Introducing IBM Tivoli Netcool / OMNIbus

Greetings, Habrahabr!
I continue to introduce you to IBM products for monitoring the state of IT infrastructure.
In my last article, I talked about ITM - a system for monitoring servers and applications.
Today we will talk about ITNO (IBM Tivoli Netcool / OMNIbus) - an event information processing system.
We will consider the architecture of the product and its main features.
If you are eager to learn about ITNO - welcome to habrakat.

Architecture.

I suggest starting with a review of the solution architecture.
As I already mentioned, ITNO is an event information processing system that processes and consolidates data from monitoring and control systems.

Architecture of IBM Tivoli Netcool / OMNIbus


The main element of ITNO is ObjectServer, which is a database located in main memory, which ensures high speed of the system. If the server crashes, the database will not suffer due to the mechanism for creating control points (saving the database and change logs at the file level). ObjectServer is a central repository of event information and is accessible through the GUI or CLI. All actions with it can be performed using SQL.

Representation.

You can work with events through the desktop version of the client to ObjectServer, as well as through a web browser using the Web GUI view server integrated in the Tivoli Integrated Portal.

List of active events


The view is configured using filters that indicate which events will be displayed and views that are responsible for displaying selected columns from the ObjectServer.

Filter Creation Interface

Automation.

It is possible to perform automatic reactions and enrichment of events using ITNO tools. These functions are implemented using triggers, which are program code executed in three cases:
- receipt of a new event in the system;
- timer operation;
- reaction to the internal signal ObjectServer.
Triggers play an important role in the functioning of the event processing server. They built the work of ITNO and implemented such fundamental mechanisms as deduplication and correlation.

Trigger


Management Interface The ITNO components are controlled by the Process Agent (PA) utility. With PA, you can start / stop ITNO components both locally and remotely.
Also important components of the architecture are samples and gateways, which will be discussed later.

Integration.

It is not difficult to draw a conclusion about why samples and gateways are needed after reading the section name. That's right, then we will talk about integration with third-party systems.
Most of the event information comes to the ObjectServer from the samples. The sample brings information from data sources to a general view and transfers it as an event to ITNO. At the moment, there are more than three hundred types of samples, which allows you to integrate with most systems. An important feature of the samples is the ability to enrich the event using lookup files. As an example of the use of samples, you can consider the option of integrating the ITM monitoring system with ITNO: when a situation occurs in the monitoring system, the data is transferred to the EIF sample, which in turn processes them and transfers it to ITNO.
Let's move on to examining samples for gateways. Their main function is to transfer data from ObjectServer to other systems. The most relevant example is integration with Service Desk. Another common use case is to implement a fault tolerant architecture in which gateways are used to replicate event information. Using gateways, both single-sided (unidirectional gateway) and bidirectional gateway integration are possible.

Conclusion

In my short article, I tried to provide basic information about ITNO, without going into details of the implementation of all functions. This material will help the reader to understand the principle of the system and to form an idea of ​​the IBM product under consideration.
Summing up the article, I would like to characterize ITNO as not the cheapest, but at the same time the most flexible, extensible and fast system for processing event information.