System and method for generating and using fingerprints for integrity management

US 8,266,279 B2
Filed: 01/25/2010
Issued: 09/11/2012
Est. Priority Date: 09/27/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

accessing a fingerprint comprising a set of rules that describe the behavior of at least one metric of an information technology (IT) infrastructure, wherein at least one rule of the fingerprint describes the probability of a symptom for a specific time cut that corresponds to a number of time units prior to an occurrence of a problem, wherein the fingerprint is produced as a result of the problem in the IT infrastructure being identified, information related to the problem in the IT infrastructure being collected, and the set of rules being formed from the collected information;

comparing the fingerprint to an incoming data stream; and

preemptively predicting a potential problem in the IT infrastructure based on the fingerprint comparison;

wherein at least one of the accessing, the comparing and the preemptively predicting is executed by a processor.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method is provided for capturing and using problem fingerprints in an Information Technology (IT) infrastructure for integrity management. A fingerprint of the transaction topology in an IT infrastructure is automatically captured at various time intervals prior to the occurrence of an event leading to a problem, such as a failure, hard threshold violation, defined transaction violation or user-provided occurrence. The fingerprint provides an indication of the activity and operation of the IT infrastructure immediately preceding the problem event. The captured fingerprint is then used to monitor real-time data in the IT infrastructure operation and activity to look for activity that matches a captured fingerprint to provide an indication of a pending problems before the problems occur. When it is determined that there is sufficient probability a problem event will occur based upon real-time data matching a previously generated problem fingerprint, an alert is generated to provide sufficient notification prior to the occurrence of problem event.

44 Citations

View as Search Results

18 Claims

1. A method comprising:
- accessing a fingerprint comprising a set of rules that describe the behavior of at least one metric of an information technology (IT) infrastructure, wherein at least one rule of the fingerprint describes the probability of a symptom for a specific time cut that corresponds to a number of time units prior to an occurrence of a problem, wherein the fingerprint is produced as a result of the problem in the IT infrastructure being identified, information related to the problem in the IT infrastructure being collected, and the set of rules being formed from the collected information;
  
  comparing the fingerprint to an incoming data stream; and
  
  preemptively predicting a potential problem in the IT infrastructure based on the fingerprint comparison;
  
  wherein at least one of the accessing, the comparing and the preemptively predicting is executed by a processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein at least a portion of the fingerprint comparison is performed using a statistical event-based correlation.
  - 3. The method of claim 1, wherein the fingerprint is produced as a result of the collected information being analyzed to determine if fingerprint creation criteria are satisfied, the fingerprint creation criteria comprising an intermediate set of rules to determine if the collected information meets a threshold number of rules for fingerprint capture, and the fingerprint being captured or an existing fingerprint being updated using the set of rules.
  - 4. The method of claim 1, wherein the fingerprint is device and time independent.
  - 5. The method of claim 4, further comprising applying the device independent fingerprint to transactions occurring in the IT infrastructure.
  - 6. The method of claim 4, wherein the fingerprint represents the operation of at least a portion of the IT infrastructure preceding the occurrence of the problem.
  - 7. The method of claim 1, wherein the incoming data stream is substantially real-time data.

8. A non-transitory machine-readable medium having program instructions stored thereon executable by a processing unit for:
- accessing a fingerprint comprising a set of rules that describe the behavior of at least one metric of an information technology (IT) infrastructure, wherein at least one rule of the fingerprint describes the probability of a symptom for a specific time cut that corresponds to a number of time units prior to an occurrence of a problem, wherein the fingerprint is produced as a result of the problem in the IT infrastructure being identified, information related to the problem in the IT infrastructure being collected, and the set of rules being formed from the collected information;
  
  comparing the fingerprint to an incoming data stream; and
  
  preemptively predicting a potential problem in the IT infrastructure based on the fingerprint comparison;
  
  wherein at least one of the accessing, the comparing and the preemptively predicting is executed by a processor.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The non-transitory machine-readable medium of claim 8, wherein the fingerprint is produced as a result of the collected information being analyzed to determine if fingerprint creation criteria are satisfied, the fingerprint creation criteria comprising an intermediate set of rules to determine if the collected information meets a threshold number of rules for fingerprint capture, and the fingerprint being captured or an existing fingerprint being updated using the set of rules.
  - 10. The non-transitory machine-readable medium of claim 9, wherein the fingerprint represents the operation of at least a portion of the IT infrastructure preceding the occurrence of the problem.
  - 11. The non-transitory machine-readable medium of claim 8, wherein the fingerprint is device and time independent, the medium further comprising program instructions stored thereon for applying the device independent fingerprint to transactions occurring in the IT infrastructure.
  - 12. The non-transitory machine-readable medium of claim 8, wherein the incoming data stream is substantially real-time data.

13. A system comprising:
- a storage device for storing a fingerprint comprising a set of rules that describe the behavior of at least a portion of an IT infrastructure, wherein at least one rule of the fingerprint describes the probability of a symptom for a specific time cut that corresponds to a number of time units prior to an occurrence of a problem, wherein the fingerprint is produced as a result of the problem in the IT infrastructure being identified, information related to the problem in the IT infrastructure being collected, and the set of rules being formed from the collected information;
  
  a fingerprint comparison module for comparing the fingerprint to an incoming data stream;
  
  a problem prediction module for preemptively predicting a potential problem in the IT infrastructure based on the fingerprint comparison; and
  
  a processor configured to execute an operation of at least one of the fingerprint comparison module and the problem prediction module.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system of claim 13, wherein the fingerprint comparison module performs at least a portion of the fingerprint comparison using a statistical event-based correlation.
  - 15. The system of claim 13, wherein the fingerprint is produced as a result of the collected information being analyzed to determine if fingerprint creation criteria are satisfied, the fingerprint creation criteria comprising an intermediate set of rules to determine if the collected information meets a threshold number of rules for fingerprint capture, and the fingerprint being captured or an existing fingerprint being updated using the set of rules.
  - 16. The system of claim 13, wherein the fingerprint is device and time independent, further wherein the fingerprint comparison module applies the device independent fingerprint to transactions occurring in the IT infrastructure.
  - 17. The system of claim 13, wherein the fingerprint represents the operation of at least a portion of the IT infrastructure immediately preceding the occurrence of the problem.
  - 18. The system of claim 13, wherein the incoming data stream is substantially real-time data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
VMware, Inc. (Broadcom, Inc.)
Inventors
Marvasti, Mazda A.
Primary Examiner(s)
Follansbee, John
Assistant Examiner(s)
Mejia, Anthony

Application Number

US12/693,358
Publication Number

US 20100131645A1
Time in Patent Office

960 Days
Field of Search

709/224, 709/223, 714/38, 714/39, 702/179, 702/186, 702/187
US Class Current

709/224
CPC Class Codes

H04L 41/0631 using root cause analysis; ...

System and method for generating and using fingerprints for integrity management

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

44 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for generating and using fingerprints for integrity management

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links