ALCG Journal by Andrew Lehman 


DevOps and The Cloud


"DevOps" is a hot concept in corpoprate IT today. It's emblematic of the lighter, faster, more agile IT operation that is aspirational for corporations seeking to eek out more competitiveness from their IT dollar. It shows you're part of the solution, part of the "just-get-it-done" and "why-were-they-all-so-slow-in-the-old-days" IT business thought leadership.

Like many "new" IT concepts, more on that later, the exact meaning of DevOps is open to debate. And also like many new ideas in IT, the new hotness that is DevOps is mostly an amalgamation and repackaging of existing concepts updated to take advantage of the new technology landscape. 
In fact, from an implementational perspective, the bulk of what is novel about DevOps is as much or more about a reshuffling and redefining of organizational roles and responsibilities as it is about the process of Development or Operations.

Much of in-house DevOps is actually Cloud-Driven
The changes to the Ops part of DevOps is really more driven by Enterprise Infrasructure moving into the cloud. A few things are happening. Enterprise cloud is moving from in-house to hybrid to public as cloud offerings mature and corporate decision makers are becoming more comfortable with cloud security and dependability. In fact, if anything, the huge security breaches of the past year have served to demonstrate that keeping computing in-house does not provide the security advantages corporations assumed. Also, the balance of what the enterprise is purchasing from cloud service providers is moving up the stack from from IaaS towards  PaaS and SaaS. One important consequence is that the practice of Enterprise IT Infrastructure management itself is therefore also changing as what the Enterprise teams are managing changes.

As the web has been changing from a static medium into a collection of dynamic web-based applications, what Enterprise IT develops is also changing. On the web and in the enterprise, disappearing are the days when large, monolithic multi-functional applications are released on a annual or semi-annual basis. The enterprise has been moving out of huge monolithic applications and into an enterprise service bus architecture and will continue to evolve right out into to modern dynamic web--developers are developing micro-applications designed to interact directly with users and other applications directly. As the Internet has evolved, so have the users' and the applications that interact there.

Ironically, the massive security breach revelations of the last year have laid bare the vulnerability of enterprise networks and not the vulnerability of the cloud as many feared. Perhaps because everyone, both vendors and enterprise IT organizations, were focused on the nacent risk posed by possible cloud security shortcomings, the extra focus put into ensuring cloud implementations are secure has resulted in the enterprise networks, and not the cloud infrastructures, being the soft targets.

DevOps is about the new world of smaller, web and cloud based apps and how to quickly and cost-effectively design, build and support them. Because release cycles are drastically abbreviated, coming much more frequently, the only practical solution is to have the team that develops the applications also be the team that supports them. When releases come so frequently, there is little time to bring a separate team up to speed to do technical support. And, since most developers don't want to spend a lot of time doing technical support, this has the added benefit of encouraging them to develop less bug-prone releases, since they maintain front-line responsibility and pay the consequences for application problems. Apps are smaller, development is faster, responsibility is more focused and as everything continues to accelerate, the stakes are higher. More than ever, companies need to shed non-core activities, increasing focus on their core competencies, and make good use of partners for everything outside of their lines of business and areas of expertise directly supporting that business. So, the role of IT is shifting in support of this new role consisting of an increased emphasis advise, strategy and increased reliance and supervision of partners and service providers. 



Are There Really Viable Alternatives to Windows for Business Users?

Businesses are increasingly aware that their electronic infrastructures are probably not as secure as they would like. At the same time, the IT organizations responsible for maintaining and securing those infrastructures are struggling to become more nimble. IT is striving to be perceived as a business partner. One that is providing competitive advantage--working to get away from the old image of IT as a ponderous, inflexible and expensive bureaucracy. All too frequently though, these efforts have also lead to inconsistently applied security policies, the seemingly unquenchable thirst for BYOD and the quite ascendance of a don't ask don't tell acceptance of "shadow IT" services seeping in to the organization. These developments are heightening the challenge of maintaining a secure IT environment.   
As smart phones and tablets are becoming part of the business computing landscape, and end-users are becoming more accustomed to  remote computing, cloud-based services and on-line interfaces, users are increasingly open to the idea that real work can be done on platforms other than a PC or laptop running Microsoft Windows. As this door is opening, IT is starting to wonder if these developments might be turned to their advantage. Perhaps alternative platforms might have advantages from a cost, stability and security perspective. 
Our customers have asked us to look in to two alternative platforms which are at opposite ends of the spectrum from a technical complexity perspective. The first is the prospect of using Chromebooks--are they really a viable alternative, and if so, for which types of workers? Second, we have been asked about creating a lean Linux-based platform end-user platform running a VM or VMs hosting Microsoft Windows allowing a developer or analyst to run multiple instances or versions of windows. Most IT professionals will expect the performance of both alternatives to be less than acceptable from a reliability, usability and performance perspective. But is that really the case? 

Viable business PC platform alternatives: Chromebooks and Linux-Windows

We have been testing both platforms with some interesting results. In brief, regarding Chromebooks, we found the biggest challenge was posed not by running on the Chromebook network-centric platform, but by the underpowered hardware that characterizes most Chromebooks. A Chromebook running on hardware comparable to a mainstream business-class notebook, like the Chromebook Pixel, pictured above,  became a viable alternative to a Windows-based notebook for many use-cases. Once you then consider the inherent security and low maintenance costs associated with Chromebooks, the platform starts to look like it could be a bright alternative to the Windows notebook . Likewise, and on a comparable hardware platform, though with more local storage and memory, we found that a Linux-based layered platform was also surprisingly nimble, stable, and usable and could also be crafted into a secure, business-class solution.


Harden your cyber security now! The barbarians are already at the gate... 

Pull the Trigger on Multi-factor or Tokenized Authentication

Let's not bury the headline: you and your company are targets of sophisticated cyber attacks.

The real international conflict we see all over the world today is reflected on the Internet, as are the real dangers. The world is getting more dangerous as national governments and other groups engage in aggressive, violent campaigns. Likewise, there are national governments, terrorist groups and organized criminal organizations pursuing blatant and often sophisticated, persistent, aggressive and illegal activities in cyberspace. You and your company are targets, now, and ever day.

Because of this, it is important to implement security measures consistent with the magnitude of the cyber threats confronting us in today's environment. Though it is easy to be overwhelmed by the urgent and seemingly endless demands of today's rapidly evolving and increasingly demanding corporate environment,  it is important not to allow critical security concerns to be relegated to the back burner.

Our users and our customers are getting more technically sophisticated and demanding, less patient and forgiving. While we in IT want to pursue the role as the leaner, faster corporate IT partner, eschewing the old image as a plodding bureaucracy, it is at the same time our responsibility as the experts to provide, metaphorically speaking, the car that is both fast and safe, and this is what our users and our customers expect from us. 

So, plan & pursue a security road map as a high priority.

Step up your access game. Enable multi-factor or tokenized authentication.

Secure your devices. Lock-down end-user devices with appropriate rights. Remember, when a driver buys a car, she may want it with features X, Y and Z, but underlying everything, she expects the car we provide will be safe.

Leverage Partners & Service Providers. Use subject matter expert partners and service providers whenever possible. A good partner or service provider should be able to leverage economies of scale and focus to provide a superior service with equal or better security than you can provide internally, at a lower cost. Work only with partners and service providers who will work closely with you, provide sufficient transparency and who will participate in audits.

In today's dangerous IT environment, effective IT security, procedures and policies are increasingly critical to everyone who depends on technology and the Internet. The simple truth is, if you are not prepared, you will be a victim. Act now.



Confirming you should read analysts with a grain of salt

The Horses for Sources blog of the HfS outsourcing community this week writes about a revelation by by Mark Smith, CEO Ventana Research, about the practice of some large technology verdors of paying research firms or analysts for the right to review and approve research by analysts before it is published. So, despite what you may think, the independent analysis you think you are reading my not be so independent and unbiased. Not so surprising really. The firms are in it to make money after all. 

Whatever you think of the practice, this informs how you should deal with the analysts, and Horses for Sources goes on to suggest a few questions you to ask your research firm before you rely on the research they provide to you.


A Few Good Leadership Behaviors 

Many of the thngs Dan Rockwell writes about resonate with me. In this list, "Ask 'what' and 'how' more than 'why' really resonates with me. It may may seem counterintuitive at first blush, but if the objective is to move ahead towards your goal, then "what" and "how" focus more on what to do and how to overcome the obsticle and move ahead and less on assigning blame and focusing on problems. Of course you need to understand what happened and why in order to figure how to proceed, but the emphasis should be on 'how do we proceed'. 

8 Behaviors that propel leadership success

  1. When you don’t like something, say it to someone, but not everyone.
  2. Ask “what” and “how” more than “why.” “What” and “how” are execution questions. “Why” questions often spiral into excuse-making. Substitute “what” for “why.”
  3. Create and agree on high standards and deliverables, together, and hold everyone to them, especially yourself.
  4. Be positive about the future even if the negative past drags you down.
  5. Celebrate progress more than correcting mistakes. Never let passion for improvement make you a critical, negative, nitpicker.
  6. Take action. Follow Tom Peter’s advice, “Just do something.”
  7. Focus on next steps.
  8. Know and understand team members.