AIOps

In this blog post, I briefly highlight some of the new features (officially supported and technology previews) introduced in the latest major release of IBM Cloud Pak for AIOps (CP4AIOps), v4.1.

Grouping of topology resources

We listened to our customers and CP4AIOps v4.1 provides the capability to refer to a collection of topology nodes (i.e., resource groups) as either an Application or a Service. Prior to this release, users could only use the term Application to do so. A topology resource group in CP4AIOps embodies software that is responsible for a main task in response to business and/or technical requirements. Though from a functionality perspective, there is no difference between Applications and Services in CP4AIOps, these two terms conceptually represent two different constructs. Telecoms usually use the term Service to refer to groups of interconnected and related components (e.g. switches, routers, firewalls, load balancers, etc.) that exclusively support the operation of networking and data communications, while the term Application is commonly used to refer to components that satisfy the tangible needs of end-users (different than, say, moving packets of data from one network to another).

Stories are now Incidents

The term Incident is now used to refer to the grouping of related events under one single cohesive notification. An Incident provides a holistic view of related alerts and outlines the alert(s) which has been identified as the most relevant and as the probable cause for the problem at hand. An Incident also includes added insights (such as metric and log anomalies) along with contextual information and automated recipes (i.e., Runbooks) to address the identified problem.

REST APIs for incidents an alerts management

New REST APIs in this release allow for the programmatic implementation of external programs that can query, update, and create alerts in CP4AIOps. Similar REST APIs are also available for management of incidents. For further details, see IBM Cloud Pak for AIOps Issue Resolution API (please note that some of these APIs are officially supported, while some are technology previews as of now).

Multi-zone OpenShift cluster deployment for high availability

From a redundancy perspective, you can “stretch” a single OpenShift cluster across multiple data centers within a single region. The use of a multi-zone deployment architecture for CP4AIOps is available now as a technology preview. Day-to-day operations of a multi-zone OpenShift cluster are not that different from a cluster in single zone, since a multi-zone cluster is treated as a single cluster. A multi-zone cluster has its worker nodes spread across multiple availability zones within a single region (typically within a single city). When CP4AIOps is deployed across multiple data centers, the deployment process spreads replicas of CP4AIOps components across nodes in the multiple zones, thus providing additional availability capabilities (e.g., if one zone goes down, CP4AIOps should still remain operational).

New integrations and automation capabilities

• Generic webhook connector for ingestion of events. The CP4AIOps console provides a new user interface for defining webhook connections for ingesting event data, which opens the door for seamlessly consuming events from data sources that support webhook integrations.
• Probe and observer components for ingesting event and topology data, respectively, from Datadog (though note that both of these components are technology previews in this release).
• A new Netcool/Impact integration, which allows CP4AIOps invoke remotely hosted Impact policies. Using this new integration you could, for example, leverage an existing Impact policy for emailing users or notifying downstream tools or systems when certain alerts are seen. You could also invoke Impact policies as a way to enrich alerts and send those back to CP4AIOps. This new integration along with the previously available Netcool connector allow customers extend their existing Netcool installations with the advanced AI and analytics capabilities in CP4AIOps.
• Launch-out capability to navigate from the CP4AIOps UI to external sites. This is known as a client-side action since it runs within the browser’s context. While defining a client-side action you specify a base a URL and optional parameters that are to be part of the final URL built at runtime. The values for these optional parameters can come from alert properties such as hostname, location, resource name, IP address, etc.

Seasonability

An alert that is known to re-occur around the same time window (e.g., a certain day of the week, a certain time of the day, etc.) is known as a seasonal alert. Such alerts are clearly highlighted in the Alert Viewer in the CP4AIOps UI. Further details for a seasonal alert, such as the seasonal time windows and a list of the historical instances of the alert are available as well for more explainability (you can think of this as a calendar view of the alert’s historical instances).

Tabular views for topology

Having a table representation of topology data is very useful for dense interconnected topologies. In certain cases, the membership of the resource group is more relevant than the graphical representation of it. Also, in some situations a tabular view is just easier to consume and much more more performant than attempting to visualize very large topologies in a directed graph.

New options and filtering capabilities for alerts

• Though filtering capabilities for alerts is not a new feature, what is new is that you can create personalized filter conditions using alert properties. And these bespoke filters can then be saved, updated, and shared with other users of CP4AIOps. This new persistent capability for filters enhances collaboration between users and simplifies the effort for reviewing and understanding reported alerts.
• You can now use the right-click context menu to apply a quick filter to display alerts that match a selected criteria. For example, you can quickly display only those alerts that occurred on the same resource.
• You can now personalize the right-click menu items in the Alert Viewer table:
  - Decide which menu items are hidden or visible.
  - The arrangement (order) of menu items within the menu.
  - Use dividers for grouping related menu items with dividers.
• Users now have the option to apply a different color background for each severity level, thus controlling how alert severity is depicted in the Alert Viewer table.

Our Solution Engineering team at IBM Technology Expert Labs is excited to continue working with customers on the adoption of CP4AIOps. We help customers define the architectural deployment for CP4AIOps and identify the integrations with their existing monitoring and observability tools. By leveraging CP4AIOps, organizations can minimize disruptions and outages in their IT environments and resolve IT problems quickly when they do occur. Users can save significant time in detecting and remediating incidents with the advanced AI and analytics capabilities in CP4AIOps. For information on additional new capabilities and features in this latest release of CP4AIOps, please take a look at the release notes.