PERFORMANCE ANA LYTI CSSOLUTION f or IBM MF

PL ATFORM

2 01 7

WHY ConicIT NOW?

• New research from analyst firm Quocirca reveals that Critical IT Events (CIE) cost the average European business millions per year.

• Organizations reported an average of three critical IT events per month (36 per year) with each CIE costing on average €115K (€ 88K for the business and € 27K for IT). A critical IT event occurs when a business application or infrastructure is down, or has a malfunction, resulting in a business process being halted or users left unable to reasonably carry out tasks and transactions.

• 65% of European organizations report that a past CIE has led to reputational damage and associated financial losses

WHY ConicIT NOW?

• IT Budgets are shrinking and organizations have to domore with less

• The cost per call to the help desk is climbing

• The number of avoidable downtime events areincreasing with a larger impact per event

• Current tools tell you (just) what happened....

• Machine learning technology like we developed inConicIT is here to stay and organizations need it for theirnext generation enterprise monitoring

• Implement ConicIT has ZERO risk, relatively low effortand low entry cost and clear ROI of less than 6 months!!

IT PERFORMANCE MANAGEMENT CHALLENGES

TRADITIONAL MONITORING

Too much data, too many sources - a virtual operator is

a must

PREDEFINED PERFORMANCE

THRESHOLDS

Predefined static thresholds mean performance

problems are noticed only after users are affected and receiving many false

alerts

COST

Costs are more tightly connected

to actual usage

VIRTUALIZATION AND THE CLOUD

TECHNOLOGY

Virtualization and the cloud technology is

increasing performance management complexity

WHAT IS ConicIT?

ACCURATE,ACTIONABLE ALERTS

Intelligent mainframe solution for production IT performance alerts through predictive analytics by using sophisticated mathematics and world class domain knowledge

Dynamic, self learned, thresholds

AlwaysVIGILANT

Predictiveanalytics

ConicIT MAIN FUNCTIONALITY• ConicIT STARTS WHERE z/OS PERFORMANCE MONITORS STOP - ConicIT connecting to your existing Z/OS

performance monitors and augments their analysis by analyzing thousands of Mainframe performance metricsper minute.

• ConicIT automatically detects performance problems on Mainframe and Proactively ALERTS PERFORMANCEANOMALIES – based on MACHINE LEARNING Algorithms .

• ConicIT sets DYNAMIC THRESHOLDS based on performance history and alerts on problems before they areaffecting users and provide ROOT CAUSE INFORMATION required effectively solve the performance issue firsttime it happens.

• VIEW ALL MAINFRAME PERFORMANCE DATA IN ONE SCREEN - ConicIT software is an ALWAYS-ON, 24/7 EXPERTUSER that intimately understand normal system behavior on one central console.

• ConicIT can store performance alerts and data in SPLUNK database

• Alerts can be sent into the NOC/Email system

• Forensic information (actual monitoring screens)

GETTING STARTEDIS SIMPLE• Non-intrusive - painless installation on a standard

Linux (including LoZ) server

• Does not take any (“expensive”) MIPS resources onthe MF

• Easy to install - no integration needed, uses datafrom existing performance monitoring tools

• No Project – Self learning system

• Automatically calculates dynamic thresholds byautomated learning

• Fully customizable

ConicIT BENEFITS SUMMARY

• Higher MF applications uptime by alerting about application performance anomalies BEFORE users are affected

• Smaller War-Rooms by 25% to 40%. ConicIT Operational intelligence improves the ability of IT teams to respond to Critical IT Events and this lead to higher team productivity

• Reduction in MTTR (mean-time-to-resolution)

• Lowers unexpected sub-capacity MIPS pricing costs

• In many cases ROI is in less than 6 months

Few real lifeexamplesConicIT Goals

By Tidhar Seifer

WHY BEHAVIORAL ANALYSIS?

time

Anomaly occurs

First Users Affected

IT Analysis and action

Because it’s important to identify the problem early, in order to find the root cause, not the late symptoms.

SymptomsReal Cause

…I don't know the details of how Amazon EBS isimplemented, but there is enough informationavailable to explain how it behaves.

Adrian Cockcroft – CTONetflix

IT Analysisand action

NEEDS TOHAPPEN HERE!

# of relevant

events

PROBLEMS FOUND HERE

ConicIT DATA CHART

ConicIT GOALS• To improve system stability (by recognizing anomalies)

• To early recognize performance problems (by recognizing anomalies)

• To provide long performance history

• To aggregate all performance data to one screen

ConicIT COMPONENTS• ConicCollect Engine

• Data acquisition

• Data processing

• Statistical modeling

• Machine learning algorithms

• Web Server

• Presenting tables with information and processing results, including alerts

• Presenting detailed graphs, including the expected values as green-zone

• Easy navigation – up to one year backward

• Alerts Application

• Windows application that pops-up the alerts on your personal PC

• Alerts can also be sent via SNMP to any alerting system

ConicIT COMPONENTS

PREDICTION• Detailed Behavioral profile • Prediction based on model• Machine learning algorithms• Prediction as green highway

ALERTS• Accurate meaningful alerts• Dynamic thresholds• Alerts decision model

DOMAIN AWARENESS• System specific parameters• Synthetic parameters• Generic + Customer specific

The Web UI Of ConicIT –ONE YEAR of DETAILED HISTORY

ConicIT recognizes that CPU of 10.98% for PSYCICS7 started-task is too high compared to the expected range for that time (the green stripe). ConicIT automatically starts Strobe to investigate the anomaly of the job’s CPU.

REAL TIME

TREND –

NORMAL or

ANOMALY?

JOBS CPU% from MAINVIEW

WHEN ANOMALIES ARE IGNORED, THEY CAN PERSIST FOR LONG TIME, CONSUMING RESOURCES

ALERT on ANOMALYin CPU% of STARTED-TASK CPU%

ALERT on ANOMALYin CPU% of STARTED-TASK CPU%

CICS DETAIL SUMMARY

CICS GROUPS SUMMARY

SPECIFIC TRANSACTIONS MONITORING

FOUR HOURS AVERAGE PREDICTION and ALERTS

ConicIT for Splunk™

• ConicIT for Splunk™ is a simple to install option,simple to use agentless to get mainframeoperational data of the mainframe and intoSplunk™.

• ConicIT minimizes ingestion charges by storingonly the important data to Splunk™.

• Data extraction is easy to set up and uses a formatyour system folks understand – their monitor.

• ConicIT can uses the data in Splunk™ for holisticanomaly detection – mainframe, distributed andcross platform.

• Once ConicIT senses an anomaly, ConicIT cangather deeper information to make sure thatappropriate data for post mortem analysis isavailable in Splunk™.

ConicIT detects performance

anomaly: CPU above the

expected (green) range

Compuware-Strobe investigates

and analyzes the application

The user receives an email

with link to Strobe’s

investigation result

ConicIT for STROBE

ConicIT for SPLUNK USE CASES• Break down the silos

• store mainframe performance data in the same store (Splunk™) asyour distributed data

• make performance data mainframe data easily accessible for yourdistributed teams

• Cross platform transaction anomaly detection

• Splunk™ can correlate between distributed and mainframeperformance data

• ConicIT adds the ability to find anomalies and predict performanceissues

• ConicIT as early warning system for cross platform issues

• Leverage Splunk™ data to uncover anomalies anywhere -mainframe, distributed and cross platform.

EXTENDED ConicIT

for SPLUNK USE CASES

• Use ConicIT as a “automated operator” that tirelessly watchesyour system for anomalies and takes relevant action:

• Gathering related SMF information for the duration of theanomaly for storage in Splunk™, for example by automaticallyinvoking Syncsort Ironstream™ (requires Syncsort Ironstream™license).

• Gathering results from deep dive tools into Splunk™, forexample by automatically invoking CompuwareStrobe™ (requires Compuware Strobe™ license).

GETTING STARTED with

ConicIT for SPLUNK™

• Set up ConicIT for Splunk™ is simple for both read(anomaly detection) and write (Ingestion) :

• Splunk™ Ingestion

• Provide ConicIT access to Splunk™

• Use ConicIT’s GUI to select the monitor fields tostore in Spunk™

• Anomaly Detection over data from Splunk™

• Provide ConicIT access to Splunk™

• Define the ConicIT-Commands using system-type “ReadFrom Splunk”, adding the Splunk™-search definition toretrieve the response fields to be analyzed.

• Create a Conic-Cluster to run the command.

DATA VIEW in SPLUNK

SPLUNK GRAPH

ALERTS in SPLUNK

ALERT in CONICIT

www.conicit.biz

Thank you!