Good advice
I'd add 'Get a Budget' to the list. You are pissing in the wind without money in the budget for maintaining and replacing the estate. Otherwise everything new is done as a project delivery and nothing else ever gets replaced.
Managing infrastructure, a newbie's guide: Simple stuff you need to know
We all have IT and telco infrastructure equipment that's getting older. Time marches on and few of us have the funds or resources to renew everything when it reaches its official point of being written off by the bean-counters. We all, then, have some kind of legacy kit clinging onto its existence – even if it doesn't quite …
-
Thursday 7th April 2016 18:11 GMT Anonymous Coward
Dave, interesting article but I think you mean it from a small enterprise point of view, else the following kicks in.
2. Standardise your networking
If you have a mish-mash of network technologies and vendors, bring them together into as few as possible (preferably one).
Fantastic advice, if your a sme and have no choice. If your larger it smells like "put all your eggs in one basket", and involves the company you choose not being bought, sold, going bust or dropping the complete hardware line you have bought into with no second option. It also massively opens you up to a single zero day compromising your entire infrastructure if its a bug in say junos or ios and common to the whole codebase.
Plus if you get very large, the vendors salespeople know this also and its a great way to get bent over the desk during negotiations on price by them. They know it costs to reskill and retool to another compettitor when you have done this, best to have a limited deployment from a second vendor to threaten them with and as a disaster recovery option..
3. Look to the cloud
There is no cloud, its just someone else's computer. Try, just a little bit, to think if that data your about to shove into the latest buzzword would harm your business reputation if it got leaked, and if so, ask yourself if your ok with putting the same on someone else's computers.
5. Virtualize your servers and storage
Great, beancounters and managers will be happy at the buzzword improvement on annual reports, just don't get let whomever suggests it too carried away and eliminate your redundancy by talking away the issue as the redundant hot server is another vm on the same hypervisor. Or when your one of two (or one if accountancy gets their way) cabinets has a backplane fall over or a cab fire takes your monster vm host and virtual core switching router rack for the entire country for example, you'll realize why they were on seperate machines in different dc's to start with.
Call me wizened old warhorse survivor of incidents in large infrastructure works and multinationals. I've been told I'm part of the problem enough times by bright young things so maybe it really is just me.
-
Friday 8th April 2016 12:16 GMT Sir Runcible Spoon
"I've been told I'm part of the problem enough times by bright young things so maybe it really is just me."
Only in the sense you are making them think. Experienced consultants cost money for a reason, and it isn't because they know the latest buzz-words.
Doing things right first time is never popular for some reason - I reckon it's because when they look at costs they miss out all the stuff that has to be re-done because they deployed something piece-meal without reference to the big picture.
You aren't costing them money - you are saving it - they're just too stupid to understand because it isn't tallied at the bottom of a spreadsheet table.
-
Friday 8th April 2016 18:49 GMT Dave Bell
I think the cloud risk/benefit balance does change if you're a large operation. If you're operating several distinct sites, maybe you can set up an internal cloud, instead of having all your eggs in one basket. Buncefield, gentlemen, shows what can go wrong.
I'm too tiny to be an example, but I have some stuff in cloud-like storage (OK, Google Drive), and I use NAS rather than everything in a single boxful of comuter, and there are times it makes things much easier. The usual domestic broadband is a bit short of upload capacity, but it would certainly be possible to let my brother have a bit of duplicate storage here. Could you call that a cloud?
Buzzwords can hide some useful thinking, and how much of the benefit of the cloud comes from it being an off-site back-up system?
-
-
-
Thursday 7th April 2016 20:39 GMT Anonymous Coward
The version before SP1...ie, the first release of a new Windows system where traditionally they test it out on the users. Old lags -especially those with large numbers of computers in their herd- will wait for the SP1 version.
Sevice pack zero can also refer to onsite tools to make the machine do your bidding (a hammer...anything you can get a good swing with); but the context of the article would seem to indicate the first meaning.
-
Thursday 7th April 2016 22:11 GMT Anonymous Coward
ADDENDUM: 1) SP1 is also quite often referred to as the "bugfix" version.
2) "Service pack zero" (in the hammer sense) can also be software of a suitably violent nature (low-level formatters and so on). As long as you can say something to the effect of "That's the last time that fucking machine gives me grief" while unlimbering your weapon of choice; than it probably counts as a "Service Pack Zero". Also, interestingly, it is not always necessary to apply your service pack...sometimes threatening the machine is enough. This is probably because of quantum.
Where did the edit button go El Reg? Is it just me?
-
-
-
Thursday 7th April 2016 21:45 GMT Anonymous Coward
You had me until..
3. Look to the cloud
...where you pointed out emotional reasons ("can't help liking" "I'm a big believer") for the cloud, but not the actual advantages and -more importantly- the disadvantages. Whether you genuinely think it's a good idea; believe the sales hype; got pressured into it by management; did it because everyone else is doing it; or wanted to collect a couple of cloudy badges for your CV, you really, really need to examine your reasons for moving anything to the cloud. Cost, yes; convenience, yes; new and useful abilities (like being able to have multi-user documents) yes; but "because I feel like it, is a bit suspect. And then there's the downsides. Anything cloudy is going to increase your attack surface. More importantly, anything cloudy is putting that aspect of your operation under the control of someone else. That entity can change the terms; frig about with your stuff; or (as happens frequently enough to be a cause for concern) just fuck off over the horizon with little or no warning.
I always ask myself if that thing *needs* to be out in the cloud. Do the benefits outweigh the costs? My personal litmus test is "would I care if my customers saw every single document I have out in cloudyland?"; because there is a very real chance of that happening.
Then there's email which is both cloudy in nature; and may well contain stuff that you would rather not escape into the public domain. That just has to be lived with; but can be mitigated by applying as much encryption as possible and getting it through the cloud and onto local storage as quickly as possible.
I can't help liking Office 365 and the cloud-based flavour of Websense (or ForcePoint Triton as I'm meant to call it these days), for instance, and in both cases I've historically been known to abandon the standard local-install version for a more usable, flexible cloud-based alternative.
Interesting examples. I don't trust Microsoft. Their behaviour over the past few years has been appaling so -from my POV- it's not unreasonable to assume that anything in Office 365 is compromised. Time will tell; and if I'm right, I've saved my clients from possible disastrous mistakes; and if I'm wrong people are free to call me paranoid...which they do anyway. I'm not a big user of Office suites and have never encountered a situation where Libre Office can't do what I want; but I understand that others' needs are different. However, if something is important enough or me to fire up an Office program; it's also important enough for me to control the choice of how; when; where and to whom it's distributed. Going on Microsoft's current form, there is absolutely no reason to trust their integrity on anything even vaguely important.
Your other example is also an example of the lack of control. They changed the name into a longer and harder to type name. A small example of user inconvenience; but I'm willing to make a small wager that the name change was accompanied by a whole bunch of ToS changes; all to the user's detriment.
I'm a big believer in cloud-based storage, too: I just can't help thinking that virtualising at least your low-performance storage into the cloud (your offline data archives, for instance) is going to grow massively in popularity over the next couple of years.
Unless you are storing locally-encrypted containers, this can be an incredibly dangerous thing to do. Can you ensure that there is not one single byte that will bite you in the arse if leaked? The only way this is safe is if you encrypt the living knackers out of it before it ever sees the cloud (and use two separate providers to cover yourself in the event of a "sodding off over the horizon" scenario). I don't do stuff on faith; and -quite often daily- there is a Reg story that confirms the need for caution. Everyone else's mileage may vary, of course.
-
-
Thursday 30th June 2016 09:35 GMT Chika
Re: @moiety
To be fair, that is an emotional response like the one you highlighted in point 1.
In some respects, yes, but consider why Microsoft elicits such a response. It's a large American corporate that often incorporates features into its products which seem like a good idea until users get hold of the product and something goes wrong. Now that's not that unusual, but it's what happens afterwards.
A good example is the recent Windows 10 business where an update screen, when "cancelled" by clicking the red cross, went ahead and installed anyway, believing that clicking the cross meant "go right ahead and do it" despite Microsofts' own published rules on GUI behaviour. This problem continued for some time until somebody actually got a ruling against them. Could it be that these two things were related? Possibly not, but the perception is that Microsoft are not in the business of listening to their customers, and that's what tends to make people wary of them.
I said in this forum months ago that Microsoft needed to back off and lie low for a while to try to restore a level of, if not trust then at least apathy. It seems, however, that they didn't read that comment...
-
-
-
Thursday 7th April 2016 22:31 GMT Down not across
5 of 7 ain't bad I guess
1. Draw a hardware obsolence timeline
Agreed. Know your hardware and support status (and cost of the support/maintenance contracts as the hardware ages.
2. Standardise your networking
Bringin it down to one might not be the best choice. Never have your eggs in one basket. Also with more than one vendor you have a safety net if anything happens to the vendor (or its products), you are in stronger negotiation position with the vendors if they know they have competition and tendering does not in any way guarantee a sale. Also often there is difference in vendors' offerings and one vendor's products might be better choice for a particular situation.
I do, however, agree that you should try to limit number of vendors.
3. Look to the cloud
Can't agree with that. Yes, it can be the correct solution to some applications/situations but in most cases it just isn't. Simple lithmus test is: "Can you survive without it?" No? Well why would you then trust a third party that may or may not be there tomorrow. And this is without going to the obvious security implications. Also, don't understimate the cost of reliable and fast enough connectivity to the cloud provider.
4. Integrate your applications
This sounds like a biggie, but actually what I'm getting at is that you should integrate the authentication for as many of your applications as you possibly can.
You assume that they lend themselves to easy modification of authentication. Legacy applications tend to be cans of worms and changing things (if even possible in the first place) can be extremely costly. In many cases you will not get any ROI (real or imagined).
-
Friday 8th April 2016 10:33 GMT Velv
4. Centralised Authentication
If you're in the UNIX world then learn this now - it's a skill that's missing in so many companies. Some places do this integration very well, but many others haven't got a clue, and as time moves on the requirement to use a Directory Service for authentication not just at OS but at application level is going to become much more fundamental.
Don't reinvent the wheel. Integrate with a proven directory service, and if your company already has Windows AD then leverage Windows AD as that directory - the Windows world has been doing this for 16 years now, and while it's far from perfect, it's extremely pervasive.
-
-
Saturday 9th April 2016 22:15 GMT Anonymous Coward
Re: AD
I don't like the choice of linking things into AD that way either - but have been saved from it before now by not having a choice. In one large organisation, the corporate IT team did not allow any non-Windows-based application to use AD. The result? Their policy means the non-Windows apps did not authenticate to a corporate directory service, the majority of them using their own internal system (although some AAA via FreeRADIUS, iirc)
-
-
-
Monday 11th April 2016 12:15 GMT Anonymous Coward
Virtualise
Yay. I've fitted my 4 separate web front ends into one server running all virtualised!
I've saved 3 hosts!
My business, which runs exclusively as a web-shop, is now cheaper. Yay!
Virtualisation is a good idea if you understand why you're doing it and where the performance log-jams are. Just doing it cos its 2016 needs careful thinking....
Biting the hand that feeds IT
