Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 379
  • Last Modified:

technology change/new IT service - your checklist

When you bring a new technology or IT Service into operation in your company – as IT pros as opposed business pros - what kind of things go through your minds  in terms of a checklist on what needs to be in place?

For example if someone says your managers all want a blackberry to access corporate Smartphone’s – 50 devices – what sort of checklist of “things” do you go through to determine how we can implement manage and administer such devices?

I just wondered if you had such a checklist. I am not sure if this is called a risk assessment or something else?
0
pma111
Asked:
pma111
  • 3
  • 3
  • 3
  • +1
2 Solutions
 
pma111Author Commented:
Anyone????
0
 
arnoldCommented:
You would look at the hardware/software requirements then you would look at the bandwidth requirements for external devices accessing the data.
You would then look at setup a redundant mechanism or if possible a load-balanced one.

The first would deal with whether you already have the resources in house or whether you would need to buy additional server/software.

Once the consideration for the backend/server side is done, you can explore the rest i.e. presumably you would have to integrate the blackberry example into your existing setup.
0
 
Rich RumbleSecurity SamuraiCommented:
It's pretty basic, most if it is searching... we like or are evaluating 3 different products for instance. It's all Due Diligence.
One is opensource, and has a pay-for-service model.
The others are companies that have been in this market longer than the FOSS software/service.
We google the financials and news about each product, get gartner magic quadrant's if available from a search. Consumer reports somethings, search their own help forums and documentation if available.
The OpenSource product is klunky, not a flashy, and mostly command line driven in my case, not much of a GUI to speak of. The others cost much more, have been around much longer and so have a pretty big userbase. The non-opensource product's don't technically offer anything the opensource one does, other than a GUI and "brick and morter" base of operations. So for use we have to weigh the cost's we expect to pay for service and or the product itself, as well as will the service be good enough in an emergency or a short turn around issue. We have these large NDA's they sign and we sign because if we buy this product and they get acquired or are being acquired by some company we want to know. It's all part of the RFP process (request for proposal).
-rich
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
SteveJCommented:
Existing architrcture must be stable, then do the research

Steve
0
 
pma111Author Commented:
I was thinking about whether youd consider stuff like how are you going to support the technology, remotely manage it, remotely adminster it, patching requirements etc?

Would this be considered?
0
 
arnoldCommented:
Once you know what is involved in setting up the environment you are in a better position to know what it would take to handle the administrative parts which often mean either having a jumpbox (ssh or terminal server) that is accessible from the outside and which can access those systems.
Patching will fall into the same process you use with existing systems/application and their patching/update/maintenance process.
Having a redundant setup will increase performance while minimizing downtime and the trying to fix the issue in the most sensitive time.
0
 
Rich RumbleSecurity SamuraiCommented:
Yes, any questions you can think of really... it's all about your situation and the problems you aim to solve.
-rich
0
 
pma111Author Commented:
Excuse my ignorance but could you go into some more detail on "redundant setup" in management speak. I do appreciate your help.

Also - you may be able to chip in on this question as it seems an area you are expert in:

http://www.experts-exchange.com/Security/Operating_Systems_Security/Q_27406307.html

I know it may seem basic to you guys but want to get the fundamentals right first. Walk before I can run etc.
0
 
Rich RumbleSecurity SamuraiCommented:
HA, high availability as it's often referred to can come in many forms. For some types of service you have "hot-spares" that are mirror's of the main service, switching over to a hot-spare might involve changing dns, or even a host name, often times it's much simpler, if the main service is not responding, the spare takes over. That is more of a fail-over situation, like in firewalls, a heart-beat is sent between two or more firewalls, if the heartbeat of the active firewall can't be heard by the standby's then they attempt to take over the firewall duties. Some devices "fail-open" which means that if they loose power or become unresponsive, that traffic or data still flow through them, but the functions that device/service was doing is no longer taking place. Some things fail-closed, which is typical of most standalone products, your wifi fails closed, no traffic goes through it once it's off or crashes.
Redundancy is just a different name for H.A. essentially. Redundancy can apply to having a circuit that is not used while the main is in use, it could be that you load balance between the two, and if one goes down, you have the other take on all the traffic. A redundant data center can be an alternate location that mirrors the primary, or one that has a different power feed, circuits and equipment for the backup/redundant side.
-rich
0
 
arnoldCommented:
Depending on the application you are handling you could have two systems that are capable of servicing using a load-balancer.
Discussing items in the abstruct is rather difficult.

You also have to assess where the failure might be and what is your recovery plan.
i.e. servera does task A,b,d,e,f.
A failure of a servera what system/s will now handle these tasks or will you have to restore servera to its operating condition?

The switch to which servera is connected failed, what remedy do you have?

 
The consideration here deals with your referenced question dealing with risk.
i.e. how long can a component be down?
The other issue given your reference to remotely manage means that you have to have the capacity to switch between devices to perform the same task without getting on-site.
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 3
  • 3
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now