Quis custodiet ipsos custodies?

“Who watches the watchers?” Compliance has become a hot topic for organisations facing scrutiny under the plethora of regulatory controls such as Sarbanes-Oxley, HIPAA, Basle II, etc. Many of these regulations deal with security of access to Information Systems and the provision of audit trails that provide the forensics required to determine who did what, where and when.

Unfortunately, the emphasis for any type of audit trail and reporting is focused on the end user of a system or application, and not the access of the Operations personnel whose function it is to ensure that the systems are running correctly.

In order to truly create a system access audit trail, all modes of access must be monitored. This is generally done automatically for applications that create log files, but not for systems and devices that use a serial console as its primary management interface. True, these consoles tend to be in a computer room, and so have access to them controlled, but that still doesn’t allow specific commands executed on them to be monitored, logged and archived for regulatory compliance.

How often has changing a parameter on a device caused performance degradation on the network or system?  How do you determine what command was issued, when and by whom? I have had instances where Operations Personnel and Equipment service personnel have both denied making a change, yet I know without a doubt that a change must have been made, as the configuration does not match that required by the installation. Simple control of access to the serial port of the device in question, along with logging of all operations performed through that port, would have resolved the issue. Forget ‘Big Brother’ and think ‘Accountability’.

There are many solutions on the market for “Console Access”, but not all of them allow for the logging and advanced event detection that netPrefect from Cyclone Technology can be tailored to perform. Cyclone’s software has been the choice of many blue chip companies as the most simple and cost effective way to collect and act on security information across the entire enterprise in real time, while at the same time aggregating logs of all security events by severity and type, and lastly creating a long-term audit trail.

On a final note, even if another “Enterprise Management Solution” such as Openview, Tivoli or Unicenter etc. is being used, there is still the requirement for serial console access control and auditing, as these solutions very often do not perform this function.

Top 10 tips for choosing an Infrastructure Management solution

In any enterprise, small or large, as an organisation grows, it is inevitable that the hardware used is sourced from different manufacturers. This in itself isn’t a real issue as that is what must be done if “best of breed” is required. The issue comes in monitoring and managing the environment.

Here are my top 10 tips when choosing the right management solution for you...

10) Don’t be seduced by whiz bang features that you will never need

9) Aim for a few solutions as possible, 1 is best, 2 is ok, 3 is acceptable, any more will become unwieldly and hard to integrate and manage

8) Be clear about what you want to do (don’t confuse routine management tools with one off problem solving tools e.g. wireshark is a great tool, but not really practical for day to day monitoring, it is best at troubleshooting a specific network issue)

7) Consider the deliverables to your customers when choosing a solution (don’t go for complexity if you don’t need it)

6) Think ahead, what are your customers going to need in 6, 9, 12 months’ time when they demand more because the service you give has improved, build it in now

5) The business is built on and betting on the infrastructure, so consider business continuity for your monitoring solution

4) Make sure you have professional support for the solution you choose (free/open source is great, but are you able to fix it yourself when it goes wrong?)

3) Don’t confuse Infrastructure monitoring and management with other requirements (e.g. asset management) while they all will fall within your domain, they don’t always need to be in the same user interface and so may be a separate best of breed solution (just like the infrastructure, you don’t use the same hardware to perform every job)

2) Don’t be frightened to invest time and effort to make your solution do exactly what you need (there are very few that are perfect for you “out of the box”)

1) Ensure that you can embed your own local knowledge into your chosen solution.

Why no emphasis on Business continuity within the I.T. Management infrastructure?

Why is it that in this day and age of buzzwords and phrases like "Business Continuity" there little or no emphasis made on the need for the management tools required by the IT department to be fault tolerent.

There seems to be a big deal made of web farms and clustered sql servers etc. That's fine for the business, but, what happens when the Infrastructure management tools are unavailable?

Picture this: Your only link to the internet is down, your company is losing money because your web shop is unavailable. Your users are screaming, but you can't do any investigation or corrective action because your Management system is offline due to an unforseen server hardware fault! Who is going to get fired for this?

I have been speaking with quite a few prospects recently where they have a look of horror on their face when you ask this question!

So, how many Infrastructure Management tools have been designed with Business Continuity in mind? I know mine does, but, does yours? If it does, please, let me know, what is it called?

Finally, I have a blog

Well, I finally got around to creating a blog. Lets hope I can get the most out of it and actually write some stuff that will be

• useful,
• interesting and
• something that I can understand when I re-read it in the future.