PERFORMANCE ANA LYTI CSSOLUTION f or IBM MF
PL ATFORM
2 01 7
WHY ConicIT NOW?
• New research from analyst firm Quocirca reveals that Critical IT Events (CIE) cost the average European business millions per year.
• Organizations reported an average of three critical IT events per month (36 per year) with each CIE costing on average €115K (€ 88K for the business and € 27K for IT). A critical IT event occurs when a business application or infrastructure is down, or has a malfunction, resulting in a business process being halted or users left unable to reasonably carry out tasks and transactions.
• 65% of European organizations report that a past CIE has led to reputational damage and associated financial losses
WHY ConicIT NOW?
• IT Budgets are shrinking and organizations have to domore with less
• The cost per call to the help desk is climbing
• The number of avoidable downtime events areincreasing with a larger impact per event
• Current tools tell you (just) what happened....
• Machine learning technology like we developed inConicIT is here to stay and organizations need it for theirnext generation enterprise monitoring
• Implement ConicIT has ZERO risk, relatively low effortand low entry cost and clear ROI of less than 6 months!!
IT PERFORMANCE MANAGEMENT CHALLENGES
TRADITIONAL MONITORING
Too much data, too many sources - a virtual operator is
a must
PREDEFINED PERFORMANCE
THRESHOLDS
Predefined static thresholds mean performance
problems are noticed only after users are affected and receiving many false
alerts
COST
Costs are more tightly connected
to actual usage
VIRTUALIZATION AND THE CLOUD
TECHNOLOGY
Virtualization and the cloud technology is
increasing performance management complexity
WHAT IS ConicIT?
ACCURATE,ACTIONABLE ALERTS
Intelligent mainframe solution for production IT performance alerts through predictive analytics by using sophisticated mathematics and world class domain knowledge
Dynamic, self learned, thresholds
AlwaysVIGILANT
Predictiveanalytics
ConicIT MAIN FUNCTIONALITY• ConicIT STARTS WHERE z/OS PERFORMANCE MONITORS STOP - ConicIT connecting to your existing Z/OS
performance monitors and augments their analysis by analyzing thousands of Mainframe performance metricsper minute.
• ConicIT automatically detects performance problems on Mainframe and Proactively ALERTS PERFORMANCEANOMALIES – based on MACHINE LEARNING Algorithms .
• ConicIT sets DYNAMIC THRESHOLDS based on performance history and alerts on problems before they areaffecting users and provide ROOT CAUSE INFORMATION required effectively solve the performance issue firsttime it happens.
• VIEW ALL MAINFRAME PERFORMANCE DATA IN ONE SCREEN - ConicIT software is an ALWAYS-ON, 24/7 EXPERTUSER that intimately understand normal system behavior on one central console.
• ConicIT can store performance alerts and data in SPLUNK database
• Alerts can be sent into the NOC/Email system
• Forensic information (actual monitoring screens)
GETTING STARTEDIS SIMPLE• Non-intrusive - painless installation on a standard
Linux (including LoZ) server
• Does not take any (“expensive”) MIPS resources onthe MF
• Easy to install - no integration needed, uses datafrom existing performance monitoring tools
• No Project – Self learning system
• Automatically calculates dynamic thresholds byautomated learning
• Fully customizable
ConicIT BENEFITS SUMMARY
• Higher MF applications uptime by alerting about application performance anomalies BEFORE users are affected
• Smaller War-Rooms by 25% to 40%. ConicIT Operational intelligence improves the ability of IT teams to respond to Critical IT Events and this lead to higher team productivity
• Reduction in MTTR (mean-time-to-resolution)
• Lowers unexpected sub-capacity MIPS pricing costs
• In many cases ROI is in less than 6 months
Few real lifeexamplesConicIT Goals
By Tidhar Seifer
WHY BEHAVIORAL ANALYSIS?
time
Anomaly occurs
First Users Affected
IT Analysis and action
Because it’s important to identify the problem early, in order to find the root cause, not the late symptoms.
SymptomsReal Cause
…I don't know the details of how Amazon EBS isimplemented, but there is enough informationavailable to explain how it behaves.
Adrian Cockcroft – CTONetflix
IT Analysisand action
NEEDS TOHAPPEN HERE!
# of relevant
events
PROBLEMS FOUND HERE
ConicIT DATA CHART
ConicIT GOALS• To improve system stability (by recognizing anomalies)
• To early recognize performance problems (by recognizing anomalies)
• To provide long performance history
• To aggregate all performance data to one screen
ConicIT COMPONENTS• ConicCollect Engine
• Data acquisition
• Data processing
• Statistical modeling
• Machine learning algorithms
• Web Server
• Presenting tables with information and processing results, including alerts
• Presenting detailed graphs, including the expected values as green-zone
• Easy navigation – up to one year backward
• Alerts Application
• Windows application that pops-up the alerts on your personal PC
• Alerts can also be sent via SNMP to any alerting system
ConicIT COMPONENTS
PREDICTION• Detailed Behavioral profile • Prediction based on model• Machine learning algorithms• Prediction as green highway
ALERTS• Accurate meaningful alerts• Dynamic thresholds• Alerts decision model
DOMAIN AWARENESS• System specific parameters• Synthetic parameters• Generic + Customer specific
The Web UI Of ConicIT –ONE YEAR of DETAILED HISTORY
ConicIT recognizes that CPU of 10.98% for PSYCICS7 started-task is too high compared to the expected range for that time (the green stripe). ConicIT automatically starts Strobe to investigate the anomaly of the job’s CPU.
REAL TIME
TREND –
NORMAL or
ANOMALY?
JOBS CPU% from MAINVIEW
WHEN ANOMALIES ARE IGNORED, THEY CAN PERSIST FOR LONG TIME, CONSUMING RESOURCES
ALERT on ANOMALYin CPU% of STARTED-TASK CPU%
ALERT on ANOMALYin CPU% of STARTED-TASK CPU%
CICS DETAIL SUMMARY
CICS GROUPS SUMMARY
SPECIFIC TRANSACTIONS MONITORING
FOUR HOURS AVERAGE PREDICTION and ALERTS
ConicIT for Splunk™
• ConicIT for Splunk™ is a simple to install option,simple to use agentless to get mainframeoperational data of the mainframe and intoSplunk™.
• ConicIT minimizes ingestion charges by storingonly the important data to Splunk™.
• Data extraction is easy to set up and uses a formatyour system folks understand – their monitor.
• ConicIT can uses the data in Splunk™ for holisticanomaly detection – mainframe, distributed andcross platform.
• Once ConicIT senses an anomaly, ConicIT cangather deeper information to make sure thatappropriate data for post mortem analysis isavailable in Splunk™.
ConicIT detects performance
anomaly: CPU above the
expected (green) range
Compuware-Strobe investigates
and analyzes the application
The user receives an email
with link to Strobe’s
investigation result
ConicIT for STROBE
ConicIT for SPLUNK USE CASES• Break down the silos
• store mainframe performance data in the same store (Splunk™) asyour distributed data
• make performance data mainframe data easily accessible for yourdistributed teams
• Cross platform transaction anomaly detection
• Splunk™ can correlate between distributed and mainframeperformance data
• ConicIT adds the ability to find anomalies and predict performanceissues
• ConicIT as early warning system for cross platform issues
• Leverage Splunk™ data to uncover anomalies anywhere -mainframe, distributed and cross platform.
EXTENDED ConicIT
for SPLUNK USE CASES
• Use ConicIT as a “automated operator” that tirelessly watchesyour system for anomalies and takes relevant action:
• Gathering related SMF information for the duration of theanomaly for storage in Splunk™, for example by automaticallyinvoking Syncsort Ironstream™ (requires Syncsort Ironstream™license).
• Gathering results from deep dive tools into Splunk™, forexample by automatically invoking CompuwareStrobe™ (requires Compuware Strobe™ license).
GETTING STARTED with
ConicIT for SPLUNK™
• Set up ConicIT for Splunk™ is simple for both read(anomaly detection) and write (Ingestion) :
• Splunk™ Ingestion
• Provide ConicIT access to Splunk™
• Use ConicIT’s GUI to select the monitor fields tostore in Spunk™
• Anomaly Detection over data from Splunk™
• Provide ConicIT access to Splunk™
• Define the ConicIT-Commands using system-type “ReadFrom Splunk”, adding the Splunk™-search definition toretrieve the response fields to be analyzed.
• Create a Conic-Cluster to run the command.
DATA VIEW in SPLUNK
SPLUNK GRAPH
ALERTS in SPLUNK
ALERT in CONICIT
www.conicit.biz
Thank you!