Hosting Upgrades 2020

This week, we’ve moved the website from NameSilo hosting over to Greengeeks.com

Deployment of Let’s Encrypt SSL certificates to the website was the big reason for the move. I am very surprised by the web hosting orgs that don’t provide this solution for the one website customer.

\\ JMM

Why Are Some MS SQL DBAs Resistant To RBAC?

A question for education purposes.  Historically, MS SQL DBAs are resistant to RBAC strategies involving integration with Active Directory (AD). In other words, controlling permissions to DBs via a AD role based access control groups is met with considerable resistance by DBAs. And some legacy application owners, to be fair.

Why?

Some context:  Microsoft released a video in 2011 during TechDays outlining an RBAC strategy that has worked in previous organizations, both small and large.  Very popular video.  Once decided that is the strategy, getting that philosophy into practice has not been easy.  It usually starts with the on staff seasoned IT pros looking at RBAC with suspicious and doubtful eyes.  “I’ve never done it this way” and “I doubt this will make our jobs any easier”.

Nevertheless, once the concept takes hold RBAC begins to see fulfillment.  Foremost adding predetermined resources to roles accelerates onboarding, easier to audit resources, and scales elegantly as we grow as roles are the focus.  Typically, architects and server teams get on board first.  A standard is born and acceleration begins to be felt, including shifting left where DBAs are doing less security permissions requests as those are now handled by the helpdesk.  In the meantime, slowly and begrudgingly, outliers come on slowly as this strategy does shift stances from caring for the security of their apps like pets to managing access to resources by role.

I posit these reasons, given to me as why DBAs (or application owners) want to go it alone:

5. Microsoft isn’t always right.  “There is more than one way to do it and the “video” isn’t applicable to SQL”.

4. The amount of work to shift to resource-based groups.  “Lots of groups.”

3. The complexity.  “Easier to troubleshoot when I own the DB or application’s security intimately.”

2. Fear what they don’t understand.  “I’ve never done security permissions like this, so it must be wrong.”

1. Territorial control.  “Don’t touch my DBs”.  Uncomfortable shifting left.

This is very much a pets vs. cattle conversation.  I acknowledge and appreciate SQL must be tweaked and tuned to operate at it’s best performance.  However, I disagree that treating ‘access control to resources’ like pets accelerates IT service delivery, provides uniformed information security governance, and ultimately is healthy for the organization.  Especially as organizations’ scale.

What is your opinion?

\\ JMM

PS. More and more companies are using automated access control oversight tools such as Sailpoint. And at a previous company, guess who fought the hardest against that move? DBAs… Why?

Signs of Failed Knowledge Culture

Every now and then I encounter interactions and communications that lend suspicions the team members are not managed from a knowledge culture mindset.  Reactionary behaviors are typical in so many shops to appear to be the norm.  Very similar to the stressful read from the famed novel, The Phoenix Project.

It’s unsettling to witness.  I espouse the necessity of a knowledge driven IT culture.  Equal bits of knowledge worker, knowledge management, and DevOps.  It’s unlearning bad behaviors and replacing with knowledge-based behaviors.  Teams who understand this dynamic see workflow acceleration.  Teams who do not understand…frustratingly do not understand and are friction prone.

This article talks about my top five signs technical teams show symptoms of failed knowledge culture.

#5.  Don’t understand the purpose of Tactical meetings.

“Why do I care what desktop support is doing?” or “I’d rather get an email, this is a waste of my time”.

Death by Meeting is a schematic for managing meetings.  The purpose is to ensure people are communicating together and tactically.  Intentional leadership is necessary to build a values-based culture.  This includes having a meeting.  In the above examples, these comments indicate not just a missing values culture, but missing alignment to IT or business goals and missing identifying their contribution to those goals.

For example, desktop support might want to know what systems engineering is doing that week, especially if it may impact that team.  Proactive knowledge replaces reactive behavior

#4.  Not tracking key performance indicators.  Metrics vs. KPIs.

“These reports mean nothing to me” and “Just another TPS report…”

There is a stark difference between generating metrics and the purpose of a key performance indicator (KPI).  Tools are usually great a cranking out metrics of every kind, useful and otherwise.  However, KPI’s tie to goals.  And if you’re not measuring team performance against KPIs, then you’re not measuring performance.

For example, I argue total tickets closed by technician is a KPI.  I challenge better KPIs measuring performance are average time a ticket is closed, ticket aging, and authored knowledge article reads, preventing the ticket from being opened in the first place.  Performance is often more important to measure velocity of success versus quantity of success.

And if you’re not surfacing team KPI performance in tactical, leaders are missing epic opportunities to cohere the team.

#3.  Argumentative as to medium of how KPI’s should be consumed in Tactical.

“Why do I care how much CPU the PROD environment consumed last week?” or “How many laptops are in inventory” and “We need to eliminate the noise”

Couple of key points to make.  First, I recommend teams starting out that getting members in the habit of measuring by reviewing metrics is a first key step.  Metrics quickly replaced with KPIs tied to IT and/or business goals.  Leadership is responsible for developing KPI targets.

Second, there is no right or wrong way to approach the consummation of KPIs.  That building phase usually manifests as PowerPoint slides or a reporting website from the tool.  I lean slides as I like to treat as a meeting with minutes and keep for historic purposes.

Third, cadence and tone of the meeting being set, there will always be overlap or measures, arguably, less valuable to few people.  As teams cohere to common KPI, it’s not horrible waste of time to spend a few seconds listening to KPI from follow teammates.  Use to recognize the work and appreciate milestones.  Moving the team in the same direction often requires acknowledging.  Nevertheless, leaders should ensure it’s being done reliably and consistently.

#2.  Doesn’t understand the knowledge culture fundamentals or values.

Lessening fire fights by lowering reliance on technical constraints is a key point made in the Phoenix Project.  There are two team member behaviors that I’ve witnessed that hinder lifting burdens from constraints:

Behavior #1, “Don’t want to do it”.  Shifting left, or moving towards self-service knowledgebase, is a cultural shift.  Some team members won’t get aboard the train to promote knowledge cultures.  They don’t want to write, they don’t want to share, and shifting left is met with skepticism.  Come to work and go home and/or “been doing it this way (unhealthy) for XY years” is the key behavior trait.

Behavior #2, “Don’t have the time”.  Expectations continue to heap on IT pros, true.  But, leveraging as a crutch to get out of their responsibility is a nasty behavior.  Often citing, “too busy” to embrace new policies and processes.  Too busy to write standards and knowledge articles.  Too busy!  Yet, first off to lunch, first to leave for early weekend.  First to waste time is the key behavior trait.

Leaders need to coach with expectations defined.  Else, release the team member.  Caustic cultures catch on like wildfire.  So, its critical team members have the right attitude, so to focus on goals and not the bad culture.

#1.  Leadership not aligned; how can employees be?

Be skeptical of the unread IT leader.  If Phoenix Project, DevOps Handbook, or Measure What Matters wasn’t on their read list, how can knowledge culture take root?

In my experience, I’ve been told culture is nice, but not as important as revenue, customer needs, senior leader desires, or what ever the fire of the week is.  In other words, leadership conditions itself based on treatment amongst the peer group or top-down treatment.  Culture does start at “the top” and if leaders do not embrace, there is no chance.

Looking at most successful companies, “culture” is king influences revenue, customer needs, and how leadership treats itself and direct reports.  Few companies realize good working cultures due to leadership not aligned to knowledge values and the consistency to stick with it.

What are you doing to drive knowledge culture?  Are you pushing positive proactive knowledge behaviors with your team?

\\ JMM

If you look good, you play good. If you play good, you will get paid good…

“If you look good, you play good.  If you play good, you will get paid good.”

Cam Newton, Panthers

Grabbed from Amazon’s “All or Nothing”, 2018 Season… Yet, this post isn’t about the challenges Cam is facing health and performance wise. Watching the show, Cam seems to have an acute understanding about the importance of performance and delivering.

It’s something many technology people do not seem to understand. Still.

As a long time leader of teams, this personality pops up either through inherited hires or the “transformer” hire (great interview, bad performer — you’ve been there, right?)

I’ve witnessed it as early as this past week. The typical scapegoat is “culture” or “leadership”. Reasons their career is in jeopardy and the hand that was dealt was somehow unfair. “Bad leaders!” Quite the contrary.

Not surprisingly, businesses and leaders put up with a lot to deliver excellent service. The best companies seem to put up with less overall, but I digress. In the majority of these cases, the why is conveniently left out.

Here are the top 5 issues I see routinely from low to mid performers:

5. Begrudging participation. Barring critical incidents, the reception getting the team together for team meetings, cross trains, or the occasional after hours events is either good or not good. This includes things like knowledge culture and documentation too! Usually a first sign of an iceberg ahead.

4. Poor execution > good execution. Catch that? Not superior or perfect execution. Just good, folks. Poor execution being the norm is donkey behavior, not thoroughbred behavior. Superior preparation. Knowledge builds confidence.

3. Not life long learning. Does not include Google search alone. If your in the support and engineering fields, what are you doing to keep yourself educated on technology? On the job and reading blogs is not enough for the big money. Certifications demonstrate mastery in lieu of decades of experience.

2. Not Understanding the business. Do you know how the business works? What we sell? How your role impacts customers?

1. Attitude Problems. Negativity doesn’t sell. It paints not just you badly, but your team members. And your boss. Blaming the company, the management, your peer group, your family life, the government… not thoroughbred behavior.

There are many excellent information technology people out there. I would argue the majority of this career field leans par to above par on performance. It’s the below par people we are talking about — you know who you are.

Let’s try coaching and correct the course. Talk to your leaders and determine if it’s truly a bad fit versus “you”. Find a mentor. Need feedback. Stand out!

Because if you play good… You will get paid good.

PS. When I wrote this blog, I immediately thought of the above episode, Picard getting a performance eval from Riker and Troy. “Stand Out. Take Risks.” I feel it’s important to underscore taking the right risks versus any risks.

\\ JMM

Turbonomic, Economic Theory, and Disaster Recovery…

A big fan of Turbonomic. From the mailbag:


From: Jonathan Merrill
Sent: Wednesday, March 18, 2020 9:19 AM
Subject: RE: Lanvera & Turbonomic – VMware discussion and Turbo Instance check

Good morning, guys.  I lurked on yesterdays’ call as I felt Sonny did a great job working through LANVERA’s positions.  I say Turbo has been a win for our organization.

One argument to leave you with.  As you may know, Turbonomic smartly trains ACE in economic terms, specifically the idea of markets, desired configuration state, utilization buying from the lowest provider.  Based on our conversation yesterday, a conclusion was reached that Turbo isn’t the right product for unplanned disaster recovery, this is what Veeam, Zerto, and SRM does.  Economically speaking, you’re saying the product isn’t poised to correct for sudden market volatility, a change of market conditions.  I say, rubbish.  Apply economic theory:  Keynesian vs. Friedman.

I would reason Turbonomic should be able to apply Keynesian theories, as I control the markets’ foundation and worth by submitting an economic plan.  For better or for worse, if I want one market to look less appetizing than the other, I submit a plan and the markets react, utilization buying to the lowest provider.  Which essentially is what LANVERA is looking for.  I want to move workloads from one data center to another.  I want to be able to control all workloads in one DC to shift to the other side through “an economic plan”.  I should be able to define market strategy to meet a planned economic market outcome.  I see this as a basic Turbonomic function.

I also contend Turbonomic should be able to support Friedman’s theory, which is best poised to handle market volatility.  If a host goes down (ie, consumers stop buying), the market adjusts by triggering economic stimulus (disaster recovery hosts or moving workloads to the DR side).  This reactionary economic plan ensures desired configuration state in tough economic times, and could include cloud (foreign) markets (not in our case).  Alarms should go out when market volatility occurs and adjustments should be made at the workload level (consumer).  Essentially what LANVERA is looking for.  I should be able to define disaster (market) recovery plan which basically outlines where workloads go during unplanned events.

Maybe that means trigger SRM or Veeam Orchestration.  But you see the problem with that right?  Unless your hooking into those tools and pulling the strings, the response time still requires human intervention.  Not ideal.

Food for thought.


Anyone else think Turbonomic could replace SRM? This is what watching YouTube financial video watching does..

\\ JMM

Managing involves measurement, doesn’t it…?

“We wouldn’t even know how to measure what healthy looks like. When we have a problem, we just know it’s resources.”

A Developer, Collaborating a slow application issue.

I immediately perked up at the man’s comment. It’s one any seasoned IT pro with server and storage background can identify with. And it annoys today no different than when I heard it years ago.

The relationship between development and infrastructure teams have historically been… professionally difficult. Nevertheless, in the age of DevOps, agile, and automation, this problem of developers vs. infrastructure still exists at some levels. And, in my experience, the root cause is typically the same: a lack of understanding how and what to measure.

Let’s take a common sample: An in house developed business application begins to get slow after load. The application works well under artifical testing workload. Passes quality and security testing. It’s released into production, but as the business grew, the application’s workload exponentionally grew despite no changes to the application.

Through the lens of the five stages of grief:

LevelThe Business Says…Developers Say…IT Says…
“1”
Denial
The business is growing. Keep the application healthy as we grow.Nothing wrong with the application. Application just needs more resources.Somthing is wrong. Resources are finite and can’t infinitely scale. As demand goes up, soft argue requests.
“2”
Anger
Clients impacted randomly, jeopardizes revenue. “This is unacceptable!” Sales and Executive team anger palatable.“Just give it more resources!” demands development. IT is at fault because they are slow to react, although recognize applications limits and technical debt growth. Will fix one day…“Iceberg ahead!” Technical debt grows. Business and development are at fault because they don’t understand workload vs. timing of resource vs. limits vs. financial realities.
“3” BargainingIf only the technical teams worked better together. Blame development and IT leadership for failures. Deny technical debt reality, priortize features over scale.If only the business recognized earlier the technical debt so developers could improve the application to scale. If only IT would be more supportative so development didn’t have to perform support.If only leaders would recongize the effort IT is trying to keep the application working, which is turning into a support nightmare. Morale low. People leaving.
“4”
Depression
Impacts on top of slow sales cycle lead to short tempers and broad opinions based on perception / feelings. Not data.Developers take a beating as primary causes for failure. Morale low. Talented developers begin to leave. Technical debt begins to be worked, slowly.Culture isn’t sustainable as we grow. People and process ignored as blame and fingerpointing ensure. Nothing based on data.
“5”
Acceptance
Option 1. Things Stay The Same. Culture, processes, and people remain unrecongizable or admitted problem areas. Status quo.Option 2. Things must change. Recongition to change, but how to change? Confusion and lack of alignment ensues.Option 3. Things do change. Leaders commit to mission and vision, collectively. Measuring and alignment replace confused culture.
I stole this table from a college class, which the professor underscored not just the business disfunction, but the importance of data making business decisions.

The point here is managing things, including developed applications, based on perception and/or reaction is not managing. It’s guessing. And when it works out where the thing is not a problem — the guess paid off — everyone enjoys feeling good. The “avoided bullet”.

But what about when it doesn’t work out? Take the quote at the top: “We wouldn’t even know how to measure what healthy looks like.” That is a serious flag on the field. If you don’t measure health, you can’t manage the patients’ health care. As we all know, unmanaged health care means shorter lifespans. Despite ownership.

Calls to action are:

#3. Every single piece of technology deployed must be (1) measurable, (2) being measured, and (3) react “able”. What does healthy and unhealthy look like.

#2. Every development project must have requirements outlining measurements of health, particularly what success and failure looks like. Evaluate peridoically to adjust to business climate and workload change.

#1. Leaders must commit to the culture of quantification by measuring business performance. Start with key performance indicators (KPIs) tied to business mission, goals, and initiaitves. Start with departments that don’t (won’t) measure will be instantly assumed to be failing.

\\ JMM

Real Reason Companies Don’t Want You To Work From Home?

From this article: https://www.linkedin.com/feed/news/working-from-home-is-the-future-5097042/

“Managers who set clear goals for what employees should accomplish in a given time period (whether it’s a week, month, quarter, or year) and regularly check in on progress against those goals “

Is the real reason you can’t work from home because some comapnies can’t set clear goals nor check in on progress? Are those companies measuring performance? Or just winging it?

Culture trumps process, every time.  Go along or lead.  Good to great starts with one leader.  Call To Action.  Managers.  We need to do better.


PS. This post was actually drafted on February 21, 2020. Now, with COVID-19 and shelter at home, this topic has taken a new meaning.

I spoke to a few colleagues today on different fronts that had an interesting take on “working from home”. Let’s explore a few notables:

3. VPN Technology is “flying off the shelves”. Many SMB companies were not prepared for large percentages of workforce to work from home. Interesting. VPN has been around for awhile, true. But I bet companies weren’t buying licenses to cover 90% of their workforce. Unlike toilet paper, plenty of VPN licenses availble to be purchased…

2. Old school leaders are coming to grips with work from home. Begrudlingly admitting it is working, but still prefer the office. I suspect there is truth in that statement. It’s less about “better collaboration” and maybe more about senior leaders like being in the office. So, everyone else should too! Hmmm…

1. Home networks may not be ready for work from home. It started innocently with headsets. But the ask has expanded to dual monitors, docking stations, and … subsidize my Internet! Working from home on my slow as hell 50MB isn’t cutting it. Should companies allow the equipment to go home? Pay for a percent of Internet usage? Consensus is no. No budget to equip home users this way.

All that said… as of April 1, any progress being made by managers setting clear goals? Measuring for employee performance? Status quo or WFH improving culture?

Last note: In March, I worked from home for two weeks and lost 5 pounds. Went back to work for one day, gained 2 pounds. Came back home, worked two more days at home, lost 2. Scientific evidence WFH is healthier for me?

\\ JMM

Blowing the Whistle…

Great leaders encourage dissent, welcome whistleblowing and encourage contrasting points of view.  Weak leaders demand blind obedience and threaten those who would dare point out any shortcomings or question their decisions.” – Robert Glazer, CEO, Acceleration Partners

This statement reasonated on two fronts:

First, the importance of leaders pushing team engagement. Academic debate is key to my teams’ success. Not just explaining the why. Getting the team to buy in on the why and carry the message.

Second, I would bet most seasoned leaders have encountered this scenario and faced a similiar decision: Speak up and possibly lose your job OR stay quiet, stay safe, and protect the bad decision. Risking being seen as a political pariah or worse, loss of financial safety. Especially as we get older.

Read the whole article here: https://www.robertglazer.com/friday-forward/value-of-whistleblowers/

\\ JMM

Top Valued Skills for 2030

Lately, I’ve been speaking to my boys, colleagues, and peers about the difficulties of finding people.  Specifically, what are the valuable skills that we need to instill in our people.

Shortly afterwsrds, ironically, I caught this slide during a recent technical conference:

Technology literacy can be taught. Judgement learned by wisdom and mentoring. Tougher to find is the emotional intelligence, logic, and creative drive.

\\ JMM