Title:
The power of events : an introduction to complex event processing in distributed enterprise systems
Personal Author:
Publication Information:
Boston, MA : Addison-Wesley Professional, 2002
Physical Description:
xix, 376 p. : ill. ; 24 cm.
ISBN:
9780201727890
Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
|---|---|---|---|---|---|
Searching... | 30000010185707 | QA76.9.D5 L83 2002 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Complex Events Processing technology allows users of a system to specify the information that is of interest to them at any given moment. This text shows how to use the technology to build enterprise IT applications with flexibility.
Author Notes
David Luckham is Professor Emeritus at Stanford University, where he directs the Program Analysis and Verification Project
Excerpts
Excerpts
Complex event processing (CEP) is a set of techniques and tools to help us understand and control event-driven information systems. And today, any kind of information system, from the Internet to a cell phone, is driven by events. What is a complex event ? It is an event that could only happen if lots of other events happened. For example, suppose you see a car you like at your favorite car dealership. That car is on the showroom floor only because a number of other events took place--events in the inventory control systems of the dealership and the manufacturer, shipping events, customs events at the port of entry, and so on. Of course, when you see exactly what you want in the showroom, you don't ask how or why. But if you don't see the model, make, or color you want and ask why not, you'll get an explanation about allocation quotas, backlogs at the factory, or some other factors that affect events in the causal history leading up to the event you wanted. This illustrates one of the ideas behind CEP. Events are related in various ways, by cause, by timing, and by membership. CEP applies to electronic information systems. It makes use of relationships between events to answer questions like, "Is our system providing the correct level of service to our customers," "Will our shipment arrive on time," and "Is someone trying to steal our information?" CEP adds a new dimension of event processing to what our event-driven information systems already do. Why is there a need for CEP? Let's look at the situation briefly. Today's information society is founded upon gathering and sharing information. All our organizations--commercial, government, and military--are dependent upon electronic information processing. Their foundational backbone is the kind of distributed computing system based on computer networks that is nowadays called the "information technology layer" (or IT layer) of the organization. The use of these systems has expanded rapidly over the past ten years to meet the increasing demands of automation, electronic commerce, and the Internet explosion. In vestment in technology has focused on making IT systems faster, capable of handling larger and larger amounts of information, and able to collaborate with one another. We now live in the world of the open enterprise, where commerce and information move across the boundaries of organizations and nations. Our society has become dependent upon IT systems. Less investment has been devoted to develop technology to solve the increasing problem of understanding what is happening in our IT systems. Whenever there is a crisis--a denial-of-service attack or a system failure--at first we don't understand what is going on or how to fix it, and then in the aftermath, we scramble for weeks to find out what caused it. We need to understand and control our critical information infrastructures better than that! A lot of the information in IT systems is never recognized. Messages--or events --pass silently back and forth across our information systems as unrelated pieces of communication. They are a source of great power, for when they are aggregated together, and correlated, and their relationships understood, they yield a wealth of information. A new technology is needed to harness the power of events in global information systems. This book is about such a technology. A few words about CEP--what it is, and where it applies. CEP consists of very simple techniques, a mix of old and new. Some of them are well known in other kinds of computer applications, such as rulebased systems in intelligent programs. Some of them are new techniques, such as tracking causal histories of events in large distributed computer systems. Or using patterns of events and event relationships, to recognize the presence of complex events that are signified by hundreds or thousands of simpler events in our IT systems. In CEP, new techniques are combined with well-known techniques in a unified framework. An example of the kind of electronic complex event we are talking about is the completion of a financial transaction involving a bundle of financial contracts. Several merchant banks and brokerage houses may participate in the transaction. They use a global trading network. The event itself, the completion of the transaction, might be the result of hundreds of electronic messages and entries into several different databases around the world over a span of two or three days. These events don't necessarily happen in a nice linear order, one after the other. Some of them might happen simultaneously and independently of others, mixed in with events from other transactions. We can apply CEP to the trading network to recognize not only when that complex event happens, but, more importantly, whether it is going to happen, or if it is getting off track and may not happen, and why. CEP applies to a very broad spectrum of challenges in information systems. A short list includes Business process automation utilizing the Internet and electronic marketplaces Computer systems to automate the scheduling and control of anything from fabrication lines to air traffic Network monitoring and performance prediction Detecting attempts to intrude into computer systems or attack them There is a fundamental reason for this broad applicability. It is simply because information systems are all driven by events. To be sure, each system, or application running on top of a system, depends upon different kinds of events. Network events are different from database events, which are different from financial trading events. But one of the major themes of CEP is that different kinds of events are related. CEP provides techniques for defining and utilizing relationships between events. CEP applies to any type of event that happens in a computer application or a network or an information system. In fact, one of its techniques lets you define your own events as patterns of the events in your computer system. CEP lets you see when your events happen. This is one way to understand what is going on in your system. That brings us to another point--flexibility. CEP allows users to specify the events that are of interest to them at any moment. Events of interest can be low-level network monitoring alerts or high-level enterprise management intelligence, depending upon the role and viewpoint of individual users. Different kinds of events can be specified and monitored simultaneously. And the specification of the events of interest, how they should be viewed and acted upon, can be changed on the fly, while the system is running. The users of CEP can be human, or they can be autonomous processes. The processes that manage our enterprises are becoming more complex. Linear workflow processes that epitomize document processing in commercial transactions are not capable of managing the open electronic enterprise. In the future, enterprise management processes will be designed to incorporate complex event processing in order to get the kind of events they need to operate. Now, a few words about the book itself and what the reader should expect. First, there are two parts to this book. Part I is for a broad audience of people with an interest in various aspects of the information society, such as electronic commerce, the Internet, B2B collaboration, or, generally, electronic information processing. Part I deals with two questions about CEP: what it is for--that is, the kinds of problems in the information society that CEP can be applied to; and what it is--a simplified view of CEP, the basic concepts and easy examples of applications. Part I includes Chapters 1 through 7.The first four chapters describe the problems and issues in IT systems that CEP applies to. The next three chapters describe basic concepts of CEP, such as what an "event" is, causal and timing relationships between events, patterns of events and event hierarchies, and how to apply them to solve the problems described earlier. Part II consists of Chapter 8 onward. It is intended for information systems specialists with some background in software. Part II presents how-to-build-it details and case studies of CEP applications. The goal of Part II is to describe what is needed to build applications of CEP that are capable of solving real-world problems. It includes first a detailed description of a complex event pattern language, reactive event pattern rules, and event pattern constraints. Second, Part II shows how to build solutions by using the event pattern rules and constraints to build event processing agents and architectures of communicating agents. Part II also includes case studies, as large and as detailed as we can fit in a chapter of a book. The final chapter of this book deals with the question of how to develop an infrastructure for CEP. We can look around the event-driven applications being developed in the commercial world today, utilizing the power of distributed computing, the Internet, and private networks. An almighty commercial struggle is brewing for market share in the world of eMarketplaces and electronic commerce. It is quite predictable, considering the trends in middleware, the Java world, the .NET world, the security world, and so on, that CEP will be developed as a competitive advantage. This chapter deals with leveraging these developments to build an infrastructure for CEP--now and quickly! A word about references. This area of Internet technology is changing so quickly that any attempt to give comprehensive references would be outdated in six months. Not only that, but any less than complete set of references would be unfair to some. I assume that any reader has access to the Internet and can search for current references to, for example, "middleware" or "application server." So I have tended to include only a few references, either general references to Web sites or citations to seminal research papers that are not easily found. At this time in our society, any technology that attempts to view and control IT systems may be seen by some as conflicting with issues concerning privacy. In fact, CEP may provide a foundation for resolving some possible conflicts. However, I cannot deal with this topic here, and I do not. Just a little history. CEP has grown out of a research project at Stanford on event-based simulation called the Rapide project. This research took place between 1990 and 2000.Out of Rapide came some early experiments in CEP applied to viewing small communicating systems built on commercial middleware, or applied to recognizing security threats in progress on the IT layer of a large university, where hackers love to play. These projects are documented on two Web sites: http://pavg.stanford.edu/rapide/ http://pavg.stanford.edu/cep/ 0201727897P04252002 Excerpted from The Power of Events: An Introduction to Complex Event Processing in Distributed Enterprise Systems by David C. Luckham All rights reserved by the original copyright owners. Excerpts are provided for display purposes only and may not be reproduced, reprinted or distributed without the written permission of the publisher.Table of Contents
| Preface | p. xv |
| Acknowledgments | p. xix |
| Part I A Simple Introduction to Complex Event Processing | p. 1 |
| 1 The Global Information Society and the Need for New Technology | p. 3 |
| 1.1 Distributed Information Systems Everywhere | p. 4 |
| 1.2 The Global Communication Spaghetti Pot | p. 7 |
| 1.2.1 Event Causality | p. 10 |
| 1.3 Electronic Archeology: Layers upon Layers | p. 10 |
| 1.3.1 A Layered Enterprise System | p. 11 |
| 1.3.2 Vertical Causality: Tracking Events up and down the Layers | p. 15 |
| 1.3.3 Event Aggregation: Making High-Level Sense out of Low-Level Events | p. 16 |
| 1.4 The Gathering Storm of New Activities on the Web | p. 17 |
| 1.5 Global Electronic Trade | p. 18 |
| 1.6 Agile Systems | p. 21 |
| 1.7 Cyber Warfare and the Open Electronic Society | p. 23 |
| 1.8 Summary: Staying ahead of Chaos | p. 26 |
| 2 Managing the Electronic Enterprise in the Global Event Cloud | p. 27 |
| 2.1 How the Global Event Cloud Forms | p. 28 |
| 2.1.1 The Open Enterprise | p. 28 |
| 2.1.2 The Global Event Cloud | p. 28 |
| 2.1.3 The Electronic Enterprise | p. 29 |
| 2.2 Operating in the Global Event Cloud | p. 30 |
| 2.3 Going Beyond Workflow | p. 33 |
| 2.4 Parallel and Asynchronous Processes | p. 35 |
| 2.5 On-the-Fly Process Evolution | p. 37 |
| 2.6 Exceptions Must Be First-Class Citizens in Process Design | p. 39 |
| 2.7 Summary: Managing the Electronic Enterprise | p. 41 |
| 3 Viewing the Electronic Enterprise--Keeping the Human in Control | p. 43 |
| 3.1 Today's Event Monitoring Is Too Primitive | p. 44 |
| 3.1.1 System Monitoring Focuses on the Network Layer | p. 44 |
| 3.1.2 Network-Level Monitoring Doesn't Even Solve Network Problems | p. 45 |
| 3.2 An Example of Causal Tracking | p. 46 |
| 3.3 Information Gaps | p. 49 |
| 3.3.1 Examples of Information Gaps | p. 50 |
| 3.4 Problem-Relevant Information | p. 51 |
| 3.5 Viewing Enterprise Systems | p. 53 |
| 3.6 Creating and Coordinating Multiple Views | p. 55 |
| 3.7 Hierarchical Viewing | p. 56 |
| 3.7.1 An Example of Hierarchical Viewing | p. 57 |
| 3.8 Summary: Viewing the Electronic Enterprise | p. 59 |
| 4 Designing the Electronic Enterprise | p. 61 |
| 4.1 Process Architectures | p. 62 |
| 4.2 Roles of Architecture in the Process Lifecycle | p. 63 |
| 4.3 Constituents of Process Architectures | p. 67 |
| 4.3.1 Annotations | p. 67 |
| 4.3.2 Architectural Structure | p. 68 |
| 4.3.3 Interface Communication Architectures | p. 68 |
| 4.3.4 Architecture Diagrams | p. 70 |
| 4.3.5 Behavior Specification | p. 72 |
| 4.3.6 Design Constraints | p. 74 |
| 4.4 Examples of Informal Annotations | p. 74 |
| 4.5 Dynamic Process Architectures | p. 78 |
| 4.5.1 Diagrams for Dynamic Architectures? | p. 81 |
| 4.6 Layered Architectures and Plug-and-Play | p. 81 |
| 4.6.1 Abstraction Principle | p. 83 |
| 4.7 Summary: Technology to Support Process Architecture | p. 84 |
| 5 Events, Timing, and Causality | p. 87 |
| 5.1 What Events Are | p. 88 |
| 5.2 How Events Are Created | p. 90 |
| 5.3 Time, Causality, and Aggregation | p. 94 |
| 5.3.1 The Cause-Time Axiom | p. 96 |
| 5.4 Genetic Parameters in Events | p. 96 |
| 5.4.1 Timestamps | p. 96 |
| 5.4.2 Causal Vectors | p. 97 |
| 5.5 Time | p. 97 |
| 5.6 Causality and Posets | p. 100 |
| 5.7 Causal Event Executions--Real-Time Posets | p. 102 |
| 5.8 Orderly Observation | p. 109 |
| 5.9 Observation and Uncertainty | p. 110 |
| 5.10 Summary | p. 111 |
| 6 Event Patterns, Rules, and Constraints | p. 113 |
| 6.1 Common Kinds of Pattern Searching | p. 113 |
| 6.2 Event Patterns | p. 114 |
| 6.3 A Strawman Pattern Language | p. 116 |
| 6.3.1 Pattern Matching | p. 117 |
| 6.3.2 Writing Patterns in STRAW-EPL | p. 117 |
| 6.4 Event Pattern Rules | p. 119 |
| 6.5 Constraints | p. 124 |
| 6.6 Summary | p. 126 |
| 7 Complex Events and Event Hierarchies | p. 127 |
| 7.1 Aggregation and Complex Events | p. 127 |
| 7.2 Creating Complex Events | p. 129 |
| 7.3 Event Abstraction Hierarchies | p. 131 |
| 7.3.1 Viewing a Fabrication Line | p. 132 |
| 7.4 Building Personalized Concept Abstraction Hierarchies | p. 133 |
| 7.4.1 Viewing Network Activity | p. 134 |
| 7.4.2 Viewing Stock-Trading Activity | p. 138 |
| 7.5 Summary | p. 141 |
| Part II Building Solutions with CEP | p. 143 |
| 8 The Rapide Pattern Language | p. 145 |
| 8.1 Event Pattern Languages--Basic Requirements | p. 146 |
| 8.2 Features of Rapide | p. 147 |
| 8.3 Types | p. 148 |
| 8.3.1 Predefined Types | p. 149 |
| 8.3.2 Structured Types | p. 150 |
| 8.3.3 Event Types | p. 151 |
| 8.3.4 Execution Types | p. 153 |
| 8.3.5 Subtyping of Executions | p. 155 |
| 8.4 Attributes of Events | p. 155 |
| 8.5 Basic Event Patterns | p. 157 |
| 8.6 Placeholders and Pattern Matching | p. 158 |
| 8.6.1 Matching Basic Event Patterns | p. 159 |
| 8.6.2 Placeholder Bindings | p. 159 |
| 8.6.3 Notation to Aid in Writing Patterns | p. 161 |
| 8.7 Relational Operators and Complex Patterns | p. 163 |
| 8.7.1 Relational Operators | p. 165 |
| 8.8 Guarded Patterns | p. 167 |
| 8.8.1 Content-Based Pattern Matching | p. 167 |
| 8.8.2 Context-Based Pattern Matching | p. 168 |
| 8.8.3 Temporal Operators | p. 169 |
| 8.9 Repetitive Patterns | p. 169 |
| 8.10 Pattern Macros | p. 172 |
| 8.11 Summary | p. 174 |
| 9 CEP Rules and Agents | p. 175 |
| 9.1 Overview | p. 176 |
| 9.2 Event Pattern Rules | p. 177 |
| 9.2.1 Definition of Event Pattern Rules | p. 178 |
| 9.2.2 Rule Bodies | p. 178 |
| 9.2.3 Context and Visibility Laws | p. 179 |
| 9.2.4 Semantics of Event Pattern Rules | p. 180 |
| 9.2.5 Examples of Rules | p. 182 |
| 9.3 Event Processing Agents | p. 184 |
| 9.3.1 Definition of EPAs | p. 184 |
| 9.3.2 Semantics of EPAs | p. 185 |
| 9.4 Event Pattern Filters | p. 187 |
| 9.4.1 Definition of Filters | p. 187 |
| 9.4.2 Semantics of Filters | p. 188 |
| 9.4.3 Action Name Filters | p. 190 |
| 9.4.4 Content Filters | p. 191 |
| 9.4.5 Context Filters | p. 191 |
| 9.5 Event Pattern Maps | p. 192 |
| 9.5.1 Definition of Maps | p. 193 |
| 9.5.2 Semantics of Maps | p. 193 |
| 9.6 Event Pattern Constraints | p. 195 |
| 9.6.1 Definition of Constraints | p. 195 |
| 9.6.2 Semantics of Constraints | p. 195 |
| 9.6.3 Examples of Constraints | p. 199 |
| 9.7 Other Classes of EPAs | p. 204 |
| 9.8 Summary | p. 205 |
| 10 Event Processing Networks | p. 207 |
| 10.1 Common Structures of EPNs | p. 208 |
| 10.1.1 Flexibility of Event Processing Networks | p. 211 |
| 10.2 Connecting Event Processing Agents | p. 212 |
| 10.2.1 Basic Connections | p. 212 |
| 10.2.2 Guarded Connections | p. 214 |
| 10.2.3 Multiple Basic Connections | p. 215 |
| 10.3 Dynamic Event Processing Networks | p. 216 |
| 10.3.1 Class Connections | p. 216 |
| 10.3.2 Creation and Termination Rules | p. 217 |
| 10.3.3 Connection Generators | p. 218 |
| 10.4 Architectures and Event Processing Networks | p. 221 |
| 10.4.1 Architecture Classes | p. 222 |
| 10.4.2 Semantics of Architecture Classes | p. 222 |
| 10.5 Examples of EPNs and Architectures | p. 224 |
| 10.6 Case Study: EPNs for Network Viewing | p. 230 |
| 10.6.1 Visual Tools for Constructing EPNs | p. 234 |
| 10.6.2 Security | p. 235 |
| 10.6.3 Scalability | p. 235 |
| 10.7 Summary | p. 235 |
| 11 Causal Models and Causal Maps | p. 239 |
| 11.1 Causality between Events, Revisited | p. 240 |
| 11.2 Why We Need Causal Models | p. 242 |
| 11.3 What Causal Models Are | p. 243 |
| 11.4 Defining a Causal Model and a Causal Map | p. 244 |
| 11.5 Using Pattern Pairs to Specify Causal Models | p. 246 |
| 11.5.1 Using Causal Rules | p. 247 |
| 11.5.2 Resolving Ambiguities | p. 248 |
| 11.6 Causal Maps | p. 250 |
| 11.6.1 A Small Example of a Causal Map | p. 252 |
| 11.6.2 A Second Example of a Causal Map | p. 253 |
| 11.7 Developing Accurate Causal Models | p. 258 |
| 11.8 Summary | p. 260 |
| 12 Case Study: Viewing Collaboration between Business Processes | p. 261 |
| 12.1 A Collaborative Business Agreement | p. 262 |
| 12.2 An Interface Communication Architecture | p. 264 |
| 12.3 Causal Model | p. 265 |
| 12.4 Causal Map | p. 265 |
| 12.5 Examples of Causal Rules | p. 267 |
| 12.6 Examples of Constraints | p. 269 |
| 12.7 Analysis of Examples of Posets | p. 269 |
| 12.8 Constraint Checking Becomes Part of the Collaboration | p. 274 |
| 13 Implementing Event Abstraction Hierarchies | p. 277 |
| 13.1 The Accessible Information Gap | p. 278 |
| 13.2 Event Abstraction Hierarchies, Revisited | p. 280 |
| 13.2.1 Induced Causality | p. 282 |
| 13.2.2 Abstraction Effect on Constraints | p. 282 |
| 13.2.3 Modifiability | p. 283 |
| 13.3 Bridging the Information Gaps | p. 285 |
| 13.4 Steps to Apply a Hierarchy to a Target System | p. 286 |
| 13.5 A Hierarchy for a Fabrication Process | p. 287 |
| 13.5.1 Personal Views | p. 288 |
| 13.5.2 Implementation | p. 290 |
| 13.5.3 Diagnostics | p. 290 |
| 14 Case Study: Viewing a Financial Trading System | p. 293 |
| 14.1 A Small Stock-Trading System | p. 294 |
| 14.2 The Information Gap for STS | p. 296 |
| 14.3 An Event Abstraction Hierarchy for STS | p. 298 |
| 14.4 Building the Event Abstraction Hierarchy | p. 299 |
| 14.4.1 Level 1 | p. 300 |
| 14.4.2 Level 2 | p. 301 |
| 14.4.3 Level 3 | p. 311 |
| 14.5 Implementing Hierarchical Viewing for STS | p. 316 |
| 14.6 Three Steps toward Human Control | p. 319 |
| 14.6.1 Drill-Down Diagnostics | p. 320 |
| 14.6.2 Detecting Constraint Violations | p. 324 |
| 14.6.3 The Abstraction Effect | p. 326 |
| 14.7 Summary | p. 327 |
| 15 Infrastructure for Complex Event Processing | p. 329 |
| 15.1 Examples of Forms of Observed Events | p. 330 |
| 15.2 Interfacing CEP Infrastructure to Target Systems | p. 335 |
| 15.3 CEP Adapters | p. 336 |
| 15.4 CEP Runtime Infrastructure | p. 339 |
| 15.5 Infrastructure Interfaces and Components | p. 340 |
| 15.5.1 Functionality of the Interface | p. 341 |
| 15.6 Off-the-Shelf Infrastructure | p. 343 |
| 15.7 Event Pattern Languages | p. 346 |
| 15.8 Complex Event Pattern Matchers | p. 348 |
| 15.8.1 Quest for Scalability | p. 348 |
| 15.8.2 The Naive View of Pattern Matchers | p. 348 |
| 15.8.3 What Pattern Matchers Really Do | p. 348 |
| 15.8.4 Design Structure | p. 349 |
| 15.9 Rules Management | p. 351 |
| 15.10 Analysis Tools | p. 353 |
| 15.11 Summary | p. 356 |
| Bibliography | p. 357 |
| Index | p. 359 |
