DX Operational Intelligence

Expand all | Collapse all

SOI - Creating a VPN service

  • 1.  SOI - Creating a VPN service

    Posted 08-20-2019 06:35 PM
    Hello SOI-land,

    Have you built a vpn service?  If so, can you share the propagation used?  what the best way to demonstrate the importance of the VPN headend device to the downstream devices connected to it?

    Or, do I need a different approach?  I appreciate your ideas.


  • 2.  RE: SOI - Creating a VPN service

    Posted 08-27-2019 11:09 AM
    Hi Waverly,

    building this service requires to know what you want to show.
    • Do you want to show the Topology view: devices, network connections and processes
    Then you have to figure out which tools (such as Spectrum for network, UIM for devices, APM for applications) are monitoring the related objects which are running any type of VPN components or are important to support it, and build a service containing all these objects with the relationships how they are physically or logically connected.
    This view does show any fault in any area, but does not give any information about if the "Business Service VPN" (from an SLA point of view) is working.

    • Do you want to show if the VPN Service is working from an SLA point of view
    Then you should create some monitors (for example in CA UIM) that execute actions via the VPN (synthetic tests).
    If these actions cannot be performed, the VPN Service has issues (which you can then follow up in the previously mentioned Topology view).
    These two views have different purposes (that is the core of Business Service modelling compared to Topology services).
    I have seen implementations with both views combined into one service:
    Above two views are each individual services, and both are combined as subservices into a "VPN" service.
    The subservice for the topology view is then set to not propagate anything up to the parent, because not every error on any of the devices means that the VPN itself has issues (for example having one half of a cluster down should be followed up by a technician, but the VPN SLA will still be OK - that is why you have a cluster).
    Only the subservice with synthetic tests (and possibly core objects which are "always" impacting the service) propagate impact to the parent (on which the SLA is defined).

    If the parent has an impact, people start investigating what has happened (supported by the topology view to understand how all works together).
    Still, if the parent is "green", people should investigate on any type of error in the entire environment, even if there is no impact (yet) to the SLA.

    If you want to go further into details of Business Service Modelling, feel free to contact me also directly: Michael.Boehm@brodcom.com.


    Customer Success Architect
    CA Deutschland GmbH (a Broadcom company)

  • 3.  RE: SOI - Creating a VPN service

    Posted 08-27-2019 12:15 PM

    Most helpful!  So I am on the right track with logical groupings.  We don't have UIM, only Spectrum Fault Manager.  So I don't think we have the tool set to create a synthetic action.  Thank you for your response!



    Waverly Y. Williams

    Sr. Communication Specialists

    Network Engineering and Operations

    O: 202-226-6498/ C: 202-255-9821

    Team:  NMSAdmin@mail.house.gov


    Office of the Chief Administrative Officer

    202 225-8000 (First Call)



    Follow the CAO: