Role Model - Information Security Magazine: "...Dynamic separation of duties: Deter fraud/conflicts of interest by constraining the combination of privileges that can be activated in the same session (See Figure 1). For example, if I am in the groups cashier and cashier supervisor, I only have the access rights and work within the security context of the particular role I log in under. I do not have the aggregate privileges of both roles during one session..."
Musings on personal and enterprise technology (of potential interest to professional technoids and others)
Wednesday, December 26, 2007
Avoiding aggregated privileges in a single session - "Role Model" - Information Security Magazine, 5/07
Role Model - Information Security Magazine: "...Dynamic separation of duties: Deter fraud/conflicts of interest by constraining the combination of privileges that can be activated in the same session (See Figure 1). For example, if I am in the groups cashier and cashier supervisor, I only have the access rights and work within the security context of the particular role I log in under. I do not have the aggregate privileges of both roles during one session..."
Tuesday, December 18, 2007
As is well known, for all their benefits, blades introduce major additional heat into your server rack... And although cooling requirements can be addressed in a number of ways, not everyone is keen on the idea of introducing water into a mission-critical data-center :-)
"...Georgia Institute of Technology is using new technology that moves cooling systems closer to the source of the heat to save about $160,000 annually in utility bills. Jeffrey Skolnick, director for the university's Center for the Study of Systems Biology, oversaw the installation of an $8.5 million supercomputer where space and power considerations were crucial. It includes a 1,000-node cluster of servers in 12 racks using IBM's BladeCenter system; IBM's rear-door heat eXchanger, which places chilled water directly behind servers, does the cooling.
IBM's eXchanger, introduced last year, solves several problems in the 1,300-square-foot center. It needed only half the air conditioning expected--80 tons instead of 160 tons--and reduced airflow lowered noise. With four more racks to fill in the coming months, Skolnick is looking at chip-level cooling to cut power costs further. 'At the time, [the heat eXchanger] was the most viable technology,' he says. 'Every time you do an upgrade, the rules change, and you have to look and see what's available.'
The idea of introducing water or other liquids into a data center scares some IT managers because water can damage computer components and cause short circuits. Imagine a burst water pipe or a liquid sprayer gone awry. But there may not be a good alternative, says Leonard Ruff, an associate principal at Callison, a data center design firm. Callison, which has been testing the SprayCool M-Series, thinks direct chip cooling is so effective that a business can double the amount of electricity used to power computers and boost the number of servers in a rack without overheating a data center, resulting in a 285% increase in processing capability. Callison now markets the system to its customers.
More companies will adopt water-cooled technology even though there is "an almost unreasonable" resistance to water among data center managers, predicts Gartner analyst Carl Claunch. He recommends that businesses include infrastructure for water cooling when building new data centers even if there are no immediate plans for implementing such equipment. They'll eventually need to pipe in water because it's so efficient at cooling, he reasons...."
Thursday, December 13, 2007
An interesting form of cellphone-centric unified messaging... What a nice way to avoid wasting time listening to my latest voicemail message from unsolicited vendor number 361 received so far this month ;-)
Some interesting potential benefits from storing and searching the transcribed voice messages... (also implicitly raising the generic issues about storage / capacity / archiving etc. relevant for any unified messaging architecture, and clearly part of the overall ROI)...
IMHO the service sounds good, subject to a couple of caveats... But the price still seems a bit steep(?)
A new spin on voice mail: "...Rogers Wireless is looking to make returning calls slightly faster and easier, with a new voice-to-text messaging service the company unveiled yesterday.
For the price of $15 per month, Rogers will be able to take any English or French phone message you might have missed and process it using automated software powered by SpinVox, a U.K.-based firm, that transcribes it to a text message and sends it to your cellphone or other wireless device.
Irv Witte, Rogers Wireless vice-president of business marketing, says the service is aimed at the mobile user who experiences anywhere between 60 to 100 voice mails each month. He also tried to put aside fears about how accurate the service may be, citing that SpinVox is able to convert upwards of 90% of all speech into legible text.
'We've had several hundred people testing this out and have had no complaints about accuracy at all,' Mr. Witte said. 'It's almost frightening how good it is at translating.' The service is available in only seven provinces right away, but Rogers plans to launch the service in Alberta, Saskatchewan and Manitoba early next year. A potential drawback is not getting the entire message. According to an IBM-funded research study, the average voice mail lasts about 31 seconds, longer than the 18 seconds maximum for the SpinVox service.
That may leave the door open for New York-based Simulscribe Inc. to make its own splash in the Canadian market. James Siminoff, chief executive, says Simulscribe will be launching its own voice-to-data service today with a competing plan that offers Canadians on any cellphone plan unlimited message transcriptions regardless of how long as the voice mail lasts for $30 per month.
'Rich, poor, no matter who you are in the workforce, everybody needs to have voice mail', Mr. Siminoff said.
As Eamon Hoey, senior partner at Hoey Associates Management Consultants Inc., puts it, voice mail is just another technology whose innovation is driven by the need for more time..."
Wednesday, December 12, 2007
Some relevant vendor products listed here, to help prevent data and/or hardware loss or theft:
Securing the Laptop: Mission Impossible?: Page 2: "...make the USB drive itself the trusted device. RedCannon's KeyPoint Alchemy, for example, encrypts USB devices and implements policy management rules for their use. Similarly, VMware's ACE 2 implements a virtual PC, with security policies, on a USB drive. 'The USB drive is a manageable asset,' Gartner's Girard said. 'It will cost you some money, but you can do it.' The epidemic of laptop thefts has spurred other, more novel approaches. Absolute Software's Computrace LoJack for Laptops works much the same as the LoJack automobile anti-theft device. When a stolen system is connected to the Internet, it sends out a signal that enables it to be traced. The signaling works even if the hard drive is removed and installed in another system..."
However, the huge grain of salt is that "user education and training is a not-to-be-neglected component of any laptop security program.
A recent study by the Computing Technology Industry Association found that only 42 percent of companies had either completed or planned a mobile computing user security education program. Perhaps that reticence has something to do with the difficulty of implementing an effective program.
'How do you communicate to businesspeople in a manner they can understand and relate to?' said Eric Litt, chief information security officer at General Motors. 'That's the skill. It may be more art than science. You have to build credibility.'"
NOTE: A somewhat old but still IMHO highly relevant resource from the US National Institute of Standards and Technology, including suggested topics for security awareness training:
Building an Information Technology Security Awareness and Training Program
Tuesday, November 27, 2007
Nice grain of salt to keep in mind when planning the next perceived "IT-only" project, e.g. anything related to the unavoidable Upgrade Treadmill that appears not to be a Business Project:
The Content Economy: Who owns your "IT projects"?: "...there are no IT projects, only business projects involving more or less IT. Every IT initiative should be owned and driven by the business. Some might object to this way of seeing things. I would expect IT people that want to keep their influence and power and business people not interested in IT to belong to this category. Upgrading the mail server software to the latest version since the current version will no longer be supported by the vendor might be used as examples of a 'pure' IT project that should be owned by the IT department. But it should not. It would only be a pure IT project if the mail server was not used in the business at all, which then would question its existence and cause it to be terminated. The main point is that someone in the business should always have the ownership of initiatives involving IT, even those needs and initiatives that have been identified and requested by the IT department (such as upgrading a mail server software due to that the current version will no longer be supported by the vendor)...."
Thursday, November 22, 2007
some nice graphs, and good review of the basics of service management best practices, not really limited to the context of that specific ERP product (ps - for the acronym-challenged: "COE" means Center of Excellence):
5 Steps to Measuring COE Value: "...The most common metrics have already been defined in the form of KPIs and by the Information Technology Infrastructure Library (ITIL), a set of best practices for IT service delivery. Be sure to make use of ITIL practices to define incident and change management processes, as necessary. Once you have selected the metrics and established the benchmarks, create an operational dashboard to track your progress. One of the global support metrics my organization tracks is incident resolution. “Sample Dashboard Graphics,” below, illustrates two ways to measure the support burden: incident by business unit and by time-to-resolution. These examples aren’t particularly granular. Typically, I drill down to get answers; my business partners only want to see results and progress. Any businessperson can understand these charts, the trends they represent, and what they mean...."
Thursday, November 15, 2007
An interesting approach to centralized backup strategy (apparently no mention however, of required network bandwidth required for those distributed sites)- for a company specializing in disaster-recovery -:)
Cotton Companies Walks the Walk: "...Asigra's Televaulting is the first agentless solution to deliver bare-metal restoration capabilities across distributed or multisite networks, said Colesante. Agentless means there is no need to install client software on target machines, while bare metal means the software restores servers without the need to load applications or files. Televaulting has two main components—a client, which resides at a customer site, and a server, which resides at a WAN-connected data center. Televaulting's technology performs a full backup followed by incremental, minor backups..."
Saturday, November 10, 2007
some valuable grains of salt to keep in mind with SharePoint:
SharePoint 2007: Pointedly unskinnable ~ Authentic Boredom: "...There is a fundamental distinction that must be understood when implementing SharePoint: SharePoint can be used primarily as a CMS or primarily as a collaboration tool. However, try to use it as both in a single implementation and you’ll entangle yourself in a strenuous skinning effort. Let me attempt to explain why..."
Thursday, November 8, 2007
This article in the NYTimes is ancient history in web time (almost 2 whole weeks ago ;-), yet it still seems worth a quick peek-
Clearly, Google has demonstrated again that it is not at all afraid to aim high, and contemplate a game-changing approach. This idea seems like the Open Source approach on steroids. An enjoyable and informative summary of the recent drama among Facebook, Microsoft, and Google, in this article:
Why Google Turned Into a Social Butterfly - New York Times: "...In a bravura switch of strategy, Google left its own island to embrace open standards that belong to no one company. Its initiative, which it calls OpenSocial, is an appeal to software developers and Web sites to cooperate in adopting a single set of software standards for the little software widgets that can add a social-networking layer to all Web sites. Agreement on a standard would save users from the aggravation of joining multiple networks and save developers from the aggravation of writing code that works only with specific sites. Unlike Facebook’s programming requirements, Google’s use nonproprietary programming languages...."
PS - A fellow blogger has written about the interesting business question of how facebook can help with marketing campaigns . For the time being facebook may be the best tool for that. In the future, depending how the Google OpenSocial initiative turns out, any number of alternatives may present themselves as well.
Wednesday, November 7, 2007
An interesting concept... however ROI appears unclear unless this would obviate lots of ongoing blackberry support (i.e. why bother with Yet Another System to manage, unless it is beyond the initial setup on BES etc...)
CA Introduces End-User Self Service BlackBerry Administration | RIMarkable | The official, unofficial BlackBerry Weblog: "...The key point here for BlackBerry end-users is that they can go buy a new device, go to a web page, and hook their BlackBerry up to their work email without having to call the helpdesk."
Saturday, November 3, 2007
An interesting alternative to the common RSA SecurID key fobs (that generate new keys every 60 seconds for secure remote login):
PhoneFactor rings up two-factor authentication: "...Using the phone as the second part of a two-factor authentication system isn't a novel concept, but it's one that's being implemented more and more as of late. Some banks, such as ASB and Bank Direct in New Zealand, have implemented a phone-based authentication system called Netcode for their Internet banking users in recent years. The phone-based authentication system's low overhead is an attractive way to offer another layer of security on top of what's already available for banking customers. If implemented widely, such a system could provide a much-needed layer of security for banks to combat those that customers are apparently ignoring. PhoneFactor is compatible with all servers that use Remote Authentication Dial In User Service (RADIUS), according to Positive Networks CTO and former Ars Technica contributor Steve Dispensa. This includes Microsoft's IIS servers and Linux servers that support Pluggable Authentication Modules (PAM). The service is being offered for free in single-server form from Positive Networks, with multiserver support, enterprise modules, and Active Directory integration expected within the coming months."
Tuesday, October 30, 2007
Another sign of the "greening" of IT (it will be interesting to see how this turns out :-)
Charging More for Printers and Less for Ink - New York Times:
'...Xerox is unveiling a costly solid-ink printer for businesses that will print color pages at the same price as black and white. The printer, which can handle 30 pages a minute, will cost $2,499, about $900 more than laser printers that operate at similar speeds.
The cost of ink to print 14,000 black-and-white ink pages is about $216, in line with the price for a page from laser printers using toner.
But the cost of printing in color will be the same, $72 each for the three ink sticks needed for a wide-color spectrum. Laser toner to print the same number of color pages could cost five times as much.
“That model, pricing color sticks at one-third of black, is going to be disruptive in this industry,” predicted David R. Spencer, president of Spencer & Associates Publishing, which consults for printers and helped Xerox test the new product.
There is no question about which industry behemoth Xerox hopes to disrupt. According to IDC, the market consultants who track industry sales, Hewlett-Packard commanded almost 40 percent of the global market for color laser printers last year, up from 33 percent in 2005. Xerox’s share held steady at 10 percent in that period. And Angele Boyd, an IDC vice president who specializes in imaging and printing, doubts Xerox will gain much ground.
“The bulk of the market still wants low-cost hardware, so it’s not like this will catapult Xerox ahead of H.P., or even help it nip harder at H.P.’s heels,” she said. “But it could help Xerox sustain its position.” ...
Sunday, October 28, 2007
Tuesday, October 23, 2007
Another nice grain of salt to keep in mind re: TCO of virtualization:
Seven Winners, One Mission - Information Security Magazine: "...People are looking for less footprint and more computing power. On the business side, CIOs are looking at cost savings, then think about security. One side of the market is centralizing with thin, dumb clients, and using hosted software as a service and Ajax applications, dispersing processing power to the edge. The two intersections are never secured. Virtualization is fantastic: it does great things for cost, horrible things for security. But I think we're making progress on this portion of the uphill slant. Look at the classes of problems we have; we haven't eliminated any, we're creating more. Ajax is an example, and we're at odds of how business and technology are approaching these problem sets. We've put all this power in users' hands and we yank it back because we never engineered proper security in the first place. it's not right..."
Nice perspective on ITIL, and the ideal goal of proactively identifying root-causes for meaningful followups:
Seven Winners, One Mission - Information Security Magazine:
"'...we shouldn't be doing security for the sake of doing security. We should be doing security because we're running a business,' Riggs says. Service management is a Reuters-wide mandate, one spawned three years ago as a regimen of strict best practices based on the popular U.K. ITIL standard. Riggs is also working to integrate IT security as a global discipline into ITIL best practices. 'As a company we've been banging the drum about customer service, and we're pushing hard to ensure things are done in a systematic, disciplined way to make the customer experience even better,' Riggs says. Reuters' customers measure performance in hundredths or thousandths of seconds; latency is not tolerated. Thus it is dogged work tracking a complex environment of real-time data feeds, historical databases and an infrastructure of 30,000 switches, routers and more than 1,300 firewalls. A standardized service management approach is the only logical means of keeping such complexity reined in, Riggs says. In addition, the company has unified operations and security around incident, problem, configuration, change and release management processes. For example, Reuters' security analysts examine every security incident--whether it caused a disruption or not--to understand a root cause of the management behavior that failed and why a service was not resilient. Finding the root cause allows Riggs' team to apply that information elsewhere and mitigate future events. Modeling exercises, meanwhile, allow them to anticipate problems in the event of future incidents or scheduled network changes, which can number hundreds per week.
"You always expect your infrastructure to come under attack. But if it fails, you have to understand the real underlying root cause. Was it a network design problem, a third-party quality failure, capacity overrun or did it fail because of a configuration problem?" Riggs says. "We want to pinpoint this as well as any aggravating factors and triggers...and then see where we may be exposed elsewhere and fix it before it causes customer pain."
Riggs has tried to instill that uniformity up and down Reuters' supply chain as well.
"I treat them as a virtual extension of my team, and expect them to behave in a certain way." Riggs says. "That's what I expect of the products they deliver...."
Monday, October 22, 2007
Major Exchange/Outlook Deficiency addressed by "Add Tags to Your Outlook Email Messages, Just Like GMail Labels at Digital Inspiration"
I do not have experience with the specific solution mentioned below. But I certainly see how classic MS Outlook lacks the multiple-tags-per-message feature (and how valuable that can be...)
[Any MS bloggers out there care to comment about how the go-forward on Exchange Server 2007 may or may not help with this? The 15-second scan of the key ES2007 improvements athttp://en.wikipedia.org/wiki/Microsoft_Exchange_Server#Key_improvements did not even hint at tagging :-)]
Add Tags to Your Outlook Email Messages, Just Like GMail Labels at Digital Inspiration : "Gmail use the term 'Labels' while del.icio.us, YouTube and other web 2.0 websites prefer to say 'tags' but the basic idea is same - tags (or labels or categories) make it easy for you to filter or search content. Like Yahoo! Mail and Hotmail, Microsoft Outlook uses the concept of folders to organize email messages - the problem with the folder approach is that an email message, task or contact can be stored only in one folder at a time unlike Gmail where you can place an email into any number of virtual folders (aka Labels). Also read: Is Your GMail Inbox Full ? If you are missing tags in Outlook, get Taglocity. It's a Microsoft Outlook add-in that adds tagging feature to your Outlook interface. You can assign multiple tags to your emails messages and quickly filter content in folders based on tag names. Similar to del.icio.us, you can create a tag cloud of your email messages where the varying font sizes help you visualize the number of messages under that tag. Taglocity is available for Outlook 2003 and Outlook 2007 on Windows XP and Windows Vista. There is a free version of Taglocity for Personal Use though it imposes a limit on the number of tags..."
Thursday, October 11, 2007
» Google mojo comes from open source management | Open Source | ZDNet.com: "Google is hot right now. Microsoft circa 1992 hot. Jim Cramer (right) recently began pounding the table for Google stock at $600, and expects it to hit $1,000. It’s already up to $625. Even at that price its market cap of $195 billion is still dwarfed by Microsoft’s $284 billion. It’s not too late for Big Green. So what’s the secret? I think it’s open source management. Google empowers its people to try things out, to put them “in beta.” And it leaves them there even when they’re not pulling their financial weight, because someone else may come along with a Clue, and the cost of leaving a server running is a rounding error...
But you’ve got this immense store of talent at Microsoft, which spends all of its time fighting internal battles in hopes that something might get out the door later. As opposed to the Google Way, which is to throw it on a server and see what people can make of it..."
Wednesday, October 10, 2007
An update on 1 of the major social bookmarking sites (which was purchased by eBay earlier this year):
A Way to Find Your Corner of the Internet Sky - New York Times: "...A Web service called StumbleUpon has spent the last six years trying to satisfy such a need, perfecting a formula to help you discover content you are likely to find interesting. You tell the service about your professional interests or your hobbies, and it serves up sites to match them. As you “stumble” from site to site, you will feel as if you are channel-surfing the Internet, or rather, a corner of the Internet that is most relevant to you. Web discovery, or search without a query, is still a niche activity, but StumbleUpon’s growth to 3.5 million registered users from 600,000 two years ago suggests it is on a path to becoming more mainstream...."
Securing Very Important Data: Your Own - New York Times: "...Parity is sponsoring a number of open software projects to shift more control to the users whose identity data is at risk. One of the most intriguing is called the CloudTripper Project, which is developing a way for individuals to “take their data with them” as they traverse the Web, just as they keep their wallets and checkbooks with them as they move around in the real world. Another project, the Identity Governance Framework, aims to help organizations comply with national and international regulations, including the Sarbanes-Oxley Act and the Health Insurance Portability and Accountability Act. It establishes a new approach for securely sharing and auditing sensitive personal information, and has been widely embraced by major enterprise software vendors as well as providers of identity technology..."
Tuesday, October 9, 2007
SAP attempts to address the SaaS and the Web 2.0 expectations of the user community, with its announcement regarding "Business ByDesign":
Salesforce, SAP Battle for On-Demand Supremacy:
"...Salesforce.com officials announced the final piece of the platform, Visualforce, which lets developers build any user interface to any application.
The San Francisco-based company also announced two new applications, Content and Ideas, that add to its CRM portfolio but appeal to a broad user base that could span departments.
Content provides a raft of Web 2.0 technologies—such as tagging, subscriptions, recommendations—that help users manage unstructured data. Ideas is a service that enables companies to build communities where participants can post and vote on ideas.
By contrast, SAP, based in Walldorf, Germany, has taken the fully integrated ERP route when it comes to on-demand.
SAP's newly launched—though not yet available—Business ByDesign offering provides suites for common back-office functions like finance, human resources, CRM, supply chain management, supplier relationship management and corporate governance.
The suite provides the all-important integration with Microsoft's Office environment, and provides newer Enterprise 2.0 technologies like on-demand community interaction and live help links from within the Business ByDesign suite..."
Sunday, October 7, 2007
The 10 most important things to teach your users, from TechRepublic:
"...One way to head off at least some of the problems is to educate your users about certain key computing basics. Veteran tech Becky Roberts built a list of 10 things she feels are most critical for users to know, such as how to:
* Provide useful information when reporting a computer problem
* Safeguard equipment and data when traveling or working offsite
* Exercise care and discretion in sending e-mails
Saturday, October 6, 2007
(several months old but still a nice overview of this important topic):
The Drive for Data Protection:
"...we recommend the establishment of written data-handling policies, backed by policy-based security controls and accountability via reports and logs to ensure against data loss..."
Monday, October 1, 2007
A fascinating focus on ITIL best practices (and also monitoring) for VMware virtualization. However, the overall ITIL challenge would seem to go way, way beyond just VMware issues [e. g. holistic infrastructure change management, as part of the overall scope of best practices that ought to be enabled via a framework such as HP OpenView, CA Unicenter, IBM Tivoli etc...]
Meanwhile, this planned 4th quarter release by Opalis may be worth watching for (the monitoring tool by eG Innovations is supposedly out already):
Vendors Tame Virtualization Management Complexity: "...automation vendor Opalis Sept. 4 announced its new Opalis Process Catalog for Virtualization, aimed in part at helping IT rein in virtual machine sprawl. 'It's so easy to provision a new virtual machine, they tend to multiply like bunny rabbits. As a result, storage utilization goes through the roof,' said Charles Crouchman, chief technology officer of the Toronto-based company.
The Opalis Process Catalog for Virtualization represents a new chapter in the company's overall electronic IT process catalog book for solving specific problems. It includes automation policies based on ITIL best practices for managing virtual environments. Functions range from straightforward automation of maintenance tasks such as patch management to 'high value processes such as virtual machine life cycle management,' Crouchman said.
The virtualization process catalog includes process flows for both provisioning a new virtual machine and de-provisioning it. 'We can watch the help desk system for a ticket requesting a new VM, sense the ticket has been opened, and we can check that it is in compliance with [rules such as] who can ask for a VM, what kind of VM [is acceptable] and which software you can use on a VM. If it passes compliance, we can immediately provision that VM,' he said.
The product is due in the fourth quarter, although Opalis officials will demonstrate it at VMworld in San Francisco.
Meanwhile, eG Innovations at VMworld will take the wraps off new performance monitoring software that can provide the inside view of how applications are performing within a virtual machine guest.
The Iselin, N.J., company will introduce its new eG Monitor for VMware Infrastructures, which shows in real time the internal and external performance views of what the VMware host sees about guests and what the guests see themselves...."
Skype Helps Bridge Distances, HUB Digital Living 8/07:
The dual skype device mentioned below seems to be the one described here by the manufacturer:
"...Skype has partnered with nearly 200 hardware companies to create such Skype-certified products as cordless phones, webcams and mobile handsets that work with the service. For example, the Philips VoIP841 cordless phone (available later this year for $199.99; www.philips.ca) will let you roam around your home on a cordless device with keypad to make or accept Skype calls. In fact, this phone doubles as a landline too, so one plug on the base goes into the wall's telephone jack while the other plugs into a modem or router (no PC necessary)...."
Sunday, September 30, 2007
Nice summary of critical vs. nice-to-have features, in this updated 2007 Gartner Magic Quadrant for ECM:
"... to be included in this Magic Quadrant the vendor must have a content management suite that addresses the following core components. The vendors should have all these capabilities and should have all the components integrated — at least four must be native; other components could be supplied through partners. To be considered for placement in the Leaders quadrant, the vendor must provide all six components natively.
Core document library services (check-in/check-out, version control, document-level security). Advanced capabilities, such as compound document support and content replication, score higher than the minimal library services.
Document imaging repository capabilities. Document imaging consists of two components. The document capture portion can be carried out via native capabilities or else met with a formal partnership with a third-party solution, such as Kofax, EMC Captiva or Datacap. But the vendor must also be able to handle images of scanned documents in the repository as just another file type in a folder, and it must be able to store, retrieve and route them.
Records management — the minimal requirement is the ability to enforce retention of critical business documents based on a records retention schedule. Higher ratings are given for certified compliance with the DoD 5015.2 standard.
Workflow — the minimal requirement is simple document review and approval workflow. Higher points are given to those with graphical process builders, and serial and
Web content management (WCM) — the minimal requirement is a formal partnership with a WCM provider. Native capabilities score higher than partnerships.
Document-centric collaboration — document sharing, project team support, and support for ad hoc, threaded discussions around documents.
Part of our assessment involves looking at how well each vendor understands evolving requirements and market trends. Electronic forms (e-forms) and digital asset management (DAM) continue to grow in importance, and digital rights management (DRM) is becoming more important as an additional layer of content security. As part of this assessment, we look at the vendor's road map for addressing these optional components as well as integrated document archive and retrieval system (IDARS) and e-mail management/archiving..."
Sunday, September 23, 2007
this is an oldie but goodie, or at least helpful to those of us who have somehow avoided wasting lots of time with Vista until now ;-)
(and kudos to Tim Sneath, for his meaningful and honest blog title of "Musings of a Client Platform Technical Evangelist" :-)
Wednesday, September 19, 2007
OK, would be interesting to hear a Microsoft rebuttal about the Web 2.0 aspects of latest SharePoint-related technology. Meanwhile, fascinating to hear about the "MIMP" vs. "LAMP" implementation:
"Using Pligg at Work as an easy Corporate Web 2.0 site: "For those who do not know the Pligg system is a digg clone site that allows people to submit and vote on stories, we run one as a way to collect social book marks and things we think are important at work, and in our general perusal of the Internet looking for stories and things that influence business. In all it has been a handy way of collecting information as a news sink, that people can later search. We use Pligg as an externally facing social bookmarking site that allows a group of people to manage and upload stories they think are interesting. The site is externally facing as we have telecommuters and other folks who access and use the site. Its purpose is two fold, our customers can upload documents that they think are important, our workers can do the same, and internal/external trusted people can also upload their stuff. We also use it as a test case, to see how many people will stumble over a site like digg clones and adopt them by adding their own stuff, or spam to the system. While it is not a critical system, it does have its uses, and is fairly heavily used by a small core group of folks who search all the major news channels for information that might be of interest to the company....
Not a bad use of corporate Web 2.0 sponsored system, we keep it off the primary network on its own domain, it is not our usual Microsoft technology, meaning the people who run it and maintain it all have to understand LAMP (Linux, Apache, MySQL, PHP) only small variation it is really MIMP (Microsoft Server, IIS, MySQL, PHP) just to confuse people and hackers by the way, it is not something they expect.
Overall though as an initial foray into Corporate Web 2.0, collecting news stories, and voting on them has been a successful experiment. The management has decided that the system is worth keeping, although needs to be upgraded and put into the corporate management system.... "
One of many solutions in this growing field, thanks to blogs.ITToolbox.com :
Inexpensive, lockable USB memory stick:
"Data traveling around on memory sticks are vulnerable to compromise through loss or theft. Information on these devices often includes keys, passwords, protected health information, or identities of employees. The trick for organizations that allow the use of these devices is to find a low cost, easy to use, secure solution. The Corsair Flash Padlock USB Stick might just be the answer....
The biggest shortcoming is that Corsair isn't offering a larger-capacity version of the Flash Padlock.
The Corsair device doesn't appear to encrypt the data. It just makes it inaccessible without the user-assigned PIN."
Sunday, September 9, 2007
The SaaS for alerts (provided by MessageOne's AlertFind) as described here seems interesting, definitely relevant beyond the academic world as well. But what seemed even more creative was the idea that you don't necessarily have to use your regular communications infrastructure for emergency alerts (ideally eliminating the "information overload" as suggested in the final sentence, if you use this ONLY for emergency alerts):
Colleges Getting Proactive on Disaster Communication: Page 2:
"Middlebury College, established 150 years ago, is in the process of installing AlertFind now. Located in Middlebury, Vt., Middlebury also operates the C.V. Starr-Middlebury Schools Abroad at 28 sites in 12 countries. With students, faculty and staff in Middlebury and spread around the world, it would be difficult to deliver emergency instructions or account for college community members in the event of a crisis or disaster.
Once the new system is implemented, Middlebury will be able to rapidly and automatically communicate with faculty, staff and students in the event of any crisis or disaster. Administrators will no longer have to distribute critical messages manually through a broadcast e-mail or voice mail.
When an incident occurs, Middlebury crisis managers will be able to quickly and automatically send important notifications to affected community members. As long as the recipient has access to a landline, text messaging device, cell phone or e-mail, he or she can receive an emergency notification anywhere around the world. The system, which can differentiate between a real person and voice mail, is able to deliver a spoken electronic or recorded message and even ask questions such as, 'Are you OK?' in the event of a crisis. These responses will be available to crisis managers in real time....
Unlike free text message systems backed by advertising dollars, AlertFind is a dedicated tool for text and voice-based emergency communication. Since the system is only used in emergencies, AlertFind prevents the "message fatigue" associated with ad-based systems where users may ignore important notifications, assuming they are spam."
Kudos as well to a fellow blogger whose entire "Emeregency Notification" blog focuses on this topic, lots lots more on this topic :-)
Tuesday, September 4, 2007
Interesting way to think about COTS vs. OpenSource for ERP (thanks to The Enterprise System Spectator for this and for pointing to the original Baseline Magazine study)
The Enterprise System Spectator: Total cost study for an open source ERP project: "...Open source is moving up the technology stack to business applications. Whether it can gain significant market share remains to be seen. ERP systems are much more specialized than operating systems and application platforms. It is not clear to me whether there are sufficient populations of developers to gain critical mass for these products, as there has been for products lower in the stack. Who should consider open source ERP today? In my opinion, these solutions today are not so much an alternative to proprietary software as they are to custom development. An organization that knows it will need to do significant customization or enhancements to an ERP system should consider open source as a starting point instead of proprietary ERP. Organizations with unique requirements or unusual business models may be in this category. Modifying core code of a proprietary ERP system generally voids the warranty and makes on-going support less relevant, since the vendor will not support your custom modifications. Why not start, then, with open source ERP, where there is little if any charge for the source code? To me, that's a better choice than to start with 100% custom development. I'm looking for more cost metrics on open source ERP implementations. If you're willing to share them with me, let me know..."
Sunday, September 2, 2007
Interesting commentary (debunk a bit of what is visible on www.microsoft.com/voip ):
"...Our analysis: While the addition of voice and video quality management adds another arrow in the Microsoft quiver, we don’t think Microsoft has a complete VoIP solution – at least not yet. But as we’ve said before, traditional suppliers like Nortel, Siemens, Avaya and Cisco need to keep ahead of the feature curve if they don’t want to be entirely displaced by Microsoft...."
Thursday, August 30, 2007
SharePoint Deficiencies? "Social Bookmarking Apps Provide a New Knowledge Management Platform", eWeek 8/07
Interesting to see whether Microsoft will finally respond (sounds a bit different from what was suggested in a recent post here, and also different from what one sees on several of Microsoft's own blogs, e.g. the Microsoft Unified Communications Group Team Blog among many others)
Social Bookmarking Apps Provide a New Knowledge Management Platform ( full article ):
"...Microsoft has no social bookmarking solution today. Having just revised SharePoint, the company probably won't release such a package before 2009, said Burton Group analyst Mike Gotta. WSSSearch provides a bookmarking add-on for SharePoint, but representatives for the company did not return eWEEK's requests for information..."
Wednesday, August 22, 2007
I especially like the acknowledgment of a "grey area", this is what I have heard called "stratactical" [combo of strategy and tactics, not purely 1 or the other]:
Operations or Alterations?:
"Some organizations have begun to split their portfolio into some fundamental dualistic categories. One such breakdown might be described as Operations versus Alterations. By Operations, we mean "keep the lights on" type work. By Alterations, we mean "change the business" type work. The notion here is that a two-pronged fork can inform the leadership team about how they are spending their resources in "stay the course" work versus "change the course" work.
I'd like to spend a minute on some implications of this split. First of all, from a very simple set theory standpoint, this split assumes that all work can be covered by those two categories. Let's take an IT department for example. Does all the work that IT performs fall into those two categories? How do we break down the work that needs to get done? If we break it down into change-the-course versus continue-the-course, then the first question to ask is, Does that leave anything out?
The easy answer is that we don't allow anything to be left out. We decide in advance that everything we are doing falls into one of those two buckets, and we force work into either one or the other. This forcing action in and of itself may prove to be useful.
A quick thought experiment might help. Some requests for work are clearly requests that alter the course, such as replacing our ERP. Some are clearly operational, such as a request to add new recipients to an existing report. But some requests are a bit more gray. Let's say that there is a request for new functionality in an existing system. You might call it an enhancement. You might call it a change request. Some folks might call it a system defect. And now we are already in a gray zone.
This small dilemma brings up one of the central issues in a portfolio approach to managing a project-driven organization. How do we evaluate requests for work in terms of their value? How do we compare their value to other work requests in the queue? How do we compare their value to work that is already being worked on? And finally, how do we make the tradeoffs?
In fact, once we have created the categories of stay-the-course and change-the-course, we have already created the decision-making framework for prioritizing and tradeoffs..."
Thursday, August 16, 2007
IBM, Microsoft Show Web 2.0 Wares (eWeek, 6/07)
(also accesssible in visual display: very slightly different variant of same article by same authors)
"....Meanwhile, in a keynote at the Boston event, Derek Burney, general manager of SharePoint platform and tools at Microsoft, shared insights on how social computing is changing the way businesses work and amplifying the effect people can have within their organizations.
Microsoft, of Redmond, Wash., is seeing evidence of this firsthand from customers like The Body Shop, which is using Web 2.0 technology to connect with women 50 and older—the target audience of its new product line. Burney said Microsoft also is seeing evidence of the impact of social computing from its own internal use of tools like blogs, wikis and "My Sites."
Burney discussed early releases of several editions of Version 2.0 of the Community Kit for SharePoint, particularly the Enhanced Blog, Enhanced Wiki, ChatterBox AJAX and Tag Cloud editions, which are available on Microsoft's CodePlex community development site at www.codeplex.com. The SharePoint offerings make it easier for organizations to leverage the power of social computing and to take advantage of the innovations that Microsoft's community has developed on top of the SharePoint social computing platform, Burney said..."
the snippet below makes me curious whether the list-price tag of $33K CAD [as per Hub Canada 8/07 issue page 44 ] is competetive to overall value, alternate manufacturers etc... if the biometrics are so cool, why didn't this succeed back in 2004?
Konica Minolta Launches Next-Generation Bizhub MFP Product Line: "...Konica Minolta's next-generation bizhub MFP product line provides business users with enhanced security features such as a biometric authentication unit, which scans a user's finger patterns and then encrypts and stores that information so that it can be used to distinguish users. 'Our next-generation bizhubs provide businesses with end-to-end security as we certify our systems by following necessary security protocol,' said Kevin Kern, vice president of product planning and development at Konica Minolta Business Solutions, based in Ramsey, N.J. Konica Minolta's bizhub product line was originally launched in 2004, but the company has since then added to it with new MFPs and advanced features. 'Our goal with our bizhub product line is to offer customers a full portfolio of MFP products that deliver improved color print quality and workflow capabilities,' said Jun Haraguchi, president and CEO of Konica Minolta Business Solutions, in a statement. The next-generation bizhub product line now uses Simitri HD (high definition) color polymerized toner, giving users strong image quality while also being energy-efficient by using induction heating, which involves less energy and heat during startup...."
Thursday, August 2, 2007
Open Text Announces Next Generation Contract Management Offering: "...
Integration with Back-Office Applications: When building contracts, users can pull information from a clause library maintained within Livelink ECM and can also interact with line-of-business systems, such as CRM and ERP applications, in particular SAP solutions, ensuring accurate, up-to-date data is selected.
Proactive Report & Alert Management: Organizations can take advantage of proactive alerts and management reports in order to maximize the value of supplier relationships and to encourage compliance to committed contract terms and conditions..."
Oracle and SAP passed over for IFS by water desalination firm:
... Seven Seas, which was founded late last year, is in the business of acquiring and building plants that make ocean saltwater suitable for drinking. The growing company, which serves resorts, municipalities and other commercial water users in the Caribbean, says that Oracle's and SAP's respective ERP offerings are simply too big and complicated.
Instead, Seven Seas chose a smaller ERP vendor, IFS AB, to manage the general ledger, project management and field services operations at its various facilities.
'I've had exposure to SAP as well as Oracle and basically we chose not to consider those two solutions just based on our prior experience and on the complexity of the implementations that we've experienced,' said John Curtis, Seven Seas' CEO. 'Oracle was the better of those two. [But] the team's conclusion very quickly and very clearly dictated going for a more user-friendly version and something that better fit our business model.'..."
Tuesday, July 31, 2007
Update 2009/08/19: Apparently the newly redesigned http://www.itanalystreports.com/ no longer provides the link to the 6/07 Gartner update mentioned below.
However, an excellent post entitled Project Management Online for Small Teams does provide a link. That article is well worth reading in any case and highly recommended :)
31July2007: Thanks to itanalystreports.com , an update from similar Gartner Magic Quadrant last year regarding the PPM vendor space:
"Gartner Magic Quadrant for IT Project and Portfolio Management, 2007 - June 2007, 11 pages"
Tuesday, July 17, 2007
The 7th Annual eWEEK Excellence Awards: The Winners: Networking Infrastructure:
The 7th Annual eWEEK Excellence Awards: The Winners
CATEGORY: NETWORKING INFRASTRUCTURE
Xirrus Wi-Fi Array
Software Release 2.0 for the Wi-Fi Array further enhanced and provided increased functionality to the Xirrus Wi-Fi Array platform. With this release, the Wi-Fi Array can use some its IAPs (integrated access points) to create up to four independent, 162M-bps wireless mesh backhaul links by bonding three of its IAPs together for each link.
Additionally, the multiradio backhaul capabilities of the Wi-Fi Array eliminate the need to run cabled uplink connections in areas where it may be impractical or cost-prohibitive to run Ethernet cable. All security and WLAN (wireless LAN) policies are enforced across the backhaul links, and radio bonding provides load balancing and failover capabilities, allowing for a uniform and fault-tolerant deployment across an entire campus.
Also in this release is increased security functionality, including intrusion detection and prevention features augmented by Xirrus' partnership with Network Chemistry. The duo can manage to protect Wi-Fi networks from more than 100 threats, including rogue access points. The Wi-Fi arrays, Wi-Fi filtering, firewall functionality and time-of-day access controls can be tied to a specific SSID (service set identifier) for fine-grained control over various security settings. These robust security features provide IT administrators with the most powerful and secure Wi-Fi network available without needing a separate Wi-Fi intrusion detection and prevention network of sensor access points.
Microsoft Reaches ERP Milestone: "Microsoft has reached the halfway point in its three-year march to converge four enterprise resource planning suites into a common technology platform.
But it's still an open question whether the campaign will deliver a fully converged suite that will hold its own in the midmarket that SAP and Oracle also covet, and whether customers still care...
Project Green, the early code name for the suite's convergence, was originally a two-step plan to rewrite Microsoft's four ERP suites—GP, NAV, SL and AX—into a single code base.
But at their Convergence user conference in March, Microsoft officials confirmed that the company will likely not move to a single code base but, rather, converge the suites through a common underlying technology stack, including SQL Server, Visual Studio .Net, BizTalk Server and Workflow Foundation..."
Wednesday, July 11, 2007
Project Portfolio Management Today:
Product v. Project Portfolio
Demian Entrekin (Founder & CTO, Innotas) Posted 7/10/2007
"...As an example of some of the best practices they have surfaced, they urge what they call an "idea-to-launch process" which is driven by clear, meaningful gates from stage to stage.
Their use of research quantifies how these kinds of gate-driven processes pay off. Using studies by American Productivity & Quality Center (APQC), they have extrapolated how top performing organizations follow these kinds of portfolio techniques. In the words of the authors, these organizations "make the gates work."
In a primer called "Ten ways to make better portfolio and project selection decisions," the authors lay out concrete steps that can be taken to drive greater value from their project investments. In one example, they describe an effective approach called "incremental commitment." ....
Stage Gate Articles, Research, Knowledge and Working Papers: "Formula for Success in New Product Development
Dr. Robert G. Cooper
Many businesses use the Stage-Gate® process to conceive, develop, and launch new products. As proficient companies have implemented, modified, adapted, and improved methodology, it has morphed into a faster, leaner, and more effective tool. The next generation process, or NexGen Stage-Gate® builds in seven principles of lean, rapid, and profitable new-product development to maximize productivity in product innovation."
ESRI - Professional Papers: "IT and GIS--A Complementary Technology Blend
Author(s): G. Rao, Ajita Kini, Anwar Hassan, Saumyajit Roy
GIS, integrated with DMS, CRM, GPS/RFID and ERP, has proven to deliver immense benefits to organizations like municipal bodies and utilities where work revolves around spatial information. This is what LAVASA - a privately developed lake city spread over 40 sq kms in western India, is trying to achieve....
ESRI technology is being harnessed to augment the mammoth design, planning and construction challenges presently underway. The paper describes how RMSI and LAVASA are putting into place various best practices in GIS technology from 3D visualization, CAD standards, data modelling, GPS updates, linear referencing, map publishing, etc... to ensure that this city gets maximum advantage from an integrated enterprise GIS tomorrow."
Posted by dgftest at 1:14 PM
Tuesday, July 10, 2007
Skype Enters the Enterprise:
"...with traditional voice over IP equipment, you need infrastructure at each location where you want to make in-network calls. 'If you're a big multinational company, you have to have an IP-PBX at each location to get free calls between them all.' With the VoSKY Exchange, however you can get pretty much the same benefit with just one unit, installed at a key office. Workers in small remote offices—or on the road—can dial in with their Skype IDs, and the calls are still free.
While companies can, theoretically use Skype to their hearts' content—without added infrastructure like the VoSKY Exchange, David Tang pointed out that the Actiontec product gives IT managers 'a little bit more peace of mind, taking Skype off the desktop and isolating it in a centralized server. They can put it behind their firewall, they can put it in a separate subnet, or whatever. Basically, you're taking Skype off of the LAN,' Tang said...."
The Drive for Data Protection:
"... the operating system is not the place to look for the current utmost in protection against accidental data loss, and oversight over and privacy for data that is permitted to be copied to devices, and proof of action for audit and compliance purposes. For these types and levels of protection, companies need to look to third-party solutions.
Indeed, the security market for products that protect against data loss from the endpoint is white-hot right now, with dozens of companies vying for a place on the corporate desktop. And it's a market that an increasing number of organizations are tapping into as a pre-emptive strike.
'We put something in place with [Microsoft] Active Directory that would block the use of USB ports, CDs or floppy disks, but it was not easily administered,' said Miriam Neal, vice president of IS at South Western Federal Credit Union in California. Neal eventually settled on SecureWave's Sanctuary 4.1, which we have reviewed. We also reviewed Secuware Security Framework 4.0.
Both products offer policy settings to deny read or write actions to removable storage devices, approve the use of standard devices and enable the use of encryption.
Security Framework's strength lies in its ability to easily enable encryption on the enterprise..."
Posted by dgftest at 9:05 AM
Sunday, June 3, 2007
Adobe Offers 'Creative' Options: "When the announcement came down a few years ago that Adobe Systems was acquiring Macromedia, many questions centered on the competing and complementary products in each company's portfolio. How would the two major suites be combined? Would some products be merged into single products? And would other products be discontinued completely?
Finally, with the release of Adobe Creative Suite 3, we have our answers (at least most of them, anyway). And while the Macromedia Studio name is gone, former Macromedia products such as Dreamweaver, Flash, Fireworks and Contribute figure prominently in the many versions of the new Adobe suite.
And we mean many. There are six different versions..."
Posted by dgftest at 4:10 PM
The Green Grid: Content: "define and propagate the best energy efficiency practices in datacenter operation, construction and design. In this paper, The Green Grid has identified both short-term and long-term objectives to increase the energy efficiency of datacenters and IT infrastructure equipment."
Posted by dgftest at 4:05 PM
Saturday, May 19, 2007
File Replicating / Synchronization - RedDot CMS Users | Google Groups
From the Google group for RedDot CMS Users (seems like a very practical suggestion from an excellent source :-)
"CMS publishing is the single most intensive process relating to
pretty much all aspect of the system, processor speed, disk speed and
network speeds are all heavily used. The thing to remember when
dealing with publishing is that, while you may only be setting up one
publishing job, if you are publishing to muliple servers, the job is
repeated each time for each server.
If you have multiple web servers and are using a load balancer, I
generally recommend that you set the CMS server up to publish to a
staging machine (an older, phased peice of hardware that is just
sitting around since so many company's seem to have them lately, and
then do exactly what everyone else has said and use something that
will monitor the folder and push the staging publish out to the web
servers, Cute FTP pro works really well for this and is only $69.00
This actually serves two purposes. First, it cuts the publication time
down so that only one publishing job is involved and secondly, it
ensures uniformity throughout your live web servers.
I am currently running some benchmark tests relative to publishing and
should have that information in the next week or so.
Andrew Salik, Project Manager
RedDot Solutions, NA"
Friday, May 18, 2007
Thursday, May 10, 2007
SAP Pushes SOA, On Demand: "... where SAP may be leading the pack in establishing NetWeaver, its services-based platform and ERP (enterprise resource planning) application suite, it's lacking in the fundamental resources needed to carry the SOA mission forward: a skilled work force to help convert users from older R/3-based systems to the newer SAP ERP 6.0 suite and a user community ready to fully embrace the concepts of SOA, industry observers said.
[SOA] is not the magic bullet to solve all problems,' said Harry Bruce, section IT manager at Procter & Gamble, in Cincinnati. "
Tuesday, May 8, 2007
Here is apparently some relevant info:
Forcing page save/close to release - RedDot CMS Users | Google Groups
I swear I knew how to do this before, but for the life of me I can't
find the option or remember how it was done...
There is/was a way to force the close of a page to automatically
release rather than stay in a draft mode. Can anyone out there remind
this poor soul's apparently horrible memory?
Yep, it's an option in the Project General Settings.
Posted by dgftest at 11:15 PM
Friday, May 4, 2007
BlackBerry - BlackBerry Press Releases: "'The BlackBerry Curve offers a unique blend of communications, multimedia and web features to provide people with an exceptional mobile companion for both work and leisure,” said Mike Lazaridis, President and Co-CEO at RIM. “The BlackBerry Curve delivers RIM's industry leading email and messaging capabilities in a highly approachable smartphone design that is packed with consumer-friendly features including a 2 megapixel camera, enhanced media player and high-performance browser.' "
Posted by dgftest at 6:06 PM
Thursday, May 3, 2007
CMS Watch finds MOSS 2007 ill-suited to Web Content Management -- CMS Watch: " * For public-facing websites, the product lists for USD 41,000 per server, making it one of the most expensive licenses in its mid-market class.
* On the plus side, MOSS 2007 can be heavily customized and extended using traditional .NET approaches.
'MOSS 2007 might make sense for certain document-heavy Intranets,' Byrne added, 'but prospective customers should not assume that its ease of deployment for simple file sharing will equate to ease of implementation for managing complex web publishing operations -- for Web Content Management, MOSS is really more of a development platform.'"
Magic Quadrant for CRM Customer Service Contact Centers, 2007: "Salesforce.com
* B2B, low-call-volume customer service and support centers as an extension to the Salesforce.com installed base.
* Excellent graphical user interface, simple design and intuitive navigation.
* Strong corporate investment in future customer service products.
* Low upfront IT investment required, and SaaS delivery model.
Return to Top
* Unproven in retail, B2C contact centers (that is, large-scale, high-volume call centers) (see 'Software as a Service for Contact Center CRM: Limited but Promising').
* Limited industry vertical knowledge (for example, retail mortgage processes, loan origination, insurance policy administration, bill processing and fraud management).
* There is limited attractiveness for companies that would like to have an offline data repository and custom-built objects available in offline mode. Some clients have perceived that the company does not have a good view into the overall IT environment.
* The five-year total cost of ownership (TCO) of the SaaS model is difficult to model against an on-premise system that is bundled with an application suite (for example, Oracle EBS, SAP and Microsoft)."
Posted by dgftest at 11:12 PM