RiverMuse ECM has a scalable and flexible architecture designed for integration and workflow process automation, in conjunction with other IT management systems. With intuitive graphical views, and powerful, drag-and-drop rules building and customization capabilities, it dramatically simplifies and streamlines the IT operations process.
How it Works: Event Detection and Identification
with ECM, all events are captured; nothing is missed
During the event identification process, events are:
- Enriched with information such as entity details, business services involved and customer details
- Normalized and de-duplicated
Supported collection protocols include SNMP and Syslog message formats as well as generic web service-driven event collection through XML/HTTP interfacing
Infrastructure • Applications • Monitoring Tools • Management Tools
RiverMuse ECM collects exception-based and informational events from across the IT infrastructure and their related EMS’s (Element Management Systems). Supported event collection protocols include industry standard SNMP and Syslog message formats. It also supports generic web services driven event collection through custom XML/HTTP interfacing.
Out-of-the-box integrations with established market leaders like Solarwinds Orion and VMware also greatly reduce the time to value for IT operations organizations.
After raw events are imported into the RiverMuse ECM database, they are normalized and de-duplicated. Events and related entity information are also enriched with topology, business group, service, maintenance status and other contextual information, that are critical to decision making and prioritization in the following stages.
How it Works: Event Correlation and Alert Isolation
Event Correlation and Alert Isolation
meaningful events are correlated and reduced to alerts
- Categorization rules assign priorities and determine what is processed into actionable alerts
- Qualified events are then processed by the RiverMuse ECM event correlation engine using a variety of mechanisms
Once events are identified, categorization rules assign priorities and decide which event or event groups should be processed into actionable alerts. Categorization rules can depend on multiple factors including the type of event (informational, minor, major, critical etc.), original source, maintenance schedule, business context etc. Categorization rules can be easily set or changed through RiverMuse ECM’s highly configurable Web 2.0 interface.
Qualified events are then processed by the RiverMuse ECM event correlation engine. The software supports multiple types of correlation mechanisms out-of-the-box. The main thrust of event correlation is to isolate the underlying cause and pattern of alert streams in order to prompt relevant action – whether automated or manual. Once correlated, all alerts are displayed in the RiverMuse ECM Alert console for remedial action.
How it Works: Remediation and Escalation
Once alerts are prioritized, correlated and displayed in the alerts console, IT operations staff can initiate a variety of remedial actions and escalation processes. These include both automated and manual mechanisms.
Automated remedial actions can be triggered when alerts or alert groups meet pre-determined conditions. For example, RiverMuse ECM may request a new polling event via a linked monitoring system in order to check on the status of an alert that has been inactive for some period of time. Based on the results it can decide to raise or lower the priority of the alert, email a supervisor or escalate the alert to the Service Desk as an incident for deeper troubleshooting. Removal of active or ‘open’ alerts when a problem solution pair is encountered is another example of IT operations process automation.
Remediation and Escalation
many alerts are resolved before they become incidents, and fewer alerts are escalated to the Service Desk
- Alerts are prioritized, correlated and displayed in the alerts console
- IT operations staff can initiate a variety of remedial actions and escalation processes
Automate routine tasks
Investigate using correlated data
Create service desk tickets
Closed loop alert closure
IT Operations staff can also manually investigate alerts based on their foundational events and enriched contextual data. They can directly access and test infrastructure components and close alerts when availability and performance conditions are restored. The particularity of event patterns and their remediation methods can prompt IT operators and administrators to develop custom correlation rules and related actions that can drive further automation.
Service Desk Escalation
RiverMuse ECM also enables IT operations staff to escalate alerts to the Service Desk for appropriate incident recording and troubleshooting. Closed-loop integrations with Service Desk solutions ensure that ‘closed’ incidents result in the automatic closure of linked alerts and vice-versa