The present invention generally relates to discovering dependencies, configurations and utilizations among IT (Information Technology) resources. More particularly, the present invention is related to discovering dependencies, configurations and utilizations among IT resources without requesting and obtaining credentials.
An IT resource refers to hardware resource, software resource and a resource combining hardware resource and software resource. The hardware resource may be a mainframe, a server, a peripheral, etc. The software resource may be an operating system, a database management system (DBMS), an application server, etc. The resource combining the hardware resource and the software resource may be a desktop, a laptop, a PDA, etc. A dependency between IT resources refers to how the IT resources are related and how the IT resources cooperate. For example, a dependency of a first component on a second component means that the first component needs the second component to perform its functions. A configuration of an IT resource refers to hardware configuration, software basic configuration and application configuration. The hardware configuration may refer to what processor is operating in the IT resource, how much memory exists in the IT resource, where the IT resource is located in a data center, etc. The software basic configuration may refer to what operating systems are running on an IT resource, what version of the operating system is running on an IT resource. The application configuration may refer to what applications and modules are running in an application server, what URLs are served by a web server, what tables are in a database management system, etc. Utilization of an IT resource refers to how often the IT resource is used, how much capacity the IT resource has, how much free space the IT resource has, how much used space the IT resource has, etc. The utilization further refers to power consumption of an IT resource and memory and network utilization of an IT resource.
Because modern IT systems such as operating systems, file systems, storage devices and databases are complex, it is difficult to know dependencies, configurations and utilizations among each different IT system, especially, dependencies between one IT resource and another IT resource. Manually created charts illustrating the dependencies, configurations and utilizations can have errors and can quickly become outdated. An automatic discovery of IT resources generates a collection of configuration information and dependency information necessary for most IT optimization tasks. The collection of the configuration information may refer to collecting information of hardware configurations, software basic configurations and/or application configurations. The dependency information may refer to which IT resource relies on or relates to which IT resource. The IT optimization tasks may include, but are not limited to, reevaluating and reconstructing IT environment, e.g., a network configuration or a server migration or an application consolidation, to improve operational efficiency, e.g., saving operational cost and increasing network security, and to improve routine maintenance tasks, e.g., mirroring or backing up data.
An IT-to-business relationship is often something that needs to be discovered for maintenance of IT resources. The IT-to-business relationship refers to a mapping indicating which IT resources serve which business purpose. The IT-to-business relationship includes, but is not limited to, which server includes applications or middleware used in a certain business process. Discovering dependencies among IT resources is an important task that helps in discovering IT-to-business relationships.
However, almost all existing automatic IT discovery tools require credentials to access relevant data. The existing automatic IT discovery tools include, but are not limited to, HP® Discovery and Dependency Mapping Software (DDM), EMC® smarts application discovery software and IBM® Tivoli Application Dependency Discovery Manager (TADDM). The credentials refers to access rights, username/password, login ID/password in IT resources, e.g., database management system, file system, etc. The relevant data refers to data required to obtain the dependencies, configurations and utilizations of the IT resources. Sometimes, these credentials cannot be obtained at all, e.g., due to a security reason. If these credentials can be obtained, it takes a long time until obtaining the credentials because of searching users who manage the credentials, having numerous meetings with the users and obtaining approvals of board or users who grant the credentials. Especially, when a currently existing automatic IT discovery tool needs a privileged credential to obtain the relevant data, it is nearly impossible to obtain the privileged credentials, e.g., due to a security concern, a compliance issue and/or a internal standard of an organization. The privileged credential may include, but is not limited to, a root account and a database administrator account. The root account refers to the most privileged account in UNIX® system. A user having the root account can see other user's files and current activities and can create/delete/modify accounts of other users. The database administrator account refers to the most privileged account in a database system. A user having the database administrator account can see tables created by other users and manage accounts of other users. The compliance issue refers to satisfying Sarbanes-Oxley (data and applications used for financial reporting), HIPAA (medical data about patients) or PCI DSS (Payment Card Industry Security Standard), etc. If a system stores data or applications that are controlled by a law like Sarbanes-Oxley, HIPAA or PCI DSS, then there is often requirement that only users that have a direct business need should obtain an access to the system. The internal standard refers to standard extending legal standards.
To avoid obtaining credentials, some existing IT discovery tools rely on a snoop server. The snoop server refers to a server for observing and capturing network traffic for an analysis. For example, SUN® Solaris® operating system provides an administrative snoop command that captures network packets and displays either a summary of the packets in a single line or in a very detailed description. However, the summary of the packets only provides information about packet headers. Network snooping, e.g., snoop command in SUN® Solaris®, is not enough to find out precisely which application programs communicate with each other. Moreover, in a production environment with real data, e.g., a server running a financial application in a bank or managing patient data in a hospital, network snooping often requires authorizations that can be obtained only by a complex approval process, e.g., having numerous meetings to obtain an approval by board members. Having the numerous meetings, explaining to users why credentials are required and/or why discovering dependencies, configurations, and utilizations among IT resources is needed, and finally obtaining necessary credentials to perform a discovery of the IT-to-business relation often takes months and almost always takes more than a couple of days.
However, in many service engagements, i.e., when executing a contract, discovering dependencies, configurations and utilizations among IT resources is required in an early phase that precedes a main activity such as IT optimization. Therefore, waiting a couple of days or months to obtain credentials may be unacceptable in the many service engagements, because a delay of couple of days or months in the early phase may also cause a delay of the main activity in a later phase. Discovering dependencies, configurations and utilizations among IT resources is also desired in an early phase in outsourcing deals in order to assess feasibility of the deals and to help sizing and pricing the deals. In addition, when a client has not signed a contract yet, the client would be more reluctant to provide credentials to discover the dependencies, configurations and utilizations among IT resources.
In addition, people who manage credentials are reluctant to provide credentials to automatic IT discovery tools, because the existing automatic IT discovery tools do not guarantee that the tools do not access files or directories of customer data, e.g., banking customer data, hospital patient data. For example, after obtaining credentials, the currently existing automatic IT discovery tools connect to a target server, e.g., via SSH (Secure Shell), and then execute arbitrary commands in the target server based on an obtained credentials. The target server refers to a server on which something such as middleware or applications is to be discovered. The SSH (Secure Shell) network protocol allows data to be exchanged using a secure channel between two network devices. Furthermore, the tools may install and execute temporary software, i.e., software to be deleted after being executed, in the target server. Because the tools directly communicate with the target servers and execute certain commands without engaging any user who is responsible for managing the target server, the user, who is managing the target server, has very little control over what the tools do on the target server. Especially, the user may want that the tools only perform read operations and that the tools do not access files or directories of security data such as banking files and user's account information. However, the tools are not typically controlled or configured to not access a certain file or directory. It is difficult to verify that the tools do not access a certain file or directory. Therefore, people who manage credentials are more reluctant to assign credentials to the currently existing IT discovery tools.
Therefore, it would be desirable to discover dependencies, configurations and utilizations among IT resources without requesting or obtaining credentials.