What do we mean about metadata for performance? The amount of data collected and traditionally ignored from your systems (cpu, storage, network, security, intrusion detection, etc.) can be overwhelming. However, there’s truly valuable information within that data. Amongst the problems is that too many diverse systems are creating these datapoints.
The collection of much of this data can be aggregated into a SIEM device. SIEM stands for a Security Information and Event Management. The idea with a device such as this is that your switch, router, firewall, and any other kind of networking device within the data center. Some are quite robust, some less so, but the ability to aggregate these data, and then present the data in a usable, at-a-glance type of dashboard is not quite so easy. Typically, most SIEM devices are limited to the device set toward which they’re pointing. However, there are tools that can aggregate the data from a number of sources. The magic of some of these aggregation tools, such as Splunk, ELK, and SumoLogic, to not only present warnings, but to assist in the ability to troubleshoot those problems by leveraging knowledgebase rather than tribal knowledge within the infrastructure team to point to root causes for these issues, is critical.
In these days of ransomware, wherein the malicious software accidentally loaded into an internal asset propagates, and in turn encrypts the data, then the source of that bad code takes control of the data, and then asks for money to decrypt that data. Often these ransoms are enormous, prohibitive, and unless the organization is able to source that code, find out what specific time it was launched, and where the infections may have taken place, they will have serious difficulties rolling back to a point in time prior to which that ransomware had been deployed, they will find themselves at the mercy of the malicious hacker who’d sent the code. Without key SIEM type information, pinpointing that time, and locating the source of all those assets affected are near impossible. Certainly, that organization will require a robust backup schema in which they’d be able to revert to that point in time. But, if they are able to locate that malicious code prior to it being launched or have adequate security to catch that code and block it at the perimeter before it takes action, the problem becomes moot. A solid SIEM can truly help in that effort.
Another great example of the metadata providing predictive analytics and giving to that administrator useful information is HPE’s Infosight. Now that this has been rolled into the 3Par line, after the acquisition of Nimble, an administrator can leverage the information provided by Infosight to determine problem issues before they become a problem. Say a driver needs to be updated, maybe for an HBA, without that driver update, the next version of the software may not function, or at minimum not well. Infosight would take your configuration, firmware, and versioning, and would cross reference those variables against other customers who have similar configurations, and let you know ahead of time that you’ve a potential problem, as well as tell you remediation approaches. Infosight will also take data against the systems to which the storage has been connected. VMware is a perfect example. The configuration of the VMware related equipment, switch gear, HBA’s, etc. are part and parcel to the analytic algorithm and are included in the potential resulting recommendations.
This type of performance and predictive analytic can not only save the customer the pain of downtime and an allow for an attentive IT team to be completely proactive against their future issues.