So VMware picked up a product called Log Insight (from a company called Pattern Insight) today, another in their recent run of acquisitions.  What makes this acquisition interesting is the tacit acknowledgement that management can’t be done using data only extracted from the vSphere API.  Historically VMware and others have focused their data center management approach on the VM, host, network, and storage data available through the API, but anyone who’s managed an IT environment knows that’s like running a race with one arm tied behind your back.

 

SolarWinds has long believed that managing a data center environment is about collecting and correlating data from many sources, from the storage arrays, from the hosts, from network devices, and the application components themselves.  Sometimes you gather this data via logs, other times via direct APIs and where you have common bottlenecks you build management applications around the problem.  For example if you have a real cloud data center environment you know that from time to time you may run into I/O bottlenecks.  These may be at the host, or the array controller or at the disk, and when troubleshooting storage I/O issues it’s beneficial to have management software that can map the path from the VM all the way to the spindle.


On the log management side the problems tend to be more about looking for the needle in the haystack and the reality is that’s hard.  Log’s tend to be machine friendly but not user friendly, but often when you find a problem you want to make sure that problem either doesn’t happen again or you’re notified and you can run corrective action before it spirals out of control.  In dynamic data center environments waiting for a log management system that’s going to collect data, write it to a database, then run its alert and rules engine, and then send an alert without taking any automated action is like waiting an eternity.  Real-time log analysis and response is the right approach to tackling this problem – event log correlation happens in memory and the log management system can execute automated actions and then notify you of the problem and actions taken.


So it’s great to see VMware get in the game – operations is definitely about more than the data in the vSphere sandbox, and I know I didn’t need to tell all of you that.