OK - so last time we saw what a basic SLA in general looks like - at least from the components pov (a lot of the information that follows is related to BMC's (Remedy) SLM product, simply because I'm not familiar with any other SLM product and for no other reason - sorry about that).

This time we'll dig a bit deeper, and see what kinds of information may be used to generate service targets (SVTs).

In a Help Desk situation you want to be aware of SLAs concerning resolution time/closure time and such - you also want to know how soon someone was assigned, and then started working the issue. SVTs can be set so they 'attach' to a ticket that follow a given START criteria (Service = Help Desk AND Status = Assigned - for example), and then do a STOP criteria (Service = Help Desk AND Status = Resolved/Closed). You get the idea.

Along the way you want milestones - say your goal is 24 hours for the case to be closed, and you want to be warned 12 hours into the ticket by email or a pager note - absolutely possible.

This was just a basic explanation of an SVT for a simple Help Desk ticket, but I am quite sure you can follow the enormous potential of such a product. Now, if you have the ITSM suite you'd get an integrated set of products that are aware of each other and ready to work with each other. There are templates you can apply and you could also create your own customized templates specific to your organization.

In order to create an SVT you first need a data source (DS). You could create your own DS based on an existing infrastructure (say an existing database of widgets that have status information in them, which you want to monitor). Or, you could use the integrated DS - such as Help Desk, Change Management, Compliance and such.

You could also use data from other sources (such as BMC Performance Manager: PATROL and the BPM Portal; SNMP Traps; Transaction Manager: TM-ART - in the case of BMC's (Remedy) SLM product) that you have set up in your organization and mine them for specific triggers. Say you want to monitor how long the CPU of an important machine stays at 60% or above for SLA purposes: sure, you not a problem. You can look at the history of each of these Measurement Records and figure out what data was retrieved and when.

It's easy to see the limitless applications of SLM - once you have a reliable, accurate data source you'll be able to consume its data, manipulate them and calculate all sorts of statistical information. And ultimately - you have the reporting feature, which you can use to plot the progress of your project.

Now that we've seen the types of data that can be used in generating SVTs, our next stop shall be related to the advantages of having implementing SLM in your enterprise.

On SLM

 

A contract generally involves at least 2 parties - one offering a service and the other consuming it. The basic idea of a contract is to formalize a business relationship, and may consist of one or more agreements, which define the contract terms.

 

Agreements in turn may contain language that deal with the specifics of the contract – such as an ETD, cost, options, and so on. These specifics would be the ‘targets.’

 

To make sure the defined work is getting done properly, there is a need to MEASURE the terms of the agreement. As an example, you can have a contract with a landscaper with an agreement that the work shall be finished in 5 days at the cost of, say, $1000. And if done early, a bonus of $50 would be offered; but if late, then a penalty of $50 would be assessed. This is a simple definition, but it gives enough information on how the work shall be done and the expected rewards/penalties.

 

In much the same way, IT shops that offer services to their customers have a strong need to be monitored and measured, with feedback coming in via surveys, data analysis, and direct customer comments.

 

What is the need to measure something like, for example, the amount of time taken to set up a virtual machine for a test environment requested by a QA team?

 

If you think about it, the advantages of a measurement/monitoring system are tremendous: Scope for improvement, increase in productivity, cost savings, more efficient use of resources, improvement in customer satisfaction – are just a few, as long as the data are being collected accurately and fairly, and are analyzed the right way.

 

For instance, you can’t fault the IT tech if the VM host itself develops a failed disk – it’s something that can’t be controlled, and thus cannot be counted towards the SLA (the Service Level Agreement).

 

What an SLM tool should do (terms/definitions/implementations may vary):

1. DEFINE contracts – the overarching buckets that holds everything
2. DEFINE agreements – sets of agreed-upon goals
3. DEFINE and TRACK targets – the actual definition and implementation details of the goals
4. DEFINE and TRACK milestones – how long to wait when an SLA is violated before taking action; or run certain tests at certain points in time during the project
5. DEFINE and EXECUTE actions – when milestones/SLAs are violated
6. DEFINE and TRACK penalties/rewards
7. REPORT on any aspect of the measured data (transforms data into information)

 

What can be measured? Anything. Absolutely anything, as long as the information about the measured entity can be parsed (mathematically/semantically). As an example, you could measure the amount of time taken to close out a customer issue, and you could also measure the number of times a customer has used the word “terrible.”

 

Let’s expand on the landscaping example.

CONTRACT – the document you sign to have the crew perform the work

AGREEMENT – that the overall cost will be $1000 and time to finish would be 5 days

TARGETS – cost, time estimate, number of people doing the work, number of bags of mulch, type and quality of top soil

MILESTONES/ACTIONS – at most grant an extra day; notify contractor if delay goes over allotted time

PENALTIES/REWARDS – bonus $50 for finishing before time; penalty $50 for being late

REPORT – give feedback to the contractor when work is done; post review on consumer websites

 

More later...(especially how things can plug into ITIL processes)

_____
tags: SLM |  Service Level Management

http://www.boston.com/business/articles/2008/04/23/stung_by_hackers_grocer_encrypts_customer_data/

 

As any Hannaford exec will tell you, the last place you want to secure is the first place hackers will target. As the cliché goes - a chain is only as strong...

 

In this case, although details are quite nebulous, it appears that malware running on internal servers intercepted credit card data as the cards were swiped (plaintext data is sent from the POS terminals to the processing servers before the data is encrypted, so anyone snooping right in the middle could easily get access to the entire card data), and then simply shipped the info off to the hackers.

 

Really simple operation, but how did the malware get inside the internal servers? There are a few ways:

a. Someone used it to surf the 'Net, and probably downloaded it by mistake

b. Someone planted it on purpose (inside job)

c. Hackers got in from outside and planted the program

 

The company will not really say what happened, so the possibility that it was an inside job is quite high.

 

Steps the company has taken to avoid such illegal interception include encrypting the data right at the POS, having IBM monitor the network for suspicious activities and so on. This, thus, is another case of bolting the barn...although it is a sure deterrent to hackers planning the same method of stealing information in future.

 

The problem is hackers will probably find a way around it; they always do. The PCI-DSS standards (see one of my previous blogs) only regulate the encryption of data when it reaches the servers and not before or during, so that is definitely a weakness.

 

Further, as the article in the link notes (and is so true anyway), retailers depend badly on the software vendors to update their software/patch issues and vulnerabilities, and overall make sure their product is not a gateway for hackers to drill into the enterprise and steal information.

 

One critical step would to monitor INTERNAL traffic (in terms of always monitoring who accesses sensitive servers, implement a strict ACL, and checking ALL packets that leave the servers - especially those that break known patterns/signatures).

Doing extensive background checks on staff that must have access to these machines should be made mandatory, and any unauthorized attempts to peek at the database or perform any kind of illegal operation should result in immediate termination, no exceptions. Quite obviously (as before in my earlier blogs) I am not advocating tyranny at the workplace, just prudence/caution/curiosity- and lots of it.

 

Hacking is done by humans - not machines or software, although they're indispensable in meeting their nefarious goals. The instigator is still a living, breathing human; so any security plan that mindlessly targets malware, viruses, worms, trojans etc without taking into account the human element (especially employees and also the psychological aspects of hacking/hackers) is doomed to fail.

 

For most large corporations that deal in data (finance, medicine, retail etc) there is nothing more horrific than a panicky call in the middle of the night from the sys admin. Don't let it happen to you - tighten your network; encrypt; monitor; adjust; implement; monitor.

Enough to send shivers down the spine of any IT Security employee is news that viruses now come preinstalled (for your convenience) on portable music players like the iPod, as well as on GPS systems and possibly other portable devices.

Many employees treat lunch-time as a somewhat sadistic date with their computers - so that means plugging in various devices to their hapless desktop/notepad and torturing it with downloads of firmware upgrades, content, and syncing up mail/contacts etc. Not an issue per se, of course, and in fact this may increase productivity by making employees feel more 'at home' and comfortable at their workplace - as long as the actions do not constitute a violation of corporate policies, needless to say.

However, the risk is that some of these devices - which you'd expect to be 'pristine' and 'untouched' may be having a nasty surprise in store for you (and for your IT team that must clear up the gory mess).
http://ap.google.com/article/ALeqM5j5sV-97QAoIse_DNzmQ6bD6oKXJwD8VCQIK80

It appears that many of these problems originate in devices manufactured in - where else? - China, where a careless tester may be plugging in these mini-computers to their stations for a final validation step, and inadvertently transferring the evil payload in the process.

Where this could be a REAL threat to a country's security is when this corruption happens DELIBERATELY, with malicious intent. So, imagine a defense dept official plugging in his/her child's iPod to their office laptop to download music or troubleshoot - and WHOOP - you got a password stealer installed stealthily. You can imagine the rest.

I've previously noted on this blog on the risks of USB ports and CD/floppy drives on sensitive computers. Just glue them up if there's no need for them to be available. I'm not about to preach on the physical aspect of a company's security policy, but having steel doors is not enough. And for those that think AV solutions are the panacea for such problems, please note that some of these miserable little programs DISABLE the AV so no alarms are raised.

Happy listening!


_____
tags: AV |  GPS |  china |  portable music players |  usb floppy cd drives |  virus

For those that consider disk encryption to be the ultimate tool in fending off hackers and data thieves, a short video should be a strong wake-up call.

Watch this, and be fascinated (maybe with horror):

http://www.youtube.com/watch?v=JDaicPIgn9U

Princeton researchers have found a couple of ways to get around BitLocker etc. I won't bore you with the details - just read this rather informative article

http://www.news.com/8301-13578_3-9876060-38.html?tag=nefd.lede

What's surprising is the EASE with which all the security boundaries were crossed (smashed, actually) and the data retrieved. When a company promises that hard disk encryption will save you from lost data because the thief won't be able to get to your information, they're only half right. If your computer was ON or in sleep mode (or in screensaver lock mode) they can easily get to the RAM and harvest all the memory in it - then simply look for keys.

The best way is to power down your computer and make sure it's off for at least 4-5 minutes, otherwise it's way too easy to get to the innards.

The weakness lies in the fact that the encryption key is stored in RAM - quite obvious because data needs to be en/decrypted on the fly, and the only way this can be done efficiently is by storing it in RAM. The DRAM chips are supposed to lose their data right at power-off, but that's not always true. The chips keep the content alive without any refresh for up to 10 MINUTES. That's a lot of time.

So once they have the computer the hackers would simply remove the chip after spraying it with duster liquid (so it cools it down to -50 deg), and that extends the life of the data on the chips quite a bit. Then they'd copy over the content to their machine and just look for the key. Simple.

Or, they can boot from an external disk and run a program that'll dump the contents of memory and simultaneously retrieve the key as well.

What does this mean for all those people that believed disk encryption was the cure-all? Well, it's still better to have this protection than not to have it, but be careful that you don't have your computer on if you must leave it unattended for even a minute. For any reason whatsoever, don't lose track of it, of course, even for a minute, but if you must...

The article discusses some countermeasures, but the IT organization that was sold on this technology now is probably getting bombarded with all sorts of questions and concerns, and justifiably so.

The only safe way to prevent data theft is to prevent the theft of the computer itself.

 

The recent unsolicited bid from MS for YAHOO was not very surprising. Considering that Y has been ailing for some time now - with declining ad revenues and search statistics, along with a somewhat slow-and-bloated feel to the entire company, someone HAD to do something. MS decided to be that someone.

 

How much sense does it make? Not much. Not much at all. MS is known for its aggressive marketing, product growth, and pushing strongly into areas that have already been cleared for it by others - and very often overrunning the precursors in the process. However, it is not very much known for innovation.

 

Y, on the other hand, was one of the first true innovators on the Web, bringing a 'directory' approach to search. However, as the Web grew exponentially, people had little time or patience to look through subdirectories and such -- they just wanted the ability to type in something and see something useful come up quickly.

 

Google satisfied that need splendidly. Its simple, understated interface with just three or four links, and two simple buttons, did it all. Magic, nearly every time. Witness its torrid revenue growth and the merciless streak of profitability, a portion of which comes at the cost of others, mostly Y and MSN (which is, in my opinion, the most anemic of all search engines).

 

Others somehow stumbled along, while G, with the incredible muscle of its finances and the fantastic brains behind it all, simply left everyone dazed (and tottering).

 

Little wonder that it cried foul at MS's offer; and even less surprising that it offered a 'helping' hand to Y. But I think secretly G wants MS to get into Y the way a dying man gets trapped in quicksand. Y just announced it would lay off 1000 people worldwide; it has shut down its Photo division, and probably will shutter many others that are simply not contributing to the bottom line. That leaves a WHOLE lot of disgruntled, and in many cases, very talented people just waiting to jump ship.

 

Enter MS - to hasten the fall, and enter G - to welcome the jumpers.

 

Y is decaying; I have no doubt about it. Jerry or Terry - same results. Its Panama initiative is not going to get results anytime soon, and worse, MS may cause the most important property of any company - its developers - to quit, thus endangering significantly any future revenues.

 

Further, while Y has a startup-type outlook, MS is on the other side of the Net divide: Stodgy, self-important, dull, and a penchant for monopolistic tendencies. Therefore, a clash of the cultures is definitely not to be ruled out.

 

Overall, not a very rosy picture there.

 

However, as my wife will occasionally point out, not all of my notions are accurate to the last detail all the time. Besides, every now and then I'll come up with a non sequitur or two: Because both MS and Y are competition to G, combined they'll surely kill G.

 

Yeah, right.

 

Anyway, the mise-en-scene has been set - let's get the popcorn and watch the fun unfold!

In a series of annoucements that could pressure VMWare stock, MS made it clear that it's going to go after virtualization along multiple channels, and with great determination. Their intent to purchase Calista, a desktop virtualization presentation product, falls in line with what they hope to do with the technology, and where they want to apply it.

One must remember that desktop virtualization is still new and hasn't really become popular yet, but should take off like a rocket once corporate types figure out it's cheaper, easier, more secure, and more reliable to push out a preformed virtual image to employees' machines than any other solution.

Now that the Server 2008 will have Hyper-V built-in - and with the same OS layer that they sell so much of, the teaming up with Citrix (which purchased XenSource) will further help consolidate their position as being highly committed to the VM platform. VMWare must now fight back with new relationships/partners and technologies that will improve the speed, response, security, and performance of their products in general. Although they have a commanding lead in the market and are seen as the leaders, MS thrives on starting late and catching up then overtaking. So, despite any delay or kludgy/buggy interfaces that one may encounter in MS' first offering, you simply can't write them off. They have the money, the resources, and the doggedness to go after *anything* - however dumb a move it *may* seem to outsiders.

To be sure, the OS is still their main source of revenue; however, they'll take anything they can get in the fresh, still-quite-untested market of VMs. No question it's a new source of revenue (and customers), and it's also one that's bound to grow very fast, and by large amounts. The 'green' message behind VMs helps a lot, plus space and time savings. The Citrix partnership could hold back those companies that want to move from MS to Linux and keep them safely ensconced in the MS fold.

Although analysts seem to be confident about VMWare's current strategy and product direction, they'd do well to keep looking over their shoulders.

All in all, it's a VERY positive announcement from MS, but let's hope they don't come up with another Zune (if they did, then with a little stretching one could call VMWare the Apple of VMs).

_____
tags: calista |  it management |  security |  virtual machines |  virtualization |  xensource

Continuing in the grand tradition of using bad puns as titles, we look at the weird case of Lin Yung-Hsun, a Sys Admin, who in his great wisdom thought it fit to plant a logic bomb (http://en.wikipedia.org/wiki/Logic_bomb) because he was nervous about an upcoming corporate restructuring (that could result in his getting laid-off).

You can read more about this sadly misguided person's story here:

http://www.informationweek.com/news/showArticle.jhtml?articleID=205601393

The ultimate irony is that he was kept while other SAs were shown the door.

In previous postings I've mentioned that the biggest threats often come from insiders - disgruntled employees, saboteurs that get employment in the target company so they can perform destructive actions, corrupt workers and so on.

Obviously the idea is not that one should distrust their workers - on the contrary one should trust them completely, but while still taking protective actions, such as routine scans of all admin commands/actions; sweeping the disks of critical servers to check for any obvious problems and so on, and maybe even having a trusted party check important systems for signs of unauthorized or unacceptable activities.

While there are pretty good tools to prevent virus/DoS/hacking attacks, none that I know of protect against such deviously simple yet hard to find attacks. Unless AV software can start incorporating intelligence (singatures) of destructive behavior it won't be simple/possible/easy to stop such people.

_____
tags: IT security |  Security |  computer security |  data loss |  data loss prevention |  data protection |  data security

I'd noted in a blog post on Nov 7 that DELL might purchase a storage hardware or technology within the next 3-6 months. I was right, of course, but didn't realize how soon I'd be proven right. The company is 'The Networked Storage Company' and the founder is a former EMC UK executive.

Their model is brilliant - simple yet very effective. No question that DELL saw the gem and grabbed it. The only thing is, their website (TNWSC.com) states that they are 'fiercely independent' in the sense that they do not owe allegiance to any one vendor. However, with DELL now buying them out, how does that change things?

From their website's FAQ section:

Check out their FAQ here: http://tnwsc.com/faq's.html (I'm not a fan of apostrophes where they DON'T belong, especially in plurals).

TNSWC do not recommend solutions, yes, and they have a methodology called 'Point of Proof' which DELL is going to market, but still the idea of a previously independent entity flaunting its disinterest now getting bought out by a storage vendor is somehow a bit odd, although I'd think it will make no difference in how TNWSC will continue to work or how DELL will treat its old (and new) customers -- because ultimately credibility (and honesty) is everything. As long as they continue to save their clients tons of money and guide them through the labyrinth of storage acronyms and technologies who cares! I look forward to seeing how DELL exploits this to-be-hot-soon market (that of IT Storage consulting). Companies have invested millions (and billions) of dollars in their complex IT (storage) infrastructures, so if they want to see returns who can blame them! As an analogy I'd say such firms are like the patient advocacy firms - they promise results for your investment; no more no less. See http://en.wikipedia.org/wiki/Patient_advocacy: another hot trend considering healthcare costs and a seeming apathy towards the very people that fund the system - the patients.

****

Another curious thing I read recently related to IBM's release of the semantic search (for email), available on their AlphaWorks site (http://www.almaden.ibm.com/cs/projects/avatar/)

The first thing that'll come to anyone's mind is Google Desktop Search (GDS) - a very powerful and unimaginably quick search tool that I used for a long time before the index became a bit much for the disk (I have a pathetic 12 GB disk). Now, if you had a 100+GB disk with a lot of documents/email etc you'd really want GDS. GDS however does a (I think) strictly string-search approach - no 'intelligence' or 'rule-based search'.

The new tool from the Avatar research team does a lot of similar things -- it mines unstructured information and renders them searchable (albeit in an 'intelligent' fashion -- heuristics, really; so watch out for cognitive biases). So what's new? I know that Stratify (used to be known as Purple Yogi) used to do the same. I think Stratify was funded by In-Q-Tel, apparently the funding arm of the CIA.

The problem statement posed by the researchers/inventors is nothing new - there's a whole lot of information that's just lying there, waiting to be found, associations waiting to be made, text waiting to be indexed. To make the process of digging through the dirt cleaner, quicker, easier, and accessible is an unenviable task. Imagine a corporate website that has individual blogs/mini websites/documents all over the place, containing sensitive, important, and critical material that's probably needed by many others (or they don't know that they need it). An index-and-search tool such as Google's SearchAppliance would be a great thing to have, but only to search for actual strings (again, I think they simply index and search - corrections from the knowledgeable welcome).

With IMB's OmniFind (Omni is overused to the point of being a cliche' now) you could type in, say, 'requirements gathering' and it will search even for something like 'how to create great requirements' or 'the art of successful project management' etc - you get the picture. I'd like to repeat that this is not a new area, but to my knowledge it's also not an area that's been developed very well in the consumer area (including corporate customers). And therefore such initiatives are most welcome as they'll help people do better searches and save a whole lot of time in finding the things they're looking for -- so they can be more productive and efficient.

Not to mention they'll REALLY help trial lawyers when they do e-Discovery (remember, all those rules that you're going to be punching in, creating associations and relationships) could become evidence - not just the results but also the RULES AND THE INTENTION(S) behind the rules as well.

Anyway, I'll give it a try and update this blog sometime next month with my findings on how good it is.

_____
tags: almaden |  dell |  google |  ibm |  indexing |  omnifind |  security |  semantic search |  storage |  the networked storage company |  tnwsc.com tnwsc