(Above: a recent interview with an AccelOps customer.)
A few weeks ago, one our clients released a the first version of their IT Management tool, AccelOps. I’ve been especially interested in checking out this tool as it’s offered in for SaaS deployment, which I have a soft spot for. But, beyond that, they’ve done what looks like a good job of pulling together a pretty compelling suite of IT Management functionality across monitoring (performance, application, server, configuration, networking, and security), a pragmatic CMDB, reporting, and a “hidden gem,” so to speak, in the analytics they offer on-top of everything else.
AccelOps gave me early access to a demo installation, which I’ve spent time looking through and poking at. Below is a review of said poking and some thoughts on the offering.
AccelOps offering falls into the category I call “general IT Management platforms.” That is, they don’t specialize in just one aspect of managing a data center (virtualization, storage, networking, web performance, database, provisioning, etc.), but rather keep track of the overall health of everything. As is done in this field, this is done with a combination of performance data gathering (through SNMP and the like) and log monitoring. The second is an overly generalized term, and the depth in which AccelOps does it shows of just how deep log monitoring can get (and, in contrast, how shallow it can be done).
Like most new startups in the IT Management space, AccelOps is targeting the mid-market out of the gates. The last batch of new IT Management startups all started in this market, but over the years have added in serious runs at the enterprise space dominated by the Big 4. Perhaps AccelOps will find itself in the same life-cycle, or maybe they’ll stay in the mid-market. Clearly, it’s too early to even speculate.
List pricing for AccelOps “starts at $25,000 and rises as customers add capacity.”
(Above: demo of using AccelOps from a recent customer.)
One of the primary interfaces for general IT Management platforms now-a-days are customizable dashboards, and AccelOps has plenty to work with here, as do most platform offerings. These dashboards are composed of widgets, or sub-panels, that let you specify all sorts of results based on the AccelOps query language, analytics, topology maps, etc. The idea of course is that operations people would build up dashboards about specific parts of their data center, clusters of IT assets, or “business services” (see below). Then, they can use these to get a quick idea of the overall health of the items in the dashboard, drilling down for more detail.
As an example, you can see how the Unified Communications dashboard pulls together all the relevant information into “one screen”:
Broadly speaking, generalized IT Management platforms focus on monitoring performance metrics or events. They all, of course, “do both,” but each platform tends to favor one or the other. Many new IT Management vendors have done a good job to collapse this distinction of late, and virtualization has a disruptive, horizontal effect on IT department roles and lines of responsibilities.
This metrics vs. events split isn’t only a tool thing, operations people typically prefer one or the other as their primary means to keep up with IT health. You’re either an events or a metrics person, using the other to support the “primary” one. Much of AccelOp’s background (in security, where events & logs rule) makes me think the team would favor the event camp. But, it’s a bit unclear and early to tell in a clear-cut way. The interesting thing is that events of all types get laced through all of the usual “metrics” based monitoring in AccelOps and play heavily in the analytics functionality. So, you’ll see relevant events mixed in with polled performance metrics. Another distinguishing thing AccelOps does with events is pull in and correlated identity events. So, for example, you might see all the successful and unsuccessful login events for a server or business process.
As the AccelOps folks will gleefully demonstrate to you, this allows you to get into compliance monitoring for things like PCI. Several years ago, when Splunk announced they were a compliance tool, I caught some crap for a quote I had on that topic; the crap being: there’s no way simple log searching can everything needed for compliance. Indeed, it can’t, and what AccelOps offers is part of, say, your overall PCI compliance process, but it provides a needed part.
Part of doing this general management has increasingly become having an asset-oriented CMDB (or “pragmatic CMDB” as I often short-hand it). As with many of the terms I’m flinging around here (wait ’till we get to “BSM” below), “CMDB” can mean many things. For the most part, when vendors like AccelOps talk about “CMDBs,” now-a-days, they mean a hopped up asset database, cataloging all of the IT assets, the relationship between them (as illustrated in the topology above), and keeping those assets up-to-date with continuous discovery. In AccelOps case, again drawing from their depth in the log monitoring space, they add in “identities” as well, which is more than I’m used to seeing with these “asset CMDBs.” Also as part of this event focus, AccelOps files away it’s event types in the CMDB. These event types are range from definitions of rules that, when matched, identify an event like a firewall failing to start to much more complex analytics, e.g., for doing anomaly detection.
Whatever you want to call it, the point of AccelOps CMDB is to keep track of information on all the IT assets themselves continuously and also, when possible, archive the configurations the asset is using or has used. In this sense, AccelOps has the configuration cataloging of ZipTie (now called “NetworkAuthority Inventory”) that makes that open source product so nifty. AccelOps will suck out configuration profiles from devices and keep a versioned record of what they are and who changed them.
AccelOps’ CMDB doesn’t track ephemeral ITIL things like incidents, problems, or operations processes. Which, really, is probably fine for the mid-market AccelOps is going after.
AccelOps is a single console and integrated tool, or “all in one” as they like to put it. Classically, a single console is nice for the simple reason of having less applications to deal with, targeted at getting the direct consequence of working faster. There’s also another emerging trend in IT Management that makes single consoles helpful and more realistic than they used to be. The roles in the data center have been changing more in recent years than ever for several reasons: virtualization is a technology that effects all of the data center tribes (networking, storage, servers, Windows, applications, even databases, etc.) that has yet to establish itself in any one tribe; the consumerization of corporate IT has brought in ideas of cloud computing and developers getting closer to operations, though the second is admittedly a very small burbling at the moment.
There are many definitions of what BSM (“Business Service Management”) is exactly. The one I tend to settle on is very top down: helping you figure out how your cash-flows are effected (good or bad) by your IT. To get to this point, you at least need a way to create a rudimentary “model” of the IT that builds up a “business service,” were that service is the revenue generating process that’s supported by IT. Simple examples are buying some product, complex ones are more pie in the sky, heavy data analysis like figuring out who’s a low enough paying user to give poor performance too (and the inverse) in order to save operational expenses.
Somewhere in the middle is the important part of just knowing what parts of the business various parts of IT are used for and, thus, knowing how changes to these IT assets will effect the business…that is, company revenue. Once you’ve done this mapping (these servers, routers, and applications, and events map to “process customer order”), you can, in theory, start to monitor the health of that business service rather than just the individual IT component. Here, AccelOps provides a way to model and monitor businesses services in several ways:
- The simple grouping approach – you just group together IT assets into one roll-up. If something is wrong with one of them, something is probably wrong with the business service. This isn’t complex enough to handle all cases, but sometimes it’s simple enough to work without hassle.
- Complex modeling – beyond simple grouping, using AccelOps query language and analytics, you can more finely model finely the business process at hand. For example, you might have a server that handles more than one business process (hey, consolidation!), so you’ll need to narrow down to just the relevant parts and events. More important here are multi-business service use devices like routers and switches: you’ll want to narrow down to events that only matter for a given process. As an example of the more complex modeling AccelOps does here, another source for business service definitions is pulling in the related user and identity events that AccelOps keeps track of, one of the more interesting abilities the product has.
In addition to modeling, AccelOps spends much time focusing on analytics that seek to move beyond simple red-light/green-light health monitoring or even complexer reporting. These analytics cover from availability, performance, security, and change management, covering things like, but not limited to, anomaly detection, access violations, and misbehaving network devices.Much of the “secret-sauce” in AccelOps is found in these analytics. Looking over the analytics offered you can see that the AccelOps team has taken their past experience in analytics for networking security and broadened out to all of the silos in IT Management, once again trying to get to that “all in one” approach.
On-top of the modeling and analytics, AccelOps provides much reporting, out of the box and through custom-built reports. A simple example is the “show me all the bad things, ranked by badness that have happened to this business service,” as in this screenshot for the Unified Communications service:
And, of course, the point being to start drilling down into those items to diagnose what’s going on. Looking at these reports in more detail while we’re here, you can see a glimpse into the query language that AccelOps uses throughout to build up charts, tables, and reports:
SaaS & Virtual Appliance Deployment
Finally, one of the rarer to find aspects of AccelOps is the option to use it as a SaaS. That is, AccelOps the company runs the central platform (the UI and backend users interact with) and use behind-the-firewall “proxies” to collect and then ship up the relevant monitoring data. And yes, they secure the connection. For end-users, the promises of a SaaS IT Management platform are:
- Less to deal with by not having to manage the resource consuming UI and back-end layer for an IT Management platform.
- Faster delivery of features and releases: when there’s only one version of the software running, it should be easier to more quickly release new features. Though, having an on-premise option, as with the virtual appliance, may detract from this ability long-term.
- The ability to scale up processing and storage for the platform, both of which become serious issues very quickly for companies that pump a lot of data into their platform
The second is the more valuable, long term effect of running as a SaaS as the current rash of cloud-hysteria (yo!) is proving out. For the mid-market that AccelOps is targeting, the positive benefits of a SaaS offering should tend to outweigh the cultural FUD of moving a traditionally on-premise application to – yup – the cloud. Over the years, many outfits have tried this approach, and while it’s stuck for some specific IT Management operations (esp. web transaction monitoring for the likes of Gomez and Keynote, but also service management offerings like Service-now.com), running a general IT Management platform as a SaaS is still a rare sight. Along with AccelOps, there are folks like ManageEngine, Paglo and Versiera (and others I’m probably forgetting) who offer SaaS deployments. Somewhere out there, the old SaaS IT Management product I worked on, PATROL Express, is still creaking along (ah! memories of 2003!). For the vendors, the SaaS model hasn’t been a proven slam-dunk – witness the demise of Klir and the lack of SaaS options from the so-called Little 4 crew. That said, I’m the last person to discourage someone from going for it: I’ve seen it work well in the past, usually to be tripped up by some cultural and political banana peel.
And, of course, if you don’t like the whole cloud thing, AccelOps is offering a virtual appliance to run the application on-premise. Having to maintain both, and the subsequent version sprawl, might take away some of the agile advantages of being completely SaaS, but despite the enthusiasm of folks like myself, having both is worth the hedge against cloud FUD.
Disclosure: AccelOps is a client, as is Splunk and several other folks (in)directly related above.