Virtualization has become a common term in IT organizations today. In fact, if you don’t know what virtualization is, you should probably read this blog post first. Virtualization has the obvious benefits; cost reduction, increased agility in responding to business needs, and more efficient IT operations. Most organizations have either mastered their virtualization strategy and are long on their way to implementation, while others are in the process of getting one started. For those of you that are just getting on the virtualization bandwagon, here are a few tips to help ensure your success.
1. Plan, Plan, Plan
As you develop your virtualization strategy, you need to consider how the virtual world will be different from the physical and the impacts that it will have not only on IT operations, but also the business. Be ready to take a comprehensive approach by defining how your architecture, technology, people and processes are impacted. And realize that everything from capacity planning to security processes will change.
2. Prepare the Troops
Are your people ready? Are your business partners ready? Engage the people that are directly impacted by these changes so that they’re more inclined to embrace the changes when they’re finally implemented. Work with the various infrastructure teams to ensure that they are well prepared to build and support a virtual environment. Take the time to talk to application teams and explain the changes that they’ll have to make as they move to the virtual world. Define processes and procedures for both infrastructure and application teams. Keeping your people in the know about the changes and how to adopt them will ensure that the virtual world that you build truly provides the organization with the benefits that you originally set out to achieve.
3. Automate
A key aspect of virtualization is automation. Automation will help you increase efficiency and lower operating costs by eliminating labor intensive tasks. Create centralized virtual server managers to reduce the time spent provisioning and managing VMs across multiple platforms. Take advantage of Physical to Virtual (P2V) and Virtual-to-Virtual (V2V) migration tools. These tools will allow you to move VMs to other servers without having to power them down or experience an outage. Asset and licensing management, provisioning, lifecycle management, and release and patch management are all good candidates for automation.
4. Iron out the Details
Implementing virtualization in any company requires close attention to detail…both at the micro and macro level. For example, something as simple as how system resources are named and organized must be defined and documented early on because these details will play a critical role in how future moves and changes will be impacted. Be sure to clearly define a virtualization security policy. This includes creating secure builds, separation of duties, and the various levels of security between the virtual and the physical layers. Understand what your current tools inventory looks like. Virtualization doesn’t necessarily mean that you have to purchase an entire new suite of bleeding edge tools to administer and operate your environment. Take the time to understand how you can take advantage of what you currently have and build a roadmap to set the direction that your virtualization strategy will follow.
The beauty of virtualization is that is provides significant cost savings, speeds up time to market, and essentially transforms your IT organization, allowing you to focus on core business needs. But implementing virtualization isn’t easy. It requires work throughout the entire organization. The key to success is to be disciplined about creating a solid plan and understanding the impacts, risks and benefits that this change will have on the entire organization.
Tuesday, August 31, 2010
Friday, August 6, 2010
A Primer on Oracle Fusion Middleware 11g
No matter what industry you’re in, middleware application infrastructure is a necessary piece of your technology investment, because it plays a vital role in the key processes and applications that run your business. Middleware is often referred to as the “plumbing” of the infrastructure because it connects multiple applications together and allows them to communicate and pass data back and forth.
A typical middleware suite includes Web servers, database engines, application servers, scripting languages, security, and some type of monitoring. Some of the top middleware suite contenders include Oracle’s Fusion Middleware, IBM’s WebSphere, and Red Hat’s JBoss. In my opinion, Oracle’s Fusion Middleware rises to the top. Come on, how can you not have an appreciation for something that was incubated for almost 3 years and included nearly 13 million hours of testing?
The shiny new suite comes with many new bells and whistles and is fundamentally built on four major design principals (www.oracle.com):
1. Complete – it’s a one-stop shop for all of your middleware needs
2. Integrated – it plays nice with all of your other Oracle products, therefore simplifying integration complexity and reducing costs
3. Hot Pluggable – it provides flexibility and allows you to leverage your existing technology investments with the ability to “drop and deploy” Fusion Middleware components into your existing environment
4. Best of Breed – well my opinion could be a little bias here ☺
Fusion Middleware 11g introduces new and improved capabilities for the Oracle WebLogic Suite, the SOA Suite, and the Web Center Suite. It also introduces us to Identity Management as a suite and emphasizes 11g’s improved functionality, integration and business intelligence. If you’re in the mood to totally geek it out on the technical details of Oracle Fusion Middleware 11g, you can certainly visit their site, but here’s a quick summary of the 11g enhancements:
• Oracle WebLogic Suite 11g (together with WebLogic Server), the cornerstone of Fusion Middleware 11g, provides features such as GridLink for Real Application Clusters and ActiveCache which enables you to meet the varying demands of both users and systems
• Oracle SOA Suite 11g is an integrated system that brings the business and IT together by providing a single process platform for human and document-centric business processes
• Oracle Web Center Suite 11g lets you take advantage of existing IT components and allows you to quickly build enterprise portals, composite applications or personalized enterprise 2.0 Web sites. It also provides you with the ability to manage the entire lifecycle from a single location
• Oracle Identity Management Suite 11g is a fully integrated security framework allowing developers to integrate security directly into their applications, termed by Oracle as “service oriented security”. It also has built in enterprise analytics for compliance and governance and has introduced new features such as Universal Federation Framework
Other highlights of Fusion Middleware 11g include better content management with Oracle Enterprise Content Management 11g, as well as enhanced development tools such as Oracle JDeveloper 11g.
IT organizations will continue to strive for integrated solutions that will help them meet the demands of their business. With the release of Oracle Fusion Middleware 11g, Oracle has certainly set the standard for “ware it’s at”, in the world of middleware.
Wednesday, June 9, 2010
Five Tips on Building an IT Modernization Road Map
Have you ever opened your pantry and pulled out a box of snacks and realized that it expired weeks ago? You find yourself debating on whether or not you should just eat it, thinking, “What harm can it really do?” I like to use this example when talking to people about the shelf life of the technology in their IT environments.
Most IT organizations have a variety of flavors in their technology pantry. Over the years we’ve seen platforms go from mainframe, desktop computing, client-server distributed computing, web based computing and now to SOA and Cloud computing. We’ve also seen a variety of programming languages emerge; COBOL, VB, Visual C++, Java and Object Oriented programming. All of these platforms and languages have definitely improved end user experiences however; some of them have definitely outlived their shelf life.
In 2004, Forrester conducted a survey and asked IT executives what percentage of their company’s overall IT spending would go to new investments versus ongoing operations and maintenance. The survey revealed that over the years, most organizations were spending more money to “keep the lights on” rather than modernizing their IT environments. Most executives claimed that they were so engaged in satisfying business needs with new projects, that there was little time and money to focus on modernizing old or duplicate hardware and applications.
This technology modernization conundrum has gotten more attention with shifts in the economy, the push to do more with less, and as various Green initiatives are spearheaded. As an IT executive, you have the choice of doing nothing and continuing to maintain the archaic technology. You can start a decommissioning initiative to get rid of the old “stuff”. You can initiate projects to rewrite applications with off the shelf packages or SOA. Or you can choose to modernize your environment in some way. Naturally all of these options cost money but understanding the impact of each of these options on your environment will allow you to make the right decisions.
As you start down this path, it’s important to enlist the help of a good migration vendor or vendors. Look for someone that understands the existing and new platforms, version compatibility, databases, and servers. Your vendor should have solid enterprise migration experience and understand how to help you mitigate the risks. Finally, secure an experienced project manager that has performed large scale enterprise wide migrations in the past.
Once you’ve secured the right resources and taken a thorough inventory, meet with the business and perform a cost benefit analysis. This will quickly help you determine where to invest for new projects, what items should be replaced or retired, and what items should be modernized. After you’ve created this list of “modernizable” technology, engage your vendors and start planning the roadmap. I recommend the implementation of a checkpoint or a continuous refinement of the roadmap to ensure that IT and the business are aligned and providing the best value.
Modernizing doesn’t mean that you will rip and replace all of your technology. It’s also not a one time endeavor. It has to do with having the right strategy in place to ensure that your technology investments are providing the most benefits to the entire organization as it evolves over time.
Most IT organizations have a variety of flavors in their technology pantry. Over the years we’ve seen platforms go from mainframe, desktop computing, client-server distributed computing, web based computing and now to SOA and Cloud computing. We’ve also seen a variety of programming languages emerge; COBOL, VB, Visual C++, Java and Object Oriented programming. All of these platforms and languages have definitely improved end user experiences however; some of them have definitely outlived their shelf life.
In 2004, Forrester conducted a survey and asked IT executives what percentage of their company’s overall IT spending would go to new investments versus ongoing operations and maintenance. The survey revealed that over the years, most organizations were spending more money to “keep the lights on” rather than modernizing their IT environments. Most executives claimed that they were so engaged in satisfying business needs with new projects, that there was little time and money to focus on modernizing old or duplicate hardware and applications.
This technology modernization conundrum has gotten more attention with shifts in the economy, the push to do more with less, and as various Green initiatives are spearheaded. As an IT executive, you have the choice of doing nothing and continuing to maintain the archaic technology. You can start a decommissioning initiative to get rid of the old “stuff”. You can initiate projects to rewrite applications with off the shelf packages or SOA. Or you can choose to modernize your environment in some way. Naturally all of these options cost money but understanding the impact of each of these options on your environment will allow you to make the right decisions.
As you start down this path, it’s important to enlist the help of a good migration vendor or vendors. Look for someone that understands the existing and new platforms, version compatibility, databases, and servers. Your vendor should have solid enterprise migration experience and understand how to help you mitigate the risks. Finally, secure an experienced project manager that has performed large scale enterprise wide migrations in the past.
Once you’ve secured the right resources and taken a thorough inventory, meet with the business and perform a cost benefit analysis. This will quickly help you determine where to invest for new projects, what items should be replaced or retired, and what items should be modernized. After you’ve created this list of “modernizable” technology, engage your vendors and start planning the roadmap. I recommend the implementation of a checkpoint or a continuous refinement of the roadmap to ensure that IT and the business are aligned and providing the best value.
Modernizing doesn’t mean that you will rip and replace all of your technology. It’s also not a one time endeavor. It has to do with having the right strategy in place to ensure that your technology investments are providing the most benefits to the entire organization as it evolves over time.
Friday, April 23, 2010
Four Challenges of Virtualization
This blog was also published by CIO.com:http://advice.cio.com/solstice_consulting/10197/four_challenges_of_virtualization
Imagine this, as a developer; to procure your virtual machine, you simply visit a company portal, click on a few buttons to define the CPU, memory, disk capacity, and VM image, click submit and voila…within minutes, these resources are deployed to you and you’re off on your merry way developing the next cool and exciting application.
Many organizations have grasped the concept of virtualization, the idea of decoupling the software from the hardware on which it runs. In fact, this process is starting to become mainstream. However, virtualization has also introduced its own set of challenges that have IT managers searching for answers.
Skills & Training
For some organizations, securing resources that possess the adequate skill set to create and administer virtualized servers is a challenge. Virtualization provides the ability to rapidly deploy servers into an environment however, getting resources trained and confident with virtualization skills isn’t moving at the same pace. In most cases, organizations don’t have the funding to train and maintain the staff needed to support their virtual environment.
Support & Manageability
Support and manageability of a virtualized environment are other challenges that organizations face. Companies are weary of application vendors who are still not willing to support applications that sit on a virtualized environment causing support teams to maintain a physical machine (a P2V migration)…”just in case”. Specific marketing strategies or technical limitations are two reasons why vendors are toying with the idea of taking responsibility.
Internally, organizations are also faced with these issues. Proper monitoring and support tools need to be in place to allow system admins to track performance, and monitor and report on every aspect of a virtual machine. As the virtual environment continues to grow, the ability to streamline the provisioning, configuring and patching processes are essential to the ease of support and manageability of a virtual environment.
Software Licensing
Traditional licensing models have a one to one relationship...that is, one operating system on one physical machine which makes estimating fairly straight forward. However in the virtual world, the physical machine is split into multiple “virtual” computers that can be deployed or decommissioned in minutes. The challenge is in determining where to draw the line. Should the ability to rapidly deploy or eliminate VM’s directly impact a vendor’s revenue model? This is where customers and software vendors are playing a game of tug of war.
Performance & Scalability
One of the beauties of virtualization is to be able to deploy a large number of virtual machines on a single physical machine. As newer multi-core CPUs become available, the other physical resources in each virtualization host are not expected to grow at the same pace. Limited network or memory bandwidth significantly impacts the scalability and performance of the virtual infrastructure. Apart from cores, each virtual machine presents the need for individual software packages such as anti-virus, to add further demand on the physical resources.
As advances in technology continue to take place, organizations will be introduced new challenges. When planning your virtualization road map take these challenges into account and plan ahead to have a strategy in place to confront them.
Imagine this, as a developer; to procure your virtual machine, you simply visit a company portal, click on a few buttons to define the CPU, memory, disk capacity, and VM image, click submit and voila…within minutes, these resources are deployed to you and you’re off on your merry way developing the next cool and exciting application.
Many organizations have grasped the concept of virtualization, the idea of decoupling the software from the hardware on which it runs. In fact, this process is starting to become mainstream. However, virtualization has also introduced its own set of challenges that have IT managers searching for answers.
Skills & Training
For some organizations, securing resources that possess the adequate skill set to create and administer virtualized servers is a challenge. Virtualization provides the ability to rapidly deploy servers into an environment however, getting resources trained and confident with virtualization skills isn’t moving at the same pace. In most cases, organizations don’t have the funding to train and maintain the staff needed to support their virtual environment.
Support & Manageability
Support and manageability of a virtualized environment are other challenges that organizations face. Companies are weary of application vendors who are still not willing to support applications that sit on a virtualized environment causing support teams to maintain a physical machine (a P2V migration)…”just in case”. Specific marketing strategies or technical limitations are two reasons why vendors are toying with the idea of taking responsibility.
Internally, organizations are also faced with these issues. Proper monitoring and support tools need to be in place to allow system admins to track performance, and monitor and report on every aspect of a virtual machine. As the virtual environment continues to grow, the ability to streamline the provisioning, configuring and patching processes are essential to the ease of support and manageability of a virtual environment.
Software Licensing
Traditional licensing models have a one to one relationship...that is, one operating system on one physical machine which makes estimating fairly straight forward. However in the virtual world, the physical machine is split into multiple “virtual” computers that can be deployed or decommissioned in minutes. The challenge is in determining where to draw the line. Should the ability to rapidly deploy or eliminate VM’s directly impact a vendor’s revenue model? This is where customers and software vendors are playing a game of tug of war.
Performance & Scalability
One of the beauties of virtualization is to be able to deploy a large number of virtual machines on a single physical machine. As newer multi-core CPUs become available, the other physical resources in each virtualization host are not expected to grow at the same pace. Limited network or memory bandwidth significantly impacts the scalability and performance of the virtual infrastructure. Apart from cores, each virtual machine presents the need for individual software packages such as anti-virus, to add further demand on the physical resources.
As advances in technology continue to take place, organizations will be introduced new challenges. When planning your virtualization road map take these challenges into account and plan ahead to have a strategy in place to confront them.
Tuesday, March 9, 2010
The Basics of SAN Security
This blog was also published by CIO.com: http://advice.cio.com/
It’s important to protect your organization from malicious threat and from preventing hackers access to sensitive data. You also want to ensure that your organization is compliant with security regulations. When implementing infrastructure projects it’s necessary to ensure that all of the components of the implementation are secure. Storage Area Network or SAN, is one of these components. In laymen’s terms, a SAN is a network that enables storage devices to communicate with other storage devices and computer systems. A SAN uses a high performance network, like fibre channel or Ethernet to communicate, and it typically connects disks and tape drives, RAID subsystems, robotic libraries, and file servers.
As SAN technology becomes more popular, organizations are continuing to evolve their technologies and reap the benefits that SAN has to offer. We all know that computers are attached to some type of storage, but the benefit of a SAN is that it enables Universal Storage Connectivity; the ability to connect many computers to a lot of storage devices allowing computers to negotiate device ownership and share data.
As you integrate SAN into your infrastructure, you also want to make sure that it’s secure. Securing SAN is quickly becoming an important topic, mainly due to the sensitive data that is being transmitted and stored. A method called Zoning is the most common method for managing and securing SAN. It allows you to determine which groups of users can connect with specific storage volumes. It also matches operating systems with their storage. Some of the benefits that Zoning offers include:
• Manageability. Zoning allows you to split SAN up into manageable chunks which makes it easier to keep track of storage and devices
• Security. Zoning allows users to only have access to information they need
• Separation: Zoning allows you to categorize by specific business function or even OS to avoid the possibility of data corruption
• Access: Zoning allows administrators to set up temporary restrictions therefore providing them with greater control
Zoning can be implemented in several different ways and the benefits vary depending on the implementation method. Two common methods of Zoning are “soft” and “hard” zoning. Name server zoning, typically called “soft” zoning, partitions zones based on the World Wide Name (WWN) of devices on the SAN. Port or “hard” zoning allows devices attached to specific ports on a switch to communicate only with devices attached to other ports in the same zone. Name server zoning is the most flexible and easier to set up, where hard zoning is more secure but can create data flow challenges.
When creating SAN architecture for your organization, Zoning is an important aspect to consider when determining security and manageability. Other aspects to consider for a quality SAN implementation include; capacity, availability, performance and scalability. A solid SAN implementation will allow IT organizations to reduce costs and possibly provide new services that were not previously available through legacy storage systems.
It’s important to protect your organization from malicious threat and from preventing hackers access to sensitive data. You also want to ensure that your organization is compliant with security regulations. When implementing infrastructure projects it’s necessary to ensure that all of the components of the implementation are secure. Storage Area Network or SAN, is one of these components. In laymen’s terms, a SAN is a network that enables storage devices to communicate with other storage devices and computer systems. A SAN uses a high performance network, like fibre channel or Ethernet to communicate, and it typically connects disks and tape drives, RAID subsystems, robotic libraries, and file servers.
As SAN technology becomes more popular, organizations are continuing to evolve their technologies and reap the benefits that SAN has to offer. We all know that computers are attached to some type of storage, but the benefit of a SAN is that it enables Universal Storage Connectivity; the ability to connect many computers to a lot of storage devices allowing computers to negotiate device ownership and share data.
As you integrate SAN into your infrastructure, you also want to make sure that it’s secure. Securing SAN is quickly becoming an important topic, mainly due to the sensitive data that is being transmitted and stored. A method called Zoning is the most common method for managing and securing SAN. It allows you to determine which groups of users can connect with specific storage volumes. It also matches operating systems with their storage. Some of the benefits that Zoning offers include:
• Manageability. Zoning allows you to split SAN up into manageable chunks which makes it easier to keep track of storage and devices
• Security. Zoning allows users to only have access to information they need
• Separation: Zoning allows you to categorize by specific business function or even OS to avoid the possibility of data corruption
• Access: Zoning allows administrators to set up temporary restrictions therefore providing them with greater control
Zoning can be implemented in several different ways and the benefits vary depending on the implementation method. Two common methods of Zoning are “soft” and “hard” zoning. Name server zoning, typically called “soft” zoning, partitions zones based on the World Wide Name (WWN) of devices on the SAN. Port or “hard” zoning allows devices attached to specific ports on a switch to communicate only with devices attached to other ports in the same zone. Name server zoning is the most flexible and easier to set up, where hard zoning is more secure but can create data flow challenges.
When creating SAN architecture for your organization, Zoning is an important aspect to consider when determining security and manageability. Other aspects to consider for a quality SAN implementation include; capacity, availability, performance and scalability. A solid SAN implementation will allow IT organizations to reduce costs and possibly provide new services that were not previously available through legacy storage systems.
Tuesday, December 15, 2009
4 Security Considerations for Mobile Web Applications
Do you remember the last time you used a payphone to make a phone call? Probably not. Fortunately, there’s the Internet that will allow you to have access to all of the information about a payphone right at your fingertips. If you haven’t already figured it out, the Internet is huge, and having the ability to access it from anywhere is a key component of mobility. With the number of devices that people use to access the Internet, coupled with the number of mobile applications, the mobile footprint seems to grow exponentially. It all sounds really cool doesn’t it? At least until one of the mobile apps that you’re utilizing creates a window of opportunity for a security breach that exposes all of your personal information. Not so cool anymore, right? This mobile explosion has created the need to establish mobile application security best practices and I’ve outlined a few of them below.
Privacy
The first best practice related to mobile application security has to do with security and privacy, basically ensuring that the data coming into your application code is “trusted” information. This means closing potential holes not only in your software code, but also in your hardware. It also means ensuring that you don’t inadvertently open up holes as you try to close others. What exactly does “trusted data” mean? Think of it this way, your code accepts data from everywhere; URL parameters, cookies, browser variables, form fields, databases, or other external data sources. As a developer, you need to ensure that you take all of the right measures to ensure that data from these sources isn’t going to cause your application to crash, display improperly, permit a security breach or allow any other unintended services to be performed. Some common methods of securing your application include data integrity (ensuring data is complete or whole), encryption (making it unreadable without a key), and data validation (validation rules or check routines).
Untrusted Data
Another best practice related to security and privacy has to do with executing untrusted JSON data. No folks, this isn’t “text speak” for the name “Jason”, it’s JavaScript Object Notation. Wikipedia defines JSON as a “lightweight data interchange format.” This format is popular within the JavaScript community and is used for serialization and transmitting data over a network connection. Well then what’s the big deal? This format is often times used as a subset of the JavaScript programming language, which is where the security concerns arise. JavaScript utilizes a built in eval() function to parse JSON formatted data. This is a common practice among many developers today, especially those that are just starting off in the world of programming. If the data that is parsed is not within a single trusted source, the entire eval() technique is open to security vulnerabilities. Utilizing regular expressions to perform pre checks, employing native JSON,or using a new function called parseJSON (), are ways to avoid these security vulnerabilities.
User Awareness & Control
User awareness and control is another best practice. It’s important that your users are aware of all of the asynchronous server-side or Internet based functions that your mobile application performs whether they’re up front and in your face, or behind the scenes. This can often be symbolized by a spinning wheel in the corner of the app. And because these actions may have access to very sensitive user data, it’s important to provide the user with options to control these actions. Some of these “behind the scene” activities may have an impact on the user’s network access. This can be in the form of data charges or battery life. It’s also important to notify the user when their personal or device information is being utilized by a mobile application. This notification should appear as soon as the user enters your mobile application.
Auto Sign-on
And finally, because mobile devices are ultimately handheld devices that make information available anywhere, the use of automatic sign on is strongly encouraged when developing mobile applications. As a user, if I have to provide my user credentials when utilizing your application, the last thing I want go through is having to type my credentials on a dinky little mobile device upon each visit. Having the ability to “be remembered” is a common feature within the mobile application world. However, ensuring that the credentials are encrypted or stored on a secure token is the right way to allow automatic sign on.
As we become a more mature mobile society, security is a crucial factor that should be taken into account as you develop mobile applications. How quickly you can adapt to the changes of the mobile environment will determine your position in the mobile arena. As you develop your mobile application, following simply best practices can go a long way in securing the future of your mobile application.
Privacy
The first best practice related to mobile application security has to do with security and privacy, basically ensuring that the data coming into your application code is “trusted” information. This means closing potential holes not only in your software code, but also in your hardware. It also means ensuring that you don’t inadvertently open up holes as you try to close others. What exactly does “trusted data” mean? Think of it this way, your code accepts data from everywhere; URL parameters, cookies, browser variables, form fields, databases, or other external data sources. As a developer, you need to ensure that you take all of the right measures to ensure that data from these sources isn’t going to cause your application to crash, display improperly, permit a security breach or allow any other unintended services to be performed. Some common methods of securing your application include data integrity (ensuring data is complete or whole), encryption (making it unreadable without a key), and data validation (validation rules or check routines).
Untrusted Data
Another best practice related to security and privacy has to do with executing untrusted JSON data. No folks, this isn’t “text speak” for the name “Jason”, it’s JavaScript Object Notation. Wikipedia defines JSON as a “lightweight data interchange format.” This format is popular within the JavaScript community and is used for serialization and transmitting data over a network connection. Well then what’s the big deal? This format is often times used as a subset of the JavaScript programming language, which is where the security concerns arise. JavaScript utilizes a built in eval() function to parse JSON formatted data. This is a common practice among many developers today, especially those that are just starting off in the world of programming. If the data that is parsed is not within a single trusted source, the entire eval() technique is open to security vulnerabilities. Utilizing regular expressions to perform pre checks, employing native JSON,or using a new function called parseJSON (), are ways to avoid these security vulnerabilities.
User Awareness & Control
User awareness and control is another best practice. It’s important that your users are aware of all of the asynchronous server-side or Internet based functions that your mobile application performs whether they’re up front and in your face, or behind the scenes. This can often be symbolized by a spinning wheel in the corner of the app. And because these actions may have access to very sensitive user data, it’s important to provide the user with options to control these actions. Some of these “behind the scene” activities may have an impact on the user’s network access. This can be in the form of data charges or battery life. It’s also important to notify the user when their personal or device information is being utilized by a mobile application. This notification should appear as soon as the user enters your mobile application.
Auto Sign-on
And finally, because mobile devices are ultimately handheld devices that make information available anywhere, the use of automatic sign on is strongly encouraged when developing mobile applications. As a user, if I have to provide my user credentials when utilizing your application, the last thing I want go through is having to type my credentials on a dinky little mobile device upon each visit. Having the ability to “be remembered” is a common feature within the mobile application world. However, ensuring that the credentials are encrypted or stored on a secure token is the right way to allow automatic sign on.
As we become a more mature mobile society, security is a crucial factor that should be taken into account as you develop mobile applications. How quickly you can adapt to the changes of the mobile environment will determine your position in the mobile arena. As you develop your mobile application, following simply best practices can go a long way in securing the future of your mobile application.
Wednesday, November 18, 2009
Components of a Quality Patch Management Strategy
When most of us think about IT security, some of the more common terms come to mind. Things like access, authorization, roles and identity. Those of us who are not directly related to patch management often times fail to remember that IT security also has to do with securing the infrastructure that your organization runs on.
One of the most pressing challenges that IT managers face today is ensuring that all of their systems are safe from security vulnerabilities. Let’s face it, it doesn’t matter what operating system, hardware, or software you’re utilizing, in the world of IT, patches and security updates are a never-ending assignment. That’s why it’s important that your organization develop a solid patch management strategy.
So what should a quality patch management strategy consist of? There are many ways to go about developing this strategy. As an enterprise, it's important to quickly determine whether your organization is going to implement a manual or a fully automated system. If your organization is fairly small, I suggest implementing a manual process where you patch each machine one by one. Because your technical footprint is small, you'll have more control and manageability of your strategy. However, if you have a mid to large sized corporation, the various flavors of technology utilized by different groups tends to make a manual patching process more cumbersome. That's why mid to large sized corporations are advised to implement a fully automated system. This also allows you to patch your hardware or software quickly and more efficiently. Taking future growth into account is a good way to ensure that you're implementing the best long term strategy for your organization.
Putting together a patch management strategy goes beyond making sure that a specific service pack is installed on a server. In addition to the well thought out details at an enterprise level, it’s the policies and procedures that support a patch management strategy that really determine its success or failure.
The first step is to develop a documented policy that is shared and understood across the entire enterprise. This policy should outline:
• Which systems will be patched
• How patches should be prioritized
• A schedule that outlines which non-critical patches will be deployed
• How critical patches will be handled
• What testing is required prior to deployment
Next it’s important to establish which team will manage the implementation of these patches. Creating a dedicated team to implement critical patches would be the ideal scenario. However, due to resource and budgetary constraints, in most organizations, it will more than likely be the same group of individuals that manage and monitor non-critical patches.
Finally, create a formal change control process for patch deployment. Why? This allows you to establish a repeatable standard process for your organization to physically role out patches, making it easier for IT staff to manage. Also, it’s very likely that a patch installation can go wrong, which makes it necessary to establish a communication and back out plan to mitigate the risk of an outage as soon as possible.
Sounds pretty simple…right? Unfortunately many organizations find implementing a patch management strategy very challenging. Lack of proper tools, unexpected growth, environment complexity, and newer technology are just a few factors that contribute to what I refer to as planning and implementation paralysis. Getting these standards in place tend to get overlooked due to higher priorities. And more than likely, those looking into the process will generally have a much different opinion than those actually performing the process. The challenge is getting these two groups to come together to decide on a unified strategy.
As you develop a patch management strategy for your organization, keep in mind that patching is a process that is vital to the health of your infrastructure. And as your organization ventures towards new technology territory, make sure that you think through all of the down stream impacts…including patch management. As critical of a function as patch management is, it should also be as invisible as possible, so that it does not disrupt the daily operations of your organization. Systems should be able to operate in their normal fashion and patching should not incur costly outages to the organization.
Establishing a patch management strategy for your organization should be a proactive not a reactive approach. It's important to get the fundamentals of the strategy implemented, and build upon the foundation as your organization grows and the technology within your organization varies.
One of the most pressing challenges that IT managers face today is ensuring that all of their systems are safe from security vulnerabilities. Let’s face it, it doesn’t matter what operating system, hardware, or software you’re utilizing, in the world of IT, patches and security updates are a never-ending assignment. That’s why it’s important that your organization develop a solid patch management strategy.
So what should a quality patch management strategy consist of? There are many ways to go about developing this strategy. As an enterprise, it's important to quickly determine whether your organization is going to implement a manual or a fully automated system. If your organization is fairly small, I suggest implementing a manual process where you patch each machine one by one. Because your technical footprint is small, you'll have more control and manageability of your strategy. However, if you have a mid to large sized corporation, the various flavors of technology utilized by different groups tends to make a manual patching process more cumbersome. That's why mid to large sized corporations are advised to implement a fully automated system. This also allows you to patch your hardware or software quickly and more efficiently. Taking future growth into account is a good way to ensure that you're implementing the best long term strategy for your organization.
Putting together a patch management strategy goes beyond making sure that a specific service pack is installed on a server. In addition to the well thought out details at an enterprise level, it’s the policies and procedures that support a patch management strategy that really determine its success or failure.
The first step is to develop a documented policy that is shared and understood across the entire enterprise. This policy should outline:
• Which systems will be patched
• How patches should be prioritized
• A schedule that outlines which non-critical patches will be deployed
• How critical patches will be handled
• What testing is required prior to deployment
Next it’s important to establish which team will manage the implementation of these patches. Creating a dedicated team to implement critical patches would be the ideal scenario. However, due to resource and budgetary constraints, in most organizations, it will more than likely be the same group of individuals that manage and monitor non-critical patches.
Finally, create a formal change control process for patch deployment. Why? This allows you to establish a repeatable standard process for your organization to physically role out patches, making it easier for IT staff to manage. Also, it’s very likely that a patch installation can go wrong, which makes it necessary to establish a communication and back out plan to mitigate the risk of an outage as soon as possible.
Sounds pretty simple…right? Unfortunately many organizations find implementing a patch management strategy very challenging. Lack of proper tools, unexpected growth, environment complexity, and newer technology are just a few factors that contribute to what I refer to as planning and implementation paralysis. Getting these standards in place tend to get overlooked due to higher priorities. And more than likely, those looking into the process will generally have a much different opinion than those actually performing the process. The challenge is getting these two groups to come together to decide on a unified strategy.
As you develop a patch management strategy for your organization, keep in mind that patching is a process that is vital to the health of your infrastructure. And as your organization ventures towards new technology territory, make sure that you think through all of the down stream impacts…including patch management. As critical of a function as patch management is, it should also be as invisible as possible, so that it does not disrupt the daily operations of your organization. Systems should be able to operate in their normal fashion and patching should not incur costly outages to the organization.
Establishing a patch management strategy for your organization should be a proactive not a reactive approach. It's important to get the fundamentals of the strategy implemented, and build upon the foundation as your organization grows and the technology within your organization varies.
Wednesday, November 11, 2009
IT Innovation Through Business Relationships
Sometimes following the right process or methodology is not the best way to manage a project. I think the key to a successful project is much deeper than the methodology, tools, processes or even the quality of the project manager. I think it has a lot to do with the relationship between IT and the business.
Take the pulse of your organization, for instance. Are IT and business managers coming together as strategic partners, or is IT simply viewed as a service provider within the organization? Coming together as strategic partners doesn't just imply that you share a seat at the table; it means that you're striving to learn and understand the language of the business. It means that both IT and business are making strategic efforts to move from the "service mindset" to a "value mindset". Taking the time to learn the language of the business, and the company's vision for the future will help clarify the areas in which technology can add the most value. But getting these basics right isn't enough. The challenge here is to instill in the IT staff, a mindset of continuous improvement, and to ensure that their goals align with the business needs, even as they change and evolve daily.
Becoming strategic partners allows both IT and the business units to create a shared vision, which they can successfully spread across the entire organization. Creating this shared vision is simpler than you would imagine – just take the time to understand what the business units do, and ask yourself how can I help them improve this with my IT knowledge. It may also mean that discussions start from the very beginning, by examining how past IT initiatives helped or hurt the business and how they can be improved upon.
It's also important to note that the business doesn't want you, the IT professional, to do their business; they want you to enable their business. It's up to the IT professionals to help them understand the value that IT brings to their daily processes as well as to their strategic direction rather than a barrier to innovation. Demonstrate that innovation isn’t fueled by technology, but rather through discussion and collaboration.
So the next time you start a new IT project, look beyond the methodologies, tools and processes and understand the business. Be aware of the importance of change management, communication, and risk and compliance. And don’t lose opportunities to be creative because of rigid processes and standards. As IT professionals, it’s up to us to get out of the business of maintaining and start innovating.
Thursday, October 8, 2009
Virtualization: Do I Need It?
Virtualization technology has hit the IT industry by storm. As new vendors enter the market, or software providers integrate it into their product lines, companies are scrambling to figure out ways to implement virtualization throughout their organizations. It's becoming more and more critical that anyone involved in technology understand the concept of virtualization....QUICK! For those of us that are not intimately involved with the technology, understanding the value that virtualization provides can be challenging. It can be difficult to quickly highlight the key benefits of virtualzation to a management team if you don't fully understand them yourself. Outlined below are a few key benefits of virtualization that every tech savvy individual should know ...
One of the greatest benefits that virtualization brings to the table is cost reduction. By reducing the number of physical servers in a data center, you greatly reduce hardware maintenance costs and increase space utilization efficiency. Server Consolidation has become one of the most "popular" cost reducing IT initiatives in enterprises today. Virtualization allows companies to reduce the number and types of servers that support their business leading to significant cost savings. By going through the Server Consolidation exercise, companies save on energy costs on the consolidated servers and also on the cooling systems utilized within the data centers. Essentially this entire process also allows you to reduce licensing costs, OS and antivirus licenses to name a few.
Apart from the significant cost savings that virtualization provides, it also allows for organizations to respond quicker to the demands of their business. With virtualization, you inherently implement various techniques such as: partitioning, clustering and workload management. These techniques allow you to configure servers into reusable pools of resources that better position you to respond to business needs. Virtualization also allows you to deploy multiple operating system technologies on a single hardware platform. As these techniques are implemented, it allows you to deploy your administrators more efficiently, therefore reducing unnecessary administration costs.
If the Service Level Agreements (SLA) of the environment in which your critical applications operate in promise a high or continuous level of up time, and chances are that your environment is one of these, then you want to ensure that any type of activity performed on the environment doesn't impact the entire environment. Virtualization allows you to "house" each application in it's own "virtual server" to prevent one application from impacting another application when upgrades or changes are made.
The benefits of virtualization are so great that an organization is essentially doing an injustice, not only to it's bottom line, but also to it's employees by not embracing it. To truly understand the benefits, pay a visit to your local server admin, developer and data center server team and let them outline how virtualization can greatly improve their efficiency. The real question that every organization should be asking themselves is not 'what are the benefits of virtualization?', but rather 'What are the implications of not fully embracing virtualization in the enterprise?'
One of the greatest benefits that virtualization brings to the table is cost reduction. By reducing the number of physical servers in a data center, you greatly reduce hardware maintenance costs and increase space utilization efficiency. Server Consolidation has become one of the most "popular" cost reducing IT initiatives in enterprises today. Virtualization allows companies to reduce the number and types of servers that support their business leading to significant cost savings. By going through the Server Consolidation exercise, companies save on energy costs on the consolidated servers and also on the cooling systems utilized within the data centers. Essentially this entire process also allows you to reduce licensing costs, OS and antivirus licenses to name a few.
Apart from the significant cost savings that virtualization provides, it also allows for organizations to respond quicker to the demands of their business. With virtualization, you inherently implement various techniques such as: partitioning, clustering and workload management. These techniques allow you to configure servers into reusable pools of resources that better position you to respond to business needs. Virtualization also allows you to deploy multiple operating system technologies on a single hardware platform. As these techniques are implemented, it allows you to deploy your administrators more efficiently, therefore reducing unnecessary administration costs.
If the Service Level Agreements (SLA) of the environment in which your critical applications operate in promise a high or continuous level of up time, and chances are that your environment is one of these, then you want to ensure that any type of activity performed on the environment doesn't impact the entire environment. Virtualization allows you to "house" each application in it's own "virtual server" to prevent one application from impacting another application when upgrades or changes are made.
The benefits of virtualization are so great that an organization is essentially doing an injustice, not only to it's bottom line, but also to it's employees by not embracing it. To truly understand the benefits, pay a visit to your local server admin, developer and data center server team and let them outline how virtualization can greatly improve their efficiency. The real question that every organization should be asking themselves is not 'what are the benefits of virtualization?', but rather 'What are the implications of not fully embracing virtualization in the enterprise?'
Tuesday, August 11, 2009
Virtualization - What the Heck Is It?
"Trimming the fat" is no longer a term merely heard in the fitness arena. Today the concept of "Lean" or "Going Green" is being embraced across various industries...especially IT.
IT leaders all over are being challenged or rather mandated to trim the excess fat within their technology infrastructures. Executives are demanding that we figure out ways to cut costs and improve efficiencies...essentially figure out ways to do more with less without compromising performance, availability, or end user experiences...to name a few.
Most organizations are solving these issues by turning to technologies such as virtualization. This born again technology lived a short life in the early 90's acting as a way to re-create an end user environment on a single piece of mainframe hardware. However, with the advent of inexpensive technologies and other new developments, virtualization quickly faded.
The new mandate to do more with less...especially within data centers, has quickly put virtualization back on the map. As a Project Manager specializing in infrastructure optimization, I felt compelled to quickly understand the mystery behind virtualization so that I could demonstrate the benefits of it to executive leadership. I decided to unravel this mystery with a simple premise in mind, figure out what the heck virtualization meant!
Once I understood the concept of virtualization and some common types, I quickly found myself asking more deep rooted questions. What are the benefits of virtualization? Why would an organization need it? What are the challenges of implementing a virtualized solution? The list was endless.
Fellow PMs and technology geek wanna-be's, this is important stuff! Understanding where the future of technology is heading is the only way to intelligently assist IT leaders in making smart, more informed decisions. Over the next series of posts, I hope to "Unravel the Mystery of Virtualization" and provide you with virtualization information that you can make part of your technology tool kit. ...Until next time
*Source:www.webopedia.com
IT leaders all over are being challenged or rather mandated to trim the excess fat within their technology infrastructures. Executives are demanding that we figure out ways to cut costs and improve efficiencies...essentially figure out ways to do more with less without compromising performance, availability, or end user experiences...to name a few.
Most organizations are solving these issues by turning to technologies such as virtualization. This born again technology lived a short life in the early 90's acting as a way to re-create an end user environment on a single piece of mainframe hardware. However, with the advent of inexpensive technologies and other new developments, virtualization quickly faded.
The new mandate to do more with less...especially within data centers, has quickly put virtualization back on the map. As a Project Manager specializing in infrastructure optimization, I felt compelled to quickly understand the mystery behind virtualization so that I could demonstrate the benefits of it to executive leadership. I decided to unravel this mystery with a simple premise in mind, figure out what the heck virtualization meant!
- Was it a way for me to notify my network of friends about what I was doing virtually every second of my life without being with them?
- Did we really figure out a technology that could transport me to the moon and back at virtually no cost?
- Or was the concept of Virtualization so elite, that even my most intelligent spell check tools couldn't recognize the word?
- Server Virtualization* - is the partitioning of a physical server into smaller virtual servers. In server virtualization the resources of the server itself are hidden, or masked, from users, and software is used to divide the physical server into multiple virtual environments, called virtual or private servers
- Network Virtualization* - is using network resources through a logical segmentation of a single physical network
- Application Virtualization* - Application virtualization is layered on top of other virtualization technologies to allow computing resources to be distributed dynamically in real time. In standard computing, applications install their settings onto the host operating system, hard-coding the entire system to fit that application's needs. With application virtualization, each application brings down its own set of configurations on-demand, and executes in a way so that it sees only its own settings. This leaves the host operating system and existing settings unaltered
- Storage Virtualization* - this is a collection of multiple storage devices into what appears to be a single storage device. It's often used in SAN (Storage Area Network), and makes tasks such as archiving, back-up, and recovery easier and faster
Once I understood the concept of virtualization and some common types, I quickly found myself asking more deep rooted questions. What are the benefits of virtualization? Why would an organization need it? What are the challenges of implementing a virtualized solution? The list was endless.
Fellow PMs and technology geek wanna-be's, this is important stuff! Understanding where the future of technology is heading is the only way to intelligently assist IT leaders in making smart, more informed decisions. Over the next series of posts, I hope to "Unravel the Mystery of Virtualization" and provide you with virtualization information that you can make part of your technology tool kit. ...Until next time
*Source:www.webopedia.com
Subscribe to:
Posts (Atom)
.jpg)
Posts
