Daily Network Management Links for 2006-06-16

[Post from Roger Castillo, AlterPoint CTO] Network Management Evolution: The Beauty of Self-Organizing Systems, Part 3: Qualities of Good Policy Driven Management

“Figuring out the Who, What, When, Where and How requires a good set of rules that everyone can understand and respect. From my experience, I’d suggest a few guidelines, that if followed, can streamline maintenance, freeing your systems to beautify themselves through learning and self-organization.”

ComputerWorld: 10 ways to protect yourself with ‘pragmatic network security’

“Security Policy: This defines exactly who sees what information on theblack_tower_computer2.jpg enterprise network. The beauty of modern, network-based IT architectures is that all information is potentially available on the network. The problem is that all information, including information regulated by Sarbanes-Oxley and other regulations, is potentially available to anyone who can get on the network.”

ComputerWorld: Best Practices for Configuring Group Policy Objects

“Although group policies are an extremely powerful security mechanism, it can be a bit tricky to deploy them in an effective manner. That’s because the effective group policy is made up of multiple and sometimes contradictory group policy elements that are applied to the user object and/or to the computer that the user is working from.” While more focused on Active Directory, this article has good points you can apply to any policy/rule paradigm. Troubleshooting Cisco Secure ACS on Windows

“For many security administrators, the robust and powerful AAA engine, along with CS ACS’s ability to flexibly integrate with a number of external user databases, makes the CS ACS software the first and sometimes only choice for an AAA server-side solution.”

TechRepublic: Why Infrastructure Change Automation Is a Cornerstone to Effective IT Service Management (ITSM)

White paper (reg. required): “There are many areas of concern for senior IT executives these days - choosing which technologies will have the greatest reach into those areas is critical and can give a company competitive advantage through both efficiencies and protection of resources. Network Change and Configuration Management (NCCM) is one such technology - it has the ability to positively impact security, performance, compliance, and availability management as well as workflow, IT governance, service provisioning, and planning.”

Creating a CMBD in Your Own Image

Last week, we discussed the age-old problem of trying to manage that which you cannot measure. It seems that companies in all industries are struggling to develop effective, efficient systems for utilizing the network simply because they are unaware of all of the devices they have in place and the relationships that those devices have with each other. This has led to breakdowns in communication, overspending, security risks, and a myriad of other problems. Establishing a configuration management database (CMDB) should help you get a grasp on the situation. However, many seem to believe that a CMDB features a set model that can be plugged in and used anywhere. Of course, this is not the case, as every company has its own set of needs.

In pursuit of developing a CMDB that has value to your organization, it’s important to look at the goals the database should help you achieve. When simply defined, a CMDB is:

“A database that contains all relevant information about the components of the information system used in an organization’s IT services and the relationships between those components. A CMDB provides an organized view of data and a means of examining that data from any desired perspective…” (From, along with most every publication, turns to the ITIL (Information Technology Infrastructure Library) when relaying best practices standards for CMDBs:

“According to ITIL specifications, the four major tasks of configuration management are:

  • Identification of configuration items to be included in the CMDB
  • Control of data to ensure that it can only be changed by authorized individuals
  • Status maintenance, which involves ensuring that current status of any CI is consistently recorded and kept updated
  • Verification, through audits and reviews of the data to ensure that it is accurate.”

So, the goals are set, but the way to achieve them is not. CMDBs come in a variety of forms. Many companies keep track of virtually every piece of technology they have, monitoring the smallest details at all times, while others limit their CIs (configuration items) to truly critical materials. As Dennis Deane, head of program management in Europe for Scottsdale, Ariz.-based delivery company DHL said to

“A CMDB can take any shape a company wants…

Kia Behnia, the Chief Technology Officer for the Change and Configuration Management solutions for BMC Software, recommends taking a a federated CMDB approach to address this issue:

“…not all management data related to configuration items are appropriate for storage in the CMDB. This is why organizations should consider a CMDB based on a federated data model. Why? Just like links within the general ledger to financial details stored in the accounts receivable system, a federated CMDB links to IT details.” (From Line56 )

He further elaborates on the benefits of connecting the “islands of information” within a federated CMDB with the following example:

“For example, the accurate data within a CMDB helps ensure that routine network maintenance does not cause outages across systems that are connected to the network. Without this capability, outages can occur as a result of unreliable or incomplete data, even if the IT staff follows otherwise effective processes.” (From Line56 )

At AlterPoint, we’re very focused on network configuration and are becoming the standard for network configuration management databases. We are continually improving our ability to provide that context to companies that are being driven to achieve Business Service Management and to our partners that are providing Business Service Management solutions. Services are inherently networked with our ability to capture the most detailed network inventory and configuration information, we can enable the bigger picture CMDB through our APIs and our SDK. For example, in building our SDK, we considered the kinds of technologies that enable a federated CMDB model and as part of our web services interface, and provide the architecture for exposing all of the information inside the DeviceAuthority model.

So, while you can create a CMDB in almost any style, an effective one is federated and accounts for relationships among CIs in an organization, but it also takes business needs into account. The time and money involved in developing a CMDB is only worth it if the database streamlines operations, increases visibility into your IT environment, allows you to adapt to changes in the business landscape, and reduces risks in the process.

Daily Network Management Links for 2006-06-02

[Daily Post from AlterPoint] Network Management Evolution: Let Efficiency Reign

“Working on any large puzzle is an iterative exercise. First you need to look at the top of the box so you can see the “big picture”, then you classify the pieces—by colors, edge piece or curvy, etc—and try to build out the picture step-by-step, repeating the cycle with more pieces filled in. It’s the same with any complex IT process and you could usually use some help with the big picture and the sorting.”

Business Standard: Network security management gaining importance

“Companies need to put in place security controls as the data or images thatformatc2.jpg are coming in or going out from an enterprise network affects its reputation, efficiency and profits.”

ITSMWatch: Looking at ITIL and ITSM From the Business Side

“In today’s corporate world the phrase “IT is Business” is often used, but how many people ask how would IT really “do business,” asks ISTMWatch guest columnist Mohammad Kashif of Noblestar.” From extinction to distinction

“It is not chaos, but it is all very dynamic. Organisations demand anytime, anywhere connectivity now, and there are challenges around management, control and optimisation of network. There are plenty of tools, too, but companies should see this not as a technology issue so much as a management and business one. What steps are you taking to meet this and guarantee service?”

IT Observer: Network security revenue up in 1Q06

“Worldwide network security appliance and software revenue climbed 2% to $1.2 billion between 4Q05 and 1Q06, and is forecast to reach $6 billion in 2009, according to Infonetics Research’s Network Security Appliances and Software report. Many customers, while still investing in firewalls, VPNs, IDS/IPS, and gateway AV, are also looking deeper into NAC and content security solutions, which is delaying some core network security purchasing until later in 2006.”

Network Management Quandary: Decreased Budget, Increased Performance

There seems to be a trend in business and other aspects of life to continually ask people to do more with less. Companies expect a certain level of performance and output regardless of whether or not they have adjusted the budget to provide a department with everything they need to meet these goals. This is perhaps more evident in IT than anywhere else. As the IT landscape changes, departments are forced to make changes simply to just keep up, but of course they are expected to do more than that. Dion Hinchcliffe looked into this issue and Gartner’s take on it for ZDNet, suggesting that:

“Despite static budgets IT departments are under continued pressure to deliver new business value.”

The article suggests that perhaps IT’s central focus is the cause of some of the cost and performance problems that companies in every industry seem to be experiencing:

“So is the stance of IT just far too focused on central control, technology, and bureaucracy? Flat budgets despite an all time demand for IT tells us the answer.”

Some believe that IT departments simply can’t continue to create, develop, and manage the network on their own. However, they do see alternatives:

“There is a growing number of computer appliances that package all the tasks associated with a specific job. If well-designed and engineered, these can save companies the time and development resources that would otherwise be needed to build such functionality from the ground up.” (From

Another area for improvement is efficiency and automation. Just moving tasks to the appropriate skill level and reducing errors can have a huge positive impact on the cost of IT. However, many current processes and some cultures need to mature so they can make the best use of technology. It’s not a simple task for an IT department to shift focus or even give up a modicum of control, but in order to meet diminishing budgets and increased demands, it’s becoming a necessity. Automation of industry best practices are critical in driving down costs and maximizing effeciencies.

At AlterPoint, we know that automation has a direct tie to reducing errors and improving availability:

“Our DeviceAuthority product allows enterprise IT organizations to proactively manage compliance, security, change and inventory, reducing network downtime, improving staff efficiency, lowering support costs and maximizing the performance and quality of the IT network infrastructure.”

It’s not likely that IT budgets will experience unparalleled increases any time soon. The environment simply isn’t what it used to be. Companies want to move their focus to business, and IT is expected to make that happen for as little as possible. Let us give you the tools and provide you with the services to adapt to the new marketplace.

Daily Network Management Links for 2006-05-31

[Daily Post from Alterpoint] Network Management Evolution: Network Management in Healthcare

“A healthcare facility that lacks proper network management makes it difficult for physicians to communicate with staff, and it makes it almost impossible to maintain all of the pertinent data that comes in regularly.”

TechRepublic: Choosing a remote access authentication scheme

“As your organization grows, the number of remote access users is likely to grow, as well. Managing authentication for a large number of users canleap2.jpg become problematic. It’s especially helpful to have a way to track users’ remote usage in a large organization. In addition, security becomes more important as the organization grows.”

Enterprise Computing Institute: Top 5 Reasons why ITIL Implementations do not Happen by the Book

ECI: “Top five real-world challenges to implementing ITIL and ways by which you can overcome these roadblocks.” Web 2.0: With IT budgets slack, delivering business value is paramount

Dion Hinchliffe: “…is the stance of IT just far too focused on central control, technology, and bureaucracy? Flat budgets despite an all time demand for IT tells us the answer.” AlterPoint and Skybox Security Announce Partnership to Converge IT Security Risk Management with Network Configuration Management

From the Blowing our Own Horn Dept: “To reduce risk and meet service levels, enterprises are demanding a consolidated approach for security, configuration and change across applications, servers and networks,’ said Dave Barry, vice president for business development for AlterPoint. ‘By partnering with Skybox we can deliver to our customers deeper visibility into their security risk profile and close the loop with the capabilities to remediate problems.’”

Unstrung: Cisco: 3 Million’s a Charm

“So, where does Cisco go from here? “Business growth is not dependent on market share gains as much as it is growing the overall market for mobility,” says Cohen. Cisco will do that, he says, by evolving standalone product lines into “platforms” on which users can create business applications. This will involve bringing together technologies such as fixed/mobile convergence, presence, location, and WiFi.”

Daily Network Management Links for 2006-05-25

[Daily Post from AlterPoint] Network Management Evolution: Securing Your Cisco Devices

“It’s because of the success of these equipment vendors that the network has grown in intelligence and business criticality. However, it’s important that you adopt security measures and services to protect the devices that are fueling your IT and business operations.”

TalkBMC/Change Connections: Connecting People, Process, and Technology to change impact

hub2.jpg“What is the most likely factor when a change (of any kind) has a detrimental effect on the enterprise? For those of you who liked, Cool Hand Luke, “What we have here is a failure to communicate.” The enigmatic nature of change is that the very communication of change tends to bring up forces that oppose it.

TalkBMC/Service in the Raw: Service is Not Just for Christmas (Problem Management)

“For some weird reason lost in the sands of IT time, it has been the policy to reward poor quality rather than strive to eliminate it. Almost every IT department has encouraged and rewarded bad working practices. Before you get indignant and stop reading, let me explain further….”

InformationWeek: Cisco Invests In File Virtualization Vendor

“NeoPath’s products decouple the file system from physical storage devices to allow data to be migrated to lower-cost or higher-performance devices without shutting down the storage devices.”

Secunia: Cisco VPN Client Privilege Escalation Vulnerability

“A vulnerability has been reported in Cisco VPN Client, which can be exploited by malicious, local users to gain escalated privileges on a vulnerable system. The vulnerability is caused due to an unspecified error in the GUI (also known as the “VPN client dialer”) and can be exploited to execute arbitrary commands with SYSTEM privileges.”

Unstrung: From Closed to Open Mobile Networks

As wireless operators move to embrace alternative access networks, unfamiliar security, IP mobility, and plain old usability challenges are forcing them to examine how best to mediate service delivery across multiple access networks to subscribers who will potentially use several different types of terminal device from many different locations.

Daily Network Management Links for 2006-05-23

[Daily Post from AlterPoint] Network Mangement Evolution: Gain Flexibility with Network Management

“Systems integrators,value added resellers and internal development teams accountable for network management all face significant challenges as theystorage2.jpg try to implement solutions in enterprise IT environments. Often, the most difficult obstacle to overcome is the unending difference among environments. No two environments are the same and often no standardized management policy exists, because the management of the network is scattered across multiple teams.”

Computerworld : Cisco saves $300m with service-oriented data centers

“At Cisco, we like to use the network to automate services [so] internally I created an application called service-oriented data center to provision storage, computing power, and networks for applications.”

HindustanTimes: The importance of network security

“…the very features of connectivity and accessibility that make networks so indispensable to contemporary society, are today creating unforeseen consequences - making it important for organisations to adopt security measures. Some have their applications protected with robust encryption; others are looking to lock down their networks in the face of external threats; still others want to open their networks up to partners, customers and the mobile workforce, without compromising on security.”

TMCnet: Next Generation Wireless Networks Need AirTight Security

“Each day, hackers work hard to find new and more clever ways to penetrate networks, which means that each day, security solutions providers must work twice as hard to ensure network security stays one step ahead of the hackers, especially with the rapid advances in technology that enable new and more powerful wireless services. Each new service and each new technology represents a new opportunity for hackers.”

IT Service Management Forum: The Skinny on ITIL

White paper: “Network Appliance is looking at problem management, change management and incident management - three of ITIL’s 11 core process areas - and identifying gaps between what ITIL recommends and Network Appliance’s current practice.”

Daily Network Management Links for 2006-05-18

[Daily Post from AlterPoint] Network Management Evolution: Network Security Neglected

“As IT became a more important part of the business world, and the network began to grow, it became clear that there was a single source that kept a company afloat. While this has allowed businesses to operate and expand in ways that would have seemed unimaginable at one time, it’s also created risks that were unforeseen.”

IBM: Technology Leaders to Create Specification for Federating and Accessing IT Information

“BMC Software, Fujitsu Limited, HP and IBM today announced plans to create a new interoperability specification designed to enable customers to federateCodeMatrix2.jpg and access information from their complex, multi-vendor IT infrastructures.”

IT Service Management: IT Service Management Governance

So what’s the problem? The Processes are there – you can find the process guide out on the network. The roles are defined – they can be looked up in the HR system. The tools are there. But how come things don’t “feel” different”? How come the director still gets the painful calls from the customers of IT regarding the costs or quality of IT services? How come we still have this nervous feeling that we are not in control of the direction, control or execution of our service management capability?” HP’s Networking ‘Single Pane of Glass’

“‘There is a real cost savings and a real security aspect to keeping everything under one umbrella and keeping everything within a single pane of glass,’ said Kindness. ‘Other vendors coming in may not be able to meet that demand in the highly regulated world we’re getting into.’”

Processor Editorial Article: Why Go Cisco?

“The old IT saying used to be, “Nobody ever got fired for buying IBM.” Although Big Blue is still a strong contender in the small to midsized enterprise market, Cisco is quickly becoming a major force for SME customers, who like the company’s focus on new product development and knack for acquisition.”

Daily Network Management Links 2006-05-17

ComputerWorld: CMDB: managing a complex world

“Such meta-tasks - service level management, change management, infrastructure and application management, identity management - could all benefit from a CMDB, Andrew said. The CMDB pulls together information on the essential elements of an IT operation, such as people, locations, documentation, network, hardware and software.”

ITarchitec: Demystifying The CMDB

“The CMDB is in its infancy. There are no standard definitions of what information goes into a CMDB, no schema for structuring that information,EinsteinCMDB.jpg and no standards for integrating data from disparate vendors. That said, experts say enterprises can still get benefits from small-scale CMDB deployments from a single vendor.”

Network World: CMDB in the real world

“Integrating management investments is an old and, let’s face it, ugly problem. Can all the talk about CMDB really change all that?”

ITtoolbox: SNMP and ITIL and the CMDB

“Why is this taking the IT world by storm? Is this yet another fad, a bandwagon with no value? Not so fast. Put simply, IT is looking for best practices, a way to make sense of it all and manage their shops more efficiently and effectively.”

ITSM Portal: Should IT staff be registered in the CMDB?

“A recent poll on ITSM PORTAL made clear that IT staff should indeed be registered - but how does one convince the HRM manager to cooperate?”

erp4it: Food for thought: Service catalog confusion

“Pat: We’re doing a service catalog.

“Kelly: So are we. How many services are you going to have in yours, do you think?

“Pat: About twenty.

“Kelly: We’re past five hundred and counting!

“Pat: Seems high.

“Kelly: I know you have more than twenty; just the other day you said you were managing forty-five different service level agreements.”