Organizations are investing in Splunk and ServiceNow for real-time enterprise-wide visibility for faster identification, mitigation and resolution of issues that can impact the business. However, without the mainframe, these solutions have a glaring blind spot.
Applications span multiple platforms and networks, requiring an enterprise-wide view of security, critical incidents and outages that can bring business to a halt. The costs incurred to troubleshoot and remediate performance issues and outages can quickly become a major expense.
Learn how leading IT organizations support critical security and operational enterprise initiatives by integrating important mainframe information with these platforms, without disrupting the mainframe, or the teams that support it.
Watch this on-demand webinar to discover:
· The benefits for including mainframe data in Splunk and ServiceNow
· What you can learn with a complete view of your entire IT environment
· Best practices for integrating mainframe data
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Why Integrating IBM Z into ServiceNow and Splunk Is So Important
1. Why Integrating IBM Z
into ServiceNow
®
and
Splunk
®
is So Important
Ian Hartley | Senior Director, Product Management
2. Housekeeping
Webinar Audio
• Today’s webcast audio is streamed through your
computer speakers
• If you need technical assistance with the web interface
or audio, please reach out to us using the Q&A box
Questions Welcome
• Submit your questions at any time during the
presentation using the Q&A box. If we don't get to your
question, we will follow-up via email
Recording and slides
• This webinar is being recorded. You will receive an email
following the webinar with a link to the recording and
slides
3. Agenda
3
• Why do this?
• Benefits of doing it
• Best practices when you do it
• Q&A
6. Fact: It will happen…
6
• 59% of Fortune 500 companies experience
at least 1.6 hours of downtime per week,
which can cost up to $46 million per year*
• Over the last three years, almost all
enterprises have experienced an IT
“brownout” or outage, 97% and 94%,
respectively, according to the report **
* Dunn & Bradstreet survey
** LogicMonitor, The Race to IT Observability white paper
7. …and it’s going to be
expensive!
7
* Gartner (Blog: The Cost of Downtime, 2014)
** Forrester (The Real Costs Of Planned And Unplanned Downtime, 2019)
• $5,600 per minute, which extrapolates to
well over $300K per hour*
• 98% of organizations say a single hour of
downtime costs over $100,000*
• Planned and unplanned IT outages are
significant costs to enterprises, with
unplanned downtime costing up to 35%
more than planned downtime**
8. Traditional Tools
Great, but…
• Specialized
• Deep-dive & highly technical
• Require background knowledge
• Often limited to single
component
• Inaccessible to many
9. Got a Mainframe or IBM i
You need better, agile visibility and telemetry
…in context
10. IT Silos Impact Availability, Performance,
Services and Security…Your Business
• Integrate IBM Z and IBM i systems into IT analytics and operations platforms
• Deliver an enterprise-wide view supports your business goals
Lack of information for
operational analytics
No single view
of IT infrastructure
Health and status of
systems is unknown
10
11. IT Health is a Requirement for Meeting Your
Organization’s Goals
Global view
Health of all services
Improved info access
Improve
availability of
critical services
Reduce
incident volume
and burden on
operations staff
Accelerate
identification &
resolution time
Zero-in on what matters
Leverage modern tools for
best advantage
Lower cost to results
Efficient MTTI/D
Lower MTTR
Less outage/downtime
11
12. True IT operations
visibility brings ALL
the pieces together
Data sources
Event sources
Application
Performance tools
APIs
Microservices
Serverless
Cloud Services
IBM Z
IBM i
12
13. IT Operations Analytics
and Management
Optimize enterprise IT health, meet SLAs,
and ensure service availability
• Capacity
• Performance
• Availability monitoring
• Log data/predictive analytics
• Configuration management (CMDB)
• Change management
• Event management
Secure the enterprise and comply with
industry and government regulations
• Detect and prevent internal and
external security threats
• Report on security events
• Monitor privileged user activity
• Pass security and regulatory audits
Today’s
IT Analytics
tools are
essential for:
Enterprise Security
Surveillance
13
• Distributed
• Cloud
…and
• Mainframe
and IBM i
14. • Delivers valuable log,
machine, event, and
configuration data to IT
analytics planforms
• Automates discovery and
mapping of mainframe
and IBM i assets and
resources
• Does the heavy lifting with
negligible impact
• Lowers need for deep
mainframe or IBM i skills
The leading solution for
integrating:
14
Ironstream
• Mainframe
• IBM i
machine and log data into
modern IT Analytics and
IT Operations platforms
16. Ironstream connects Mainframe and IBM i
to Modern IT Analytics platforms
Mainframe
IBM i
360 degree
view across
the Enterprise
16
17. Mainframe
integration
challenges
Many Data Sources
Systems Management Facility
(SMF), Syslog, LOGREC, Log4j
web and application logs, RMF,
RACF, USS files and standard
datasets
Machine Data Formats
• Complex data structures
• Not necessarily for users
• SMF
• Headers
• Product & data sections
• Variable length
• Self-describing
• Binary flags and fields
• EBCDIC not recognized
outside of the mainframe
world
Data Volumes
• Millions of log records
generated daily
• Significant: 10TB+ per day
Timely Insights
• Not real-time
Often hours later or overnight delivery
• FTP offload
• Lack of control and granularity
17
21. 21
• Comprehensive mainframe and IBM i CIs
Auto-capture configuration items from Z and i
• Auto-populate and maintain the CMDB
Keep your CMDB fresh, up-to-date, reliable
• Capture what you need
Easy deployment and filtering
• See dependencies and relationships
Auto-populate connections and dependencies
• Leverage intelligent automation
Reliable, fresh, up-to-date CMDB information
• Reduces decision times and eliminate guess work
• Increases productivity, agility and responsiveness
Ironstream for ServiceNow Discovery
22. 22
MAINFRAME 1
MAINFRAME 2
Ironstream for ServiceNow Event Management
• Monitor mainframe and IBM i output and events
Auto-capture configuration items from Z and i
• Leverage ServiceNow Workflow
Use the power of workflow…integrate with other
tools…create incidents…alert teams…
• Out-of-the-box Event Rules
Mainframe and IBM i-specific rules for fast
deployment
• Detect and respond
‘See’ something and respond
• Two-way Communication
Respond to messages, run scripts and programs
23. 23
Ironstream for ServiceNow Service Mapping
• Complete Service/Application/System Maps
Bring mainframe and IBM i into Service Maps
• Easily collate CIs into Service Maps
Rules auto-collate CIs
• Simple Rules, Powerful Results
Auto-select and add discovered CIs to maps
• Add Mainframe and IBM i Context
Complete the map!
• Zero-In: Less Guesswork, more Action
Agility is key: Find it. Fix it. Faster.
27. Starter Packs – Jumpstart your Journey
• Splunk apps – mainframe and IBM i
• Install and run in minutes
• Collection of dashboards & searches
• From the field
• IT Operations (ITOA)
• Security
28. Best Practice
Put mainframe and IBM i in today’s context
- Set IT service delivery goals
- Measure before and after
29. Best Practice
Avoid
Downtime
Forward Think…
• Skills
• Tools
• Market
• Competition
• How quickly can you
respond?
• How can you
• Continue to deliver excellent
service levels?
• Drive further efficiencies?
• Save time and money?
• Here
• Important
• Part of larger, complex
systems
Mainframe
and IBM i
• EXTREMELY costly
• Waste of precious resources
• Your competition LOVE your
downtime
• Tests customer faith and loyalty
Get Visibility
Be Agile
Today’s
Context
• Critical to identify and respond
to situations – FAST
• Proactive, not reactive
• New kids with new skills
• Change to NOC, SOC
• 24x7x365 systems
29
30. Global Fintech leader
integrates mainframe into
Splunk with Ironstream
Customer
• 50,000+ employees
• Branches worldwide
Solution Requirements
• Leverage investment in Splunk
• Mainframe central to business
• Add mainframe…somehow!
• Better visibility and agility
• Enable deeper insights
• Improve MTTI and MTTR
• Fast development time
• Be more accessible
• More possibilities
Use Case
• Credit card services
• Provide card services to clients
• Technology-driven
• Common services/facilities
• Unique elements
• Splunk “control center” for each
client
30
31. Mainframe In Context and Real-Time
• Real-time delivery to Splunk
• Mainframe data points
• Alongside data from other
sources
• View of complete system
• Available to more users
(in a controlled way)
• Serve information to
• Internal users
• External customers
SYSLOG
Db2
SMF
External
Internal
32. Delivering Exceptional Service
• Real-time operational visibility
• Better scope and understanding
• Monitoring, alerting, trending,
health, status, …
• Superior insights
• Detecting anomalies sooner
• Seeing issues before clients
• Better agility
• Proactive identification (MTTI)
• Faster resolutions (MTTR)
• Time, efficiency and cost savings
32
33. Value for Enterprises Using Mainframe/IBM i
Less Complexity
Easily collect and correlate
mainframe data with other sources.
Less deep-dive expertise required!
Clearer Security Position
Monitor unauthorized access, other
security risks; prepares and
visualizes key data for compliance
audits
Healthier IT Operations
Real-time alerts identify problems
in all key environments View
latency, utilization, exceptions, etc.
Effective Problem-Resolution
Management
Real-time views to identify real or potential
failures earlier; view related 'surrounding'
information to support triage repair or
prevention
Higher Operational Efficiency
Enhanced event correlation across systems;
Staff resolves problems faster; “do more with
less”
Eliminate Your “Blind-Spot”
Splunk + Ironstream = 360ᵒ Enterprise IT View
33
Hello everyone…
Thank you for joining us today. It’s great to have you here…as I know your time is valuable.
With that in mind…I could easily summarize this session by saying....just do it…it just makes perfect sense.
But…I suspect you want a little more detail…so let’s dive in
So…why would you want to integrate elements from your mainframe environment inro platforms such as ServiceNow or Splunk?
Well…in short…there is a real cost of doing nothing.
If you don’t do this…you could be falling behind.
No…this is not a picture of me enjoying a beach holiday.
This is a picture of you…if you’re not integrating your mainframe with modern tools and ways of working.
Unfortunately…there are folks out there that do not see the need. They are good-to-go with their existing setup…their existing practices…
…their existing process of elimination when something has gone wrong…their boss bearing down on them when customers are unhappy…again
Now is the time to look forward…join the movement…embrace change…and take your head out of the sand
Because…things DO go wrong. It’s just a fact of life.
Hardware goes pop in the middle of your year end processing…a new SQL statement brings database performance to its knees…
your customers are not happy…and you need to find out why…NOW…or sooner than NOW
When it does happen…it is very costly. 59% of Fortune 500 companies rack up millions of dollars in
One of the challenges is that IBM platforms generally have great monitoring tools.
However…these are typically very specific and specialized
Yes…they can give you a very deep dive view of what is taking place…but often this is just a snapshot at the time you press enter on the keyboard
Plus…these tools can be focused on a single component or software subsystem
And…they are usually in the domain of the systems programmer and unavailable to any one else
Event Management + Ironstream = insight into your mainframe and IBM i activities and status.
Completes the picture and injects agility into your operations if you're reliant on these platforms.
Ultimately saves time, money, etc.
Improve availability of critical services
Gather alerts from all sources, associate to CIs and their related business services, aggregate into one health dashboard
Sources include metric data, analyzed by our ML algs to identify what is normal and not normal behavior
Make it easy to triage – what’s the most critical service that’s running hot? Fix that first!
Reduce volume of incidents
Event deduplication and compression into alerts, correlation of alerts into groups to identify primary vs secondary alerts, limit incident generation to alert groups and their primary alerts
Alert correlation driven by combination of ML & human learning, leveraging temporal & topological ML algs plus human rules plus learning from human adjustment to ML-correlated groups (semi-supervised)
Incidents are assigned more accurately to people/teams, producing less churn and faster results
Accelerate resolution time
Learner uses causal CMD B relations between elements belonging to a pattern, to determine root cause within a pattern
Root cause highlighted on group timeline
Associate past alerts, changes & incidents (and their outcomes) on the current resource, as well as on related resources (ones of same time, others that are in the same service, etc)
Automatically gather relevant internal & external knowledge
Define automation actions on primary alerts, which can be triggered automatically or by a human operator
At an enterprise-level, you can’t automate and monitor what you can see. Your ITOM Visibility approach needs to fit much like puzzle pieces coming together. You need solutions that are a good fit with your IT environment, is the right fit for your business requirements, and includes your most critical systems like the mainframe and IBM i for enterprise visibility.
Talk track for this slide – expanded points for each bullet:
High performance, cost-effective solution for delivering critical log, machine, event, and configuration data to IT Analytics platforms
Enables automated discovery and mapping of mainframe and IBM i machine data resources to populate and update configuration management databases
Transforms and normalizes machine data so it can be used by analytics & operations platforms
No detailed mainframe or IBM i access or expertise required: Enables quick integration into existing IT Analytics platform processes and GUIs
The combination of Ironstream and ServiceNow enables enterprises to auto-populate and maintain the Configuration Management Database (CMDB) with all major IBM mainframe and IBM i Configuration Items (CIs) and their relationships.
And once you get access to this type of information…what can you actually do with it?
We see customers putting it to action with many use cases.
Monitoring activities…whether that is for things like logon behaviour or data movements
Operational Intelligence…looking at trends, performance statistics…leverage things like data patterns to spot anomalies and outliers. Detecting a problem heading your way and being able to do something about it.
Ensuring your operations are compliant and adhering to the various protection laws and regulations.
And making sure your data and infrastructure is safe from harm.
In order to get you started on your own journey…we have created what we call Starter Packs.
These are apps that you can drop into your Splunk environment and get up and running…literally…within minutes.
They really are a launchpad to help you get information out of the machine and log data coming from your IBMi environment.
We have one for IT Operational information and one for Security…for both mainframe and IBMi.
The contents of each comes from customer input and experience from the field…so should have things you expect and want to see.
In order to get you started on your own journey…we have created what we call Starter Packs.
These are apps that you can drop into your Splunk environment and get up and running…literally…within minutes.
They really are a launchpad to help you get information out of the machine and log data coming from your IBM environments.
The contents of each comes from customer input and experience from the field…so should have things you expect and want to see.
We have packs for IT Operations as you can see here…
The customer use case we’re looking at today definitively falls into the mission-critical category.
This organization offers…amongst many financials services…credit card processing facilities to other businesses. In effect, they act as a central hub and processing powerhouse for many other frontline organizations…who…in turn…deal with card consumers.
So ensuring each business customer’s facilities are running smoothly is vital…with major consequences when things go wrong.
The use case focuses on intense processing that leverages a lot of technologies….amongst them is a central mainframe environment that is at the core of their card systems.
Wrapped around this are layers of other technologies such as off-mainframe Java and .Net applications driving web traffic into this intense environment: new card activations, payments, card declines, balance enquiries…all the typical things you’d expect for card accounts.
This all uses a common set of services as well as some unique elements depending of the organization generating the card traffic.
So they wanted to find a better way to get to this information.
They were already using Splunk within the organization for monitoring Windows and Linux servers…
Splunk was giving them great insights into activites and issues…so why could they not simply add the mainframe?
Simply put…they wanted the same benefits they were getting from the other platforms as this would leap them forward again
…with better visibility over card activities…improved awareness of response times…improved agility around problem identification and resolution
They could also present the information in a modern way with fresh tooling with much less effort.
And just think if they could get this information delivered automatically…in real-time…without having press Enter…now that would be awesome.
So they looked into building something to do just this…but quickly realized it was a daunting task with many complexities. Sounds simple, but there are significant challenges.
First of all they have brought their mainframe onto a single pane of glass. The data points and metrics they are forwarding into Splunk can now be seen alongside information from other parts of their IT infrastructure…for the first time.
So now they can see across the complete system. All the platforms…all the components…greater visibility and greater agility. Its like the watch tower in the forest. The ability to see across the tops of the trees for miles…when a small plume of smoke appears you can react to get ahead of a disastrous blaze.
And…using Splunk…it is easy for them to give visibility to many more users in a very controlled way. So now…more have what they need….and so do their customers.
Plus there is the full power of Splunk at their disposal to exploit this data even further.
Now they have real-time visibility
Now they have much better scope and understanding of what is actually happening
They can leverage Splunk’s ability to monitor automatically…looking for anomalies, outliers and trends…instantly alerting when response times fall…or whatever they need to look for
Our customer can get ahead of issues before their customers are even aware of any problem…in effect…there is no problem.
This has given them better efficiencies…considerable time savings…and overall cost benefits
What’s not to like?