NMS Architecture: FCAPS or ITIL?

Terry Slattery
Principal Architect

I was recently asked if the network management architecture that I described in a series of posts follows an FCAPS model or an ITIL model. (See “A Network Management Architecture, Part N”: Part 1, Part 2, Part 3, Part 4.)


FCAPS stands for Fault, Configuration, Accounting, Performance, and Security. It has historically been the model that network management systems have used to identify what parts of network management they perform. However, as an implementation guide, it is lacking.

ITIL is the Information Technology Infrastructure Library. It describes methodologies for managing an IT system.

My architecture is functionally oriented and doesn’t really match either of the two models very well, though it seems to fit the ITIL model better. I structured the architecture as shown in the picture because each bubble matches the functionality provided by a single product. The FCAPS model, while conceptually clean, doesn’t match how products are used in the real world. What it does match are the outputs you’d like to see. For example, a security alert should be generated from any of several sources, such as an insecure configuration, an event that indicates a violation, network traffic flows (DoS attack), or an insecure topology. I can’t buy one tool that does all of this in one product. Even the big framework providers have to deliver multiple tools to provide the full breadth of security monitoring that is generally desired.

In the ITIL world, the focus is on operations and processes, which more closely matches the functions in the NMS architecture diagram. In practice, it is much easier to develop the specifications for a product to handle events or to do network performance monitoring or to do configuration management.

In the end, I find it easier to work with the NMS architecture shown above because tools in each category can be purchased (or often already exist in a network) and more easily integrate with each other.


Leave a Reply