Reliable Systems

When a new hire starts with your company, what are you doing to set them up with technology to work with your organization?  You probably focus on making sure you set up their account, clean up a computer for them, and possibly set up a corporate cell phone or Blackberry.  You might also do some quick training with them so they can log in to their computer, get email, and access the Internet.  This is all pretty obvious and fits within normal tickets your IT organization handles every day.

Now step back for a minute and look at it from the employee’s perspective.  When someone needs access to IT resources within your company, there are really three interests you have:

1. Access: People need equipment, software, accounts, and access to IT support.  This is the basic block & tackling that you are handling now.
2. Effective: The tools you provide need to deliver on the business needs the user has.  Whatever’s in the way of that - defective equipment, user training, or suitability to task needs to be addressed.  The best computer with the right software in the hands of a user that doesn’t know how to use them is worthless.
3. Security: Access to your network means access to all of the data and work products within it.  You need people to understand how you approach security, what they are and aren’t allowed to do, and how you’re going to work with them to maintain security.

Setting the Stage

Employees often develop a personal and possessive feeling about the equipment provided to them by a company.  They think of it has their computer, just like they have a computer at home.  This creates a range of problems for your organization by extension:  If it’s their computer then when there’s a problem they’ll want their computer fixed, not a different computer that’s suitable.   They’ll come to regard problems personally, not objectively.

Instead, you want users to look at the equipment they’re provided to do their jobs as just that - tools that enable them to be more effective.  Stepping back into the big picture, a computer isn’t any different than a wrench or a filing cabinet.  It isn’t their computer or phone, it’s the company’s - designed to make them effective at producing whatever the company needs.   When your user community gets this, they’ll self censor their support requirements:  Watching a DVD movie on the company laptop won’t feel support-worthy.

The best time to establish this is to set the right expectations up front:  Have this conversation before the user gets their network account.  The goal is to make sure they understand that:

• You’re committed to their success.  You’re passionate about making sure they’re effective.  You have a support system designed to make sure that their issues get resolved quickly, and you have provisions for support off hours and when they’re on the road.  If they aren’t sure if you can or should help with an item, you want them to engage you anyway - You’ll let them know.
• The technology is there to make them effective at their job. Your job (IT) is to make sure that they are as effective as possible at that.
• They are responsible for their effectiveness. If they need something - training, repair, whatever - it’s their responsibility to get it, and they can get it.
• They are responsible for their user account. Anything anyone does with that account is their responsibility.   That means if someone figures out their password, or they leave their computer unlocked, or otherwise treat their user account with less than the respect it deserves then they are going to be held responsible by the company for that.

Support Your Local Sheriff!

It’s painful to hear on Monday that a user was trying to get something important done and couldn’t due to a simple issue you could have resolved.  Perhaps they knew they could have contacted you for support - but didn’t for whatever reason.  What users will remember is that they had a problem, and it kept them from getting things done.  All of the work you do to support users - special on call staff, phone numbers, email contact, whatever - didn’t work because they never got called upon.

To address this, you want to address as many of the human factors that keep people from calling on support as you can.

1. Make sure you’re always available: The cost of setting up a toll-free number for users to contact support is trivial.  If you don’t already have an on-call rotation, set one up and make sure there’s someone to answer that toll-free number at all times.  The same person can answer an email address designed for support.
2. Make sure they know all the ways: In the past, we’ve published business cards with the 800# for support and email address, and we put these cards everywhere:  In laptop bags, in a card holder at the front desk, anywhere that we could think of so that there’d be one around when a user needed to know how to contact support.
3. Talk to users about it: Be cheery.  Make sure they know that you personally are driven to make sure they’re successful, and you look at it as an honor to help them out after hours.  They need to really get that you want that phone call, because you need to conquer the very human desire not to bother or inconvenience other people.

We really recommend making up a business card that has all of the key information a user needs - the contact information for support, company fax number and main phone number, remote dial in for voice mail, common URLs for external access to email and other services, pretty much anything they need to know on the road.  I’m sure you have it all committed to memory, but if you’re an employee that doesn’t travel every day you probably don’t.  Little steps like this can dramatically affect the general user population’s opinion about IT.

Security Begins at Home

You want to make sure that each user gets how seriously your organization takes security.   People often don’t treat their user account with the same respect they’d treat a physical key or card.  Most users wouldn’t give a stranger the keys to their office or building but would give their password out over the phone to someone who claimed they need it.

People worry a lot about security threats from the Internet, but most break-ins - overwhelmingly - happen from inside.  Most of these are done either through social engineering (where the intruder convinces someone to give them access) or by a disgruntled employee.

To address these common threats, you need to address the key social aspects of security.  In addition to normal sensible security practices,  we recommend establishing a few policies:

1. IT Personnel NEVER ask for passwords: Make it clear to your IT Support organization and every user that no one in IT will ever ask them for their user ID or password.  Therefore, if anyone calls you asking for that information you know one thing - they aren’t authorized to it.  If they give their password to IT, or IT hears that they gave it to someone else, their password will be reset.
2. No one will use their account but them: If IT needs to do something logged in as you, they’ll do it in your presence - after all, you are still accountable for what happens with your account.

The second one may cause some heartburn with your desktop support staff- they’re probably used to solving a range of user problems by accessing the computer as the user, and anything that’ll get in the way of that is a problem.  While it may cause some inconvenience - you aren’t going to be able to do work that requires logging in as the user if they aren’t around - the message this sends to your users about how serious you are about security is essential.  You need to be cleaner about the rules than they are.

What about Non-Employees?

What should you do with contractors or others that need access to your network, even temporarily?  If they are getting a user account, they should go through the same procedure.  You have the same goals:  You want them to be effective and not compromise your environment.

Finally, Ditch the Input Devices

Most computers come with mice and keyboards that are dirt cheap.  If this is what you’re using and you’re recycling a computer, please - get a new mouse and keyboard.  Most computer companies do the same thing when they process returns.  The fact is that keyboards get filthy quickly, and while I may not mind the crumbs from my pop tarts, it certainly isn’t going to create the right impression if I get one that’s full of someone else’s.  You should be able to score new ones for your HP, Dell, or whatever for not more than $40 and really - with what employees cost in salary and other expenses, don’t you want them to know you care?

Have a story about how you support your new users?  Share it in the comments below or drop us a line to tell us about it.

Right now, the power is out at my home. That doesn’t happen often - in fact, it’s been almost two years since we lost power long enough for my UPS to shut down my home network. Normally this would be a small inconvenience, but I still host a few things for my wife out of my house which are now down. The largest of these is a fairly popular forum for an author she likes, but there are other sites as well.

Why am I still hosting these at home? Really there’s no reason - I’ve shifted hosting for my personal services out to other providers, and our company services are also hosted by hosting companies. I just haven’t moved her stuff out of my house.

We talk with a lot of small and medium sized businesses that are still hosting all of their own services internally for pretty much the same reasons - they originally had them in house when they were much smaller and the market was different, and haven’t considered what it would mean to have those computers live somewhere else. It’s time for a change.

Why It’s time to Use the Cloud

You should look at all of your important business services - things that your business can’t operate without - and work out a plan to no longer host those items in your facility. As a first step, just consider what it means to provide the same applications and services, but have the computers not live within your company. The main goals for moving these services out are:

1. Business Agility: When you use a hosting company it’s easier to change capacity as your needs change, even to bring services up temporarily as a trial run and then shut them down if they don’t pan out. This makes it easy to experiment with new software technology without the traditional problems of hosting getting in the way.
2. Low Cost Reliability: If you want those services available, the cost to outfit a room to provide redundant cooling and power for a single rack of equipment is easily $50,000. To host one rack of equipment in a basic Tier-2 data center can cost around $1,500 to $3000 a month, which includes power and Internet. At that rate, how quickly will you get an ROI on your facility investment?
3. Improved Focus: Getting this equipment out of your shop improves your focus on the things you really need to be spending time on: Projects for the business and end-user support. The rest of it is overhead.
4. Access from Anywhere: When you set up your services so they can live in the cloud and be used from your office, it’s easy to make those same services available to employees from home and from laptops. Not as second class citizens but with all of the ranks and privileges of being in the office. This helps you leverage employee talent wherever it is. It’s also easier to set up rock-solid extranet access for customers and suppliers.

When you start looking at each thing you provide as a service, you might also find that some of them - like Microsoft Exchange - really aren’t worth hosting yourself at all even in a data center, and it’d be ultimately in your best interest to outsource it entirely to a hosted Exchange provider. There are number that can do this very effectively. While the cost may seem high based on what it cost you to purchase your initial Exchange licenses, when you look at the real cash costs for Exchange over two to three years they are very cost effective.

Once you’ve taken the step of taking an existing service and outsourced it entirely, you might even consider a Software as a Service offering for some of your core services (such as a hosted CRM). This is the most aggressive mode of outsourcing and does create a set of unique risks and opportunities.

But I can’t See It

Two common objections we hear from IT administrators about moving services out of their shop, even if it’s just relocating servers into a data center. is that it will make it hard for them to get upgrades when necessary because the business won’t be able to see & feel the new equipment. Out of sight, out of mind as the saying goes. The second main objection is that the IT administrators want to be able to do a laying of hands on the equipment to maintain it. There’s a comfort factor in knowing you can walk into a room and flip the power switch or move a drive or just bask in the warm glow of blinking lights.

Here’s the good news: Both of these reasons are not only suspect in their own right, but are preventing your shop from getting to the next level in IT’s relationship with the business.

First, even though vendors do a good job of making server hardware look serious and fun, in the end it’s just a business appliance: It either is good enough to deliver for the business or it isn’t. With rare exception, there is no extra business value for it to look good, new, or cool. If you find that you need to show the business physical servers to explain your costs, you’re missing out on the critical opportunity to establish a real partnership between business and IT. You need to be sure you’re spending when it’s time to spend and saving when it’s time to save, and have discussions in the language the business would use for any other service it would acquire.

Second, If your IT administration patterns and practices require routinely touching your physical infrastructure then you need to re-examine them. It generally means you either have equipment that is no longer up to the task or that you’re not doing enough automation of IT tasks. If you have trouble-prone hardware, it’s time to either fix the fundamental issue or ditch the hardware. Ironically, this type of problem is often easier in a hosted environment because it generally isn’t your problem: it’s the hosting company’s.

Automation is essential because humans are the most error-prone part of any standard process. Your routine IT administration time shouldn’t be going to consistent tasks - they should be automated, leaving your time for user support and other business value-add services. That’s right - even in your shop with your existing staff you can find more time to spend on projects instead of support events by automating recurring tasks.

Some Things Still Stay

There are some things that should be on site for performance reasons. Regardless of how big your Internet connection is, you’re going to want basic file and printer sharing services to be local. Depending on the size of your site, you’ll probably also want a directory server for whatever your directory system is (e.g. Microsoft Active Directory). Even here the central services help: If you have a reasonable Internet connection, you can have your local file server back itself up to the data center by using one of a few distributed backup systems (such as Microsoft’s Data Protection Manager or a third-party option like NSI Software’s Double-Take). This eliminates the time and attention that local disk backups require.

Perhaps not Now, but Soon - and For the Rest of Your Life

It may not be appropriate to move a number of your services outside yet; If you have only one business site, light access by employees externally, and aren’t expecting that to change then you can host most things yourself. A number of the considerations still apply - but you might just use an external facility for your public web presence and for backing up your essential data for business continuity.

Even if you don’t do much now, you should find some opportunity to put a service outside so you and your company can gain experience at working with external hosting providers and you’ll stay current on the capabilities and costs so that as new business requirements evolve you’re ready to take care of them. You’ll be in a better position to advise your company on when to move things out of the shop, and as you do you’ll discover that instead of focusing your time and talent inward at the routine operations of infrastructure you’ll have time for those projects that really make a difference to your business.

How Has the Cloud Delivered For You?

Have a story about what has and hasn’t worked with hosting? Drop me a line or post a comment to share it.

I used to work with a former Navy A-6 pilot and instructor.  One of his standard techniques for helping pilots deal with emergencies was to train them to take an immediate action when they noticed the problem - an action that had no consequence but would fill the need to do something.  What he trained them to do was reset the built-in timer clock as soon as they noticed the problem.  Ostensibly, this was to help them downstream know how long a problem had happened, but its true purpose was to give them a single, standard action to fill the human need to do something, then they could take time to reflect on the problem.  Step two on the checklist was fly the plane. There have been several CFIT accidents where pilots were too busy troubleshooting a problem to avoid the ground.  The pilots forgot their first responsibility: make sure you put flying the plane in front of any other activity.

When doing IT Operations, there’s a lot you can learn from aviation.  I’ve seen several situations where technicians have caused much larger problems while troubleshooting small ones.  This comes from the same mindset that caused air crashes:  you become so focused on the immediate problem that you are no longer aware of your environment. The longer you work at a problem, the more likely this will happen.

A few team techniques you can use to help avoid this:

• The Two Person Rule: Have two technicians involved in the problem with one taking the immediate actions and the other taking a longer view.
• Separate Diagnostics from Remediation: Break your approach into non-invasive diagnostic activities before remediation attempts. This gives you a discrete point before you start putting thing at risk to recheck your assumptions about dependencies and risks to other systems.
• Peer Review: Before approaching a problem, discuss your approach with two other people on your team (at the same time). If that approach isn’t successful or you need to deviate from it, reconvene the group to discuss again.

In many ways this is an extension of Don’t Taunt the Bear.  When working on a problem during business hours (or, if you like, non-maintenance hours) before taking anything off line, even for a moment, ask yourself:  Do I need to take this action right now?  How sure am I that it won’t have any unexpected consequences?  Is the risk I’m wrong worth the benefit of doing this right now?
All of this may sound like it’s going to add time to problem resolution, and it might - however remember that your first responsibility is to keep services flowing to your users. Most users will be unsympathetic if they lose access to their home directories because you were troubleshooting a problem with the printer in accounting and took down the same services that shared files.