You are here: Home / Complex Event Processing (CEP) / CEP sessions at the OMG Real-Time July 08 workshop

CEP sessions at the OMG Real-Time July 08 workshop

July 21, 2008 By 5 Comments
Email

In among the sessions at the recent OMG Real-Time Distributed Object workshop were 2 interesting CEP papers. The first was by the Naval Surface Warfare Center on their evaluations of CEP technologies and tools for potential Navy use. Their goal is to replace certain “hard coded” event processing logic in expensive systems with some more flexible event processing system(s), especially in “soft” (non-combat) applications such as Quality Of Service (QOS) management, fault management, status monitoring and readiness assessment. Some of the interesting points that came across included:

  • The Navy had gone to industry, asking for commercial CEP tooling, in the late 90s to early 00s – and had got the reply that there was no business case for such a tool. Naturally, they were now delighted to have so many to look at and choose from (and to have had their original requirement proven correct).

  • A major issue was the “lack of standards” and/or “equivalent competitive products” to avoid vendor lock-in, even though the presenter (who had attended the OMG CEP standards event in March) recognized there was no compelling business case for the smaller vendors to develop such standards. But the message was clear – without standards, CEP faces an uphill battle for adoption in the DOD. [Funnily enough I had presented a more optimistic view on this topic in the previous session (such as the development of OMG PRR and W3C RIF for representing production rules for event pattern detection).]

  • A lot of work had gone into developing metrics for CEP systems. These included:

    • runtime performance
    • architecture scalability
    • fault tolerence
    • IT fit (including availability of adapters to other event providers)
    • ease of use

  • Other work had gone on into runtime performance measurements and benchmarks, such as throughput and latency versus:

    • numbers of rules
    • numbers of rules used
    • rule complexity
    • rate and complexity of incoming events

  • Example CEP applications that could be of interest included:

    • Semantic Event Processing, such as routing messages between systems and converting them to the appropriate measurement units and ontologies
    • Monitoring military checkpoints in realtime
    • Tactical situation monitoring.

My only caveat from this session was an impression (from some of the slides) that NSWC were still thinking in terms “event driven application servers” [*1] as the default / de facto solution for CEP. But of the major app server vendors mentioned, none use their mainstream app server products for CEP (and presumably for good reason)…

The second session was from a middleware vendor, who had teamed up with a CEP vendor to do some DOD-funded research on applying CEP to system monitoring and network intrusion. The idea here is that there may be 100s of tools on a network such as Scanners, Sniffers, System Fingerprinting, System Monitors, Vulnerability Databases, Monitoring (such as HP OpenView), and Intrusion Detectors (such as SNORT), that all contribute evidence or information that can be aggregated and correlated using CEP. This seemed an emminently “sensible” approach to applying CEP to network security -  re-using existing, proven techniques and adding value by combining them together.

Notes:

[1] Favorite quote from this Wikipedia article (at the time of writing): “Application servers are a throwback to mainframe computing”.

Filed Under: Complex Event Processing (CEP) Tagged With: ,

Comments

  1. vincent says:
    July 24, 2008 at 10:41 am

    Opher blogged some comments on the NSWC metrics at http://epthinking.blogspot.com/2008/07/on-optimization-criteria-for-ep.html – definitely a subject for future discussion!

    Reply
  2. Alex says:
    July 23, 2008 at 12:45 am

    Agreed. I think the analogy stands more in the metaphore of open middleware where you can write an application, deploy it and manage it, where the underlying middleware (server) will be responsible for several things (f.e. reliability, manageability etc) and will thus help factor out the hard technical parts from end user business requirements.
    Thanks for pointing out the glossary view on this.

    Reply
  3. vincent says:
    July 22, 2008 at 4:00 pm

    Hi Alex – Yes I should have been clearer – the vendors mentioned in the slides implied that traditional app servers could be suitable for CEP. The fact that vendorA has a good J2EE app server says nothing about their ability to create a CEP framework. Plus of course the term “app server” is a bit meaningless in an EDA / CEP environment – which is why the EPTS glossary refers to Event Processing Agents and Event Processing Networks and not “event applications” being “served out” in some way.
    Cheers

    Reply
  4. Alex says:
    July 22, 2008 at 4:12 am

    I think when we say “event driven application servers” – this clearly does not always mean the “almost 10 year old Java / EJB centric application server” (WebLogic, WebSphere, JBoss, whatever) that you seem to refer to rather negatively.
    For some – it does mean that (I believe f.e. AptSoft now IBM) – for other it strictly doesn’t – f.e. the WebLogic Event Server is built upon a completely new middleware.
    You’ll see more of those verticalized application server emerging. The SpringSource Application Platform is another good example.
    The Esper team explained that here http://dist.codehaus.org/esper/JavaOne_TS-1911_May_11_2007.pdf

    Reply

Trackbacks

  1. Complex Event Processing (CEP) Blog » CEP and BRE / BRMS redux says:
    July 30, 2008 at 3:18 am

    [...] get from rule management without demanding cross-vendor standards. Yet. But standards are often (as commented at a recent event) a prerequisite for federal etc [...]

    Reply

Speak Your Mind

*