Your colleagues will lie to you: An enterprise architect's life

Wednesday 10th August 2016 09:14 GMT Anonymous Coward

Change management

"I wish, for example, that I had a fiver for every change request I've read that had an implementation plan and a rollback plan but no test plan. How can you know whether to roll back if you're not defining the test plan and hence the success criteria for the change?"

Done a bit of that myself on mobile networks. I would like to add that it is good practice to run the test plan on the unchanged system before the change rather than just on the revised system. Just to make sure that what you have installed is compatible with what you replaced.

9 0 Reply
1. Wednesday 10th August 2016 11:56 GMT Pedigree-Pete
  
  "I wish I had a fiver for every time I....
  
  Ah hem.... you guys do get paid for doing this don't you? PP
  
  0 0 Reply
  1. Wednesday 10th August 2016 12:51 GMT Pascal Monett
    
    Being paid for shoveling shit doesn't mean you like having shit dumped on you.
    
    2 0 Reply
  2. Wednesday 10th August 2016 20:00 GMT jake
    
    Re: "I wish I had a fiver for every time I....
    
    Yes, I get paid for it Pete. But be honest, now ... wouldn't you like a penny for every time you had to "spend a penny"?
    
    (Do kids these days even know what that means?)
    
    0 0 Reply
    1. Thursday 11th August 2016 08:29 GMT yoganmahew
      
      Re: "I wish I had a fiver for every time I....
      
      I can't agree with the test plan thing. For complex systems, it provide a false layer of security that you only look at the things you think you have changed. For large interconnected enterprise systems, how do you change client data as part of the test?! The risk is that you fill devs live with meaningless paper drivel. Devs spend their energy on inventing validation steps that sound like they mean something, but really mean "watch for anything out of the ordinary that based on experience I know is out of the ordinary".
      
      On the configuration management - centralised configuration management can just mean that the push of a button borks everything at once instead of one server at a time. Then with everything borked, you no longer have the skillset (or the manpower) to go to each individual server and reconfigure it...
      
      1 2 Reply
Wednesday 10th August 2016 09:32 GMT Andrew Commons

And the elephant in the room is...

Lifecycle management.

Of course if you are a consultant you don't live with the consequences of not having it, well and truly out the door before it all comes apart.

5 0 Reply
1. Wednesday 10th August 2016 09:41 GMT Anonymous Coward
  
  Re: And the elephant in the room is...
  
  Would that not be an elephant? I can't see us ever be able to get one out because the office doors are too small
  
  What? No, no, just tobacco. Honest.
  
  3 1 Reply
  1. Wednesday 10th August 2016 09:55 GMT Andrew Commons
    
    Re: And the elephant in the room is...
    
    :-) Up vote.
    
    But seriously...I have seen enough instances where something critical in the enterprise is no longer supported and no one started working on it early enough to put it into forward planning to see this as a real failing in many organisations.
    
    El Reg has an example in this very recent story:
    
    http://www.theregister.co.uk/2016/08/09/metropolitan_police_missed_xp_migration_deadline/
    
    1 1 Reply
2. Wednesday 10th August 2016 16:27 GMT Anonymous Coward
  
  "Consultants don't live with the consequences"
  
  Theoretically, no. But as all my gigs come via contacts from previous engagements, and I never used a headhunter or went searching on LinkedIn or whatever, having my work come apart after I leave would be counterproductive to finding future engagements! I guess if I relied on a headhunter or body shop it would be easier to leave behind a bomb waiting to go off down the road.
  
  I always joked with the permanent employees I'd work with that they should blame me for whatever goes wrong after I leave, and I'm sure that happens to some extent as it is easier to point the finger at the consultant who isn't there to defend himself rather than own your own mistakes. But the guy who deflects blame for his own mistake and keeps himself looking good is the guy most likely to get promoted to management, and thus more likely to call me when he's in a position to hire a consultant in the future :)
  
  There's one guy who was an employee of a company I consulted for a decade ago who is now a VP in a global IT provider. Pretty sure he never blamed me for something he did, but both times he brought me in for gigs since then he keeps telling people that story about me saying that to him on my last day so I guess it made an impression!
  
  0 0 Reply
Wednesday 10th August 2016 09:38 GMT Anonymous Coward

Let's add some challenges

Strategy alignment

To properly design an enterprise architecture requires a decent feel of where the company is headed, because, surprising as it may seen to some, that determines in large parts what demands will be placed on the infrastructure and (also rather important) what budget there is to make that happen. An IT strategy must match the business strategy - and will also require adjusting (and a budget for that) when the business focus changes. Nothing is ever set in stone, so plan for flexibility.

A simple example of change is a business decision to start an acquisition cycle. Good IT design can shave whole months off the integration process of a new business.

Note: don't expect an IT strategy in a startup, until they reach stability or find someone throwing money at them it's pretty much a case of duct tape and borrowed kit, and forget about boring stuff such as the mentioned license management, change control, backups that actually work and are tested, security or privacy. Going from startup to "proper" managed IT is always an interesting challenge. Some never get there (no, I didn't say TalkTalk or RBS out loud, did I? :) ).

Business continuity integration

Many businesses see BCM as an IT issue, which it very much isn't, but that is not to say that IT doesn't have a role to play too. A typical set of business crisis scenarios MUST integrate IT, also because plans have to be made for the absence thereof and ways to either fix that ASAP or cost out the consequences and see if that is an acceptable risk or needs insurance.

Note: if you work for a company that fobs off BCM to the IT department, do your own disaster planning and make sure you can find a new job fast because when things go wrong they WILL kill the business stone dead.

8 0 Reply
1. Wednesday 10th August 2016 09:57 GMT Anonymous Coward
  
  Re: Let's add some challenges
  
  WRT Startups. It is no wonder so many of them fail after an initial burst of enthusiasm.
  
  0 0 Reply
  1. Wednesday 10th August 2016 13:02 GMT Pascal Monett
    
    Re: Startups. It is no wonder so many of them fail
    
    Indeed it is not, because running a company is something totally different to what anyone does on a day-to-day basis.
    
    The first big hurdle is to not confuse what you have on the company bank account with what your benefits are. The company can have cash ready and still be going bust.
    
    The second just-as-important thing is not to confuse the company bank account with your money. That is a very quick road to failure.
    
    But there are more insidious things, like being able to detect which costs are bringing your company down and which ones are helping support the business. You must remove the first without remorse and be prepared to take the latter. You generally have to spend money to make it, the trick is spending the right amount in the right ways. This is what generally kills startups in short order - and that's without even thinking about dot-com ones.
    
    0 0 Reply
    1. Wednesday 10th August 2016 16:34 GMT Anonymous Coward
      
      Re: Startups. It is no wonder so many of them fail
      
      I'm an odd duck in the IT world because I have an MBA as well as a Master's in Comp Sci. I won't bore you with the details about how I ended up there, but I always thought my MBA was going to end up being useless until I start doing architecture work. It has come in handy in being able to talk to the business people about where they see things going, and they feel more comfortable with me as they feel I'm "one of them" instead of one of those geeky IT guys who speaks a foreign language as far as they're concerned.
      
      3 0 Reply
      1. Wednesday 10th August 2016 20:01 GMT jake
        
        Re: Startups. It is no wonder so many of them fail
        
        Or as I wrote somewhere here on ElReg nearly 6 years ago:
        
        "... manglement knows squat about IT and the rest of the glue that holds business together in this modern era. I hold an MBA (Stanford). They taught me lots about Business, but nothing about Infrastructure. Thankfully, I received all my other degrees before I decided to get the MBA ..."
        
        Here it is: http://forums.theregister.co.uk/forum/containing/925960
        
        0 0 Reply
2. Wednesday 10th August 2016 10:17 GMT Locky
  
  Re: Let's add some challenges
  
  An IT strategy must be written down. If it's in PowerPoint it is marketing, not a strategy
  
  9 0 Reply
Wednesday 10th August 2016 11:00 GMT casperghst42

Authentication services / Identity Management ....

There is nothing worse than using diffrent Authentication Services where the password is not synchronised ... Why on earth does organisations no have a proper solution in place to handle identities and passwords ... it's not that difficult. And that also moves the discussion into identity / access management life cycle management.

0 1 Reply
1. Wednesday 10th August 2016 12:14 GMT Anonymous Coward
  
  Re: Authentication services / Identity Management ....
  
  Why on earth does organisations no have a proper solution in place to handle identities and passwords
  
  Because there is an inherent conflict between the need to centralise (which most companies do on Active Directory) and the need for security (which is very much NOT Active Directory - or anything else made by Microsoft). There's also the idea of structure: ideally you'd want to protect the access control mechanism as it's the key (pardon the pun) to all your IT, but for it to be useful it needs to be reachable so you can't segment it out of reach from the main network like you'd do with finance or HR systems.
  
  The only thing you can do is place it behind a firewall, and that's too much like hard work for most.
  
  1 1 Reply
2. Wednesday 10th August 2016 13:59 GMT Benno
  
  Re: Authentication services / Identity Management ....
  
  Be careful there - lots of kit will happily talk to AD (via RADIUS), but will send the credentials in plain text only (they simply don't support encrypted logons). I've got into the habit of having specific credentials for the RADIUS authentication that have no 'normal' AD user/admin privileges. You don't want your normal login at risk of compromise as a result of trying to improve security!
  
  Not only that, quite often you're searching for ages just to find out how you need to configure the RADIUS server so the remote kit actually authenticates properly at all.
  
  0 0 Reply
3. Thursday 11th August 2016 18:04 GMT Down not across
  
  Re: Authentication services / Identity Management ....
  
  There is nothing worse than using diffrent Authentication Services where the password is not synchronised ...
  
  That depends. I do like to, for example, keep separate TACACS+ for the network kit, completely separated from any "generic" authentication services like Kerberos or AD.
  
  I do, however, agree that it would be prudent to limit the number of authentication services to a minimum.
  
  0 0 Reply
Wednesday 10th August 2016 11:25 GMT AndrueC

Now all you need is an environment where people are patient and will wait for you to go through your processes. One where every sale isn't essential so the sales staff are happy to drop a lead to avoid messing your infrastructure up. One where the marketing department are more laid back and see no need to follow the latest trend or randomly change websites and email signatures on a whim.

And if that feature you suggested but that no-one in management thought was needed turns out to be essential after all...well then you implement it. Hopefully you had the sense to lay the groundwork by making your code generic and flexible. Hopefully your scheduling has enough slack to let you do it in the required time.

I'm not knocking the idea of a controlled, well planned environment. I do my best within my own kingdom (such as it is). But when a large sales opportunity arises that requires you to release your development version when you're only just ramping up customer use of the release version you can't just refuse and say that it needs to go through three months of testing and QA. No - it has to be made available within a few weeks.

5 0 Reply
1. Wednesday 10th August 2016 19:57 GMT Anonymous Coward
  
  Add those to your list of "Wishes that will never be fulfilled under a supply-side economy". As long as a company is constantly seeking approval from shareholders first, and putting the customer second, every company eventually ends up looking like the aftermath of a Michael Bay movie.
  
  I've found the best way to avoid this entirely is to work for a small company, where there's simply less pressure to make the sales or meet deadlines.
  
  0 0 Reply
Wednesday 10th August 2016 14:05 GMT Anonymous South African Coward

Even without good communications between the various departments and IT it is not possible for IT to chart a route ahead.

4 years ago I installed a brand-new server with 6Tb of hard drive space at $current_company. Everybody was happy.

Then all of a sudden the one department decided that it is a good idea to start dumping allsorts of data taken from various sites onto said server for safekeeping without notifying IT.

And another department also followed suit with storing databases from site "just in case", also without notifying IT.

The end result? A clogged file server. And a struggle to get manglement to upgrade it.

Had both departments informed IT what they planned to do, a, upgrade/expansion path could have been planned for and the nastiness associated with a full file server could have been avoided.

Communications is also a crucial factor without which any IT department is doomed to fail.

3 0 Reply
Wednesday 10th August 2016 15:03 GMT Will 28

Enterprise Architect - definition

The definition of an Enterprise Architect does not align with what I've encountered for the role. I certainly wouldn't associate them with the phrase "highly technical masters of electronic wizardry". Wikipedia also suggests a less technical slant to such a role (accepted it's not the most reliable source, but it indicates some measure of opinion).

Those I've encountered with such a title are more concerned with processes and high level interaction between components rather than technical details like authentication systems and group policy. I fully accept I may well be wrong, but it would be interesting to know where this definition that is being worked to came from.

3 0 Reply
1. Wednesday 10th August 2016 16:45 GMT Anonymous Coward
  
  Re: Enterprise Architect - definition
  
  To some extent it is a job that is defined by the person occupying it, and their background. Those who are more comfortable getting into the weeds on technical matters will do so, those who are more comfortable managing people will mostly do that.
  
  It is similar to a generic "manager" job title, where you can have managers that get down into the details of their employees work (for good, to help them do their jobs, or for bad, to micromanage them) versus those who are practicing "managers" who manage the people and thus could do the job equally well managing IT people, accountants or salesmen. Those types aren't as helpful as a manager who knows your job, but aren't as annoying if they know your job and tell you how they want you to do it.
  
  2 0 Reply
Wednesday 10th August 2016 23:27 GMT Ozzard

Authentication? Feh...

Sometime, try working with lab hardware. We're presently dealing with one system where the only way to configure its auth that complies with ICH Good Clinical Practice is to use its own custom auth system. This consists of a single file, held on a Windows file share, that contains all usernames, passwords... and the audit log that holds records of user logins. It also has to run under a single Windows account as the hardware is controlled by the same program that presents the UI, not by a daemon/service, so a Windows logout stops the hardware in its tracks.

Yes, that's right, we now have an environment where anyone using any of those machines can swap in their own malicious auth file, tamper with audit records, or just do a Pott-ian Oopsie McFumblefingers and delete the thing... and we have no idea who to blame. And somehow the vendor considers this OK.

0 0 Reply
Thursday 11th August 2016 03:26 GMT Medixstiff

Ah software licensing

It would help if the vendor knew how their licensing worked too.

For the last 4 years straight we have had M$ audits and they always fall down when it comes to Datacenter Edition of Server, we always point them towards Micro$oft's own material online to win the argument.

Then there's Oracle, f*ck them, we do all the things they want, run all the scripts, sit with their licensing people and every year somethings changed from last year and we haven't even added any new Server's etc.

As it is we have been waiting 9 months for their reply to the last audit.

0 0 Reply