Its not enough to detect an intruder after hes gained entry to a Web, server or database server. The server itself should be listening in the dark of night for the jiggle of the back door knob as an intruder tries to get in.
Today, such watchfulness is dependent on network-based security products, which frequently sound an alarm that a back door was opened after the intruder has entered. But if IBM can propagate its eLiza initiative across enough systems, every server the company ships will possess its own watchdog preventing such entries.
The ability to detect an intruder fiddling at the door is an attribute of IBMs existing zSeries, the former System 390 mainframes. The intruder detection is accomplished by coordinating the server operating system with activities occurring in the TCP/IP stack, or layers of network access software. Certain events in the stack indicate an intruder, and a quick reaction to those events shuts the intruder out. This capability, now part of the mainframe, will be extended to all of IBMs servers, from the iSeries (formerly the AS/400) to the pSeries (the RS/6000) to the xSeries (Intel-based Netfinity servers) through the eLiza initiative announced today, said Greg Burke, IBMs director of Project eLiza.
Better local security is just one aspect of eLiza. In effect, IBM wants to build more self-monitoring, self-configuring, self-protecting and self-optimizing features into all of the servers it ships, lessening the load for system administrators.
"The idea is to create technology to manage technology," Burke said. "If the systems can manage themselves, then the IT manager is free to do less-trivial tasks."
In Windows servers, its not uncommon for a renegade process, or set of instructions in an application requiring an allotment of memory, to run continuously, consuming a little more memory with each loop. The problem is known as memory leak. After the process uses up all available memory, it causes a system crash, one of the frequent sources of Windows blue screens of death. ELiza running on the xSeries IBM servers will watch for memory leaks "and take corrective action before the system is in danger of crashing," Burke said.
Another goal of eLiza will be to manage user identity and privileges across systems, with each server and its applications able to detect the level of access awarded to the user seeking resources on it, said Leo Cole, director of security marketing management for IBMs Tivoli Systems unit. ELiza will seek to embed some Tivoli features on individual servers.
Midrange servers in the pSeries and iSeries will benefit first, but the features are expected to cascade through the product line as fast as each server group can implement them, Burke said.
IBM is seeking industry partners with which to implement Project eLiza, and named BMC Software, maker of the Patrol system management products, as one of them. It also is collaborating with Candle Corp., supplier of the Omegamon mainframe management system, and Nortel Networks. Customers such as Danske Bank, Merrill Lynch & Co. and Terra Lycos are also implementation partners, Burke said.
While eLiza capabilities will be built into servers, IBM is also offering an e-business Management Service, which can monitor a companys business processes with a set of supporting rules on how they should perform. If response times of a Web-based service fall, alerts and supporting bar graphs or pie charts would be exported to a "dashboard" graphical interface to a system manager. The e-business Management Services are established by employing senior consultants in IBMs Global Services unit.