Your First 30 Days as a Precisely Ironstream User

We’ve all experienced this firsthand – you need to catch IT security and operational issues before they escalate, and so you invest in one or many ITOps platforms. Yet, you still have challenges because frustratingly, IBM i or IBM Z systems do not natively connect into your investment – so you make another investment Precisely Ironstream.

Using Precisely Ironstream and your ITOps platform, you’ve barely scratched the surface of what you can proactively and contextually model in your environment.

In this blog, we’ll provide you with actionable tips on how to maximize the success of both your investments. In each step, we’ll take you through important steps and considerations for setting up the Ironstream and its’ unified integration layer for connecting IBM i and IBM Z to ITOps or Security Information and Event Management (SIEM) platforms.

Goal 1: Plan the data you want to bring in

There is no shortage of information to bring from an IBM i or IBM Z into an ITOps platform. IBM systems have layers of data, which is why it’s crucial to have a clear plan for how you’ll approach the data types you want to monitor. Define your business priorities to help maximize the impact both in the short and long term.

Here is what to consider:

1. Whether you’re sitting on the ITOps or IBM systems seat, you need to meet with your team to understand the immediate and long-term monitoring and observability requirements for the business.
2. Consider how the types of data you are pulling from your IBM systems can be used to inform specific areas of the business. For example, a System Audit Journal could inform a larger attempt to monitor invalid login attempts.
3. Have alignment on timelines for data delivery – what are the most critical data points that need to be incorporated right away? Prioritize those.
4. Always review with your fellow team members if the goal posts for monitoring have moved – be transparent on how that affects data delivery to the ITOps platform.
5. Continue to iterate – you don’t have to tackle every problem at once, start small and build out. Show progress and successes as you go along!

Did you know: If you’re a customer and Ironstream doesn’t have a target that you need, that you can request it? Precisely Product Management and Professional Services are here to help ensure that you can deliver what your business needs most.

Goal 2: Understand how you want to use IBM Z and IBM i to inform ITOps

You’ve had your meetings and now you have a plan in place for the types of data you want to bring into your ITOps platform target. A big part of this is making sure to ask the right questions on how you’re going to use IBM system data in your ITOps platform, suggested questions to ask are:

• What do you need or want to monitor? Should you look at privileged users, access to failures, customer data or something else? This will impact the types of data you integrate
• What will be my alert categories? You don’t want to become overwhelmed by information or noise – determine what are your alert categories – users, groups, or data.
• Do you understand the business priorities? Hopefully, you’ve had conversations and met these requirements in goal one, but if not, whose needs are you serving? The organization, specific department, or external regulators?
• What’s the baseline for your organization? Say you’re mandated to make IBM i or IBM Z visible for observability but haven’t really gotten much guidance – consider other ways to find your baseline. We suggest looking at industry regulations like HIPPA, NIST, or PCI DSS for guidance on the types of information to monitor.

Did you know: The Ironstream supports multiple IBM i source definitions. Each source can be individually controlled (stopped or started) as required. Learn more about Ironstream pipelines here.

Goal 3: Know the context of IBM i and IBM Z data

Once you understand how data might be used, it’s now time to use Ironstream to set the context of the data coming from IBM i and IBM Z. Ironstream offers data selection and advanced filtering to help you get the most focused and relevant results possible. To use the data selection and filtering capabilities, we suggestion you consider the following:

1. Plug in and refine. Once you’ve connected your IBM i and IBM Z, you’ll have access to a vast amount of data—so much that it may be overwhelming to get meaningful results. That’s why we recommend refining the types of data you select within your IBM i or IBM Z. Test and gather feedback on what’s working to ensure you get the most relevant insights.”
2. Get down to the field level. Once you know what data you’re going to filter on, you can get information down to the field level. This will help you get even more granular information to your target for monitoring.
3. Use filters to build parameters. Filters aren’t just for parsing out data, you can use them to build workflows too! Use Ironstream filters to configure warnings and informational alerts.
4. Set thresholds. Part of proactivity is knowing when something if off before it becomes a problem. We recommend setting thresholds on pipelines in Ironstream to give you real-time visibility into if something is going wrong. For example, if your mainframe is operating over CPU and it’s been that way for more than 5 minutes, you know it’s time to step in!
5. Build in regular expressions. In addition to setting thresholds for system behaviors, we also recommend setting regular expression filters. These filters help you determine whether to pass data to the target platform. Helping you even further refine results and output.

Did you know? Ironstream offerings process filters. Processes filter data based on whether the records meet the criteria specified in the process. A pipeline can include multiple processes. Each process selects records to send on to another process or a target based on the filtering conditions.

Goal 4: Become the owner of your IBM system resiliency activity

You’ve had the conversations, you’ve built the pipelines, and you’re proactively monitoring your IBM i or IBM Z, now it’s time to evangelize. We most commonly see that other areas of the business to not realize the criticality of these systems, but you know that their uptime can make or break your business. We encourage users to become advocates internally of their IBM system to help improve their own visibility but also reinforce the why or including machine data from these systems in ITOps platforms.

Pro tip: Always be aware of your organization’s SLA response tolerance. While organizations can accommodate response times of an hour, others have shifted requirements to just minutes!

Next Steps

Congratulations! By reviewing this guide, you are off to a solid start on proactively and contextually monitoring your IBM i or IBM Z in your ITOps platform(s) of choice. As you move forward, it is important to understand how data delivery requirements might change, how IBM system data is providing value. Remember, the faster the resolution of an incident the better experiences your team can provide not only to employees but customers as well.

Join the Precisely Ironstream community: What did you think of our guide? Have more tips to share on Ironstream? Share in the Precisely Ironstream community so we can all learn together!

Don’t have Ironstream but want to learn more? Request a demo.