IBM Cloud Pak for AIOps architecture
IBM Cloud Pak® for AIOps combines a set of capabilities to provide a single solution that facilitates predicting, communicating, and resolving events before they become serious problems.
The following sections illustrate how these capabilities come together in IBM Cloud Pak for AIOps:
Features and Capabilities
IBM Cloud Pak for AIOps is installed on Red Hat® OpenShift® Container Platform or Linux®. For more information about the supported platform versions, see the following topics:
- Supported Red Hat OpenShift Container Platform versions
- Planning an installation of IBM Cloud Pak for AIOps on Linux®
When installed, IBM Cloud Pak for AIOps includes access to the IBM Cloud Pak for AIOps console. This UI is a web-based application for accessing features and capabilities for IBM Cloud Paks, such as IBM Cloud Pak for AIOps. If you have multiple IBM Cloud Paks that are installed in the same environment, you can switch between working with each IBM Cloud Pak from this single UI.
Installing IBM Cloud Pak for AIOps gives you access to the following features and capabilities:
- AI modeling
- Applications
- Change risk
- Data ingestion
- Event grouping
- Log anomaly detection
- Metric anomaly detection
- Resolution automation (Runbooks, Policies, Actions)
- Similar incident comparison
- Incident management
- Topology
For more information about these features and capabilities, see features and capabilities.
Deployment architecture
The IBM Cloud Pak for AIOps deployment model requires a deployment on a Red Hat OpenShift Container Platform or Linux cluster. Data sources are configured with it for events, topology, metrics, and logs.
An IBM Cloud Pak for AIOps deployment can resemble the following diagrams. This diagram shows optional IBM Tivoli Network Manager and IBM Tivoli Netcool/Impact integrations.
This diagram shows the architecture without Netcool components.
From these base deployments, there are typically two deployment patterns:
- You have Netcool components and want to reuse them with IBM Cloud Pak for AIOps.
- You have no Netcool components to reuse.
In the case where existing Netcool components exist, you can connect to them similar to how you can connect to other data sources through an integration. In this case, you would use the Netcool integration. This integration allows IBM Cloud Pak for AIOps to receive all the events in the IBM Tivoli Netcool/OMNIbus components (typically deployed on VMs).
Notes:
-
A separate Netcool integration must be set up for each Aggregation ObjectServer pair that is present. The IBM Cloud Pak for AIOps schema must be normalized by using the mapping in the Netcool integration.
-
Events flowing through integrations to IBM Cloud Pak for AIOps, aside from events that are sent through the Netcool integration, do not flow back to IBM Tivoli Netcool/OMNIbus. To handle custom enrichments or logic, use a IBM Tivoli Netcool/Impact integration with IBM Cloud Pak for AIOps.
-
Event archiving to the REPORTER database can be done either directly from IBM Tivoli Netcool/OMNIbus, or by using IBM Cloud Pak for AIOps to feed events to IBM Tivoli Netcool/Impact. This process inserts the events into the event archive directly.
-
Where IBM Tivoli Network Manager is present, it must be deployed in a resilient manner and connected to a IBM Tivoli Netcool/OMNIbus ObjectServer. This requirement is because IBM Tivoli Network Manager connects to IBM Tivoli Netcool/OMNIbus in two ways:
- The IBM Tivoli Network Manager Gateway reads events from IBM Tivoli Netcool/OMNIbus and does root cause analysis and enriches them with topology metadata.
- The IBM Tivoli Network Manager Probe sends events to the ObjectServer.
It is more efficient to continue to connect IBM Tivoli Network Manager through a IBM Tivoli Netcool/OMNIbus integration as any events it generates flows into IBM Cloud Pak for AIOps.
-
Any custom integrations, automations, or workflows that are done by using IBM Tivoli Netcool/Impact can either be automatically initiated from the IBM Tivoli Netcool/OMNIbus Aggregation ObjectServer pair by using an Event Reader, or from IBM Cloud Pak for AIOps directly by using the IBM Tivoli Netcool/Impact integration.
Data flow architecture
IBM Cloud Pak for AIOps consists of many interconnected components. The following diagram shows an example of these interconnected components:
The main workflow is the ingestion of events. Events are ingested from various sources, such as through integrations and Netcool probes. These events proceed through the event lifecycle, where de-duplication, suppression, correlation, incident creation, and many more insights and contexts are added. The resulting alerts and incidents are available to IT Operators through the IBM Cloud Pak for AIOps console, ChatOps, ITSM (ServiceNow) and APIs. In addition, the lifecycle incorporates automation through Runbooks to augment the alert or incident with additional diagnosis or attempts to automatically remediate the incident.
The next workflow brings in topology from the different observers of the estate. Topology merges these topology resources into a holistic view. It augments the topology with the observed events, as well as contributes to the context of alerts and incident and to insights. For example, underpinning the topological correlation and probable cause algorithms.
Both logs and metrics are brought in to provide more insights. They are analyzed for anomalies, which are then correlated into the incidents hence contributing to the full picture.
Finally, tickets are optionally created for the incidents to serve as a record of the incident. Resolved tickets are then ingested to provide context of similar occurrences in the past through similar tickets, and to convey the risk of a change request.
Extensibility architecture
IBM Cloud Pak for AIOps is highly extensible and customizable. IBM Cloud Pak for AIOps can include integrations for many of the popular data sources, events, metrics, logs, topology, and tickets. In addition to these default integrations, support is included for integrating with custom data sources, topology observers, and Netcool probes.
IBM Cloud Pak for AIOps supports a rich set of APIs allowing widespread integration. These APIs include retrieving and updating alerts, incidents, metrics, runbooks. For more information about API section, see APIs.
-
For custom integrations without coding, IBM Cloud Pak for AIOps supports the use of webhook APIs for logs and events, the use of Kafka for logs and events, and the use of file-based integrations for topology. Custom metrics can be provided by using the metrics REST API.
-
For building custom integrations with coding, IBM Cloud Pak for AIOps provides an SDK. This SDK supports custom user experience so that your custom integrations appear within the Cloud Pak for AIOps console integrations catalog. This SDK supports creating integrations for custom events, topology, logs, and tickets. In addition to ingesting tickets from custom ITSMs, the IBM Cloud Pak for AIOps SDK also supports ticket creation.
IBM Cloud Pak for AIOps also supports customizing the lifecycle of an event by using policies, which govern de-duplication, suppression, correlation, and incident creation. The policies can also be used to integrate with custom logic and enrichments by using IBM Tivoli Netcool/Impact. IBM Tivoli Netcool/Impact allows custom logic to be applied to a set of alerts or incidents. This logic can update the alert or incident itself, or run any logic based on the alert or incident. Runbooks can be associated with a defined set of alerts or incidents. These runbooks support custom logic run over SSH, REST or Ansible, and can be either manually or automatically run.
The detailed extensibility architecture resembles the following diagram: