra labor cost, with resulting loss of business revenue. These requirements include, for instance:
The above set of requirements is addressed, however, by a Business Resiliency (BR) Management System, of which one or more aspects of the present invention are included. The Business Resiliency Management System provides, for instance:
One goal of the BR system is to allow customers to align their supporting information technology systems with their business goals for handling failures of various scopes, and to offer a continuum of recovery services from finer grained process failures to broader scoped site outages. The BR system is built around the idea of identifying the components that constitute a business function, and identifying successive levels of recovery that lead to more complex constructs as the solution evolves. The various recovery options are connected by an overall BR management capability that is driven by policy controls.
Various characteristics of one embodiment of a BR system include:
A Business Resilience System is capable of being incorporated in and used by many types of environments. One example of a processing environment to incorporate and use aspects of a BR system, including one or more aspects of the present invention, is described with reference to
Processing environment 100 includes, for instance, a central processing unit (CPU) 102 coupled to memory 104 and executing an operating system 106. Examples of operating systems include AIX® and z/OS®, offered by International Business Machines Corporation; Linux; etc. AIX® and z/OS® are registered trademarks of International Business Machines Corporation, Armonk, N.Y., U.S.A. Other names used herein may be registered trademarks, trademarks or product names of International Business Machines Corporation or other companies.
The operating system manages execution of a Business Resilience Runtime Component 108 of a Business Resilience System, described herein, and one or more applications 110 of an application container 112.
As examples, processing environment 100 includes an IBM® System z™ processor or a pSeries® server offered by International Business Machines Corporation; a Linux server; or other servers, processors, etc. Processing environment 100 may include more, less and/or different components than described herein. (pSeries® is a registered trademark of International Business Machines Corporation, Armonk, N.Y., USA.)
Another example of a processing environment to incorporate and use aspects of a BR System, including one or more aspects of the present invention, is described with reference to
As shown, a processing environment 200 includes for instance, a central processing complex 202 coupled to an input/output (I/O) subsystem 204. Central processing complex 202 includes, for instance, a central processing unit 206, memory 208, an operating system 210, a database management system 212, a Business Resilience Runtime Component 214, an application container 216 including one or more applications 218, and an I/O facility 220.
I/O facility 220 couples central processing complex 202 to I/O subsystem 204 via, for example, a dynamic switch 230. Dynamic switch 230 is coupled to a control unit 232, which is further coupled to one or more I/O devices 234, such as one or more direct access storage devices (DASD).
Processing environments 100 and/or 200 may include, in other embodiments, more, less and/or different components.
In yet another embodiment, a central processing complex 300 (
For example, network service 302 of central processing complex 300 is coupled to a switch 308 of network subsystem 306. Switch 308 is coupled to a switch 310 via routers 312 and firewalls 314. Switch 310 is further coupled to a network service 316 of processing environment 304.
Processing environment 304 further includes, for instance, a central processing unit 320, a memory 322, an operating system 324, and an application container 326 including one or more applications 328. In other embodiments, it can include more, less and/or different components.
Moreover, CPC 300 further includes, in one embodiment, a central processing unit 330, a memory 332, an operating system 334, a database management system 336, a Business Resilience Runtime Component 338, an application container 340 including one or more applications 342, and an I/O facility 344. It also may include more, less and/or different components.
I/O facility 344 is coupled to a dynamic switch 346 of an I/O subsystem 347. Dynamic switch 346 is further coupled to a control unit 348, which is coupled to one or more I/O devices 350.
Although examples of various environments are provided herein, these are only examples. Many variations to the above environments are possible and are considered within the scope of the present invention.
In the above-described environments, a Business Resilience Runtime Component of a Business Resilience System is included. Further details associated with a Business Resilience Runtime Component and a Business Resilience System are described with reference to
In one example, a Business Resilience System 400 is a component that represents the management of recovery operations and configurations across an IT environment. Within that Business Resilience System, there is a Business Resilience Runtime Component (402) that represents the management functionality across multiple distinct Recovery Segments, and provides the service level automation and the support of creation of the recovery sequences. In addition, there are user interface (404), administration (406), installation (408) and configuration template (410) components within the Business Resilience System that enable the administrative operations that are to be performed. Each of these components is described in further detail below.
Business Resilience Runtime Component 402 includes a plurality of components of the BR System that are directly responsible for the collection of observations, creation of PSEs, policy acceptance, validation, error detection, and formulation of recovery sequences. As one example, Business Resilience Runtime Component 402 includes the following components:
In addition to the Business Resilience Runtime Component of the BR system, the BR system includes the following components, previously mentioned above.
When alerted, the user can choose to open the corresponding resource directly. If the user selects No, the user can revisit the message or resource by using the above notification log view.
The user interface, admin mailbox, install logic and/or template components can be part of the same computing unit executing BR Runtime or executed on one or more other distributed computing units.
To further understand the use of some of the above components and their interrelationships, the following example is offered. This example is only offered for clarification purposes and is not meant to be limiting in any way.
Referring to
As a result of these conditions leading up to runtime, the following subscriptions have already taken place:
These steps highlight one example of an error detection process:
In addition to the above, BR includes a set of design points that help in the understanding of the system. These design points include, for instance:
BR is targeted towards goal based policies—the customer configures his target availability goal, and BR determines the preparatory actions and recovery actions to achieve that goal (e.g., automatically).
Availability management of the IT infrastructure through goal based policy is introduced by this design. The BR system includes the ability to author and associate goal based availability policy with the resource Recovery Segments described herein. In addition, support is provided to decompose the goal policy into configuration settings, preparatory actions and runtime procedures in order to execute against the deployed availability goal. In one implementation of the BR system, the Recovery Time Objective (RTO—time to recover post outage) is a supported goal policy. Additional goal policies of data currency (e.g., Recovery Point Objective) and downtime maximums, as well as others, can also be implemented with the BR system. Recovery Segments provide the context for association of goal based availability policies, and are the scope for goal policy expression supported in the BR design. The BR system manages the RTO through an understanding of historical information, metrics, recovery time formulas (if available), and actions that affect the recovery time for IT resources.
RTO goals are specified by the customer at a Recovery Segment level and apportioned to the various component resources grouped within the RS. In one example, RTO goals are expressed as units of time intervals, such as seconds, minutes, and hours. Each RS can have one RTO goal per Pattern System Environment associated with the RS. Based on the metrics available from the IT resources, and based on observed history and/or data from the customer, the RTO goal associated with the RS is evaluated for achievability, taking into account which resources are able to be recovered in parallel.
Based on the RTO for the RS, a set of preparatory actions expressed as a workflow is generated. This preparatory workflow configures the environment or makes alterations in the current configuration, to achieve the RTO goal or to attempt to achieve the goal.
In terms of optimizing RTO, there are tradeoffs associated with the choices that are possible for preparatory and recovery actions. Optimization of recovery choice is performed by BR, and may include interaction at various levels of sophistication with IT resources. In some cases, BR may set specific configuration parameters that are surfaced by the IT resource to align with the stated RTO. In other cases, BR may request that an IT resource itself alter its management functions to achieve some portion of the overall RS RTO. In either case, BR aligns availability management of the IT resources contained in the RS with the stated RTO.
In this design, as one example, there is an approach to collecting the required or desired metrics data, both observed and key varying factors, system profile information that is slow or non-moving, as well as potential formulas that reflect a specific resource's use of the key factors in assessing and performing recovery and preparatory actions, historical data and system information. The information and raw metrics that BR uses to perform analysis and RTO projections are expressed as part of the IT resources, as resource properties. BR specific interpretations and results of statistical analysis of key factors correlated to recovery time are kept as BR Specific Management data (BRMD).
BR maintains specific information about the BR management of each resource pairing or relationship between resources. Information regarding the BR specific data for a resource pairing is kept by BR, including information such as ordering of operations across resources, impact assessment information, operation effect on availability state, constraint analysis of actions to be performed, effects of preparatory actions on resources, and requirements for resources to co-locate or anti-co-locate.
One feature of the BR function is the ability to identify the scope and impact of a failure. The BR design uses a Containment Region to identify the resources affected by an incident. The Containment Region is initially formed with a fairly tight restriction on the scope of impact, but is expanded on receiving errors related to the first incident. The impact and scope of the failure is evaluated by traversing the resource relationships, evaluating information on BR specific resource pairing information, and determining most current state of the resources impacted.
Various types of preparatory and recovery processes are formulated and in some cases, optionally initiated. Workflows used by BR are dynamically generated based on, for instance, customer requirements for RTO goal, based on actual scope of failure, and based on any configuration settings customers have set for the BR system.
A workflow includes one or more operations to be performed, such as Start CICS, etc. Each operation takes time to execute and this amount of time is learned based on execution of the workflows, based on historical data in the observation log or from customer specification of execution time for operations. The workflows formalize, in a machine readable, machine editable form, the operations to be performed.
In one example, the processes are generated into Business Process Execution Language (BPEL) compliant workflows with activities that are operations on IT resources or specified manual, human activities. For example, BRM automatically generates the workflows in BPEL. This automatic generation includes invoking routines to insert activities to build the workflow, or forming the activities and building the XML (Extensible Mark-Up Language). Since these workflows are BPEL standard compliant, they can be integrated with other BPEL defined workflows which may incorporate manual activities performed by the operations staff. These BR related workflows are categorized as follows, in one example:
Preventive—Steps taken to contain or fence an error condition and prevent the situation from escalating to a more substantial outage or impact; for example, the severing of a failed resource's relationship instances to other resources. Preventive workflows are also dynamically generated, in one example.
Since the set of BR actions described above modify existing IT environments, visibility to the actions that are taken by BR prior to the actual execution is provided. To gain trust in the decisions and recommendations produced by BR, the BR System can run in ‘advisory mode’. As part of advisory mode, the possible actions that would be taken are constructed into a workflow, similar to what would be done to actually execute the processes. The workflows are then made visible through standard workflow authoring tooling for customers to inspect or modify. Examples of BPEL tooling include:
BR tooling spans the availability management lifecycle from definition of business objectives, IT resource selection, availability policy authoring and deployment, development and deployment of runtime monitors, etc. In one example, support for the following is captured in the tooling environment for the BR system:
The policy lifecycle for BR goal policies, such as RTO goals, includes, for example:
One of the points in determining operational state of a Recovery Segment is that this design allows for customers to configure a definition of specific ‘aggregated’ states, using properties of individual IT resources. A Recovery Segment is an availability management context, in one example, which may include a diverse set of IT resources.
The customer may provide the rules logic used within the Recovery Segment to consume the relevant IT resource properties and determine the overall state of the RS (available, degraded and unavailable, etc). The customer can develop and deploy these rules as part of the Recovery Segment availability policy. For example, if there is a database included in the Recovery Segment, along with the supporting operating system, storage, and network resources, a customer may configure one set of rules that requires that the database must have completed the recovery of in-flight work in order to consider the overall Recovery Segment available. As another example, customers may choose to configure a definition of availability based on transaction rate metrics for a database, so that if the rate falls below some value, the RS is considered unavailable or degraded, and evaluation of ‘failure’ impact will be triggered within the BR system. Using these configurations, customers can tailor both the definitions of availability, as well as the rapidity with which problems are detected, since any IT resource property can be used as input to the aggregation, not just the operational state of IT resources.
Failures occurring during sequences of operations executed within a BPEL compliant process workflow are intended to be handled through use of BPEL declared compensation actions, associated with the workflow activities that took a failure. The BR System creates associated “undo” workflows that are then submitted to compensate, and reset the environment to a stable state, based on where in the workflow the failure occurred.
The following set of customer values, as examples, are derived from the BR system functions described above, listed here with supporting technologies from the BR system:
Management of the IT environment is adaptively performed, as described herein and in a U.S. patent application “Adaptive Business Resiliency Computer System for Information Technology Environments,” (POU920070364US1), Bobak et al., co-filed herewith, which is hereby incorporated herein by reference in its entirety.
Many different sequences of activities can be undertaken in creating a BR environment. The following represents one possible sequence; however, many other sequences are possible. This sequence is provided merely to facilitate an understanding of a BR system and one or more aspects of the present invention. This sequence is not meant to be limiting in any way. In the following description, reference is made to various U.S. patent applications, which are co-filed herewith.
On receiving the BR and related product offerings, an installation process is undertaken. Subsequent to installation of the products, a BR administrator may define the configuration for BR manager instances with the aid of BRM configuration templates.
Having defined the BRM configuration a next step could be to define Recovery Segments as described in “Recovery Segments for Computer Business Applications,” (POU920070108US1), Bobak et al., which is hereby incorporated herein by reference in its entirety.
Definition of a RS may use a representation of resources in a topology graph as described in “Use of Graphs in Managing Computing Environments,” (POU920070112US1), Bobak et al., which is hereby incorporated herein by reference in its entirety.
It is expected that customers will enable BR operation in “observation” mode for a period of time to gather information regarding key metrics and operation execution duration associated with resources in a RS.
At some point, sufficient observation data will have been gathered or a customer may have sufficient knowledge of the environment to be managed by BR. A series of activities may then be undertaken to prepare the RS for availability management by BR. As one example, the following steps may be performed iteratively.
A set of functionally equivalent resources may be defined as described in “Use of Redundancy Groups in Runtime Computer Management of Business Applications,” (POU920070113US1), Bobak et al., which is hereby incorporated herein by reference in its entirety.
Specification of the availability state for individual resources, redundancy groups and Recovery Segments may be performed as described in “Use of Multi-Level State Assessment in Computer Business Environments,” (POU920070114US1), Bobak et al., which is hereby incorporated herein by reference in its entirety.
Representations for the IT environment in which BR is to operate may be created from historical information captured during observation mode, as described in “Computer Pattern System Environment Supporting Business Resiliency,” (POU920070107US1), Bobak et al., which is hereby incorporated herein by reference in its entirety. These definitions provide the context for understanding how long it takes to perform operations which change the configuration—especially during recovery periods.
Information on relationships between resources may be specified based on recommended best practices—expressed in templates—or based on customer knowledge of their IT environment as described in “Conditional Computer Runtime Control of an Information Technology Environment Based on Pairing Constructs,” (POU920070110US1), Bobak et al., which is hereby incorporated herein by reference in its entirety. Pairing processing provides the mechanism for reflecting required or desired order of execution for operations, the impact of state change for one resource on another, the effect execution of an operation is expected to have on a resource state, desire to have one subsystem located on the same system as another and the effect an operation has on preparing the environment for availability management.
With preliminary definitions in place, a next activity of the BR administrator might be to define the goals for availability of the business application represented by a Recovery Segment as described in “Programmatic Validation in an Information Technology Environment,” (POU920070111US1), Bobak et al., which is hereby incorporated herein by reference in its entirety.
Managing the IT environment to meet availability goals includes having the BR system prioritize internal operations. The mechanism utilized to achieve the prioritization is described in “Serialization in Computer Management,” (POU920070105US1), Bobak et al., which is hereby incorporated herein by reference in its entirety.
Multiple operations are performed to prepare an IT environment to meet a business application's availability goal or to perform recovery when a failure occurs. The BR system creates workflows to achieve the required or desired ordering of operations, as described in “Dynamic Generation of Processes in Computing Environments,” (POU920070123US1), Bobak et al., which is hereby incorporated herein by reference in its entirety.
A next activity in achieving a BR environment might be execution of the ordered set of operations used to prepare the IT environment, as described in “Dynamic Selection of Actions in an Information Technology Environment,” (POU920070117US1), Bobak et al., which is hereby incorporated herein by reference in its entirety.
Management by BR to achieve availability goals may be initiated, which may initiate or continue monitoring of resources to detect changes in their operational state, as described in “Real-Time Information Technology Environments,” (POU920070120US1), Bobak et al., which is hereby incorporated herein by reference in its entirety. Monitoring of resources may have already been initiated as a result of “observation” mode processing.
Changes in resource or redundancy group state may result in impacting the availability of a business application represented by a Recovery Segment. Analysis of the environment following an error is performed. The analysis allows sufficient time for related errors to be reported, insures gathering of resource state completes in a timely manner and insures sufficient time is provided for building and executing the recovery operations—all within the recovery time goal, as described in “Management Based on Computer Dynamically Adjusted Discrete Phases of Event Correlation,” (POU920070119US1), Bobak et al., which is hereby incorporated herein by reference in its entirety.
A mechanism is provided for determining if events impacting the availability of the IT environment are related, and if so, aggregating the failures to optimally scope the outage, as described in “Management of Computer Events in a Computer Environment,” (POU920070118US1), Bobak et al., which is hereby incorporated herein by reference in its entirety.
Ideally, current resource state can be gathered after scoping of a failure. However, provisions are made to insure management to the availability goal is achievable in the presence of non-responsive components in the IT environment, as described in “Managing the Computer Collection of Information in an Information Technology Environment,” (POU920070121US1), Bobak et al., which is hereby incorporated herein by reference in its entirety.
With the outage scoped and current resource state evaluated, the BR environment can formulate an optimized recovery set of operations to meet the availability goal, as described in “Defining a Computer Recovery Process that Matches the Scope of Outage,” (POU920070124US1), Bobak et al., which is hereby incorporated herein by reference in its entirety.
Formulation of a recovery plan is to uphold customer specification regarding the impact recovery operations can have between different business applications, as described in “Managing Execution Within a Computing Environment,” (POU920070115US1), Bobak et al., which is hereby incorporated herein by reference in its entirety.
Varying levels of recovery capability exist with resources used to support a business application. Some resources possess the ability to perform detailed recovery actions while others do not. For resources capable of performing recovery operations, the BR system provides for delegation of recovery if the resource is not shared by two or more business applications, as described in “Conditional Actions Based on Runtime Conditions of a Computer System Environment,” (POU920070116US1), Bobak et al., which is hereby incorporated herein by reference in its entirety.
Having evaluated the outage and formulated a set of recovery operations, the BR system resumes monitoring for subsequent changes to the IT environment.
In support of mainline BR system operation, there are a number of activities including, for instance:
In order to build a BR environment that meets recovery time objectives, IT configurations within a customer's location are to be characterized and knowledge about the duration of execution for recovery time operations within those configurations is to be gained. IT configurations and the durations for operation execution vary by time, constituent resources, quantity and quality of application invocations, as examples. Customer environments vary widely in configuration of IT resources in support of business applications. Understanding the customer environment and the duration of operations within those environments aids in insuring a Recovery Time Objective is achievable and in building workflows to alter the customer configuration of IT resources in advance of a failure and/or when a failure occurs.
A characterization of IT configurations within a customer location is built by having knowledge of the key recovery time characteristics for individual resources (i.e., the resources that are part of the IT configuration being managed; also referred to as managed resources). Utilizing the representation for a resource, a set of key recovery time objective (RTO) metrics are specified by the resource owner. During ongoing operations, the BR manager gathers values for these key RTO metrics and gathers timings for the operations that are used to alter the configuration. It is expected that customers will run the BR function in “observation” mode prior to having provided a BR policy for availability management or other management. While executing in “observation” mode, the BR manager periodically gathers RTO metrics and operation execution durations from resource representations. The key RTO metrics properties, associated values and operation execution times are recorded in an Observation log for later analysis through tooling. Key RTO metrics and operation execution timings continue to be gathered during active BR policy management in order to maintain currency and iteratively refine data used to characterize customer IT configurations and operation timings within those configurations.
Examples of RTO properties and value range information by resource type are provided in the below table. It will be apparent to those skilled in the art that additional, less, and/or different resource types, properties and/or value ranges may be provided.
A specific example of key RTO properties for a z/OS® image is depicted in
The z/OS® image has a set of RTO metrics associated therewith, as described above. Other resources may also have its own set of metrics. An example of this is depicted in
Further, in one example, the RTO properties from each of the resources that are part of the Recovery Segment for App A have been gathered by BR and formed into an “observation” for recording to the Observation log, as depicted at 850.
Resources have varying degrees of functionality to support RTO goal policy. Such capacity is evaluated by BR, and expressed in resource property RTOGoalCapability in the BRMD entry for the resource. Two options for BR to receive information operation execution timings are: use of historical data or use of explicitly customer configured data. If BR relies on historical data to make recovery time projections, then before a statistically meaningful set of data is collected, this resource is not capable of supporting goal policy. A mix of resources can appear in a given RS —some have a set of observations that allow classification of the operation execution times, and others are explicitly configured by the customer.
Calculation of projected recovery time can be accomplished in two ways, depending on customer choice: use of historical observations or use of customers input timings. The following is an example of values for the RTOGoalCapability metadata that is found in the BRMD entry for the resource that indicates this choice:
If the customer is in observation mode, then historical information is captured, regardless of whether the customer has indicated use of explicitly input timings or use of historical information.
The administrator can alter, on a resource basis, which set of timings BR is to use. The default is to use historical observations. In particular, a change source of resource timing logic is provided that alters the source that BR uses to retrieve resource timings. The two options for retrieving timings are from observed histories or explicitly from admin defined times for operation execution. The default uses information from the observed histories, gathered from periodic polls. If the customer defines times explicitly, the customer can direct BR to use those times for a given resource. If activated, observation mode continues and captures information, as well as running averages, and standard deviations. The impact to this logic is to alter the source of information for policy validation and formulation of recovery plan.
With respect to the historical observations, there may be a statistically meaningful set of observations to verify. The sample size should be large enough so that a time range for each operation execution can be calculated, with a sufficient confidence interval. The acceptable number of observations to qualify as statistically meaningful, and the desired confidence interval are customer configurable using BR UI, but provided as defaults in the BRMD entry for the resource. The default confidence interval is 95%, in one example.
There are metrics from a resource that are employed by BR to enable and perform goal management. These include, for instance:
There is also a set of information about the resource that is employed—this information is provided as defaults in the BRMD entry for the resource, but provided to the BR team in the form of best practices information/defaults by the domain owners:
In addition to the resources defined herein as part of the IT configuration that is managed, there are other resources, referred to herein as assessed resources. Assessed resources are present primarily to provide observation data for PSE formation, and to understand impact(s) on managed resources. They do not have a decomposed RTO associated with them nor are they acted on for availability by BR. Assessed resources have the following characteristics, as examples:
Similarly, there are likely scenarios where a resource exists in a customer environment that already has an alternative availability management solution, and does not require BR for its availability. However, since other resources that are managed by BR may be dependent on them, they are observed and assessed in order to collect observation data and understand their impacts on managed resources. Additionally, there may be resources that do not have alternative management solutions, but the customer simply does not want them managed by BR, but other managed resources are dependent upon them. They too are classified as assessed resources.
These assessed resources share many of the same characteristics of managed resources, such as, for example:
Finally, there are a few restrictions that BR imposes upon assessed resources, in this embodiment:
To facilitate the building of the customer's IT configuration, observations regarding the customer's environment are gathered and stored in an observation log. In particular, the observation log is used to store observations gathered during runtime in customer environments, where each observation is a collection of various data points. They are created for each of the Recovery Segments that are in “observation” mode. These observations are used for numerous runtime and administrative purposes in the BR environment. As examples the observations are used:
BR gathers observations during runtime when “observation mode” is enabled at the Recovery Segment level. There are two means for enabling observation mode, as examples:
The administrator may also disable observation mode for a Recovery Segment, which stops it from polling for data and creating subsequent observation records for insertion in the log. However, the accumulated observation log is not deleted. In one example, an RS remains in observation mode throughout its lifecycle. The UI displays the implications of disabling observation mode.
In BR, the observations that are collected by BR during runtime can be grouped into two categories, as examples:
A periodic poll observation is a point-in-time snapshot of the constituent resources in a Recovery Segment. Observation data points are collected for those resources in the Recovery Segment(s) which have associated BR management data for any of the following reasons, as examples:
The full value of these observations is derived for an RS when they include data that has been gathered for its constituent resources, plus the resources that those are dependent upon. In one embodiment, the administrator is not forced to include all dependent resources when defining a Recovery Segment, and even if that were the case, there is nothing that prevents them from deleting various dependent resources. When defining a Recovery Segment, the BR UI provides an option that allows the customer to display the dependency graph for those resources already in the Recovery Segment. This displays the topology from the seed node(s) in the Recovery Segment down to and including the dependent leaf nodes. The purpose of this capability is to give the customer the opportunity to display the dependent nodes and recommend that they be included in the Recovery Segment.
Preparatory and recovery workflows are built by the BR manager to achieve the customer requested RTO policy based on resource operations timings. During active policy monitoring by the BR manager, measurements of achieved time for operations are recorded in observations to the log and used to maintain the running statistical data on operation execution times. Observations written to the log may vary in the contained resource RTO metrics and operation execution timings.
Observations are also collected from any of the BPEL workflows created by BR in the customer's environment. There is a standard template that each BR BPEL workflow uses. As part of that template, observation data is captured at the start of, during, and at the completion of each workflow. Specifically, in one example, one observation is created at the end of the workflow with data accumulated from completion of each activity. This information is used to gather timings for workflow execution for use in creating subsequent workflows at time of failure.
In accordance with an aspect of the present invention, an IT environment is non-disruptively changed, in response to a change in resource scope of one or more business applications of the IT environment. A change in resource scope of a business application includes, for instance, adding resources and/or resource relationships to/deleting resources and/or resource relationships from the business application.
Customer IT environments change over time. Today, changes in the IT environment and configuration typically require some human intervention to detect the change, figure out the impact of the change to the availability infrastructure, and manually find and rework the necessary scripts or configurations to provide availability for the changed resources. Even after making these changes, the overall recovery capability of the altered infrastructure is unknown and subsequent changes cause fragility and the potential for failure. The problems with today's solutions include:
In accordance with an aspect of the present invention, changes in the scope of resources associated with a business application with respect to a goal, such as an availability goal, are handled programmatically. Using the capabilities described herein, a Business Resilience system, as one example implementation, is able to dynamically detect alterations in configurations, relate these to the effected business applications and propose changes in configuration (e.g., availability configuration), if any, to support the change. BR is just one example implementation. The concepts for programmatically handling changes in the scope of resources with respect to availability functions or other management function can be used by other disciplines.
Various aspects of the invention include, for instance:
1. Dynamic Detection of Infrastructure Changes
In accordance with an aspect of the present invention, changes in the IT infrastructure (e.g., additions or deletions of resources and/or relationships) are actively monitored and evaluated by the Business Resiliency system. For example, the Business Resiliency design registers for notification of additions and deletions of resource types, relationship types, resource instances, and relationship instances. Active monitoring for these infrastructure changes by a management system provides advantages over today's products, since those products generally require these changes to be manually detected, then explicitly and manually configured into the availability product. There are numerous mechanisms for dynamically obtaining notifications for additions or deletions of resources and relationships. These include, but are not limited to, CIM (Common Information Model) indications, and commercially available IT monitoring products.
2. Relating Changes to Business Applications
After changes are dynamically detected in the IT infrastructure, a next step is to relate these changes to the set of business applications (and the resources supporting and representing those applications). In the context of Business Resilience, a business application and its related resources are represented by a Recovery Segment, as described in a U.S. patent application “Recovery Segments for Computer Business Applications,” (POU920070108US1), Bobak et al., which is hereby incorporated herein by reference in its entirety. The changes that are detected are categorized into which Recovery Segment(s) the changes effect. This determination is achieved by inspecting the resources, and traversing Resource Graphs that come from the resources and relationships and taking the intersection of the Resource Graphs that are part of each Recovery Segment. In one example, each Resource Graph includes resources of one or more business applications and their interrelationships. The resource are vertices on the graph and the relationships are edges. As one example, the graphs are Dynamic Acyclic Graphs (DAGs). Further details regarding Resource Graphs and their usage by Business Resilience is described in a U.S. patent application “Use of Graphs in Managing Computer Environments,” (POU920070112US1), Bobak et al., which is hereby incorporated herein by reference in its entirety.
Each set of changes is programmatically associated with the effected Recovery Segments and processing is triggered within those Recovery Segments which are potentially affected by the change. Manual inspection and intervention for detection and association of the change is avoided, and is handled more quickly and consistently through a combination of active monitoring and automatic determination of graph intersects with Recovery Segments.
3. Dynamic Generation of Proposed Topology, Including Dependencies
Today, once changes are detected manually, they are configured into the availability infrastructure based on the known resource or relationship change. Dependent resources and relationships are not tracked and reconciled with the existing management scope. This causes a problem where resources may not be covered by the infrastructure when they should, resulting in gaps of coverage, or the reverse problem where resources are left configured for management when their usage has been changed, causing ‘over configuration’ and excess cost.
In accordance with an aspect of the present invention, a programmatic process for generating a proposed, altered topology based on the infrastructure changes and the resources that are dependent on the changed infrastructure is provided. For example, in the case of an addition, the add of a resource, such as a new logical partition (LPAR, or hosting environment for an operating system) will likely cause an addition of an operating system, and that may cause the addition of relationships between that operating system and middleware products that are hosted on that operating system. In this case, the Business Resiliency design uses the addition of the original LPAR resource as a trigger to assess the related resources to that LPAR, determine the additional resources relationships that should be considered for inclusion in the Recovery Segment and propose a modified Resource Graph to represent the Recovery Segment which includes the complete set. The modified graph is displayed to the customer for acceptance, verification, or modification. Likewise for deletion, the deletion of a resource should consider deletions of any directly dependent resources, or at least consider the disposition of the dependent resources. They may potentially be moved or deleted.
Using this feature, the Business Resilience design actively considers the impact of each change to the infrastructure in terms of a complete set of dependencies and dynamically and programmatically generates a proposed Resource Graph (to represent the Recovery Segment) for the alterations, avoiding the problems of coverage gaps in availability for new resources, or over configuration for re-purposed resources.
4. Determination of which Changes can be Automatically Handled
Some set of changes in the IT configuration can be automatically handled without need for a significant set of inspection and authorization from the administrator. Examples of such changes could be the use of additional storage volumes on a device that has already been included in the configuration, and for which there is already storage replication that handles data loss issues. Extending data use to a volume in this category is likely to have minimal impacts to the overall configuration, and may be selected by the customer as a candidate for ‘automated’ inclusion.
In one example, filters specified by the customer are matched to additions/deletions for determining if those changes are to be automatically incorporated into the RS (i.e., Resource Graph/topology).
5. Revalidation of the Business Objective
After the proposed changes to the Resource Graph are dynamically generated, an assessment is made to determine whether the required goals (e.g., availability targets) for the Recovery Segment can be met. As part of the change processing, the customer is asked to initiate the programmatic revalidation of the goal, such as the quantified Recovery Time Objective (RTO) policy, associated with the Recovery Segment. One example of validation is described below and in a U.S. patent application “Programmatic Validation in an Information Technology Environment,” (POU920070111US1), Bobak et al., which is hereby incorporated herein by reference in its entirety. The result is a programmatic assessment of whether the RTO can be met given the change, what needs to be altered in the configuration for existing resources as well as for the changes to support the designated RTO, and in one implementation, a proposed BPEL compliant workflow (or process) that identifies changes to the configuration in order to maintain the RTO.
Using the feature described herein, the customer can programmatically and consistently determine whether the change will cause impact to the RTO or other goal of the business application. This enables a more predictable, controlled availability environment for the customer, even during changes in the underlying infrastructure.
6. Maintenance of the Current Recovery Objectives During Dynamically Detected Change or Planned Reconfiguration Changes
During the change processing described herein, any RTO goals (or other goals, in a further embodiment) that have been specified for the Recovery Segments are maintained. The Business Resiliency design continues to monitor for state changes in resources that could trigger error assessment and recovery processing, and keeps the RTO policy actively managed. If the proposed change will cause a disruption to the current environment and the ability of the Business Resilience solution to meet its RTO goal, these changes are identified and the administrator is allowed to determine when to put them into effect. Disruptive changes will cause an alteration in the prepared condition for resources. One example of preparatory actions is described in a U.S. patent application “Dynamic Selection of Actions in an Information Technology Environment,” (POU920070117US), Bobak et al., which is hereby incorporated herein by reference in its entirety.
In addition to support of dynamic changes in the environment, one or more aspects of the present invention can also be used to support a consistent goal (e.g., availability goal) for the business application and its related resources during times of planned reconfiguration or change. Planned reconfiguration may involve an explicit, purposeful change to the Recovery Segment. Generating a proposed topology, in support of the change producing a validation of the availability RTO goal for the new configuration and reconciling any disruptive changes are handled similarly to dynamically detected changes.
Today's technology does not allow customers to programmatically detect disruption of service for a specified target when scope changes are initiated, either dynamically or as a result of planned reconfiguration changes. Maintaining the current specified goal during the change and identifying areas that will be impacted if the change is disruptive are advantageous design points for the programmatic scope change processing described herein.
7. Change Workflow Processing
After the changes to the configuration are identified to support the RTO goal with the changed scope of the Recovery Segments, processing to initiate the change-over is performed. One example of this processing is described below, as well as in a U.S. patent application “Non-Disruptively Changing a Computing Environment,” (POU920070122US1), Bobak et al., which is hereby incorporated herein by reference in its entirety.
In one implementation, a delta process (e.g., a BPEL compliant workflow) is generated based on the difference between what is required (identified in item 5 above) and the current operating environment. After the delta is generated, it can be inspected and automatically executed. Success or failure of the delta workflow is monitored. In case of failure, compensation workflows to undo the changes introduced by the delta workflow are also part of the change processing.
After a preparatory workflow for the scope change has been constructed (as described below), a comparison of the existing environment with the required state of preparedness for the RTO is assessed. For each operation in the new prepare workflow, BR determines if the operation is non-disruptive, if the operation has previously been performed with the same execution options and if the operation results in a more or less stringent state of preparedness for the resource. For example, the metadata associated with operations on the resource indicate if the operation can be performed without impact to some currently existing state. As an example, if a storage volume supports both synchronous and asynchronous copy, changing from asynchronous to synchronous may be achievable non-disruptively or may not. Changing from synchronous to asynchronous may not be achievable non-disruptively or may depending on the capabilities of the storage facility. Operations which are non-disruptive, have not been executed or are to be executed with different options and result in a more stringent state of preparedness for the resource are included in the delta workflow.
After determining what operations are to be included in the delta workflow, BR assesses the required ordering of operations and includes any dependent operations. In one implementation, ordering of operations and including dependent operations is achieved by BR based on pairing information. Pairing information is described in a U.S. patent application “Conditional Computer Runtime Control of an Information Technology Environment Based on Pairing Constructs,” (POU920070110US1), Bobak et al., which is hereby incorporated herein by reference in its entirety. Alternatively, ordering of operations may be represented in a file or database table.
In one example, operations in the delta workflow are divided into those that should be executed in advance of activating the policy and those that should be performed when the policy is made active for BR management to the RTO goal. One example implementation to generate a delta workflow is described below.
In a further embodiment, BR builds a list of operations that would be required to undo the effect of operations in the delta workflow based on pairing information. The list of undo operations is ordered and dependent operations are included based on pairing information. The resulting list of undo operations is preserved to be used if the delta workflow does not execute successfully.
After the delta workflow has been created, it is presented to the customer for consideration. If the customer chooses to have the IT environment prepared, the delta workflow is submitted for execution. In one implementation, submission of the delta workflow for execution and monitoring the delta workflow follows similar processes as for an initial preparatory workflow (described in U.S. patent application “Dynamic Selection of Actions in an Information Technology Environment,” (POU920070117US1), Bobak et al., which is hereby incorporated herein by reference in its entirety).
As the delta workflow executes, individual preparatory operations are assessed for successful or unsuccessful execution. For example, an operation is successful, if it completes with a return code of, for instance, 0. In a further example, the state of the resource on which the operation was executed can be assessed to determine if the expected state is achieved based on operation effect pairings. Progress of the workflow as a whole is monitored on a periodic basis by BR. When the delta workflow has ended, an assessment is made to determine if it completed successfully or unsuccessfully. On successful execution, the customer is notified and given the option of making the new resource scope the current scope. On unsuccessful execution, the undo process is initiated.
In one implementation, the following steps are taken during the monitoring of the delta workflow:
On failure to successfully execute the delta workflow, BR uses the undo operation list created when the delta workflow was formed. From the undo operation list, a workflow is created and submitted. The undo workflow is monitored for successful or unsuccessful execution. If the undo workflow is unsuccessful, in one example, a mailbox notification is sent to the BR Administrator.
In one implementation, programmatically handling changes in the IT infrastructure (with respect to availability) is a megaflow or complex task that includes a plurality of individual tasks or actions. In one example, the megaflow follows the pattern described in “Adaptive Computer Sequencing of Actions,” (POU920070106US1), Bobak et al., which is hereby incorporated herein by reference in its entirety. Alternatively, the customer may execute the individual tasks through invocation of the BR UI, or the individual tasks can be pieced together using nested transaction scopes if the selected runtime environment supports that concept.
As one example, the individual tasks are as follows, and each is run in a transaction, but no overall transaction scope exists. In another implementation, the tasks are not run in a transaction:
Build and Verify a Topology with Changed Resources:
A customer's business application may be represented, in one implementation, by a Recovery Segment. A Recovery Segment is composed of resources and relationships between resources which are used to provide the function of the business application. A Recovery Segment serves as the basis on which a quantified availability goal, as in one implementation, a Recovery Time Objective (RTO), is defined. The RS serves as a context for other BR system processes, such as monitoring, recovery processing and change processing. (Although one example of the implementation described herein refers to an availability goal, other management goals may be used, as well.)
This task accepts a UI Administrator driven request to change resources in a Recovery Segment. This process is similar to the initial process of creating the Recovery Segment, as described in a U.S. patent application “Recovery Segments for Computer Business Applications,” (POU920070108US1), Bobak et al., which is hereby incorporated herein by reference in its entirety. Further, templates used for defining Recovery Segments can also be used in this task, as described in a U.S. patent application “Defining and Using Templates in Configuring Information Technology Environments,” (POU920070109US1), Bobak et al., which is hereby incorporated herein by reference in its entirety.
As an example, BR recommends a set of resources that are to be changed along with the selected resources (e.g., additions/deletions), and generates a proposed topology, including the set of dependent resources which should be added or deleted. The BR Administrator inspects the topology and iteratively alters it until satisfied with the topology. Once satisfied, the BR Administrator then initiates the change request. The new proposed topology is inspected to ensure there are no cycles in the graph, and then the BR Management data associated with the changed resources in the Recovery Segment is updated accordingly.
In a further implementation, filters may be defined which identify resource or relationship types with optional specification of property values for those resources. Defined filters may then be used in determining if resources or relationships which come into existence in the IT environment should be automatically incorporated into the supporting set of resources for the business application as represented by a RS. Positive pattern matching of the filter resource/relationship type and property values to instances of resources added to the IT environment may result in programmatic updates to the RS topology and subsequent steps to alter the RS. Filters may be of particular use where there exists a large number of similar or equivalent resources, such as sets of x86 servers or storage devices.
Validate Policy:
This task is invoked to validate the policy (i.e., goal) against the modified Recovery Segment topology. No changes are made to the existing goal policy; this is done to ensure the existing policy is still achievable and to populate the goal policy table for the new topology.
In one implementation, a PSE is a representation of a customer environment used to characterize the manner in which the goal of a business application is to be processed. A PSE has associated with it a set of one or more date and time ranges. For example, each Monday through Friday from 8 am to 5 pm except holidays. A PSE is associated with a business application, which in one implementation may be represented by a Recovery Segment. Therefore, the PSE is associated with a collection of IT resources. Each of the associated IT resources may have one or more supported operations for one or more discrete functions, such as recovery or preparing the environment for recovery. For each such resource operation, the PSE has an operation execution duration. Since operation execution duration may change over time, the monitoring function of the BR system gathers real-time operation execution duration time and updates the PSE. A PSE may be formed by programmatic processes acting on data gathered from the customer environment. In one implementation, observation mode is enabled for a RS resulting in monitoring functions gathering data on the resources associated with the RS, including operation execution duration. This data is recorded to a log from which programmatic processes may evaluate characteristics of the customer environment resulting in a suggested set of PSE(s).
Defining a goal may be performed manually or through use of the processing described herein, as one example. Defining a goal includes, for instance, associating a quantitative goal, such as a Recovery Time Objective (RTO), with a business application. In one implementation, a business application is represented programmatically by a Recovery Segment (RS). RTO goals are specified by the customer at a Recovery Segment level and apportioned to the various component resources grouped within the RS. In one example, RTO goals are expressed as units of time intervals, such as seconds, minutes, and hours. Each RS can have one RTO goal per Pattern System Environment associated with the RS. Based on the metrics available from the IT resources, and based on observed history and/or data from the customer, the RTO goal associated with the RS is evaluated for achievability, taking into account which resources are able to be recovered in parallel.
Prior to altering the existing IT environment, changes in RTO specification are evaluated against the PSE(s) specified to determine if achievement of the RTO goal is possible. Validation insures operation execution duration timings exist (either from observed history or from customer specification) for resources contained in the RS. A combination of validation (as described in a U.S. patent application “Programmatic Validation in an Information Technology Environment,” (POU920070111US1), Bobak et al., which is hereby incorporated herein by reference in its entirety, and generation of preparatory workflow (as described in a U.S. patent application “Dynamic Selection of Actions in an Information Technology Environment,” (POU920070117US1), Bobak et al., which is hereby incorporated herein by reference in its entirety) creates a preparatory workflow based on the new RTO goal and builds a recovery plan starting with the assumption that all resources in the RS are to be recovered. An assessment of the achievability of the recovery plan is performed by validation based on operation execution timings associated with the specified PSE. The new preparatory workflow is preserved for subsequent analysis and generation of a delta workflow. Further details regarding validation are described below.
When a goal is associated with a business application, it is desirable to predict whether or not that goal is achievable. That is the responsibility of validation. Validation can be performed by human inspection of the resources supporting the business application, followed by an analysis of recovery operations those resources may support and a further analysis of the ordering and execution time of the set of recovery operations.
Alternatively, the validating process is programmatic and performs the following steps, in one example. A goal in the form of a policy is specified by the BR administrator through the BR provided User Interface (UI). Additionally, a representation of the customer environment may be specified, as in one implementation through a RS. A worst case scenario in which recovery for all resources associated with the RS is used to determine if the goal is achievable. Recovery operations for each resource and the execution duration time for each recovery operation could be specified through a file or database table. Alternatively, recovery operations and related execution duration times, in the context of a particular customer environment, may be associated with a PSE. Further, recovery operations which result in a resource becoming available from a failed or degraded state may be represented through pairings. In one example, a recovery operation is selected from potential recovery operations. For instance, the recovery operation having the smallest operation execution duration time is selected.
Having selected recovery operations for resources supporting the business application, any dependencies those operations may have on other operations are identified. This identification could be through specification or dependencies in a file or database table. Alternatively, operation ordering dependencies may be specified through pairings. Operations which are depended on are added to the set of recovery operations. Subsequently, any ordering dependencies among recovery operations in the set is identified and used to sequence operations. Ordering dependencies may be specified through a file or database table. Alternatively, ordering dependencies may be specified through pairings. From the ordered set of operations, a total recovery time may be calculated manually. Alternatively, a programmatic representation of the recovery set of operations may be generated in the form of a Gantt chart from which the maximum time for executing the sequence of recovery operations may be determined.
In order to validate the achievability of a quantitative goal, the preconditioned state of the IT environment is evaluated, in one example. Preconditioning may include specific actions taken on each resource. For example, establishing a flash copy set for storage resource, establishing an active data sharing environment for a database resource, or establishing a level of redundancy in containers supporting application logic. Manual inspection of the IT environment may be performed to make the required evaluation and to identify preparatory actions required to make achievement of the availability goal possible. Alternatively, this evaluation is performed programmatically.
The current state of resources is determined and used in conjunction with preparatory effect pairing constructs to determine if the current state of a resource can meet the recovery goals or if operations to alter the current state of the resource, preparatory operations, are needed to enable achievement of the recovery goal. For example, if a RTO of 30 seconds is to be achieved, and the business application uses a DB2® database, the storage backing the database may or may not have a duplicate copy maintained by synchronous replication. Suppose the storage for the database does not have a duplicate initially. Recovery operations would require restoring a previous copy of the database and application of database log records from the point in time the copy was created until the failure of the storage volume was detected. This process would in all likelihood not meet the 30 second RTO goal. Alternatively, if a duplicate copy of the storage volume is established and maintained through synchronous replication, at the time of failure of the storage volume a recovery operation which switches to the duplicate copy can complete well within the 30 second RTO goal. Therefore, given the recovery times associated with having or not having a duplicate copy of the storage volume, it is determined that creation of a duplicate copy of the storage volume and ongoing synchronous replication is a required preparatory operation to achieve the specified RTO goal. Many such examples exist depending on the resource and the different recovery operations which may be performed predicated on the state of the resource at the time of failure and the ability to precondition the resource to achieve a RTO.
Where preparatory operations are required, precursor operations and dependencies among the set of operations is determined using pairings. The set of preparatory operations may then be formed into a workflow and provided to the customer for programmatic execution or manual execution. After the IT environment has been altered by a set of preconditioning actions, a subsequent validation of achievability for the goal detects the alterations resulting in a potentially different set or a null set of preconditioning actions.
In the cases referenced above where pairing constructs are utilized, those constructs may be conditionally included in BR system processing based on trigger rules and real-time IT environment conditions.
If preconditioning actions (a.k.a., preparatory processing) is employed, some of the preparatory operations may fail to execute correctly. Should a failure of a preparatory operation occur, the IT environment may need to be returned to the prior state. An undo set of operations is formed, in one example, and executed manually through human intervention. An alternative implementation provides a programmatic formation of an undo workflow process to be conditionally executed should a preparatory workflow result in failed operations. Formation of the undo workflow uses pairing constructs to identify undo operations.
When an IT environment has been preconditioned through preparatory actions to assure achievability of a goal, it is monitored to insure prepared resources do not become changed such that the goal would fail to be achievable. Monitoring of the prepared environment may be achieved through manual, human intervention or through monitoring associated with individual products and coordinated by the customer.
For example, preparatory operations which are selected for the new workflow are evaluated to determine if a disruptive change to the current environment will occur. By changing the scope of resources associated with the RS, the required state of resources in advance of an outage may also change. If changing the scope of resources causes a resource to have a less stringent state of preparedness, the customer is notified. BR does not automatically lower the stringency state of preparedness of a resource. If a more stringent state of preparedness is required for a resource, operations affecting that state may be capable of being executed without impact to the current environment. Non-disruptive operations are added to the new workflow. Operations which would be disruptive to the current environment are not added to the workflow. BR provides notification to the customer if disruptive operations are required by the change in resource scope.
Recognition of stringency of preparedness of a resource resulting from preparatory operation execution is achieved through use of metadata associated with the resource and operations on the resource. BR metadata on resource operations is also used to determine if execution of an operation is disruptive or non-disruptive to the current IT environment.
Generate Delta Workflow for New Scope:
After a new preparatory workflow has been constructed based on the scope, a comparison of the existing environment with the required state of preparedness for the new scope is assessed. For each operation in the new prepare workflow, BR determines if the operation is non-disruptive, if the operation has previously been performed with the same execution options and if the operation results in a more or less stringent state of preparedness for the resource. Operations which are non-disruptive, have not been executed or are to be executed with different options and result in a more stringent state of preparedness for the resource are included in a delta workflow. In particular, the metadata associated with operations on the resource indicate if the operation can be performed without impact to some currently existing state. For example, if a storage volume supports both synchronous and asynchronous copy, changing from asynchronous to synchronous may be achievable non-disruptively or may not. Changing from synchronous to asynchronous may not be achievable non-disruptively or may depending on the capabilities of the storage facility.
After determining what operations are to be included in the delta workflow, BR assesses the required ordering of operations and includes any dependent operations. In one implementation, ordering of operations and including dependent operations is achieved by BR based on pairing information. Pairing information is described in a co-filed application, entitled “Conditional Computer Runtime Control of an Information Technology Environments Based on Pairing Constructs,” (POU920070110US1). Alternatively, ordering of operations may be represented in a file or database table.
In one example, operations in the delta workflow are divided into those that should be executed in advance of activating the policy and those that should be performed when the policy is made active for BR management to the RTO goal. One example implementation to generate a delta workflow is described herein.
In a further embodiment, BR builds a list of operations that would be required to undo the effect of operations in the delta workflow based on pairing information. The list of undo operations is ordered and dependent operations are included based on pairing information. The resulting list of undo operations is preserved to be used if the delta workflow does not execute successfully.
Execute the Generated Workflow Reflecting a Delta to the Existing Configuration for Enabling the New Scope.
After the delta workflow has been created, it is presented to the customer for consideration. If the customer chooses to have the IT environment prepared for the new scope, the delta workflow is submitted for execution. In one implementation, submission of the delta workflow for execution and monitoring the delta workflow follows similar processes as for an initial preparatory workflow (described in U.S. patent application “Dynamic Generation of Processes in Computing Environments,” (POU920070123 US1), Bobak et al., which is hereby incorporated herein by reference in its entirety).
Monitor the Generated Workflow for Successful or Unsuccessful Completion.
As the delta workflow executes, individual preparatory operations are assessed for successful (i.e., operation completes with a return code of 0) or unsuccessful execution. Progress of the workflow as a whole is monitored on a periodic basis by BR. When the delta workflow has ended, an assessment is made to determine if it completed successfully or unsuccessfully. On successful execution, the customer is notified and given the option of making the new topology active. On unsuccessful execution, the undo process is initiated.
In one implementation, the following steps are taken during the monitoring of the delta workflow:
Create, Execute and Monitor a Workflow to Undo Changes Introduced By the Delta Workflow if it is Unsuccessful.
On failure to successfully execute the delta workflow, BR uses the undo operation list created when the delta workflow was formed. From the undo operation list, a workflow is created and submitted. The undo workflow is monitored for successful or unsuccessful execution. If the undo workflow is unsuccessful, in one example, a mailbox, notification is sent to the BR Administrator.
One embodiment of the logic to manage a non-disruptive scope change is described with reference to
In one implementation, this logic is invoked programmatically from the BR user interface as a result of the RS scope changes made by the BR Administrator. It is used to encapsulate the logic involved with updating the BR Management data for the resources either added and/or deleted from the Recovery Segment.
One embodiment of this logic is described with reference to
The inputs to this routine include, for instance, the Recovery Segment to be modified, a set of IT resources to add or delete, and a set of relationships to add or delete. For illustration purposes, these terms are utilized in this logic to denote the inputs to this routine:
One embodiment of the logic to generate a delta workflow is described with reference to
After the ordered list of operations for the new prepare workflow, OP_ORDER_WF_LIST_NEW, has been traversed, the delta workflow has been populated in OP_ORDER_WF_LIST_DELTA. That delta workflow is to be split into two categories, in this example: prepare time (i.e., P1) and 1st phase activate time (i.e., P2). The “Split Prepare Workflow” logic is invoked, STEP 1122 (
As one example, the steps to split the workflow include:
The output from this flow is two ordered list of operations:
After the delta workflow is split, an undo ordered list of operations is created for the OP_ORDER_WF_LIST-P1 list, by invoking the “Op Order Undo” logic, STEP 1124. One implementation of this logic is described herein and in a U.S. patent application “Dynamic Selection of Actions in an Information Technology Environment” (POU920070117US1), Bobak et al., co-filed herewith, which is hereby incorporated herein by reference in its entirety.
For example:
The output from this logic is an Undo Prepare time ordered list of operations denoted by OP_ORDER_UNDO_WF_LIST_P1.
Subsequent to generating the undo ordered lists of operations, a check for dependencies between operations to be done at 1st phase active time and operations not done at 1st phase active time. For each operation in the list OP_ORDER_WF_LIST_P2, STEP 1126:
After the search for dependencies in OP_ORDER_WF_LIST_P2 is complete, STEP 1126, a Gantt chart for the delta workflow is generated. The “Build Gantt Chart” logic is invoked using the prepare time ordered list of operations OP_ORDER_WF_LIST_P1, STEP 1134. One implementation of this logic is described below and in a U.S. patent application “Programmatic Validation in an Information Technology Environment” (POU920070111US1), Bobak et al., co-filed herewith, which is hereby incorporated herein by reference in its entirety.
In one example, Gantt processing is performed in, for instance, two phases. In the first phase, a table is built that includes one row for each unique path through the sequence of operations. The input ordered_op_list is indexed by the variable i_order_op_list. The result of phase one processing is a table, outlist_table. An index, i_next_avail_row, indicates the row within outlist_table where the next unique sequence through the set of operations is to be built. Processing proceeds by locating each input operation with the lowest operations sequence number. Each of these is a root of unique paths through the set of operations. The set of these operations is processed sequentially with unique paths through the set of operations for the first root completing before processing the unique paths through the set of operations for the second root.
Processing for a root begins by assigning the current row in the outlist_table to the index, current_orow_index, and incrementing the i_next_avail_row index. Within the row being processed, an index to the current operation being processed is maintained, index_for_ops. Processing proceeds through the list of operations in the input. A new row is created in outlist_table when more than one input operation is to occur after the current operation being processed. Two indicators are kept with each row of the outlist_table in, for instance, a header column. Header includes, for instance, a row_changed indicator and a row_end indicator. The row_changed indicator is used to cause a copy of the row to be made before a new operation which is to occur later in the sequence is added. Associated with each row are two fields used to save progress in processing the sequence: an ordered_op_next field, which includes an index into the input ordered_op_list for the last operation in the sequence; and an op_next field, which includes an index into the row for the last operation in the sequence. Entries in the row include an index into the input ordered_op_list for operations comprising the sequence.
When a new row is created, it is initialized with the sequence of operations in the current row that have been accumulated to that point of processing. The second indicator associated with each row, row_end, is used to identify a row which is a complete path through the sequence of operations.
The next row is processed in the same manner as the first row of a root. Processing for a root is determined to have recorded every unique path through the sequence of operations when there were no copied rows made during processing of the current row. When the unique paths through the set of operations for the first root has completed, processing continues with the second and subsequent roots.
The second phase of processing builds the output of the routine, Gantt_table and maxtime. The maximum time for execution of the sequence of operations is set in maxtime. The Gantt_table includes one row for each opentry in the ordered_op_list input. An entry in the Gantt_table includes, for example, the opentry provided as input, a start time relative to 0, and an end time relative to 0 for the operation.
The prepare time ordered list of operations OP_ORDER_WF_LIST_P1 is also used to create the delta workflow in BPEL format by invoking the “Build Prep Workflow” task, STEP 1136. One implementation of this logic is described herein and in a U.S. patent application “Dynamic Generation of Processes in Computing Environments” (POU920070123US1), Bobak et al., which is hereby incorporated herein by reference in its entirety.
For example, processing performed by the Build WF routine may include:
Described in detail herein is a capability for non-disruptively changing an IT environment, in response to a change in resource scope.
One or more aspects of the present invention can be included in an article of manufacture (e.g., one or more computer program products) having, for instance, computer usable media. The media has therein, for instance, computer readable program code means or logic (e.g., instructions, code, commands, etc.) to provide and facilitate the capabilities of the present invention. The article of manufacture can be included as a part of a computer system or sold separately.
One example of an article of manufacture or a computer program product incorporating one or more aspects of the present invention is described with reference to
A sequence of program instructions or a logical assembly of one or more interrelated modules defined by one or more computer readable program code means or logic direct the performance of one or more aspects of the present invention.
Advantageously, a capability is provided for non-disruptively providing a process to effect a change in an IT environment responsive to a change in resource scope. During the change to the environment, management to the existing resource scope is continued.
Although various embodiments are described above, these are only examples. For example, the processing environments described herein are only examples of environments that may incorporate and use one or more aspects of the present invention. Environments may include other types of processing units or servers or the components in each processing environment may be different than described herein. Each processing environment may include additional, less and/or different components than described herein. Further, the types of central processing units and/or operating systems or other types of components may be different than described herein. Again, these are only provided as examples.
Moreover, an environment may include an emulator (e.g., software or other emulation mechanisms), in which a particular architecture or subset thereof is emulated. In such an environment, one or more emulation functions of the emulator can implement one or more aspects of the present invention, even though a computer executing the emulator may have a different architecture than the capabilities being emulated. As one example, in emulation mode, the specific instruction or operation being emulated is decoded, and an appropriate emulation function is built to implement the individual instruction or operation.
In an emulation environment, a host computer includes, for instance, a memory to store instructions and data; an instruction fetch unit to obtain instructions from memory and to optionally, provide local buffering for the obtained instruction; an instruction decode unit to receive the instruction fetched and to determine the type of instructions that have been fetched; and an instruction execution unit to execute the instructions. Execution may include loading data into a register for memory; storing data back to memory from a register; or performing some type of arithmetic or logical operation, as determined by the decode unit. In one example, each unit is implemented in software. For instance, the operations being performed by the units are implemented as one or more subroutines within emulator software.
Further, a data processing system suitable for storing and/or executing program code is usable that includes at least one processor coupled directly or indirectly to memory elements through a system bus. The memory elements include, for instance, local memory employed during actual execution of the program code, bulk storage, and cache memory which provide temporary storage of at least some program code in order to reduce the number of times code must be retrieved from bulk storage during execution.
Input/Output or I/O devices (including, but not limited to, keyboards, displays, pointing devices, DASD, tape, CDs, DVDs, thumb drives and other memory media, etc.) can be coupled to the system either directly or through intervening I/O controllers. Network adapters may also be coupled to the system to enable the data processing system to become coupled to other data processing systems or remote printers or storage devices through intervening private or public networks. Modems, cable modems, and Ethernet cards are just a few of the available types of network adapters.
Further, although the environments described herein are related to the management of availability of a customer's environment, one or more aspects of the present invention may be used to manage aspects other than or in addition to availability. Further, one or more aspects of the present invention can be used in environments other than a business resiliency environment.
Yet further, many examples are provided herein, and these examples may be revised without departing from the spirit of the present invention. For example, in one embodiment, the description is described in terms of availability and recovery; however, other goals and/or objectives may be specified in lieu of or in addition thereto. Additionally, the resources may be other than IT resources. Further, there may be references to particular products offered by International Business Machines Corporation other companies. These again are only offered as examples, and other products may also be used. Additionally, although tables and databases are described herein, any suitable data structure may be used. There are many other variations that can be included in the description described herein and all of these variations are considered a part of the claimed invention.
Further, for completeness in describing one example of an environment in which one or more aspects of the present invention may be utilized, certain components and/or information is described that is not needed for one or more aspects of the present invention. These are not meant to limit the aspects of the present invention in any way.
One or more aspects of the present invention can be provided, offered, deployed, managed, serviced, etc. by a service provider who offers management of customer environments. For instance, the service provider can create, maintain, support, etc. computer code and/or a computer infrastructure that performs one or more aspects of the present invention for one or more customers. In return, the service provider can receive payment from the customer under a subscription and/or fee agreement, as examples. Additionally or alternatively, the service provider can receive payment from the sale of advertising content to one or more third parties.
In one aspect of the present invention, an application can be deployed for performing one or more aspects of the present invention. As one example, the deploying of an application comprises providing computer infrastructure operable to perform one or more aspects of the present invention.
As a further aspect of the present invention, a computing infrastructure can be deployed comprising integrating computer readable code into a computing system, in which the code in combination with the computing system is capable of performing one or more aspects of the present invention.
As yet a further aspect of the present invention, a process for integrating computing infrastructure, comprising integrating computer readable code into a computer system may be provided. The computer system comprises a computer usable medium, in which the computer usable medium comprises one or more aspects of the present invention. The code in combination with the computer system is capable of performing one or more aspects of the present invention.
The capabilities of one or more aspects of the present invention can be implemented in software, firmware, hardware, or some combination thereof. At least one program storage device readable by a machine embodying at least one program of instructions executable by the machine to perform the capabilities of the present invention can be provided.
The flow diagrams depicted herein are just examples. There may be many variations to these diagrams or the steps (or operations) described therein without departing from the spirit of the invention. For instance, the steps may be performed in a differing order, or steps may be added, deleted, or modified. All of these variations are considered a part of the claimed invention.
Although embodiments have been depicted and described in detail herein, it will be apparent to those skilled in the relevant art that various modifications, additions, substitutions and the like can be made without departing from the spirit of the invention and these are therefore considered to be within the scope of the invention as defined in the following claims.
