Machine Learning to Turbo-Charge the Ops Portion of DevOps

Copyright © 2017, Oracle and/or its affiliates. All rights reserved.

Machine Learning Turbo-Charges the Ops Portion of DevOpsDevOps.com webinar

Tania Le VoiDirectorOracle Management CloudOctober, 2017

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |

Safe Harbor Statement

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.


Program Agenda

Defining terms

Why (Dev)Ops is Perfect for Machine Learning

Making Machine Learning Smarter

Q&A

1

2

3

4

#MgmtCloud or #DevOps or #devopswebinars@OracleMgmtCloud


Program Agenda

Defining terms

Why (Dev)Ops is perfect for machine learning


Q&A

1

2

3

4


Defining Terms (source: wikipedia.com)• Machine Learning– Machine learning is the subfield of computer science that gives computers the ability to learn

without being explicitly programmed. Evolved from the study of pattern recognition and computational learning theory in artificial intelligence, machine learning explores the study and construction of algorithms that can learn from and make predictions on data.

• DevOps– DevOps (a clipped compound of "software DEVelopment" and "information technology

OPerationS") is a term used to refer to a set of practices that emphasize the collaboration and communication of both software developers and information technology (IT) professionals while automating the process of software delivery and infrastructure changes.

• Systems Management or IT Operations Management– IT Operations is responsible for the smooth functioning of the infrastructure and operational

environments that support application deployment to internal and external customers, including the network infrastructure; server and device management; computer operations; IT infrastructure library (ITIL) management; and help desk services for an organization.


Program Agenda

Defining terms



Q&A

1

2

3

4


• Development is creating faster…≥ Low-code

≥ Agile

≥ Microservices

≥ CI

• (Dev)Ops is promoting faster…≥ Containers

≥ IaaS & PaaS

≥ CD

≥ Packages

• (the rest of)Ops is not moving any faster…≥ #(*^(#^#)&^$(@^@($^

$(@)%&^$^**&^)!!!!

≥ #(*^(#^#)&^$(@^@($^

$(@)%&^$^**&^)!!!!

≥ …

We have a problem: Dev has outpaced Ops


OPTION 1:

Your Changes Don’t Hit Production Until Ops is Ready

Confidential – Oracle Internal/Restricted/Highly Restricted 8

Option 2:

You Promote Unmanaged Code Anyway

One of Two Likely Outcomes, Both Bad


It's not my machines, it's your code!

It's not my code, it's your machines!

Where’s the data?

9

What does the data mean?

The Reason: Ops Depends on Human Effort

END USER EXPERIENCE

APPLICATION

MIDDLE TIER

DATA TIER

VIRTUALIZATION TIER

VM CONTAINER

INFRASTRUCTURE TIER

VM CONTAINER

Real UsersSynthetic Users

App metricsTransactions

Server metricsDiagnosticsLogs

Host metricsVM metricsContainer metrics

CMDBTicketsAlerts

END USER EXPERIENCE

APPLICATION

MIDDLE TIER

DATA TIER

VIRTUALIZATION TIER

VM CONTAINER

INFRASTRUCTURE TIER

VM CONTAINER





CMDBTicketsAlerts

END USER EXPERIENCE

APPLICATION

MIDDLE TIER

DATA TIER

VIRTUALIZATION TIER

VM CONTAINER

INFRASTRUCTURE TIER

VM CONTAINER





CMDBTicketsAlerts

END USER EXPERIENCE

APPLICATION

MIDDLE TIER

DATA TIER

VIRTUALIZATION TIER

VM CONTAINER

INFRASTRUCTURE TIER

VM CONTAINER





CMDBTicketsAlerts

END USER EXPERIENCE

APPLICATION

MIDDLE TIER

DATA TIER

VIRTUALIZATION TIER

VM CONTAINER

INFRASTRUCTURE TIER

VM CONTAINER





CMDBTicketsAlerts

END USER EXPERIENCE

APPLICATION

MIDDLE TIER

DATA TIER

VIRTUALIZATION TIER

VM CONTAINER

INFRASTRUCTURE TIER

VM CONTAINER





CMDBTicketsAlerts

END USER EXPERIENCE

APPLICATION

MIDDLE TIER

DATA TIER

VIRTUALIZATION TIER

VM CONTAINER

INFRASTRUCTURE TIER

VM CONTAINER





CMDBTicketsAlerts

END USER EXPERIENCE

APPLICATION

MIDDLE TIER

DATA TIER

VIRTUALIZATION TIER

VM CONTAINER

INFRASTRUCTURE TIER

VM CONTAINER





CMDBTicketsAlerts

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 10

Oracle Management Cloud

INTELLIGENT, UNIFIED PLATFORM

POWERED BY MACHINE LEARNING

INFORMED BY A COMPLETE

DATA SET

HETEROGENEOUS AND OPEN

APPLICATION

MIDDLE TIER

DATA TIER

VIRTUALIZATION TIER

INFRASTRUCTURE TIER

END USER EXPERIENCE / ACTIVITY

Unified Platform

Global threat feedsCloud accessIdentity

Real usersSynthetic users


Server metricsDiagnostics logs


ConfigurationComplianceTickets & Alerts

Security & Networkevents

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 11

Ops Data is Perfect for Machine Learning

✓Massive volume

✓Highly patterned

✓Predictable format

✓Silos can be unified

✓Seasonal trends

✓Known sources


Algorithmic Approaches to IT Ops Data

ANOMALY DETECTION

CLUSTERING

PREDICTION

CORRELATION

12


Program Agenda

Defining terms


Making Machine Learning Smart for IT Ops

Q&A

1

2

3

4


ML is not smart out of the box for every question

To make ML smarter, know the questions you want to ask, then…

1. Enhance Algorithms

2. Increase Breadth

Maturing Machine Learning: A Three-Step Approach


Increase Breadth With Data Unification & Normalization

Oracle Management Cloud Data Store

Log Analytics

IT Analytics

Infrastructure Monitoring ComplianceOrchestration

Security Monitoring &

Analytics

Application PerformanceMonitoring

Convert to Time Series(Clustering & Rollup)

Base Lining & Anomaly Detection

• Norm is repo by repo projects: slow and incremental.

• By centralizing data, we are able to deliver ML driven features more quickly.


Increase Depth With Context, Topology, & Domain Expertise

Context: Forecasted SLA violation & observe divergent correlation.

Topology: Tells us where to look.

Domain Expertise: Allows to identify root cause.


Applied Machine Learning for IT Operation Management

1. Metric data is automatically baselined and logs records are enriched

2. ITOM specific algorithms and models are provided out of the box. User input can be provided to further tune the algorithms.

3. Operationalization and automation using event processing for notifications and remedial orchestration actions

Oracle Confidential – Internal/Restricted/Highly Restricted17

• Is increased load anomalous or expected at this time of the day

• Early warning for future outages or SLA violations

• Abnormal and rare system behavior

• Capacity planning , WhatIf Analysis

• All metric and log data is continually used to train the models

• Corrective Actions: automated scale out, system restart, trigger diagnostic dump, revert configuration changes

• Notification: Send alerts/notifications through a variety of channels

• Incident: Create incident in 3rd party ticketing system, update status, attach evidence


APM AJAX Calls Anomalies

• Ajax call metrics baselined and anomalies identified

• Alert rules and corrective actions can be taken for anomalies


Anomaly-based Alerts

Alert when CPU Utilization(%) is anomalous


Leverage Machine Learning


Alert Notifications



Applied Machine Learning for Security and Compliance

1. Security log events are auto-enriched with user, asset, and threat intelligence context

2. Threat specific algorithms and security models are provided out of the box

3. Operationalization and automation using event processing for notifications and remedial SOC playbook execution

Oracle Confidential – Internal/Restricted/Highly Restricted21

• Is the user privileged?

• Is the asset regulated?

• Is an accessed URL malicious?

• Users coming from anomalous IPs

• Users executing anomalous SQL queries

• Assets with anomalous configuration drift

• Identity: password reset, multi-factor authentication, privilege change

• Asset: AV scan, endpoint data collection, configuration change

• Incident: Create incident in 3rd party ticketing system, update status, attach evidence


• Common attributes in user actions are automatically and individually baselined from enriched security activity logs

• Anomalies from self and/or peer group activity baselines per attribute are automatically flagged using prebuilt machine learning models

• Behavioral threat specific remediation jobs are available for automatic or SOC analyst guided execution

– URL blocking, identity actions, host isolation, endpoint data collection, incident management, firewall rule updates etc.

22

Example: Suspicious User Activity

• Alice is executing actions from an IP address anomalous to her source IP baseline.

• Bob is accessing internal assets anomalous for the sales team that he is part of.

• Neil is accessing critical assets at a time of day that neither he nor his peer group are not normally active.


DEMO: Matured Machine Learning in Action


Key Takeaways

• DevOps depends on “Ops” speed matching “Dev” speed

• The DevOps problem is well-suited to machine learning

BUT…

• Machine Learning must be matured

• Unified data and context increases the effectiveness of ML and analysis



Program Agenda

Defining terms



Q&A

1

2

3

4


TRY IT FREE FOR 30 DAYS

cloud.oracle.com/tryit

oracle.com/managementcloud

26


Safe Harbor Statement

The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

Date post:	21-Jan-2018
Category:	Software
Upload:	deborah-schalm
View:	274 times
Download:	0 times

Machine Learning to Turbo-Charge the Ops Portion of DevOps

Software