Changing Our Minds

"The only thing more iritating than someone that changes their mind every 5 minutes is someone that never changes their mind"

Green Light IT has an almost unique problem among ICT service providers - our customers are with us long enough to see us change our minds and our positions on things like new technology and new approaches. As always these changes can lead to questions and concerns.

Firstly let's establish why our position has to change:

The IT industry is awash with new ideas and for the forseeable future likely always will be. And for every new approach/idea/gizmo/program (we are going to use the technical term "thing" for the rest of the article) that succeeds and goes on to establish a place for itself 10 "things" (or more) fail because of:

• Insufficient take up.
• Being all sizzle, no steak.
• Under-estimating the complexity of the problem.
• The cure being worse than the illness.
• Lacking reliability and sound support.
• etc.

So, to put it succintly there really aren't any silver bullets but every now and then a new approach/idea/gizmo/program arrives which is useful and thinking needs to change.

What Green Light IT customers probably don't realise is that by the time we announce a changed position to them we will have looked at the issue from every which way we can.

Here are some of the principles we try to use when looking at new "things":

1. Proven - Have enough people tried it and gotten the results they were expecting?
2. Cost Effective - Does it solve a real problem for less than what the original problem cost?
3. Reliable - Does it create a system that you can expect to work?
4. Longevity - Are the people that make and support the "thing" likely to be here tomorrow?
5. Utility - How well does the "thing" do what it should, and how else might it be applied?
6. Risk - Can the "thing" be tried at reasonably low risk? Is a back out position possible or is it all or nothing?
7. Security - Does the "thing" take a new and potentialy dangerous approach.
8. Unintended Consequences - What are consequences of using the "thing"? Does the customer understand and expect these consequences?
9. Inevitability - Is the "thing" going to become the new standard whether the customer likes it or not?

As you can probably guess by looking at the list of considerations "things" normally need to be around for a little while before you can assess them in the positive - this does tend to mean we don't recommend our customers getting on the bleeding edge. It's not like we aren't interested - we are always staying across new technologies/approaches (just the other day we had a heated debate about using Solid State Drives for a customer's database server), however we don't tend to change our position until we think there is a sound case for believing the new "thing" is better than the old "thing".

The upside to this for customers is that they get solutions that work. They might not be the latest solutions, but they are ones we know can be relied on.

Merger with Saltbush Group

This is old news for most of our customers, but Green Light IT is merging with the Saltbush Group.

Green Light IT will be forming the new service delivery arm of the Saltbush Group called Saltbush Solutions.

The Saltbush Group is a Canberra based, but Australia wide ICT firm providing services in Consutling, Security, Development, Assurance, and now through Green Light IT, Service Delivery. With over 60 consultants it is Canberra's fastest growing ICT firm.

We will be continuing to call ourselves Green Light IT, some of the time... the rest of the time we will call ourselves Saltbush Solutions. You can call us either - we don't mind.

The Ten Second Test That Will Save Your Organisation Thousands

As we go about helping organisations we see a lot of virtualisation being used to save money on server hardware. But we are also seeing plenty of virtualisation used in ways that is going to eventually cost more than it saves. In short we are seeing some organisations suffer the midrange explosion that we warned about in our previous blog post.

That is - the idea of "free" servers is sometimes leading to the deployment of servers for roles of dubious value.

"If the server is free what's the harm?" I hear some readers ask. The problem is it's not what the server costs to buy that matters, it's what it costs to own. Further, as you add more and more computer systems complexity can have an amplifying effect on the cost of ownership of systems deployed.

When an organisation has to pay for "tin" upfront this acts as a natural restraint on over provisioning. When servers seem to be free sometimes this restraint is absent.

So, here is the 10 second test that will save your organisation thousands. Before you add a new virtual server for any ongoing production role to your design or architecture ask yourself this question - "If I had to pay for the tin would I still design it this way?"

If the answer to that question is not a solid yes then you need to re-think your approach.

Christmas Trading Hours

Over Christmas Green Light IT will be taking a break will be closing on the 23rd of December, and re-opening on the 4th of January.

Feel free to leave us a message on the phone or drop us an email over this time. All the best for Christmas and we look forward to talking to you in 2010.

Why We Use NAS Rather Than Tapes

If you took a look at our last blog entry you might wondering what we use for backups if we don't use tape.

That's easy - we use Network Attached Storage (NAS for short).

Compared to tapes NAS have three major advantages:

1. They can keep up. Tapes are so slow that many in the industry now do what is called "Disk to Disk to Tape", where the backup is first done to another set of high speed disks, which can then slowly and ponderously stream that data to a tape drive. Getting rid of the "to Tape" bit is the next logical step.
2. Less External Dependencies. A NAS unit is a complete system that you can attach to your network and start pulling files off. A tape needs a tape drive, a semi functioning computer, driver software, backup software, and they all need to be accessible before you can start pulling off files.
3. Unlike tapes, which are a bit of an out sider from a mainstream technology perspective, NAS units use normal everday Hard Drives. So as the capacity of normal every day hard drives increase, the capacity of NAS units keeps pace. Tapes on the other hand are always playing catchup, and are usually around an order of magnitude behind in terms of cost effective storage.

Now if you are seeking a long term archive then tape is still your best bet, but that is not what most businesses are after in our experience, particularly once retention of data in programs like MYOB/QuickBooks etc is explained. Even then, NAS, which is powered up once every couple of years is probably just as good. Tape has the benefit that it can be just left to sit on the shelf for 10 years. Now, where did I leave that tape driver software...

5 Common Mistakes Business Make About Backup and Recovery

We are going to be talking about backups over the next few weeks - we are going to be talking about backups quite a lot. More precisely we are going to be talking not only about backups, but the other less frequent but oh so important bit - recovery.

The problem with the way most businesses approach backup is that they might take some backups (might) but they have never given a whole lot of thought to the other side of the equation - recovery. And there are some sobering stats here - probably the most sobering I have come across is this one:

"93% of businesses that loss access to their critical data for 10 days or more file for bankruptcy within 1 year. 50% of them file for bankruptcy immediatelly" - US National Archives and Records Administration.

So it's not only if you can get access to your information again, it's how quickly you can do it. And that is where things start to get interesting.

To get us started on our month of DR (Disaster Recovery) here are 5 common mistakes that businesses make about backup that means when push comes to shove they can't recover:

1. As long as I have my data I'm okay

Wrong.

Access to your data is contingent on a number of other pieces of infrastructure being in place. Sometimes this is a simple as a computer with say Microsoft Office installed in which case provided you can find a computer you are probably okay. But sometimes it relies on an application server, which has had 100 patches applied to it, which no one exactly remembers, and there was some bizarre tweak that someone had to give it to make it work etc.

Can you get access to the data again - probably. Will you get access to the data again before you are out of business? Much harder to know.

2. An Online Backup Over The Internet Is Our Best Option

Usually Wrong.

Online backup solutions are targeted at home users, and small businesses. They provide handy interfaces to help you see which files you are backing up, history etc. The problem is they are driven by people who, due to their limited IT knowledge, don't actually understand which critical parts of the system need to be backed up. For example, if you are using Exchange server only the system adminstrator has the access they need to the mail store.

If your whole server packed it in exactly how long will it take your online backup company to get you a copy of your data - a day, two days, a week? Have you ever asked? Have you ever tested their ability to deliver?

Also, as 1 above just backing up your data isn't really enough.

3. We Use Tapes

Wrong.

There are so many issues with tapes it is hard to know where to start:

• You need a tape drive (seems obvious right). But what if your previous tape drive was damaged (say by a power surge) so you can't move it across to the new server you just bought. Can you still buy the type of tape drive that you had previously keeping in mind it's probably three or four years down the track? This is what we call in the industry a "depedency".
• Tapes aren't growing in capacity fast enough to keep up with modern hard drives. Time and again we see new customers which have been sold a tape drive which can't backup a tenth the capacity of their server hard disks.
• Tape drives can subtly alter the length of tapes over time so that tapes will only work with that particular tape drive. Even if you can find a replacement tape drive your tapes may not work.
• Tapes need to have the basic operating system up and going to support the correct drivers. So if you are rebuilding from scratch you need to build a basic server, then install the tape drive and software, then restore (hopefully) and then reconfigure the server.

4. If a Part Fails In Our Server We Will Be Able to Get a Replacement Part

Wrong.

The scenario is like this - components in the computer industry tend to turn over on 12-24 month timeframes. After that the big PC/server manufacturers (HP, Dell, etc) will continue to carry spares for "warranty" customers. However, chances are they wont "sell" you one of their components - they need to hold an inventory to cover the customers which did pay for warranty.

Normally parts fail after at least a couple of years in service, meaning chances are you can't buy a replacement anymore. So if you don't have a warranty you probably can't get a like for like replacement. If you can't get like for like replacement then there is an awfully good chance that you will have to rebuild the system, or at least use a time consuming process to make the new part work with the old system.

Now this isn't true for some parts, like the power supply, or a non-integrated network card. These can often be easily replaced. But for the big components - like the RAID controller, Main Board and Hard Drives, it usually is.

5. If Our Server Crashes It Will Only Take a Day or Two to replace it

Wrong.

Yes you can go to Harvey Norman and buy a PC this afternoon. Servers are a different type of beast entirely. Because there are less of them sold they haven't reached the point where they are a standard item that retailers carry.

If you are lucky, and your business is small enough you may be able to limp along on a PC for a few days, although depending on your restoration strategy it could take days to get it correctly installed.

We will be discussing some of strategies we think you should pursue over the next few blog posts. Stay tuned.

Upgrade to Windows7

Have you heard about Windows7? It is entirely likely that the new Microsoft Operating System (OS) has flown in under your radar, as its release has been kept pretty low key compared to its predecessors. Windows Vista, which was the previous instalment of Windows, was not widely used (or liked) by the IT profession. It had several flaws, quite a few security holes and massive performance issues. It seems that Windows7 is following Microsoft’s long established trend of releasing an OS that is not quite right and then a few years later releasing a “new” OS, that is a remake or upgrade of the previous one with the bugs ironed out. Windows7 is looking to be an OS that “works”.

One thing that really surprised us is that Windows7 actually has lower hardware requirements than its predecessor. This if the first time this has ever happened with Microsoft Operating System. So it is possible to use the software on lower specification machines.

As per MS’s normal mode of operation once Windows7 is released the end of life for Windows XP support will probably be quickly announced. It has not been possible to purchase any version of Windows XP retail for quite some time now and the general consensus of the IT community has been to avoid using Vista in business environments. This means that Windows7 is where we will have to go for future system upgrades.

So far the outlook is good for upgrading to Windows7. There have been relatively few complaints about the OS. It uses much less resources and therefore runs faster on the same hardware (sorry to labour the point – but this is remarkable). The UAC, or user access control (the annoying fade to black windows) that Vista used has been toned down so that it is much less obtrusive. The networking support, while still not as good as it could be, is no longer painful to use.

The biggest test will be when it comes to using the OS in a business environment. How it behaves with other machines on a large network, not the mention how it interacts with servers is yet to be seen, but currently several GLIT members are trialling the OS with some of our work machines to test it in a work environment. We realise that it is inevitable that Windows7 will have to be rolled out to business clients, so we will be testing the new OS as much as possible before we have to roll it out to a working environment. But so far, things are looking promising.

Virtual Servers – Can They Save You Real Money?

If you have even a passing interest in IT then you have no doubt by now heard about virtual servers and virtualisation, which is a technique where a number of “virtual” computers all run on the one physical system. And although you might do this on your desktop, it is mainly taking hold in the back office where a number of servers are “virtualised” and run on one piece of server hardware.

Conceptually this isn’t a new idea – we have been doing this sort of thing since mainframe days. But virtualisation for Windows and Linux systems is now becoming big business for lots of reasons. The central argument around virtualisation is a cost reduction one. This comes through in a number of ways:

• Reduction in server hardware prices – If one piece of server hardware can do the job of 10 servers you have saved yourself the cost 9 pieces of hardware.
• Savings on Environmentals – One server, even if it is running a full tilt (computers use more electricity and produce more heat when busy) will use less energy than 10 servers, and will produce less heat (so less air conditioning etc).
• Disaster Recovery Planning – Virtualisation offers some savings if you need a standby site for DR – it’s kind of complex so if you want more details ask us for an explanation.
• There may also be savings in the systems management process as virtualisation (and the tools that come with it) make certain tasks more time effective for IT staff.

That’s the good news. If virtualisation is done correctly and appropriately it can save you money. If it is done where it isn’t appropriate, is poorly executed, or if you are just unlucky it can actually cost a lot more than it saves. Picking when it is appropriate is important, and it isn’t necessarily something the person trying to sell you virtualisation will tell you. This isn’t just us saying this – a number of big shops around town have either partially, or fully rolled back virtualisation projects dues to unexpected difficulties.

So, lets consider some of the things that influence whether or not virtualisation is a good fit.

No Free Lunch

Virtualisation tends to be a good solution for situations where your servers don’t do very much. So if you have 10 web servers that sit around largely idle then using virtualisation to collapse them onto one piece of “tin” (that’s a term we use for a physical server in case you hear it in conversation) might be a good solution.

But if you have 3 database servers that are flogged within an inch of their life then you are going to have to buy a much more powerful piece of hardware if you wanted to try and collapse them. This is going to affect your Return On Investment (ROI) position.

This can lead to a shop being exposed to the laws of diminishing returns in terms of buying hardware. To break that down simply a $5,000 server won’t be twice as fast as a $2,500 desktop (although it will probably be a good bit more reliable), and a $10,000 server won’t be twice as fast as the $5,000 server. So, if you have ten $5,000 servers, which are running at full tilt, you will probably have to spend a lot more than $50,000 to achieve equivalent performance in a single piece of hardware.

However, servers are not normally run that hard, and it is this fact that tends to make virtualisation economically viable. Normally you have ten $5,000 servers, each of which run at somewhere around 10-20% of capacity. You can replace those ten servers with one $20,000 server, which isn’t as powerful, but is powerful enough.

So, virtualisation is a better prospect for servers that are lightly loaded than for systems which are heavily loaded.

Understanding the Cost Model

Saving money on hardware sounds great, but is that really where most of your costs are? To get a sense on this it’s important to understand the Total Cost of Ownership (TCO) of a server over its lifetime.

TCO is made up of the following things grouped by scale of cost:

High:

• Support (wages or fees for the people that make the server work make sure that backups work etc)
• Downtime (wages of those people that can’t work when the server is not up)
• High-end Business Specific Software.

Medium:

• Business Specific Software (CRMs, etc).

Low:

• Commodity Software (Windows etc)
• Environmentals (Electricity, Air Conditioning, Rack Space).*
• Hardware.*

We’ve put an “*” next to the costs that virtualisation will reduce. Notice anything? Now there are arguments that virtualisation can reduce support costs and downtime. There are also arguments that say it can increase both of these. Which is true? It depends on context, and to some extent on whether or not the person appraising it is trying to sell virtualisation or not.

In the worst case we have seen organsations switch substantially to virtualisation, when they paid their outsourcer a fixed fee per server per month for support. The outsourcer didn’t reduce their server support charges significantly (they argued that supporting a virtualised server was no cheaper), and the outsourcer pocketed substantial money from the “move to virtualisation” project. Worse – the virtualised servers performed worse than the previous hardware based servers. In some circumstances the customer actually needed more virtual servers than they had physical ones previously. The result of this was that the support charges of their virtualised environment was more than the support charges on the real “tin” they had before, and the hardware savings were not enough to make up for the difference.

Complexity

Virtualised environments tend to be more complex than ones with normal servers, for a number of reasons.

1. Often more complex, higher end hardware is required. Dedicate Storage Area Networks (SAN) are an obvious example here
2. Server management now has another dimension to it – which “real” server do the virtual servers exist on – this might seem trivial but we have seen it cause problems
3. Another skill set is required to support the virtualisation product.

These are the foreseeable complexity impacts from virtualisation. However, the unforseen ones are in many ways worse.

Virtualisation tends to reduce the tolerances within your environments. Some examples include high dependency on having the exact firmware revisions and drivers for particular hardware, never being able to extract the IO performance you should get, network latency blowing out when there is seemingly no explanation etc. Now, you don’t need to know what these mean particularly to assist your decision making, but you need to be aware that some of simplification that virtualisation may give you will be traded off against some fairly high end esoteric problems which will require time and effort to resolve, and may in some extreme cases not have economically viable fixes.

Mid-Range Explosion

There is another potential drawback to virtualisation with respect to costs, and not one that necessarily is immediately apparent. It starts with a phrase during the sales presentation something along the lines of “so when you need a new server you just click, drag, click, and there is a new server, and it cost you next to nothing”.

Now that seems well and good, but as we have already discussed most of the cost of owning a server comes in the support phase. So saving you some deployment costs is great, saving you some hardware costs is great, but if it leads to an uncontrolled proliferation of servers (and we’ve seen this too) the “ease” with which new servers can be deployed actually starts to hurt a business.

This is a bit of “with great power comes great responsibility” type thing. If an organisation has a mature outlook, and doesn’t create servers willy nilly, still exercises effective change control, etc etc then this ability to commission servers quickly can be a great boon. If, however, they don’t exercise effective control, servers are run up on a whim, there is no disciplined management of systems then virtualisation can become an enabler to many poor practices, and before the organisation knows it the farm of 20 servers that it had is now 50 and increasing.

So...

We are not trying to say don’t use virtualisation. Virtualisation can be a fantastic thing that does give real savings. But it is very easy to be seduced by some of the amazing features that virtualisation offer, without considering the downsides, or more importantly exactly how virtualisation is going to improve the efficiency of your organisation.

Also, at its core, virtualisation is about saving money on IT, not saving money with IT. That’s fine – in hard times everyone needs to tighten their belts, but it does perhaps reflect an industry looking inwards at its own problems and coming up with a neat gadget to suit its own needs, rather than outwards figuring out how to make other parts of the business more efficient.

So make sure you take some advice, independent of the virtualisation sales people, about where it is a good fit for your organisation.

Thin Clients

From time to time you may have heard IT people talking about “thin clients” and wondered what they were talking about.

Firstly - no – chances are they aren’t doing a sideline in diet pills. Secondly, explaining the difference between a thin client and a thick client may be a little tricky. Rather than trying to explain the technical difference we thought we might try and explain the impact of each approach on an organisation.

To try and see the difference between a thin client and thick client imagine you needed to get a group of people from one place to another. If it was only a handful of people they might all have company motor cars, or they might share a company motor car. This works for small groups, but as the numbers start to get larger it becomes less and less practical (there isn’t enough parking at the destination, everyone needs to submit their fuel claims, a couple of people’s cars don’t work properly and need to be repaired before they can go, and some people also get lost on the way).

This is somewhat analogous to a “thick client” solution. Everyone has the utility and flexibility to go wherever they need to with only minor constraints (you need to travel on a road, follow the company vehicle use policy etc). The downside for the organisation is it needs to pay to maintain a whole fleet of cars, and substantial effort is spent keeping vehicles running properly.

Now consider an alternate approach. If everyone is going to approximately the same place every day (ie using the same applications) then maybe the organisation is better of with a bus. To move a large group of people there is less administration, parking problems, vehicle maintenance etc, and only the driver needs to know where the bus is going (so you only need to buy 1 GPS instead of 50).

The bus is more like a “thin client” or terminal solution. The people onboard have less freedom and flexibility, but provided they were all going that way anyway this may not be a big deal. Like the bus, a terminal solution requires certain equipment (a terminal server), which can be a substantial capital outlay relative to a few motor cars, but at some point, provided all staff are served well enough by the bus, it will be cheaper to run than the fleet of cars. The graph below illustrates this concept in terms of cost.

As you can see the terminal based approach has a higher set up cost but as the number of stations increases it is more cost effective. Now don’t worry about the exact numbers in this diagram – there are a whole lot of factors that influence this, but understanding this basic relationship is an important part of understanding the value of a terminal based approach.

The value proposition is as follows: If your requirements suit it, then the terminal server solution can deliver productive, reliable computing at a lower cost per station than using thick clients for all staff.

However, going back to our “bus” model can also help us see situations which terminal servers are not well suited to:

• Everyone is going to a different place – If everyone needs to run completely different applications then the terminal server may not be the right approach
• Everyone needs to attach different equipment – the bus can only have so many trailers attached to it. If everyone needs to use a PDA, or special data logger, or other peripheral then the bus may not be the right approach.
• Some Requirement’s Don’t Socialise Well – Just like the bus there is limited space and capacity on the terminal server before applications can start to seriously interfere with others ability to use the service. These “anti-social” requirements are probably better suited to stand alone thick clients.

You can also mix and match terminal and thick client deployments. For example, if 80% of you staff have “basic” needs you can have them use a thin client. The users with additional requirements can use a thick client for all the special tools they need, and use a software thin client to access the normal “corporate desktop” – they use the bus for the same things as everyone else, and only use their thick client for special jobs.

As you may have already surmised an important part of operating a successful terminal server installation is discipline. The organisation needs to be disciplined enough to protect the reliability of the terminal server by not letting unnecessary software be installed, and having the time and patience to set up user access so that staff can’t accidentally damage the server. This is one of the reasons that organisations with a mature outlook at Information Technology are the ones most likely to gain benefit from an investment in a terminal type approach.

While we have spoken quite a bit about restrictions it is important not to oversell these for a terminal solution. Staff that only need to use word, excel, email and a web based database or two can operate quite successfully on terminal solutions and never even know that they don’t have their own computer.

There are however, odd things that can catch you by surprise. A typical example is displaying video. As you probably know video is a rapid sequence of still pictures that our eyes interpret as motion. Due to the nature of the technology terminal solutions usually can’t send this stream of pictures fast enough to make a cohesive video – to fool our eyes into thinking it is watching real motion. Now that probably seems all right, until you realise that you were planning on rolling out video based training to your staff. New techniques may (and are) change this in the future, but it is an example of where the normal utility of a PC is not necessarily available for a thin client.

Another interesting issue that emerges with thin clients is printing. One advantage of thin clients is that they often work very well over skinny network connections. However, while the staff member’s experience when working on a document is good, due to the vagaries of drivers, printing can be a completely different issue. That innocent ten page document can blow out into hundreds of megabytes of information which takes minutes and minutes to download and print.

So before you make a decision to go to thin clients you should have a really clear idea of what your staff are going to be doing with their computer access. If you can’t be sure on their requirements, but you still think thin clients is the way to go you need to be mindful of the risks that such an approach entails. You may find a need down the track that thin clients can’t meet, and you will end up with some thick clients. However, if you have a clear understanding of what you will be using thin clients for, the opportunity to save some money can be substantial.

Welcome

We know, we know - blogs are so 2006. Nevertheless, with the success of our newsletters, and the fact that we often found ourselves wanting to say more, but feeling pressed for space it has become obvious that we need a place to keep you up to date with what is happening at Green Light IT that is a little more immediate than the newsletter.

It will also give us an opportunity to treat some issues in a little more detail, as well as convenient stuff like being able to easily hyperlink other information etc.

The categories list at the side might give some hints at the sorts of things we will be using this space for, so welcome, and please don't hesitate to drop us a line if you would like to give us some feedback, or even see some particular issues considered and written up on the blog.

The Team at Green Light IT.

Don't Be The Catch of The Day - Avoiding Phishing Scams

(Note: This is an extended version of our article from the June 2009 Newsletter)

Phishing (pronounced “fishing”) emails and websites are created in order to trick you into divulging confidential information, like passwords, bank account information or credit card numbers.

The most common type of phishing scam is an email with a link to a website which looks like the genuine article, but is just pretending to be the real thing to trick you into entering your real username and password. This is how much of credit card and bank account information is stolen online.

The most recent phishing scam, which started targeting the Commonwealth Bank and then moved onto other banks was a step up from what we have seen in the past, with vastly improved English, and a number of clever psychological tricks to make a person feel compelled to act quickly. Some of the most effective messages even claimed to be a “Security Alert” or claimed that your account had been compromised. Other emails included topics such as “There has been an error in an online transaction. Please log into your account via this link to verify the transaction.”

The whole purpose of a phishing attack is to get you to click the link.

From here, one, or possibly both of the following will occur:

1. This link will take you to a webpage that looks quite similar or even identical to the login page for whatever banking site you use and there will be a field for your username and password. After you have typed in your information, the information gets sent off and recorded so that they may use it to log into the real account and steal your money.
2. The fake website will install malicious software on your computer.

Because of this, as a general rule, banks and financial institutions will never send you emails with direct links to a login page (and if they ever do perhaps you should move your money to another bank).

You need to always be vigilant about links in emails simply because it is so easy to make fake emails that look like the genuine article. If you receive an email from a site you signed up to, or you went to a site and asked to have your password reset then those links are probably okay. If an unexpected email arrives asking you to log in to a system then you should treat it with a great deal of suspicion.

So if you ever receive an email claiming to be from the bank asking you to “Click this link,” or “Click here to enter your financial details,” or “Login here to verify your account” then treat them with a great deal of suspicion. If you are still not sure, call the organisation that claims to have sent the email. Alternatively, if you know how to login to the page then use your browser and navigate yourself there. Don’t click the link in the email

National Broadband Initiative

(Note: This is a reprint from our May 2009 Newsletter)

So, private industry cannot deliver the broadband network, and thus the Government has decided to go it alone and build a fibre to the home/business network by 2018. Putting aside the question of whether or not this is a good idea, what is fibre to the home/business likely to mean?

Fibre to the home/business, with its substantial increase in bandwidth, is probably going to give us “convergence”, which is a term to describe the process where once distinct streams of media and communications collapse into one single delivery mechanism. Huh? Things you once saw as separate, like the television and the telephone are going to start converging into the same delivery mechanism – the Internet.

If it were to happen as the futurists would see it, by say 2020 a lot of people aren't going to have a fixed line phone service anymore (that trend is actually already starting with “unbundled local loop” services available for those that want an ADSL service, but not a traditional copper phone line). We will still probably have something in our house that looks and acts like a phone, but it will work purely with the Internet. Likewise for television, we may see “cable” channels distributed over the Internet using a subscription model (no doubt with the obligatory amount of piracy going on as well).

In terms of business, high quality point to point video conferencing will become a reality that everyone can take advantage of, and this ability to video conference combined with redirecting office calls using your Voice Over IP (VOIP) phone, and get high speed access to the office network from just about anywhere is likely to hasten the adoption of telecommuting. Many more businesses, particularly in knowledge industries, will probably move to the model of having a larger proportion of their work force offsite, as a way of providing a better work/home balance, reducing the carbon impact of businesses (by removing employee commutes, and power hungry building environmentals) and reducing the substantial costs of commercial premises. Finally, customers having access to such large amounts of bandwidth will also make new types of services, for example video consults, a viable reality.

Many of these ideas aren't new – VOIP has been with us for some time, Skype has brought video conferencing to the masses, and larger enterprises (like the big 5 accounting firms and others) have been doing hot desking (where employees don't have a permanent desk – they log into a desk for the day) for many years with mixed results. However, the commodity-like nature and accessibility of these new services will likely have some substantial impacts on the way we work.

Before some of these benefits can be realised there are a number of technical, and even a few human issues that need to be resolved.

In terms of the technical issues the shift can perhaps be summed up by considering two areas: reliability and security.

Many Small Medium Enterprises (SME) do not have infrastructure that is sufficiently well engineered to provide the sort of reliability required for these new services. Issues such as Quality-of-Service (essential for good VOIP and Video Conferencing) capable networking equipment, communications systems that can survive mundane issues like power outages without dropping service (how do you dial triple 0 if all your phones fail when the power goes out), well provisioned equipment capable of dealing with increased load, adequate disaster recovery processes to get the business back in action in the event of a failure, and access to the necessary skills in a timely manner.

In terms of security SMEs are even less well prepared. While most understand the need for anti-virus software, and a few understand the importance of devices such as firewalls, in a more connected world most have little or no experience in the important discipline of risk management (at least as it pertains to IT Security). This will leave the overly cautious unable to capitalise on opportunities, while the overly optimistic lay their organisations open to damage, and their customers' information, open to disclosure.

Another interesting challenge is coming to terms with how to ensure that staff have the necessary amount of human contact to keep them happy and working efficiently. While some of the new technologies replace face to face contact (like video conferencing) all technologies tend to contextualise communications, with most interactions becoming more formal – that is you have a conference to discuss a proposal, find a way past an issue, but those informal water cooler chats might disappear. Depending on an organisation's culture, the boss may not think this is a bad thing..., but in all seriousness, it is often these informal discussions that provide the greatest insights, innovations and changes for organisations.

There is one final issue to touch on – the cost of downloads. As you may know, most ISPs provide a “free” allowance of data, and when that volume is exceeded they either throttle the connection, or charge an additional fee for extra data used. The genesis of this is in the old model of how Australia paid for the under sea cable that connected Australia to the Internet via the United States. The owner of this infrastructure levied a tariff on data coming to Australia crossing this infrastructure, which ISPs passed onto customers.

While some ISPs have “unmetered sites”, where your bandwidth does not count against your allowance (such as Internode with the ABC website), many have fairly course-grained models where they just charge for anything that doesn't originate on their own network.

For the National Broadband Initiative to provide the best economic benefit all ISPs will need to change these billing arrangements so that domestic traffic is free, or at least substantially cheaper than overseas data – otherwise things like high quality video conferencing will come with monthly Internet bills that will probably rival 1980s style STD phone call charges pretty quickly.

It is often said, when talking about how technology will impact society that “we always over estimate the impact in the short term, and under estimate the impact in the long term”. Nevertheless, we hope you find these thoughts useful in considering how the National Broadband Initiative might affect your organisation.

Are You Holding Any Toxic IT Assets

(Note: This is a reprint from our April 2009 Newsletter)

We have been hearing a lot recently about “Toxic Assets” with respect to the financial crisis. Without getting into too much detail these “Toxic Assets” might be described, by the layman, as financial instruments which were so complicated that it was almost impossible for the holder of the “asset” to actually define what the asset was, and how much it was realistically worth.

It might seem like drawing a long bow, but to us it is quite similar in many ways to issues that organizations have when looking at their IT assets. There are the assets everyone has a familiarity and a basic understanding of – like the PC on their desktop. They know when it is new it goes faster, and as it gets old it slows down. When it breaks, the things they cannot do become apparent and the user generally knows whether they can work around it with another system etc. Because the PC is in everyone's face almost every day there is a pretty good understanding of the importance of these assets.

But then there are the systems that are hidden from view. Everyone knows that servers are important. What is often overlooked is which servers are actually doing important work. For example, a scenario we sometimes encounter (particularly with new customers) is that having exceeded the capacity of one server, they have gone out and bought another server. Rather than replacing the first server, they have simply made the second an adjunct to it. So rather than relying on one server, the organization is relying on two, one of which is probably already overdue for retirement.

There are many reasons this happens. Sometimes it is hard to get some software off the original server, or no one understands how it works anymore. There is also the reality that migrations from old to new equipment are generally more expensive than the initial first installation.

Sometimes this strategy works – the services provided by the old server are subsumed before it fails through natural attrition or new versions of other products provide the same feature. But often times, that old server just sits in the corner with no one actually knowing the important job that it continues to do until one day, without warning (excepting the bit where it is 5 years old), it suddenly gives up.

Understanding the impact when one of these technical assets goes “toxic” takes a combination of not only technical knowledge (what does the assets do, is there an easy contemporary replacement, how much of its configuration was unique), but also business knowledge (what happens when that service is no longer available).

Avoiding this situation takes a little effort, but is not something that is unmanageable. There are a few easy steps:

1. Understand how old your systems are.
2. Have a rough understanding of what all your systems do.
3. When migrating make sure pressure is applied for a clean and complete migration that doesn't leave ageing systems in place.
4. If a function performed by an old server is absolutely necessary and cannot be migrated to a newer server or device then replace the ageing system with new hardware.

This last step, while not desirable, is sometimes the only option. We have tools and techniques that let us achieve this in almost every circumstance so if you think you have a “toxic asset” that needs treatment then let us know.

Should I Turn Off My Computer To Save The Planet?

(Note: This is a reprint from our March 2008 Newsletter - Home Customers - This advice was mainly aimed at Corporate Customers but you may still find it interesting)

In the past we have always advised customers that it is best to leave PCs on, for a number of reasons:

• Hardware (particularly hard drives and power supplies) are less likely to fail,
• It allows computers to download their updates overnight without slowing down the Internet link during the day,
• Virus scanners and security software will be kept up to date over night, so it is up to date and ready to protect the organisation when staff start work,
• Having the PCs powered on means staff don't have to wait for the machine to boot before they login – this probably saves you about 3 minutes per station per day.

With many more customers being conscious of green house gas emissions and energy usage, it is time to re-examine this advice.

Let us start by considering the energy usage of the PC. A normal PC consumes around 140 watts when it is fully loaded, 60 watts when it is idle, and 35 watts when it is in full power saving mode. More powerful computers consume more power, but that's about right for an office PC.

Monitors are also part of the story. We are going to assume a 17” flat screen monitor, which will draw about 60 watts, although it needs to be noted that power consumption for flat screens tends to go up quickly as the size does. When they are in power save mode the power consumption of most monitors barely registers – probably less than a watt. Close enough to call it zero.

So during a 9 hour work day, assuming 50% idle and 50% full load a PC will consume 900 watt hours, with a 17” monitor contributing another 540 watt hours, for a total of 1.44 kilowatt hours. If we accept (and there are a few figures around) 600 grams of CO2 per kilowatt hour then 864 grams of CO2 is produced each work day. If the PC is left on the rest of the day (so another 15 hours) then another 525 watt hours, or 0.53 kilowatt hours, is used, producing another 318 grams of CO2 Looking at it over a week, allowing two days for the weekend we produce 4.3 kgs of CO2 if we turn off at the end of each day, versus 6.9 kgs of CO2 if left on all the time.

So, there is certainly more pollution being caused by leaving the machines on. However, all the reasons we like the machines to stay on are all still valid as well. For example, if you have 10 staff waiting for computers to power up and boot each morning you probably spend $30 or more while staff wait.

What to do?

As we see it there are three options:

1. Do Nothing: Continue the current practice - not exactly environmentally friendly.
2. Turn the Computers Off Every Night: You have an increased risk of hardware failure and you will spend more money on labour as staff wait for PCs to boot. However you will get a small (very very modest)saving on your power bill and a slight reduction in green house emissions. A lighter version of this is just turning the PCs off over the weekend.
3. Purchase Green Power To Run Your PCs: If you believe CO2 emissions are an issue, then we think this last option, buying green power, is the best choice.

While it might seem a little counterintuitive we think this approach has a lot of benefits:

• It is inexpensive (about 10c a day per day per computer). This is less than the cost of having your staff wait for computers to start every day
• Means you can leave your PCs on with all the benefits that come from that.
• Is more effective at combating green house emissions than simply turning off computers – it eliminates rather than just reducing the contribution of your computers
• Encourages investment in green energy, leading to cheaper green energy in the future

Do you want to know more about buying green power? You can visit ACTEWAGL's green choice site as a starter.

Browsing the Internet Safely

(Note: This is a reprint from our March 2009 Newsletter)

One of the questions we are most frequently asked is how to browse the internet safely and not come in to contact with any nasty or malicious programs. Most people these days have heard of a Computer Virus, some have heard of Spyware and Malware and everyone knows that having an up to date Anti Virus program on their machine is vital in this day and age. The problem is that having an Anti Virus program does not completely stop you from accessing malicious software. It does lessen the risk, either through straight up blocking the program, or warning you of the possibility of a program being malicious and then requesting permission to continue. The problem you may ask yourself is, how do you stay safe? Those of us who are aware of these problems know a few ways of minimizing these risks and we hopefully can pass some of this knowledge on to you.

Assuming you have a virus scanner, probably the most important rule online is “know what websites you are looking at and what you are downloading”. If you are on a website that looks a bit dodgy (good indications can be several advertisements trying to sell emoticons, Viagra or the like), you need to make sure you know exactly what it is that you are looking for on the particular website. I will use an analogy to try and explain this one a bit better. Say you are walking down Kings Cross, shopping for a particular item. On the way you walk past an alley. Now it's possible the item you want is at the end of the alley, but there are some obviously undesirable looking people lurking down there as well. Now we instinctually know to NOT go down that alley as something unpleasant may be waiting down there. The Internet is very similar. It is massive city full of Giant Shopping malls and Theme Parks, but there are also dodgy alleys. The only difference is that in the real world we can all recognize these dangerous places. Not all of us are able to recognize the dodgy alleys that you will come across online.

Another good step is not using Internet Explorer, which is the default Internet Browser that comes with every Windows operating system Internet Explorer is the most commonly used Browser on the planet, which makes it a big target for people who write malicious software. A large portion of malicious software written is designed to attack loopholes and faults in Internet Explorer. Generally we recommend using Mozilla Firefox as a browser (download here), though there are other Browsers out there that do just as good a job. Firefox is free to download and is much less widely used than Internet Explorer. This does not mean that it won't function as well as Explorer. On the contrary, it has many more useful tools that can be added and downloaded to it. Useful tools like Flashblocker, which will stop any Flash images, which can have viruses or malware embedded in them, from loading on a webpage. Flash images are embedded moving images on a webpage, usually used for advertising or displaying movie files, like YouTube. What FlashBlocker does is stop Flash images from loading automatically, but allows you to run them by clicking on the Flash image that you wish to view.

One of the most common ways of having malicious software installed on your machine is for a website to have a popup window with an error that says something like “We have detected a virus on your' computer! Click yes to find out more information or to remove the virus!”. Ironically enough, this is usually a virus trying to trick you into installing itself on your machine. If this warning was not generated by the Anti Virus program that you know is installed on your' PC, then you can safely assume that this is some sort of malicious software trying to install on your' PC. You need to remember that in most cases, you have to physically install or browse to a website that has a virus attached to it. It is very rare that a virus can install itself without your active participation. Several Anti Virus programs have pop up blockers built in to them to stop exactly these kinds of attacks. Most Internet Browsers have programs built in to stop these pop ups as well, Mozilla Firefox has a particularly efficient one.

So, be mindful of where you are browsing (have you turned into a dark alley), think about using a different browser to Internet Explorer, and ignore any virus warnings on websites unless it is software you know you have installed.

Next issue we will talk about some of the free tools and techniques to help keep your machine safe from Internet nasties.

Disaster Recovery

(Note: This is a reprint from our July 2008 Newsletter)

In our last edition, we covered the topic of catastrophic failure. It can happen, does happen, and probably will happen – to you. The longer you rely on IT infrastructure the more exposed you become to a failure occurring. It may be minor, but in many cases, a failure of an essentially cheap piece of equipment can stop a business in its tracks entirely, often for days.

So assuming it will happen eventually, and there's no way to stop it, how do you recover from such an event? We'll use an analogy which most people will be familiar with to illustrate first. Car accidents. If you haven't been in one, you've seen one, or know someone who has, and generally understand the process. We often see clients say the equivalent of “I've just been in a car crash, should I put my seatbelt on now?”

Obviously the time to put the seatbelt on was before you started driving, and the same goes for disaster recovery. Preparedness is everything.

The two fields information technology primarily services in small business are information processing, and communications infrastructure. Information processing is your word processing, spreadsheets or databases. Communications infrastructure is your e-mail, VOIP telephony, office networks and so on. We'll tackle information processing failure first. Regardless of the exact nature of the failure, we have one thing working on our side. Essentially, and I'm drawing a fairly long bow here, all computers are exactly the same. At an abstract level at least, they're all the same. That's how I know that if I install Word on 50 desktops in an office, they will all operate in the exact same manner. I can save my word document, send it via e-mail across the world and back, and a computer in America, or Taiwan or Antarctica will be able to read that document in exactly the same manner. So the actual computer becomes almost disposable, and should be viewed as such. The key component here is the information itself (the Word document), and the application processing it (Microsoft Word, or Open Office if you're that way inclined). As long as the information is safe, we can get you up and running again relatively quickly. This means backups. And like wearing a seatbelt every time you drive, backups require consistent, disciplined application if they are to be of any real value. There are a range of backup solutions available to choose from depending on how risk averse you are and how much data you need to back up, but they all have one thing in common. You need to plan them, put them in practice, and importantly, review their effectiveness. This means doing what we call a “trial restore” where a file or selection of files are restored from the backup to ensure they were recorded properly.

This is essential, because like any other device, there is always the chance that whether your backup device is tape or CD or DVD or an external hard drive or network copy, it could itself be malfunctioning. Obviously, the worst time to discover this is when something else has failed. If you effectively back up your data and retain a copy of that backup which can be loaded onto another computer, the failure of a single computer becomes an annoyance more than a disaster.

Now that you have a regular backup scheme in place, and periodically confirm that it's working, how do you actually recover from a failure? Do you need to repair the fault first? Not necessarily. If you have more than one computer in your organisation, chances are you can limp along by restoring the data and applications to another PC and using it. You may end up with staff sharing that computer which is frustrating, but it will get you up and running again quickly. If you need to replace a failed component, in most cases you can do so in around 12-24hrs. The caveat here is that only applies if the component which failed is still in production. The internal organs of PCs which users are most often blissfully unfamiliar with aren't exactly Lego bricks.

While you can swap them around from time to time the way they plug together changes and manufacturers stop making the older versions. If you have server which is five or six years old, which is not uncommon, not only is it nearing the end of its useful life and likely to fail, the chances that you'll be able to find replacement components to match are rapidly diminishing. This rules out the option of ducking down to the local computer hardware store, grabbing a new hard drive or whatever failed, and getting up and running quickly. You may find that a whole new server will be required. Read that again, whole new server. As we've mentioned numerous times in the past, this is an unfortunate but unavoidable aspect of IT. You need to be prepared to replace hardware periodically. It is obviously by far preferable to go about this in a planned and orderly manner, rather than a rushed panic due to a failed component bringing your business to a halt.

Communications infrastructure failures can be more frustrating, especially when multiple service providers are involved. For example, the failure of an Internet connection may be rats gnawing through cables in your roof cavity, fallen tree branches taking down your phone line and associated ADSL connection, a failure at your ISP, a failure at the phone exchange or any combination of the above. Once again, the concept of a backup comes to the fore, but in a slightly different manner. We're now talking about “redundant architecture”. Redundnant, because you don't really need it, until your main infrastructure fails. We'll use an internet connection as an example. Typically a small business will have a server connected to an ADSL service by a router. The kind of hardware you can buy at the local department store. If the router fails, and you don't have one in the cupboard, you'll be off air for as long as it takes to drive to the shops and buy a new one, then reconfigure it. What if the phone line fails? You can have a second line with a backup ADSL service waiting at the ready, but chances are better than good that a stray tree branch won't discriminate between lines. Also, if both lines are with the same service provider and the ISP fails, you've now got effectively double the useless bandwidth. Not an improvement. Similar arguments exist for many redundant schemes. Your most effective option, and one we've employed freqeuntly is a service with as little in common with your regular service as possible. As an example, when a client's wired broadband service fails (ADSL/TransACT or similar), we can deploy a wireless service using a different provider altogether. This helps overcome failures on a local level. In the past we've been able to allow a client to keep operating for several days while their ISP attempted to diagnose and repair a fault. We did this by loaning them a wireless router which connected to the Internet via the same kind of network mobile phones use, but optimised for data transmission instead of voice calls. It meant their e-mail was disrupted for a matter of hours, instead of the week or so it took to get their normal service restored.

There are however bona fide show stoppers. The classic example is “What if the building burns down?” While this rarely happens, it is often presented as the worst possible senario. We get asked how quickly we can get everyone back working. The tuth of the matter is, that even with the most regimented backups, your IT needs will be far from the fore in terms of urgency. If your building has literally burnt down, you'll need a new fleet of computers. And desks. And chairs. And phones. And a building. It's also true that once you have these things, if you have followed your backup procedures properly, it will be a relatively routine procedure to get the new equipment loaded with your old data and productive again. By comparison, finding new premises, furniture, hardware etc. will be a much bigger challenge.

So to summarise, disaster recovery has more to do with prevention and preparedness than reaction. In the case of information processing, having a backup of your applications and their data is absolutely vital. We cannot stress how important this is. In the case of communications infrastructure, having a distinct fallback service is vital. If you are to rely on these backups, they must be tested periodically to ensure they actually work as expected.

Saving Money With IT

(Note: This is a reprint from our June 2008 Newsletter)

When it comes to saving money with IT there are two major schools of thought. The first says “Save money by spending less on IT”. The second says “Save Money by spending on IT to make something else cheaper”. There is something to take from each point of view but in the long term, for most organisations, only one approach will work.

One of the main reasons businesses spend on IT because it saves us money on something more expensive. Normally this is labour.

Technology makes us more efficient – it has a cost, but at the end of the production cycle the cost of producing a unit of “output”, whether that be a cubic metre of concrete, a printed circuit board, or insurance policy, is less than it was before we “invested” in IT. Often it is necessary to make a lot of units of output before the technology investment is paid. We sometimes call this concept “Return on Investment” – a point where the cost of investing in technology is recouped through the savings on the units of output.

As we go about our work it often surprises us how people see the value proposition of IT. Even though everyone knows the old business axiom “time is money” we do see people making business decisions more from an employee perspective rather than a business operator. What do we mean?

An employee typically works to the understanding that they have a relatively fixed amount of income. Within this constraint the only income maximisation strategy they have is to minimise expenses. Because they don't pay for their time they may see sacrificing their own time to save money as a reasonable trade off (and it is within the constraints of their model).

A business operator is going to look at the problem differently. For starters they don't accept that their income is fixed. If they can produce more units of output, then theoretically they can generate more income. Secondly they are going to put a realistic cost against labour. They are only going to be interested in sacrificing time to save money if the time being sacrificed costs less than the money being saved.

Now – we know that most business operators understand that in theory. How do we apply it to practice?

Here are five suggestions:

Invest to Save Time

In terms of technology a lot of the general tools your business might need to help it save time are already there. Spreadsheets and word processors are old hat, emails been with us for some time, Instant Messaging and Video Conferencing are becoming commonplace. What we are seeing emerge much more strongly now is business specific applications, and improvements to business specific applications.

Consider how your business works and look at how automation might improve it. As we said – much of the general purpose stuff is now done, but there is no doubt that there is now a lot of activity in the SME space with business examining and improving their own business specific practices through investing in IT.

Be Careful of Investing In Gimmicks

t is very easy to confuse investing for efficiency with investing in gimmicks. For example, when you move 1,000,000 pieces of cargo each day having a PDA with each driver so that items can be checked out as they are delivered is an obvious labour saving and accuracy improving device. When you have three waiters using PDAs to take coffee orders it's a really marginal proposition – yes you save the walk back to the kitchen, but unlike scanning a barcode (for the courier driver) taping in a coffee order takes a few clicks, and exceptions are a nightmare.

There's nothing wrong with gimmicks, but recognise them for what they are – marketing tools not business efficiency improvements.

Understand How You Will Realise Your Return On Investment

Whether it is by saving someone half an hour of wasted time every day with a new computer system, or allowing your business to serve twice as many customers with the same amount of staff have a sense of how you are going to realise a return on investment when you spend on technology.

Having this sense of when you break even will also help you sort the chaff from the wheat with respect to gimmicks. If you can't construct a model where the investment pays for itself in 3 years or less chances are you aren't looking at a good efficiency improvement.

Get Some Advice

Speak to some technical people you can trust before you make a purchasing decision about a complex business specific IT system.

How will the proposed system integrate with your other software? What will be the ongoing cost of owning and maintaining the system? How does the vendor's maintenance cycle fit in with your other software vendors? What is the reputation of the software outside what their sales people have told you? All of these are questions which you should seek some trusted technical input on before making a decision.

Stay On Target

Make a decision and stick with it long enough to give it a chance to work. New systems take time to bed in, for people to adjust their habits and for the system to boost productivity. Often you wont see a benefit in the first six months. However you should see a benefit within 18 months.

Don't chop and change too soon – stick to your guns and give your decision a chance to shine through.

Does IT Matter?

(Note: This is a reprint from our June 2004 newsletter - the information here is just as relevant as when it was written)

In May 2003, Nicholas Carr published an article in Harvard Business Review titled “IT Doesn’t Matter”, and more recently a book, “Does IT Matter? Information Technology and the Corrosion of Competitive Advantage”.

The main thrust of the article is described on the author’s site:

I examine the evolution of information technology in business and show that it follows a pattern strikingly similar to that of earlier technologies like railroads and electric power. For a brief period, as they are being built into the infrastructure of commerce, these "infrastructural technologies," as I call them, open opportunities for forward-looking companies to gain strong competitive advantages. But as their availability increases and their cost decreases - as they become ubiquitous - they become commodity inputs. From a strategic standpoint, they become invisible; they no longer matter.

However, I would paraphrase the article as: Don’t spend money on IT advantages that will be quickly and cheaply copied by your competitors before you can recover the development costs.

The problem is while it raises some valid issues regarding over capitalization in and cost recovery in IT, other assertions in the paper made people in the industry object to the entire article (and of course, the title doesn’t help).

For example, there is discussion of the practice of renewing all desktop computers in an organisation every 2-3 years when people are using them for the same business functions, with the implication that word processing only uses 5% of a new computer’s processing power. There is some merit in this argument, but it completely ignores the fact that machines degrade over time and that as PC’s have continued to drop in price, maintenance can become more expensive than replacement. It doesn’t mean that replacement is always warranted or desirable, but the decision should not be over simplified.

Paradoxically, considering the article’s title, the author accepts the necessity of IT in the business world; he simply asserts that you cannot maintain a competitive advantage today by implementing cutting edge technology. This is true, but it’s just another way of saying you can’t solve a problem by throwing money at it. In fact, on his web site, the author quotes Cisco Systems CIO, Brad Boston as admitting, "Wal-Mart, Amazon, eBay, and other great companies didn't succeed because their information technology was better than others. Their vision was." However, copying eBay’s technology is unlikely to significantly erode their market share because the brand is too strong. The vision alone could not have raised these companies to their position either, and the most important part of their technology is that they got it right. If Amazon weren’t delivering product in a timely fashion, it wouldn’t matter that it was cheaper than Dymocks.

The picture for small business is a little different. While they are not likely to create new technology, implementation of IT is not homogeneous. Often in fields like brokerage, the edge comes from using IT to make a large business from many small businesses. The paradox being that it’s a race to avoid being left behind once these kind of services have a significant client base.

Whether or not IT can be reduced to a commodity it certainly needs to be considered with the cost/benefit relationship in mind. Indeed, as technology like RAID has entered the consumer market, it becomes hard to justify the risk of the downtime and data loss caused by a single drive failure in a server. On the other hand, while the technology is cheap enough to consider use in workstations, it would be nonsense to implement if they were not due for replacement as the risk of data loss on a well configured workstation (where data is normally saved to the server) should be negligible.

IT does matter – just like having reliable motor vehicles and planes matters for a courier, and having reliable power matters for a factory. Whether or not IT can deliver great competitive advantage anymore is another matter. One thing is for sure; uncontrolled investment in IT can still hurt businesses.

Anti-Virus Defences

(Note: This is a reprint from our August 2003 Newsletter)

Recently Green Light IT had too help a customer clean up after a virus infection, and I was reminded how expensive an exercise this can be for an organization, in terms of money for services from people like Green Light IT and in terms of lost productivity.

Just after this work came the blaster virus, which some customers were properly protected against due to good management, and others have, so far, survived due to good luck. So far no customers have been infected thankfully.

The nature of viruses continue to evolve to the point that good anti-virus protection relies on more than just having current anti-virus products and using them.

Instead we are seeing viruses that need effective “network security” to prevent them.

Of course, although this breed of viruses may seem new, it really isn’t. As I look back through previous stuff we have written I note that in October 2001 we wrote an article about the Nimda virus that made it clear that we can expect virus writers to start using recently announced security exploits as new ways to propagate viruses.

The article is still on the website at: http://www.colmancomm.com/ (this link is no longer valid sorry). It’s the fourth item in the list of “Stuff”. In fact I felt so much of what was written there was still relevant, that I was tempted just to reprint it as this newsletter’s editorial. It might be worth your time to read it, and make sure that your business is at least doing the basics mentioned there. However, I thought I might expand on the nature of these newer viruses, and what you should be doing to protect yourself.

Most businesses these days connect to the Internet in one way or another. What is also clear these days is that most viruses come from the Internet, whether via email, downloading infected files from the web, or even an infected machine trying to directly connect to your network and infect it.

Given that this is the entry point for most viruses it does deserve special attention. So of the three infection vectors I mentioned above (email, web and direct connection) what are three ways to mitigate the risk.

Email:

By and large email has carried the lion’s share of destructive viruses over the last few years. In addition to running desktop anti-virus products, your email should be scanned by another set of anti-virus products, either by you, or a third party. We offer an economical service that does this, but your ISP may also offer it as a standard part of their service. For those of you that host your own email server (i.e. not done by the ISP) you should see to this immediately.

Web:

Web is difficult to protect against because there is no real opportunity for any system to inspect a file until it is fully downloaded on the users computer (although there are some products that try to do it I don’t think any of them are satisfactory for use) (note - fast forward to 2009 - there are options now).

The two strategies that work against this are 1) getting Anti-Virus products on every vulnerable system inside your environment and keeping them up to date (including servers) and 2) educating users about the danger of downloading programs and other executable content from the Internet.

In our experience 1 is far more likely to have success than 2, but if you can do both that is better.

As another step it might be possible, depending on your network configuration, to prevent most users from downloading dangerous files. If these files do need to be downloaded, you can have it done by one person only in the office, who is hopefully a little more judicious than others.

Network:

Network borne viruses, which try to directly connect across the network and infect other machines, are the type that have been increasing in prevalence over the past couple of years. They also seem to be the ones that cause the most trouble these days, including such notorious candidates as Code Red and now Blaster.

It is well and truly past time that you should be operating a firewall on your connection to the Internet. For customers still connecting to the Internet through winproxy setups and the like, and those customers connecting through straight windows dial up, it is time to take some action.

Personal computers, which do not always have the protection of a network firewall, such as home PCs, roving laptops etc, can be protected by installing a good personal firewall product, such as ZoneAlarm from ZoneLabs (note for 2009 - most AV products include firewalls now).

Systems that provide connectivity for a whole network should probably be replaced by a dedicated firewall. Exactly what product best suits depends on your requirements. As all of our customers know, we market the SENSEI Firewall, but there are many other options too depending on the features you are after. Blaster is the wake up call. It is time to reconsider the anti-virus defenses for your business and make sure they are in good nick.

As always, you can contact us for advice and assistance.

Open Source Software

(Note: This is a reprint from our June 2003 Newsletter)

By now you have probably heard about Open Source Software, and wondered what it was all about.

We thought we might do a bit of a Q&A session on open source software this newsletter that might explain some things about open source software to you.

Question: So what’s the deal with open source software?

Answer: Well, it’s free, basically.

Question: Your kidding right?

Answer: No, it’s free.

Question: So what’s wrong with it?

Answer: Well, nothing really.

Question: So how come it’s free?

Answer: Because the people that make it are not seeking to make profit from moving units of software.

Question: How can they afford to do that?

Answer: A couple of reasons; 1) unlike creating physical commodities, the incremental cost to create a copy of a piece of software is effectively zero. 2) The development is usually funded either by donation, or by businesses that have a business model that doesn’t involve selling software.

Question: But you get what you pay for right? So I imagine this stuff isn’t much good?

Answer: Actually it’s quite good; in many cases it is equal to or better than the commercial equivalent. As for getting what you pay for, remember that the incremental cost to make a second copy is zero.

Question: So what sorts of free software is there?

Answer: All sorts; operating system software, such as Linux and FreeBSD, free server software including mail servers (Sendmail, Postfix) , file sharing (Samba), databases (MySQL, Postgres) and web servers (Apache). Also, software for the desktop including office suites (Open Office), photo and picture tools (The GIMP), Email clients, encryption and VPN tools and more.

Question: But you couldn’t run a whole business on it could you?

Answer: Maybe, maybe not, it depends on what specialist software you may need, and what platforms it will run on.

Question: So who is responsible for supporting it?

Answer: No one, it does come as is with no warranty. However most open source products are supported strongly by their developers as well as the community of people using the products. You can almost always find help, and usually someone has had exactly the same problem as you before.

Question: So there is no one to sue if something goes wrong?

Answer: True, but do you seriously think you could sue Microsoft if something went wrong with their software.

Question: So it’s free, how else does it help?

Answer: In many cases it is more stable, but heh, isn’t free enough? MS Office Pro is running over $1000 per licence, and you can get open office for nothing.

Question: So if I got this open office thing I could do all the stuff that MS Office does?

Answer: Pretty much. There are sometimes issues opening MS Office files with open office, but you can always ask your correspondent to send it to you in another “standard” format (MS Office is not a standard format, although it is a defacto standard). As for sending stuff to clients, you should be using a PDF format anyway, to prevent clients from trivially changing the content.

Question: So what are the other problems?

Answer: Well, you also want to make sure that you pick the winners in terms of choosing open source software that has been around for a while and should continue to be well supported. This is usually easy enough though, particularly if you consult someone in the know. There can also be issues with compatibility, a bit like Open Office. Once again, consult with those in the know.

Question: Okay, so you save money, it is as reliable or better, with no unmanageable problems. Why isn’t everyone doing this?

Answer: Open Source Software doesn’t have money to run expensive marketing campaigns. Many people are simply not aware that it exists. Add to that a strong misinformation campaign by software vendors (people that make money selling software) and you have a combination of ignorance, and unjustified skepticism.

Hope you enjoyed the Q&A session. If you have more questions than answers at this stage feel free to drop a line to the office.