1. Field of the Invention
The present invention generally relates to computer network management. More particularly, the present invention pertains to a method and apparatus for generating configuration rules for computing entities within a computing environment using association rule mining.
2. Description of the Related Art
Typically, a data center is a facility within a computing environment that is used to house mission critical computer systems and associated components. A data center includes environmental controls, such as air conditioning, fire suppression, and the like, redundant/backup power supplies, redundant data communications connections and high security among others. A bank, for example, may have a data center, where all its customers' account information is maintained and transactions involving these data are performed. Likewise, in another example, practically every company either mid-sized or larger has some kind of data center with larger companies often having dozens of data centers. Besides, most large cities have many purpose-built data center buildings in secure locations near telecommunications services. Most collocation centers and Internet peering points are located in these kinds of facilities.
Conventional enterprise data centers frequently accommodate thousands of servers, running hundreds of applications. For instance, in such circumstances, it is difficult to administer these servers so that all the servers are appropriately configured, patched, and the like, in accordance with the applications they host.
In order to handle the aforementioned circumstances, the current practice is to utilize discovery tools to gather configuration data from the data center. Test the configuration data gathered against a set of predefined rules, such as templates, reference configurations, gold standards, and the like, usually derived from ‘best practices’ or IT policies. Eventually, flag the violations or anomalies for administrator attention.
Although, anomalies or violations amid the servers, other data elements (i.e. storage, network, and the like), and the applications they host are detected by utilizing the aforementioned practice, this practice merely facilitates testing of the gathered configuration data against the predefined rules (or hard coded set of rules.) This is owing to the fact that not all applications, in conventional data centers, have their corresponding reference template specified. In certain scenarios, even if the templates for some applications are specified, not all configuration parameters (or rules) may be codified as some of the rules will be inevitably overlooked owing to human error. Besides, the templates may be incomplete and incompletely instantiated. Also, as data centers evolve over time, these rules have to be updated accordingly. Inevitably, templates will lag behind the state of the data center, because configuration sanity-checking takes lower priority than keeping the applications available, updated and secure.
Data centers are usually managed in ‘silos.’ Within a given data center, storage administrators independently manage storage devices and specify their templates. More specifically, server templates are independently specified by server administrators, and so on. In such scenarios, configuration settings that span across these silos cannot therefore be easily captured in templates. Thus, configuration errors that occur due to lack of coordination among these administrators often remain undetected until they actually result in a potential problem.
As stated above, existing tools require a hard-coded set of rules against which the configuration data is checked. However, such tools fail to discover unanticipated types of configuration errors. Moreover, domain expertise is needed to create these set of rules.
Accordingly, there is a need in the art for methods and apparatuses to facilitate automated configuration rule definition.