Like any major national entry point, the San Diego Port Authority deals with its fair share of security headaches. The real-world port is patrolled by local Harbor Police, environmental monitors, airport security, military security and the customs and immigration authorities you'd expect. Responsibility for IT security, though, came down to how alert and persistent a staff of 18 people could be, when it was already supporting 11 separate sites, more than 700 users, more than 60 networking devices making up a wide-area network, and a mix of Microsoft, NetWare and Unix servers.
Last year, the port's IT group began testing products to simplify virtual and physical infrastructure monitoring. What they found points to the growing number of options in the data center management space, including tools aimed not at the largest enterprises but the midsize ones.
With a busy airport, the largest Navy base on the West Coast, more than 250 cruise-ship arrivals per year, two major cargo terminals, 16 waterfront parks and more than 600 commercial tenants, the Port and the IT infrastructure that support it both see heavy traffic.
It's not that security was particularly bad or that the network itself was particularly shaky, according to Port Director of IT Adolfo Segura. It's just that, the way the infrastructure was set up and equipped for monitoring, it was almost impossible for Segura or the IT staff to track problems back to their point of origin.
Benefits of CMDB-Based Management Apps
After years of struggling to build a unified picture of IT with point products whose views didn't mesh, Segura says, the Port started testing one of what has become a wave of all-in-one data-center management products: those designed to support both physical and virtual infrastructures, some using ITIL-based Configuration Management Databases (CMDB).
[ For timely data center news and expert advice on data center strategy, see CIO.com's Data Center Drilldown section. ]
CMDB-based management applications have the potential to give a much richer picture of and much greater control over large, complex IT operations, because they centralize performance data in a repository that allows IT managers to relate activities that would otherwise be hard to connect, according to Dennis Drogseth, analyst at Enterprise Management Associates.
The CMDB-based applications such as those from EMC's Ionix division or BMC, for example, are designed to separate the process of collecting data from the analysis of that data, Drogseth says. This separates the tools used to collect performance data, which are typically produced by a hardware vendor and are designed and optimized for that vendor's products, from the tools used to analyze it.
This approach requires that a far greater breadth of data be collected in one place and that the data be standardized so it can be crunched using tools that are convenient or affordable for the end user, not the vendor, Drogseth says.
"The focus lately on these suites has been on cloud and virtualized environments, which is a good reference point to understand the nature of the architecture," Drogseth says. "You're decoupling data gathering, data sharing, business process and business automation in a strata that allows you to run better analytic tools over a more cohesive fabric."
Multifaceted toolsets like BMC and EMC's, however, tend to be designed for large, complex organizations that can afford large, complex management applications, Drogseth says.
Tools Aimed at Midsize Companies Emerge
The San Diego Unified Port District, unfortunately, is complex enough to keep its small IT staff hopping, but not large enough for the rocket-science management products, Segura says.
"We have a very heterogeneous environment and we're pretty widely distributed around the waterfront, so through the years we've used a lot of management solutions to get a handle on that," Segura says. "HP OpenView, What's Up Gold, Ciscoworks, Solar Winds and they all had their pros and cons, but the challenge was that they didn't give us an overall picture of the landscape and an ability to manage it."
Late last year the Port began testing a software-as-a-service product from AccelOps, a five-year-old startup whoe CEO, Imin Lee, also founded Protego Networks and worked as team leader of Policy Based Security at Cisco after it acquired Protego.
AccelOps is aiming at mid-sized enterprises whose data centers are growing but whose budgets are not, Lee says. Agentless monitoring software is expensive, but is becoming common enough that even mid-sized companies should be able to expect the level of data-center management capability big companies can afford, she says.
Most of other tools used by the San Diego port's IT team gave a good picture of the performance and alerts within a particular local-area network segment, or on the servers or network gear of a particular vendor, according to Ted Evans, network manager for the Port.
They didn't consolidate network traffic with server-based alerts or authentication data from directories or activity logs, however, he says. Evans spent a lot of time with network activity logs and on network-specific management consoles, while other administrators would keep track of systems within the data center. Tracking events meant correlating data collected in different tools and, often, tracking down server logs to confirm when a particular event occurred.
"That's basically impossible," Evans says. "You could do it, but it would take so much time that, for us, it wasn't realistic."
In one case an end user reported a break-in to an e-mail account. Normally Evans and the security specialists would have tried to track the culprit's tracks using network-access logs. With AccelOps, they were able to query a huge database of network and systems activity to track the attack back to a specific IT address.
"It was on another segment, across the WAN, so before it would have been really difficult to even get closer than being able to say it was from another segment," Evans says. "This way we have a user location table, traces from the switches and everything; we get the user's name, the box he logged in from, any domain associations, MAC addresses, IP address, switch to the blade and port he's coming from."
Because the data are stored separately from the performance data, Evans or Segura can also ask for special reports or queries that don't come as part of the standard set, often at little or no cost.
SaaS strategy: No Big Capital Request
With a starting price of $2,000 per month, the SaaS version of the AccelOps product fits into the Port's normal monthly budget, rather than requiring a special capital request, Segura says.
That, plus the amount of time Evans and rest of the IT group save tracking down breaches or bottlenecks or conflicts, should justify buying the service and making it part of next year's budget, according to Segura, who is currently paying a lower beta-tester price and is negotiating a contract for next year.
AccelOps users can also license the software to run on their own sites for about $24,000, which nets them as many virtual-machine-based instances as they need, Lee says. The low end SaaS license includes 250 events per second and 1.5 terabytes of storage more than enough to store a year's worth of data, she says.
As for Segura, "We are still looking at some other [management tool] options, and we'd probably look at some of the larger ones if our budget would cover it," he says. "Right now it's partly a question of SaaS or on-site; do you eat up bandwidth sending the data to someone else to store, or eat up storage keeping it internally? We'll probably end up sticking with SaaS."
Do you Tweet? Follow everything from CIO.com on Twitter @CIOonline.