[go: up one dir, main page]

WO2004079574A1 - A data dispatching device for dispatching data and a data processing device for processing device for processing received data - Google Patents

A data dispatching device for dispatching data and a data processing device for processing device for processing received data Download PDF

Info

Publication number
WO2004079574A1
WO2004079574A1 PCT/SE2004/000029 SE2004000029W WO2004079574A1 WO 2004079574 A1 WO2004079574 A1 WO 2004079574A1 SE 2004000029 W SE2004000029 W SE 2004000029W WO 2004079574 A1 WO2004079574 A1 WO 2004079574A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
probe
dispatching
communication
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/SE2004/000029
Other languages
French (fr)
Inventor
Christer Sundgren
Jan Carlsson
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
STABILIZER AB
Original Assignee
STABILIZER AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by STABILIZER AB filed Critical STABILIZER AB
Publication of WO2004079574A1 publication Critical patent/WO2004079574A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/22Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing
    • G06F11/2294Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing by remote test

Definitions

  • the present invention relates to a data dispatching device for dispatching data and a data processing device for processing received data realized through several aspects.
  • the present invention relates to a data dispatching device for dispatching data related to the computer network.
  • the present invention relates to a data processing device for processing data related to a computer network.
  • the present invention relates to a probe data dispatching device for dispatching probe data related to a probe.
  • the present invention relates to a probe data processing device for processing probe data related to a probe.
  • a data dispatching device for dispatching data related to a computer network comprising at least one client computer, a server computer and a communication infrastructure.
  • the data dispatching device is associated with the at least one client computer via the communication infrastructure and it comprises a memory, a processor, and communication means.
  • the processor is configured for:
  • the service agreement states what technical parameters that will be dealt with by the present invention.
  • This aspect offers the advantage of not having to provide access to the computer network since the communication is arranged by using for instance e-mail communication which does not require access from the outside to the inside of their clients' computers and computer networks.
  • the communication of the data is achieved by using automatic data communication, which have been automatically prepared and sent according to a service agreement.
  • the fact that the dispatching of data communication is accommodated at predetermined time intervals offers the advantage of being able to assemble for instance weekly computer network operations data aggregations. Further, the fact that the dispatching of data communication is accommodated on predetermined events offers the advantage of being swift in terms of response to extraordinary situations occurring in the computer network. This is achieved without having to compromise the security of the access to the computer network.
  • a data processing device for processing data related to a computer network.
  • the data processing device comprises a memory, a processor, and communication means.
  • the processor is configured for:
  • SMS Message Service
  • MMS Multimedia Message Service
  • This aspect offers the advantage of being able to receive data from a computer network without having to have access to the computer network, since the communication is arranged by using for instance e-mail communication which does not require access from the outside to the inside of their clients' computers and computer networks.
  • the communication of the data is achieved by using for instance automatic e-mails, which have been automatically prepared and sent according to a service agreement indicating predetermined criteria and/or parameters of interest. Indicating the output using the above suggested communication means offers flexibility for the user.
  • the fact that the receiving of email communication is accommodated at predetermined time intervals offers the advantage of being able to assemble for instance weekly computer network operations data aggregations. Further, that the receiving of email communication is accommodated on predetermined events offers the advantage of being swift in terms of response to extraordinary situations occurring in the computer network. This is achieved without having to compromise the security of the access to the computer network.
  • the processor is further configured for generating reports based on the output. The reports comprise information concerning alarms and statistics of the operation of the computer network. This offers the advantage of being able to provide aggregations of the data.
  • the data is related to at least one of machine configuration, basic system functionality, and networking.
  • the data dispatching device is constituted by the server computer.
  • Arranging the data dispatching device in the server computer e.g. in the form of a computer software, offers the advantage of lowering the cost.
  • a probe data dispatching device for dispatching probe data related to a probe.
  • probe should be interpreted widely here, as it may be for instance a sensor, measurement probe or similar.
  • Non-limiting examples include a thermometer, light indicator, humidity indicator, voltage indicator, current indicator, flow indicator, viscosity indicator, thickness indicator, and depth indicator.
  • the probe data dispatching device according to this aspect comprises a memory, a processor, and communication means, where the communication means are arranged for handling the communication with the probe.
  • the processor is configured for:
  • This aspect offers the advantage of not having to provide access to a probe that comprises a computer arranged with data communication facilities, or a computer arranged with data communication facilities and in connection to the probe, since the communication is arranged by using for instance e-mail communication which does not require access from the outside to the inside of their clients' computers and computer networks.
  • the communication of the probe data is achieved by using for instance automatic e-mails, which have been automatically prepared and sent according to a service agreement.
  • the fact that the dispatching of for instance email communication is accommodated at predetermined time intervals offers the advantage of being able to assemble for instance weekly computer operations probe data aggregations. Further, the fact that the dispatching of data communication is accommodated on predetermined events offers the advantage of being swift in terms of response to extraordinary situations occurring in the computer network. This is achieved without having to compromise the security of the access to the computer network.
  • a probe data processing device for processing probe data related to a probe.
  • the probe data processing device comprises a memory, a processor, and communication means.
  • the processor is configured for;
  • SMS Short Message Service
  • MMS Multimedia Message Service
  • the fact that the receiving of data communication is accommodated at predetermined time intervals offers the advantage of being able to assemble for instance weekly computer operations probe data aggregations. Further, the fact that the receiving of data communication is accommodated on predetermined events offers the advantage of being swift in terms of response to extraordinary situations occurring in the computer network. This is achieved without having to compromise the security of the access to the computer network.
  • the processor is further configured for generating reports based on the output.
  • the reports comprise information concerning alarms and statistics of the operation of the probe. This offers the advantage of being able to provide aggregations of the probe data.
  • the data is related to at least one of probe configuration, and basic system functionality.
  • a method for obtaining data indicating operational circumstances of network components in a first network comprising the steps of:
  • the following communication protocols may be used in the communication means between the first and second netowrks: SMTP, POP (Post Office Protocol),
  • IMAP IMAP
  • ACAP DSMP
  • FTP FTP
  • SFTP SFTP
  • telnet http, https, SNMP, SSL, and/or SSH.
  • Preferably data is encoded in an XML format according to a predetermined specification.
  • a system for data communication network surveillance comprising a data dispatching device, a data processing device, and communication means there between; the data dispatching device is operationally arranged to: - acquire and aggregate data from at least one process under surveillance located in a first network;
  • the following communication protocols may be used in the communication means between the first and second netowrks: SMTP, POP (Post Office Protocol),
  • the data dispatching device is located as an instruction set in a network component under surveillance.
  • Local monitoring agents located in network components also have an instruction set for delivering process data.
  • Monitoring agent complies to the SNMP (Simple Network Management Protocol) standard.
  • Preferably data is encoded in an XML format according to a predetermined specification.
  • Figure 1 a schematic representation of a data dispatching device for dispatching data related to the computer network and a data processing device for processing data related to a computer network is presented.
  • FIG. 2 a schematic representation of a data dispatching device for dispatching data related to a probe and a data processing device for processing data related to a probe is presented.
  • FIG. 3 a schematic block diagram illustrates different modules and components in a preferred system setup.
  • FIG 1 an embodiment of a system comprising a data dispatching device for dispatching data related to the computer network and a data processing device for processing data related to a computer network is presented.
  • a computer network 1 comprising at least one client computer 3, a server computer 5 (or any other network device component) and a communication infrastructure 7.
  • a data dispatching device 9 for dispatching data related to the computer network 1 is associated with the at least one client computer 3 via the communication infrastructure 7 and comprising a memory 11, a processor 13, communication means 15.
  • the data is related to at least one of machine configuration, basic system functionality, and networking.
  • the processor 13 is configured for receiving data from at least one of the at least one client computer 3, the server computer 5, and the communication infrastructure 7, the data being related to operational circumstances thereof and in accordance with a predetermined data parameter list.
  • the processor 13 is also configured for preparing the data for dispatching, prior to dispatching the data to a remote data processing device 17 for further processing of the data. This is achieved by using automatic data transfer methods through for instance e-mail communication, FTP, SFTP, http, https, SNMP, SSH, or SSL methods. It is automatic in the way that the data is received from the at least one client computer 3 and the communication is automatically, according to content of the service agreement, transmitted to the remote data processing device 17.
  • the dispatching of data communication is accommodated at at least one of predetermined time intervals and on predetermined events, i.e. in case a situation has occurred in the computer network that immediately needs attention, and then for instance an e-mail communication is sent indicating the occurred event.
  • the data dispatching device 9 is constituted by the server computer 5.
  • the server computer 5 In order to increase the flexibility of a local monitoring agent located in each of the monitored systems; it is designed using several independent modules, each repsonsible for different tasks. For instance different communication modules are used depending on preferred communication protocol. Other modules are used for data collecting purposes and may be tailor designed and/or configured for each specific customer and customer needs in order to collect relevant data.
  • the local monitoring agent communicates using the SNMP protocol with a Server agent (data dispatching device) responsible for communicating with a central data processing device. Since the local monitoring agent complies to the SNMP standard (Simple Network Management Protocol) with a standard MIB (Management Information Base) interface also other management software may be able to acquire data from the local agent.
  • the local monitoring agent delivers a refined data set upon an information request from the server agent, instead of sending a long list of parameters, where many of the parameters are not relevant, the local agent transmits exactly the requested data. For instance, upon a request about a disc volume usage, information about used disc volume presented in percentage is replied, instead of a long list including stored data volume, size of disc, serial number of disc, number of sectors, and so on. This reduces the communication size and is user friendly.
  • the server agent may acquire such data directly without the usage of local agents, however, if data not complying to SNMP standards is wanted a local agent may be used that handles the interface towards acquiring non standard SNMP related parameters.
  • the data dispatching device 9 is thus responsible for communicating data, using for instance e-mail communication, to a data processing device 17 for processing data related to a computer network.
  • the data processing device 17 comprises a memory 19, a processor 21, and communication means 23.
  • configuration and collected data are interfaced using a predetermined interface format as specified by an interface specification 130. All modules communicating with each other use this format. If data is sent using this predetermined format the data processing device 17 and/or the data dispatching device 9 may understand the data and use the data in analysis or for configuration purposes.
  • the processor of the data processing device 17 is configured for receiving data from a remote data dispatching device 9 for dispatching data related to the computer network 1, using the communication means 23 for receiving automatic communication.
  • the processor 21 is further configured for generating an output by processing the data by at least one of:
  • the alarm reference system may comprise a limit related to hard disk usage, which, when exceeded, leads to an alarm being set causing the device 17 to automatically generate an output in the form of an e-mail communication. In case data is investigated, then an e- mail communication will be generated.
  • the processor 21 is further configured for indicating the output using the communication means to at least one of a cellular phone, using one of recorded voice messages, Short Message Service (SMS) and Multimedia Message Service (MMS); a computer by using e-mail communication; and a browser of a computer.
  • SMS Short Message Service
  • MMS Multimedia Message Service
  • a computer by using e-mail communication
  • a browser of a computer e.g., a browser of a computer.
  • These presentation options are indicated in Figure 1 by the numeral 25. Within the scope of the present invention, it is possible to use one of the presentation options, or two or all three.
  • the output may be presented on any type of computational device with means for communication, a graphical user interface implemented, and display means.
  • a graphical user interface implemented, and display means.
  • workstations laptops, servers, PDA's (Personal Digital Assistants), even a pager may be used.
  • PDA's Personal Digital Assistants
  • the processor 21 is further configured for generating and communicating reports based on the output, i.e. the data processing device 17 is also arranged for assembling and interpreting data for subsequent communication to one or more presentation means 25.
  • a probe data dispatching device 33 for dispatching probe data related to a probe 31 and a probe data processing device 45 for processing probe data related to a probe 31 is presented.
  • two non-limiting examples of probes 31 are presented: a thermometer and a hygrometer.
  • Probe data is related to at least one of probe configuration, and basic system functionality.
  • the probe data dispatching device 33 comprises a memory 35, a processor 37, and communication means 39.
  • the processor 35 is configured for receiving probe data from the probe 31.
  • the probe data is in accordance with a service agreement and related to operational circumstances of the probe 31.
  • the processor 35 is configured for preparing the probe data for dispatching, and dispatching the probe data to a remote probe data processing device, using for instance automatic e-mail communication.
  • the dispatching is accommodated at at least one of predetermined time intervals and on predetermined events.
  • a probe data processing device 45 for processing probe data related to a probe 31.
  • the probe data processing device 45 comprises a memory 47, a processor 49, and communication means 51.
  • the processor 49 is configured for receiving probe data from a remote probe data dispatching device 33 for dispatching probe data related to the probe 31, using the communication means 51 for receiving for instance automatic e-mail communication. Also, the processor 49 is configured for generating an output by processing the probe data by at least one of:
  • the processor 49 is configured for indicating the output on a presentation means 53, such as, using the communication means 51, to at least one of a cellular phone, using one of recorded voice messages, Short Message Service (SMS) and Multimedia Message Service (MMS); a computer by using e- mail communication; and a browser of a computer.
  • the output may be presented on any type of computational device with communication means, a graphical user interface implemented, and display means. Among these devices one may mention workstations, laptops, servers, PDA's (Personal Digital Assistants), and any other information carrier such as a pager may be used.
  • the processor 49 is further configured for generating and communicating reports based on the output, i.e. the probe data processing device 45 is also arranged for assembling and interpreting probe data for subsequent communication to one or more presentation means 53.
  • the data dispatching device (9, 33) and the data processing device (17, 45) comprise a number of blocks:
  • a client dispatcher for bundling information files and sending these client messages in the form of files to the data processing device (17, 45).
  • a message handler for receiving client messages from clients and storing them into a database.
  • a report handler for creating reports for alarms and statistics and sending reports to customers using the communication means (23, 51) and the presentation means (25, 53).
  • the sending of client messages is for instance in the XML format. However in order to ensure data integrity and compatibility, configuration and collected data is interfaced using a predetermined interface format. All modules communicating with each other use this format. If data is sent using this predetermined format the processing device 45 and/or the data dispatching device 33 may understand the data and use the data in analysis or for configuration purposes.
  • the agents work in the client environment with collecting relevant system information.
  • the agents consist mainly of standard SNMP agents but in some cases where SNMP is not sufficient for the task there will be specially designed agents implemented. Since the use of the SNMP standard among vendors is increasing and the number of MIB's, Management Information Base, is growing, the capabilities to collect relevant information from computer systems are automatically enhanced. Information is encoded in XML messages, however they may be oncoded with other systems, for instance html, ASCII or similar. Messages are included in a transaction and are sent to the data processing device on a regular basis. Agents are divided into the following modules.
  • Agents for the major operating systems and major database suppliers may easily be incorporated. Connection to the data processing device may be established via SMTP, IMAP, ACAP, DSMP, FTP, SFTP, Telnet, http, https, SNMP, and/or direct socket communication like for instance SSH, or SSL, as long as the communication protocol is capable of moving data conforming to the predetermined interface format. Supplementary agents are developed with the standard tools in the operating system. Java clients may be used as a complement to the standard tools. Agents developed in other languages may be included as long as they conform to the XML message layout described in the Agent Developers Guide. The client side software is divided into four independent blocks:
  • a log keeping block for housekeeping in the client environment Set up and maintenance of agents may be performed via a web interface. It is possible to download, configure new and change existing agents via the web interface.
  • the message handler is configured for receiving information from agents and storing the information in the data processingdevice. Receiving information may be supported by mailboxes, files and through socket connections. Mailbox connections may be used for clients working behind firewalls. Files connections are preferred for transporting large transactions. Socket is a fast two-way connection.
  • FIG 3 a schematic block diagram over a preferred system embodiment is illustrated.
  • the system is built on a modular approach and all modules may be changed as long as modules comply with the standardized interface specification.
  • the communication modules 110 (all possible modules are not shown, only a subset are shown to illustrate the concept) may be using any protocol as long as they comply with the interface format 130.
  • the communication modules may also be chosen in accordance with specific security policies at the site location of the dispatching device 9.
  • the communication modules transmit data to a processing unit 17.
  • modules 120 may be implemented for collecting data from devices under surveillance, these modules depend on installed operating systems (OS) on the devices. Each operating system dependent module 120 collects relevant data from different sources depending on OS and chosen parameters of interest.
  • OS operating systems
  • the interface specification has been named "Checker” and states that the input, module and output must comply with specific formats. Input comply with the writeXML structure, the module must accept data, process the data and produce a result. The module is independent in action without any remote dependencies for the operation.
  • Configuration data has a default part and a checker part.
  • the default part contains data shared by all checker modules.
  • the checker part specifies modules to run, when to run and the output protocol for a module. It must be noted that data for a module is not part of the checkers interface. Data is passed to the correct module with a module depending part in the XML structure. A new module can dynamically be added to existing ones. Once added the modules become an integral part of the execution and share all data in the generated output.
  • Modules implements the function doCheck and doValidate, receives application data in the WriteXML data which is the technical name for the previously defined protocol and returns a WriteXML structure with added data. Somewhere in the chain of modules data are sent to the remote system by means of using a communication protocol.
  • Transactions are XML encoded for preferred data consistency and security.
  • Transactions can contain any number of messages. Transactions and messages can be set up with individual context sensitive responses.
  • the message handler is configured for handling two types of alarms, immediate and process alarms. Immediate alarms are processed and reported to the presentation means (25, 53) without delays. Process alarms are based on statistical calculations, such as trend calculations. Process alarms are processed separately and are reported regularly to the presentation means (25, 53). Data from transactions is stored in a database in the data processing device.
  • the message handler is configured for simultaneously using multiple databases that resides on different machines.
  • the alarm handler is configured for creating alarms.
  • Alarms can be of the types: value, status, average value, balance, trend, or sequence.
  • Value alarms are based on numeric values appearing outside a range.
  • Status alarms are indicators that a certain event or status has occurred.
  • Average values are the average of a number of values where the result falls outside a range.
  • Balance alarms are issued when transactions are outside a range or the resulting balance on the account is too great or too small.
  • Trend alarms are based on the number of days before a value will fall out of range, trend alarms are based on value oriented messages. Sequence alarms are issued when a sequence number falls out of a predefined order.
  • the alarm handler consists of two parts, the immediate alarm handler and the process alarm handler.
  • Input to the immediate alarm handler comes directly from the message handler and alarms directly when a value falls outside its limits or when a balance is out of range.
  • the process alarm works independently with statistical analysis to detect trend alarms.
  • the analysis works as a background process and creates and distributes alarms whenever they are detected.
  • the web interface may comprise:
  • Installation and updates of agents may be performed using web-based software.
  • the analyser is configured for detecting and predicting error conditions from regularly incoming data by performing statistical analysis of new and historical data.
  • the analyser creates high level index indicators determining the client condition.
  • One important feature is to limit the information flow by finding the relevant data.
  • Analysis data is messages with information about for instance value, status or account-handling.
  • Value oriented data is typically time related values forming trends that allows the analyser to predict future events.
  • Status oriented data indicates an event, e.g. a raid system that re-syncs. No data is lost, but a re- sync might indicate severe hardware problem if it happens too often and analyser therefore keeps track of such events.
  • Account oriented alarms are indicating that a balance account is "out of credit”. This alarm can be activated in the message handler or in the analyser.
  • Trend analysis is based on regression analysis and pattern matching against specific curves, other trend calculations may be for instance average values, standard deviation, or Fast Fourier Transfom (FFT). It is possible to order trends for different time intervals. This is to show that different variants of advanced analysis of acquired data are done in the data processing device.
  • FFT Fast Fourier Transfom
  • Service level calculation is based on a limit in response time value from any number of linked messages.
  • a response time within the limit indicates a service level of 1 meaning that the service level is satisfactorily (OK).
  • a response time exceeding the limit is not satisfactorily (NOT OK) and is indicated by a service level of 0.
  • the discrete time points when the response time is measured are connected with a selectable regression analysis. Selection are standard linear or curve fitting, other special adapted modules can be included.
  • the service level is calculated under a time span. The time span can be freely selected within the range of available data. The time span is correlated with the number of discrete values giving the needed exactness for the regression analysis.
  • the calculation of service level may be defined as
  • SL 100 * (service level time span - time with service level 0) / service level time span
  • the example is based on one measuring point. When more points are measured they are selected as accumulative values. A total service level is calculated as the "bitwise and" of the individual curves.
  • the result of the analysis is a catalogue including duplicate files, temporary files, not accessed files, large files listing, and not used space.
  • the module is configured for crawling through the data for a number of linked machines and tries to move load between the machines. Each try is evaluated and a better configuration is found it is suggested. The best suggestion is considered the optimum and is named "the optimal configuration".
  • the calculation base consist of time related data and static configuration data. Time related data indicate the load, configuration data the capacity. The relation between the two is the performance. Below are a number of time related data parameters.
  • Configuration data parameters includes: Included machines, Operating system, Processor speed, Disk size, Disk IO capacity, and Network capacity.
  • Utilization of IO can be better if a disk is moved
  • Machine A and B can be upsized
  • Disk IO needs to be extended.
  • Input data may be process name and current CPU utilization and process name and current memory utilization. From this data, process CPU consumption, process time consumption, process should not run, and process missing are presented.
  • the report handler is responsible for the encoding of a message into the report format for a customer and to safely distribute the report on the correct channels to the destination.
  • Reports can be encoded as html mail, text mail, SMS and
  • MMS messages Apart from the specific encoding reports are always available on the web.
  • the analyzer reports may be available in detailed, brief and management format. It is possible to select individual time intervals for -the different reports.
  • Alarm reports from the alarm handler utilizes the report handler functionality of encoding for different channels and safe distribution
  • the system may monitor both SNMP related parameters, which means that several hundred or thousand different parameters may be monitored in a windows environment for instance, and proprietary monitoring parameters using the module built architecture enabling customer specific measurements.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Telephonic Communication Services (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)

Abstract

The present invention relates to devices for remote monitoring of a computer network or a remote probe associated with a computer having data communication facilities. An aggregating data dispatching device (9) for dispatching data related to a computer network (1) comprising at least one client computer (3), a server computer (5) and a communication infrastructure (7) is disclosed. The data dispatching device (9) is configured for communicating, using data communications, with a data processing device (17) for processing data related to the computer network (1). The output of the data processing device (17) is communicated using a communication means (23) to at least one of: a cellular phone, using one of recorded voice messages, Short Message Service (SMS) and Multimedia Message Service (MMS); a computer by using e-mail communication; and a browser of a computer. The invention is also applicable to remote monitoring of a probe (31) associated with a computer having data communication facilities.

Description

A DATA DISPATCHING DEVICE FOR DISPATCHING DATA AND A DATA PROCESSING DEVICE FOR PROCESSING RECEIVED DATA
TECHNICAL FIELD
The present invention relates to a data dispatching device for dispatching data and a data processing device for processing received data realized through several aspects. According to a first aspect, the present invention relates to a data dispatching device for dispatching data related to the computer network. According to a second aspect, the present invention relates to a data processing device for processing data related to a computer network. According to a third aspect, the present invention relates to a probe data dispatching device for dispatching probe data related to a probe. According to a fourth aspect, the present invention relates to a probe data processing device for processing probe data related to a probe.
BACKGROUND OF INVENTION
The advent of communication technology has lead to increased opportunities of transmitting and receiving data, particularly over distances. Along with the developments in the communication field, the need for having secure communication has increased.
In the field of remote monitoring of for instance the operation of computer networks, the security issue is highly relevant since remote monitoring is today likely to involve a rather open, and to some extent also insecure, communication with the company delivering the remote monitoring service. Today it is not unlikely that such a company requires access from the outside to the inside of their clients' computers and computer networks. Clients to remote monitoring companies often experience a discomfort when allowing access from the outside to their computer infrastructure. This discomfort is partly based on the risk of hackers attempting to access the clients' computers and computer networks.
These drawbacks and problems has been made discussed in several documents attempting to find solutions for above problems, for instance in US patent application number 2002/0169871. In this document a system for automatically and repeatedly collecting data indicative of an operating state of a machine and transmitting the collected data to a remote location is discussed. Each machine under surveillance has an agent that is responsible for transmitting collected data to the remote location, this means that the agents need to have all necessary communication software in order to transmit collected data. In this system only an email protocol (SMTP - simple mail transfer protocol) is used and dedicated agent versions for different operating systems collecting standard data from standard operating system parameters is used. The solution with dedicated agents is a drawback in the sense that it is not possible to tailor design a monitoring system for specific customer needs and the system thus lacks flexibility. It may also be inconvenient to have only an SMTP communication link available as used in this document.
Within other technological fields attempts has been made to collect data and send them using network connections. For instance in European patent application number EP 1113366 where machinery is remotely monitored using email messaging. This document describes that an email is generated when a predefined condition is fulfilled, and in the email message return address line the sensor and site is included. In this invention a one way communication path is disclosed and also it relies solely on email messaging upon sensed predetermined conditions. It does not have appropiate aggregating functions to operate in large installations.
In US patent application number US2002/0046246 an electronic device for monitoring power systems is disclosed. In this application a device accepts incoming email messages with commands and returns measurements accordingly. This is an ad hoc based measurements system and it communicates via email only.
In WO 00/36412 a water quality system is revealed and this system also communicates via email or ftp methods. It also lacks an aggregating function.
SUMMARY OF INVENTION
The purpose of the present invention is to alleviate the above mentioned problems. According to a first aspect of the present invention, a data dispatching device for dispatching data related to a computer network comprising at least one client computer, a server computer and a communication infrastructure is disclosed. The data dispatching device is associated with the at least one client computer via the communication infrastructure and it comprises a memory, a processor, and communication means. The processor is configured for:
• receiving data from at least one of the at least one client computer, the server computer, and the communication infrastructure, the data being related to operational circumstances thereof and in accordance with predetermined criteria;
• preparing the data for dispatching; and
• dispatching the data to a remote data processing device, using automatic data communication, the dispatching being accommodated at at least one of predetermined time intervals and on predetermined events.
The service agreement states what technical parameters that will be dealt with by the present invention.
This aspect offers the advantage of not having to provide access to the computer network since the communication is arranged by using for instance e-mail communication which does not require access from the outside to the inside of their clients' computers and computer networks. Thus, the communication of the data is achieved by using automatic data communication, which have been automatically prepared and sent according to a service agreement.
Also, the fact that the dispatching of data communication is accommodated at predetermined time intervals offers the advantage of being able to assemble for instance weekly computer network operations data aggregations. Further, the fact that the dispatching of data communication is accommodated on predetermined events offers the advantage of being swift in terms of response to extraordinary situations occurring in the computer network. This is achieved without having to compromise the security of the access to the computer network.
According to a second aspect of the present invention, a data processing device for processing data related to a computer network is disclosed. The data processing device comprises a memory, a processor, and communication means. The processor is configured for:
• receiving data from a remote data dispatching device for dispatching data related to the computer network, using the communication means for receiving automatic data communication;
• generating an output by processing the data by at least one of:
A) relating the data to an alarm reference system, arranged in the memory, comprising conditions for generating an alarm, the concordance between the data and the alarm reference system defining the output; and
B) investigating the data, potentially in combination with previous data, resulting in an output of one or more indications of the operational circumstances;
• indicating the output using the communication means to at least one of: • a cellular phone, using one of recorded voice messages, Short
Message Service (SMS) and Multimedia Message Service (MMS); © a computer by using e-mail communication; © a browser of a computer; And β a computational device with display means.
This aspect offers the advantage of being able to receive data from a computer network without having to have access to the computer network, since the communication is arranged by using for instance e-mail communication which does not require access from the outside to the inside of their clients' computers and computer networks. Thus, the communication of the data is achieved by using for instance automatic e-mails, which have been automatically prepared and sent according to a service agreement indicating predetermined criteria and/or parameters of interest. Indicating the output using the above suggested communication means offers flexibility for the user.
Also, the fact that the receiving of email communication is accommodated at predetermined time intervals offers the advantage of being able to assemble for instance weekly computer network operations data aggregations. Further, that the receiving of email communication is accommodated on predetermined events offers the advantage of being swift in terms of response to extraordinary situations occurring in the computer network. This is achieved without having to compromise the security of the access to the computer network. According to a preferred embodiment of the second aspect, the processor is further configured for generating reports based on the output. The reports comprise information concerning alarms and statistics of the operation of the computer network. This offers the advantage of being able to provide aggregations of the data.
According-to a preferred embodiment of the first and second aspects, the data is related to at least one of machine configuration, basic system functionality, and networking.
According to a preferred embodiment of the first aspect, the data dispatching device is constituted by the server computer. Arranging the data dispatching device in the server computer, e.g. in the form of a computer software, offers the advantage of lowering the cost.
According to a third aspect of the present invention, a probe data dispatching device for dispatching probe data related to a probe is disclosed. It should be pointed out that the term probe should be interpreted widely here, as it may be for instance a sensor, measurement probe or similar. Non-limiting examples include a thermometer, light indicator, humidity indicator, voltage indicator, current indicator, flow indicator, viscosity indicator, thickness indicator, and depth indicator. The probe data dispatching device according to this aspect comprises a memory, a processor, and communication means, where the communication means are arranged for handling the communication with the probe. The processor is configured for:
• receiving probe data from the probe, the probe data being in accordance with a service agreement and related to operational circumstances of the probe;
• preparing the probe data for dispatching; and
• dispatching the probe data to a remote probe data processing device, using automatic data communication, the dispatching being accommodated at at least one of predetermined time intervals and on predetermined events.
This aspect offers the advantage of not having to provide access to a probe that comprises a computer arranged with data communication facilities, or a computer arranged with data communication facilities and in connection to the probe, since the communication is arranged by using for instance e-mail communication which does not require access from the outside to the inside of their clients' computers and computer networks. Thus, the communication of the probe data is achieved by using for instance automatic e-mails, which have been automatically prepared and sent according to a service agreement.
Also, the fact that the dispatching of for instance email communication is accommodated at predetermined time intervals offers the advantage of being able to assemble for instance weekly computer operations probe data aggregations. Further, the fact that the dispatching of data communication is accommodated on predetermined events offers the advantage of being swift in terms of response to extraordinary situations occurring in the computer network. This is achieved without having to compromise the security of the access to the computer network.
According to a fourth aspect of the present invention, a probe data processing device for processing probe data related to a probe is disclosed. The probe data processing device comprises a memory, a processor, and communication means. The processor is configured for;
• receiving probe data from a remote probe data dispatching device for dispatching probe datarelated to the probe, using the communication means for receiving automatic data communication; o generating an output by processing the probe data by at least one of: A) relating the probe data to an alarm reference system, arranged in the memory, comprising conditions for generating an alarm, the concordance between the probe data and the alarm reference system defining the output; and
B) investigating the probe data, potentially in combination with previous probe data, resulting in an output of one or more indications of the operational circumstances;
• indicating the output using the communication means to at least one of:
• a cellular phone, using one of recorded voice messages, Short Message Service (SMS) and Multimedia Message Service (MMS);
• a computer by using e-mail communication;
• a browser of a computer; and
• a computational device with display means. This aspect offers the advantage of not having to provide access to a probe comprising a computer arranged with data communication facilities, or a computer arranged with data communication facilities and in connection to the probe, since the communication is arranged by using e-mail communication which does not require access from the outside to the inside of computers and computer networks. Thus, the communication of the probe data is achieved by using for instance automatic e-mails, which have been automatically prepared and sent according to a service agreement. Indicating the output using the above suggested communication means offers flexibility for the user.
Also, the fact that the receiving of data communication is accommodated at predetermined time intervals offers the advantage of being able to assemble for instance weekly computer operations probe data aggregations. Further, the fact that the receiving of data communication is accommodated on predetermined events offers the advantage of being swift in terms of response to extraordinary situations occurring in the computer network. This is achieved without having to compromise the security of the access to the computer network.
According to preferred embodiment of the second aspect, the processor is further configured for generating reports based on the output. The reports comprise information concerning alarms and statistics of the operation of the probe. This offers the advantage of being able to provide aggregations of the probe data.
According to preferred embodiment of the first and second aspects, the data is related to at least one of probe configuration, and basic system functionality.
According to another embodiment of the invention, a method is described for obtaining data indicating operational circumstances of network components in a first network comprising the steps of:
- acquiring and aggregating data from at least one process under surveillance;
- preparing said process data according to a predetermined specification of a standard interface format; - using communication software or hardware modules implementing said specification of interface format; - transmitting said process data using said communication modules, prepared for transmitting data from the first network to a remote location in a second network in accordance with security policies for the first network;
- receiving said process data at the second network; - processing said process data according to at least one of relating process data to an alarm reference system and investigating operational circumstances; and
- indicating results from said processing of said process data.
The following communication protocols may be used in the communication means between the first and second netowrks: SMTP, POP (Post Office Protocol),
IMAP, ACAP, DSMP, FTP, SFTP, telnet, http, https, SNMP, SSL, and/or SSH.
Preferably data is encoded in an XML format according to a predetermined specification.
In yet another embodiment of the invention, a system is disclosed for data communication network surveillance comprising a data dispatching device, a data processing device, and communication means there between; the data dispatching device is operationally arranged to: - acquire and aggregate data from at least one process under surveillance located in a first network;
- prepare said process data according to a predetermined specification of a standard interface format;
- transmit said process data using a communication module, prepared for transmitting data from the first network to a second network in accordance with security policies for the first network; and said data processing device is operationally arranged to:
- receive said process data from at least one data dispatching device;
- process said process data according to at least one of relating process data to an alarm reference system and investigating operational circumstances; and
- indicate results from said processing of said process data.
The following communication protocols may be used in the communication means between the first and second netowrks: SMTP, POP (Post Office Protocol),
IMAP, ACAP, DSMP, FTP, SFTP, telnet, http, https, SNMP, SSL, and/or SSH In the above described system, the data dispatching device is located as an instruction set in a network component under surveillance. Local monitoring agents located in network components also have an instruction set for delivering process data. Monitoring agent complies to the SNMP (Simple Network Management Protocol) standard.
Preferably data is encoded in an XML format according to a predetermined specification.
This and other objects, features, functions, and benefits of the present invention will become apparent with reference to the detailed description and drawings, which follows.
BRIEF DESCRIPTION OF THE DRAWINGS
In Figure 1 a schematic representation of a data dispatching device for dispatching data related to the computer network and a data processing device for processing data related to a computer network is presented.
In Figure 2 a schematic representation of a data dispatching device for dispatching data related to a probe and a data processing device for processing data related to a probe is presented.
In Figure 3 a schematic block diagram illustrates different modules and components in a preferred system setup.
DESCRIPTION OF PREFERRED EMBODIMENTS
In the following description the following abbreviations are used :
SMTP - Simple Mail Transfer Protocol
IMAP - Internet Message Access Protocol
POP - Post Office Protocol
ACAP - Application Configuration Access Protocol
DSMP - Distributed Mail System Protocol
FTP - File Transfer Protocol
SFTP - Secure File Transfer Protocol http - HyperText Transfer Protocol https - HyperText Transfer Protocol secure SNMP - Simple Network Management Protocol
SSH - Secure Shell
SSL - Secure Sockets Layer
XML - extensible Markup Language
In Figure 1, an embodiment of a system comprising a data dispatching device for dispatching data related to the computer network and a data processing device for processing data related to a computer network is presented. In Figure 1, there is a computer network 1 comprising at least one client computer 3, a server computer 5 (or any other network device component) and a communication infrastructure 7. A data dispatching device 9 for dispatching data related to the computer network 1 is associated with the at least one client computer 3 via the communication infrastructure 7 and comprising a memory 11, a processor 13, communication means 15. In one embodiment, the data is related to at least one of machine configuration, basic system functionality, and networking. The processor 13 is configured for receiving data from at least one of the at least one client computer 3, the server computer 5, and the communication infrastructure 7, the data being related to operational circumstances thereof and in accordance with a predetermined data parameter list. The processor 13 is also configured for preparing the data for dispatching, prior to dispatching the data to a remote data processing device 17 for further processing of the data. This is achieved by using automatic data transfer methods through for instance e-mail communication, FTP, SFTP, http, https, SNMP, SSH, or SSL methods. It is automatic in the way that the data is received from the at least one client computer 3 and the communication is automatically, according to content of the service agreement, transmitted to the remote data processing device 17. The dispatching of data communication is accommodated at at least one of predetermined time intervals and on predetermined events, i.e. in case a situation has occurred in the computer network that immediately needs attention, and then for instance an e-mail communication is sent indicating the occurred event. In one embodiment the data dispatching device 9 is constituted by the server computer 5. In order to increase the flexibility of a local monitoring agent located in each of the monitored systems; it is designed using several independent modules, each repsonsible for different tasks. For instance different communication modules are used depending on preferred communication protocol. Other modules are used for data collecting purposes and may be tailor designed and/or configured for each specific customer and customer needs in order to collect relevant data. In a preferred embodiment the local monitoring agent communicates using the SNMP protocol with a Server agent (data dispatching device) responsible for communicating with a central data processing device. Since the local monitoring agent complies to the SNMP standard (Simple Network Management Protocol) with a standard MIB (Management Information Base) interface also other management software may be able to acquire data from the local agent. However, the local monitoring agent delivers a refined data set upon an information request from the server agent, instead of sending a long list of parameters, where many of the parameters are not relevant, the local agent transmits exactly the requested data. For instance, upon a request about a disc volume usage, information about used disc volume presented in percentage is replied, instead of a long list including stored data volume, size of disc, serial number of disc, number of sectors, and so on. This reduces the communication size and is user friendly.
If the monitored system or systems complies to the standard SNMP protocol the server agent may acquire such data directly without the usage of local agents, however, if data not complying to SNMP standards is wanted a local agent may be used that handles the interface towards acquiring non standard SNMP related parameters.
The data dispatching device 9 is thus responsible for communicating data, using for instance e-mail communication, to a data processing device 17 for processing data related to a computer network. The data processing device 17 comprises a memory 19, a processor 21, and communication means 23. In order to ensure data integrity and compatibility between modules and units, configuration and collected data are interfaced using a predetermined interface format as specified by an interface specification 130. All modules communicating with each other use this format. If data is sent using this predetermined format the data processing device 17 and/or the data dispatching device 9 may understand the data and use the data in analysis or for configuration purposes. The processor of the data processing device 17 is configured for receiving data from a remote data dispatching device 9 for dispatching data related to the computer network 1, using the communication means 23 for receiving automatic communication. The processor 21 is further configured for generating an output by processing the data by at least one of:
A) relating the data to an alarm reference system, arranged in the memory, comprising conditions for generating an alarm, the concordance between the data and the alarm reference system defining the output; and
B) investigating the data, potentially in combination with previous data, resulting in an output of one or more indications of the operational circumstances.
For instance, the alarm reference system may comprise a limit related to hard disk usage, which, when exceeded, leads to an alarm being set causing the device 17 to automatically generate an output in the form of an e-mail communication. In case data is investigated, then an e- mail communication will be generated.
The processor 21 is further configured for indicating the output using the communication means to at least one of a cellular phone, using one of recorded voice messages, Short Message Service (SMS) and Multimedia Message Service (MMS); a computer by using e-mail communication; and a browser of a computer. These presentation options are indicated in Figure 1 by the numeral 25. Within the scope of the present invention, it is possible to use one of the presentation options, or two or all three. Depending on the service agreement and/or the alarm reference system, it is possible to direct certain messages to certain presentation means. For instance, in case an alarm is set the service agreement may indicate that an e-mail communication is to be generated and sent to the data processing device 17, which automatically responds by sending an SMS to a predetermined cell phone number. The output may be presented on any type of computational device with means for communication, a graphical user interface implemented, and display means. Among these devices one may mention workstations, laptops, servers, PDA's (Personal Digital Assistants), even a pager may be used.
The processor 21 is further configured for generating and communicating reports based on the output, i.e. the data processing device 17 is also arranged for assembling and interpreting data for subsequent communication to one or more presentation means 25.
In Figure 2 an embodiment of a probe data dispatching device 33 for dispatching probe data related to a probe 31 and a probe data processing device 45 for processing probe data related to a probe 31 is presented. There may be one or more probes. They must not be of the same type. In Figure 2, two non-limiting examples of probes 31 are presented: a thermometer and a hygrometer. In this embodiment a probe data dispatching device 33 for dispatching probe data related to a probe 31. Probe data is related to at least one of probe configuration, and basic system functionality. The probe data dispatching device 33 comprises a memory 35, a processor 37, and communication means 39. The processor 35 is configured for receiving probe data from the probe 31. The probe data is in accordance with a service agreement and related to operational circumstances of the probe 31. Also, the processor 35 is configured for preparing the probe data for dispatching, and dispatching the probe data to a remote probe data processing device, using for instance automatic e-mail communication. The dispatching is accommodated at at least one of predetermined time intervals and on predetermined events.
According to this embodiment, a probe data processing device 45 for processing probe data related to a probe 31 is presented. The probe data processing device 45 comprises a memory 47, a processor 49, and communication means 51. The processor 49 is configured for receiving probe data from a remote probe data dispatching device 33 for dispatching probe data related to the probe 31, using the communication means 51 for receiving for instance automatic e-mail communication. Also, the processor 49 is configured for generating an output by processing the probe data by at least one of:
A) relating the probe data to an alarm reference system, arranged in the memory, comprising conditions for generating an alarm, the concordance between the probe data and the alarm reference system defining the output; and
B) investigating the probe data, potentially in combination with previous probe data, resulting in an output of one or more indications of the operational circumstances;
Finally, the processor 49, is configured for indicating the output on a presentation means 53, such as, using the communication means 51, to at least one of a cellular phone, using one of recorded voice messages, Short Message Service (SMS) and Multimedia Message Service (MMS); a computer by using e- mail communication; and a browser of a computer. The output may be presented on any type of computational device with communication means, a graphical user interface implemented, and display means. Among these devices one may mention workstations, laptops, servers, PDA's (Personal Digital Assistants), and any other information carrier such as a pager may be used.
The processor 49 is further configured for generating and communicating reports based on the output, i.e. the probe data processing device 45 is also arranged for assembling and interpreting probe data for subsequent communication to one or more presentation means 53.
According to yet another embodiment, the data dispatching device (9, 33) and the data processing device (17, 45) comprise a number of blocks:
• Agents for collecting information about vital functions on the server.
• A client dispatcher for bundling information files and sending these client messages in the form of files to the data processing device (17, 45).
© A message handler for receiving client messages from clients and storing them into a database.
© An alarm handler for checking for immediate alarms.
• An analyser for calculating statistics over a time span and extrapolating these statistics to give a trend.
o A report handler for creating reports for alarms and statistics and sending reports to customers using the communication means (23, 51) and the presentation means (25, 53).
The sending of client messages is for instance in the XML format. However in order to ensure data integrity and compatibility, configuration and collected data is interfaced using a predetermined interface format. All modules communicating with each other use this format. If data is sent using this predetermined format the processing device 45 and/or the data dispatching device 33 may understand the data and use the data in analysis or for configuration purposes.
Now turning to the agents, the agents work in the client environment with collecting relevant system information. The agents consist mainly of standard SNMP agents but in some cases where SNMP is not sufficient for the task there will be specially designed agents implemented. Since the use of the SNMP standard among vendors is increasing and the number of MIB's, Management Information Base, is growing, the capabilities to collect relevant information from computer systems are automatically enhanced. Information is encoded in XML messages, however they may be oncoded with other systems, for instance html, ASCII or similar. Messages are included in a transaction and are sent to the data processing device on a regular basis. Agents are divided into the following modules.
• Configuration agents for collecting information about machine configuration
• Basic Package agents for collecting information about basic system functionality
• Net Surveillance agents for collecting information about critical networking
Agents for the major operating systems and major database suppliers may easily be incorporated. Connection to the data processing device may be established via SMTP, IMAP, ACAP, DSMP, FTP, SFTP, Telnet, http, https, SNMP, and/or direct socket communication like for instance SSH, or SSL, as long as the communication protocol is capable of moving data conforming to the predetermined interface format. Supplementary agents are developed with the standard tools in the operating system. Java clients may be used as a complement to the standard tools. Agents developed in other languages may be included as long as they conform to the XML message layout described in the Agent Developers Guide. The client side software is divided into four independent blocks:
• A collecting block for collecting information from the client
• An assembling block for assembling the data into an XML transaction
• A dispatching block for sending transactions to the data processing device
• A log keeping block for housekeeping in the client environment Set up and maintenance of agents may be performed via a web interface. It is possible to download, configure new and change existing agents via the web interface. The message handler is configured for receiving information from agents and storing the information in the data processingdevice. Receiving information may be supported by mailboxes, files and through socket connections. Mailbox connections may be used for clients working behind firewalls. Files connections are preferred for transporting large transactions. Socket is a fast two-way connection.
In figure 3 a schematic block diagram over a preferred system embodiment is illustrated. The system is built on a modular approach and all modules may be changed as long as modules comply with the standardized interface specification. For instance the communication modules 110 (all possible modules are not shown, only a subset are shown to illustrate the concept) may be using any protocol as long as they comply with the interface format 130. The communication modules may also be chosen in accordance with specific security policies at the site location of the dispatching device 9. The communication modules transmit data to a processing unit 17.
Different modules 120 (all possible modules are not shown, only a subset are shown to illustrate the concept) may be implemented for collecting data from devices under surveillance, these modules depend on installed operating systems (OS) on the devices. Each operating system dependent module 120 collects relevant data from different sources depending on OS and chosen parameters of interest.
The interface specification has been named "Checker" and states that the input, module and output must comply with specific formats. Input comply with the writeXML structure, the module must accept data, process the data and produce a result. The module is independent in action without any remote dependencies for the operation.
Configuration data has a default part and a checker part. The default part contains data shared by all checker modules. The checker part specifies modules to run, when to run and the output protocol for a module. It must be noted that data for a module is not part of the checkers interface. Data is passed to the correct module with a module depending part in the XML structure. A new module can dynamically be added to existing ones. Once added the modules become an integral part of the execution and share all data in the generated output.
Modules implements the function doCheck and doValidate, receives application data in the WriteXML data which is the technical name for the previously defined protocol and returns a WriteXML structure with added data. Somewhere in the chain of modules data are sent to the remote system by means of using a communication protocol.
In table 1 below an excerpt of the interface format specification is shown:
/* * Interface Checkers.java
*
*/ import stabilizer.WriteXML; public interface Checkers
{ public static final String id = "$Id$"; public boolean doValidate( CheckerData cd, WriteXML wx ) throws CheckerException; public WriteXML doCheck( CheckerData cd, WriteXML wx ) throws CheckerException;
Table 1.
Transactions are XML encoded for preferred data consistency and security.
Transactions can contain any number of messages. Transactions and messages can be set up with individual context sensitive responses. The message handler is configured for handling two types of alarms, immediate and process alarms. Immediate alarms are processed and reported to the presentation means (25, 53) without delays. Process alarms are based on statistical calculations, such as trend calculations. Process alarms are processed separately and are reported regularly to the presentation means (25, 53). Data from transactions is stored in a database in the data processing device. The message handler is configured for simultaneously using multiple databases that resides on different machines.
The alarm handler is configured for creating alarms. Alarms can be of the types: value, status, average value, balance, trend, or sequence. Value alarms are based on numeric values appearing outside a range. Status alarms are indicators that a certain event or status has occurred. Average values are the average of a number of values where the result falls outside a range. Balance alarms are issued when transactions are outside a range or the resulting balance on the account is too great or too small. Trend alarms are based on the number of days before a value will fall out of range, trend alarms are based on value oriented messages. Sequence alarms are issued when a sequence number falls out of a predefined order. The alarm handler consists of two parts, the immediate alarm handler and the process alarm handler. Input to the immediate alarm handler comes directly from the message handler and alarms directly when a value falls outside its limits or when a balance is out of range. The process alarm works independently with statistical analysis to detect trend alarms. The analysis works as a background process and creates and distributes alarms whenever they are detected.
In case the presentation means (25, 53) is a browser available on the internet, the web interface may comprise:
1. Home page with information.
2. On-line diagram. 3. Order reports, select content and sampling frequency.
4. Client, message and analysis set up.
5. Management reports.
However, these are not limiting examples, other presentation functions and variants may be possible.
Installation and updates of agents may be performed using web-based software.
The analyser is configured for detecting and predicting error conditions from regularly incoming data by performing statistical analysis of new and historical data. The analyser creates high level index indicators determining the client condition. One important feature is to limit the information flow by finding the relevant data.
Analysis data is messages with information about for instance value, status or account-handling. Value oriented data is typically time related values forming trends that allows the analyser to predict future events. Status oriented data indicates an event, e.g. a raid system that re-syncs. No data is lost, but a re- sync might indicate severe hardware problem if it happens too often and analyser therefore keeps track of such events. Account oriented alarms are indicating that a balance account is "out of credit". This alarm can be activated in the message handler or in the analyser. There are combinations of value and account analysis. A transaction may be limited both in size of the value and in the resulting balance. Trend analysis is based on regression analysis and pattern matching against specific curves, other trend calculations may be for instance average values, standard deviation, or Fast Fourier Transfom (FFT). It is possible to order trends for different time intervals. This is to show that different variants of advanced analysis of acquired data are done in the data processing device.
It is possible, in addition to the calculation part, to order and group diagrams. Data can also be extracted for an external presentation and further processing. As an example, the following analyses are included
• Service Level Agreement (SLA) Calculation
• Database optimisation
• Space saver
• Site optimisation • Network control
• Process control
Service level calculation is based on a limit in response time value from any number of linked messages. A response time within the limit indicates a service level of 1 meaning that the service level is satisfactorily (OK). A response time exceeding the limit is not satisfactorily (NOT OK) and is indicated by a service level of 0. The discrete time points when the response time is measured are connected with a selectable regression analysis. Selection are standard linear or curve fitting, other special adapted modules can be included. The service level is calculated under a time span. The time span can be freely selected within the range of available data. The time span is correlated with the number of discrete values giving the needed exactness for the regression analysis.
The calculation of service level may be defined as
SL = 100 * (service level time span - time with service level 0) / service level time span The example is based on one measuring point. When more points are measured they are selected as accumulative values. A total service level is calculated as the "bitwise and" of the individual curves.
SLtot = SLi and SL2 and SL3
Now turning to database optimisation, it is possible to read storage and memory parameters from the database in order to optimise according to the following parameters.
Extend the physical storage
Move index allocation between devices
Move I/O bottleneck between devices
Increase the shared memory
Increase the physical memory
Faster disks needed
Decrease number of simultaneous users
Now turning to saving space, a space saving analysis is configured for supervising the file structure and the file contents and suggests actions to save space. Incoming data is presented below.
Partition data with space allocation
2 Not allocated space. 3 File system data with name, location, access date and space 4 File system data with a unique key on each file for fast identification 5 Corrupt files detection 6 Temporary file detection 7 Files in structures detection
The result of the analysis is a catalogue including duplicate files, temporary files, not accessed files, large files listing, and not used space.
Now turning to the optimisation of a customer site, the module is configured for crawling through the data for a number of linked machines and tries to move load between the machines. Each try is evaluated and a better configuration is found it is suggested. The best suggestion is considered the optimum and is named "the optimal configuration". The calculation base consist of time related data and static configuration data. Time related data indicate the load, configuration data the capacity. The relation between the two is the performance. Below are a number of time related data parameters.
1. Calculation of available CPU / time unit of machines
2. Calculation of required CPU / time unit of machines
3. Calculation of available 10 / time unit of machines
4. Calculation of required 10 / time unit of machines
5. Calculation of available Gigabyte GB / time unit 6. Calculation of required Gigabyte GB / time unit
7. Actual processes in the machines.
8. Required processes in the machines.
9. Calculation of available byte/second / tdme unit of network
10. Calculation of required byte/second / time unit of machines
Configuration data parameters includes: Included machines, Operating system, Processor speed, Disk size, Disk IO capacity, and Network capacity.
An example of an output of an optimisation is presented in table 2 below.
Total CPU load requires 2 machines.
Total CPU load requires 3 machines.
Administration routines require 13 % of IO load
Administration routines require 5 % CPU load
Presentation of top CPU processes
Presentation of top IO processes
Utilization of IO can be better if a disk is moved
Machine A and B can be upsized
Swap memory needs to be extended, is ok or can be decreased.
Shared memory needs to be extended, is ok or can be decreased.
Disk size needs to be extended.
Disk IO needs to be extended.
Table 2.
Now turning to network optimisation, this is accomplished by reading the network data from the machine and there from for instance indicate "Network load on interface exceeds the limit" Now turning to process optimisation, this is accomplished by analysing the active processes and finding patterns in the behaviour. Input data may be process name and current CPU utilization and process name and current memory utilization. From this data, process CPU consumption, process time consumption, process should not run, and process missing are presented.
The report handler is responsible for the encoding of a message into the report format for a customer and to safely distribute the report on the correct channels to the destination. Reports can be encoded as html mail, text mail, SMS and
MMS messages. Apart from the specific encoding reports are always available on the web. The analyzer reports may be available in detailed, brief and management format. It is possible to select individual time intervals for -the different reports. Alarm reports from the alarm handler utilizes the report handler functionality of encoding for different channels and safe distribution
The following list shows examples of what the system may monitor today.
I. Utilization of disc volumes. 2. CPU usage.
3. Counting the number of active processes.
4. Status of RAID system.
5. Run queue statistics.
6. Page in operation. 7. Internal PING
8. Server uptime. Also used as a heartbeat indicator.
9. Number of user logged in.
10. Number of active x-sessions.
II. Total, free, shared and buffered memory. 12. Total and free swap memory.
13. Number of swap pages.
14. Record count from database tables.
15. etc.
The system may monitor both SNMP related parameters, which means that several hundred or thousand different parameters may be monitored in a windows environment for instance, and proprietary monitoring parameters using the module built architecture enabling customer specific measurements. Although the invention has been described in detail for the purpose of illustration, it is to be understood that such detail is solely for that purpose and that variations may be made therein by those skilled in the art without departing from the spirit and scope of the invention except as it may be limited by the claims.

Claims

1. In a computer network (1) comprising at least one network device under surveillance (5) and a communication infrastructure (7), a data dispatching device (9) for dispatching data related to the computer network (1), the data dispatching device (9) being associated with the at least one network device (5) via the communication infrastructure (7) and comprising a memory (11), a processor (13), communication means (15); the processor (13) being configured for: - aggregating data from at least one of the at least one network device (5), and the communication infrastructure (7), the data being related to operational circumstances thereof and in accordance with predetermined criteria;
- preparing the data for dispatching; and
- dispatching the data using a predetermined standard interface format to a remote data processing device (17), using automatic data communication, the dispatching being accommodated at at least one of predetermined time intervals and on predetermined events.
2. Device according to claim 1, wherein the data dispatching (9) device is constituted by the network device (5).
3. Device according to claim 1, wherein the standard interface format is an XML structure conforming to a predetermined specificaton.
4. A data processing device (17) for processing data related to a computer network (1), the data processing device (17) comprising a memory (19), a processor (21), communication means (23); the processor (21) being configured for:
- receiving data in a predetermined standard interface format from a remote aggregating data dispatching device (9) for dispatching data related to the computer network (1), using the communication means (23) for receiving automatic data communication;
- generating an output by processing the data by at least one of:
A) relating the data to an alarm reference system, arranged in the memory (19), comprising conditions for generating an alarm, the concordance between the data and the alarm reference system defining the output; and B) investigating the data, potentially in combination with previous data, resulting in an output of one or more indications of the operational circumstances; - indicating the output using communication means to a computational device with display means.
5. Device according to claim 4, wherein the processor (21) is further configured for generating reports based on the output.
6. Device according to claim 4, wherein the data is related to at least one of machine configuration, basic system functionality, and networking.
7. Device according to claim 4, wherein the standard interface format is an XML structure conforming to a predetermined specificaton.
8. A probe data dispatching device (33) for dispatching probe data related to at least one probe (31), the probe data dispatching device (33) comprising a memory (35), a processor (37), and communication means (39); the processor (37) being configured for: - aggregating probe data from at least one probe (31), the probe data being in accordance with predetermined criteria and related to operational circumstances of the probe (31);
-preparing the probe data for dispatching; and -dispatching the probe data using a predetermined standard interface format to a remote probe data processing device (45), using automatic data communication, the dispatching being accommodated at at least one of predetermined time intervals and on predetermined events.
9. A probe data processing device (45) for processing probe data related to a probe (31), the probe data processing device (45) comprising a memory (47), a processor (49), communication means (51); the processor (49) being configured for:
-receiving probe data in a predetermined standard interface format from a remote probe aggregating data dispatching device (33) for dispatching probe data related to the probe (31), using the communication means (51) for receiving automatic data communication; -generating an output by processing the probe data by at least one of: A) relating the probe data to an alarm reference system, arranged in the memory, comprising conditions for generating an alarm, the concordance between the probe data and the alarm reference system defining the output; and B) investigating the probe data, potentially in combination with previous probe data, resulting in an output of one or more indications of the operational circumstances;
-indicating the output using communication means to a computational device with display means.
10. Device according to claim 9, wherein the processor (49) is further configured for generating reports based on the output.
11. Device according to claim 9, wherein the probe data is related to at least one of probe configuration, and basic system functionality.
12. A method for obtaining data indicating operational circumstances of network components in a first network (1) comprising the steps of:
- acquiring and aggregating data from at least one process under surveillance; - preparing said process data according to a predetermined specification of a standard interface format;
- using communication software or hardware modules (23) implementing said specification of interface format;
- transmitting said process data using said communication modules (23), prepared for transmitting data from the first network (1) to a second network in accordance with security policies for the first network (1);
- receiving said process data at the second network;
- processing said process data according to at least one of relating process data to an alarm reference system and investigating operational circumstances; and - indicating results from said processing of said process data.
13. The method according to claim 12, wherein said communication modules (23) operate according to at least one of the following communication protocols: SMTP (Simple Mail Transfer Protocol), POP (Post Office Protocol), IMAP (Internet Message Access Protocol), ACAP (Application Configuration Access Protocol), DSMP (Distributed Mail System Protocol), FTP (File Transfer Protocol), SFTP (Secure File Transfer Protocol), telnet, http (HyperText Transfer Protocol), https (HyperText Transfer Protocol secure), SNMP (Simple Network Management Protocol), SSL (Secure Shell), and/or SSH (Secure Sockets Layer).
14. The method according to claim 12, wherein said standard interface format is an XML structure conforming to a predetermined specification.
15. A system for data communication network surveillance comprising a data dispatching device (9), a data processing device (9), and communication means (23) there between; the data dispatching device (9) is operationally arranged to: - acquire and aggregate data from at least one process under surveillance located in a first network (1);
- prepare said process data according to a predetermined specification of a standard interface format;
- transmit said process data using a communication module (23), prepared for transmitting data from the first network (1) to a second network in accordance with security policies for the first network (1); and said data processing device (17) is operationally arranged to:
- receive said process data from at least one data dispatching device;
- process said process data according to at least one of relating process data to an alarm reference system and investigating operational circumstances; and
- indicate results from said processing of said process data.
16. The system according to claim 15, wherein said communication module uses at least one of SMTP (Simple Mail Transfer Protocol), POP (Post Office Protocol),
IMAP (Internet Message Access Protocol), ACAP (Application Configuration Access Protocol), DSMP (Distributed Mail System Protocol), FTP (File Transfer Protocol), SFTP (Secure File Transfer Protocol), telnet, http (HyperText Transfer Protocol), https (HyperText Transfer Protocol secure), SNMP (Simple Network Management Protocol), SSL (Secure Shell), and/or SSH (Secure Sockets Layer), pro toco Is;
17. The system according to claim 15, wherein said data dispatching device is located as an instruction set in a network component under surveillance.
18. The system according to claim 15, wherein said data dispatching device (9) acquires process data from monitoring agents located as instructions sets in network components under surveillance.
19. The system according to claim 18, wherein said monitoring agent complies to the SNMP (Simple Network Management Protocol) standard.
20. The system according to claim 15, wherein said standard interface format is an XML (extensible Markup Language) structure conforming to a predetermined specification.
PCT/SE2004/000029 2003-01-13 2004-01-13 A data dispatching device for dispatching data and a data processing device for processing device for processing received data Ceased WO2004079574A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SE0300054-4 2003-01-13
SE0300054A SE0300054D0 (en) 2003-01-13 2003-01-13 A data dispatching device for dispatching data and a data processing device for processing received data

Publications (1)

Publication Number Publication Date
WO2004079574A1 true WO2004079574A1 (en) 2004-09-16

Family

ID=20290100

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2004/000029 Ceased WO2004079574A1 (en) 2003-01-13 2004-01-13 A data dispatching device for dispatching data and a data processing device for processing device for processing received data

Country Status (2)

Country Link
SE (1) SE0300054D0 (en)
WO (1) WO2004079574A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102006058828A1 (en) * 2006-12-13 2008-06-19 Fujitsu Siemens Computers Gmbh System for transmission of status information of computer, has mobile unit with reception device and display unit and is arranged to receive transmitted radio signals from transmission device and displays information on display unit
CN102406500A (en) * 2011-11-09 2012-04-11 西安理邦科学仪器有限公司 RIA (Rich Internet Applications)-based monitoring method and system

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4821267A (en) * 1986-04-11 1989-04-11 Siemens Aktiengesellschaft Monitoring apparatus for monitoring the operating condition of transmission facilities of communications transmission technology
WO1999015950A1 (en) * 1997-09-26 1999-04-01 Ditmer Christine M Integrated proxy interface for web based alarm management tools
WO2000036412A1 (en) * 1998-12-17 2000-06-22 Perlorica, Inc. Method for monitoring advanced separation and/or ion exchange processes
EP1113366A2 (en) * 1999-12-15 2001-07-04 General Electric Company Email remote notification of machine diagnostic information
US20010013008A1 (en) * 1998-02-27 2001-08-09 Anthony C. Waclawski System and method for extracting and forecasting computing resource data such as cpu consumption using autoregressive methodology
US20020046246A1 (en) * 2000-04-19 2002-04-18 Wright Peter Michael Electronic communications in intelligent electronic devices
US20020087882A1 (en) * 2000-03-16 2002-07-04 Bruce Schneier Mehtod and system for dynamic network intrusion monitoring detection and response
US20020169871A1 (en) * 2001-05-11 2002-11-14 Cravo De Almeida Marcio Remote monitoring

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4821267A (en) * 1986-04-11 1989-04-11 Siemens Aktiengesellschaft Monitoring apparatus for monitoring the operating condition of transmission facilities of communications transmission technology
WO1999015950A1 (en) * 1997-09-26 1999-04-01 Ditmer Christine M Integrated proxy interface for web based alarm management tools
US20010013008A1 (en) * 1998-02-27 2001-08-09 Anthony C. Waclawski System and method for extracting and forecasting computing resource data such as cpu consumption using autoregressive methodology
WO2000036412A1 (en) * 1998-12-17 2000-06-22 Perlorica, Inc. Method for monitoring advanced separation and/or ion exchange processes
EP1113366A2 (en) * 1999-12-15 2001-07-04 General Electric Company Email remote notification of machine diagnostic information
US20020087882A1 (en) * 2000-03-16 2002-07-04 Bruce Schneier Mehtod and system for dynamic network intrusion monitoring detection and response
US20020046246A1 (en) * 2000-04-19 2002-04-18 Wright Peter Michael Electronic communications in intelligent electronic devices
US20020169871A1 (en) * 2001-05-11 2002-11-14 Cravo De Almeida Marcio Remote monitoring

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102006058828A1 (en) * 2006-12-13 2008-06-19 Fujitsu Siemens Computers Gmbh System for transmission of status information of computer, has mobile unit with reception device and display unit and is arranged to receive transmitted radio signals from transmission device and displays information on display unit
CN102406500A (en) * 2011-11-09 2012-04-11 西安理邦科学仪器有限公司 RIA (Rich Internet Applications)-based monitoring method and system

Also Published As

Publication number Publication date
SE0300054D0 (en) 2003-01-13

Similar Documents

Publication Publication Date Title
JP5571847B2 (en) Anomaly detection system that detects anomalies in multiple control systems
CN101707632A (en) Method for dynamically monitoring performance of server cluster and alarming real-timely
US20140245451A1 (en) System and method for managing industrial processes
CN106487574A (en) Automatic operating safeguards monitoring system
CN107104840A (en) A kind of daily record monitoring method, apparatus and system
CN107943668A (en) Computer server cluster daily record monitoring method and monitor supervision platform
WO2022035454A1 (en) Opentelemetry security extensions
CN108234199A (en) Monitoring method, apparatus and system based on Kafka
Sukhija et al. Event management and monitoring framework for hpc environments using servicenow and prometheus
CN113342619A (en) Log monitoring method and system, electronic device and readable medium
CN117391261B (en) AI intelligent water service system of internet of things based on low-power consumption ultrasonic measurement
CN112039701A (en) Interface call monitoring method, device, equipment and storage medium
CN114116429A (en) Abnormal log collection method, device, equipment, medium and product
CN112327777A (en) Data acquisition system and method
US20250133105A1 (en) Opentelemetry Security Systems and Methods
CN102779086B (en) Monitor evaluating apparatus and monitor evaluation methodology
CN114817339B (en) Water quality monitoring method and system for multiple water areas, storage medium and electronic equipment
WO2004079574A1 (en) A data dispatching device for dispatching data and a data processing device for processing device for processing received data
CN101677278A (en) Method and system for monitoring availability of network information system
CN113794719B (en) Network abnormal traffic analysis method and device based on elastic search technology and electronic equipment
CN106534162A (en) Server temperature monitoring system and method based on remote management communication protocol
CN115499288A (en) Business monitoring method, device, equipment and medium
CN110708286A (en) Supervision system for testing internet
CN117614853A (en) Alarm monitoring method, system, equipment and medium in cloud primary environment
Namee et al. Integration of Cloud Computing with Internet of Things for Network Management and Performance Monitoring

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase