Nice blog Erin… Just want to inform you that Tripwire has complete real time support. Feel free to keep saying that we don’t as it gives us a great opportunity to discredit you when you try to compete.

DJ Schoenbaum
Tripwire, inc.

Sent via BlackBerry from T-Mobile

We (Solidcore) are smaller, younger and have state of the art technology. Our biggest challenge is how to get our brand name out so that we are invited to all the deals where Tripwire is being considered. Once we are in we tend to win 80% of the deals we compete in.

This is a classic battle studied in almost every MBA class: David versus Goliath.

One of the reasons we won deals against Tripwire was that they are not real-time. They have a scan and diff approach, while Solidcore is real time. Recently tripwire began telling customers that they have a real time version of the product. It works on only two versions of windows and no versions of Unix. This was a big victory for us as basically the market has spoken that real-time tracking of change is a critical requirement for PCI, SOX and ITIL deals and Tripwire was forced to accept it come on to the Solidcore turf, where they are newbie’s with little experience.

• is the market adopting this message?
• is it really what the customers need?

It is also interesting to see how they are positioning their product capabilities:
1. Solidcore: Real Time Change tracking
Tripwire: Continuous Scanning with Real Time Alerting

2. Solidcore: Pro-active Enforcement
Tripwire: Detection & Rollback (using 3rd party tools)

Ofcourse my views are biased. Should I feel happy that is recognition of thought leadership from Solidcore or feel enraged? What do you think?

– Dennis Fisher  Link to article.

For enterprises Change Control is a much better alternative than using A/V or other traditional security products. For consumers or home users it may still be ok. But organizations which care and control what programs can access resources on their corporate network … A/V will be a  thing of the past.

Many corporations have realized that traditional anti-***** products stop the “known bad” stuff from entering their infrastructure. But it is much easier to keep track of “known good” stuff  which provisioning systems like Altiris do. They make sure that only “known good” where good is defined by the corporate policy or by Dell for consumers is kept on the machines.

Solicore Systems is another example of this, where enterprise change control policy is used to ensure the known good state of the machine. If it came in via enterprise change control it is good, otherwise it is not.

If you can ensure that only known good stuff is on the machine, traditional anti-virus, anti-spam etc is dead.

Here is Peter’s podcast.

From the wikipedia:

… a tax shelter is any organized program in which many individuals, rich or poor, participate to reduce their taxes due. However, a few individuals stretch the limits of legal interpretation of the income tax laws. While these actions may be within the boundary of legally accepted practice in physical form, these actions could be deemed to be conducted in bad faith. Tax shelters were intended to induce good behaviors from the masses, but at the same time caused a handful to act in the opposite manner. Tax shelters have therefore often shared an unsavory association with fraud.

In most organizations when you want to make a change you need to fill out a change request form. The change request form states what needs to be accomplished, but does not concern itself with how the change is to be carried out. It usually contains when the change should be made and to which machines in the infrastructure. The change requests then go to the change
Again from the wikipedia
Change requests typically originate from one of five sources: (i) problem reports that identify bugs that must be fixed, which forms the most common source, (ii) system enhancement requests from users, (iii) events in the development of other systems, (iv) changes in underlying structure and or standards (e.g. in software development this could be a new operating system) and (v) demands from senior management
Almost every IT administrator I have met hates to fill out requests for change. Several of them see this as a TAX that they have to fill in addition to working 24×7 to get the work done. Now most administrators are smart people and they either created or found their own tax shelter: the Emergency Change.
When a change is labeled as an emergency change most organizations allow all the procedures of filling out a change request and approval to be bypassed, hence avoiding the change management tax. Just like IRS’s tax shelter some of which are perfectly legal and have legitimate uses, the emergency change is required for the proper functioning of the infrastructure; but like several illegal tax shelters it can be used and abused.
Recently a large retail company had outsourced their e-commerce website to an managed service provider (like IBM SO, EDS, Verizon etc). The outsourced service provider had very strict change management procedure, which they had developed over the past several years to ensure highest availability and uptime on the revenue generating sites. But ofcourse there was the change management tax shelter: the emergency change. After about an year of signing the contract, one of the outsourcer’s executives reviewing the retailers account found that 70-80% of all changes presented by the team at the retailer were emergency changes with no documentation or approvals. This was clearly and abuse of the tax shelter.
He called up his counterpart at the retailer and explained his analysis and why their performance fell short of the SLA. The VP of e-commerce operations was a reasonable person and admitted that he was between a rock and a hard place. His development team had revolted that if they had to follow the process and pay the change management tax they don’t have enough time or resources to get he site up before the Christmas season and he had let his operations team use this tax shelter in the contract.
What should we do? They could not come up with a solution at that very moment. Now the person at the outsourcer wanted to help his customer the VP at the retailer. So he got his team together and said we have got to figure out a way to this problem, because we look bad in front of the customer by not meeting our SLA and we are loosing money on the account also.
His team worked hard and came up with requirements: What they really wanted was something that could let the customer just do the change and then pick up all the information for the change and create the necessary documentation. Thus from the customers perspective they got rid of the tax but from the outsourcers perspective they still got the documentation needed and if there were exceptions that would be flagged. If someone could figure out a way of doing that with the IRS we would all save tax and the government won’t go into deficit.
Once they knew what they wanted they began looking into the market for solutions. The first one they encountered was from Mercury (Kintana), now part of HP. This solution would fit well with the development system that the developers were using. But it only took care of changes from the development system; if someone used some other system it would not work.

Next they looked at Bladelogic & Opsware, both tools used for pushing out the changes. Now these tools could detect if a server had been changed and what the changes but they had no idea who made the emergency change, when it was made or how it was made. The integration with their change management system was also not easy. Both these systems could provide some of the documentation required for the process, but not all of it. Then they came across Tripwire. Tripwire could also be run periodically and it would detect what had changed, but it could not provide who made the emergency change (which was a problem, because it was important to show that the change had been made by the retailer) , also there was no SLA on when the change was made and when the documentation would be complete. The other problem they found with the above systems was that when they created tickets from change the volume of change was so high that the tickets created were meaningless.

Finally they looked at Solidcore. Solidcore could tell them what changes had been made, who (user) made them, what application was used to make the change, when the change was made. It could also connect back to the change ticketing system. Before the changes were put into the ticketing system, Solidcore clustered them to find units of change. This dramatically reduced the number of tickets created and also there was more meaning to each ticket.
The next morning the VP @ the retailer received an email: we have discovered a legal tax shelter for you: Solidcore and would like to discuss and mutually agree to discontinue the use of the illegal tax shelter: the emergency change.

Now as IT organizations look at ITIL, how could we describe it in a simple phrase like “removing variability from repeatable processes? What is the equivalent statement describing the ITIL philosophy?

When I searched on the web, here are some interesting possibilities:

- separate administrative tasks and technical tasks

- develop a common-lingo for communication about process and solutions
- automate repeatable process

- get budget from the CFO, wait for the next wave

- provide a service (like a resturant), not technology (cooked food).

What do you think?

One of the important things about controls is whether they are pro-active and reactive. Reactive is do something after it happens: like MTV & CBS apologized for Janet’s failure.  Pro-active is what is done before … a system which would have not aired the snafu.  The Janet Jackson’s control failure highlights that in some cases having reactive controls is just not good enough. The damage has been done.

Yet if we look at the IT world most of the process inside organizations to control change are reactive. They do-stuff after the change has happened not before it. They are waiting for a Janet Jackson control failure?

Should you control change pro-actively on some of your infrastructure?

” Lately in a wreck of a Californian ship, one of the passengers fastened a belt about him with two hundred pounds of gold in it, with which he was dound afterwards at the bottom. Now as he was sinking — had he got the gold or the gold him?

– John Ruskin, Unto his Last

VP of IT Operations at a Fortune 1000 company mentioned that the way he figures out whether there is going to be downtime after a change window is to look at the pattern of change events during a change window (using Solidcore). He says good change windows have the pattern of a lot of change in the begining and then nothing. Bad change windows have two peaks: a lot of change in the begining, then a lot of change in the end. I know at that point Has he the change? Or the change him?

Read the article at the data center journal.

Rob: whazz up man … did they let you in?
Tony: yes man … but I got very confused there. They use this thing called tripwire … but it doesn’t trip. Someone could cross it a million times but it trip’s only when the manager decides to go run it.
Rob: that wouldn’t work.
Tony: nope. It will be like having chains … you got to go check each time.
Rob: I can’t imagine using chains on all the machines they have, no wonder they look beat like our referee’s with everyone shouting at them
Tony: It gets worse. This Tripwire they use doesn’t even tell you who crossed it. Or it kind of does, it tells you the last person who crossed it.
Rob: but we would want the first person wouldn’t we?
Tony: yes we would and also not just one person … but every person who crossed the line with the ball.
Rob: so this Tripwire stuff can’t tell you who or when they crossed … what do they use it for?
Tony: I don’t know man …
Rob: maybe your guys are not upto snuff on this stuff … I have a friend who works at this big company and he does something to do with SOX. I remember he was up one night and mentioned tripwire … maybe they already have something like that in baseball … I will check him out.
Tony: later dude
Rob: cya

…to be continued …

• How many people had deployed a CMDB? One hand went up.
• How many folks had actually seen a live CMDB? Only one hand went up.
• How many folks had projects to evaluate a CMDB? Entire room put up their hand.
• How many folks think that these projects would lead to implementaion? About 4 hands went up.

One of the things which came out of the meeting was people were struggling with what to put in a CMDB. Most people felt that ITIL was synonymous in most organizations with either service desk, incident management or change management. But how that translated into a CMDB was not clear.

Software which starts with the applications, like Asset Management (for example, Mercury Asset Management…) and Relicore (Symantec), Collation (IBM), nLayers (EMC), Cendura (CA), Appilog (Mercury) all have one common characteristic … the need a white list.

Niether this guy nor I have used all these software, but a cursory look at their description seems correct … they all need a pre-configured list of things which they should track. If you think from an application point of view this makes a lot of sense … once you know it is Hyperion, you can enumarate all the files and configuration settings for example with Hyperion and track changes to that.

This clearly has several advantages and dis-advantages. First advantage, since most of the above software (except Relicore/Symantec) scan the system, this reduces the time and resources required for the scan. It also presents change data in an applicaiton context which is more useful for the end-user. The

The dis-advantages are same like with other white-list approaches, they need to be constantly updated, also may not be available for older/newer versions of the software. What do you do for custom software … user has to input all this stuff etc.

Here is an excerpt from the begining which I thought was simple and insightful …
“The organization formerly known as the help desk is growing up. Under the moniker of “service desk,” it is expanding its footprint and adding such functions as problem, change, and configuration management to its previous incident-focused role. The classic help desk was somewhat limited
in its scope and parochial in its focus: Users would call with a problem, and technicians would endeavor to fix it as quickly as possible. Help desk software would track incidents and open tickets as responsibility passed from one person to another. Once solved, reports would point out potential hot spots for further study and possible proactive action. Only rarely would the help desk have incidents opened directly from systems management utilities or be tied into any formal change management process.

As processes and procedures for ensuring the continuing health of the IT infrastructure developed, more complex workflows and organizational handoffs were required. Enterprise-class tools to support this service management followed. Common structures and practices added a framework for further refinements. Today, there is widespread acceptance among larger and more complex organizations of a structure following the Information Technology Infrastructure Library (ITIL) model for service management, and tool vendors have followed with products that assist in ITIL implementations.

Smaller organizations and those not ready to make wholesale change to structures and processes nevertheless want tools that are robust, simple to install and configure, and easy for technicians to use. For these organizations, incident and problem resolution remains a key focus, often with an additional emphasis on desktop life-cycle management, with (but not at the expense of) workflow, tracking, and reporting tools.“

The company liked opsware as a deployment engine. It had simplified thier life considerably. But it had complicated thier life considerably when it came to reconciling change with the change tickets.

The VP mentioned that there was no easy way to integrate the two systems. Also the volume of change which was bieng reported by Opsware was so large that it made their earlier procedures which were manual just infeasible.
Opsware had taken them almost a year to rollout and they wanted to quick fix to this problem. Has anyone else seen this problem? Have any suggested solutions?

One explanation which comes to mind seems to be, that for a long time software developers have used source code management systems, which had versioning tools like CVS or SVN would naturally extend their value proposition to change management.

If you look at the vendors out there, it seems that there are two different directions people are coming after change management … one is starting at the Application layer and the other is starting at the system layer. The following picture from Mercury Interactive’s web site provides a similar layering.

If you approach this from the application side, then the change cycle starts with a developer making some changes in response to a request by the busines unit. These changes are tested in staging and then put together in a release which is put into production. All of which fits neatly into ITIL Change Management/Release Management world. Mercury fits this point of view very well.
The next set of tools which view change management from the perspective of the application are the “application dependency mapping” folks. I guess they originated from the problem that companies face when putting things in production … changes interact with each other. Especially if you are in the Java world, there are a lot of files, classes, settings etc, which depend on each other. So knowing the dependency between one application and another and also having a preview as to what are all the things one change can effect seems valuable. Most of the major players in this space have been gobbled up by larger companies: Relicore (Symantec), Collation (IBM), nLayers (EMC), Cendura (CA), Appilog (Mercury).

It seems like most of the above companies discover the applications by doing a scan and then figure out the dependencies between them also. The scanning gives people the ability to determine what has changed.

I guess the application view has its benefits in the sense that it sits closer to the business user and the business use. The other companies which came up on google for change management start more at the systems layer … next next next.

When I think about this problem it is similar to the GM and the Auto workers Union (UAW) settlement. GM was asking for some really tough concessions from the UAW, so they brought a UAW representative inside GM and gave him access to all the financial infromation. He was not allowed to communicate this information, but he could see how serious and real the situation was. This helped GM and UAW engage in meaningful dialog.

Another CIO I met mentioned that if Central IT and the Business Units could see what each other was doing that would go a long way to build trust. If there was some way to have autonomy but visibility that would make the organization really efficient.

Pre-automation there were several manual steps which inherently created barriers for the failures to cascade and also in some sense partitioned the infrastructure. Several examples came out

• Active Directory/DNS: since the directory auto-replicates, if you make a mistake it propogates relatively quickly
• Production and Disaster Recovery: auto-sync between these two can bring down both
• Network: this is the classic because routing changes propogate quickly
• Any clustering solution

We had an interesting discussion about what to do in this case. Clearly you want automation, introducing a human in the loop is not an option in many cases. But how do you solve this problem?

One of our colleagues at a large minufacturing facility had solved this problem in an interesting way. He took one node in a cluster or active directory and used to keep it disconnected!!! and the manually connect it once in a while.

That was very interesting because he had figured out a way to technically enforce a change window which opened by him connecting and dis-connecting to the network.

• IBM Rational: the link takes us to Clear Case which is a source code management system.
  
• Sunview Software: lets you define workflows for different change types and then users to use them
• www.seapine.com/SCM: development tool to streamline software development
• www.bmc.com leads to a form which leads to a link to a whitepaper again about defining the business process and keeping track of a change request/project as it completes various phases
• www.Pega.com seems to be process definition and automation
• Solidcore: track and enforce changes on systems
• Opsware: provisioning system to push out new software to endpoints
• MetricsStream: quality management process

I refined the search to IT Change Management and the following other companies showed up:

• nLayers (EMC): application discovery and mapping tool for cmdb

Okay, so if you were looking for change management you could buy a software development system, process automation/ticket system, provisioning system, change tracking and enforcement, discovery and mapping tool. There seems to be no relationship between them but their marketing messages seem identical: conrol change, follow process, increase performance, be compliant … blah blah blah

So which one makes sense? (to be continued …. in part III)

Well it turned out that one of the software on these machines had the capability to download and self-update. The retailer was not only unaware of this but certainly believed that no such thing could be happening…Their normal change procedure was to copy every single file and keep several versions of it before making changes.

But it was happening … and did cause downtime every now or then … which was in the past attributed to flaky behavior. Do you have software which can auto-update in production: anti-virus, windows update, management packs are some examples where this commonly occurs.

So as s a first step I decided to go search for change management, service desk etc and see what articles came up …. the following I thought were interesting (of the links that were not not blatantly vendor specific)

• T. Malarselvan ppt on “Service Desk Tools: Comparison & Recommendation”
• Compares BMC Remedy, CA Service Desk, HP Open Service Desk, HP Peregrine, Front Range Heat
• Blog on Change and Configuration Management
• Couldn’t find the author, but the person writing it seems interesting and knowlegeable, although the last post is over a year old … so not sure whether it is being updated
• Change and Configuraion Management @ Blogspot
• This seems like a evolution of the previous blog (I got the link from there)
• Evergreen Systems Survey on Change Management Maturity in Companies
• The survey highlighted some important areas of progress:49% are using a Change Management application as an IT workflow tool.;72% have 30% or more of their IT staff using a Change Management application daily.; Almost half are using Change Management to plan and execute Release Management activities.;39% integrate Change Management into their portfolio of project management tools.;59% employ Change Management as a single, enterprise-wide IT Change Management policy and system.
• I also like Gene Kim’s articles about visible ops
• An introduction to visible ops
  
• IT Controls Benchmark Survey Results

The above were great exposition of the problems associated with change management or why you needed change management. But except for the first presentation by the gentleman from TCS. It was not clear what do about a change management system.

What else could we search on? Any insights and additional links would be great. I am going to attack this next from reading the vendor material: Part II: Exploring more vendor specific content (will add a link once I make some headway).

]]> http://think-smarter.com/rosen_sharma/2006/11/07/in-search-of-a-change-management-system-part-i/feed/ 0 http://think-smarter.com/rosen_sharma/2006/11/05/wineries-%e2%80%9cchange-management%e2%80%9d-system/ http://think-smarter.com/rosen_sharma/2006/11/05/wineries-%e2%80%9cchange-management%e2%80%9d-system/#comments Mon, 06 Nov 2006 03:33:50 +0000 Administrator http://think-smarter.com/rosen_sharma/2006/11/05/wineries-%e2%80%9cchange-management%e2%80%9d-system/ I visited one of the larger (top 5 by revenue) wineries in Napa. And heard a very interesting story. Apparently most wines these days are made from grapes from a couple of places if not more. And the law requires that you have to keep track of exactly what volume of crushed grapes has done into a particular barrel, and where did the grapes come from etc. This is done with “Grape Crush Management System”.

If the wineries don’t keep track or for some reason the data gets messed up or the system goes down, they can sell the wine as $2 generic wine in a low end store. So this is very important.

The grape crushing lasts only for 2-3 months of the year. So what a lot of wineries do during this period is first to take the system off the network … so no one can log into it. Second all login’s except like the COO are disabled. You can only access this from a room which is under lock and key.

All because they don’t want anyone to make any changes during this time period.

]]> http://think-smarter.com/rosen_sharma/2006/11/05/wineries-%e2%80%9cchange-management%e2%80%9d-system/feed/ 0 http://think-smarter.com/rosen_sharma/2006/11/04/what-can-itil-implementations-learn-from-six-sigma-adoption/ http://think-smarter.com/rosen_sharma/2006/11/04/what-can-itil-implementations-learn-from-six-sigma-adoption/#comments Sun, 05 Nov 2006 01:41:13 +0000 Administrator http://think-smarter.com/rosen_sharma/2006/11/04/what-can-itil-implementations-learn-from-six-sigma-adoption/ There was a lot of hype and hope when six-sigma was the “thing”. Now ITIL seems to be the “thing” and there is a similar kind of hype associated with it. There was a study couple of years back (I can’t find the link — will post it when I do) which compared what organizations adopted six sigma well and where it did not go anywhere. Jack Welch also talks about the same theme in his book.

What they found that a lot of companies did they following: bring in consultants, and they will tell us our six-sigma strategy. The consultants who were knowledgeable in most cases came and prepared a plan. Then the top management spent a lot of money implementing this plan. Usually most of these implementations stalled and failed to realize benefit for the companies.

The other way of doing six-sigma was to understand the essence of it: how do we drive variability out of a repeatable process. And then ask managers if this was applicable to them. That is did they have repeatable processes and if so how could they reduce variability. This approach was way more effective. One it got buy in from the grass roots and created small success stories, which had direct impact to the top and bottom lines.

I see the same kind of struggle with ITIL. There is industry pressure to do something about ITIL in your companies. What is the essence of ITIL? How do you get buy-in from the grass roots in your company? How do you create the short wins?

Those are the critical questions.

]]> http://think-smarter.com/rosen_sharma/2006/11/04/what-can-itil-implementations-learn-from-six-sigma-adoption/feed/ 0 http://think-smarter.com/rosen_sharma/2006/11/04/how-would-rudy-giuliani-implement-change-management/ http://think-smarter.com/rosen_sharma/2006/11/04/how-would-rudy-giuliani-implement-change-management/#comments Sun, 05 Nov 2006 01:17:01 +0000 Administrator http://think-smarter.com/rosen_sharma/2006/11/04/how-would-rudy-giuliani-implement-change-management/ In Tipping Point, Malcom Gladwell talked about how they brought crime under control in New York City. They began arresting people who were jumping the ticket turnstiles and booking them on the spot. How would this help with anything … people would have thought? But it so happened that several of the people they arrested were responsible for other larger crimes in the city. And slowly but surely this improved law and order dramatically.

One of the things I see organizations struggle with implementing change management or ITIL in general is where to start. Usually organizations emark on large projects which take a long time to realize the gain.

One thing we can learn for the NYC example is that we should begin monitoring the small infractions (unauthorized changes) in the infrastructure and it will have large impact on service availability. As some of those small infractions lead to much bigger crimes!

]]> http://think-smarter.com/rosen_sharma/2006/11/04/how-would-rudy-giuliani-implement-change-management/feed/ 0 http://think-smarter.com/rosen_sharma/2006/11/03/oracle-unbreakable-oracle-vs-redhat/ http://think-smarter.com/rosen_sharma/2006/11/03/oracle-unbreakable-oracle-vs-redhat/#comments Fri, 03 Nov 2006 09:21:25 +0000 Administrator http://think-smarter.com/rosen_sharma/2006/11/03/oracle-unbreakable-oracle-vs-redhat/ Oracle’s “unbreakable” campaign is mostly mis-understood. To get enterprise customers to commit to Linux, Oracle promised them that if any bugs came up they would fix them within the SLA provided. Oracle had a few thousand (speculation) programmers and the way it worked was that Oracle wrote the code, give it to customer and provide the fix to RedHat which pushed it out.

So Oracle providing support for RedHat is not something completely alien. Whether their motive is really to provide support or this is first step in a multi-move chess ending to buy RedHat only Larry knows?

]]> http://think-smarter.com/rosen_sharma/2006/11/03/oracle-unbreakable-oracle-vs-redhat/feed/ 0 http://think-smarter.com/rosen_sharma/2006/11/01/change-related-processes-itil/ http://think-smarter.com/rosen_sharma/2006/11/01/change-related-processes-itil/#comments Wed, 01 Nov 2006 16:27:59 +0000 Administrator http://think-smarter.com/rosen_sharma/2006/11/01/change-related-processes-itil/

This picture is off the whiteboard of a the person responsible for ITIL implementation at one of the largest utilities in the US. I found it to be a simple and succint explanation of how things worked and inter-operated with each other.

Click on the picture to see animation about how change approval, staging & test, release management, configuration management and CMDB work together

]]> http://think-smarter.com/rosen_sharma/2006/11/01/change-related-processes-itil/feed/ 0 http://think-smarter.com/rosen_sharma/2006/11/01/to-be-fathers-1-cause-of-downtime-at-hospital/ http://think-smarter.com/rosen_sharma/2006/11/01/to-be-fathers-1-cause-of-downtime-at-hospital/#comments Wed, 01 Nov 2006 14:59:48 +0000 Administrator http://think-smarter.com/rosen_sharma/2006/11/01/to-be-fathers-1-cause-of-downtime-at-hospital/ At one of the hospitals in the Bay Area, when you check in to deliver your baby, they ask you if your husband is an engineer or works in hi-tech. If the answer is “yes”, you get a long and stern lecture from the person at the station checking you in, not to play around and change settings on the monitoring machines in the delivery room.

Apparently people going in and plaing with the monitoring equipment is a big cause of downtime on the monitoring equipment, which is a pain, because then the nurse has to rush to the room to see if it is dis-connected or something else is wrong.

The would love to lock the equipment or the father down and keep the key — both work

]]> http://think-smarter.com/rosen_sharma/2006/11/01/to-be-fathers-1-cause-of-downtime-at-hospital/feed/ 0 http://think-smarter.com/rosen_sharma/2006/11/01/availability-depends-on-the-location-of-the-coffee-machine/ http://think-smarter.com/rosen_sharma/2006/11/01/availability-depends-on-the-location-of-the-coffee-machine/#comments Wed, 01 Nov 2006 13:54:56 +0000 Administrator http://think-smarter.com/rosen_sharma/2006/11/01/availability-depends-on-the-location-of-the-coffee-machine/ I was with a large company in San Fransisco, talking to the VP of IT operations. They were in the middle of a moving sun machines from corporate to a data center. About an year they noticed that suddenly a set of servers were having problems, they had couple of failures within a week. These machines had been untouched for a long time. Then nothing happened till 3 months later and they had couple of failures again.

Someone pointed out that during both those weeks the coffee machine on the floor below was not working so people had been coming upstairs to get coffee. They figured out that people would walk past these machines and see the disk light on or some light blinking and would log in to see what was happening. Tinker little bit … And this caused downtime!!!

That was one of the factors in moving the servers to the data center as people felt the tinkering would go away and increase stability.

]]> http://think-smarter.com/rosen_sharma/2006/11/01/availability-depends-on-the-location-of-the-coffee-machine/feed/ 0 http://think-smarter.com/rosen_sharma/2006/10/30/what-can-itil-learn-from-american-gas-stations/ http://think-smarter.com/rosen_sharma/2006/10/30/what-can-itil-learn-from-american-gas-stations/#comments Tue, 31 Oct 2006 04:22:09 +0000 Administrator http://think-smarter.com/rosen_sharma/2006/10/30/what-can-itil-learn-from-american-gas-stations/ As an immigrant to the US, it took a while before I got comfortable using the bathrooms in the gas stations on long drives. In most other countries, the bathrooms tend to be unusable. In Britain you have to deposit money to use them and the auto-clean can be interesting experiences.

My wife and I always talked about how they managed to keep those things clean. And it occurred to us one day that it was all because of the long unwieldy things the key is attached to. You can’t loose the key or leave it in the lock.

As I sit in a lot of these ITIL conversations around change management, I find myself smiling. Only if we could maintain the same process around our infrastructure, like the gas stations have around their bathrooms, availability would jump another 9 atleast. Keep the infrastructure locked, till there is an approved change (like the guy who bought gas at your station) and then give them the key with a really long handle, so they can’t loose it or forget it or pass it to someone else

There are some great ideas and parallels in the book by Suellen Hoy

Chasing Dirt: The American Pursuit of Cleanliness (Paperback)

Enjoy!

]]> http://think-smarter.com/rosen_sharma/2006/10/30/what-can-itil-learn-from-american-gas-stations/feed/ 0