Sightline in the vCenter Environment

1201_aThe Sightline Performance Management Solution is a perfect complement to your organization’s vCenter implementation. With Sightline, your organization can:

  • Maintain detailed performance data based on your organization’s retention objectives. vCenter summarizes data and may not provide the long-term data retention that you need.
  • Easily create custom dashboards combining data from one or more systems to provide unique views of systems and architecture.
  • Leverage Clairvor, Sightline’s automated root cause analysis tool. Clairvor can perform complex cross-system correlation analysis in seconds, aiding in solving issues.
  • Correlate both VM data and OS metrics in one tool Sightline can gather not only the performance data from vCenter, it can also gather performance data from OS instances and many popular application frameworks and tools.
  • Forecasting – Sightline allows users to prepare forecasts on any collected metrics for any time period. Know before capacity issues become problems.
  • Create custom alerts and alarms based on metrics collected or expressions created leveraging collected data. You identify the actions to take when alerts are triggered.

Adding the Sightline ACE option provides:

  • Automated compliance reporting for Windows, Linux and UNIX systems.
  • Over 7000 policy rules including standards from DISA, NIST, SOX, HIPAA and others.
  • Ensure the configuration of your OS instances remains consistent and be alerted to changes.
  • Direct access to change information from the Sightline dashboard and Clairvor to accelerate root cause analysis and problem resolution.

Ask John

Questions? Comments? Suggestions? Ask John! If we use your input in a future newsletter, we’ll send you a $10 Amazon gift card.

Sightline Highlights – Nov. 17, 2014

JBoss tmp directory maintenance

Are you running EDM? As part of the normal operation of the JBoss container that Sightline uses, it creates temporary files in the jboss-as-7.1.1.Final/standalone/tmp folder. With each restart of EDM (and thus the JBoss container) the temp files are created anew, in new folders. Over time, this can become a large consumption of space, many gigabytes. During a maintenance window, we recommend stopping the JBoss service and deleting all folders under the jboss-as-7.1.1.Final/standalone/tmp folder. The files needed by JBoss will be re-created on the next JBoss start. We recommend doing this periodically to keep the space used by JBoss to a minimum.

Using the VM Count metric from vCenter

1201_aWe’re often asked about the metrics we collect, whether we collect certain information, or how we would represent a specific situation. An interesting metric collected from vCenter is VM Count. Do you know exactly how many VMs you have? Do you know which ESX host they reside on? Look at VM Count. Consider the two charts below. On the left, the sum of all VMs in an environment. As you can see, it’s fairly consistent at about 52 for the last six weeks.

But that’s not the whole story. At the beginning of September, there were three ESX instances in the environment, but a fourth was added on September 14. The total VM Count stayed the same, but some VMs were moved from Angkor (the metric in blue) to Avaris (the metric in green). Using the information collected from Sightline, you can show both the high-level view and the details, too.

Is there a metric that you’re interested in? Let us know, and we’ll investigate!

Ask John

Questions? Comments? Suggestions? Ask John! If we use your input in a future newsletter, we’ll send you a $10 Amazon gift card.

Comparing Data Sets Using Sightline EDM

Using Sightline EDM, there are multiple methods available to compare two or more sets of data. In this example, we’re using the data from test systems in the Sightline office, but the data sets could come from any system type.

The first and easiest option is to simply display data in a chart. When data has the same time stamps but is from two different systems or data sources, you can include them on the same chart. In this example, you can see CPU and memory utilization from a Windows system called newpetronas (NEW) along with CPU and memory utilization from a Linux system called phoenix.

1110_a

For any chart within EDM, you can request the statistics view, which shows the minimum, maximum and average values from the chart, as well as the standard deviation. This will be displayed as a separate window from your browser.
1110_b

Sightline also offers options for disparate time spans. In the event that you want to compare, say, a Monday with the following Monday, you could create charts side-by-side showing the same metric from the two different time spans, shown below.
1110_c

In this case, the data is from newpetronas in both charts, but utilization statistics from Monday, October 27 are shown on the left, with the same metrics from Monday, November 3 on the right. The statistics view can be generated from any chart in any display.

This view supports data from multiple systems in the charts, as well as different times. For instance, the Sightline workload is comprised of several processes (for data collection, storage and transfer to one or more instances of EDM) used by the Power Agent. In this view, you can compare the utilization on newpetronas on the left to phoenix on the right.
1110_d

Finally, Sightline offers a zoom chart capability. In this case, the basic chart covers a longer time span, but you can highlight a time span and move it to superimpose it over a different time. Consider this example:

1110_e

The time span of the chart covers five days, Monday through Friday. In the zoom chart, we can highlight the data from Monday and “move” it to overlay a 24 hour span for Thursday. Monday’s data is shown in dotted lines on the gray background; you can see that the shape of the lines are the same as the original data at the left of the chart. Using the zoom chart, you can also zoom in to display more granular data for the selected time range.

Ask John

Questions? Comments? Suggestions? Ask John! If we use your input in a future newsletter, we’ll send you a $10 Amazon gift card.

The Sightline Solution for Performance and Security Monitoring

At Sightline we’ve specialized in performance data management. We realize, though, that with performance data you can do so much more than just monitor the performance of your infrastructure. With that in mind, we’ve developed the Sightline Knowledge Quadrant.
1103_a

There are four main areas in the Knowledge Quadrant:

  1. Things you know. You know these things are going to happen in your environment. These are things that can be monitored, and you can stay on top of them by following documented best practices.
  2. Things you know that you don’t know. These are things you are concerned about, because you know things will happen but you don’t know what or when. Something like a network issue or a hardware problem. You feel that you have a pretty good handle on them, though, when and if they do occur, because you can monitor your network and servers for specific items.
  3. Things you know you don’t know. Traditionally, you can monitor for unknown occurrences by looking at logs, data from applications, etc., which gives you a good idea what’s going on so you can look for irregularities.
  4. Things you don’t know that you don’t know. This is by far the most dangerous category, because these are the things that can hurt you the most, such as an attack from an inside source or a malicious attack that can happen right under your nose. You need to monitor for these, but you’re not entirely sure what to watch for. We feel that Sightline can help here the most.

At Sightline, we have established a process to forecast and trend real-time and historical data to create the baseline for normal processing.
1103_b

You can then monitor and set alerts, so if an event occurs you can be aware of it very quickly. You have the data and tools for automated Root Cause Analysis. You can diagnose and alert the proper group, to stop the activity and return to the established baseline.

By integrating traditional security practices with real-time performance monitoring, you can establish a baseline for normal utilization, and therefore unlock the potential to be aware of all threats known and most importantly unknown. Being able to receive data quickly on potential threats from irregular activity throughout your infrastructure adds an extra layer of protection that was previously unavailable.

There are several categories of key security metrics that you might deal with on a day to day basis. Sightline can provide real-time insight into unknown vulnerabilities. Using Sightline, you can identify unusual behavior by establishing the baseline of activity on your system and by providing a list of active processes on the system. Incident management becomes easier using alerts, where information is provided about processes that are using more system resources than expected. Sightline alerts are tracked and reported, and provide an entry point to deeper analysis.

Sightline provides vulnerability management by showing the percent of systems without known severe vulnerabilities, as well as the number of known vulnerability instances that you’ve seen in the environment.

Sightline ACE provides configuration management through continuous scans for configuration changes, and offers real-time insight into the effects of configuration change. By integrating ACE with Clairvor, Sightline provides real-time drill down into incident occurrences.
1103-c

From the Clairvor report of an alert, you can see the dashboard of not only the event data on the alerting system (process level information), but correlation results from other systems in the environment and the top five configuration changes that the issue might be related to.

In a nutshell, the Sightline solution for continuous monitoring tells you both what you know and what you don’t know. To wrap up, we can help with the things you know are going to happen, and help you guard against the things that you don’t know that you don’t know.
Ask John

Questions? Comments? Suggestions? Ask John! If we use your input in a future newsletter, we’ll send you a $10 Amazon gift card!

Sightline … from Mainframes to VMs

What do you have in your IT environment? Hardware, operating systems, applications, storage. Sightline can help you monitor and manage it. You might be surprised by the wide range of data sources that we support. In addition to operating systems, Sightline covers a very wide array of applications and SANs. With that in mind, click here for a list of everything that Sightline supports. And remember, we are constantly updating our software and working with our corporate partners to make sure that we have everything you need covered. If you have something that you think we should add, just let us know!

Forecasting with Sightline
In Sightline ForSight you’ll find preconfigured templates that let you visualize the trend of past utilization, and forecast where those system resources are going in the future. ForSight can accurately predict where your infrastructure is heading. Using complex algorithms and historical data, ForSight shows you where you’ll be, based on your past and present utilization. And you are not limited to our preconfigured reports–you can forecast and trend on any metric collected.
1027_a

As with Sightline utilization reporting, you can create a report to show the overall reliance on the infrastructure of an application, SAN or any group of things you like. You can schedule reports for your monthly or weekly meetings or create an ad hoc report if you need to show something right now. All of this is easily done; it’s the same as creating any other report with Sightline.

You can’t know where you’re going unless you know where you’ve been. Try Sightline today to see your future with our capacity planning tools.
Integrating with EDM using the Sightline API

Sightline EDM provides a Web Service API for interaction with the system without using the web login. This is useful for automation, and integration with existing infrastructure.

There are four Web Services available for interaction with EDM: Connections, Settings, Visualization and DataRetrieval. You can use these Web Services from any client, using the WSDLs from EDM. Using the Web Services, you can add and update connections, change systems settings, retrieve data and much, much more. And moving forward, more capabilities will be made available. Click here to download the documentation.

Sightline and Model Stock Car Racing, Revisited
You may recall a couple of months ago, when we wrote about the world of Model Stock Car Racing. Kevin Hunt, Head of Worldwide Support, is currently ranked 39th in the world at 1/8th Nitro Stock car racing. On October 19, Kevin competed at the Champion of Champions meet and came in 12th of 29, qualifying for the semi-finals. Congratulations, Kevin!

Using Workloads in Sightline

Workloads are a powerful tool in the Sightline software suite. But what exactly are workloads, and what can you do with them? We’d like to take this opportunity to explore workloads… how workloads are defined, what information is provided by the Sightline Power Agent for each workload, and look at some examples. The examples shown here are from a Windows system, but the basic concepts apply to all platforms that can be monitored using a Sightline Power Agent.

Using workloads

Workloads allow you to combine processes into logical groups for reporting and tracking resource utilization. Workloads are defined in the Power Agent’s configuration file, and are normally mutually exclusive. Workloads are evaluated when the data is collected by the Power Agent.

One purpose for developing these groups is to evaluate performance. You may want to be able to answer questions such as how much CPU a particular group of users is using. Do the order entry (or other) people have enough memory? How much I/O is the database application really using? In many cases, you’ll find that the 80/20 rule applies; that is, 80% of the work is done by 20% of the users of applications. Your objective should be to define your workloads so that the Power Agent delivers meaningful data for the groups that have an impact on the system.

Defining workloads

All Power Agents have default workloads. You may want to remove some of the defaults and add your own. The important thing to remember is that capturing and reporting workload measurements is essentially a two-step process. First, decide which processes fit into which logical bucket, or workload. A good way to learn about your system’s overall workload is to open the Task Manager, or use the ls command on a UNIX system.

Sample workload definition

For Power Agents that use an AGENT.XML configuration file, workloads are defined in COMP_CRITERIA statements. Note that COMP_CRITERIA statements are evaluated in order, and the last COMP_CRITERIA statement must be for the Other workload.

These sample workloads are defined for a Windows 2008 system that is deployed as a Sightline data collection server. It has three Sightline products: a Power Agent, EA/V, and EDM. EDM is a Java-based product, so we have a Java workload defined.

    <COMP_CRITERIA>

        <NAME>Sightline</NAME>

        <CRITERION>{ Instance Name } = /agentmgr/ OR 

               { Instance Name } = /datamgr/ OR 

               { Instance Name } = /servd/ OR 

               { Instance Name } = /protomgr/ OR 

               { Instance Name } = /threshd/ OR 

               { Instance Name } = /summarizer/ OR

               { Instance Name } = /slaaListener/

        </CRITERION>

    </COMP_CRITERIA>

    <COMP_CRITERIA>

        <NAME>Expert Advisor Vision</NAME>

        <CRITERION>{ Instance Name } = /^[Ee][Aa][Vv]/</CRITERION>

    </COMP_CRITERIA>

    <COMP_CRITERIA>

        <NAME>Java</NAME>

        <CRITERION>{ Instance Name } = /^java/</CRITERION>

    </COMP_CRITERIA>

COMP_CRITERIA uses special characters within regular expressions. In COMP_CRITERIA statements, the carat ^ indicates “begins with” and the dollar sign $ indicates “ends with.” No indicators mean “contains.” Workloads definitions are case-sensitive, so you can use the [Xx] syntax to indicate that a character can be either upper or lower-case.

Workload metrics on Windows systems

On Windows systems, the default workload metric list includes these metrics:

   —Baseline-Workloads— 

   WL-%CPU[]        WL-PgFile Peak[]     WL-Total[] 

   WL-%User[]       WL-PgFile Bytes[]    WL-IOWriteOps/s[] 

   WL-%Priv[]       WL-Private Bytes[]   WL-IODataOps/s[] 

   WL-VirtPeak[]    WL-Threads[]         WL-IOOtherOps/s[] 

   WL-VirtBytes[]   WL-PoolPgd[]         WL-IOReadBytes/s[] 

   WL-PgFlt/Sec[]   WL-PoolNonPd[]       WL-IOWriteBytes/s[] 

   WL-WSPeak[]      WL-Handles[]         WL-IODataBytes/s[] 

   WL-WS[]          WL-IOReadOps/s[]     WL-IOOtherBytes/s[]

The brackets at the end of each metric indicate that it’s an array metric; that is, it is reported for each member of the array. In this case, the array is the group of workloads that were defined in the Power Agent’s configuration file.

Note the metric called WL-Total. This is the number of processes that were found to be members of the workload.

Displaying workload metrics

1020_b

There are workload metrics reported by all Power Agents, regardless of the platform. They are normally included in a specific Workloads metric group. The metrics will be array metrics, with the workload name as the subscript. Using either EA/V or EDM, look for the Workload group to display workload metrics. (On ClearPath OS 2200 systems, workload metrics are included in the System Log metric group.)

What can workloads tell us?

But what can workloads tell us? Looking at the Workload CPU Utilization chart below, you can see that there is a lot of activity in the middle of the display. We’re actually more interested in the dip in the display about a third of the way across the X axis. This is about 10:35 am.
1020_c

Memory utilization dropped, as well. Who is using the most memory on this system? Java, as shown in the green metric in the Real Memory Consumption by Workload chart.
1020_d

Looking deeper into the workloads, we can plot threads and processes per workload.
1020_e

Notice that that there was a drop in the number of processes for the Java workload, and also the Sightline workload.
1020_f

A close look at the processes active at 11:38:20 shows us that there were six active Sightline processes and 2 active Java processes.
1020_g

At 11:39:10, though, there are only five Sightline processes active, and no Java processes. What happened? EDM was stopped (the two Java processes), and the protomgr process that that was feeding data to EDM stopped as well.

Alerting on workload metrics

In both EA/V and EDM, you can create an alert on any workload metric. For example, we can use the WL-Total for Sightline metric to be notified if one or more of the processes in the Sightline workload stops.

Watching for long-term trends

We might also want to see how a workload has behaved over time. In this plot, you can see CPU utilization of the Sightline workload over an 8-month period.
1020_h

These are both production systems with 16 cpus. But what happened in July? The physical configuration did not change. However, a new version of the Sightline Power Agent, with performance enhancements, was released and installed on these systems. As you can see, the enhancements worked!
In summary, workloads can be used for many purposes, in both real-time and over time. The key, though, is to define your workloads appropriately and accurately, and maintain the workload definitions as new applications are added to your systems.

Ask John: JBoss tmp directory maintenance

Are you running EDM? As part of the normal operation of the JBoss container that Sightline uses, it creates temporary files in the jboss-as-7.1.1.Final/standalone/tmp folder. With each restart of EDM (and thus the JBoss container) the temp files are created anew, in new folders. Over time, this can become a large consumption of space, many gigabytes.

Using the VM Count metric from vCenter

We’re often asked about the metrics we collect, whether we collect certain information, or how we would represent a specific situation. An interesting metric collected from vCenter is VM Count. Do you know exactly how many VMs you have? Do you know which ESX host they reside on? Look at VM Count. Consider the two charts below. On the left, the sum of all VMs in an environment. As you can see, it’s fairly consistent at about 52 for the last six weeks

1013_b

But that’s not the whole story. At the beginning of September, there were three ESX instances in the environment, but a fourth was added on September 14. The total VM Count stayed the same, but some VMs were moved from Angkor (the metric in blue) to Avaris (the metric in green). Using the information collected from Sightline, you can show both the high-level view and the details, too.

Is there a metric that you’re interested in? Let us know, and we’ll investigate!

Ask John

Questions? Comments? Suggestions? Ask John! If we use your input in a future newsletter, we’ll send you a $10 Amazon gift card.

What EDM can do for you

We wanted to give you an overview of the features you’ll see in EDM — a couple of old favorites and some new additions: views, ACLs, vCenter monitoring, Alert Status, Utilization and capacity reports and forecasting.

The Alert Status Display

New in EDM 4.0, the Alert Status view allows you to visually represent all defined alerts on the connections tab.
0922_a

When you select Alert Status for your Connections display, all defined alerts per connection are shown.
0922_b

Utilization reports

This overview is based on the four basic resources: CPU, memory, disk and network. From the initial utilization report, see a list of systems based on their utilization status; for example, you can display a list of systems where memory was being over-utilized or CPU is under-utilized. Or display a chart showing all the details for a specific system.

ForSight and Forecast Alerts

The scale and complexity of modern IT shops makes performing the forecasting required for IT planning impractical even for highly skilled IT teams. Sightline ForSight transforms the capacity forecasting process from impractical to effortless by replacing the manual capacity planning process with fully automated forecasts that can be defined in less than a minute.

Monitoring VMware vCenter

Sightline offers in-depth monitoring of your entire virtual environment. We offer two different strategies to provide the best overall view of your virtual environment. First, look at vCenter Servers to provide an overview of your virtual space. Second, utilize Power Agents to provide an in depth view of mission critical systems and applications.
0922_c

Views, subviews and ACL capabilities make it easy to see what you need, when you need it. This is especially helpful in a large virtualized environment.

Ask John

Questions? Comments? Suggestions? Ask John! If we use your input in a future newsletter, we’ll send you a $10 Amazon gift card.

 

 

Utilization Reports in EDM 4.0

0915_aOne of the cool new features from our development group is the Utilization Report. Right out-of-the-box you can view the CPU, disk, network and memory health of all systems that have been discovered across the network.

From the initial utilization report, see a list of systems based on their utilization status; for example, you can display a list of systems where memory was being over-utilized or CPU is under-utilized. Or display a chart showing all the details for a specific system. See it live on the 25th!

Sightline Sponsors Model Stock Car Racing

0915_b

You may recall that last week we discussed the 2014 World Championships for Model Stock Car Racing. Kevin Hunt, Head of Worldwide Support for Sightline Systems competed at the event; coming into last week Kevin was ranked 35th in the world at 1/8th Nitro Stock car racing. Kevin is a member of the Southern Oval Model Car Club, who sponsored the event this year. How did Kevin do? He qualified well, but a blown wheel rim ended his quarter finals race early. Click here to see the event live. Now 39th in the world rankings, Kevin will next compete on October 19 at the Champion of Champions meet. We’ll be cheering you on, Kevin!

Ask John

A question we’re asked periodically is whether you can rename a metric in Sightline. For instance, network metrics can have rather long subscripts, and sometimes you just want to make them more concise. The answer? Of course! Consider this example… on the left you can see a chart with the two metrics “NIF-KBRcd/s for MS_TCP_Loopback_interface” and “NIF-KBSnt/s for MS_TCP_Loopback_interface.” On the right, we’ve used expressions to rename them as “Loopback KBytes Received/Sec” and “Loopback KBytes Sent/Sec.” And you can see that they have the exact same values. Give it a try!
0915_cQuestions? Comments? Suggestions? Ask John! If we use your input in a future newsletter, we’ll send you a $10 Amazon gift card.

Sightline EDM 4.0 for Capacity Planning

Predicting what your infrastructure is going to do in the future can be a truly monumental task. With the capacity planning functionality in Sightline you can easily create supporting documentation to provide you with the necessary information to accurately determine what your infrastructure should look like in the weeks, months and years to come.

Capacity Reporting Out-of-the-Box
Directly out-of-the-box Sightline provides insight into the four things that matter the most: CPU utilization, memory utilization, disk I/O and network I/O. Without any configuration changes you can quickly show reports of the four areas that management cares about most. And in keeping with the normal functionality of Sightline, we have made everything very configurable and easy to use. You can quickly update existing reports and create new and custom reports to show the utilization of anything within your infrastructure based on any metric we have collected.
0908_a

As an example, you can show the resource utilization of a particular application just by adding the metrics or workloads to a quick chart to give an in depth look into the impact of the total impact on your environment. Combine multiple items from the same system, or display metrics from multiple systems in the same forecast.

Forecasting with Sightline
In Sightline ForSight you’ll find preconfigured templates that let you visualize the trend of past utilization, and forecast where those system resources are going to be in the future. ForSight can accurately predict where your infrastructure is heading. Using complex algorithms and historical data, ForSight shows you where you’ll be in the future, based on your and present utilization. And you are not limited to our preconfigured reports–you can forecast and trend on any metric collected.
0908_b

As with Sightline utilization reporting, you can create a report to show the overall reliance on the infrastructure of an application, SAN or any group of things you like. You can schedule reports for your monthly or weekly meetings or create an ad hoc report if you need to show something right now. All of this is easily done; it’s the same as creating any other report with Sightline.

You can’t know where you’re going unless you know where you’ve been. Try Sightline today to see your future with our capacity planning tools.

Sightline Sponsors Model Stock Car Racing!

0908_c

We work hard here at Sightline, but have you ever wondered what we do when we’re not at the office? For Kevin Hunt, Head of Worldwide Support, it’s model car racing. In fact, Kevin is currently ranked 35th in the world at 1/8th Nitro Stock car racing. Stock cars were the second form of radio car racing to evolve after the initial circuit cars, and have been around since the early 1970s. The cars were originally designed as small copies of the full sized F1 item. They are powered by modern designed 3.5cc glow fuel (nitro methane and oil blends) which give scintillating performance with low running costs. These cars are raced around the world: in the UK, Holland, Belgium and the U.S. The tracks are oval in shape as per the full sized item, and racing follows the full sized rules as closely as possible, with contact allowed. Stock car racing is a sport where everyone can be competitive — this class teaches the merits of overtaking people who do not want to be passed!

Kevin is a member of the Southern Oval Model Car Club; SMOCC was founded in 2009, laid new track in 2010, and has since then hosted many major championship meetings, including the European Championship. On September 7, 2014, SOMCC hosted the World Championships on their local track in the UK.

How did Kevin do this year? Tune in here next week for the results!

Ask John

Questions? Comments? Suggestions? Ask John! If we use your input in a future newsletter, we’ll send you a $10 Amazon gift card.