1. ZENOSS EVENT MANAGEMENT
EVENT MANAGEMENT
ITIL defines an event as any detectable or discernible occurrence that has significance for the
management of the IT infrastructure of the delivery of IT service and evaluation of the impact a deviation
might cause to the services. They are notifications which can be created by IT service (e.g. note that a
manual backup was performed), Configuration Items (individual device’s event logs which are read and
gathered by Zenoss – e.g. windows notes an application started), and finally by monitoring tools such as
Zenoss (e.g. query a server and note CPU usage above set thresholds).
Types of tools
Detecting deviation from normal operation and knowing the status of Configuration Items is essential for
effective service operation. This is provided by Zenoss which performs active monitoring by polling CIs to
determine status and availability, alerting or reporting on any exceptions to the appropriate team
members and/or systems such as TouchPaper. Zenoss also performs passive monitoring, allowing for
Configuration Items to push events or alerts to Zenoss for recording and action.
Application
Zenoss will perform automatic Event Management for any aspect of service management that needs to
be controlled and is compatible or configurable for automated event monitoring. This includes:
Configuration Items
o Some, to confirm they maintain a consistent state (Availability)
o Others, to record and/or automate their changing state, updating the Configuration
Management System (CMS) and Configuration Management Database (CMDB).
Environmental conditions (Temperature, Power, etc)
Software license monitoring for utilisation and location of installed license assets
Security (failed login attempts or locked accounts)
Normal activity
o Application usage
o Server performance
o Resource usage
2. BUSINESS VALUE
Zenoss event management can deliver a number of advantages including early incident detection,
incident forecasting, assistance in root cause analysis, tracking and insurance of regular activity/jobs,
reduction of resource intensive manual monitoring, capacity and availability management and
automated operations.
Early Incident Detection
Through polling of servers and receiving of events Zenoss can detect incidents and quickly alert
appropriate team members to the incident, allowing quicker response, possibly before the users have
detected or encountered the issue or any significant damage is done (failed air-conditioner and rising
heat in a computer room).
Incident Forecasting
Zenoss will monitor performance and capacity, alerting based on thresholds to allow IS to respond to
impending problems before they affect the systems and/or business. This can include high CPU usage or
the approaching capacity of a hard disk. Dashboards and performance reports can also allow team
members to manually sight impending issues where appropriate.
Assistance in Root Cause Analysis
Zenoss will assist in root cause analysis by allowing easy reading of a system’s events in the lead-up to an
incident, together with performance data gathered on or before the issue. A centralised, easy to use and
access database of the system’s installed software, hardware model, serial number and location can also
assist in speeding up diagnosis of problems. Dashboards can also assist team members in quickly
sighting a related cause to an incident they’ve been made aware of by allowing a quick view of
performance or events across other systems that may be causing the issue.
Tracking and insurance of regular activity/jobs
Zenoss will monitor states at set times where business process activity is expected or receive updates or
failure notifications from systems and report or alert on a lack of coherence with expected process. This
can include scheduled backups or process runs such as GAINS weekend forecasting and replenishment.
Reduction of resource intensive manual monitoring
Because Zenoss is a highly configurable monitoring tool, capable of advanced analysis and alerting,
certain manual system checks can be replaced by a reliable automated checking which will report
exceptions to the team members, leaving them to conduct more innovative work such as improved
functionality or exploring new ways for the business to exploit technology to increase competitive
advantage.
Capacity and Availability Management
Zenoss’ availability management can signal appropriate team members to exceptions, allowing
appropriate early response but also capacity planning for either response to capacity issues or future
planning and budgeting. Availability reporting can also assist in determining problem areas that may
require further work to improve availability or reduce incidents and facility KPI reporting.
3. Automated Operations
Zenoss will be setup to respond automatically in some instances, to resolve incidents quickly either for
known, recurring problems or for new incidents. Problem generation in TouchPaper can also be
automated to facilitate root cause analysis of the problem by a team member and alerts/notifications
will make team members aware of the issue, even though it was immediately repaired.
ITIL EVENT MANAGEMENT MODEL