Enterprise computing facilities have undergone a transformation over the past few decades from comprising one or more large (mainframe) computer systems to containing multiple complexes of networked computer systems. As used here, the term “complex” denotes such a state of affairs. A complex can comprise a collection of physical components that are under common administration, such as networks and associated physical components, such as routers, switches, hubs, repeaters, and end devices attached to the networks. Typical end devices can include servers, special-purpose “appliance” systems and storage systems. Within the context of a complex, physical components can be customized through various configuration parameters to produce specific logical resources (e.g., host systems on servers, or storage volumes on storage systems) or specific behaviors (e.g., access controls or recovery procedures).
The sheer volume and diversity of technologies, components and interconnections in such complexes have imposed well-known challenges in the areas of administration, management and maintenance. The recent advent of specialized networks, such as Storage Area Networks, System Area Networks and Server Area Networks (all of which are referred to as “SANs”), has merely added another dimension to traditional management problems.
Given that a complex consists of many interconnected and individually configured components, a problem can arise of ensuring that the complex is in fact constructed and configured in the ways that its designers intend.
For example, when initially installing or upgrading a complex, there is a need to ensure that the installed complex is a faithful replica of the intended design. This includes verifying that the correct types and quantities of components are in place, and that they are correctly interconnected.
In addition, while a complex is in operation, there is a need to evaluate the effects of changes observed in the complex. For example, if a new device is plugged into a network, it could be an authorized event (e.g., if the device is known to be part of the complex and has recovered following a failure) or an unauthorized event (e.g., the device is not an authorized part of the complex, or is connected to an incorrect network or at an incorrect location on the correct network.
Further, where components of a complex are configurable or programmable (e.g., have options, settings, or adjustments, or contain alterable program material such as firmware) there is a need to ensure that such components are configured or programmed in an acceptable fashion, and to take remedial action if they are not.
Various tools for managing networks and computer systems exist, and many of them incorporate means by which an administrator's intent regarding certain aspects of a network can be recorded and assessed. However, the representation of intentions in existing products has a number of drawbacks. First, the representation of intent is fragmented across multiple sources, and in multiple forms. Often, management products are built as multiple separate domain-specific management systems (e.g., one application for managing storage, another for managing servers, yet another for managing networks) each of which incorporates its own conventions for representing an intended state.
Another drawback relates to the fact that such operations as assigning complex-based resources to particular applications requires visibility across many domains because an application typically requires servers and storage and capacity on multiple networks. Fragmented information, however, makes this analysis more difficult.
As another drawback, the intended state of a network is generally not explicitly represented, or may be ambiguously intermixed with operational data to the extent that distinguishing what is intended and what is merely an artifact of the current state of the complex is difficult or impossible.
Further, many existing management products depend upon an initial discovery operation to assess the content of some domain (e.g., a network, or servers attached to a network), and then to use the results of the discovery to create a database. One drawback to this approach is that elements of the domain that are not present or functioning during discovery may never be entered into the database. Further, elements that are not intended to be part of the domain may be erroneously entered into the database. While the database can be eventually modified into a reasonable representation of the domain's intended state it can only achieve that status by a careful evaluation and editing after the initial discovery operation. This typically requires the on-site services of an expert in the domain, and because the comparison process is manual, is prone to error.
Several models have been designed for constructing management systems over related domains (typically, for network management). For example, typical network managers, such as the OpenView.®. Network Node Manager made by Hewlett Packard Company, perform various discovery and monitoring operations and representations of devices encountered during discovery are placed into a database. Database contents are maintained until removed by an administrator. The database thus records a history describing what elements of a network have been encountered over time. This allows a network administrator to determine when the state of elements within the network have changed.
In this model the results of the discovery operation can differ from an administrator's intent in several ways. First, if a device is not operational at the time discovery is performed, the network complex will not discover it. Second, because not all devices are discovered and recorded, the database may have either too few or too many devices relative to the administrator's intentions. While these network managers typically provide tools to allow an administrator to edit the database (e.g., adding missing devices or deleting extra ones), this manual task is time-consuming and prone to error. In addition, the edit process typically requires substantial expertise on the part of the personnel doing the editing.