|
How can you reduce the cost of
your computers, networks and information technology and put me out of business? You need to plan how your system will operate.
Like so many other things in life you need to visualize the finished
product. You need to break the
whole thing down into sections such as I am using in this article;
Asset Management, Standardization, Deployment, Maintenance, Security,
Disaster Recovery and User Management. After
you develop a plan and goals for each of these areas you need to put the plan
into place. Once you have
implemented the plan you will need to test it against your goals and if it falls
short you may need to adjust your plan or your goals.
Simple right? Well it is,
even if it’s not so easy to accomplish. If
you don’t take these steps however my experience says that you will be
throwing money away.
I have been troubled for a few
years now with this basic problem related to Information Technology Management
for mid-size to small-size companies. A
number of terms are used for the issue I am about to discuss.
Best Practices is a good term that I considered using but the one I like
the most is Total Cost of Ownership because it addresses a number of key
components for your IT management. It
is TOTAL in other words we need to look at things in whole not just individual
pieces. We need to plan ahead
instead of just patching the problems. COST
$ is a very important component.
I
bet everybody who reads this would like to find ways for their computers,
networks, and information systems to cost less.
A structured “system” is the way to accomplish savings and efficiency
in any area of your business so why not computers?
And finally it is important that you take responsibility or OWNERSHIP of
the system. Everybody in an
organization must take ownership all the way to the top, which is where any plan
must be initiated.
It seems a little strange to
write an article about reducing your IT costs when upping your IT costs derives
my own company’s business but I have good reason.
I have worked with a few really good customers where as time went on the
network “seemed” to be getting worse the more we tried to patch it.
I could not explain why this was happening and ended up loosing some
business as a result. So I have
found that it does not benefit me to make more money if I cannot provide a
stable computing environment for a customer.
Because of this frustration I began looking for an answer to the question
of why did the computing environment become unstable?
A large part of the answer to
that question is the Internet. The
Internet is a wonderful connection of all computers on the planet, which
empowers the individual. The
Internet is forming the infrastructure of the Information Age as Highways and
Railroads did for the Industrial Age. Just
as on the Highways now that there have been some crashes we can learn from them
and make some rules to hopefully keep us safer.
I was reading an article the other day about autonomic computing, (which
is self healing software) and the author made this statement, “The autonomic thrust largely grows out of the looming, and
somewhat inevitable, shortage of people trained to manage computer systems. The
Internet is simply becoming too large and complex for the world's technicians to
manage.” The
author also went on to talk about how human expenses which had been less than
20% were now equal to hardware and software costs and would in the next 5 years
probably outpace those expenses. The
Internet is causing many problems because companies do not have policies about
its use. These policies should go
beyond what you spend time on; the more applicable problem is what you download
knowingly or unknowingly.
So
we need to begin by writing a plan and setting policies.
I think the goal of autonomic computers is similar to the goal of the
paperless office; it may be a little while in coming. So rather than wait for it to happen I believe we can take
steps to improve on the problems. Let’s
try to work on each of the areas I mentioned above and determine why they are
important. These areas are not
necessarily listed in any particular order of importance.
Asset
Management:
At
a core of this area is a proper listing of the hardware and software being used
in the company. This listing should
be updated often, as my experience is that failing to do so will catch up to
you. You should be able to sort
these lists by different criteria so that decisions can be made about upgrading
software and purchasing new systems. You
should be able to identify job functions within the company that require more
computing power such as CAD drawing software or Database intensive applications.
Also you may need to determine lower computer needs such as word
processing and spreadsheet functions. Also
like it or not some people’s time is more valuable to the organization.
Top executives should not have to wait on their computer no matter how
simple their computing needs are. This
listing will help you to make these kinds of determinations better.
A listing of your software assets legal and non-legal could be the
difference of big fines or not, if you work to get non-legal uses legal. Some
companies make the decision to use illegal copies of software but I believe it
is important to be aware how much you are using.
Here
are some links to sample reports from a database I developed for tracking
computer assets. If you are
interested in this program it could be modified to meet your requirements.
Computer
Location Inventory (pdf Adobe Acrobat format)
Computer
by Location Detail (pdf Adobe Acrobat format)
Standardization:
The
above list of software installed on your computer systems may identify a number
of different things. You may find
software on some computers that do not need that specific software application.
You may also find somebody without access to software that could help
them. You will probably also notice
a core of software applications that everybody should have.
The more programs that are on a computer the more complex the registry of
that computer becomes. Also
standardization of versions can help support staff in troubleshooting problems.
If support staff must support Windows 98, Me, 2000 and XP as well as
multiple versions of Office within the same network problems become hard to
trace. The fix for one workstation
may not be the correct fix for the next workstation. So to fix a similar problem may require more research if
dealing with multiple versions. Training
users which is a subject I will get more into later can also be impacted by a
non-standardization of versions. Standardization
of Hardware can also be important. This
one can be harder to accomplish because very few of us have a budget to replace
all our workstations every two years at one time.
Usually we have to buy a few computers here and a few computers there.
One way to control this problem is to work with a reputable hardware
vendor who is likely to be around a few years.
Discuss with that vendor a desire to standardize your hardware over the
next couple years. Work with them
to identify components that are mainstream and also likely to be around.
Ok I think I better stop there because I was laughing to hard.
The above may be nearly impossible but there are some things you can do.
Some components may be good parts but they have not been tested fully
along with all the other components of your system.
This is the advantage of getting your computer from a good manufacturer. They usually fully test all of the pieces together, and now
that almost everything is on the motherboard including network cards this is
becoming easier. The vendors that
are serious about this also pay to have their assembled computers tested by
Microsoft for compatibility with the Windows Operating system.
Buying systems that have not gone through this process could and usually
does introduce minor problems that are very difficult to trace because they are
caused by a minor piece of code in the software not cooperating with the
firmware on a component like a floppy drive or memory chip.
The better quality your computers and the more standardized they are the
fewer problems you will have and the easier it will be to apply solutions to
those problems. Another piece of
standardization is to control what the user can install on their computer or how
they can configure or personalize their computers.
With Windows NT, 2000 and XP Professional the network manager can enforce
more control on the user but previous versions depend on rules and procedures in
the office.
Deployment:
What
I mean by this is how long does it take you to get a new computer up and ready
for a user to begin use? Having
standardized software and hardware makes this job much easier, but you probably
need more than an Operating System and Applications readily available. It is also handy to have drivers for the various components
such as sound, video, network adapter, printers, etc. It is also worth checking
the Internet for updates to these drivers although you should have a policy for
this and be very careful about applying drivers from just everybody.
(Once again you want standardization)
I have in the past set up all necessary software and drivers in a special
place on the Network drive so that I would not have to go looking for disks to
set up a computer. If that does not
work for you I have also seen a customer with a “crash box”.
If a machine had trouble they grabbed the box that had all the relevant
software and drivers in it to bring it back to life.
This is great but I think we can do even better.
Software exists that allows us to take an image of a correctly configured
machine and put it on a CD. You
know how when you buy a computer these days you often get a recovery CD to put
the machine back the way it was when you first got it.
The technology exists for us to do the same.
Using the recovery CD may not replace Applications you have loaded like
MS Office, MS Project or Anti Virus. It
would also not recover your personal settings for email or proxy server
settings. But if we set up your
computer and then burned an image of it we could have all your settings.
Then if anything goes terribly wrong you just pop in the CD and in about
15 minutes go back to where you were. In
this scenario it is best to store your email and all documents on the Network
drive or those may not be recovered. This
is a huge issue and it would be fairly easy to burn an image for each individual
computer although if you have standardized computers that are identical you can
burn one image for each of them, this image wouldn’t have personal information
however. If you are interested in
this service let me know.
Maintenance:
Having a solid standard and being
able to deploy it quickly are keys to the new computing environment but no
matter how good your standard is it may need to change often.
How often depends. These
days in a single week there are normally a couple new security breeches to an
operating system, a new vulnerability found in some application and 3 to 4 new
viruses or mutations of a virus. Because
many of us are connected to the Internet we should be paying attention to this
matter or be subscribed to a service that will update our system once a month
and immediately if a major threat is introduced as it was when the Code Red
Virus was launching. Some companies
such as Microsoft and Symantec among others are providing ways to automatically
update your systems, however I would do that cautiously. From time to time a patch does harm not good so although the
temptation will be to apply them quickly unless the risk is huge it may be
better to wait a little bit. There
may be other items to maintain as well, many people are aware that Windows
includes tools to remove temporary files which did not automatically get deleted
and de-fragment hard drive files. People
often ask me how often they should de-fragment their drive, which really
depends. I have seen some people
that needed to do it once a week and others that may only need it once a year.
Start out once a month and if your drive keeps being quite fragmented you
may want to do it more often. In earlier versions of Windows if these disk
operations were scheduled to run automatically they had a tendency to lock up
the computer. I noticed similar
problems with automatic Anti-virus scans. I
think it is best to run these checks on your own without the computer doing them
automatically. On not so much of a technical level it is a good idea to have
your computer cleaned out once in awhile. They
suck in dust with their fans and if you are in a dusty environment you can keep
your computer running better if you get the dust cleaned out twice a year or so.
It is amazing how much trouble dust can cause to a computer.
In most offices only once a year is probably adequate, but in homes with
more plush carpeting you may need to clean them out more often until the fibers
are not releasing so much from the carpet.
As I mentioned earlier, companies are at work to create autonomic
computers or holistic computers. This
same article states some of the rules for autonomic computing, “They must be self-configuring (able to adapt to changes in
the system), self-optimizing (able to improve performance), self-healing (able
to recover from mistakes), and self-protecting (able to anticipate and cure
intrusions).” As I said
earlier I image it will be awhile before we see these computers but when we do
the needs for maintenance will be few, and if they can make them self cleaning
we may never need to do anything.
Security:
Once again the Internet has
changed things in this area for all of us.
For years most of the companies I worked with to install networks did not
need to worry about swiping cards to get into the building, they did not have
armed guards at the door and passwords were very lax.
Just about everybody knew each other’s passwords.
Today the rules have changed. Everybody
that is connected to the Internet should worry about the security of the
information on your network. You
hopefully still do not have to worry about the people in your company but you
have no idea who is outside looking in. Intruders
may want to find information they can use or they may just want to mess up your
systems. They could even choose to
do it subtly, the equivalent of scratching the paint on your car or more like
messing with the air fuel mixture in the carburetor.
It doesn’t keep the car from running but it just makes something wrong.
In other words they may even do something that cannot easily be detected.
The update maintenance I talked about earlier is critical to this issue.
All software has vulnerability, and the more popular the software the
more likely pranksters are to find a way to exploit the vulnerabilities.
Passwords are also important as using a password to login to a server is
generally an accepted method of gaining access to a network.
The name of your cat or a birth date is an extremely easy password to
crack. Some times you do not even
need a tool to make a guess at those. Software
is available for purchase for around $195 that can capture this password.
First this software checks dictionary words.
About 99% of the passwords people use can be determined in probably less
than 10 seconds. Advances in the
field of Biometrics will make our world more secure using our fingerprint or
retina to authenticate us to the network. I
have seen one of these authentication devices at work.
Most secure will be a combination of a biometric and a password.
There is however no such thing as a completely secure computer.
In determining what level of security is appropriate for your company you
must balance the risk, cost and difficulty.
You should also consider who does need access to information as well as
who should be kept out of that information.
If you are in a very competitive field you may need to worry about more
than your computer systems. The
easiest way to get information about your company and your competitors is to go
through the dumpster at your office. Be
careful what you throw away and how.
Disaster Recovery:
Just as you need to asses the
risk of your information falling in the hands of your competitors you should
also ask yourself what would happen if we lost all the information completely?
You must list the things that could go wrong such as hard drive failure,
drive controller failure, flood or water damage, fire, theft, power outage, and
there are probably others. What
would loosing that information do to the business and how much would it cost to
get it back? Many companies do a
backup of their critical data. Of
course a good backup is the first most important step you should take to insure
recovery from a disaster. A backup
alone will not protect you against most of the problems listed above, so it is
important to come up with a solution for each of the possible problems that will
reduce or eliminate the risk to your company.
Let’s consider a few of the items listed.
Setting up your system to use a mirrored drive and mirrored controller
can reduce hard Drive or Controller failure impact.
You could also choose to implement RAID drive sets, which are considered
to be superior to simple mirroring. Due
to the reduced cost of drives these days it is not a bad idea to have a
duplicate hard drive on hand which matches the specs of your installed hard
drive so that it could quickly be installed if any problem arises. There are other solutions to this problem, which can involve
mirrored systems on site and off site. These
solutions could be outside of your budget and that is an important thing to
consider. What tradeoffs can you
afford? If a mirrored system would
cost 20-50K is it beneficial to pay for it and know your data is duplicated or
is that too much money. You may
decide to take the risk. I think
more companies should consider this kind of protection than currently use it.
Even at a higher price tag many companies would be out of business if
they could not recover quickly from a disaster.
You may not be at high risk for flood but water damage could be a
possibility if you have an automated sprinkler system.
What if something happened to trigger your sprinkler system and all your
workstations were damaged? You
could take steps to protect against this by having rolls of plastic ground cover
on hand. The plastic could be quickly stretched over cubicles before
leaving the building to protect from the water damage.
If any water did get into the monitor it may need to be dried thoroughly.
The computer box may not be best placed on the floor so it is protected
from any resulting flooding. Power
Outage can be minimized by the use of Uninterrupted Power Supplies (UPS)
although most of the affordable units on the market are not truly
uninterruptible they are measured in their transfer time.
(The shorter the transfer times the better.)
You may also choose to have a generator installed to keep power going if
long power outages are common in your area.
Generators can also be rated in transfer time. A Power Outage can cause a corruption of data especially in
Accounting programs and this can take a lot of time to repair.
Often people only consider the power outage impact on the Server but each
workstation is also important, as that may be where data is really lost.
These are some examples of how to prepare for disaster but also important
to consider is how long can you be without these critical systems. Some companies could survive for a week, others are measured
in hours and of course there are some industries in which each minute the
systems are unavailable can be very costly.
In any case if you have a plan you will be back up and running much
faster than you will without a plan. Once
you have a plan there is one more important step to take, you must test your
plan before the disaster hits. It
is important to know your recovery plan will work by testing under a controlled
situation. Hopefully disaster will
never strike but I have seen strange things happen.
One customer had a roof cave in due to heavy snow pack they came out
amazingly well but things could easily have been far worse.
Another odd situation I saw was each night the tape backup was failing
and the server was turned off. This
took a while to figure out because it made no sense. We would test it and everything was fine.
One night the CFO of that company finally found out that the janitor was
unplugging the server to plug in his vacuum and was terminating all services.
It pays to control as many things as you can; you never know where the
disaster will come from.
User Management:
I saved this for last but it
certainly is not least. The biggest
issue here is training. Once the
standards for software are set users should be trained how to use this software. As well users need to be trained on the policies and
procedures related to computing for your unique company.
I will submit that the biggest expense you have in IT is your users time.
It is more expensive than hardware and maintenance/support.
The biggest savings in your IT budget could come from a place you
probably don’t even have budgeted. I
have watched a lot of people use software tools such as Microsoft Office and I
believe there is a lot of wasted time due to lack of knowledge.
In some ways it is worse than 17 years ago. Often 17 years ago employees did not even know how to use
their programs at all however there were minimal expectations and once they
learned just a little bit they could perform at some benefit. Today although many people can get into Word and Excel and
can type a letter or prepare a simple spreadsheet there is a need for them to do
much more and only a few people posses the skills to produce time saving work.
Software needs to be thought of beyond one use.
Even though programs have become much easier many people do not use a
number of features that could save them time and get much more functionality
from their documents. Another
problem I have seen is people using the wrong application to do their work.
Many things I see on spreadsheets would be much better handled in a
database. Some Word documents would
be better if done in Publisher. I
have seen some spreadsheets designed that would be better presented in Word and
hardly anybody uses Powerpoint as much as they could to present a point,
including me. As I will be writing
in another article there are many practices beyond inefficiency in which an
employee can damage their workstation and severely impede the corporate network.
Much of this trouble has to do with; you guessed it, the Internet.
It is important to realize the type of damage employees can do and
develop policies for the use of their computers at work. Once developed these policies must be communicated.
Now all this sounds great all you have to do is write it down in a
procedures manual or training guide and give it to the employee right?
That would probably be true if most people read and understood the
materials given to them. All this
information is best if it is taught.
I believe education of all users
to be a major issue ahead of us. Because
of how things change rapidly in computers the process is probably a continual
one. Every year we all need to keep
our computer skills sharp and improving. Education
is becoming a major focus for me in my business. I have started to write articles such as this one to help
with others education. I have also
started periodic news briefs to keep everyone I know up to date on various
computer issues. Soon I will be
starting a monthly newsletter to educate anybody who will read it.
I have also started training programs with companies to help keep their
employees trained. This is the real secret to putting me out of business as I
mentioned at the beginning of the article.
If people will learn more about their computers they will not need me to
do the same things I have been doing for them for years.
So if you want to put computer guys like me out of work be sure to
aggressively keep yourself trained. If
you feel sorry for cutting me out then please give me a call or an email to help
with the training of people in your company or assistance in putting together a
plan for Asset Management, Security, Disaster Recovery, or any of these issues
presented here.
Article referenced:
IBM Leads Charge on Holistic
Computing by Michael Kanellos April 11, 2002 http://news.com.com/2100-1001-881279.html
|
