Ed Kohler’s insight on technology advisors goes beyond gadget recommendations or upgrading an out-of-date computer.
When making major technology decisions, who are your technology advisors?
Examples of major projects include SANs (Storage Area Networks) and VoIP (Voice over IP).
Do you rely on Google, the vendor who is selling you the solution, or your over-worked IT (Information Technology) staff?
Most organizations don’t look beyond their own walls when evaluating complex projects and Vendors know this. Introducing a trusted technology advisor could help you make a smarter decision or even avoid a potential disaster.
Assessments, DataCenters, Networks
In my Illusions of Information Security white paper, I make the point that if you wanted to protect something really important (like your data), you’d want the perimeter fence (the firewall) AND the alarm system (the Intrusion Detection System). You’ve run out of excuses for failing to act.
StillSecure announced a freeware IDS. We’ll be tossing it in our test lab to determine the suitability for our customers.
The move by StillSecure should serve to increase the visibility of this Colorado-based company while raising the awareness of the importance of information security.
It’s an uphill battle. I still believe the adage that most organizations spend more on their coffee service than their information security. Does that sound like your company?
If you don’t even have a firewall, don’t let that stop you from dowloading their IDS. Wake up and smell the intrusions.
Anti-Threat, Assessments, Lessons Learned, Networks
Since my post on Downtime Unaccepted, several of you have e-mailed me with your “funny” (or painfull) stories on your own self-inflicted downtime blunders.
Let’s tackle some low hanging fruit first. Subsequent posts will address increasingly complex issues.
Here are some simple things you can do to save some future embarrassment:
- Replace those “inexpensive” ethernet switches (they’re already costing you money)
Reason? Those $79 switches you bought don’t have enough backplane capacity and are often oversubscribed (meaning dropped packets under load) when your servers need to do sustained data transfers.
- Stop making your own ethernet cables
These cables have a higher failure rate and will produce troubling intermittent symptoms that you’re likely blaming on something else. Everyone assumes their cables are good (bad assumption).
- Distribute your DNS (Domain Name Service)
Simply make sure that DNS queries for your domain can be answered from more than one machine and along more than one path. If you host your own DNS, make sure you have a secondary DNS server that does not depend on your primary Internet connection.
- Understand and use RAID (redundant array of independent disks) technology
If you’re an executive and you’ve lost data…chances are that your IT staff either isn’t using RAID or hasn’t deployed it properly. No excuses anymore for losing data. If this keeps happening, audit your IT practices.
- Why isn’t your e-mail system either distributed or clustered or both?
E-mail is a critical service for most organizations. Make sure your system doesn’t have a single point of failure.
- Why haven’t you tested restoring from your backups? (You are backing up your data, right?)
A rhetorical question, but don’t assume restore tests are being done. Backup is one of those custodial tasks that most IT staff detest. Make sure your organization has regularly scheduled restore tests.
Tags: downtime redundancy
Assessments, DataCenters, General, Lessons Learned, Networks
Brad Feld, a Colorado-based VC, wrote an insightful piece on acceptable downtime for rapidly growing companies. It’s rarely the case, however, that executive management gets full disclosure on what root causes are responsible for the embarrasing downtime they’ve just experienced.
Will your IT Director disclose that he bent the SCSI cable bringing down the entire company’s SAN (Storage Area Network), or will he provide a slide or two on N+1 full redunancy with a capex budget increase to “fix” the problem once and for all?
Did you know that most readily-available network failover elements are not implemented because your IT staff doesn’t understand them in the first place? At the application level, how long has clustering been available and yet your company still hasn’t clustered its e-mail servers? And DNS still hasn’t been distributed, and backups and restores have never been tested.
The list is long, tiring, and boring…until your company falls flat. And maybe Brad is right. Maybe you will get a free pass. If you’re lucky, you’ve got a 2X capex budget to play with and your management team will swallow your power point slide explaining the unfortunate circumstance (without revealing the real root cause).
A data point of one
That’s really what you base your management decisions on when you accept chronic and embarassing downtime — a data point of one. Your IT staff’s assessment of what when wrong in their backyard.
By all means, seek out at least a second opinion. You will be surprised to learn that not all redundant system fixes require the brute force 2X spending to stop the bleeding.
Tags: downtime
Assessments, General, Networks
