The old approach of getting auditors what they needed could consume as much as three to five days of his senior engineers' time, says O'Neill. "Since most of these audit questions are really almost inventory questions, I said, 'Let's have a machine answer those questions.' We don't need a bunch of my senior engineers doing it. That's too damned expensive," he explains.
The product Boise State is using, nLayers Inc.'s InSight appliance, can, for instance, show whether backups are happening as expected, whether a sensitive system is open to access by other servers when it shouldn't be, or if there's an unauthorized desktop that has found a back door into a student-records database server.
"You think you're the only one serving an application, but guess what -- someone else is serving it too. Or there's superfluous data moving around on the network. Or you've got folks accessing [Internet] sites they shouldn't be," says O'Neill.
Boise State uses Packeteer Inc.'s PacketShaper to make network traffic visible, but it doesn't show what that traffic represents in terms of applications, locations and other specifics. The mapping tool gives O'Neill access to that intelligence.
The need to know
Like O'Neill, IT managers at large corporations are increasingly concerned with tracking the continuous changes to their IT environments. They must be able to provide up-to-date information about their systems to internal and external auditors and quickly pinpoint problems in critical applications. And they can't to plan for the future growth of the IT infrastructure unless they have full knowledge of the existing applications and their interdependencies.
Given that most large organizations are supporting dozens -- sometimes hundreds -- of applications across global networks, it's nearly impossible to keep a real-time record of the IT enterprise. That's why application- discovery and -mapping technologies are gaining ground in corporate IT shops. Unlike network monitoring tools or mapping tools that focus on finding hardware, application mapping is primarily concerned with software components and their relationships, though the tools may also include hardware information as it pertains to an application.
For instance, application mapping can be very useful for IT architects who want an accurate inventory and diagram of the IT infrastructure so they can model future enhancements. Without a discovery capability, architects must manually input the information, which can result in errors as well as a static diagram that soon becomes outdated. Some architecture-modeling tools, such as those offered by Troux Technologies Inc. and Telelogic AB, are able to import architecture data from other vendors' mapping tools.
"We're seeing alliances between modeling tools and operational tools," says Gartner Inc. analyst Robert Handler. He notes that many organizations unwittingly have many redundant or just plain unnecessary applications.
"As much as 30 percent of IT budgets are spent on the support of applications that shouldn't have been approved in the first place," Handler says.
Automated discovery and mapping tools can help with application monitoring and configuration management tasks, he says. Increasingly, mapping functions are being merged into larger product sets, such as system monitoring and management suites, or configuration management applications.
Quixtar Inc., an online retailer of beauty and nutrition products, bought Mercury Interactive Corp.'s Business Availability Center to consolidate its numerous monitoring consoles and better diagnose problems with its Windows .Net- and IBM WebSphere-based infrastructure. The product includes diagnostic tools, a configuration management database, service-level management and the Mercury Application Mapping (MAM) tool.
Greg Robinson, Quixtar's senior systems support specialist, says he experienced only two problems during installation. One involved the installation of a MAM agent on an application outside the firewall. The other challenge was figuring out which types of data Quixtar wanted to collect. "At first, I was overwhelmed with the amount of information," Robinson says.
The tool provides a way to create different views of the infrastructure and systems, depending on the role or need of the user. "We can slice and dice the view of the dashboard and create different views with differing levels of complexity," says Steve Keselring, manager of IT infrastructure at Ada, Mich.-based Quixtar.
Mapping tools also help developers and operations staff to identify problematic changes to applications. Liberty Mutual Group Inc., a Boston-based global insurance company, began using Mercury's MAM product a year ago in order to get a better handle on configuration changes.
"A lot of developers have access to the production environment, and they may want to change something they believe is basic, like a data file, so they don't bother to open a change ticket. Then the next time someone needs to make an authorized change, they have the wrong information about the configuration," says Stephen Wrenn, senior director of IT service management at Liberty Mutual. "In many companies, 50 percent to 60 percent of outages are caused by changes."
Wrenn's team has just started using MAM to run comparisons between change tickets and actual changes to more than 40 applications. Prior to using a mapping tool, he says, his company relied on manual diagrams based on staff knowledge of the systems. Identifying Requirements
Organizations often have multiple needs for a mapping tool. Boise State University is expanding its use of nLayer software into two additional areas: monitoring application access and traffic over the network, and tracking software license usage.
ING Investment Management, an international banking and asset management company with U.S. headquarters in Atlanta, is leveraging mapping information for three key uses. The mapping data is used by the company's IT architects, help desk support staff and operational IT staff to troubleshoot major systems, says Vincent Moriarty, assistant vice president of technology management. ING has a primarily Windows-based environment. It gathers software and hardware configuration data via Microsoft Corp.'s Systems Management Server (SMS) and feeds it via custom automated interfaces into Infra Corp.'s help desk application and Telelogic's System Architect modeling tool. System Architect enhances the data from SMS using its own templates to add descriptive information on application and database relationships, says Moriarty.
"By getting information on the applications that we have, and on the relationships between them, we're able to understand how a new vendor package might fit into that environment," he says. ING uses the mapping information with System Architect to model about two-dozen software initiatives annually, says Moriarty.
At the help desk, having client configuration data on hand makes helping users faster and less frustrating. "Without it, we would either need a large manual effort to collect that information in advance, or the help desk technician would have to ask a lot of questions each time a user calls," says Moriarty.
The mapping data also helps ING pinpoint problems with its servers. For example, the company recently identified the cause of the failure of a scheduling agent on a server at its Hartford, Conn., data center. It had been inadvertently configured to act as a forwarding agent for data flowing between the Atlanta and Denver offices and was overwhelmed with traffic. Without autodiscovery and mapping, much greater effort would have been needed to solve the problem, says Moriarty.
"Before, we would have to put network monitoring equipment on the data lines in and out of our data centers and track the transmissions at a very fine level of detail to identify where they're coming from, the nature of the transmissions and the volumes," he says. "This is just more efficient."
Application-mapping tools have similar purposes, but they differ in how they detect applications. Another differentiator is how many common commercial applications, such as Oracle Financials or Microsoft Exchange, they can map quickly via templates or blueprints of the applications' main components.
"The real differentiator is how well they pick up application stuff, and that's a factor of how many blueprints they have," says Gartner analyst Ronni Colville.
They also differ in whether they use agents to collect information or use agentless technologies.
While demand for mapping tools will no doubt grow, Colville expects stand-alone products to disappear by 2008 as they are merged into other products such as application monitoring, IT asset management and configuration management suites. She notes that there has been a series of recent acquisitions of mapping vendors. For example, IBM bought Collation, Mercury acquired Appilog Inc. and Symantec Corp. purchased Relicore Inc.
"They're all getting gobbled up," Colville says. Nevertheless, she adds, "it's still a good value, and I think clients should buy it. A lot of data centers have no idea what's there.... They're not ready for compliance initiatives. These tools, because they can discover in mostly real time what's out there, offer a really big advantage."
Sidebar
The agent debate
Application-mapping tools can work either as agent-based or agentless software. Increasingly, products offer both options. Agentless products do not install anything on other servers and clients and instead rely on polling or network traffic sniffing to locate application components. They may collect data via ODBC, Telnet, Secure Shell, Windows Management Instrumentation, SNMP or FTP.
Agent-based discovery tools, on the other hand, install agents on each server to gather information and send updates to the mapping application. That can be problematic in large organizations if one unit doesn't want another unit's IT department to install the agents on its servers. But agents are capable of gathering more detailed data on an application and can send updates whenever there is a change -- not just when polled by the server.
Investment banking firm JPMorgan Chase & Co. is using Symantec 's Relicore product with agents specifically for its real-time capabilities. "The agentless ones we've seen all do polling at designated times. We need to know right away if there is a change," says Kurt Hansel, assistant vice president for quality assurance infrastructure at JPMorgan.
Gartner analyst Ronni Colville explains, "Some people are afraid of security issues with agents. And data center folks are afraid of overutilization. But at the end of the day, if you want to understand in-depth changes with an application or on a server, you need an agent."
Sidebar
Why app mapping?
There are three primary uses for IT application-mapping tools:
Documenting the existing application infrastructure for auditors and compliance purposes.
Building a view of the IT infrastructure for impact analysis and root-cause analysis.
Determining the actual, versus supposed, configurations of software and services.
Source: Gartner Inc., Stamford, Conn.
Hildreth is a freelance IT writer based in Waltham, Mass. She can be reached at Sue.Hildreth@comcast.net.