Posted on Innovation - 4 January 2010 @ 11:55am
from the let's-get-physical dept
The physical security of the your Data Centre often appears to be a simple and obvious exercise in management. When evaluating the requirements and conducting the analysis, physical security appears deceptively straightforward compared to the technology and plant issues. Often we find an older male, typically ex-military, who has spent time in the security industry -- maybe even with some time in an IT Team -- and learned some understanding of the technology, and then put in control of physical security.
Their experience equips them to prepare, layout and consult on plans for the cameras, electronic locks, security rosters and patrol rotas, ram defenses, crowd-charge barriers and customer identity issues. They can setup lines of command and control where each element of the security team understands their roles and responsibilities, and the escalations, and the documentation of all of these procedures. And the ongoing auditing of all these processes.
However, technology professionals are mostly not the type of people who take directions well. Their free wheeling, lateral thinking capabilities means that they are always looking for ways around the system. Implementation of physical security often assumes that approved users will behave is the correct manner and observe the rules and guidelines that have been laid out for them.
While it is possible to demand that IT workers observe the rules and place employment restrictions to enforce them, this is usually poor practice. Your IT people are often creative and highly self-motivated and this can easily create resentment, workflow restrictions and poor productivity.
The real answer is to take the time to understand the workflow of your operational staff and find ways to integrate the security process into that workflow. The typical "father knows best" view of the physical security officer needs to be overridden and replaced with an integrated view of physical security that includes the customer needs.
For example, the process of delivering new equipment to your Data Centre's dock, unpacking and movement onto the Data Centre floor for installation should be seamless and smooth. Security procedures should be integrated into the accounting and audit processes, not be a separate procedure by different staff.
Failing to get such fundamentals in place will cause tension between the Data Centre customers and the Data Centre operation that always leads to management problems that need addressing on an ongoing basis.
Posted on Innovation - 8 December 2009 @ 12:12pm
from the human-intelligence-required dept
The area of greatest complexity for Application Performance Monitoring is the mapping of business expectations to the deliverables from the technology. When a business spends capital on a monitoring system, they do so in expectation of solving a business problem, but oftentimes the software does not readily provide status reports that are completely meaningful.
For example, let's consider using Cacti for monitoring network performance. Cacti is an open source package, and it's usually one of the first monitoring systems deployed when network monitoring is needed. In a real sense, Cacti and its widespread use sets a base standard for Performance Monitoring -- a standard that is regularly exceeded by commercial tools. Cacti, in a basic install, can deliver only graphs of performance information. That is, by polling devices or servers in the data center at regular intervals, it can populate a circular database with the values. The data points can then be plotted onto a simple graph, and the software can poll the current CPU utilisation of a firewall. This value is typically the instantaneous CPU value at time of poll, and gives a very good view over time of the utilisation of the firewall CPU. Cacti could also be configured to poll the number of concurrent connections, also a key indicator of firewall performance. And charting the number of concurrent connections over the period of day, weeks and months will give a baseline suitable for budgeting the next replacement firewall. However, despite all this data collection, an experienced engineer also knows that these criteria are not the only factors that determine firewall upgrades. Other issues relating to firmware upgrades, growth in firewall rules and new security features are more likely to have a major impact on firewall performance.
Based on this example, it can be seen that Application Performance Monitoring can be helpful in understanding the performance of devices, but the deliverables (eg. Firewall Performance) requires interpretation and expertise to get an answer that the business requires. This means that Application Performance Monitoring requires both tools and knowledge to meet the expectations of the business.
Posted on Innovation - 3 December 2009 @ 10:24am
from the it's-not-going-to-install-itself dept
Monitoring of IT infrastructures involves the abstraction of the detailed technical implementation into a collation of information that matches the business requirements. It's not as simple as 'installing the system' and away we go. There can be many challenges of selecting and monitoring variables for a given system, and the results may need to be interpreted by an Engineer who can consider the operational environment to understand the complete system before drawing conclusions. Several considerations may rely solely on the engineer to have knowledge of the business platform at an operational and a strategic level.
However, in many business, an engineer is not a part of the business level processes. Dissemination of the current business strategy and forward planning is not typically part of an engineer's life. But to get the most from your Application Monitoring, you are required to be able to interpret the data in the light of the current business expectations. That makes for a tidy conundrum.
For Application Monitoring to be effective, Business Managers and Service Owners will need to get involved and learn, comprehend and understand the data that is being presented to them. This involvement will require their technical involvement to understand the data collection processes, the limitations that this creates on the reporting and how the system can be adapted to meet their requirements. This can be a challenge for Management types, who have often moved into soft skills and lost touch with the harsh realities of hard skills (i.e. It works/doesn't work vs "We can define what works") and will resist becoming part of the solution.
Part of deploying an Application Performance Monitoring system is getting engagement from stakeholders, but specifically, managers will need to engage technically to make the most from the system. This is no different from the skills managers need to navigate an Accounting system, it's just not part of the manager's job description, and may take a while to learn the ropes.
Techdirt has not posted any stories submitted by Greg Ferro.
Submit a story now.
