June is almost here, so it seems an appropriate time to explore results of the marriage of two aspects of computer technology that seem destined to remain together: artificial intelligence and computer operations, a concept becoming better known as AIOps.
Even if your enterprise doesn't seem to need, for example, an AI-driven chatbot to handle customer-service activities quite yet, there's another application type that might be the icebreaker for AI introduction to your organization. That would be applications that use AI to automate many aspects of computer operations traditionally handled by humans.
The Baby and the Bathwater
AIOps is a term originated by Gartner Group in 2016. Although at first it was "AlOps," an acronym for "Algorithmic IT Operations," because many apps of this type use AI technology anyway, the distinction has already been lost and AIOps now more commonly means "Artificial Intelligence for Computer Operations."
Standalone apps and activities that provide analysis of metrics such as application and infrastructure performance monitoring, hardware events, and service interruptions have been with us for years. What's more, resolving user glitches has made better automation of IT service tickets the unrequited love of corporate citizens both inside and out of IT seemingly forever.
Unfortunately, relying on human interpretation of such data and then reacting to it in a timely manner is becoming more and more difficult. The amount of operations data to analyze keeps rising and the COVID epidemic has complicated IT life by forcing accommodation of more work-from-home needs just as IT personnel budgets are being trimmed and operations analyst jobs increasingly go unfilled. AIOps apps can provide a way out of these and other conundrums and provide a host of other benefits.
Overall, an AIOps app strives to analyze available operations data with AI and machine-learning (ML) techniques, highlights anomalies, dissects changes and incidents, adds contextual data, and presents it all to operations personnel in some kind of summary interface. Additionally, it will postulate problem causes and suggest solutions. Once trained and trusted to do this much, the app can be enabled to execute remedies for common problems. However, AIOps is still in its relative infancy. There are no universally agreed-upon definitions for what an AIOps app should do or how it is to be done, nor is there a list of standard features every app vendor seeks to include because the market expects them.
When Gartner originated the AIOps term, it postulated a three-step process that it expected most AIOps apps to follow in a continuous cycle while learning an IT environment. Although Gartner is considered authoritative by many, bear in mind that this is a recommended methodology that is basically followed by many, but not necessarily all, AIOps packages.
The first step, which Gartner called "Observe," is the period in which an AIOps solution monitors its environment, builds datasets of actions and activities for later reference, and begins to identify issues as it sees performance data anomalies. The second step is "Engage," during which the AI notifies human teams of groups of anomalies that may need action and suggests solutions. The third step is "Act," in which the AI, now vetted by the humans, begins to take autonomous actions in responding to problems.
If that sounds simple, though it clearly isn't.
Preparing for Quadruplets
To begin with, there are at least four types of AIOps apps. The first dichotomy is between what are called "traditional" and "deterministic" types.
Traditional apps gather a huge amount of data with which to train an AI app to do analysis and reliably pick a response action to various problems that can crop up. This Big Data, brute-force methodology relies on the speed of computer processing to correlate the large amount of input than can be involved.
Deterministic apps, in contrast, are fed raw data that's subjected to a "fault tree analysis" method to examine all dependencies a faulty entity (such as a slow-performing business app) might have, consult a topology map of the operations or cloud environment in which the entity resides, and then browse through a history or change log of the underperforming entity to see if it can identify a root cause (for example, an app code change). This method requires an accurate "topo map" input to start with, plus the ability of the AIOps app to keep building this internal map competently enough that the map remains accurate.
The process of building either app type can take months, during which humans still have to oversee the process to make sure the AI doesn't misinterpret what it's being fed. The upside is that once this initial teething period is over, either kind can become competent enough to take over many IT troubleshooting functions.
The second dichotomy is between "domain-centric" and "domain-agnostic" AIOps solutions.
Domain-centric apps are focused on specialized areas—for example, zeroing in on application performance or system downtime metrics. If you were a SaaS service provider or an IT department concerned primarily with something like maintaining a service-level agreement about availability of a particular business app, you'd probably gravitate toward this type.
Domain-agnostic solution types, on the other hand, are designed to work with any kind of data and solve a wide range of problems in an IT environment. This app type looks at IT environments more holistically and so provides a broader range of information that correspondingly needs a larger set of data inputs. If you were looking for a more general-purpose or versatile solution, this is the kind you'd likely want to investigate first, even though this type would probably take longer to train.
Declaring which of these two types a particular solution might be is rarely listed as part of an AIOps app's product description. Some vendors might even consider on which side of either split their product truly falls to be a trade secret.
Adding to the uncertainty, no one of the four types is best in all situations. The bedrock of considering moving to AIOps requires operations teams to already have an intimate understanding of their own environments so as to determine what features are most suitable in an AIOps app. As new AIOps products are released in coming years, there will likely be even more permutations in how differently individual solutions function.
Fitting the New Kids into Mixed Families
Another important aspect of AIOps adoption needs to be mentioned here, although an exploration of all the considerations surrounding initiating an AIOps acquisition is beyond the scope of this article.
Project managers in charge of adopting AIOps need to take into account the analysis tools that already exist in an enterprise IT environment. Mergers and acquisitions, particularly over recent years, often mean disparate ways of analyzing IT infrastructure and application performance are required to coexist under a single roof. Situations may require a political compromise in which successful AIOps adoption mandates retention of older tools and methods, complicating integration between incompatible systems that can create a counterproductive result.
Pleasing the Grandparents
Reaching the endgame of an AIOps adoption program successfully can produce all kinds of potential benefits that will excite the powers that be. Some of these include the following.
The Big Data aspect of AIOps is that once a domain-agnostic AIOps app becomes established, there are potentially a host of analyses the app can offer that were previously beyond the capabilities and time constraints faced by human IT assets. Eventually the wealth of logs, event recordings, metrics, and other environmental data can enable the AI to detect patterns, draw inferences, and initiate preventative practices that can prevent many problems from occurring at all and lead to forecasting of actions that can improve business computing environments locally, across a network, or across the cloud.
Unless cybersecurity is a primary focus of a smaller set of deployed AIOps tools, domain-agnostic solutions have the benefit of increasing visibility into operational security. Even as long ago as 2019, some security operations centers were receiving up to 10,000 alerts each day from multiple layers of security products, less than 10 percent of which staff had time to fully investigate, and of which up to 80 percent might be duplications. Using AI, a much higher percentage of potential security incident reports can be catalogued, deduped, and the data analyzed to improve overall security, helping make more efficient use of security personnel.
Mapping dependencies across entities in a network can generate information that could illustrate causes and stages of cascading failures that would let the AI or humans intervene to stave off similar failures in the future. It can also track relationships between hybrid infrastructure elements, affecting for example, availability management. Automating the process of user problem reporting and resolution of incidents (false alarms or repetitive minor user requests) can eliminate the "background noise" of firefighting that often keeps Service Reliability Engineers, DevOps teams, and IT Operations personnel from doing more productive and rewarding work and reduce staff mental fatigue. Correlating alert types and associated data can better predict problems and simplify responses in the future and improve overall performance of apps, networks, and cloud communications via extensive, regular reporting of realtime performance monitoring. Earlier forecasting of future demand for application and infrastructure use can help IT become more proactive rather than reactive.
AIOps can significantly reduce such metrics as Mean Time to Detect (MTTD) and Mean Time to Repair (MTTR) event and security threats. It opens the possibility of more cross-departmental collaboration on providing services and can correspondingly break down silos. It provides more and better data for making better business decisions because it helps people understand more about the environment and the business.
A sufficiently versatile AIOps app can also automate incident-reporting for large IT departments. A chatbot similar to one used for online customer service can interact with users and generate incident tickets. The app can also group similar complaints together and preliminarily gather data on a particular incident or groupings before presenting a digest to a human engineer, if not resolving the situation autonomously.
There are additional ways too numerous to mention in which AIOps can provide greater clarity on any enterprise's computing environment.
Sources of AIOps Apps
AIOps aren't for every company. Primarily, they can be of use to large enterprises that are juggling disparate technologies as a result of expansion, are software or cloud service providers, or otherwise have extensive or complex hybrid cloud environments. Because of the lack of universal methodologies or feature lists, though, it's up to each enterprise considering an AIOps app to understand their own operations environment well enough to choose the methodologies and features that best suit their situation from the solutions on offer.
AIOps tailored for cloud will be covered in a separate, upcoming article, but for general purposes, below is a list of AIOps application providers that will be be useful for gaining additional information about this technology.