Category Archives: Best Practices

Best Practices, Business of IT

Never Get Advice from a Reseller (or Vendor)

5 Comments

This is general business advice that often applies to IT but is certainly not limited to that realm alone.  Outside support in IT comes from two main sources: firms who are paid (by you) to advise you and firms paid (by you) to sell you something.  The first are what we generally consider consultants.  The second are what we call resellers.

The simple rule of thumb is – never, ever get advice from a reseller.  At least not general advice, at best very specific advice centered purely around only the products that that reseller sells.  This isn’t to say that resellers are bad, far from it.  In fact, the reason that you can’t get advice from a reseller is not because of them but is because of you – let me explain.

When we go to a company to get advice we must pay for that advice.  One way or another, nothing is ever free.  Resellers traditionally earn their money by providing whatever free advice we desire and then making their money by selling us a product that has been marked up to cover their costs and to provide for their profit.  This is fine, but as the customer we need to understand that we are only compensating that reseller if they convince us to buy a product or a service that they sell and we compensate them better the more of that product that they convince us to buy.  The reseller isn’t at fault here, we need resellers and we need them to make money in this manner.  The issue is going to them and attempting to get free, general advice – we are forcing them to either work for us for free or to sell us something whether it is the right thing for us or not.  We’ve backed them into the proverbial corner and the only reasonable response is for them to attempt to sell us what they offer.  That is, after all, their job.

This leads to an additional problem, of course, which is that resellers don’t have skilled, professional, general-consultants on staff – at least not as a rule.  So if you go to a reseller and ask for advice, that reseller is almost assuredly only trained and knowledgeable on the products that they sell themselves.  They may not even be aware of what other solutions are on the market or, if they do, they do not know them to the same depth as their own products and may be unaware of advantages and caveats that you might need to know to make a truly informed decision.  Even if they did, it is not in their interest to tell you about them – you are only going to compensate them if they sell you something.

This is not to say that resellers are not good, honest, hard-working folk with value for our industry.  They are, but they aren’t magically free consultants like many people expect them to be.  Resellers are there to add consulting and selection assistance, as well as warehousing, repair, logistics and other value-adds, solely around the products that they represent.  Trying to get general consulting from a reseller is like asking your Chevy dealer to advise you as to what vehicle to buy and hoping that they equally consider all major makes, models and types of transportation as well as the regulations and limitations of all of these and are able to apply this to your unique situation – including knowing when to tell you that you don’t need to buy anything at all.  Of course, all they will do is try to sell you the best Chevy that meets your needs whether the best option for you is to just walk, buy an Impala, take a cab or to buy a fifty foot deep-sea fishing trawler.  Even if they did have the expertise to look at the big scope of your transportation needs you aren’t willing to pay them unless they give a specific answer.  So we can expect that the answer we pay for is the one that we will get.

Resellers are useful only after the decision to buy the products that they sell has already been made.  A reseller can then help you choose the right product from the range that they have.  For example, if you are buying a server from a reseller, that reseller can help you to choose which options like drive types and sizes, out of band management and other add-ons you might want.  But even then, be wary that they are likely earning more to upsell you and will recommend unneeded extras or may advise making configuration changes without understanding the entire scope of the project and how those changes from your original requirements might affect you.

Attempt to limit the advice that you receive to very concrete items such as “does this particular model offer this particular feature that I am seeking?” and avoid subjective valuations between products “is this one fast enough or should I buy the bigger one?” or “how does this compare to your competitor’s product?”

When asking subjective questions you are actually pressuring the reseller into either making more money overselling to you or losing money while trying to find the most appropriate product.  Not only do they make more money (generally) selling you the more expensive item but it also mitigates their risk that they didn’t get you what you needed.  There is no reason for them to take on risk, they’ll just try to sell you as much as possible and, if you come back unhappy, they can say “well, we tried to convince you to get a bigger, faster model but you wanted to save money and this is what happens.”  So it is not in their interest in any way to size to your needs but always to pad for safety and profit.  A position that they are put in, again, by their customers.

In most cases, principal vendors are themselves a reseller so can be considered in exactly the same way.  If you call Dell to buy a product, they will sell you a Dell no matter what your needs are.  This is not their fault, they only have one job, to sell you Dell products and if you call them for advice they can only assume that you did so because you wanted to buy a Dell.  They are no more going to consult on what IBM product to buy as they are on what car to drive or if its a good time to sell your house and move to Florida.  But they are very helpful in making sure that the Dell product that you order is going to be the one that you wanted and that the extra parts that you are getting will work with that model.  That’s what they are there for.  They will figure out how long it will take to arrive, go over warranty terms as well as give you pricing and financing options.  These are all things that your general consultant cannot do.  The two roles are complimentary, not competitive.

A perfect example of this entire scenario is one that I see happen in the real world time and time again.  With the recent explosion in virtualization businesses are turning, en masse, to vendors to find out what they need in order to dip their toes into the world of virtualization.  What I see, over and over, is instead of being sold a reasonable virtualization setup they are often sold entire systems including storage and software that in no way meets their needs and, often, actually works against their needs while costing as much as ten to twenty times what a better performing, more reliable system would have cost.  Often they are upsold into a completely unreasonable category of product for their project and then caught by budget limitations and stuck skimping – leaving them with a crippled virtualization project that could have been completed successfully for a fraction of the money spent and leaving good room for growth over time as needed.

The issue, of course, is that turning to a vendor and asking for advice on virtualization products is exactly like saying “I have no idea what I’m doing, let’s see what you can sell me on.”  And honestly, once the vendor knows you don’t even have your architectural elements worked out before contacting them, they know that the sky is the limit.  The goose has arrived and all they have to do is wait for that golden egg to be delivered.

I’ve heard this exact scenario so many times, I can’t count.  Your vendor is not your friend.  They have one job to do – sell you as many products as possible.  If you ask them what you should buy they will tell you whatever you want to hear.  They will cut corners on safety items or management items that they feel you will not find flashy or cool and will sell you what they think you will get excited about or confused about.  They know their jobs well – they have to, it is a tough market.  A great example is vendors cutting storage costs by selling smaller than appropriate storage arrays and using risky array configurations to make the capacity cost less.  That the client is at heightened risk to a failing array doesn’t impact the vendor and is a very hard issue to quantify, so once the product is sold it is the customer’s concern not the vendor’s.

The answer to this is to leverage a general consultant.  A general consultant gets compensated by delivering good advice and not for selling you a product.  In theory a general consultant will earn a similar amount regardless of whether they convince you to install millions of dollars of products or to do nothing and use what you currently own.  A general consultant should be far more intimate with your environment than a vendor or reseller could ever be and should be able to speak to your technical staff, make presentations to the business and put their advice into the proper context for your business with insight into how the costs, risks and other factors will impact you specifically and advise on what they feel is more appropriate for your specific needs.

In reality you still have to consider the complete role of your general consultant.  Most often a general consulting firm will also offer broad support and implementation services.  These are loosely tied to their recommendations so caveat emptor applies as always, but since they are compensated in a far more direct manner (paid for their effort) they have a very real reason to deliver you what you are buying.  Even general consultants who have some ties to reselling often make a very small fraction on the resold goods as they do on the consulting so anything that puts their consulting work at risk is a major liability to them.  Make sure that any general consultant, if offering resold services, is not tied to them and works with other resellers or vendors as well.  Sometimes general consultants offer low cost reseller services as a loss leader or at minimal profit just to keep customers from feeling that they must turn to another company but would prefer if their customers did not use  that service – profits are often higher not reselling.

Your general consultant should be able to interface with your resellers or vendors directly or allow you to do so.  Having a consultant handle the transaction can be beneficial because it provides an integrated procedure and consultants are very unlikely to be persuaded to make snap decisions based on sales, “special deals” or to be sold on a different approach by a salesperson who has a specific product to push that month.  The consultant has little emotional tie to the purchasing process and so can be much more methodical and calculating.

Of course we must consider the opposite situation as well – how do we treat our service providers?  For example, if we go to a reseller over and over again asking for advice, making them generate quotes and generally spin their wheels and then buy nothing from them or very little we will, sooner or later, force them to either refuse to work with us at all or do something drastic like supplying less than accurate data or raising prices.  A good vendor or reseller will provide you with the best value when you treat them well.  Loyalty may seem to be dead in business transactions today, but this is not at all true.  Good relationships still pay off.

With consultants the need to treat them well is somewhat built into the equation – you generally pay for what you get so other than being friendly and respectful you don’t normally have too much to worry about as far as how you are structuring your relationship.  But even with a consultant there are still concerns.  If you pay for an “unlimited” service plan, use it well but don’t abuse it, for example.  Always make your consultant happy that you are their customer and, most likely, they will work hard to make sure that you are happy to be their customer too.

The most important concept to take away from this is that with any company with whom you do business, you should have some empathy for them.  Put yourself in their shoes and think about how your relationship with them is structured.  Are your goals mutually aligned?  Is it in both companies’ interests to act in the interest of the other?  Or have you arranged for an adversarial relationship where they can only win at your expense?

Keep in mind that you are the customer so, very likely, your consultant or reseller is, to some degree, at your mercy to make sure that your relationship is a healthy one.  In order to obtain clients they are often pressured into a position of accepting a less than ideal arrangement.  As the client, you have the opportunity to be the client that that consultant or reseller is excited to work for and will go out of their way to make happy.  The choice is very much yours to make in most cases.  Choose well because good relationships can work wonders for your business.

Ask a jeweler what to get your wife for your anniversary and he will say: “You can’t go wrong with jewelry.”

Ask a florist what to get your wife and he will tell you: “Women always love flowers.”

Ask a chocolatier and he will tell you that nothing makes a woman happier than chocolate.

Ask a consultant he will ask you: “What does your wife like?”

Best Practices

Why IT Pros’ Home Computers Are Different

6 Comments

My sister in law once asked me why they have so many computer problems and we do not.  My wife and I are both technology consultants and our home network probably seems incredibly stable to the casual observer.  This question, in one form or another, comes up pretty often.  I thought about it at length and feel that there are really a number of common factors that are pretty common to find differing between how the average IT professional sets up their home computers (as opposed to their work computer) and how the average user does.  Not every IT pro does these things and not ever non-IT person does not, but these are pretty common differentiators that all factor in to stability of the home computing environment.

  1. We Don’t Log In as the Administrator.  This is probably the single biggest difference between normal users and IT professionals at home.  Running as the administrator for every day computing just isn’t wise – any malicious or misbehaving application will be able to be malicious with your user privileges, which as the administrator are unlimited.  I have been working in IT for over twenty years and would never use the administrator account for anything but system maintenance tasks.  It just isn’t safe.  The entire purpose of having these different types of accounts is for your protection.
  2. Keep the System Patched. A patched computer is, more or less, a safe computer.  Those patches that come out from Microsoft, Apple and your application vendors are there for a reason – because a problem has been found and they want to get it fixed before something bad happens to you and it is their fault.  Once a patch is released, you need to get it installed right away because the security hole that it patches is now public knowledge and you are particularly vulnerable in the time right after the patch is released.  Nearly anytime that I log onto someone else’s computer the first thing that I notice is that there are a large number of security patches waiting to be installed.  Never let this happen – patch immediately.
  3. Use AntiVirus and Software Firewall.  Running a good antivirus (there are plenty of free ones for home users) is quite important as is having a firewall on your computer.  AntiVirus helps your computer protect itself against known attacks and will look for dangerous files on your computer that may have been downloaded, found on removable media, on a website, etc.  In theory, if you are not the administrator and are well patched viruses will be able to do only limited damage, but any damage you can prevent is a good thing.   A software firewall on your computer is an added layer of protection as well – for home users it is pretty minor but it is free and you should never turn down valid protection.
  4. Use a Real Firewall.  A software firewall on your computer is not enough, you should always have a real, hardware firewall as well.  This does not have to be an expensive device and you will often need one for other purposes anyway – such as sharing your Internet connection with multiple users – just make sure that you have one installed.  This is far more important than having a software firewall but neither is an excuse for not having the other.  You need both.
  5. Never Use the Pre-Installed Operating System.  This is one of those “tricks” that IT pros learn after working on many, many machines.  Computers come with a pre-installed copy of the operating system on them.  This pre-installed copy normally is loaded with horrible software that you would never, ever want to have installed on your computer and is often just trials of software that you will have to buy to use.  You don’t want this.  Instead, take the operating system installation media that came with your computer (you didn’t buy a computer without it, did you?) and install a fresh copy of your operating system without any of that additional stuff before you do anything with that computer.  This is important for two reasons: first that you eliminate all of that useless advertising that might even go so far as to break your computer and second it gives you a basic install that you can repeat later, which is important.
  6. Reinstall the Operating System Periodically.  Over time, on Windows especially, you will notice a deterioration of your computer over time.  Except in the cases of hardware failure, this is caused by a sprawl of data, settings, registry changes, etc. on your hard drive.  There are techniques for fixing this but none are perfect.  From time to time, often once every one to two years, it is very advantageous to blow everything away and install the operating system fresh (as in the tip above) and start over with a “new” computer.  As long as the hardware has not begun to fail your computer will now behave exactly as it did the day that you got it.  (Do not forget to patch it immediately.)  This also gives you the very important chance to reinstall only those applications that you actually need and use and leave unused ones behind (along with any malware that has found its way onto your system.)
  7. Have a Spare Computer.  It is a rare IT professional who relies on a single desktop or laptop for everything that they do.  There is too much riding on the ability to be online, all the time to only have one computer.  The slightest hiccup and you are unable to do anything – including unable to look up what you need to know to fix your computer!  Having a spare computer means that you have another computer to use while you are busy reinstalling the operating system on your main computer, for example.  It also gives you a secondary location from which you can verify that all of your critical data is still available while working on your main machine which is some serious peace of mind.
  8. Take Good Backups.  Nothing is more important to IT professionals than backups.  Backups are what keep us in business.  Most likely these days you will find IT pros not only have an external hard drive (or better, an actual storage server) in their homes on which they keep complete copies of everything that matter to them but also that they have online backups going to a cloud storage provider so that should their home be lost (flood, fire, tornado) that they would still have their precious files.  Losing your photographs, home movies, financial records, etc. can be quite tragic – take steps to protect these.  If you do it right, you should never fear your computer dying beyond the slight annoyance that it takes to install your operating system again.
  9. Don’t Install Just Anything.  What you install and run on your computer matters.  IT professionals are generally pretty wary of what they install and normally only install known applications from trusted vendors – not any random piece of software that is found on the Internet.  It is important to know what you are installing and why you want it.  The average computer user, IT pros included, actually need very few different applications on their computers.  The fewer you install the fewer you need to maintain and the less chance that you will have one that damages your system or slows it down.  Often when helping non-IT professionals with their computers I find that the computers are full of applications that no one has ever heard of and the person whose system has them installed has never really used or may not even know what they are!  This is how the bulk of malware gets installed.
  10. Download Drivers, Don’t Use Vendor CDs.  IT Pros know that drivers are critical to system stability and that the latest are available from vendor websites.  Any CD with a driver for a new piece of hardware that you just bought is pretty much guaranteed to be out of date and, more often than not, the vendor will use the opportunity of you putting their CD into your drive to install extra software that you don’t want onto your computer.  Avoid this completely; use the vendor website to get the latest drivers immediately and don’t use the media that comes with your hardware.
  11. Buy Commercial, Not Consumer, Equipment.  I’ve written whole articles on this in the past – this is one of those industry insider tricks.  In business, we look for computers to be stable and reliable, not flashy and “cool”.  Nothing is cooler than a computer that works reliably.  Big computer vendors make one line for consumers to be sold at your local store and another line for discerning companies who do their homework.  Skip the in-store buying.  Go directly to the big vendors (don’t even think about buying something made by the guy down the street) and stick exclusively to their commercial or business lines.  These lines are built for buyers in the know who need their computers to be cost effective over their lifetimes, not to be cheap up front.
  12. Have a regular maintenance routine.  There are simple tasks that need to be done all the time such as defragging your drives, cleaning up unneeded files and blowing the dust out of your machine.  IT pros regularly maintain their computers to maintain system health.  Computers are not just “set and forget” devices.  They are just too complex for that.  That being said, though, most tasks can be automated.
  13. Run wires.  Wireless networking is simple, clean and easy.  It is also slow and difficult to troubleshoot.  When possible, consider running cabling in your home so that your computers, at least the desktops, game consoles and other stationary devices, can get the speed and stability advantages of cabling.  The more devices on your cabled network also means the fewer devices that will be competing for wireless resources.
  14. Use a UPS.  A UPS, or uninterruptable power supply, is a crucial component in protecting your computer equipment.  It protects computers from disruptions and surges in the power grid.  Computers are very sensitive to power problems and an inexpensive UPS can go a long way to keeping your computer healthy for a long time.  More importantly, it protects against data loss.

The basic tip here is – treat your home like a business, not like a toy.  The average home user doesn’t take their computer seriously at all and never gives it a second thought until something goes horribly wrong – and then it is likely too late.  Your computer is one of your most expensive and most important possessions, treat it more like a car and less like a toaster.

Best Practices, Risk

Why We Reboot Servers

4 Comments

A question that comes up on a pretty regular basis is whether or not servers should be routinely rebooted, such as once per week, or if they should be allowed to run for as long as possible to achieve maximum “uptime.”  To me the answer is simple – with rare exception, regular reboots are the most appropriate choice for servers.

As with any rule, there are cases when it does not apply.  For example, some businesses running critical systems have no allotment for downtime and must be available 24/7.  Obviously systems like this cannot simply be rebooted in a routine way.  However, if a system is so critical that it can never go down then this situation should trigger a red flag that this system is a point of failure and perhaps consideration for how to handle downtime, whether planned or unplanned, should be initiated.

Another exception is some AIX systems need significant uptime, greater than a few weeks, to obtain maximum efficiency as the system is self tuning and needs time to obtain usage information and to adjust itself accordingly.  This tends to be limited to large, seldom-changing database servers and similar use scenarios that are less common than other platforms.

In IT we often worship the concept of “uptime” – how long a system can run without needing to restart.  But “uptime” is not a concept that brings value to the business and IT needs to keep the business’ needs in mind at all times rather than focusing on artificial metrics.  The business is not concerned with how long a server has managed to stay online without rebooting – they only care that the server is available and ready when needed for business processing.  These are very different concepts.

For most any normal business server, there is a window when the server needs to be available for business purposes and a window when it is not needed.  These windows may be daily, weekly or monthly but it is a rare server that is actually in use around the clock without exception.

I often hear people state that because they run operating system X rather than Y that they no longer need to reboot, but this is simply not true.  There are two main reasons to reboot on a regular basis: to verify the ability of the server to reboot successfully and to apply patches that cannot be applied without rebooting.

Applying patches is why most businesses reboot.  Almost all operating systems receive regular updates that require rebooting in order to take effect.  As most patches are released for security and stability purposes, especially those requiring a reboot, the importance of applying them is rather high.  Making a server unnecessarily vulnerable just to maintain uptime is not wise.

Testing a server’s capacity to reboot successfully is what is often overlooked.  Most servers have changes applied to them on a regular basis.  Changes might be patches, new applications, configuration changes, updates or similar.  Any change introduces risk.  Just because a server is healthy immediately after a change is applied does not mean that the server nor the applications running on it will start as expected on reboot.

If the server is never rebooted then we never know if it can reboot successfully.  Over time the number of changes having been applied since the last reboot will increase.  This is very dangerous.  What we fear is a large number of changes having been made, possibly many of them undocumented, and a reboot then failing.  At that point identifying what change is causing the system to fail could be an insurmountable process.  No single change to roll back, no known path to recoverability.  This is when panic sets in.  Of course, a box that is never rebooted intentionally is more likely to reboot unintentionally – meaning the chance of a failed reboot is both more likely to occur and more likely to occur while in active use.

While regular reboots are not intended to reduce the frequency of failed reboots, in fact they actually increase the occurrence of failures, the purpose is to make those failures easily manageable from a “known change” standpoint and, more importantly, to control when those reboots occur to ensure that they happen at a time when the server is designated as being available for maintenance and is designed to be stressed so that problems are found at a time when they can be mitigated without business impact.

I have heard many a system administrator state that they avoid weekend reboots because they do not want to be stuck working on Sundays due to servers failing to come back up after rebooting.  I have been paged many a Sunday morning from a failed reboot myself, but every time I receive that call I feel a sense of relief.  I know that we just caught an issue at a time when the business is not impacted financially.  Had that server not been restarted during off hours, it might have not been discovered to be “unbootable” until it had failed during active business hours and caused a loss of revenue.

Thanks to regular weekend reboots, we can catch pending disasters safely and, thanks to knowing that we only have one week’s worth of changes to investigate, we are routinely able to fix the problems with generally little effort and great confidence that we understand what changes had been made prior to the failure.

Regular reboots are about protecting the business from outages and downtime that can be mitigated through very simple and reliable processes.