By Jonathan Merrill on
3/7/2014 9:10 AM
Or is it called Orion now? That moniker has disappeared on the website now and many just call it Solarwinds. Although, that’s not true either as Orion is made up of many modules. And what is turned off and on depends on your wallet. Many of my peers just call it Solarwinds, so lets’ stick to that. But, I digress.
It has been a long time coming this topic. And my current employer chose Solarwinds based on an internal recommendation to “solve all your ills”. He has since departed and we now have this tool that is everything we want it to have. I am not begrudging my Austin peeps nor the success this company has had, Solarwinds does work. It monitors everything. And their people are crazy smart.
I am, however, saying that Solarwinds may be an awesome engineer’s monitoring tool, I just don’t like because… it doesn’t excitement me. It is a boring tool, a frustrating tool, it’s not easy to master, has gotchas, and has been this way for years and years. Here are my gripes:
#4. Death By 1000 Alert Options.
This product has a crazy amount of alerting options. You can actually fuzzbust your fuzzbuster, there is so many alert configuration options. My biggest complaint is to get the functionality, you need to exit the web interface and fire up the alerts configuration tool. An application off to the side, because in 2015, we can’t put this functionality on the web. Oh, we can? Who is doing that? Everyone is?!?! What the heck, guys?
In practice, we had so many alerts configured in so many different ways, the alerts stepped on each other and we crashed our alert server. We literally sent 1,000,000 alerts daily for a few weeks. Once we realized our folly and the madness of allowing so many people access to create their own fiefdoms of alerts, it took 3 weeks to clear out the alert backlog. Solarwinds fault? No. But a true story nevertheless.
#3. So Many Modules.
One of Solarwinds strength’s is it’s extensibility through modules. The bolt on approach can enable the tool quickly and the potential is limitless. The approach is the right one and love the capabilities present. However, the problem is less about capability and more about the lack of a 360 degree perspective across the platform’s modules. Drilling down into IP addresses or application types, down to the host level or network layer. Sure, you can do this in individual modules, but each module has a limited set of integrated features, separated by the tabs at the top. So, there is a good chance to find the information your looking for, you’ll need to dive into two+ tabs to get the full picture. Not cool.
Because of this loose coupling, each module doesn’t feel full featured and I am left wanting for features I find in other product offerings. IPAM has it’s own discovery separate from NPM auto-discovery? Where is the unified work engine with triggers depending on criteria for each module?
Where is the smooth transition between modules… Oops, that’s leads to #2.
#2. Tired User Interface.
Solarwinds’ interface is way way way… way overdue for a refresh. It’s interface is reminiscent of 80s disco: Cool and hip, but tired and old fashioned. I see some hints here than there of some changes, but where is HTML5? Where is the customization on the dashboard? The tabs are horribly placed. What do you mean I can’t customize a tab? Why does the content look so dated?
#1. Tiring User Experience.
As a monitoring tool, sure it functional. Crazy functional. But as an enterprise network operations center dashboard, it’s not that great. In fact, as user interface tool, the data does not mean what it always says. Look at Figure 1, Nodes with Problems. Green means what? The node is up. Not that there is a problem. Just looking at the hosts don’t tell the story and tuning the story is not easy in comparison with other tools. In fact, it’s just not designed with that in mind. Because it’s a tool designed for another class of people.
Where is the drill down experience? Finding stuff is not always easy as module has it’s own search bar. The host information is cluttered and not easy to read creating the need to scroll. I hate scrolling. And I would expect there to me a lot more integration and symbiosis between the modules, linking easily within the hosts. There doesn’t seem to be an intelligence between the hosts giving the 360 view. Just tack-ons to the existing tired infrastructure.
I could go on for another page, but frankly, the user experience is designed for the Y2K Cisco engineer and not the masses. I want a tool that gives me vision and not wears me out trying to find the reasons.
By Jonathan Merrill on
2/28/2014 8:29 PM
EMC hosted an sales event mixed with Transformers the movie, which turned into a social and team building event for EMC’s good customers. As they ticked through their sales deck, there was one page that caught my attention. “Behold the wall of insignificance”, as the sales guy pointed at these companies:
The sales guy continued… “Misreading the signs… One wrong turn… Bad decisions…. And you could find yourself insignificant, just like these companies.”
Insignificance is not my calling… Nor is it yours… Nor should it be… Very powerful statements…
By Jonathan Merrill on
2/21/2014 3:48 PM
I recently attended an DFW IT Professionals meeting to see and watch a presentation regarding DevOps. It’s picking up steam amongst many IT circles and I’ve read a few articles about it’s importance. Below is a YouTube video of the presentation previously given at a DevOps conference.
Highly recommended viewing:
By Jonathan Merrill on
2/14/2014 12:26 PM
I wrote an email to my team I’d like to share…
Good morning, team.
“Neo, sooner or later you're going to realize just as I did that there's a difference between knowing the path and walking the path…” – The Matrix Movie (1999)
Ok, so now you’re an SME. What does that mean? What are the expectations? What are the next steps? Let me answer those questions here for you as this is the tip of the blade when we talk about the knowledge culture.
What Does It Mean To Be A Subject Matter Expert?
Subject Matter Experts (SME’s) are the go-to people in an organization. SME’s have an oversized value to the organization as a whole as the level of expertise, knowledge, and wisdom is what the organization counts on to benefit the organizations’ ability to execute, ability to respond, and support functions during break/fix. That value intensifies as time goes on, as the material grow and matures, and your level of competence as a SME will be determined by how well you keep up your knowledge base.
Being an SME is centrist for developing a successful career, especially in IT. While our industry favors a “jack of all trades” approach, especially in the Microsoft and VMWARE spaces, you’ll find that only a few rise to the top as their knowledge is honed on very specific topics. The “master of none” is how many in IT get stuck in generalist roles and never grow to their potential. Instead, the SME concept is to be a “jack of all trade, master of some…”
From an organization perspective, we bring in the SME’s on subject matter during problems, during changes that effect that space, and serve a consulting role, especially during Strategy meetings. Further, SME’s play a positive role in ensuring cross-training and competence is establish on the team. If any of these fall, the SME is responsible for that gap and needs to do his or her part in ensuring the team learns up quick.
Ways To Develop A Subject Matter Expert Knowledge Base
There may be other ways, but here are the top five I would consider:
1. Read the publications and web sites dedicated to your area of desired expertise
It is amazing how much information you can find out and how much you can learn from targeted reading in the area of your expertise. This particular step is especially important to develop the theoretical side of the area of your expertise as well as understanding the trends for your area. Doing a simple Google search on your area of expertise can yield ten places to start reading. As you do this daily, those sites will link to other sites on your subject. Going to those places will expose you to even more. After a while, you will settle on ten to twenty sites that provide you the kind of information you are looking for to learn more about your subject area.
2. Join professional organizations and associations in your subject area
These could be true professional organizations with local professional chapters (such as the Project Management Institute), intelligently selected groups on LinkedIn not associated with a professional organization, or an informal group of like-minded individuals in your local area who work in the area you want to learn about. The benefit of these groups is that you bridge the theory to the practical. A local professional chapter cares about the theory of something — but they want to solve a problem they have and will share how they did so with others in the group.
3. Answer questions. So you can get asked more questions.
Be willing to answer questions about your area from others. If you don’t know the answer, go research the question until you get the answer or answers. This will increase your knowledge. Plus, the person asking the question will appreciate getting an answer and will tell others. Getting asked questions, researching the answers, giving the answers and getting more questions will exponentially increase your expertise. This knowledge will consist of both the theoretical as well as the immanently practical answers to pressing problems. The more you know, the more you will be asked, resulting in knowing even more by researching the answers.
4. Attend organized formal training.
Our organization does not object to formalized training. The vast majority may require an investment in time and money to attend. It’s my opinion that organized formal training is less effective on foundation topics and steadily more effective the more advanced the concepts and learning material are. Nevertheless, the SME should always keep an eye out on training opportunities as they are out there. In fact, if you look hard enough, some are free.
Experience + Certification = Exceptional Value. Find out what it takes to get the certification. That roadmap is a very good way to get what is needed to understand the various competencies contained within the subject matter area. Picking up the certification not only demonstrates competence, but shows mastery to peers and a personal benefit in achieving a career goals through continuing education. To me, this is the value of certification and, if used right, is a powerful tool for IT leaders and alike building the knowledge culture.
Expectations Of A Subject Matter Expert
1. Build And Maintain Your Knowledge Base
Now your assigned to the SME, it’s time to build competency. Using the ideas above, dive in. If you’re stuck or needing help, please talk to me and we can work together, but how you do it and what tools you use, is completely up to you.
2. Cross-Train The Team
On our team, it’s the SME’s responsibility to maintain competence on subject matter areas that are assigned. How that is done is completely up to the SME. Although tried and true methods for training are fine, I find in my experience that the more unique and engaged the training is, the better the recipient retains the information. In the end, the SME’s performance is judged at how well the team knows the content and how effective the SME is in that particular area.
Being a SME also means participating in meetings, discussion, writing knowledge base articles, etc.. In other words, never stop looking for opportunities to educate people.
I hope this document served a positive purpose with what I am hoping to achieve on the SE:OPS team. Foremost, ensuring you guys understand what I am expecting. Let’s make it so, team.
By Jonathan Merrill on
2/7/2014 10:21 PM
Here are a few notes I recently took during a leadership talk I attended.
What Does Leading Forward Mean?
- Vision to anticipate what comes next.
- Having the courage to do what needs to be done.
What Does Leading Forward Take?
- A commitment to clarity about the present reality.
- A faith filled perspective.
- A good memory. Not constantly looking back, but understanding history so as not to repeat mistakes.
- Courage to go it alone.
By Jonathan Merrill on
1/31/2014 11:28 AM
Like all things, Information Technology must do business with vendors to make IT go and volumes could be filled with horror stories when vendors came up short. It never ceases to amaze me how sales people submarine an opportunity and walk away confused, even befuddled. You just want to reach across the table and shake the guy, “Wake up, man! Your blowing it”! Doesn’t matter if your technology is better, sales people matter. What is said, matters. And what is actually done makes or breaks the relationship. Here are three in particular.
My first example is a national encryption solution I looked at when examining two form factor authentication. Their solution was solid, impressive, and price competitively. It came down to client support. They touted support for Android and iPhone with Windows phone will be supported in 90 days. Why Windows phone? Many on our executive team have Windows phones and prefer them (myself included). The sales team said numerous times, “We will have Windows 8 support by 3rd quarter”. Third quarter turned into fourth quarter, then 1st quarter, now 3rd quarter. Almost a year later.
Think I trust these guys now?
How to fix: If your going to make a commitment. Stand by them. If your going to miss it, get in front of it and talk to the customer.
My next example is well known printer company. We looked at them when examining our printing standards in the enterprise. At my behest, I brought them to the table as I feel strongly their technology is vastly superior on multiple fronts. The sales guys strode into the room and sat down to have a conversation. No deck. Just “tell us what you want”. How do we know what we want, you’re the sales guy. The atmosphere in the room changed and became awkward. The death blow was when the sales guys mentioned, “We do deals with thousands of printers, this would be on the low end of the scale.” He meant it as quick and easy, but came across as “you are small and insignificant”. Once the contracts were reviewed, sales guys stopped returning calls quickly and the sales processes collapsed. Only at the 11th hour did we get a VP at the printer company to step in and correct the sales course. But, too little to late.
This could have been avoided. Now, these folks are seen as arrogant and not customer service focused.
How to fix: Humility, humility, humility. You know your product is awesome, but never sit on our laurels. Arrogance kills more relationships than builds bridges. Instead, educate us. Sell us on why and how. And sell us on why it’s simpler to do it your way. Never depend on the product to sell itself. Especially, if the product includes the human element.
My last example is a wiring consultant we used to manage the wiring in a building, including bid spec for parts and materials, installers, and coordination of the project. What started out looking good ended up in a kaleidoscope of bad behavior. Here are a few examples:
- Used the same price sheet from another client and passed it off as “new numbers”.
- Changed the numbers. Doesn’t matter why.
- Made promises to wire manufacturers, distributors, and installers before the client selected. “You are guaranteed to get this!”
- Forced installers to “eat mistakes” the consultant made. If it were once or twice, maybe. But more than half a dozen times.
- Tried to get distributors and installers the client chose “dismissed” from the job, in favor of consultant favored distributors and installers.
- Was the cause of missing dates and milestones, due to lack of attention to detail and just sloppiness. Then blamed others.
All the while touting the very high ethical standards, almost ad nauseam. Now, many don’t know about the very real underbelly of the structured cable wire industry, possibly a future blog. Nevertheless, this company gets a lot of work and I am shocked by the consistency inn bad behavior, starting from the top.
How to fix: Consciously choose to do right. Choose to be ethical. If you want to change the industry, rise above it and be an agent of change. Do no harm. Be positive. But, never compromise your values. And provide amazing value.
By Jonathan Merrill on
1/24/2014 4:34 PM
I am going to make a few controversial perceptions that is rooted in near 20 years of IT, but is all centered on how organizations treat creative thinkers and executers at various sized companies.
1. Creativity isn’t as important as assimilation (Process widgets the same way, every time, or else!).
2. We hire creativity, but want productivity. (Produce more widgets faster!).
3. The more creativity we hire, the less productivity we get. (Widgets are stupid and here is why).
4. Corporate culture is more important than creativity. (Everyone gets the same widget, or else!)
Can you identify any of these points at your company? How did we get like this? How do we fix it? Or should we?
By Jonathan Merrill on
1/17/2014 9:21 AM
We are looking at changing up our printing platform and recently obtained a document with best practices for printers from a CEH.
Printers face five main threats and vulnerabilities:
Document theft or snooping
- A person can simply walk over to a printer and pick up a document that belongs to someone else.
Unauthorized changes to settings
- If your printer settings and controls aren't secure, someone may mistakenly or intentionally alter and reroute print jobs, open saved copies of documents, or reset the printer to its factory defaults, thereby wiping out all of your settings.
Saved copies on the internal storage
- If your printer has an internal drive, it can store print jobs, scans, copies, and faxes. If someone steals the printer, or if you throw it out before properly erasing the data, someone might recover the saved documents.
Eavesdropping on network printer traffic
- Hackers can eavesdrop on the traffic on your network, and capture documents that you send from your computers to the printer.
Printer hacking via the network or Internet
- A person on your network can hack into a network-connected printer fairly easily, especially if it's an older model that lacks newer security features or isn't password-protected.
- Security flaws leave networked printers open to attack:
- According to InfoTrends, there are almost 30 million printers and multifunction devices in offices and homes throughout the U.S. and Western Europe, and most are connected to a network. This means they are just as susceptible to malware and hacker attacks as PCs -but for a variety of reasons they are often overlooked by IT professionals and used without proper safeguards by employees.
- A recent Xerox-McAfee study revealed that more than half (54 percent) of employees say they don’t always follow their company’s IT security policies.
- Also, half (51 percent) of those employees whose workplace has a printer, copier or MFP say they’ve copied, scanned or printed confidential information at work.
- The study goes on to say that more than half (54 percent) think computers pose the biggest security threat to their company’s network compared to other IT devices, while only 6 percent say it is MFPs. This small percentage is proof that employees simply do not realize their office MFPs really are true networked devices that behave the same way their PCs do – and have similar vulnerabilities. Pair these stats with the fact that the average organizational cost of a data breach is $5.5 Million and you have a pretty strong argument for taking this warning seriously.
- But I know what you’re thinking: none of those massive breaches are possible through an MFP, right?
- Just about anyone can launch full-scale attacks against a network and a company’s information assets through an MFP if its physical and electronic access points aren’t securely controlled and protected. Those attacks can be as simple as someone picking up documents left in the MFP’s output tray, to malicious worms pulling sensitive documents off the network.
- Consider this example of hacking the network through an MFP: Today’s combination of mobile workers, cloud printing and the continuing penetration of Android-based personal devices make it possible for an attacker to create a malware app that infects the mobile device, opportunistically attaches itself to a cloud print job, gets downloaded to a networked MFP, and from there infects the entire enterprise network, completely bypassing firewall and intrusion detection controls. In this case, it’s complexity that creates the vulnerability.
- Significant difference between Printer MFPs and Copiers. Printer MFPs tend to be more secure than Copiers due to how often printer firmware and drivers are updated to fix issues and security changes. Copiers rarely address security issues once released to market.
Top 3 Reasons for Print Security Not Being Adopted (Research and analyst company Quocirca)
- 92% - Low Priority
71% - Unawareness of Benefits
65% - Lack of Print Security Strategy
Physical Security for Your Printers
- Increasing the physical security of your printers can help prevent document theft or snooping, unauthorized access to stored documents, and misuse of the printer's ethernet or USB connections. Place printers strategically to balance ease of access and security. Putting them in a somewhat visible open area that is accessible to most the users may be a better idea than sticking them in a separate room or office where you can't monitor them as closely. In any case, consider designating separate printers for management and other sensitive departments and keep those machines secure from other employees.
- Also consider buying printers that require users to provide some form of identification (such as a PIN) before it prints.
- And don't neglect hard copies of documents. Shred sensitive papers when you no longer need them.
Password-Protecting Your Printers
- If you have a business- or enterprise-class printer, it probably has an administrator control panel of some sort that you can access through a Web browser, a screen on the printer itself, or your PC's command line. Most such printers will let you password-protect the control panel to prevent others from changing settings without your knowledge. Refer to your printer's documentation to learn how to do this.
Securing Printer Admin Traffic on the Network
- A password alone won't stop a determined hacker. The admin password may not be encrypted when you send it from your computer to the printer, which means that someone could intercept it and gain access to your printer's controls.
- To avoid this, use an encrypted connection when you access the admin control panel, if your printer or print server supports it. For instance, when accessing the interface via a Web browser, use an "https://" address (which uses SSL encryption) instead of a regular "http://" connection. If you need command-line access, use encrypted SSH instead of clear-text Telnet sessions. If your printer came with a printer management application, see whether it supports encrypted connections.
- For additional help in combating hacking, check your printer for ACL (Access Control List) support or for some other feature that lets you define who can use or administer it. Be careful not to open your printer's Web interface (or any other admin interface) to the Internet, to prevent people on the Internet from finding and trying to hack your printer. Your network firewall should provide enough protection and this shouldn't be an issue unless you explicitly configure it to open access to your printer. If your printer supports Internet Printing Protocol (IPP), FTP print jobs, or any other feature that lets people send it print jobs over the Internet, consider disabling the feature if you don't use it.
- If your printer or print server uses SNMP (a protocol for managing and monitoring devices on networks) to communicate (as HP's JetDirect products, for example, do), try changing the default SNMP community names to a strong password to help frustrate would-be password capturing, cracking, and additional hacking. And whenever possible, use SNMPv3, a newer version of SNMP that includes authentication and encryption for added security.
Securing Printer User Traffic on the Network
- To prevent users on the network from intercepting print jobs as they go to the printer, find out whether your printer or print server supports encrypted connections to and from the PCs on your network. Some printers do use SSL/TLS, IPsec, and other encryption methods.
- Check your printer's documentation and consult the vendor about whether your current equipment supports encryption or if you can purchase additional hardware or software to add such support.
Updating and Upgrading Your Printers
- Make sure that you keep your printer's firmware and drivers up-to-date. Often, updates add new or improved security features, patch known security holes, and fix other problems.
Discarding an Old Printer
- Before disposing of an old or broken printer, make sure that its internal hard drive (if it has one) isn't saving any documents. Check your printer's documentation or speak to its manufacturer to determine whether it has a drive--and if it does, to learn how to erase the data. If the you can easily remove the drive, you may be able to connect it to a PC and erase the data with special drive wiping programs that make the data completely unrecoverable.
VLAN Best Practices
These are some general guidelines in creating VLANs. A VLAN creates a boundary between devices, so the goal is to plan the boundaries that will improve network functionality and security.
- Grouping devices by traffic patterns - Devices that communicate extensively between each other are good candidates to be grouped into a common VLAN.
- Grouping devices for security - It is often a good practice to put servers and key infrastructure in their own VLAN, isolating them from the general broadcast traffic and enabling greater protection.
- Grouping devices by traffic types - As discussed in this How To, VoIP quality is improved by isolating VoIP devices to their own VLAN. Other traffic types may also warrant their own VLAN. Traffic types include network management traffic, IP multicast traffic such as video, file and print services, email, Internet browsing, database access, shared network applications, and traffic generated by peer-to-peer applications.
- Grouping devices geographically - In a network with limited trunking, it may be beneficial to combine the devices in each location into their own VLAN.
By Jonathan Merrill on
1/10/2014 9:15 PM
Recently, two events converged which prompted this blog. One, watching the movie “Jobs”, the docudrama of Steve Jobs. Two, the importance of structured cabling and how difficult it has been trying to get an organization to realize it’s importance. To me, structured cabling is an art and of the upmost importance to any network. You can purchase the most exquisite computers and expensive networking gear, if your wiring is crap or done poorly, it is all for naught. A sad lesson witnessed many times in my career.
So, when I watched this movie, I couldn’t help agree with many things Steve Jobs was quoted in saying. Here are the top five quotes I took away…
5. In your life you only get to do so many things and right now we’ve chosen to do this, so let’s make it great.
We do so much executing our daily duties. And in doing so, contribute much. Achieve much. Can you say you do things as good as they could be? How often can you say it’s as great as it can be? Do you contribute to making things great or are you one of those who are fine with getting by.
Structured cabling can be great. In fact, if done right, will lower your staff’s support costs, speed your resolution time, and empower your junior technical people, without the need for constant engineering support. But to get there, it requires the importance of doing it great like craftsmanship, as-builts in each TR, TIA/ANSI color coding standards, and wiring it complete the first time.
4. It has got to be something that you’re passionate about because otherwise you won’t have the perseverance to see it through.
Why it is so hard to find quality installs? Why are there so many mediocre installations? Why is it so hard for IT pros to make it great and actually do great? In my opinion, it sometimes is lack of knowledge or ability, there is something to be said by being an informed and educated about these concepts. However, more often it’s lack of passion. You have to have a passion to do great. Many of my colleagues do and achieve great. These people I love to be around. I enjoy their strength, their vision, and more importantly, their perseverance to do great every time. You can’t argue against passion and perseverance. I can point to many many many structured cabling jobs done at competitive pricing, impeccable craftsmanship, and a forward thinking design. And the majority of the time, you’ll see a facilities or IT manager with a passion for doing it great.
Yet, when encountering a minimum compliant or poorly implemented structured cable, the majority of the time the people responsible have no sign of passion, much less perseverance. And often, these people are fairly ignorant of what those possibilities could be. A good number hide behind their legacy career. “I’ve been doing this for 20 years…” Really? Then, why is it not great?
3. I would rather gamble on our vision than make a ‘me, too’ product.
It constantly amazes me how bad structured cabling happens. Having swam in the wire industry this last 8 years, I’ve realized a cold fact. Bad structured cabling happens because most people do it the way they did it at their last company. Instead of doing it in amazing ways, it’ll be done the way it has been by them. And if you happened to work at places that embrace mediocre ideas, all that gets done is perpetuating the mediocre.
When I approached structured cable at Texas Health Partners, we immediately discounted how it had always been done elsewhere. We didn’t care for the traditional “me too” approaches that the hospital architects and consultants were pushing on us. We wanted to actually change how do we things, driving support costs down, and putting a system in place that would be sustainable for years! We not only achieved that, but crushed our estimates on how much money we saved doing it. I’ve learned over and over that doing things great often doesn’t include “me, too” approaches.
2. We’ve got to make the small things unforgettable.
So many companies sew a culture of overlooking details focusing on getting things done by certain dates, often citing just getting it done and going back later to fix it. This idea scales up in information technology shops the bigger the company gets and it’s just frustrating to witness. Jobs focused on every single detail from phone buttons and ear buds to the iPhone box’s look and feel. Wow! Jobs understood how doing things great actually not just drives customer experience satisfaction, but lowers support costs as attention to details equate usually ensures a higher quality standard thus less likely to break or fail.
That is why I am a nut about products like NeatPatch. It’s horizontal wire management. But in practice, it’s awesome and is a major benefit. That is why I insist on keeping the vertical wire channels between racks wired minimally. And use Velcro ties instead of zip ties. At Telsource Corporation, we often heard of engineers injuring themselves on zip-tie cuts from the sharp end of plastic where the excess was snipped. Zip ties can’t be reused and that plastic is sharp! Velcro in most cases can be reused and doesn’t cut or nick anything.
1. Here’s to the crazy ones. The misfits. The rebels. The trouble-makers. The round pegs in the square holes. The ones who see things differently…they change things. They push the human race forward. And while some may see them as the crazy ones, we see genius.
Probably the most prolific statement in the movie. Those people, who I consider my friends and professionals, who routinely run afoul of doing things the way they’ve been done for 20 years, agonizingly moving the often unappreciative IT organization forward, and general challenging the status quo in which the existing ideas clearly hasn’t been working for the organization. Those people who often show spirited love and care for their life long commitment to technology, expressing their poetry and art by often challenging and promoting excitement with their diversity. That there are some people who see the genius in our work.
And letting them flourish often produces amazing results.
By Jonathan Merrill on
12/27/2013 4:47 PM
I wrote an email to a peer today when the topic was broached purchasing a tool allowing our end users to manager their own folder permissions. I took some nuggets out and would like to share those here.
On its face, I am leery of allowing end users the ability to self-govern themselves on those items that require audit. IT Governance has mandated we turn on auditing. Further, our security team is tasked with ensuring these permissions are correctly placed. Our role should be architecting the security infrastructure to make this an easy task as historically, your right, it’s been a beating to maintain. But keep in mind, most of this was due to lack of ownership, not technology. We have significantly since then. Our processes and approaches have come a long way, which much thought leadership behind it.
That said, I’ve been pushing for an org-chart based AD security model with granularity provided at the “position” level, inheriting the permissions needed. In other words, if you do security right, all you need to do is assign the correct groups to the resource once and just ensure those users are added to the correct group (users into local, local into global, etc.) so the user has everything they need.
I’ve been doing enterprise IT for most of my 18 year career. Ten of those years in IT leadership. While “self-service” wins hearts and minds, I’ve seen it fail over and over. Everything from Exchange distribution groups, to SharePoint content management or Intranet content, even BYOD. End users will initially embrace these concepts, but inevitably abandon them as their own focus is not on IT. And then what? The problem resurfaces again with IT being blamed in the process and asked for a solution. The Lean Six Sigma in me says… what a waste! And I’ve been frustrated having endured this over and over.
In my opinion, technology doesn’t solve these problems. Thought leadership, vision, and governance principles do.
Thus, I have recommended we focus our energy on educating, not just our customers, our peers. How do we ensure we don’t fall into the same mess as before? We educate the various groups we interface with (helpdesk, system support, software support, etc.). We get people on board with our vision. We include people in the strategic discussion. We challenge the status quo with facts and wisdom. Instead of holding their hand dragging them along, we sell them on the whys and bring them along as peers. We educate them not by cool technologies, but by our vision of a simpler more productive focused network infrastructure, where instead of audit and security being the focus, our end users and business productivity is the focus. Of course, not forgetting about audit and security in the process.
Bringing it back to the topic at hand, instead of a tool, I recommend our future efforts are spent educating the security team on how we do things, ensuring they understand how we want to do file permissions, etc., so we don’t repeat the mistakes of the past. I grant you, this is a far greater challenge to achieve. Although, if successful, will yield far greater results than buying and deploying a tool.
Father, Leader, Mentor,
Problem Solver, Visionary,
and Technology Professional