Information Technology (IT) configuration managers are often interested in tracking configuration changes in a monitored environment as part of incident/problem management or auditing activities. Such changes may be authorized changes that have been approved (this may be verified by correlating these changes to existing Requests For Change—RFCs, and checking the compliance of the corresponding composite configuration items of the environment) or unauthorized changes.
When monitoring the configuration of an environment of composite configuration items (Cls) of a large organization, numerous Cls are to be considered. Typically, IT managers refer to “snapshots” of the environment, which are historical states of configuration of that environment that are recorded in the course of time.
Snapshot comparison in real time may be very time consuming, especially when considering large environments.
Embodiments of the present invention are described in the following detailed description and illustrated in the accompanying drawings in which:
The configuration information may be stored in a dedicated database (such as, for example, Universal Configuration Management Data Base—UCMDB by HP). The displayed configuration information may be, for example, in the form of a high detail level snapshot representation of the monitored environment, but other levels of detail may be considered for display. In some embodiments the configuration information may include only Cl identity, name and type. In other embodiments the configuration information may refer only to a portion of the Cls of the monitored environment (e.g. not all Cls, and in some cases even not most of the Cls) which may be sufficient to address most of the required or anticipated queries about the configuration of the environment.
An environment typically includes a plurality Composite Cls. A composite configuration item (Cl) is a Cl that includes other Cls. A composite Cl may typically be made up of a root Cl and other supporting Cls which are called contained Cls. A composite Cl is typically said to exist as long as its root element can be uniquely identified. Supporting elements may be added to the composite Cl after it has been created. Each definition of composite Cl may include the attributes that the root and contained Cls in the composite can have.
For example, a server may be regarded as a composite Cl, and it may include a root computer system object which may be related to various other items, such as hardware components, an operating system, software, and networking elements. A server may be created with a computer system only. The operating system, hardware, and networking elements can be added and updated at any time.
A Composite Cl tree may include a “leading Cl” as the root Cl (e.g. UNIX server Cl) and “component Cls” as nodes of that tree (e.g. CPU Cl, File System Cl etc.).
When obtaining snapshots of a configuration state of composite Cls of a monitored environment using the Composite Cl level, such configuration snapshots may be of relatively small in size compared with other snapshot formats offering tracking and gathering information on configuration changes in an environment while minimizing loads on resources.
A method or system for monitoring configuration changes of an environment of composite Cls may monitor changes in data logged in the UCMDB (which are affected by actual changes in configuration of composite Cls in the environment). In some embodiments, when configuration change occurs (e.g. a Cl or a link changes), the system may automatically obtain a current snapshot of configuration information to the database. The snapshot information may be persisted in the Composite Cl level (aggregated information), thus keeping much less Cl and related information (since a Composite Cl is a representation of an internal tree of Cls). When there is change in one of the Cls, a new version of the composite Cl that holds the modified Cl information is added to the database with a new version identification (and an indicator of the nature of the change—e.g. addition, deletion, update).
The snapshot information may be saved in the database aggregated on the composite Cl level (containing aggregation about all the internal Cl's). Enough snapshot information may be persisted to show the status of the Composite Cl while allowing drilling down to details in the UCMDB system when needed.
In some embodiments the system may log only composite Cis that were changed in the environment. In some embodiment metadata may be used, and the configuration information may be separated into “static” and “dynamic” portions. Static information may be used to track information about Cls that do not change over time (ID, Name, Type, etc.). Dynamic information may refer to logged information on Cls whose configuration has changed over time, Cl version—metadata that allows tracking changes in Cls and later on compare environments, Cl Violations, Comparison status—compared with previous logged items, etc. The logged information may be arranged in the form of a table or tables. Each record in the dynamic table may have a start and end date that represent the validity of the log item in the history. In some embodiments only the dynamic portions of the configuration information may be changed and written (and rewritten), so that the logged information is kept to a minimum. Snapshots may be taken at determined intervals. The intervals may vary and may be configurable (allowing a user to change the rate at which snapshots are obtained). Snapshots may also be created synchronously in response to changes that are made by users (i.e. approving changes in environments). In other embodiments the snapshots may be taken manually upon user requests.
In some embodiments the environment topology may be compressed into aggregative topology, which is typically compact and thus suitable for persistence.
In some embodiments Cl historical compliance results (status) may be persisted in conjunction with a leading Cl (also referred to as—“the root Cl”) of the composite Cls. Cl data may be thus fetched together with its compliance information for incorporation in a Snapshot.
Snapshots may contain very large set of Cls and links thus users may be allowed to navigate through the snapshots data, using filters and paginating over the results. According to embodiments of the present invention fetching any snapshot or comparing between any two topological snapshots, returning paginated results, sliced and diced using filters may all be facilitated. The user may see filter suggested values based on the data. Using this capability one may conveniently see the kind of data that is in the list and thus helping to the understanding and analyzing of the set of data that is under inspection.
In accordance to some embodiments other queries may be made, that may require extra information which is kept in the UCMDB. This may occur when a user wishes to focus on a specific Cl(s). Since only a fraction of the configuration information is stored (in composite Cl level), one may need in such cases to add the missing information from the UCMDB, but since the data is usually asked for just a few Cls, these queries may be completed very quickly. Thus, composite Cl configuration information may be saved in a configuration management database, the detailed Cl information may be saved in the UCMDB. CM data may be used to show the results in high level detail, for example, in high performance by normalizing the data as required or desired. When it is desired to drill into more details the full set of data in UCMDB may be accessed and retrieved. As this dataset is very small scalability may not be an issue.
An organization may have under its disposal various composite Cls (404a-g). For example, there may be Cls (404a, 404c) connected over a network 410 to configuration policy extractor device 402. there may also be, for example, composite Cls (404d-e, 404f-g) connected by a local network, either connected to (404f-h) or separated from (404d-e) network 410. Additional Cls may include stand-alone composite Cl (404c).
Device for monitoring configuration changes of an environment 402 may be provided in the form of a server or a host, and may include module 406 for monitoring configuration changes of an environment, which is designed to execute a method for monitoring configuration changes of an environment, in accordance with embodiments of the present invention.
The storage device 502 may be used for storing configuration data such as, for example, a Configuration Management Data Base (CMDB). According to some embodiments of the present invention, system 500 may include a crawler application that constantly, periodically or otherwise, searches an organization network to collect snapshots of the configuration status of its composite Cls.
On large environments filtering may become very helpful for understanding the type of data that is in the environment even without looking at the details. Additional filter criteria may include instance count filtering specific Cl attributes.
One may correlate between detected configuration changes with automation flows that may be run on the environment, so as to provide heuristic information about how successful an automation flow is, and by that predict how risky it would be to run it.
Aspects of the invention may be embodied in the form of a system, a method or a computer program product. Similarly, aspects of the invention may be embodied as hardware, software or a combination of both. Aspects of the invention may be embodied as a computer program product saved on one or more non-transitory computer readable medium (or mediums) in the form of computer readable program code embodied thereon. Such non-transitory computer readable medium may include instructions that when executed cause a processor to execute method steps in accordance with embodiments of the present invention. In some embodiments of the present invention the instructions stores on the computer readable medium may be in the form of an installed application and in the form of an installation package.
For example, the computer readable medium may be a non-transitory computer readable storage medium. A non-transitory computer readable storage medium may be, for example, an electronic, optical, magnetic, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof.
Computer program code may be written in any suitable programming language. The program code may execute on a single computer, or on a plurality of computers.
Aspects of the invention are described hereinabove with reference to flowcharts and/or block diagrams depicting methods, systems and computer program products according to embodiments of the invention.