Method and system for event impact analysis

US 8,296,412 B2
Filed: 01/13/2004
Issued: 10/23/2012
Est. Priority Date: 01/03/2000
Status: Active Grant

First Claim

Patent Images

1. A method for handling network events generated in a network in an enterprise, the method comprising:

detecting at least one of a plurality of network events;

collecting at least one of the plurality of network events by an event server, wherein the plurality of network events have event states;

executing, using at least one computing device, a first action node of an action tree in response to the network event, the action tree including a plurality of action nodes, each of the plurality of action nodes includes an action and a decision, and the plurality of action nodes are organized in a hierarchy based on relationships between enterprise-related data objects, the relationships defined by at least one data impact analysis data structure populated with data accessed from a plurality of data sources throughout the network;

changing the event state of the network event to unresolved;

placing the action tree in an hibernation state;

upon determining that the network event has not been resolved, taking the action tree out of the hibernation state;

escalating the network event by accessing a second action node which is higher in the hierarchy of the action tree than the first action node;

upon determining that the network event has been resolved, changing the event state to resolved; and

returning the network event to the event server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An impact analysis software system is described which resides on a computer connected to a network in an enterprise. The system analyzes the impact of network events on the network, and includes a number of modules, including a number of data source adapters for interfacing with external data sources to thereby allow access by the system to enterprise-related data in the external data sources. The system further includes an impact analysis data structure populated with data accessed from the external data sources and defining relationships between the enterprise-related data. One or more action tree data structures comprise a routine which, when executed, acts upon the relationships defined by the impact analysis data structure to handle events. A message processor reads the network events and select one of the action tree data structures to handle each read network event.

205 Citations

20 Claims

1. A method for handling network events generated in a network in an enterprise, the method comprising:
- detecting at least one of a plurality of network events;
  
  collecting at least one of the plurality of network events by an event server, wherein the plurality of network events have event states;
  
  executing, using at least one computing device, a first action node of an action tree in response to the network event, the action tree including a plurality of action nodes, each of the plurality of action nodes includes an action and a decision, and the plurality of action nodes are organized in a hierarchy based on relationships between enterprise-related data objects, the relationships defined by at least one data impact analysis data structure populated with data accessed from a plurality of data sources throughout the network;
  
  changing the event state of the network event to unresolved;
  
  placing the action tree in an hibernation state;
  
  upon determining that the network event has not been resolved, taking the action tree out of the hibernation state;
  
  escalating the network event by accessing a second action node which is higher in the hierarchy of the action tree than the first action node;
  
  upon determining that the network event has been resolved, changing the event state to resolved; and
  
  returning the network event to the event server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 further comprising:
    - identifying a workstation affected by the detected network event;
      
      determining at least one administrator and at least one business unit affected by the network event; and
      
      contacting the at least administrator regarding the detected network event.
  - 3. The method of claim 2, wherein the step of determining at least one administrator and at least one business unit includes the determination being made by traversing the impact data analysis data structure.
  - 4. The method of claim 1, wherein the execution of the action tree is performed by a policy engine.
  - 5. The method of claim 1, wherein the enterprise-related data objects include organization nodes that define the organization structure of the enterprise.
  - 6. The method of claim 5, wherein the organizational structures include at least one of:
    - a host, a communication device, a user and a document.
  - 7. The method of claim 5 further comprising:
    - accessing the enterprise-related data objects through a networked database.
  - 8. The method of claim 1 further comprising:
    - hibernating the action tree, including saving a current state of the action tree to a state database.
  - 9. The method of claim 8, wherein the state database is within an impact server.
  - 10. The method of claim 8 further comprising:
    - awakening the action tree from a hibernated state in response to a wakeup call message.
  - 11. The method of claim 10, wherein the wakeup call message is an electronic mail message.

12. A computer for handling network events generated in a network in an enterprise, the computer comprising:
- an event broker operative to cause the computer detect at least one of a plurality of network events;
  
  an event server operative to cause the computer to collect at least one of the plurality of network events, wherein the network events have event states; and
  
  an impact server operative to cause the computer to;
  
  execute a first action node of an action tree in response to the network event, the action tree including a plurality of action nodes, each of the plurality of action nodes includes an action and a decision, and the plurality of action nodes are organized in a hierarchy based on relationships between enterprise related data objects, the relationships defined by at least one impact analysis data structure populated with data accessed from a plurality of data sources throughout the network;
  
  change the event state of the network event to unresolved;
  
  place the action tree in a hibernation state;
  
  determine that the network event has not been resolved and take the action tree out of the hibernation state;
  
  escalate the network even by accessing a second action node which is higher in the hierarchy of the action tree than the first action node;
  
  determine that the network even has been resolved and change the event state to resolved; and
  
  return the network event to the event server.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The computer of claim 12, wherein the impact server is further operative to identify a workstation affected by the detected network event, determine at least one administrator and at least one business unit affected by the network event and contact the at least administrator regarding the detected network event.
  - 14. The computer of claim 12 further comprising:
    - a policy engine disposed within the impact server, wherein the execution of the action tree is performed by the policy engine.
  - 15. The computer of claim 14, wherein the enterprise related data objects include organization nodes that define the organization structure of the enterprise.
  - 16. The computer of claim 15, wherein the organizational structures include at least one of:
    - a host, a communication device, a user and a document.
  - 17. The computer of claim 12 further comprising:
    - a networked database having the enterprise-related data objects stored therein, such that accessing the enterprise-related data objects through a networked database.
  - 18. The computer of claim 12 further comprising:
    - a state database; and
      
      the impact server is further operative to hibernate the action tree, including saving a current state of the action tree to the state database.
  - 19. The computer of claim 18, wherein the impact server is further operative to awaken the action tree from a hibernated state in response to a wakeup call message.
  - 20. The computer of claim 19, wherein the wakeup call message is an electronic mail message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Secor, Peter, Tokarsky, Tim, Perelman, Shoel
Primary Examiner(s)
Whipple, Brian P

Application Number

US10/756,843
Publication Number

US 20050027845A1
Time in Patent Office

3,206 Days
Field of Search

709/223, 709/224
US Class Current

709/224
CPC Class Codes

G06Q 10/087   Inventory or stock manageme...

H04L 41/0636   based on a decision tree an...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/22   comprising specially adapte...

Method and system for event impact analysis

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

205 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for event impact analysis

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

205 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links