Streamline event and alert management and the incident and problem management processes.
Cisco® Info Center Impact, based on the market leading Tivoli® Netcool® technology from IBM®, provides the context-driven correlation, intelligence, and automation functionality that the operations staff needs in order to streamline event and alert management, business service management, and incident and problem management (Figure 1).
Figure 1. Example Cisco Info Center Impact Fault and Action List
With Cisco Info Center Impact, you can:
• Leverage context-driven correlation to reduce symptomatic events and incident tickets, and prioritize response based on business impact
• Access and display intelligence from across multiple support tools in a single, integrated web interface, in context, for improved event, incident, and problem handling
• Execute automated actions directly from any event, incident, problem, or operator view, in context, or drive run book automations for improved staff productivity and process efficiency
As environments grow in scale and complexity, event volumes and related incidents continue to grow exponentially. For operations staff tasked with assuring high service availability and performance, the challenge is weeding through the noise and prioritizing action in a way that directly supports business objectives.
Traditional event and alert management tools provide a solid foundation for event deduplication and filtering, and incident and problem management tools are effective at creating and tracking incidents throughout their lifecycles. But as most operations staff can testify, the events generated can often be cryptic, lacking the context necessary for prioritization and action. As a result, multiple symptomatic incidents are created and must be examined with multiple tools to determine which incidents truly affect service.
Cisco Info Center Impact streamlines event and alert management, business service management, and incident and problem management by providing context-driven correlation, intelligence, and automations.
Features and Benefits
Cisco Info Center Impact delivers:
• Event enrichment and context-driven correlation: Automatically collects relevant contextual information from existing data stores and injects that content directly into events to make them actionable and to reduce response and resolution time.
• Context-driven intelligence: Lets operations staff right-click on any event or incident and view related information in a real-time web interface for faster, more effective decision making.
• Context-driven automation: Lets operations staff right-click and view a list of automations that they can execute directly from any event, incident, or operator view (in context). It also allows them to define run book automations.
The operator view of Cisco Info Center Impact virtualizes access and display of data according to the target audience, delivering context-driven intelligence in a flexible, web-based interface (Figure 2).
Figure 2. The Operator View of Cisco Info Center Impact
Automatically Add Value to Events and Incident Tickets
When a customer-facing service has failed, time is of the essence; yet events and incident tickets typically lack the details needed to prioritize response. Staff members must sift through symptomatic events and incident tickets, cross-referencing each with multiple tools to collect context needed to identify the cause of the problem. Cisco Info Center Impact automatically collects context from existing tools and data stores and injects it directly into events and incident tickets, eliminating this time-consuming manual step.
Valuable contextual information can include:
• Service, customer, or business affected
• Device location
• Change details
• Application owner
• Service-level agreement (SLA) details
• Maintenance status
• Support contact information
Enrichment of events and incident tickets with context helps operators understand the actual impact of incoming events on customers and services and prioritize the response over less-significant events.
Dramatically Reduce Event and Incident Volumes with Context-Driven Correlation
In addition to eliminating the manual steps of collecting and cross-referencing information stored in multiple tools, context is also valuable in automating event handling. Once events have been enriched, Cisco Info Center Impact can perform context-driven event suppression, filtering, and correlation that can dramatically reduce symptomatic events and incidents. The event suppression wizard in Cisco Info Center Impact helps enable you to contextually correlate multiple events down to a single actionable event, speeding assessment and minimizing time to resolution for real problems. Users can also use the event wizard to suppress false alarms, such as those that occur under scheduled maintenance for applications, systems, networks, and other IT assets. The event wizard is designed to simplify this task so that users of any experience level can benefit from advanced correlation.
The following are examples of correlations that can be easily accomplished because of the added context and advanced analysis provided by Cisco Info Center Impact:
• Severity classification and escalation based on business impact: Automatically identify which events affect which services, and prioritize or escalate events based on the highest downtime cost. Similarly, events can be prioritized based on SLA commitments and other criteria.
• Time-based correlation of change events to status/performance events: Automatically compare state and performance events to recent change events to create a new event or incident ticket that includes all the details needed for resolution.
• Filtering or suppression of maintenance events: Automatically determine which events are maintenance events and filter them into a separate maintenance view while suppressing symptomatic events.
• Suppression of non-service-affecting events: Automatically suppress events that are not related to a critical business service or filter them into a separate view.
• Dependency-based correlation and escalation: Make use of physical and logical dependencies, metainformation, and containment across business process execution language (BPEL), service-oriented architectures, virtualized environments, virtual private networks, and more to automatically correlate events.
• Predictive analytics: Define and automatically detect known problem event patterns that have resulted in service problems, and trigger high severity predictive events for prioritized handling.
In combination, not only do these context-driven correlation techniques reduce event volumes and the need to manually sort through symptomatic and other noise events, but they also dramatically reduce unnecessary incident tickets, while providing support staff with the added context needed to resolve incidents more quickly.
Gain Real-Time Actionable Intelligence with Integrated Web-Based Views
One of the most time-consuming tasks for operations staff is cross-referencing numerous tools in succession to collect information needed for event, incident, and problem resolution. In addition to automatically adding context directly to events and related incidents, Cisco Info Center Impact provides a real-time, web-based operator view that greatly improves operator productivity. It automatically collects information across multiple support tools and data sources and displays that information in context in a single, integrated web view.
By unifying information and making it actionable from a single reference point, organizations can automate tasks in support of Information Technology Infrastructure Library (ITIL®), enhanced Telecom Operations Map (eTOM), and other best practice methodologies across operational lines, processes, and functions. The intelligence gathered can be used to feed a knowledge base of known problems, including all relevant identifiers and resolutions that staff need to address or automate repairs to known problems. Access Key Performance Indicators in Real Time
Cisco Info Center Impact can directly monitor and collect data from existing support tools and other data sources to perform complex calculations. These calculations are not limited to data, but can also be performed across multiple events, including IT availability, performance, security, and business events from virtually any tool. Actionable operational and business key performance indicators (KPIs) can be calculated on any mix of variables. When performance indicators do not fall within specified parameters, Cisco Info Center Impact can automatically identify exceptions and take automated, context-driven actions.
Display and Launch Corrective Actions Directly from Event and Incident Views
Cisco Info Center Impact can be configured to automate virtually any action for speedier problem resolution. For example, when an event, incident, or problem occurs, Cisco Info Center Impact can collect contextual information such as documentation, configuration data, and affected users and present staff with step-by-step resolution procedures. Operations staff can select from a list of relevant actions to automatically resolve the problem. As each automated action is selected and run, Cisco Info Center Impact can monitor the success of that action and provide feedback to the user. Armed with contextual intelligence and automations, organizations can establish a set of best practices for event, incident, and problem management that dramatically improve mean time to resolution.
Drive Run Book Automations for Improved Staff Productivity
In addition to supporting event and alert management and incident and problem management through context-driven correlation and intelligence, Cisco Info Center Impact can integrate with and automate manual steps across operational management tools and systems. Operations staff members define run book automations that automatically correct errors and break or disconnect conditions in workflow across tools, roles, and processes. The Cisco Info Center Impact engine can be instructed to target specific conditions and take corrective action based on parameters you establish. Automating your workflows helps the proper individuals get information regarding service-affecting events so that they can respond quickly.
For example, Cisco Info Center Impact can establish flexible links to external systems including configuration management databases, inventory, asset, provisioning, and customer relationship management (CRM) systems. It can then look across those systems in real time to detect bottlenecks and breaks in process. If the proper threshold or trigger for any step is not met, Cisco Info Center Impact can notify other steps in the process, automatically act to resolve the problem, or alert staff through a variety of means.
Streamline Notification, Escalation, and Resolution
Cisco Info Center Impact can provide notification through events, mobile phones, PDAs, pagers, instant messaging, graphical user interfaces, and other means to help facilitate rapid response. Once resolution procedures for a known problem are identified, operators can define policies to automatically recognize, take action on, and trigger escalation procedures. Operators can also utilize the wide range of messaging services to communicate bidirectionally with Cisco Info Center Impact and request additional information or trigger automated actions to resolve the problem.
Improve Data Access, Control, and Integrity
Cisco Info Center Impact allows you to quickly access and make use of data in existing data stores, and utilize a simple, metadata access layer across them. It allows for a single, "virtualized" data store and flexible data use while preserving ownership and control of the original data content.
Cisco Info Center Impact can also extend the value of your existing configuration management database, service desk, and other tools by acquiring, normalizing, and sharing data across sources, in real time, to keep them current and accurate. As updates or changes are made to data sources, they trigger automated actions in accordance with policies you define.
Breadth of Integrations
Cisco Info Center Impact offers the most extensive list of integrations across IBM and third-party data and event sources. Organizations can easily use and extend existing tools, technologies, processes, and best practices and achieve levels of operational visibility, control, and automation not otherwise possible with traditional tools. Available integrations include: