of a specific solution Risk is what you are really managing Added value is an important part of the calculation, but hard to determine You will always be challenged in comparing “apples to purple” What questions should you be asking yourself and the business?
by who • Will this identify gaps or opportunities for the business? • Will this help the efficiency of the business? • Will it make the business more competitive? • Think not just about how the data you are putting into Elastic is being used, but what you might want to do with that data in the next 1-2 years. • Do you envision new consumers of this data? How would it look different? • What other data might become important?? What’s the value of the data?
is easy to use and search • You want to make sure you keep what you want to search, and not just everything • You will hear people talk about optimizing field mappings… will you ever do a text search on a GUID? NOPE. • Don’t create a “data dump” Just because you *can* keep it…
Alerts? Analytics? • Fast? Slow? Really slow???? • Are the users machines or humans? • What are your ”users” expectations? • What happens if the information is not available? • What other information is useful in context with this data? How is the information used?
the most out of storage isn’t making the data USABLE. • Who is consuming it? What are they looking for? How easy will it be for them to decide to analyze the data in a new way? Add new types of data? • If you are ingesting 10TB a day, how are you planning on getting “information” out of this? • The US Library of Congress is 10TB. Simply making this data “available” doesn’t make it useful. How will you identify patterns and send meaningful alerts? To USE data strategically, you need to make is USE-able
do you identify it? How long did this take? (MTTDetection) ๏ Are you looking at HUMAN TIME or MACHINE TIME? ๏ When does it cross that barrier? What is the additional impact? • Once you find it, how do you resolve it? (MTTRecovery) • The WHOLE THING matters, in fact detection REALLY matters Collecting 100TB isn’t enough
strong algorithms available • Depending on your solution, this could be a secondary product or cost, typically requiring a separate skillset and separate hardware • What is the availability of the secondary solution? What happens when it goes down? • What is the hardware profile required to meet your SLAs? • How much hardware will be needed to meet your availability requirements? The full solution consideration
Consider what the total risk is 1. Does it support revenue functions for the company? 2. Does the supported system play a role in regulatory compliance? What is the penalty for an outage? 3. How does it impact resiliency? 4. How would this impact your brand reputation? Past events can be used as barometers
to host this information • Every solution will have a unique profile in terms of: • Hardware • Implementation • Ancillary solutions required • Then there is….. Now that you understand the size of the box
a business advantage to having Elastic experts on staff? • If you go open source or with an “alternate” implementation, consider • The cost of other systems needed to support the basics (security) • The cost of other systems needed to do dedicated analysis of data • Correlation of data that would typically be in separate systems • Data is in one place, one interface, not multiples How do we help you reduce your time to market
no one will have all of them • Understand the real value of the data and WHY you are keeping it • Work with all of your vendors to figure out the *real* cost based on your environment • What is truly needed to meet your requirements? • Anticipate growth based on what you have seen the last 1-2 years • Software license + hardware profile of the complete solution • Does this number make sense compared to the value of the data? There is no simple answer….