2013 Trends - What Do You Think?

Wonder what is coming in 2013? What does Gartner have to say these days?

Below are the top 10 technology trends for 2013 per Gartner. To make this list all ten items have the following attributes: They will have a major impact on enterprises. The technology will drive significant change or disruption. Tipping points are occurring now or over the next couple years that makes the technology strategic or applicable to a wider market.

1) Mobile Device Battles - BYOD and BYOA increases. Cloud and mobility are mutually reinforcing trends. No platform, form factor, or technology dominates.

2) Mobile Applications and HTML5 - New expectations for usability, appearance, and behavior. The experience flows to where you are and working in context. Development challenges: new design skills, cloud/client architecture, complex apps may not work, native apps vs. HTML5.

3) Personal Cloud - replaces the PC, a collection of services and representation of your personal life. The cloud is where users center their digital lives, they are in control. Contextually aware and operationally obvious apps. So what about security? Worried? I am........

4) Internet of Things - Over 50 percent of Internet connections are things. Cameras, microphones, remote sensing of objects, wi-fi. Operational IT and traditional information technology are converging. Traditional supply chain transitions to Digital supply chain.

5) Hybrid IT and Cloud Computing - Strategic models for cloud service consumption. Adopt cloud techniques. Secure, manage and govern hybrid cloud and hybrid IT. Adopt new application design. Make externally facing services cloud services. Big outstanding question: Who will be responsible for delivery of cloud services? Architecture and Engineering is key. IT will be broker. Does that mean Business is the buyer?

6) Strategic Big Data - Hadoop and NoSQL gain momentum. Big data is a transformational architecture vs. isolated project. Centralized model replaced with distributed "logical" model. Homogenous RDBMS model replaced with heterogenous model.

7) Actionable Analytics - Cloud, packaged analytics, and big data accelerates in 2013-2014. Systems shift from computing and aggregation to reasoning, learning, and acting. Search and analytics become more intertwined. Convergence of analytic trends drives new values. Usage emphasizes decision management optimization.

8) Mainstream-In-Memory-Computing - Changes expectations, design, and architecture. Boost performance and efficiencies.

9) Integrated Eco-systems - Simplification, optimization, and security. Appliances become more popular due to integrated hardware, software, and services to address workload. No one appliance does it all. Marketplaces and brokerages. Facilitate purchases, consumption, and/or services or apps. Changes the landscape doesn't it?

10) Enterprise App Stores - Enterprise app stores are strategic for governing cloud and mobile use in a consumer driven world. Mainstream enterprise App Store with packaged and apps and portal options is key.

So what do you think? The 10 listed here by Gartner on track? Missing the mark? What are you seeing out there?



Keep it positive!



Scott Arnett
scott.arnett@charter.net
 

IT Religion vs. Hard Truths About Strategic Advantage

IT shops that choose their "religious" idols of technology and don't consider the full ramifications of their choices (costs!), will eventually pay another high price - their jobs. You always have to be looking to do more with less (budget).  Let's take Virtualization for example - MS Hyper-V vs VMware.

Hyper-V was the choice a few years ago because it did 80+% of what you needed it to do, but the anti-MS mindset helped to keep the VMware machine humming.  Now, the writing is on the the wall with Server 2012.  Do the math.  Don't be silly. If you are a manager and you are listening to your IT staff that got all their certifications in VMware and don't want to move to because "VMware rules!". You better start teaching your staff about being a bit more agnostic and doing what is right.  If not, your company will lose strategic advantage because others will do more with less, better than you.... Now that functionality/features/performance has parity, it is about cost.  Why pay to virtualize now, when it comes with Server 2012.

Keep it positive!

Scott Arnett
scott.arnett@charter.net

BCP Plans: Don't Forget The People

Fall is always a good time to review, refresh and update your Business Continuity Plan (BCP) - plus test this plan.  A plan isn't a plan if no one is aware, or knows what to do. 

Many of the BCP plans I review has one big flaw - we forgot the people.  If there is a major incident in your metro area, and your employee can not get to the office, the plan calls for remote access.  Good deal!  What happens if the incident impacts your employee directly, their first priority is their family safety and security.  Your BCP plan needs to take into account you may not have all your employees available to deal with your business continuity plan. 

This brings a few things into account, one is that if you have multiple locations, staff need a copy of your plan so they can help you from remote.  You also need good documentation on how your systems, infrastructure and facility operate so remote employees or contract employees can keep your business in operation.  One of the biggest mistakes is to forget that your employees maybe impacted by the same situation that has impacted your business. 

Therefore, your test needs to include bringing some contract employees in and see if they understand your plan, can follow it and get your systems, infrastructure, and business process back into operations.  A complete Business Continuity Plan is People, Process and Technology. 

One more reminder, keep some copies of your plan off site and easy access to your staff - the plan needs to include emergency contact information for employees, vendors, partners, and contract staff. 

Keep it positive!

Scott Arnett
scott.arnett@charter.net

WAN Design: Building a Resilient WAN for BCP

Time to refresh your Business Continuity Plan, and while you are doing that, let's make sure your network can support your plan.  Perhaps it is time to rollout out a WAN upgrade project - let's not forget to include our BCP plans into the new WAN design.

Wide area networks (WANs) provide connectivity to local area and other networks over long distances. Users, Data Centers and corporate assets alike are dependant these days on the WAN.


WANs have a multi-faceted role in an organization: They can support voice and data communications and Internet connectivity, provide connectivity for company email and virtual private networks (VPNs), and link to other organizations doing business with the company.

In a disaster situation, WANs become essential tools for an organization to communicate internally among its employees and externally with stakeholders and other third parties. Loss of a WAN infrastructure, without suitable backup and recovery capabilities, can seriously disrupt business operations, and a financial impact.

WAN technologies have evolved dramatically from the days of fixed point-to-point circuits. Depending on the applications being transported, a variety of network protocols may be supported by a WAN, such as MPLS (multi-protocol label switching), SIP (session initiation protocol), SONET (synchronous optical network), Ethernet (e.g., 10 GbE) and, of course, the TCP-IP standard. Transport is typically over fiber-optic networks coupled with high-capacity copper- and fiber-based local access facilities.

When building or managing WANs, a primary activity is to keep them running with minimal disruptions. A principal WAN design goal, therefore, is resilience, which ensures that any potential disruptions are found and resolved quickly and efficiently.  Depending on the size of the organization and the network, a Network Operations Center is usually essential for real time monitor and support of the WAN.

When developing WAN resilience plans, your most important ongoing activity is to work with your carriers to take full advantage of their recovery and restoration capabilities. In addition to getting details on their service recovery and restoration offerings, find out how they approach service-level agreements (SLAs) that specifically address how they will respond during a service disruption. Make sure that their time frames align with your business requirements. For instance, if you have a four-hour recovery time objective (RTO) for a specific system that needs Internet access, be sure that your carrier can restore access within your RTO. I also like having more than 1 carrier in your network - some of the best WAN designs have a primary carrier and a secondary carrier.  Your business has critical applications or transactions on the WAN -you can't afford a significant disruption.

To build resilient WANs, access to real-time information about network performance is essential for spotting potential disruptions. That information must be end-to-end, and not limited to network segments. To obtain visibility across WANs, your network management system must be able to “see” all network segments and how well they are performing. Ideally, you should have an automated tool that can be programmed to analyze cross-WAN performance data. Use that data to compare current network performance against specific metrics and/or SLAs. The tool should also be able to flag situations that indicate impending problems. I would also like that tool to integrate to your incident ticketing system and open a priority one incident ticket for immediate notification and response. 

The most resilient network topology is a mesh network, in which all network end points connect to each other. This, of course, is also the most expensive configuration, so you may wish to use network design software (work with your service provider on this) to define a configuration that balances cost-effectiveness and resilience. Ensure that channels with the highest traffic volumes have alternate routes available, from different carriers if possible, that can be rapidly activated to maintain performance levels. If your WAN uses undersea cables and/or satellite channels, be sure to consider alternate cable and satellite systems for diversity and resilience. This design is also key in your VoIP corporate solutions for call routing from point to point.  No need to bring all that voice traffic back to the data center.

At your data centers and offices, install redundant network connection devices, such as routers and switches, and also have an inventory of spares that can be brought into service quickly if a device fails. Be sure to rotate spare devices into production networks to ensure they perform properly. I would also recommend having a process or procedure for keeping your spare hardware updated and current on firmware or IOS.

Ensure that your WAN’s primary commercial power supplies have backup power (e.g., uninterrupted power systems) so they will remain operational in the aftermath of a commercial power outage or lightning strike. I would also say locate network infrastructure equipment in secure, HVAC-equipped rooms that are accessible to a limited number of employees and vendors.

Establish network disaster recovery (DR) plans that provide step-by-step activities to diagnose problems, establish bypass and recovery arrangements, recover failed network components and return WAN operations to normal. Periodically test these plans to ensure they are appropriate for your WAN as configured, the procedures work and are in the correct sequence, and that your service providers are in synch with your network resilience requirements.  One more thing, don't forget staff training and skill development to be able to quickly troubleshoot and repair WAN issues.

Summary

Resilient wide area networks can be achieved through a combination of partnering with service providers, intelligent network design, proactive network management, a disaster recovery program combining plans and regular testing, and an operational philosophy that blends performance with resilience and survivability. In addition, test your plan on a regular basis - make sure your design works, but that staff know and understand the design, and have the skills to respond.

Keep it positive!

Scott Arnett
scott.arnett@charter.net

End User Experience

This application is so slow, I can't even use it..... ever hear that?  What is the end user experience?  Do you find that the only time you know there is a problem is by users calling the service desk? 

It is even more complex today than it was just a few years ago.  Cloud computing, mobility, virtualized infrastructure and outsourced vendors provide companies with the flexibility to compete effectively, but they also represent a huge increase in IT complexity.  Customers expect companies to be 'open for business' anytime, anywhere and on any device of their choosing, and they expect the experience to be simple, engaging and fast.  Sound familiar, same expectations of your employees. 

One of the challenges in many organizations is that performance is managed in silos.  There is no end-to-end performance management, and that is a problem.  The business has to ensure consistent, reliable performance of systems across multiple external networks, platforms, and companies.  The business has to address things like performance issues with technology suppliers in the cloud, disconnects between groups that monitor, diagnose, and verify problems.  The list goes on, but bottom line for both customer and employee, you need a clear view of end-to-end user experience. 

To me, when capacity, availability, response and the scalability of technology are aligned with your business performance needs, your processes and people are efficient, your customers receive frustration-free access to your products and services, and you are empowered with reliable information and comprehensive visibility.  It is that visibility to internal and external systems that operations needs to have. 

It is not just application monitoring, or hardware monitoring - it is all of it, end-to-end performance monitoring.  Performance Service Management for operations that provides that deep visibility into systems, application, and devices and integration into your ITSM tool set.  When performance is no longer within acceptance, would it not be nice for an automated ticket into incident management be created and staff be alerted to a problem before the user calls.  To me, that is taking your operational commitment to excellence up a notch. 

Bridge the silos, start taking an enterprise view of Performance Management, and give your customers and users a positive experience. 

Keep it positive!

Scott Arnett
scott.arnett@charter.net

Take This Picture.....

Look – I have a smartphone camera.......


You have heard in the news how many times a great technology has been misused. From a technology perspective, there isn’t a great way to make the consumer of the technology blessed with class. Just because it can do it, should we use it?

I got into a great discussion on the abuse of technology by consumers, and how that abuse carriers over into the enterprise – why, because these consumer gadgets are coming into the enterprise. Big shock – right? You worried about pictures, video or audio recordings in high level confidential meetings? Companies are starting to make sure to make the statement at the begin of these meetings to turn them off, and 1 company I know even makes you leave them in your office. 

Why is it that we think it is funny to take pictures or video with a new found friend, my iPhone, of unsuspecting individuals. The average person in this conversation thought it was ok in a bar, or the zoo to take whatever pictures or videos of whoever they want, when they want. You are in public, you are game to their childish antics. Really?

So is the camera in these technology devices really necessary? Do the benefits come up short with all the invasion of privacy, risks, and abuse? Look at the age of most users of the iPhone these days, and that helps answer some of the questions.

Everyone is now the paparazzi and looking for the picture I can put out on facebook or maybe sell. Why is it no one can just mind their own business and just worry about what they are doing. Perhaps all this reality TV and nonsense shows these days plays into this bad behavior. I am not Dr. Phil, but I for one would like to see the behavior change, not that I have been the victim of this, but sick of seeing it on TV and on the news. It changes people’s lives, breaks up marriages, and can jeopardize the work place.

Just because the technology can do it, does it mean we need to do it? What about some class people? What about some grown up behaviors? Don’t always worry about one ’s self but think of others for once. The picture you think is funny or cool, really isn’t. Plus, do you really need to share it?

This is a classic example how great technology in the hands of immature and classes individuals can really give it a bad name. Maybe our consumer technology purchase agreements should come with a quiz on the mentality of the purchasing individual. Maybe we need a technology to help some folks get some class. A simple little camera on a handheld device has such a big impact.

Put your camera away, and think next time you desire to get it out.


Scott Arnett
scott.arnett@charter.net

From The Lab.............

The past week I have been playing with beta Exchange 2013.  I know many enterprises will be asking is it worth the upgrade, and to me there are a few key items that would make me move to 2013. 

My top 2 reason items are: 

The new Exchange Online Protection is high on the list of enhancements Microsoft has provided. This cloud-based service provides malware and spam detection and protection. It also offers back-up email queueing for on-premises servers and usage analytics data, such as reporting, auditing and message tracing. Exchange Online Protection, which is an upgrade to Forefront Online Protection for Exchange, also features inbound message blocking, content filtering and transport rules. In my usage in the lab, seems to work very well. 

The new Exchange also comes with a data loss prevention (DLP) capability that automates the detection, monitoring and protection of sensitive content and data on email based on pre-established policies, rules and exceptions. The DLP functionality can trigger a variety of actions, including stopping an outbound message or placing it in a moderation queue. It can also inform end users about potential violations of company policies regarding the type of data and content they're allowed to send via email, to promote awareness among employees. I found this feature/function not only work very well, but fills a significant gap in many organizations.  I am impressed with this new feature.

The other feature is around the new mobile client that comes with 2013.  We all know that the iPhone and other smartphone devices are used for email more and more everyday.  This client works very well, and offers some native feature/function of the device. 

The other one worth mentioning is around archiving.  Microsoft highlight of Exchange 2013's architecture, which allows administrators to keep current and archived messages in the same mailbox infrastructure, as opposed to keeping them in separate repositories. With this "in-place archiving" technology, archived messages are more easily and quickly available to end users, and email management is simplified for administrators, who can address compliance and retention from a single repository, according to Microsoft.  I found this feature clunky.  In addition, am looking for the overall value to the enterprise. 

Email archiving to me can not be a stand alone solution, but part of an overall enterprise information archive solution.  Provide a search portal that allows you to find archived information, regardless if it is email, document, fax, or data.  To me, this feature is efforts missed placed, and a feature around meta data tags to be used in an enterprise wide archive solution, part of Data Lifecycle Management of the company is better.

Overall, I am impressed with Exchange 2013.  I like the enhanced security, the hybrid of online vs premise and continued interactions with SharePoint, Lync and other productivity tools. 

Keep it positive!

Scott Arnett
scott.arnett@charter.net

Election Vote - Time For Change?

Ready for the big election this November?  Everyone needs to vote this year!  Not to get into the politics, my discussion is around the technology to vote.  With where we are today, online banking, shopping online, and the list goes on, why can't we vote online?  Do we really still need to go to a community location and vote with paper and marker? 

What would the voter turn out be if we could go to a government website, enter our credentials and cast our vote?  There would need to be significant security and checks, but it can be done.  We could also limit foreign IP address(s) and prevent site attacks.  Would the benefits out weigh the risks?  Interesting concept and worth having some discussion.

Let's take it a step farther - do we still need representation in Washington DC to vote on laws, or congressional issues?  Could we all vote on proposed laws on this same government website?  Would that give us the representation we want?  I want more of a say in the laws of this country - how about you?

Technology has been expanding and updating for elections in the broadcast media companies, but nothing in the actual voting process itself.  Why is that?  Government to slow?  To big?  To much money?  How about they partner with a technology leader to make this happen?  Really makes you think doesn't it.

This topic really would benefit from the individual owned Identity we discussed in this blog not to long ago.  If I owned my own digital identity and used it for banking, and voting, I am in control.  I am going to keep pushing for this opportunity.

Keep it positive!

Scott Arnett
scott.arnett@charer.net

Data Center Certification

I am getting ready to take my exam to become a Certified Data Center Design Professional.  The exam is focused on Data Center Management, Energy, Technical, Project, Practitioner. 

It has been an interesting online educational journey, plus taking my years of experience, putting them together and finally get my certification. 

What has been the most interesting to me is the transformation over the years.  Where are data centers really going, will Corporate data centers become a thing of the past?  Probably not, smaller scale, more virtual, and focused on core applicaitons, but not going away.  They will become more hybrid in nature giving SaaS, PaaS and bursting to the cloud a bigger role in the organization. 

What has been disappointing in the course as well as really life is the lack of focus on business continuity.  How many data centers really don't have a solid and tested disaster recovery plan?  A disaster recovery plan is a recovery plan, but what about the business continuity?  How will the business function while the data center is offline?  There needs to a plan in place to manage the risk of the data center, key application or data being unavailable. 

I am excited to take this journey and the exam. 

Keep it positive!

Scott Arnett
scott.arnett@charter.net

When IT Fails.....

There is a great book coming out in January that you should plan to purchase.  From the trio authors that brought you Visible OPS book, they are coming out with another great masterpiece all IT professionals should read.  When IT Fails: A Business Novel. 

Here is a great link:  http://h30458.www3.hp.com/us/us/ezine/ops-leaders/sep/a-novel-approach-to-it-excellence.html

Having worked with George Spafford for many years, and sharing stories, experiences and vision, this has a personal touch.  Kevin, Gene and George are not just an author, analyst or research professional, they have real world experiences.  This book brings forth some real wisdom brought about real world IT, sleeves up, in the trenches, making it happen.  I have a great deal of respect for the trio of professionals. 

A perfect time for the book to come out, because traditional IT silos are not working anymore in  a services oriented IT operation.  I think they really drive home much of what I have been talking about in this blog, and that is business partnership. 

I love the novell approach to the book, and walking through scenarios and taking experiences and interactions with IT Leaders through many steps.  Check out the link above, it is a great write up about the book. 

Why do I bring this up?  Not only do I refer and reference their other books. blogs, and information, but I take my hat off to them for a job well done.  After they do their day job, they find time to work together and collaborate on information share that IT professionals can relate to and learn from. 

A honor to know these folks. 

Keep it positive!

Scott Arnett
scott.arnett@charter.net

9/11 Prayer of Remembrance

Almighty God, the past acts of 9/11 will be indelibly inscribed in our memories.
We looked with horror on the terrorist attacks of September 11th.
But we looked with honor on acts of courage by ordinary people
who sacrificed themselves to prevent further death and destruction.

We shed our tears in a common bond of grief for those we loved and lost.
We journeyed through a dark valley, but your light has led us to a place of hope.
You have turned our grief into determination.
We are resolved to do what is good, and right, and just.

Help us to remember what it means to be Americans—
a people endowed with abundant blessings.
Help us to cherish the freedoms we enjoy and inspire us to stand
with courage, united as one Nation in the midst of any adversity.

Lord, hear this prayer for our Nation. Amen.

Author:  A Navy Chaplain

I fly my flag today to remember those we lost, honor those who fought, and stand strong as an American.  May we never forget, and continue to fight evil.

Scott Arnett
scott.arnett@charter.net

Problem Management

Talk IT - and everyone knows of the Service Desk or Help Desk (Incident Management), but very little focus is on Problem Management.  Why is that? 

Problem Management: I say that  you diagnose root causes of incidents reported by the service desk; then, you arrange changes in the IT infrastructure to prevent their recurrence. Make sense?

 

Problem Management includes the activities required to diagnose the root cause of Incident Management and to determine the resolution to those problems. It is also responsible for ensuring that the resolution is implemented through the appropriate control procedures, especially Change Management and Release Management.  This means it is more than just documenting the root cause, but requires action items.

Problem Management will also maintain information about problems and the appropriate workarounds and resolutions, so that the organization is able to reduce the number and impact of Incident Management over time. In this respect, Problem Management has a strong interface with Knowledge Management, and tools such as the Known Error Database will be used for both. Although Incident Management and Problem Management are separate processes, they are closely related and will typically use the same tools, and may use similar categorization, impact and priority coding systems. This will ensure effective communication when dealing with related incidents and problems.

As a IT Leader, I wanted to make sure that we found the root cause of an impact incident, tell me what the technology, process, people issues are.  Root cause analysis is not just process, but it also points out technology failure, architecture design issues, and process break down.  The problem management analysis has to take all these into account when reporting out the root cause.    One more thing - have a dedicated staff person responsbile for Problem Management.

A couple of frustrating aspects of problem management - paralysis by analysis and spending hours on deep dive into a what I would call above the bar issues.  I always remind folks that some problems or root cause don't need to take a significant effort - at times you can spend to much time, and you loose the value of the process.  Be careful - keep it in perspective.

Ask the why, and ask the why did it happened again, and go till you get to a reasonable view of the process, people, technology.  Fix that which you can and move on. 

There is some great training out there from the ITIL vendors on problem management.  Online courses - a good option.

Keep it positive!

Scott Arnett
scott.arnett@charter.net

Internal Customer Debate

I always enjoy a good discussion about IT organizational design, success, failure and "best practice".  I joined a conference call the other day, and the discussion was around everyone in the company is a customer of IT.  I thought to myself - really? 

Looking to fail? Make sure everyone in IT tells everyone outside of IT, “You’re my customer. My job is to exceed your expectations” (or, worse, “make you happy”).  Does that take away focus from top business capability?

Employees outside of IT are not IT’s customers. They’re IT’s colleagues, with whom IT collaborates as equals if anything good is going to happen for the company as a whole.  This really sets the stage for establishing business capability, IT enabling capability and working together to deliver that which really matters. 

Legitimizing the idea of internal customers puts IT in a subservient position, where everyone in IT has to make their colleagues happy, whether doing so makes sense for the business or not, let alone whether it encourages the company’s actual customers to buy more products and services.  Do you think this approach does not put IT at the table with business? 

I brought this discussion up at one of the CIO round table events I attend on a regular basis.  There was great discussion around both sides of this debate.  Not having that customer service focus is not "ITIL", said one CIO.  We are working to becoming a service based organization.  I think you can have a service based approach to the business.  Maintain the focus on what makes sense for the business - and on business capabilites. 

One of the biggest comments I heard on the round table call was a CIO saying that it is essential for IT to be part of the business success, and to do that you need engagement, collaboration, and deliver as promised.

What do you think?  I would love to hear from you.

Keep it positive!

Scott Arnett
scott.arnett@charter.net

SAS70 or SSAE 16 Type II

How many times have you asked your service provider to give you a copy of their latest SAS70 Type II audit?  We wouldn't be doing our job if we didn't look for a clean SAS70 audit report. 

As we become more global, and work with international service providers, perhaps we need to stop asking for the SAS70 and start asking for a copy of the SSAE 16 (SOC 1) audit report.  You familiar with this report?  This became effective as of June 15, 2011. 

Here is a great website to take a look at and study.  http://www.ssae-16.com/ssae-16-type-ii/ .  Really pay attention to who needs this report.  Data center and co-location customers - pay attention, this report is essential for you to get from your provider. 

There are 3 types for the SOC Report: 
     SOC 1 Report -  The SOC 1 Report is a report on controls at a service organization relevant to user entities' internal control over financial reporting.

    SOC 2 Report - The SOC 2 Report is a report on controls at a service organization relevant to non-financial controls.

    SOC 3 Report - Similiar to a SOC 2 Report, a SOC 3 Report is a report on controls at a service organization relevant to non-financial controls.

SSAE 16 is an improvement to the current standard for Reporting on Controls at a Service Organization, the SAS70, with some changes that will help bring your service provider company and the rest of the provider companies in the US up to date with new international service organization reporting standards, ISAE 3402.  What I like is the improved clarity and risk assertion, and documentation. 

One recommendation, it can be overwhelming.  Make sure if you are undertaking doing these type of audits as a service provider, that you have a real business case to do it.  Are your customers demanding it?  Do you have public companies that require it?  It takes a long time, great effort, and expense to complete these type of reports. 

So as a customer, asking for these types of reports from my service provider, should I pay to receive this audit report?  Would that help offset the cost(s) or is it the cost of doing business? 

I know as a CIO, responsible for my company data, applications, and services being provided by a 3rd party - I would demand seeing a clean report. 

Take the time to read up on the SSAE 16 reports.  I think you will be pleased with the reports. 

Keep it positive!

Scott Arnett
scott.arnett@charter.net

VMWare - New CEO

VMware CEO Paul Maritz steps down and leaves behind a solid vision of IT Transformation.

I had the opportunity to meet Paul a few years back.  What impressed me most was his ability to relate to me as a customer, IT leader and share his vision of technology.  During our discussion it was not a sales pitch on VMware products, but focused on the technology, trends and reaching vitualization.

Mr. Martiz long held a vision of cloud computing and that virtualization was just a part of that overall vision.  The vision of transformation of IT to automation, agility and efficiency.  I appreciated his view that this transformation is both infrastructure and application. 

Pat Gelsinger has some big shoes to fill.  While it is true that he has some family history from his days at EMC, does he share the same vision is the question.  Time will tell, but from my experience with both these gentleman, Pat does not have the passion or fire for the technology or drive. 

The next few years will be key to their success has Cloud and virtualized technology continues to mature. In an ideal world, no longer do we need to order some specialized hardware, then hire a consultant to install it and program the device in its specialized language.  Instead, we'll simply define an application and all of the resources that it needs, including all of its compute, storage, networking and security needs, then group all of those things together to create a logical application. There's work ahead, but I see the Software-Defined Data Center as enabling this dramatic simplification. I am ready for the transformation!

That leads to the next topic we should discuss soon, and that is to the continued proliferation of client devices coming into the enterprise.  The borders and structure of the company IT shops are quickly changing.  Paul understood that and was instrumental in pushing technology to deliver on that vision. 

I wish him well, and much success.  My hat off to him for a job well done at VMware.

Keep it positive!

Scott Arnett
scott.arnett@charter.net

Smart Phone Payments - Ready?

Remember when credit cards first came out, boy everyone was excited and some even went crazy with them.  Now, are we on the edge of another significant change in how we make purchases?  Moving even farther away from good old cash, the mobile payment era is here and picking up speed. 

Are we ready for this though?  Consumers ready?  Companies ready?  How about security around this?  Online security, transaction security - how about if I leave my smartphone on the table at Starbucks?  Many good questions, but are we ignoring the risks?  This mobile payment process is moving forward....

The biggest move ahead could occur in September, when Apple is widely expected to embrace a mobile payment scheme with its next-generation iPhone.

Google Wallet, meanwhile, is nearly a year old. And the Isis consortium of three U.S. carriers could officially launch its first mobile payment network in Austin and Salt Lake City any day now. So with all this effort, where are the details around the security of these services?

 

Starbucks, Dunkin Donuts and others are taking image shots of your smartphone screen - much like a debit card transaction.  Is that better? 

 

Various other mobile payment approaches have recently emerged, including the Merchant Customer Exchange, a mobile payments network announced Aug. 15 that will rely on smartphones and some unnamed technology. The founders include retail heavyweights Best Buy, Walmart, Target and 7-Eleven.

With so many new mobile payment systems surfacing, analysts say they could pose too many choices and will only confuse the buying public. Since the U.S. already has a number of credit card options, including Visa, MasterCard, American Express and Discover, some users won't be motivated to try another payment option linked to a smartphone.

I go back to how secure is this service.  You have a physical device prone to being lost, forgotten or stolen.  You have transactions taken place on an unsecure device to an unknow service provider?  I think we need more information around the security of this payment option.  I would like to see some standards established, some vulnerability assessments, and safeguards put in place.  I know I won't be signing up anytime soon. 

To answer the first question - are we ready?  Consumers in certain age groups and demographics are perhaps, but I don't think the sevice providers are ready, nor the security posture of such a service.

Keep it positive!

Scott Arnett
scott.arnett@charter.net

Cloud Computing Myths

Hello IT Professionals.  I have been getting a great deal of email to get this blog back to daily activity.  I will do my best to post more frequently.  I enjoy the emails though, and the humor in them.  Always welcome. 

I did want to take a few moments to talk about Cloud Computing Myths - as I see so much activity around cloud, there are some pot holes along the way.  Here are a few of the big myths you need to be aware of:

Myth one: the public cloud is the most inexpensive way to procure IT services!

I hate to burst anyone's bubble on this one, but if you are going to the cloud only to cut costs, you will be disappointed.  A characteristic of the public cloud is a relatively inexpensive “pay-as-you-use” model. For example, the starting price for standard on-demand instances with the Amazon EC2 Web service is less than a dime per hour based on system size, operating system, and locale. It’s easy to see why people think all delivery from the public cloud is cheaper than that delivered by internal IT.

However, if you look under the covers, the picture changes.  In fact, for resources that are needed constantly, enterprises can actually reduce costs by leveraging other cloud models, such as shared services delivered by a private cloud. How about a hybrid model to meet peak demands, yet offer more cost-efficient solutions. 

My recomendation to fellow CIOs has always  been to sit down with Architecture the Strategy team - and build a plan. At the core of cloud computing - is having a strategy.  Whether you're using a public cloud service, building a private cloud, or taking a hybrid cloud approach - the need to have your specific requirements incorporated into a well-developed cloud strategy.  It's no a simple exercise, as the cloud roadmap must address all aspects of your performance, security, control, and availability requirements.  But wait, we are missing a key element to all of this - and many of us do it.  The business needs what?  What business capability do we need to support?  How will our cloud strategy support the business?  What new capability can we deliver to the business with a cloud solution?

Let's make sure we are looking at new technology that will deliver value to the business, and not follow a trend. 

Next, I will talk on Cloud Myth #2 - Critical Applications can't be in the cloud.  Come back again to read on that myth. 

Keep it positive!

Scott Arnett

scott.arnett@charter.net

 

Keeping it Simple

I had a great technology brunch on Sunday, and as usual, we got into some great discussion.  The discussion was around our tangled mess of technology in most IT shops, and does it help or hurt the business. 

The complexity in most IT shops to me is physical environment, hardware, software and applications, not to forget data.  True that organizations don't set out to build complex or confusing - but it sure happens.  Many times at the hands of the business itself. 

Mergers and aquisitions add to the layer of complexity, we don't always bring new organizations into the fold without their systems or applications.  This baggage takes money and time to maintain - therefore complexity takes away agility. 

So the question around the table was how do we bring simplicity back to the forefront we do.  Given the enviornment of today, with less staff, less money, less time and more demands.  There are many things taking our staff time - one of them is complexity.  Adding to this frustration is the lack of documentation, standard operation procedures and project management. 

There was general consensus of the CIOs needing to be at the table with Senior Management to establish some realistic expecations, deliverables and business priority.  There are some standard IT operational expectations around the physical plant, documentation, knowledge base and hardware - that is doing IT right. 

The big discussion was around application catalog management.  Maintain your application catalog - meaning, a strict process for new applications to be introduced into the environment, a strict retirement process and documentation around all these applications.  Business priority agreed upon for each application, disaster recovery plan for each application, identified application owners and support identified, plus communicated.  Control the application wish list and "have to have" and get management agreement that the new application brings value, and business competitive advantage. 

The other topic brought up was new technology - do we need all the latest greatest technology?  Does it have a strategic advantage to us?  Don't go add complexity to the infrastructure for the sake of new technology or cool technology.  Ensure it brings true value and benefit.

Make simplicity a strategic initative in your IT organization.  Assign taskes to each manager to drive this initiative throughout the IT organization and embedded into daily operations. 

Keep it positive!

Scott Arnett
scott.arnett@charter.net

Remote Desktop Support - Great Tools

How great it is these days to support the users remote, and with the tools we have today - much more successful.  Desktop support can shadow users and see their desktop, see the errors, help troubleshoot.  Cool technology. 

The email I got last week was asking more around the policy regarding remote desktop support.  Directly around this shadow technology.  The question was around desktop support should or should not announce to the user when they are going to shadow a user.  Regardless if it is Citrix or the desktop, should there be a dialogue box at all times asking the user to accept the shadow session. 

I have gotten this question a few times, and with different angles, but it does come down to appropriate use of this technology.  It is not a clear line between "monitoring" and "support" so we have to make the line very clear. 

If you as an organization is going to radomly monitor users, you must have a policy that clearly sets the expectaion around monitoring internet usage, desktop usage, and that it may include real time shadow capabilities.  This is a slippery slop in my opinion and really builds distrust.  Reviewing logs to see web usage is one things, silent shadow of desktops is another.  

I would like to see a dialogue box come up to announce that support is looking at the desktop and give the user the ability to accept or deny the session.  I think that is the appropriate use of the technology for support of the user.  It builds professionalism, trust, and a positive experience. 

So, I would make sure your policy for support staff clearly states the expectation, but make sure the technology is configured to enforce your policy.  I would also communicate to your users the expectation and professional approach you are going to take as a IT team to support them.  I have some real issues when IT staff start to extend their professional boundry (like reading emails, unannounced shadow sessions, history files, etc) - just because you can do it does not mean you should do it.  Professionalism needs to be in IT at all times, and respect of others.  You are data stewards, you don't own the data, nor the systems.  The business is the owner. 

Keep it positive!

Scott Arnett
scott.arnett@charter.net

Personal Devices - Really?

I find it interesting how all the hype around IT consumerization, or BYOD (bring your own device) continues on.  What is most interesting is no one addresses the support and ownership of the device. 

If Sally wants to bring her iPad into work to use for a PowerPoint presentation, and she can not get it to connect to the network, finds it difficult to put the family photo folders aside, is that IT's problem?  Sally owns the device, wants to use the device for work - should she not support the device and have the knowledge to troubleshoot the device?  If she can't get her personal device to work, should she go to Best Buy or Fred's computer service and pay for it?  How far should IT have to go?  Should the company provide free IT support for non-company owned devices?

Many IT shops are not prepared for the bring you own device challenges, and they are not handling it well.  Management is buying or listening to some of the nuts out there that say we have to do this.  Really?  Since when do you have to do it?  Should the employee come to work with the expectation that the company will support or fix their personal devices?  I don't think so.  You own it, you want to use it, you support it.  If you don't have the knowledge or the desire to learn, then you find a resource to pay to do the support.  If you can't afford it, and don't learn the support - then use the company provided devices.  

Keep in mind, you need to address the software license issues with your personal device.  If you load software on your personal device, you better own it.  More so, if you are using it for work, and it is not a legal copy, you put the company at risk as much as yourself.  Your device, your responsibility. 

One more thing, backup of the personal device is your responsibility.  Get a cloud based backup service for your devices, and backup regularly.  It is not the IT teams responsibility to do your backups and data protection. 

So, are you really ready to bring your own device to work?  You really understand wireless?  Troubleshoot applications?  Take some computer classes, and learn more about the device you want to bring to work.  This is one area the IT shops can step up, and offer some lunch 'n' learns and night classes on basic computer troubleshooting and configuration.  Employees need to have the expectations clearly set up front, in writing and have them sign on the support, security and confidentiality agreement of a BYOD program.

Not all consumer based computer devices are fit for work.  They are not intended for work or the enterprise. 

Keep it positive!

Scott Arnett
scott.arnett@charter.net

Identity - Who are you?

Identity, Identity Management, Username - what about all this identity topics these days.  You have an identity login for work, personal, and some public.  Hard to remember all these logins and passwords I know, and we need to keep focus on security these days. 

Have you read some of the discussion around owning your own identity.  Your personal identity is federated to your work systems, your personal banking, how you vote and the list goes on.  Would that be a bad thing?  Think of it as a digital identity you now own, this is me and I have authorization to be in your system.  Sounds cool to me, as I can own, and manage my digital identity and what systems I interact with, either on desktop or mobile. 

So who would broker these digital identities? Should it be a private company?  Government?  Should it be a cloud provider?  This is the challenge, as you will need specifications, guidelines and rules on how  these digital identities are used, read, and secure.  Would it make sense to tag this to a driver license process?  If I am going to vote with this identity, perhaps use it for online government sites, like DNR, IRS, etc - then we need a government agency interaction to this effort. 

I am all in favor of a personal digital identity.  My concern would be around the issuing body, governance body and how we deal with security events around these.  I think this can be accomplished and the benefits would out weigh the concerns, but we need to have all the process(s) in place up front. 

The training effort around this would also be enormous.  We would need to make is simple and self service for as much as possible.  Perhaps a government agency using ServiceNow to manage the personal digital identities.  How about that?  Now that would be a good investment.

This topic will continue to grow in the months / years ahead.  Better to be engaged up front and help steer the direction, then to change something on the back end. 

Keep it positive!

Scott Arnett
scott.arnett@charter.net

DR Test - What Test?

I got your emails, and some new jokes from the readers of this blog.  Thank you.  The emails asked if I would give some high level recommendations on the DR test.  How would you go about setting up a real test of your environment and yet keep the business running.  So, at a high level, let me see if I can answer your questions.

First of all you are not going to be able to do your test during the week, this is a Saturday activity for most of you.  So schedule your DR test out far enough to give your team advance notice and you time to plan.  Next, get the big conference room scheduled (war room) for the day, have plenty of coffee, soda and some food, it can be a long day.  Other tools to have on hand is a working phone in the data center to be up and on speaker phone with the war room, and some application testers lined up.  Have a few work from home to test remote access, web applications, etc. 

I always recommend if this is your first test, start small - fail one application.  Don't make this so big your first time that it becomes unmanageable and confusion.  You will learn a great deal about your process, environment and plan with just 1 to start with.  If this is not your first time and you are ready to call a Disaster on your data center, then here are some suggestions:

• Communicate, communicate and communicate.  Send out emails to all your staff, both IT and non-IT.  Put up posters, put a notice on the intranet page, have some staff working the service desk.  No matter how much you communicate, someone will still call the service desk their email is down or they can't get to their presentation to work on it.  Make sure everyone is aware that you are doing a DR test on Saturday and systems will be unavailable.  I would also put it upon each department manager to communicate in their staff meetings this same message. 
• Ensure Friday night all your backups are complete, and verified.  You may need to start your backups early to ensure they complete on time.  When you start moving things around, things happen. 
• Make sure your Saturday team has a updated DR plan prior to Saturday.  I like to send them out a week in advance telling them all to ready and prepare. 
• Have a plan for the test - document it, how will this be done, who is doing what, when, and how will they document their portion of the test.  What worked, what did not work, and lessons learned.  What can we do different next time.
• Fail the primary data center.  Now let me give a few words of caution because there have been organizations that turned everything off, etc.  What you are doing is testing users can get to the systems, data, applications in your backup environment.  Some of this legacy hardware when you turn it down, that has been running for years, may not come back up.  Be careful.  There was a question, can we incorporate a generator load test during this - sure.  If your DR test is a loss of utility power - yes.  To stop user access to data center A - take away the network.
• Now that you failed over to your backup site or systems, make sure from a hardware perspective you can see everything. 
• Bring up the applications and have the test users ready to start using the applications.
• Don't forget to test print, EDI, and those other important transactions. 
• Document your test as you go along.  Detail out what needs improvement, clarity, or re-write.
• If your test failed - don't take it personal.  If you gained insight, lessons learned, you hit a home run.  Take all those notes and start fixing the issues one at a time.  Better to find that it does not work now than in a real crisis. 

Have a post test gathering at the end of the day.  Keep it positive, what we learned, what are next steps, and thank everyone.  I usually have thank you cards made up ahead of time with a little gift card in there from Applebee's or something as a way of thanks.  Your next job is to write up an executive report to management on the results of the test and what are the next steps to improve.  They will want to know when the next test will be, so be prepared to address that. 

I hope that helps.  One of your biggest challenges will be data if you have to recover from tape or drives.  If you don't have an archive policy in place, some of these large databases will be a challenge to accomplish in your agreed upon RTO.  Your test will help the organization understand that.

Keep it positive!

Scott Arnett
scott.arnett@charter.net

My Disaster Recovery Plan is GOLD

Disaster Recovery is always a great topic of discussion.  I had a colleague contact me recently and asked if I would look at their DR plan and poke holes in it.  So, naturally I said sure.

I spent the time looking through the plan and it looks good, very well thought out, and has some areas that need some attention.  It also has some major flaws - and it is not what is in the plan, it is what is not in the plan.  That is the plan itself.  So I called him up and said let me ask you some questions.

1. If your data center goes down, where is your plan?  On SharePoint?  So you can't get to your plan then?  Right?  Where is your off site copy?
2. Network is down, can't get to Outlook - where is your notification list - in Outlook?  Where is the off site copy?
3. Where is your runbook copies?  Runbooks - those documents you need to ensure anyone can help you recover a system or application.  Don't forget the people aspects of your DR plan.  If you have a disaster that hit your data center, chances are some of your staff could be impacted. 

Find a cloud based solution to help you manage your disaster recovery documents.  You can get access to the Internet from a fast food place, hotel or a staff member home.  Don't have the only copies in your own data center that you just wrote your DR plan for. 

The other thing I recommended was to have a process for updating the plan as the infrastructure changes, applications put in production or retired, and testing the plan.  Do an actual test, not just go through a whiteboard session in a meeting room.  Make sure you can actually recover to your RPO and RTO agreements. 

One more important step I saw missing was a clear process and role responsibility for declaring a Disaster.  Don't have just 1 person with authority - have a few folks with the authority to declare a Disaster or a committee.  During your test, flush all these process(s) out.  Make sure you adjust and update your plans with lessons learned. 

So not Gold yet, but getting there.  Continuous improvement will get you to Gold my friend.

Keep it positive!

Scott Arnett
scott.arnett@charter.net

Write Us Some Articles

Talk about a dream opportunity - I have been asked to be a regular contributor to a leading technology magazine.  A great opportunity to help answer some tough questions in real world terms and experience.  Can't tell you the name yet till they make the announcement. There are significant folks reading this blog, and I love the emails, comments, and feedback. 

Keep it positive!

Scott Arnett
scott.arnett@charter.net

Social Enterprise

Have you heard the term "Social Enterprise"?  What does it mean to you?  How about your organization?  Salesforce.com talks about creating the "Social Enterprise" - you buy in?  Is Salesforce taking the lead on this or off course?

In looking at Salesforce.com vision, and as I understand it, the social enterprise that they envision leverages collaboration tools, mobile technologies and social media to enhance interactions with your customers.  If you take it a step further, it could be internal and external customers.  So it this beneficial to the organization or significant risk?  I believe there are rewards to it, risks and costs that can be significant. 

By definition, a "social enterprise" would be one that is very good at using technology to increase brand recognition, to provide the tools for customers to do business with you more easily, and to provide some value that your competitors can't provide.  To be successful with this, it takes skills, talent, a strong strategy and vision.  Your organization ready? 

How do you hire these talents then?  Do you have an advantage with your customers or potential employees?  It seems obvious, but with consumerization of IT, employees want to bring in a variety of devices and connect them to company systems and networks.  They may be coming from companies that already allow this, or they may be younger hires who are used to being connected through a variety of platforms all the time.  There comes some of the risk we can talk about. 

The CIO needs the practicality in determining which technologies to invest in, but there is also the softer requirement to make sure the workplace is more attractive to younger and tech-savvy talent. Opens the door for that bring your own device (BYOD) to work discussion.  There are legal, security, and productivity discussions to have, not to mention some HR concerns.  A topic you can't ignore anymore or hope will go away. 

You will also find that your employees now want access to collaboration tools, from wikis to social media.  But there has to be that balance.  There must be a strong sense of practicality.  That is, we don't develop technology for technology's sake, but invest in and support technology that addresses business needs.  Go capture those business capabilities - and map your IT strategy to them. 

Facebook, Twitter and all these social media applications - a benefit or distraction?  How about internal tools, like Yammer, Chatter or MS new tool?  Does your staff really need to update their Facebook site during work hours? I think the value is yet to be seen.  Your customers will use Facebook to endorse or complain about your product or services - now there is a place to engage your customers.  Now there is value.

Keep it positive!

Scott Arnett
scott.arnett@charter.net

Microsoft Server 8 - Thumbs Up

Take the time to load the Beta copy of Server 8 on a box in your lab and take a look.  Every Enterprise Server Team needs to take a look and start getting familiar with this new OS.  This isn't a boring iteration on a previous server operating system wherein a few tweaks have been achieved and nothing really changes. Server 8 - along with the suite of associated 2012-ish server applications - is nothing short of a complete redefinition of the server landscape.  I'm impressed, and I hope Microsoft comes up with a cool name for this OS and not just Windows Server 8.

Whereas Windows 8 is about radically redefining and limiting how we work (smart move), Windows Server 8's equally radical approach is to provide us with the ability to do whatever we want to do in as open and standards-compliant manner as is possible. It is such a fundamental change in attitude that I don't think anyone fully understands the long-term repercussions just yet. Is this a modular approach to the OS?  Will they be able to upgrade or update different modules of the OS without waiting for another major release? I think we have some more research to do.

The storage team in particular is due some "open" accolades. They are pushing standards-based storage management. They've been very active participants within the Storage Networking Industry Association (SNIA), which involves working closely with all major storage players (including open source teams) to ensure that SMB 2.2 did not end up a proprietary protocol.  Plus, does this bring EMC to the table with some open standard tools?  Perhaps. SNIA has some great ideas - I love to follow their progress.

Windows 8 includes an NFS stack rewritten from the ground up. It solves a lot of the compatibility issues suffered by previous implementations and offers massive performance increases. They aren't implementing some kludged in-house frankenversion either: Microsoft bit the bullet and paid to have it done right.  Plus I don't see any vaporware yet in the beta version I have.  What has been said is present.  How cool is that?

The storage team have also produced the best PowerShell reference sheet yet. Interesting, as PowerShell scriptability is another important marker of Microsoft's growing commitment to openness and standards.

Compared to its precedents, Server 8 was designed backwards; everything in Server 8 can be manipulated via APIs and PowerShell scriptlets. GUIs are simply ease-of-use layers that offer a visual method of scriptlet control.  I also like the improved GUI.  Many IT SMEs like the scripts, but there is a risk with doing things in scripts - easy errors can occur.

That means that anyone can build an interface to control any aspect of Server 8 from any operating system they wish. If you want to run a fleet of Windows 8 servers from Linux, Microsoft is not only happy to help, it built components for that. Now, that is taking a leader role, don't you agree? 

Server 8 is also set to start breaking down some very important barriers by commoditising traditionally proprietary (and expensive) technologies and integrating them into the core OS. Long overdue features like NIC teaming join game-changers like deduplication, virtual HBAs and a thoroughly tested, enterprise-ready iSCSI target. Storage Spaces offers Drobo-like functionality, and Cluster Shared Volumes have moved beyond "Hyper-V only." So next is to see how this will play with enterprise storage environments. 

There are of course Microsoft-centric advances to Server 8 as well. Hyper-V, now supports Hyper-V Replica, Cluster Aware Updates, SMB 2.2 storage, and more. Start putting the pieces together and you get affordable HA Scale Out Storage – something that will radically redefine midmarket virtualisation deployments, but may prove to be insignificant to the large enterprise.

Hyper-V has gained forward momentum; live migration has been enhanced to the point where clustered storage is no longer a requirement. Branch Cache has improved significantly: it now uses bittorrent-esque technology to access files that may live on the local client, a nearby file server or out across the WAN. CHKDSK has been redone – it's faster, smarter and better. Bitlocker now supports clustered disks. I also like some of the management tools.  Check them out -
There's more. A lot more. Windows Server 8 beta has only been in my hands for a week, but it is already completely changing the way I think about IT. Technologies that last year were only accessible to most well-funded of enterprise IT departments, (or the most dedicated of open source administrators,) will now be available to everyone. SMB will gain significant technology with Server 8. 

Microsoft's newly found openness means that no one is forced to use Windows 8 for administration. What's more, Windows Server 8 is a versatile and feature-rich backend for non-Microsoft client operating systems. Whether your business chooses Linux, Windows, Apple or BYOD client deployments, the case for Windows Server 8 as the backend is easily made, and now a real asset to the technology architecture.

Take some time to get familiar with it - I think we have a game changer on the way.  Exciting!

Keep it positive!

Scott Arnett
scott.arnett@charter.net

Positioning IT as an Enabler of Business Growth

Time for the business to stop thinking of IT or technology as a necessary evil or cost center, and look to it to become a business enabler.  As global business strategies place a new emphasis on growth, CIOs understand that IT needs to change versus return to the way it was prior to the economic downturn. IT management needs a new strategy that can enable their company to balance driving growth with cutting costs now while making their infrastructure safer and more efficient, flexible, and innovative.

Impossible?  Not impossible, but will require time, resources and effort.  Start with sitting down with the business to identify their business capabilities they need to drive business growth.  Take those business capabilities needed and put some structure around them, you will get a big list.  Work the list down to the top 10 or so and start mapping IT enabling capabilities to them.  How can IT support and help deliver those top 10 capabilities?  IT will quickly become a business partner and position IT as an enabler of business growth. 

This is more than just a one time exercise, this is a step you need to take with the business on a regular basis.  Business climate changes, technology changes, and the focus needs to be adjusted.  This effort will ensure IT and the business are in sync and working together. 

So what about the comments IT is becoming less technology and more business?  How about business savvy technologists?  I think IT needs to become more business aware, but that does not mean we are less technical in nature.  There are more external sources now, more solutions that a vendor supported, and the list goes on, but there will always be a need for technical staff in IT.

Sharpen up your business and customer service skills, they are needed.  The business has to grow, be successful and competitive for everyone to win, including IT. 

Keep it positive!

Scott Arnett
scott.arnett@charter.net

Workforce Shortage? Skills Shortage? Politics?

Attend a conference recently and hear how we have a workforce shortage?  All these open positions in the USA going unfilled because we don't have candidates available or the skills we need.  Really?  So what games are we playing? 

Mention "talent shortage," whether you're talking about IT, manufacturing, healthcare or any other professional group, and brace yourself for a firestorm.  By chance, did you read the Wall Street Journal opinion piece that cites a recent Deloitte Consulting survey in making the case that 600,000 US manufacturing jobs are going unfilled during a period of high unemployment because of "workforce shortages or skills deficiencies". Interesting.  Wonder why employers will not interview or hire candidates that are currently unemployed?  What is the driving force to this nonsense?  Perhaps some HR expert stated the relevance to this in a article or something.  Make sense to you? 

Let's take a look at some facts, three decades of cutting jobs, cutting training budgets, and now we have no one to do the jobs we need.  We have done a poor approach to investing in our staff, building the skills and talent we need, and now we cry skills shortage.  Why are we shocked?  Listen to the lobbyists for industry as they make a case for why they need to bring more cheap foreign workers into the country to do these jobs.  Is that the answer?  Really?  Dirty politics at work again, along with some greed. 

How about we stop whining about the talent shortage and start doing something about it.  Let's take a little lower margin this year and invest in our employees and develop the skills needed for today and tomorrow.  If "People are our most important resource" as employers are wanting to proclaim, why do most of them expect this precious asset to show up gift wrapped, and to increase in value with little effort on their part?  Why is it in Information Week's most recent US IT Salary Survey shows only 28% of the 13,800 IT pros say they expect to receive education and training this year? 

Your organization needs to do a skills inventory and identify gaps.  Take the initiative to start developing those skills necessary for today's operations, and tomorrows strategy.  CIO, CTO and VP of IT - be the leader of your organization, and address the skills shortage head on.  You will also find reward in investing in your employees and giving them the skills they need to do their job.  Job satisfaction is a great thing. 

Keep it positive!

Scott Arnett
scott.arnett@charter.net

Undercover Boss - Great Insight

Ever watch the Undercover Boss TV series?  I have watched it a few times, and each time I was moved by the CEO approach.  I like the efforts and light it brings to an important topic.  Much like the "walk a mile in my shoes" programs.  It is easy to loose sight of what it is like to work the front lines when your time is captivated in the boardroom. 

I can proudly say as a member of senior managment, I always took the time to not only understand the roles in my division, but spent time side by side with the staff.  Whether it was building servers, or taking service desk calls, I took the time to have that exposure and insight.  I couldn't understand or help the team if I couldn't relate or have that first hand experience.  Furthermore, it clearly helps deliver the message that I care, and want to know them as a person.  That is why I like this show so much.  I have a strong opinion that an effective leader needs to leave the boardroom, and tie beyond from time to time and work the front lines.

There have been some companies that when hiring new leaders, make them work some of the front line jobs for a period of time before taking on their new managerial role.  I have read those critics on this approach, but I like it for those that have not grown up in the profession for which they will assume a leadership role in.  I don't see any negative side effects of this approach.  What I do see is an organization that wants team work throughout the organizational structure. 

So as a leader, there is nothing wrong with delivering drinks to your staff on a Friday afternoon to say thank you.  How about holding the door open for staff coming in out of the rain and saying thank you for all you do.  How about joining staff on an afternoon break in the breakroom and say - "how's it going?"   Be present, be personable, and engaged.  Leadership isn't about giving out orders and mandates, it is about setting direction, share the vision, help others see the vision and empower them to get there.  Micro managers are just managers not leaders.  Don't get them confused....

I would like to see more CEO, CFO, CIO's and VP's do an undercover mission and make great things happen in their company.  Spreadsheets and numbers don't tell the complete story.  Don't manage by spreadsheet, but take to the floor and learn your business and people. 

Keep it positive!

Scott Arnett
scott.arnett@charter.net

The Higher-Bandwidth, Lower-Cost Connection of Choice: 10GBASE-T LAN on Motherboard

New business demands are driving bigger, more advanced and self healing networks.

Cloud computing, virtualization and big data are driving the need for even more network bandwidth. With Gigabit Ethernet as the standard, savvy network managers are seeking to transition to 10GBASE-T for higher throughput, more flexibility and lower costs. Take a look at Intel and Dell as they showcase their new LAN on Motherboard enhancements to the Dell PowerEdge servers. Worth taking a new look at. 

In the lab this technology appears to meet expectations of the enterprise.  Could it fit a niche in your data center?  Perhaps in manufacturing floor?  How about multi media?  Seems to perform very well for streaming media.  I am impressed -

Keep it postiive!

Scott Arnett
scott.arnett@charter.net

Magazine Management

I am teaching an evening IT class this semester, and some of the students are already in an IT position.  The rest of the class are young students working towards a computer or management degree.  Has been a real refreshing experience, and I have to admit I am learning some things right along with them.  A fun class!

One of our discussions turned towards organizational Senior Management, and how they read an article in a magazine, then all of a sudden that is what the organization needs to be doing, or at.  Ever wonder why is that?  Is it the fear of appearing out of touch, the organization will loose competitive advantage?  What about bragging rights at the club house?  Who writes these articles anyway?  Are they fact, fiction or desire?  Who's standards are they?  Do these standards vary with size of the organization?  Ever wonder if a best practice for a $20B corporation makes sense for a $20M corporation, or a $2M corporation?  I guess your management needs to help guide that discussion.

I often ask myself if these analyst that write for these magazines ever built a server, worked a service desk, or configured a router.  Do they really have some real world experience to have an opinion?  Maybe we should look beyond the good grammar and easy read to see what substance is in the article.  I find many of these articles fuel the technology hype that burns a great deal of organizations.  Takes a sharp CIO or CTO to read between the lines, and determine what and how much any of it applies to their organization.  One doesn't always have to join the hype cycle to be a good leader, or stand tall at the club house. 

Organizations that have a roller coaster experience from chasing magazine technology leadership have staff churn, burn out and lack focus.  I am not saying all articles or all magazines are bad, there are some good ones out there, and there are some great articles by great people.  It is just that, their opinion, their thoughts and insight.  Take it for what it is, another opinion for you to consider as you lead your organization through technology direction setting.  I would say just like this blog. 

Next time - just pass the article on to your staff for a good read and let them determine it's value. 

Keep it positive!

Scott Arnett
scott.arnett@charter.net

ITSM Process - To hard to implement?

So much discussion these days on ITIL, ITSM and all the parts and pieces.  Talk with industry colleagues and you hear things like "it is to big and difficult to implement in any organization".  What is the benefit?  How much will it cost?  Will it slow us down to much?

I don't think you need to implement all of it up front, but I do think you need to define your process(s) and overall vision.  It is important to show all the input(s) and output(s) of your process.  Take for example Change Management, usually a good place to start.  Implement Change Management process, but have the hooks embedded up front on how incident, problem, and request management will be an input to Change Management.  Once you start to implement Incident or Problem management, the process(s) are ready to interconnect with each other.  It is essential not to turn these individual ITSM process(s) into silos, they work together and are input/output to each other.  So that overall vision or map is essential. 

The other side of the coin, when you start looking for a tool to support your process, the tool should align to your overall vision, not just one process.  Buying a tool for just Change Management would be a mistake, you need to buy a tool that can do all the process(s) in your total vision or map.  Don't need to turn these on in the tool or pay for them day 1, add them as you go, but make sure it will deliver long term the modules you need.

It is also important your organization structure will support your ITSM goals.  Having an overall ITSM manager will not only help with implementation, process alignment, but organizational adoption.  Approaching this as a part time job or "when you have time" always leads to failure.  It will take back seat to many other priorities.  It will be important to have organizational alignment to promote success of these efforts. 

I believe ITSM efforts are worth it, and it is hard to implement, but not impossible.  With a good process, organizational support, and good tools, it can bring great benefit to your organization.

Keep it positive!

Scott Arnett
scott.arnett@charter.net

Forgotten Front?

The corporate enterprise has a great deal of applications, systems, and data to maintain each day.  To help maintain those assets, they bring performance management and capacity planning management in as a best practice and means of delivering a positive IT experience to the organization.  The new tools of today tell more than just what is up and what is down, but degradation of service, API calls, and the list goes on.  All good stuff.

There are a great deal of websites in our organization today.  These websites are migrating from static pages to actual web based applications.  Websites have always been that one off for most infrastructure teams, and they sure don't do much monitoring.  Is it the forgotten front?  The devices that use web sure are exploding, and there is big push from marketing and the business for a bigger, more advance web presence, so are we ready? 

There are a few great tools out there to help monitor your web environment, like Gomaz, and OpNet.  These 2 tools together can cover your entire environment and help you deliver a consistent positive experience.  One of the problems I find is that we monitor but we don't take action of the results of the monitoring.  No actionable items come out of the monitoring and that is a missed opportunity.  If you are going to go through the effort and expense of monitoring your websites - and you are getting alerts to issues, make them actionable items.  I recommend taking these alerts to Service Now and turn them into incident tickets, actionable items and get them resolved.  Using a tool like Service Now gives you exposure to the issues, trending, problem management and integration to change management.  Yes, change management for your web environment.  This is not a static environment anymore, but quickly becoming an application environment.  This environment needs standards, process, controls and some best practice. 

One last recommendation, don't let your website development firm dictate or drive your web environment, infrastructure or process(s).  They are interested in their 1 site they just developed and you paid significant money for.  You are the holder of the big picture for the organization and you need to be the owner of your environment. 

Keep it positive!

Scott Arnett
scott.arnett@charter.net

Cyber Security - Corporate America

I am attending a Cyber Security meeting with Homeland Security this Saturday.  I continue to be active with their Cyber Security Unit.  As attacks on corporate networks continue to escalate, we are seeing more and more instances of very sophisticated intrusions. The recent discovery of the breach of the U.S. Chamber of Commerce illustrates that these types of attacks will continue to progress in both their frequency and sophistication.

It is being reported that the U.S. Chamber might not have been the ultimate target but instead was potentially being used as a gateway to the networks of its members. What are you doing to protect your networks? What are your trusted business partners doing?  Do you have a plan?

Corporate America has not always taken security serious.  From healthcare to manufacturing - we have  a security team on paper, but what about actions?  They do provisioning, but what about monitoring, safeguards, and lock downs.  Most corporations can't afford a large team of experts - but then hire it out as a service.  Stop saying we have security and get security.  It is ok to say no to employees, it is ok to take the best interest of the corporation into consideration.  Do employees really need to get to web base email?  Unsecure networks? 

Cyber Attacks from foreign sources will increase.  Not only do we need to be ready, but a plan that is tested, detailed and ready to respond to an attack.  The infrastructure of our country is dependent on all users of the internet to take this serious.  Corporate America - time to step up to the plate and take this serious, not next year, not tomorrow - TODAY. 

Security is everyone's responsibility.

Keep it positive!

Scott Arnett
scott.arnett@charter.net

SaaS Shopping Spree

I find it interesting reading articles, listening to webcast presentations from CEO's on how wonderful Software as a Service has really become.  I ask myself - really?  Do you find them out of touch as much as I do?  Perhaps they are just listening to the SaaS salesman. 

Software as a Service does have some value, don't get me wrong, there are some great solutions out there.  Salesforce.com, Service Now, and the list goes on.  So what is the problem you ask?  Glad you ask, because in reality, there is a disconnect in the organization. 

I have found many organizational users frustrated with IT because their support, service and attitude has gone down hill.  Really?  The business went and purchased a SaaS solution to meet a business need.  IT is not involved, but also does not have the ability or capability to support this solution.  The SaaS solution is a cloud based solution, that means servers, storage, user accounts, application support - all done by the SaaS partner.  So when the user calls the service desk saying they are having issues with their application, and the service desk has to ask them to call the SaaS provider - there is the rub.  Right?  The user does not want a list of 30 SaaS provider help desk numbers to call, we have trained them for years to call 1 extension number for the service desk.  Now IT says we can not help them, call someone else.

In addition, I hear many times over, the finger pointing starts.  The SaaS says it is the network, the IT Team says it is the SaaS, and the list goes on.  The user is caught in the middle, and they don't know if it is the application, the network, their desktop, or even how they are trying to use it.  Now the frustration has hit the users of the organization. 

Time for some process evaluation and how the organization is going to come back together, work together and solve these new challenges.  Put a stop to the SaaS shopping spree and get some process in place on how as an organization you are going to support these new applications, how will they integrate into the environment, and remain secure.  Many of these application need data from other sources internal to the organization or will provide data to other systems internal.  That upstream and downstream integration into your data flows is key.  In addition, figure out user provisioning, data leak prevention, and most important - user interaction.  Help the users, if you can't answer the question, have a integrated service desk incident management system with your provider to open tickets on behalf of the user. 

There are many organizational benefits to having great applications, including SaaS offerings.  It is equally important to have these offerings integrated into the organziation as to minimize the impact to your user community.  There is no room in today's tough business climate to have walls internal to the organization.

Keep it positive!

Scott Arnett
scott.arnett@charter.net

Architecture in IT - Best Deal?

IT organizations struggling to keep up with technology changes, business changes, and expectations have taken a step back to say "What can we do different? "  You see, the struggle is to have your staff deal with day to day operations, yet keep up with all these other forces - not to mention project work. 

That is where many CIO's have split IT Operations into different focus teams, and that my friend is where Architecture comes into the organization.  Let the IT Delivery Team focus on Operations, and let the Architecture Team focus on new technology, business capability demands, and excellence.  There is a 3rd leg to this IT stool - and that is Security.  Security should not be part of operations, nor should it be part of Architecture.  The Director of Security in most organizations should report direct to the CIO.  Now, before anyone is jumping off their chair, there are organizational needs that would dictate the Security Team reports up through Audit, Legal or CFO.  It would be a organizational need or regulatory requirement.  In most organizations, the CIO can oversee the Security Team. 

So, in my opinion the Architecture team is a great deal, and brings strategy, direction, and alignment to the business for the IT Organization.  Having your delivery team focused on Operational Excellence is a great deal as well.  It will be equally important that the management leaders from these 2 teams stay connected, engaged and meeting on a regular basis.  To many times I have seen them start to pull apart and go in different directions, down to where the delivery team starts to hire their own architecture staff.  This can't turn into 2 different IT departments, it is 1 department with 2 focused teams.  The CTO or CIO will need to ensure they work together and have regular meetings.  In some organizations, this turns into staff career paths and opportunities to grow.  Which is a good thing all the way around.

I have a few request to talk about the financial impacts of these organizational changes.  I will do that soon.  Till then -

Keep it positive!

Scott Arnett
scott.arnett@charter.net