Thursday, September 11, 2008

Systems Log Analytics Offers Operators Valued Performance Insights While Setting Stage for IT Transformation Benefits

Transcript of BriefingsDirect podcast on IT systems log management and analysis with LogLogic.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod. Sponsor: LogLogic.

Dana Gardner: Hi. This is Dana Gardner, principal analyst at Interarbor Solutions, and you’re listening to BriefingsDirect.

Today, a sponsored podcast discussion about improving the state of IT operations. We're going to be talking about the need for reducing costs, increasing security, and providing more insight, clarity, and transparency across multiple systems for IT organizations.

This is becoming increasingly important. As complexity is building, we're facing increased data loads or increased numbers of devices and types of devices. We're seeing a pretty impressive up-ramp in the use of virtualization technologies. And, we're also starting to see an interest in hybrid approaches to deployment, that is, receiving IT resources from a variety of sources, some of them perhaps from the cloud.

In order to better analyze what's going on in these IT organizations, despite this growing complexity, companies have began to resort to a number of different tools and approaches.

We are going to be talking with the folks at LogLogic, and also a user of some of their technologies. We'll try to uncover some of the trends in these tools and the novel ways that companies are starting to get a grip on greater productivity and lowering cost, particularly labor costs, when it comes to manual oversight into the systems.

Joining us here today, we have Pat Sueltz, the CEO at LogLogic. Welcome to the show, Pat.

Pat Sueltz: Thanks, Dana.

Gardner: We are also joined by Jian Zhen, who is the senior director, product management at LogLogic. Welcome, Jian.

Jian Zhen: Thanks, Dana, happy to be here.

Gardner: And last, we have Pete Boergermann. He is the technical support manager and also the IT security officer at Citizens & Northern Bank in Pennsylvania. Welcome to the show, Pete.

Pete Boergermann: Thank you, Dana.

Gardner: As I mentioned, there is a lot going on in IT organizations. We are just coming off a fairly robust period of compliance and regulation issues. Obviously, companies have had to increase the reports and the visibility into what goes on with their systems, but now we are at this point, where economics is starting to play a larger role, and we are seeing some technology trends.

First, I wanted to go to Pat. Tell us about the state of the art, when it comes to reducing cost across multiple IT systems, pretty much in near real-time.

Sueltz: Well, when I think of the state of the art in terms of reducing IT costs, I look at for solutions that can solve multiple problems at one time. One of the reasons that I find this interesting is that, first of all, you've got to be focused not just on IT operations, but also adjunct operations the firm offers out.

For example, security operations and controls, because of their focus areas, frequently look like they are in different organizations, but in fact, they draw from the same data. The same goes as you start looking at things like compliance or regulatory pieces.

If you can get a double off of one appliance, or get a triple or home run, then you really are working at answering some of the economic questions that an IT shop faces all the time.

Gardner: Right, and we need to look at information coming from a variety of devices. There is network, database, and a lot of servers, and putting this all in one place where it can be managed seems to be an important new trend. Perhaps not a new trend, but it's newly important.

Sueltz: You have to be able to do both. Clearly, when technologies get started, they tend to start in a disaggregated way, but as technology -- and certainly data centers -- have matured, you see that you have to be able to not only address the decentralization, but you have to be able to bring it all together in one point, as so many customers have done in their data center consolidations.

I've heard so many of the CIOs that I've talked to say, "You've got to make sure that I get the return on the software and the hardware that I have already purchased. I also have to get the best deal price performer, total cost of ownership in the present. And, I've also got to make sure that I get a return on investment going forward, or else I am not going to have this job very long."

So, it's all of those things, including the consolidation and the ability to preserve the legacy while moving forward. Of course, I haven't even got into talking about being green yet, how you save energy while you are doing this, as well as efficiency. All of those things undergird the need for a product or solution to be able to work in both environments, in the standalone environment, and also in the consolidated environment.

Gardner: I'm glad you brought up total cost of ownership (TCO) and return on investment (ROI) issues, because we're going to discuss the economics and larger trend issues today.

We're going to do a few more podcasts in the near future on, drilling down into the complexity that surrounds the virtualization trend. We're also going to look at the need for IT operations to act more like a business with IT shared services, perhaps adopting some of the Information Technology Infrastructure Library (ITIL) messages and approaches, and we are also going to take a deeper look at this hybrid deployment environment, where clouds and multiple sourcing of resources come into play.

Today we're going to stay at a fairly high level and try to determine a bit more about the economics of payback and some of the business drivers facing IT operations.

Let's go to Jian. From your perspective, when to try to define the problem set that we're addressing with log analytics, what's your elevator pitch, if you will, sense of the problems set?

Zhen: When it comes to log management, there are a couple of major issues, and Pat has mentioned them early on. One is the decentralization of IT environment, where there are remote offices or remote data centers where there is a subset of the IT infrastructure, and there is the core, where you have major data centers.

So there are a lot of logs and server systems sitting out in the various locations. One of the biggest issues is being able to have a solution to capture all that information and aggregate and centralize all that information, so that you can do them now.

The second thing is the volume. LogLogic did an analysis a while back, and approximately 30 percent of the data in the data centers is just log data, information that's being spewed out by our devices applications and servers. How you manage that, collect that, archive that, and analyze that is another big issue that all IT operators face today.

On top of that, how do you bring operational intelligence out and give the CIOs the picture that they need to see in order to make the right business decisions? Those three issues -- the wide variety in logs, decentralizing the volume, and being able to bring the intelligence out-- are the key issues in why log management is so important today.

Gardner: The bad news is that there is so much information. The good news is that it provides a fine granular approach to all of the different metrics and variables involved. Traditional systems management often comes from a fairly broad set of indicators -- red light, green light if you will -- but when you want to get down into the intricacies of forensics around, the root cause is, you really look at much more detail, perhaps with a common stamp across all these different systems with multiple levels of interdependency.

So, let's go to our user, Pete. Does this jibe with the problem set that you have been dealing with when you first looked into log analytics?

Boergermann: Definitely. We've got so many pieces of network gear out there, and a lot of that gear doesn't get touched for months on end. We have no idea what's going on, on the port-level with some of that equipment. Are the ports acting up? Are there PCs that are not configured correctly? The time it takes to log into each one of those devices and gather that information is simply overwhelming.

So, gathering it all together in a single location where it can be easily managed through a Web browser is essential in helping us get the information we need as quickly as possible to figure out network issues.

Gardner: Are you also finding that your complexity is growing, whether it’s through consolidation, modernization of applications, increase data loads? All these things come to bear. What are the larger trends that are affecting the organization?

Boergermann: Definitely, those things are coming to bear, and then compliance issues as well. Reviewing those logs is an enormous task, because there's so much data there. Looking at that information is not fun to begin with, and you really want to get to the root of the problem as quickly as possible.

Using LogLogic to weed out some of the frivolous and extra information and then alerting on the information that you do want to know about is -- I just can't explain in enough words how important that is to helping us get our jobs done a lot quicker.

Gardner: So, you mean you centralize and manage the log data, but it's the analytics that's the real pay off. Is that the case?

Boergermann: Yes.

Gardner: When you get reports, how do you like to view this data? Do you take some pains in slicing and dicing it, do you like it coming to you in some sort of a prepackaged template, or all the above?

Boergermann: We're doing it in a couple of different ways. We have some emails sent to us daily in a PDF format, and that's nice. Then, we actually log into the device itself and run some preconfigured reports, custom reports that we built.

Gardner: And, because you are also the security officer there at the bank, I imagine that there are some internal network benefits in terms of analysis of behaviors or patterns. Is that something you take advantage of?

Boergermann: To some degree, but also what I have done is I've turned over access to our internal IT auditors. They can log into the LogLogic device at any time and run any of the reports that they would like. So, they don't have to call me and ask me to run a report. They have that access right at their desktop anytime they want.

Gardner: One thing that has occurred to me as an analyst recently is the need for business intelligence (BI) for IT. We've seen great investments in the marketplace around BI for data, customer-facing data, internal business processes, and efficiencies around reports.

The IT department is a huge well of data, but the intelligence and analysis really is in sort of a catch-up mode. Do you think they're starting to cross over into BI for IT with some of these systems, Pete?

Boergermann: We're starting to get there, but we've got long way to go. A lot of the network gear provides reports in different formats. One piece of equipment gives you this information. The next piece of equipment gives you the same information, just in a little different format. Unless you are familiar with that, it can get rather confusing.

Gardner: Let's go back to Pat. With BI, we've seen in the last several years some pretty significant investments in the field in enterprises. Even at a time when they are under cost pressure, they're willing to spend to get those good analytics. I expect the same is about to happen in IT. How do you look at this notion of BI for IT?

Sueltz: First of all, when I think about BI, I think of taking control of the information lifecycle. And, not just gathering pieces, but looking at it in terms of the flow of the way we do business and when we are running IT systems.

So, the first thing is to collect the data. In our case, you drop in the appliance. You make sure that you are getting a 100 percent of the data from 100 percent of the sources. As we say, "No log left behind." You also provide identification of where that information is coming from on an automatic basis.

Then, of course, what you've got to do is analyze all that data. As Jian said earlier, 30 percent of an enterprise's data is generally coming from the log. For the BI piece, you’ve got to be able to collect it and then to be able to analyze it -- whether it's indexed for deep searches or even normalized -- so that you can do comparators very quickly, and you've got to be able to parse it.

Now, I'm talking at a technical level here, but this is really what underpins good BI structure. You've got to know what’s known and unknown, and then be able to assess that analysis -- what's happening in real-time, what's happening historically.

Then, of course, you've got to be able to apply that with what's going on and retain it. So, BI, as I look at it, is clearly something that's moving ahead. It's something that we can grab that quick history, for example, for logs, and analysis, but we've also got to be able to work with it just as the systems administrators and the IT and the CSOs want to see it.

That's the way it works. That's why we do it, not only forensic work for historical work, as you would get out of BI, but to look at it at real-time, slow motion, or replay, so you can get the value and the impact as it's happening, as well as the insight, and can remediate as it's going forward.

Gardner: You mentioned the notion that this needs to be a lifecycle approach. I've seen that you are involved with some framework activity on log collection. Maybe we should go to Jian on this. Could you explain what Open Lasso is, and what you guys are doing in terms of trying to create a framework or a larger context for this information that's generated by IT systems?

Zhen: Sure. There are a couple of questions there. One is, what is Open Lasso? As you may know, Project Lasso has been an open-source project sponsored by LogLogic for a couple of years now, and it has been a great success for us.

What we have done is created probably the first-ever centralized Windows event collector out there, and we made it available to essentially everybody. Internally, we've also done a lot performance, just to make it work for our customers, who usually have large, large deployments. We have customers who have been collecting thousands of window servers using Project Lasso. It's actually been a great success of ours.

Now, we come to being able to manage all the data that we collect. Pat already mentioned this a little bit with the life cycle --the collection, analysis, alerting, archiving, and destroying of that log data as it expires. That whole lifecycle is extremely critical from an IT perspective.

When you say BI for IT, I would like to use the term "operational intelligence," because that's really intelligence for the IT operations. Bringing that front and center, and allowing CIOs to make the right decisions is extremely critical for us.

Gardner: I would think that without that insight, without that intelligence, trying to undertake some of these larger activities like consolidation, modernization, energy efficiency, compliance, and some of the Payment Card Industry (PCI) Data Security Standard requirements, are much more difficult, if you don't have the ability to track this from a coordinated perspective.

Let's go back to Pete at the bank, have you found yourself moving towards more of a lifecycle mentality with the log data and information since you started using LogLogic?

Boergermann: Not that much. I know we need to get there, but we're just not there yet.

Gardner: What’s holding you back?

Boergermann: It's just the time involved in getting there. Right now, we are just analyzing data, looking for network issues, and our real focus -- being a financial institution -- is being compliant with regulations.

Gardner: Give me some examples of some of the paybacks you are getting from this insight at the level that you are requiring, particularly around security and compliance.

Boergermann: Huge. Actually, with some of the regulations that came out, we were able to quickly be in compliance with them. It was interesting. When the auditors came in and started asking, "Are you monitoring your logs? Are you reviewing them?" we could say, "Yup." We showed them exactly what we were doing. We showed them the emails that we were receiving from the LogLogic device, and it was just a real simple painless audit, because of this product being in place.

Gardner: And do you expect that you are going to be finding additional ways to exploit this information? Do you have, let's say, a virtualization activity that you are at least considering?

Boergermann: Oh, yes. We are using VMware quite a bit lately, and we'll be using LogLogic to monitor those servers as well. We're just not there yet. We got the VMware product and started building virtual machines (VMs), and it's just been incredible what we've been able to do with the product. Now, we're in catch-up mode, as far as collecting data and backing that information up.

Gardner: As I pointed out earlier, folks like you have an awful lot to bite off these days, but for organizations like LogLogic, they need to be looking a little bit further out. Let's go to the future a little bit, if we could, and I’ll throw this out to either Pat or Jian.

What do you see from a remote monitoring perspective, as we start to get into different hybrid approaches? With desktop-as-a-service (DaaS) types of activities, where more and more is happening on the server, delivery of services, maybe even the form of an application level, or the full desktop level to end users. For large enterprises, it's going to be customer-facing applications in some cases.

It seems like the whole notion of what's going on, on the server tier of that, with direct interactions with customers, with supply chain participants, and of course, with employees, becomes even more critical. What's the outlook for managing servers in this new services environment?

Zhen: I can speak to that a little bit. You mentioned server technology, and that's going to be really expanding in the IT environment. One is virtualization. The other one is a service kind of approach, with its DaaS and software-as-a-service (SaaS) kind of competing. All of these different things are really of taking a role in IT and becoming more popular quickly.

So, there are lot of challenges in these types of old environments, and we recognize that. LogLogic just came out with a virtualization, specifically for the VMware, a report package. We realize that aside from being able to collect the logs from just the VMs themselves, you have to treat the VMs as a separate machine. You collect the logs as you would be collecting from the regular machines.

Below that layer, there are the hypervisor logs, like VMware, ESX servers, VirtualCenter Logs. All these are still software, and they generate information that we can capture. We need to capture those and analyze them based on whether people are moving VMs around, whether people are migrating, whether people have stopped, and whether people are destroying them.

So, there is a whole new set of information with regards to virtualization that we now need to be able to analyze and provide some operational insight fort. They have SaaS and cloud. In some cases, it's a little bit more difficult to get the audit information out.

People are starting to realize that they need to be able to do the data audit, but if you look at some of the cloud-computing initiatives out there, a lot of them don't really provide enterprises with the type of logging and auditing that they really need.

Now, if the enterprises are really doing private clouds, they have a lot more control. Actually, that type of auditing and logging can be a lot more granular, but that's only when you have control of that cloud platform or an SaaS platform.

Gardner: Right.

Sueltz: Dana, I was just going to jump in and say that, when you started to allude to the hybrid environment, that's where LogLogic's value is such a help. For example, we have the Log Data Warehouse that basically can suck information from networks, databases, systems, users, or applications, you name it. Anything that can produce a log, we can get started with, and then and store it forever, if a customer desires, either because of regulatory or because of a compliance issues with industry mandates and such.

That's an excellent way to go forward, and we think that it sets the stage for us also to work with SaaS environments, because we can add that physical piece, if someone is running as a managed service provider (MSP) or if someone is running on VMware, and also wants to catch the logs as they are being deployed in this decentralized environment.

So, I think there is a whole new way coming, relative to the software that we produce, if one considers an appliance, or if you are looking at on-demand or in the cloud. There are lot of places that the logs play, and that provides terrific capture, as well as the analysis, and the retention for the information. So, there are some great opportunities for us going forward.

Gardner: What I hear is that there are a number of really important tactical entry points for this value -- compliance, security, reduced cost, manageability across multiple systems, distributed systems, consolidation, and modernization. Ultimately, those tactical steps put you in a position to start embarking on this information lifecycle around IT, and operational intelligence.

That will play a very important role in these organizations' ability to absorb and exploit some of these larger trends, like virtualization, SAP, and the cloud. So, it sounds like an important stepping-stone approach, and I am glad we have had a chance to get into that.

Let's just go round the table one last time for some takeaways on the economics here. Let's start with you Pat. Are you an ROI-oriented sales organization, and what are the basics of how that ROI works?

Sueltz: Well, let me talk in terms of payback. We want to add value to the enterprise. So, I'm always looking for a payback, because I know, from when I was in IT, that you've got to demonstrate something that's pretty near in, or folks will think that you are just hyping the future here. You've got to be able to simplify the IT infrastructure, for example.

We would eliminate the number of logs that are out there, that have been home grown, or what have you to reduce compliance cost, to be able to save hours on things that use to take weeks or months to do, and to provide the controls and reporting on them in an automated way, without requiring a secondary audit, to have faster forensics.

Instead of doing that like we did when I got into the business about when Abraham Lincoln was president, where it took 50 hours or more for an inquiry, we can reduce that to less than two hours.

It's all about getting that improved service delivery, so that we can eliminate downtime due to, for example, mis-configured infrastructure. That's what I think of in terms of the value that our sales folks need to be thinking about every time they call on a customer.

Gardner: And, Jian, from your perspective, what is the return of values that you see the market demanding.

Zhen: I think Pat has described that very well. From a market perspective it’s being able to get to what they are trying to troubleshoot first, so that they can get to the thing fast.

The other thing that we have seen is that people have been doing a lot of integration, taking essentially LogLogics information, and integrating it into their portals to show a more holistic view of what's happening, combining information from system monitoring, as well as log management, and putting it into single view, which allows them to troubleshoot things a lot faster.

We have seen a lot of that trend happening --the integration of data, and integration of information to provide a holistic view.

Gardner: Back to you, Pete. Do you see the return here as a major differentiator for you in your organization? Is it something that is a minor or a major payback from your perspective?

Boergermann: I would say a huge payback. The amount of timed saved by going into one interface and being able to pull back the logs of multiple devices, and get the information quickly is an enormous amount of time saved by having a product like this in our environment.

Gardner: Well great. I want to thank you all of for joining us. We have been talking about the datacenter and IT operation's efficiency through the analytic supplied to log data. Joining us has been Pat Sueltz, CEO of LogLogic. Thank you Pat.

Sueltz : Thank you, Dana. I have enjoyed it.

Gardner: We have also been talking with Jian Zhen, senior director of product management at LogLogic, thank you sir.

Zhen: Thank you Dana.

Gardner: And also Pete Boergermann, technical support manager and IT security officer at Citizens & Northern Bank. I really appreciate your input, Pete.

Boergermann: Thank you, Dana

Gardner: This is Dana Gardner, principal analyst at Interarbor Solutions. You have been listening to a sponsored BriefingsDirect podcast. Thanks for listening, and come back next time.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod. Sponsor: LogLogic.

Transcript of BriefingsDirect podcast on log management and analysis with LogLogic Copyright Interarbor Solutions, LLC, 2005-2008. All rights reserved.