Overview
The post “State of APS, SMS, and NMS Industry (Meta Trends)” described the business end of NMS and its evolution over the last three decades. This article tackles the diversification and specialization of NMS and the impact of the most adopted standards FCAPS and ITIL.
Network Management Systems (NMS) has evolved just as much as the network has. As the network’s role has evolved from a simple collection of autonomous machines to a living breathing organism with very specialized protocols, so has the systems and applications required to secure and maintain the health of the network evolved. Along the way additional products and entire career paths have emerged. With the dawn of the cloud, effectively creating nested virtualization of components and their network connectivity, the reality of what tools make up NMS has diversified and become very complex.
Over the last couple decades FCAPS, OSS, eTOM and other standards have attempted to quantify the tool architectures of NMS. Other standards such as ITIL, COBIT, and BPM have tackled the other 85% of NMS – the organizational structures, business processes, and knowledge management. However, they too fall short on providing a comprehensive view. Even combining the most heavily used standards: FCAPS and ITIL isn’t adequate. Instead the starting point is looking at the market place and the “consumers” of NMS. Their demands have dictated the tools on the market. Then by following up with FCAPS and ITIL, which capture the requirements that are not large enough to create markets, will round out the portfolio of NMS tools and provide a tool taxonomy of the NMS space.
NMS Customers
NMS customers can be loosely sub divided into two customers:
- Classic Customers. NMS end customers (companies, government agencies, etc.)
- Pre-existing Frameworks. Preexisting NMS and security frameworks
Classic Customers
Regardless of the industry whether corporate, non-profit, acedemic, or government, the focus of these customers is similar. It is seen in the tool areas sold in the market place.
The first category is universal and the most important. It is the vector through which the customer based can be empowered and become a free raw informational resource. Knowledge management is driven by the social networking of people. This recognizes that the end-to-end NMS solutions remain 80% people activities and 20% machine and that the hard problems such as “what is the impact of X” remains in the realm of humans, not machine. As such, the success of an NMS posture relies most heavily on this area :
| Tool Category | Tool Area | Standard |
| Social Network | ALL | N/A |
The next critical area is the traditional NMS space. The NMS tools are marketed according to the FCAPS and ITILv3 standards. The adherence to these standards will be explained later in other posts but for now the tool areas are listed:
| Tool Category | Tool Area | Standard |
| Event (Fault) Management | NMS | FCAPS/ITIL |
| Performance Management | NMS | FCAPS |
| Configuration/Change Management | NMS | FCAPS/ITIL |
| Knowledge Management/ Incident Workflow | NMS | ITIL |
| Incident Ticketing | NMS | ITIL |
| Problem Ticketing | NMS | ITIL |
| CMDB/Asset Management | NMS | ITIL |
Another major area are Security tools. Unlike NMS, Security is a much more abstract and divided tool space. This actually illustrates the importance of culture. Unfortunately the nature of security is to be secretive and as such the tool areas in NMS that are touched on by security are very elusive. Further there are no real standards that align to the tool categories sold in the market place. Despite this, the market place can be used to categorize the security tool space based on what is bought and sold.
| Tool Category | Tool Area | Standard |
| VPN | Security | N/A |
| ACL/Firewall | Security | N/A |
| Release/Patch Management | Security | ITIL |
| IDS | Security | N/A |
| anti(virus/worm/malware/spyware/IPS) | Security | N/A |
| Security Log Parsing | Security | N/A |
The final discipline area that customers expect in a NMS offering is: infrastructure management and data warehouse. That is substantial data is collected from the network but without a way to correlate the various data points, the information is meaningless. Further, the network is starting to “emerge” as a single entity which is seen in the proliferation of clouds. As such “holistic” management tools of the network are starting to emerge based on existing standards that allow for such a holistic approach. (Other areas such as fault, performance, and configuration management where devices should “register” with the cloud they are members of are seriously lacking in both standards and protocols – which prevent them from being addressed as holistic entities.)
| Tool Category | Tool Area | Standard |
| Analytics/ETL/Reporting | Data warehouse | FCAPS/ITIL |
| IP Block/DNS/DHCP Management | Infrastructure |
The last category to be included represents pre-existing NMS offerings and integrating new NMS tools to these. The most universal law in the multi-verse is “things in motion, stay in motion” and the more abstract and larger you get the more energy required at more touch points to change the mommentum. NMS is about as energetic, abstract, and large as you can get. As such, the past has to be integrated and there is no way to do everything in a single tool. Thus vendor specific frameworks especially in fault, performance, and configuration must be included among the NMS tool taxonomy.
| Tool Category | Tool Area | Standard |
| Vendor Specific (Fault/Config/Performance) | ALL | N/A |
Together these tool sets encompass the features and functionality that the end customers expect and/or want from their NMS.
Northbound Frameworks
Despite network modernization and standardization, the type and number of devices on a corporate network continue to diversify. This includes everything from standard data networking gear such as routers, switches, and modems to entirely new device genera such as telephony, video conferencing, and smart appliances. The explosion of device types has further pushed the complexity, adaptability and other network requirements, creating a new protocols and metrics from QoS to line jitter.
One of the consequences of these changes is a proliferation of tools. Some of these tools are hardware centric such as Cisco’s Cisco Works while others are feature centric such as CA NetQoS. Both trends have pushed large companies and government organizations to make use of overarching frameworks. This push toward hierarchies is reinforced by the demise of the Best of Breed approach due to a lack of research and planning funds from the dot com crash. (For more information on this point see the post “State of APS, SMS, and NMS Industry (Meta Trends)”)
There are five primary hierarchies listed in descending market saturation: IBM, CA, HP, BMC, EMC. By far the largest installation base is IBM’s Tivoli based on the acquisitions: Micromuse’s Netcool and Candle. However, these solutions are the most expensive and difficult to customize. CA’s and HP’s Operations portfolios continue to grow as a result. BMC like IBM has complexity issues but BMC’s Remedy dominates the ticketing solution space. (Remedy is the only notable exception to the use-a-single-vendor framework approach in the market place today.)
From a tool category area perspective the potential integration points for NMS into an overarching framework remain the same as the tool category areas for the NMS itself. However, the importance of these tool categories differ. This is due to the way the integrations usually occur due to industry maturity and standards. For example, integrations usually are purely tool centric. Normal business process flows are not explicitly part of integration such as problem shooting lookups or event suppression. Instead the overarching hierarchy software takes universal control of these aspects. Since there are no standards around workflow within tools, such integrations are problematic at best even within the same vendor. For example, this is seen in the IBM Tivoli suite. Tivoli ITM has troubleshooting and diagnostic workflows built in but there is no way to integrate this workflow northward into Tivoli Netcool to allow for an overall approach to troubleshoot events. As a consequence there are three levels of integration:
| Area | Level |
| NMS Integration | 1 |
| Tool centric integration | 2 |
| Workflow centric Integration | 3 |
For the tool categories devised thus far, this translate into the following table with the exception of social networking which unlike its peers should always be at the forefront:
| NMS and Groups |
Framework Integration |
|
Social Networking |
Critical |
|
Event (Fault) Management |
Critical |
|
Performance Management |
Important |
|
Configuration Management |
Important |
|
IP Block/DNS/DHCP Management |
Important |
|
VPN |
Important |
|
ACL/Firewall |
Important |
|
Vendor Specific (Fault/Config/Performance) |
Critical |
|
Incident Workflow |
Needed |
|
Incident Ticketing |
Needed |
|
Problem Ticketing |
Needed |
|
CMDB/Asset Management |
Needed |
|
ETL Reporting |
Needed |
|
Release/Patch management |
Important |
|
IDS |
Important |
|
anti(virus/worm/malware/spyware/IPS) |
Needed |
|
Security Log Parsing |
Important |
FCAPS and ITIL
The two models FCAPS and ITIL together provide the closest approach. It isn’t because these standards are an ideal framework for an organization. In fact both are quite deficient and inferior to competing standards such as COBIT. The reality is the usefulness of the standards have little to do with their effectiveness. Instead the primary need is their rate of acceptance and secondarily their rate of actual adoption. Two drivers, described in the sections below, explain why this is the case:
- False Expectations & Good enough model
- FCAPS and ITIL as a Concept as a Service (CaaC) cloud
Though FCAPS and ITILv3 cover much of the NMST space, security tools and some infrastructure service tools are not. The reasons behind this will be explained. Finally at the end of the section a complete inventory of NMS categories will be described. This list will be used to sub divide the NMS space and addressed by later posts.
False expectations & Good enough model
As described in the post “State of APS, SMS, and NMS Industry (Meta Trends)”, the past decade shifted once agnostic industry pundits into vendor biased vehicles. As a result, the prevalent thought within the industry is that NMS is a commodity when in reality heavy customization remains needed. This false perception has effectively detoured innovators, investors, and other resources required to reinvent and clean up the industry. Yet the reality has forced implementers to gravitate toward standards that have “tactical” specification. As a result the existing, outdated standards of FCAPS and ITIL have provided just enough benefit to not force companies and the industry at large to look elsewhere for answers.
Over the past couple decades ITIL and FCAPS have taken root as the de-facto standard in both IT culture and vocabulary of IT. In particular, FCAPS has created several tool silos: fault, performance, and configuration management. ITIL also has influenced fault (event) management, as well as incident (ticketing), problem (ticketing), and change management. Like the “good enough” models of many leading companies such as Microsoft and Oracle, these standards effectively shut out competition by being just good enough to let IT hobble along. Though a few companies wander into other standards such as eTOM, OSS, COBIT, etc these are statistical anomalies by comparison or delegated to higher abstract constructs with FCAPS and ITIL determining the tactical implementations. In short, the market segregates products in the NMS space according to FCAPS and ITIL and these standards also dictate the conception and language of the industry.
FCAPS and ITIL as a “Concept as a Service” (CaaC) cloud
As much as it pains the author to admit, the best products in general are not successful. Instead it is the best marketed products that succeed and persist. One look at vendors across the industry empirically validate this perception. Where Nerve Center and other products have failed, Netcool and NetQoS have dominated the market place. These later companies were started not by engineers, but sales and marketing experts. This is because communication and clarity are more important in the technologically and jargon challenged NMS landscape. This same principal holds for the Industry at large. Just as the Greek language paved the way for Christianity to expand across the Roman Empire, the common language of FCAPS and ITIL has unified the NMS world. Bringing an alternative language to the sales table brings with it not only a language barrier, but a cultural one as well. For connected with the terms are world views (including oversights.) In the fast paced world of IT very few tolerate learning a proprietary jargon, much less a completely different world view. As a result the alignment of any NMS approach requires a clear understanding of the end-to-end solution in use today by its customers and how that approach will likely change in the future. This clear understanding is obscured by the fact that the NMS tools themselves only form 15% of any end-to-end solution. The other 85% consists of: organizational structure and business processes. In this context organizational structure includes political and cultural currents and business processes include knowledge management. As a result both the areas of NMS tool and organization & processes needs to be researched in order to correctly determine the requirements of any NMS approach
Why no FCAPS/ITILv3 equivalent for Security and Infrastructure aspects?
Though Gartner, IDC, and Forester have claimed NMS are a commodity, the reality is they are far from it. In the vacuum the companies, vendors, and the industry at large has collapsed around two standards: FCAPS and ITILv3. For organizational structure and business processes, ITIL provides 80% of what is needed. Though not as complete as COBIT and other standards, ITIL adoption in IT organizations is between 40%-80% across all industries. However, there are no equivalent standards for Security or Network Infrastructure due to the culture of these unofficial guilds. Still vendors have collapsed their offerings around a set of additional services:
| Categories | Area | Standard |
|
IP Block/DNS/DHCP Management |
Infrastructure | Necessity |
|
VPN |
Security | Necessity |
|
ACL/Firewall |
Security | Necessity |
|
Analytics/ETL/Reporting |
Data warehouse | FCAPS/ITIL |
|
Release/Patch management |
Infrastructure/ Security | Necessity |
|
IDS |
Security | Necessity |
|
anti(virus/worm/malware/spyware/IPS) |
Security | Necessity |
|
Security Log Parsing |
Security | Necessity |
Conclusion
Together the customer of NMS and the most adopted standards of FCAPS and ITIL can provide the tool taxonomy of NMS today. Further quantification of what roles are affected was added, though not discussed in this post:
The following table summarizes these findings and indicates:
- Y axis
- NMS Tool Categories
- X axis
- NMS Criticality: Importance of the tool category
- IT LEAD, IT SVCS, IT DEV, IT OPS: Usage of tool categories among the 4 major departments of an organization: IT Leadership, IT Services, IT Development, and IT Operations.
| NMST and Groups |
NMS Criticality |
IT LEAD | IT SVCS | IT DEV | IT OPS |
|
Social Networking |
Critical |
User | User | User | User |
|
Event (Fault) Management |
Critical |
User | N/A | Deploy | Admin |
|
Performance Management |
Important |
User | User | Deploy | Admin |
|
Configuration Management |
Important |
N/A | User | Deploy | Admin |
|
IP Block/DNS/DHCP Management |
Important |
N/A | Admin | Deploy | Admin |
|
VPN |
Important |
N/A | User | Deploy | Admin |
|
ACL/Firewall |
Important |
N/A | Admin | Deploy | User |
|
Vendor Specific (Fault/Config/Performance) |
Critical |
N/A | N/A | Deploy | Admin |
|
Knowledge Management/Incident Workflow |
Needed |
N/A | N/A | Deploy | User |
|
Incident Ticketing |
Needed |
User | User | Deploy | User |
|
Problem Ticketing |
Needed |
User | User | Deploy | User |
|
CMDB/Asset Management |
Needed |
N/A | User | Deploy | User |
|
ETL Reporting |
Needed |
User | User | Deploy | User |
|
Release/Patch management |
Important |
User | Admin | Deploy | Admin |
|
IDS |
Important |
User | Admin | Deploy | User |
|
anti(virus/worm/malware/spyware/IPS) |
Needed |
N/A | Admin | Deploy | User |
|
Security Log Parsing |
Important |
N/A | Admin | Deploy | User |
I received several “healthy” responses on facebook and linkedin from techy’s who correctly pointed out that FCAPS and ITIL are much less than perfect. Here’s my follow up: http://bit.ly/UtlyBV