Friday, 12 Oct 2007
Tuesday, 09 Oct 2007
This is a follow-up to Part 2, posted last week. Recall I’m setting-up a simple 4 Stage Change Plan Template (CPT). The previous posts carry all of the background and set-up info you need.
So far, you’ve created a CPT. However, it isn’t terribly useful at the moment in that it’s just a hollow shell – it has no Stages, and no Tasks. However, as we’ve written these down beforehand it’s a simple case of data entry. Follow these steps carefully to get the rest of the data entered.
1. Login to SerioAdmin, and open a new Change Explorer.
2. Expand ‘Change Set-up’ and click on Change Plan Templates. You’ll see the Change Plan ‘Wheel Change’ we created in Part 2. Make sure this is highlighted, and then right-click on it and choose ‘Show Flowchart’.
This is where having a big, high resolution display comes in handy. Move the Flowchart window over to the side, so that you can still see it and use SerioAdmin at the same time.
3. Right click on ‘Change Wheel’ and then click ‘Amend’.
4. You’ll be presented with the Change Plan Template edit form. Look to the bottom of this, and you’ll see a list of Stages, which is (of course) blank – because we haven’t defined any. Right-click on this list and select ‘New’.
5. You will now see the ‘New Stage’ form. Create your first Stage as follows.
That’s all we need to enter for now. Save your work. Notice that the flowchart has updated for you.
6. Now repeat the process, and create Stages for ‘Inspect spare wheel and tools’ and ‘Replace wheel’. When creating these, increment the Stage Number you use, so that Inspect is Stage Number 2 and Replace is Stage Number three.
7. When you create the final Stage (Safety Inspection) you need to do things in the same way, but before saving click the ‘Stage Start/End’ tab you’ll find on the Stage editing form. We need to tell Serio this is our end point (i.e., this is where the Change ends). Click this tab, and choose the option ‘End the Change Plan’ and then save your work.
The flowchart will now show you how your Stages look within the CPT. It should look something like the flowchart in Figure 1.
Figure 1 - Example Flowchart
Let’s recap what we’ve done. We’ve create a Change Plan Template, and then defined the 4 Stages that comprise this. We’ve entered this into Serio, which is now able to show us a graphical representation of what is involved in Wheel Change (in as much as it knows the correct order of Stages). However, the CPT is not useable right now because there are no actual Tasks for people to perform. What we have now however is a framework into which those Tasks can be added.
I’ll move onto Tasks and Actions in the next post.
Thursday, 04 Oct 2007
Part 1 (Server Core and Windows Server Virtualization)
Whilst the first two posts that I wrote for this blog were quite generic, discussing such items as web site security for banks and digital rights management, this time I'm going to take a look at the technology itself – including some of the stuff that excites me right now with Microsoft’s Windows Server System.
Many readers will be familiar with Windows XP or Windows Vista on their desktop but may not be aware that Windows Server operating systems also have a sizable chunk of the small and medium size server market. This market is set to expand as more enterprises implement virtualisation technologies (running many small servers on one larger system, which may run Windows Server, Linux, or something more specialist like VMware ESX Server).
Like XP and Vista, Windows 2000 Server and Advanced Server (both now defunct), Windows Server 2003 (and R2) and soon Windows Server 2008 have their roots in Windows NT (which itself has a lot in common with LAN Manager). This is both a blessing and a curse as while the technology has been around for a few years now and is (by and large) rock solid, the need to retain backwards compatibility can also mean that new products struggle to balance security and reliability with legacy code.
Microsoft is often criticised for a perceived lack of system stability in Windows but it’s my experience that a well-managed Windows Server is a solid and reliable platform for business applications. The key is to treat a Windows Server computer as if it were the corporate mainframe rather than adopting a personal computer mentality for administration. This means strict policies controlling the application of software updates and application installation as well as consideration as to which services are really required.
It’s this last point that is most crucial. By not installing all of the available Windows components and by turning off non-essential services, it's possible to reduce the attack surface for any would-be hacker. A reduced attack surface not only means less chance of falling foul of an exploit but it also means less patches to deploy. It's with this in mind that Microsoft produced Windows Server Core - an installation option for the forthcoming Windows Server 2008 product (formerly codenamed Longhorn Server).
As the name suggests, Windows Server Core is a version of Windows with just the core operating system components and a selection of server roles available for installation (e.g. Active Directory domain controller, DHCP server, DNS server, web server, etc.). Server Core doesn’t have a GUI as such and is entirely managed from a command prompt (or remotely using standard Windows management tools). Even though some graphical utilities can be launched (like Notepad), there is no Start Menu, no Windows Explorer, no web browser and, crucially, a much smaller system footprint. The idea is that core infrastructure and application servers can be run on a server core computer, either in branch office locations or within the corporate data centre and managed remotely. And, because of the reduced footprint, system software updates should be less frequent, resulting in improved server uptime (as well as a lower risk of attack by a would-be hacker).
If Server Core is not exciting enough, then Windows Server Virtualization should be. I mentioned virtualisation earlier and it has certainly become a hot topic this year. For a while now, the market leader (at least in the enterprise space) has been VMware (and, as Tracey Caldwell noted a few weeks ago, VMware shares have been hot property), with their Player, Workstation, Server and ESX Server products. Microsoft, Citrix (XenSource) and a number of smaller companies have provided some competition but Microsoft will up the ante with Windows Server Virtualization, which is expected to ship within 180 days of Windows Server 2008. No longer running as a guest on a host operating system (as the current Microsoft Virtual Server 2005 R2 and VMware Server products do), Windows Server Virtualization will directly compete with VMware ESX Server in the enterprise space, with a totally new architecture including a thin “hypervisor” layer facilitating direct access to virtualisation technology-enabled hardware and allowing near-native performance for many virtual machines on a single physical server. Whilst Microsoft is targeting the server market with this product (they do not plan to include the features that would be required for a virtual desktop infrastructure, such as USB device support and sound capabilities) it will finally establish Microsoft as a serious player in the virtualisation space (even as the market leader within a couple of years). Furthermore, Windows Server Virtualization will be available as a supported role on Windows Server Core; allowing for virtual machines to be run on an extremely reliable and secure platform. From a management perspective there will be a new System Center product – Virtual Machine Manager, allowing for management of virtual machines across a number of Windows servers, including quick migration, templated VM deployment and conversion from physical and other virtual machine formats.
Windows Server Core and Windows Server Virtualization are just two of the major improvements in Windows Server 2008. Over the coming weeks, I’ll be writing about some of the other new features that can be expected with this major new release.
Windows Server 2008 will be launched on 27 February 2008. It seems unlikely that it will be available for purchase in stores at that time; however corporate users with volume license agreements should have access to the final code by then. In the meantime, it's worth checking out Microsoft's Windows Server 2008 website and the Windows Server UK User Group.
Tuesday, 02 Oct 2007
This is a follow on from Thursday's post about Change Plan Templates.
In this post, I’m going to continue my definition of the roadside wheel change. See Thursday’s post for more info and background. My last post got halfway through defining my Tasks, so before moving on I’ll finish this by refining Stages Replace Wheel and Safety Inspection.
Stage: Replace Wheel. Tasks: (1)
(Recall I said to avoid micro management. So I’m going to assume that the person replacing the wheel knows how to use a jack and a spanner. What I will do is put a few things that can go wrong).
1. Change Wheel. Wear the high-visibility vest and latex gloves. Using the Jack from the tool kit, remove the old wheel and replace with the new. Hub caps (if fitted) should be stored in the boot and not used on the spare wheel. Inflate the replacement tyre to 36PSI.
Stage: Safety Inspection. Tasks: (1)
(Another opportunity for checklists)
What we have then are 4 Stages, and 5 Tasks in our simple exercise. You could have set-up a single Stage (‘Change Wheel’) composed of 5 Tasks to achieve the same thing but I’ve used Stages in this way to communicate the most important steps involved. My Change is linear in that it does not have any branching – I’ve done this to make it as simple as possible. It also involves a single person, and does not co-ordinate teams or individuals. However, it will serve to illustrate the understanding of the problem domain you need to have before getting started, and will illustrate the basic use of the tool.
As always, please remember that this blog is NOT the product documentation – it’s designed to complement the product documentation, not replace it. The product documentation is distributed with the software, and you’ll find it in the HowTo guide.
Creating the Change Plan Template
I’m going to assume you know how to use SerioAdmin to create, amend and delete records.
1. Login to SerioAdmin on your test system.
2. Open a new Change Explorer.
3. Expand Change Set-up, click on Change Plan Categories and create a Change Plan Category called ‘Examples’.
4. Now click on Change Plan Templates. Create a new Change Plan Template as follows.
Save when you are ready. You will now see that you can go and define Stages, which I’ll do in later posts
Thursday, 27 Sep 2007
In this post, I’m going to create a Change Plan Template you can follow as an example. Recall that I’ve said you should have a Test SerioServer set-up (please don’t use your live system) and that before attempting to create a Change Plan Template you should really understand what it is you need to do – don’t sit in front of the computer and expect inspiration to come.
If all this seems new, I strongly suggest you stop and review the earlier posts.
For my example, I’m NOT going to use an IT subject, as I think it will be clearer if I choose a problem domain we all have similar and direct experience of – my main objective here is to illustrate use of the software. Therefore, my example Change will concern the changing of a car wheel by the roadside.
First of, I’m going to define what the Change aims to accomplish:
The safe and speedy replacement of a punctured tyre by the roadside, using the spare wheel and tools carried in the boot.
Recall that Serio Changes Plan Templates are primarily composed of both Stages and Tasks. Therefore, I’ll start with Stages as follows.
What I’m going to do now is, for each of the Stages, jot down some information about each of these so I stay focused on what each is meant to represent.
Location Inspection – Check that the car is not in a dangerous location, can we change the wheel safely, deploy safety triangle.
Inspect spare wheel and tools – Is the jack, spanners, spare wheel and other tools all there?
Replace wheel – Remove the old, replace with spare.
Safety inspection – Inflate the spare tyre, recover tools, place speed note on dashboard.
Still outside of the tool, I’m now going to define some Tasks. Tasks offer instruction and background, and are specific things that people do. In the examples below, I’ve given the Task a name (underlinned), and then included instructions with each that helps me do the job effectively.
Stage: Location Inspection. Tasks: (2).
1. Deploy Safety Warning Triangle. This should be deployed about 50 metres behind the vehicle. If you are on a bend, choose a location that gives good visibility to traffic travelling in your direction.
2. Inspect the location of the Vehicle. If you are changing a driver-side wheel, and are close to the flow of traffic, abort the Change. If the vehicle is in the flow of traffic, abort the Change.
Stage: Inspect spare wheel and tools. Tasks: (1) (This seems like a good opportunity for a checklist)
I’ll continue this in my next post (probably Monday).
Tuesday, 25 Sep 2007
Widgets and gadgets of the desktop variety are becoming a headache. When they are not swallowing up memory they are proving to be the tiny crack through which virus nasties are slipping.
A quick glance to the right of my screen reveals a pot of virtual tulips that needs a virtual watering, a smiley face tracking my CPU usage, rolling news feeds, a weather forecast for London (not my location, but it's a long story), a notepad and the to do list I couldn’t do without. OK I am the kind of widget addict that support teams running out of thumbs to plug the virus dam could do without
It gets worse. Turns out gadget fans may be inviting all sorts of horrors on to their PC that are finding their way on to the network and putting network security at risk. True widget warriors who like to customise their desktops daily may remember that some come with a health warning – “Google has not tested this” etc.
Finjan’s Malicious Code Research Center tracks the latest top priority security threats and has found that widgets and gadgets are vulnerable to a range of attacks. These findings did spark a few security advisories by major vendors who rushed out patches, and an overhaul of the security models used to host these widgets and gadgets online as well as in operating systems.
Finjan found problems with Windows Vista contacts sidebar, Live.com RSS feed and the Yahoo contacts widget. All these vendors have since fixed these problems.
Yahoo told its widget users about a security issue, commonly referred to as a buffer overflow, in an ActiveX control in the Summer. This is part of the software package downloaded with Yahoo! Widgets. Users were asked to download a security patch but those that haven’t remain vulnerable.
A buffer overflow might cause applications to crash but Yahoo points out this could only happen if an attacker is successful in prompting someone to view malicious HTML code, such as by getting a person to visit their web page.
It advises us not to trust input and validate and sanitise untrusted input. Obvious you might think but clearly too many of us are ignoring the “not from a trusted source” notices.
Interactive widgets – the really useful ones that rely on external feeds - present the greatest risk offering a free ride to malicious code. It looks as if the time has come to block widget and gadget application file types at the gateway to the business if networks are to be kept secure.
Thursday, 20 Sep 2007
This is a continuation of Monday's post about Backup Basics.
There are different types of backup
Think for a second about how databases work. They typically have a large pool of data to deal with that doesn’t change that often (like all of your resolved Incidents) and then smaller amounts of new data and data amendments to record, which it needs to store as quickly as possible. The way that such systems handle this is by having a Transaction Log, which is where all the changes go.
Think for a second about that this means. It means you could take a backup of the data that does not change a lot, and then just keep backing-up the Transaction Log so that you are backing up all of the changes you’ve made.
So, SQL Server has two types of backup. There’s the Full or Complete backup, and the [transaction] Log backup. One backs up everything, and one backs up data changes.
So why bother? The answer lies in frequency of backup. Full backups can slow down your system, simply because the database has a lot of work to do is gathering and then writing all of your data. So, these are typically done just once, when the database is quiet (like late in the evening). The rest of the time, you perform Log backups to record your changes because this is much quicker, and places less of a burden on the system.
Tip: Don’t perform multiple Full backups during the day – your users will notice, particularly if you have a large amount of data.
If the worst happens, you restore from your last good Full backup, and then perform rollforwards using the backups you’ve taken of the Log – effectively re-applying all the changes you made.
When you perform your SQL Server backup, one of the things you can choose to do is to truncate the Transaction Log (otherwise, on SQLServer, it will just keep on getting bigger).
Frequency of Backup is Important
If you do your backup once a day, think about how many hours of data you could lose if it all goes pear shaped – almost a day’s worth. As a manager, think about your Helpdesk or Service Desk’s throughput during the day and how much data you could ‘afford’ to lose, and then build your backup strategy around this, for example by having a Full backup during the day, and an hourly Log backup during the day. Remember, don't rely on fault-tolerant hardware. If there is a fire, theft, or one of the engineers spills his bottle of Irn Bru over the server, you could lose everything in an instant.
Using 3rd-party software
Using third party utilities and software to backup your database is fine, provided you choose wisely. However, don’t think that will necessarily excuse you from understanding the issues I’ve highlighted above. All such programs that I’ve seen simply provide convenient interfaces to SQLServer’s own backup mechanisms – so everything I’ve said above still applies. You still have to think about frequency, type of backup and log truncation.
Practice, Practice, Practise
Have you ever practised recovery? Don’t make your first recovery a real recovery – practice will prove that your backup and recovery procedures are effective. Don't trust to luck.
A Word of Caution to Managers
Users tend to hold senior managers responsible for data loss. Take an interest in your backup and recovery procedures, and don’t assume it’s all been taken care of.
Monday, 17 Sep 2007
This is a follow-on from Friday’s post about Backups
Database Backups – The Basics
Serio, like many systems, stores most (but not all) of it’s data in a relational (ie, table based) database which can be either Oracle or SQL Server. I’m going to talk about SQL Server, but most of this applies to Oracle as well. So when you log an Incident, it’s stored in a the database, when you compose an email, it's stored in the database, and on - pretty much all of the content you create is stored there.
Serio doesn’t actually write to the files. Instead, Serio says ‘here’s an Incident, store it somewhere, I don’t want to know where’ and this SQL Server duly does. Then it sits waiting for the next instruction.
All the time SQL Server is waiting, the files that it uses (of which there are quite a few) are held open, and the contents might be in what you could call an inconsistent state – in the middle of being written to, read from, reorganised or generally tidied as the database processes requests.
From a backup point of view, this means you cannot just leave the database running and then copy the files onto backup medium, because you never know what state they will be in (even if you can read them, because they are usually opened with exclusive access).
If you think this is so obvious it’s not worth pointing out, I’d bet there are people reading this who ‘backup’ by doing exactly that.
Shutdown & Startup Backups
Of course, you could shut the database down (say overnight) and then copy those files. This may work just fine (but it's something I regard as ill-advised and risky), but it’s inconvenient and can lead to large data loss. It’s inconvenient because you first of all have to shut down the applications using the database, then shut the database down, then backup, and then re-start everything.
The data loss comes about because this type of backup is typically done once every day (at night). So, if you have a system failure towards the end of the next business day, you’ve lost a day’s worth of data. Maybe you think that's OK for your environment, but to me that seems like a lot of work and information to discard.
Usually, this type of strategy is adopted by those that are not comfortable with their database tools.
Backing-up your database is best done by saying to the database ‘back yourself up’. The output from this command is usually a file (in SQLServer’s case), that you simply place on different (safe) media. If the worst happens and your own server starts to go ‘boing…’ (see my last post for what I mean) when it is powered on, you take this file and recover using it – buy telling the database to restore from backup file.
This kind of approach is superior to the shutdown and startup backups I’ve mentioned above for another reason – during this process of backing itself up, the database will check it’s own integrity – so if it has any internal issues you may hear about these sooner rather than later (which is a good thing).
I'll post about Full backups and the Transaction Log shortly.
Friday, 14 Sep 2007
Just how good is your backup regime? A colleague here at Serio tells this story.
I managed a direct sales IT system. It was a very busy environment – people asking for new reports, account managers shouting, IT staff either leaving or threatening to leave – and often I simply followed the current crisis (whatever that was), having been in the job for just a few months.
One of my first projects was to move our direct sales system onto a new ‘fault-tolerant’ system. This went well, and I delegated the task of ‘sorting out the backups’ to one of my team who was not in the process of leaving that week. I never thought any more about it (the backups), after all I had delegated it.
One Thursday morning. I came into work at 8:00am as usual, and our new server was making a funny noise, in that when you switched it on it went ‘boing...’, and then refused to boot. With increasing panic, I switched the machine off and back-on, hoping for a boot-up, but all it did was go ‘boing...’. I even tried pushing the 'on' button slowly, like that would help.
An engineer was called, who pronounced the RAID system and one of it’s disks ‘toast – never seen a problem like it’ he said. ‘It’s not that fault tolerant’ he added helpfully.
Worse was to come. I scrambled for the backup, only to find that the entire Oracle database had been skipped from the backup tape because the files were busy, as the database was still active of course. Also by this time customers were phoning, the call centre was operational (in that it had staff answering the phone).
We had £50,000 approx (a usual days trading) of unfulfilled orders. Many orders part-shipped, some ready to go, stock to be booked in things looked grim. How was I going to explain we had no backup, and all was lost? A posse of account managers was waiting outside my office. They looked mean and angry, especially the females.
Just then, ‘the new guy’ came in, who joined us no more that a fortnight earlier. ‘Wassup?’ he says? I explained.
‘Oh, I’ve got a backup here from last night. I couldn’t see any decent backup so I did a full Oracle export to network filestore, using cron to schedule the job’. And sure enough, there it was – I wasn’t going to get fired after all, although I probably deserved it’.
I relate this story for the simple fact that every backup mistake you could make is in this story.
- Failure to plan for backup and recovery
- Managerial delegation of responsibility with inadequate checks or verification
- Over-dependence of ‘fault tolerant technology’ leading to complacency
- Failure to understand how to backup his software.
I’ll post some information on Monday about the correct way to approach backing up your database system, focusing in particular on SQLServer, the types of backup, transaction log and so on.
(With thanks to AndyW for input).
Tuesday, 11 Sep 2007
This is a follow-up to my earlier post about Change Plan Templates (CPT), which mentioned that the major elements of a Change Plan were
- Durations for Tasks
- Interested parties
- Special Actions
A Stage is a major (actually, the major) element of a Change process, and will include at least one Task (see below), but will often include a number of Tasks. Think of it this way: take whatever you are trying to accomplish (for example, ‘Server Operating System Upgrade’) and then subdivide this into it’s major parts (such as ‘Authorisation’, ‘Scheduling’, ‘Testing’) and these will typically constitute your Stages.
A Task is simply something that someone does. For instance, an Authorisation Stage (see above) might have 3 Tasks – one for each of the members of the Change Advisory Board (see my previous postings on this subject).
The thing about Tasks is that they should be self-contained – everything that people need to know on how to complete the Task should be included for them (actually, defined when you set-up the Change Plan Template).
Don’t go mad with your Change Plan Template & Tasks
If you are in the process of setting-up a Change Plan Template for the first time, stop for a moment. Are you micro-managing? Micro-management of staff involved in Change is one of the commonest mistakes I’ve seen.
Micro-management will make your CPT much harder to maintain, and may cause your colleagues to view the Change process with disdain. It’s much easier if you assume that those participating in the Change are
- Properly trained and able to perform their jobs
- That they have some common sense
- Are generally supportive of IT Service Management within your organisation
(if it’s not safe to assume these things then you have some work to do outside of Change Management).
To give some examples real of micro-management I’ve seen recently:
A Change involving a software update that had a whole Task for ‘Download patch’ when it was in a vendor website that said ‘click here for latest patch’, and then followed this with a Task for ‘Unzip Patch’.
Change that had a Task called ‘reboot server’ as part of an operating system update.
The above are examples of micro-management because there is series of menial Tasks and a heavy administrative burden, and an assumption that the engineer is too daft to do the job in hand correctly.
Checklists are cool
If you have a Task that requires quite a few things to be done, and you want to make sure that these are all accomplished, the best way to accomplish this is through a checklist. When you set-up the Task, include a simple checklist for those who will be working on the Change. It’s easier to create, and of more value to engineers.
I’ll post about the other parts of a CPT later.
Remember that for full documentation on the Serio Change subsystem, consult the HowTo guide distributed with Serio products.