Archive for March, 2008

Release management best practices

Monday, March 31st, 2008

The following are best management for release management:

a. Horizontal changes (including network, security changes) needs due diligence before changes are made

b. High-risk changes are to be planned well and preferably deployed in phases with the business owners on the phone or conference room

c. Communication is key - Release management has to ensure that the impacted departments are communicated well before the release.

Lastly, d. After the release is complete, the business or impacted users should know the release is completed and the necessary internal portal or database is updated with the new information - without which team members with previlege access may un-intentionally roll back the changes performed.

IT Forensics - What is it?

Monday, March 31st, 2008

IT Forensics is typically requested by legal department to investigate and record the digital traces of a corporate property - typically Desktop or a laptop.

Top 2 concerns of IT forensics is to record the supporting evidences untampered and present strong evidence in a court of law.  What do we mean by this? Read on.

There are two portions of IT forensics - Data collection and data analysis. Data collection, as said above has to be tamper-proof and should be detailed including screenshots with  dates and system names that connects to a subject under verification if necessary.

Data analysis has to be very supportive of the argument and cannot include ‘trends’ or ‘industry best-practices’ - it should clearly indicate the information from the data gathered and should be able to reperform the data analysis for the most part.

If data gathering and data analysis is produced accurately and timely, the data can be produced in a court of law without hesitation.

Computing Virutualization & Storage Virtualization

Monday, March 31st, 2008

Yes. These are heavily loaded wordings here. For continuous operational needs, you would computing and storage. However, by virualizing these environments, your operations or engineering would benefit from being more scalable, experience higher availability with less hurdles from hardware aging as you can add or deplete storage or processing power without necessarily experiencing an outage.

Specifically, Computing Virtualization (CoV)  enables you to continue to offer the computing needs while the ‘underneath’  hardware is selectively modified without experiencing outage.  The CoV can be compared to a mobile home. You can always drive to a mobile park and use the services of the park. If the service offered is limited, you can drive away to another mobile park.

The StoV (Storage virtualization) is about virtualizing the storage to unleash the dependence on ‘absolute’ locators or paths.  In other words, your mobile home (as a storage of your stuff) can be made mobile and can be moved to another area for a larger space. One of the key advantages of StoV, as seen in some of the products including those from NetApp is, Cloning. To give you an example, a SAP IT house can quickly clone their environments into 3 environments - Development, Staging and Production. They can now have the business owners test and confirm the changes are ok.

Bottomline, you would need both StoV and CoV. Go Virtualization!

When not to outsource your service or process?

Monday, March 31st, 2008

Clearly anything that is not core to your business can be outsourced - it is upto you to define what is core service to your business and what is not.

As an example, One company believes the helpdesk is core to their business while another company does not believe the helpdesk is core to their culture and they go ahead and outsource it to IBM completely.

Mark Egan, ex-CIO of Symantec once said, “Help desk department is the internal facing ambassadors - they are core to the success of the employees productivity - I would not outsource it”.

Would you outsource your finance department? Probably not. That is one of your core process. How about Datacenter monitoring? Probably yes - that is not one of your core process/service and you might as well outsource.

 We did not talk about the risk - overall risk is ‘ownership’ - internal staff tend to own the process/service and try to resolve it with process maturity while an outsourced vendor cannot offer the ‘ownership’ but can offer accountability.

Bottomline, there is no right answer for this - you measure the risk while review your core services and then take the decision.