TLC Nand : The demise of enterprise spinning disks?

Last week during the Dell Tech Summit I got the privilege of seeing the plans they have for the future in terms of storage. One of the aspects (which I am allowed to disclose) is the usage of the new “3D XPoint” / “TLC Nand” technology in their storage lines. The technology has a lot of potential when you take a deeper look at it… Here I must say, that when I take a look at the pricing range the products will be inserted, then I really wonder what the purpose of the 15k spinning disks will be. Even, if the technology will get optimized a bit further, which will result in price drops, then I even wonder if the 10k disks will also have entered the list of endangered species!

Eventually, it is my personal opinion that the 7,2k disks will become the mainstream storage for data that is infrequently accessed and that other data will be classified between several grades of SSD disks. This will mean that there will even be tiering between different classifications of SSD disks! Where the final resting location of the data will be the slow 7,2k spinning disks. And if more technology advances will be made that will make the SSD disks even more dense, than the ones I have currently seen in the roadmap, then we might even wonder if the spinning disks in general have become endangered (in enterprise context!).

A roadmap to the cloud… Where should I focus on?

Cloud is here to stay!
A lot of questions about “THE Cloud” have risen the last years. In the beginning, the most responses included that it was a hype or that it was a rebranded solution from the past (“ASP“). Though at this point in time, it is safe to say that “Cloud Services” are here to stay and that there is no point back but to embrace them as an IT department. My personal sentiment is that the current market leaders “Amazon” & “Microsoft” will continue to grow and eventually dominate this market. As google has enough cashflow, I suspect that they will join in this battle. So the current conundrum is ; how to move your current landscape from an “on premise” way of working towards the cloud…?

Cloud Maturity Model
For organisations who are stuck with this question, I would like to point out to a fine document (“Cloud Maturity Model“) of the Open Data Center Alliance. It describes the different stages, even from different perspectives, that you will traverse in your journey.

Quote about the cloud maturity model ;

Progression through the various maturity levels is based on the evolution of a number of parallel capabilities, as described in the following figures.
The result is represented by an inferred resulting maturity, roughly mapped as follows:

• CMM 1. (Initial / Ad Hoc) The existing environment is analyzed and documented for initial cloud potential. Pockets of virtualized systems exist, for limited
  systems, without automation tooling, operated under the traditional IT and procurement processes. Most of the landscape still runs on physical
  infrastructure. The focus is on the private cloud, although the public cloud is used for niche applications.
• CMM 2. (Repeatable / Opportunistic) IT and procurement processes and controls are updated specifically to deal with cloud and who may order services and service
  elements and how. Private cloud is fully embraced with physical-to-virtual movement of apps and the emergence of cloud-aware apps.
• CMM 3. (Defined / Systematic) Tooling is introduced and updated to facilitate the ordering, control, and management of cloud services. Risk and governance controls
  are integrated into this control layer, ensuring adherence to corporate and country requirements. Complementary service management
  interfaces are operational. More sophisticated use of SaaS is evident, and private PaaS emerges.
• CMM 4. (Measured / Measurable) Online controls exist to manage federated system landscapes, distributed data and data movement, federated and distributed
  application transactions, and the cross-boundary transitions and interactions. Defined partners and integration exist, enabling dynamic
  movement of systems and data, with supporting tool layer integration (for example, service desk, alerting, commercial systems, governances).
  Cloud-aware apps are the norm and PaaS is pervasive. Hybrid apps develop across cloud delivery models.
• CMM 5. (Optimized) All service and application deployments are automated, with orchestration systems automatically locating data and applications in the
  appropriate cloud location and migrating them according to business requirements, transparently (for example, to take advantage of carbon
  targets, cost opportunities, quality, or functionality).

So far, so good… yeah? I know, this all still sounds a bit “fluffy“. The basics to remember is that there are various stages involved so you can keep track of where you are. Though for me there are three focus points that every organisation should embrace in order to be ready for the future with cloud services.

• IAAS has become commodity
• Federation is the new black
• Interoperability is mandatory

IAAS has become commodity
I do NOT believe in on-premise virtualisation farms anymore… for the majority of organisations. I must concur that there are use cases that would still require this, though for the majority of organization this is not the case. I can see you pondering “But we are special!”, and I must disappoint you, most organisations are not. Internal IT should focus on the things that deliver real value to an organisation. An Infrastructure-as-a-Service layer has become a basic commodity in the market and you should embrace it. The time you spend in maintaining the lowest layers is better invested in real business value. I, yet again, concur that this will imply a shift of skills needed…

“When the winds of change blow, some people build walls and others build windmills.” -Chinese Proverb

Federation is the new black
Let’s start with a quote from the maturity model ;

Federation refers to the ability of identity and access management software to be able to securely share user identities and
profiles. This ability allows users within a specific organization to utilize resources located in multiple clouds without having to generate
separate credentials in each cloud individually. IT is able to manage one set of identities, authorizations, and set of security review processes.
From the user perspective, this enables seamless integration with systems and applications.

For most organisations, start with setting up a federation service… Active Directory Federations Services, or a SAML provider, pick something that best fits your current technology stack. Though be aware that federation is a key, if not THE key, component of a succesful cloud roadmap!

Interoperability is mandatory
And, yet again, let’s start with a quote ;

There are two key concepts of interoperability: (1) The ability to connect two systems that are concurrently running in cloud
environments, and (2) the ability to easily port a system from one cloud to another. Both involve the use of standard mechanisms for service
orchestration and management, enabling elastic operation and flexibility for dynamic business models, while minimizing vendor lock-in.

Your high level architecture should consist of “islands”, which are linked together via APIs and/or abstraction layers and where authentication is done via federation mechanisms.

In addition, keep in mind that you will move systems around. So interoperability towards migrating systems is a key requirement and should always be a focal point in your decision-making. For instance; Think about exit scenarios with a specific cloud provider. How will you handle this?

Conclusion (TL;DR)

• Cloud is here to stay. In a few years, it will be the defacto standard.
• Infrastructure-as-a-Service has become commodity. In a few years, this segment will be dominated by Amazon, Microsoft & Google.
• Federation is the new black. If you haven’t set up a federation system… DO IT NOW!
• Interoperability is mandatory. Always keep in mind that systems should be portable islands which are built for data interaction.

Best practices regarding the creation of an “RFP” (aka “Request for Proposal”)

The Overall Process

• Study ; The first step… Consider what you want to achieve and what’s life currently like. This might seem as a no-brainer, though you might be surprised how few organisations actually do this.
• RFI ; So you have a great idea? Fantastic! Now compare this with what is currently seen as industry standards and what are common solutions positioned by vendors. My advice here is not to differ too much from the ongoing standards, unless this is really ground breaking or market differentiating for you. Though, in most cases, you are just looking to keep your business running. In the latter case, keep as close to the standard as possible.
• RFP/RFQ ; So we know what we want, and what is possible at this point in time by the market. Let’s select our vendors from who we wish a clear-cut proposal. We’ll go more in detail about this phase later on… So don’t worry. 🙂
• Project ; Once the selection is done and contract negotiations are (near) closed, the project can start. This usually starts with a due diligence by the vendor to check if the assumptions / constraints are still valid.
• Operations ; A lot of people think that operations stops during this project. The reality is far from it, and that’s actually common sense! We do projects to enhance our operational baseline, but the latter is a moving target. We cannot freeze our business for half a year! So be aware of this…

Study
The first step before any project should be a “study”. Do a requirements analysis, update your views on the operational baseline and define the target flag of what you want to reach. Now you can do a fit-gap analysis and see what needs to be done. If the entire matter is way to big… Slice it into smaller / manageable chunks. In the past, we often saw “big bang”-projects which have shifted towards “Roadmaps”. In a Roadmap, the road towards the end goal is mapped via smaller / more realistic paths (projects). The conjunction of all these projects ensure that you reach your path. Though where it might be possible to enter all these projects into one RFP, in most cases it might be more interesting to spread them as your operational baseline is (with due reason!) a moving target.

RFI
Your job is mostly focussed to serving your internal business processes. It is not wrong to say that you are not an expert in the sector you want to purchase from. This is not something to be ashamed of! Though, be aware that your vendor IS an expert in the matter. During the “RFI” (Request for Information”) you are going to study the relative sector from which you are looking to acquire services/products. Research into the products and do not be shy to invite vendors over to discuss their products. Learn to know their (dis)advantages and how they can serve your business. In the end… always translate certain “features” / “technologies” into basic requirements. For instance ; IT Storage projects revolve around “capacity”, “performance”, “availability” & “integration”. Thin provisioning, snapshotting, deduplication, … all revolve around “capacity”. So do not be fooled by the nice “bling bling” that vendors portray and search for the essence of what you want to achieve. During this round, you will also define your list of requirements and selection criteria! So be sure to look for the elements that should compose these requirements/criteria.

RFP/RFQ

Phases

• Start-up ; Invite the vendors to take part and ask them to confirm. After receiving confirmations, send the RFP to all vendors at the same time.
• Round One ; During the first round, you will allow the vendors some time (typically one to two weeks) to process the RFP. At the end of that period, they will need to have sent all their answers to you. You will process these and provide all vendors with a list of all questions & answers. After which, you will allow them again a given period to adjust their proposal to fit these answers. After the deadline, you will do a “downselect” of the vendors to reach the number of vendors you want in round two.
• Round Two ; When going through the answers of round one, you will notice that there are fundamental differences between vendors. Now you will adjust your requirements to align all the vendors towards one target. In addition, you will invite the vendors to explain their proposals into more detail. This will give you a more profound insight into the reality of things. At the end of this round, you will once again to a downselect to reach the last contestants (typically two or three).
• Last Round ; At the beginning of the last round, be sure to provide the remaining vendors with a clear-cut baseline that everyone should meet. Now you do not want any structural differences between the parties anymore where the main focus will be around meeting the target and pricing. Clearly indicate that this should be their “Best And Final Offer” (“BAFO”), which will be presented at CxO level. At the end, choose the party which ranks the highest in relation to your selection criteria.
• Contract negotiations ; After the selection, contract negotiations will start. In some cases, an “LOI” (“Letter of Intent”) will be signed to create a non-linear relation between the contract negotiations and the project start.
• Project Start ; The project will start with a due diligence; Here an investigation will be done by the vendor to check if all the assumptions made (and agreed upon) are valid. After which the project will kick-off!

Be aware that these kind of processes can take up to half a year! So be sure to initiate them with ample time left before your deadline. Also be aware that these things will have a delay and in most cases this is caused by yourself! You still have your regular job to do… and you will get questions that you did not consider and need time to analyze.

RFP/RFQ Document Contents
So how should a typical RFP/RFQ document look?

• Management Summary ; Create a one-pager for executives from the vendors to read through.
• Context ; Why do you launch this RFP/RFQ? Provide an insight into your way of working/environment. How does this project interact with it?
• Timing ; Setup a clear timing table. Each phase should have a clear deadline… An RFP/RFQ is a project so be sure to manage it like a project. This is also important for the vendors to allocate resources towards the process of answering the proposal. It is in your best interest to ensure that they can prepare themself properly.
• Selection Criteria ; Always use (and communicate!) selection criteria. You, and the vendors, should know how you will quote their proposals and make the final selection. Be ware that these will become the core driver for the proposals! If you hand out more than 50% on price, then you will get skimmed down offers.
• Requirements & Product/Service/Project Definition ; Apart from the selection criteria, also be aware that the vendor will provide you the most slim answer to meet your requirements. So if you didn’t define it, you will not receive it! Do not assume anything… This might again look like a no-brainer, though… 😦
• Constraints ; Actually, these can also be considered requirements… Yet be sure to state that a vendor should take certain constraints into account. Do you require a certain transition / honeymoon period? Do their employees need to have NATO-clearance, …
• Pricing Table ; You do not want all vendors to provide their own pricing table… You will not be able to compare apples with oranges. So provide your own pricing table and adjust it according to the feedback from each round. In fact, your RFI phase should have already provided you with ample information to create a pretty stable pricing sheet.

IT Budget : Run, Grow & Transform

One method of coping with your IT budget is by working with the “Run, Grow & Transform – Your business”-model. In essence is sets you to categorize your budget into three areas.

Run covers the general day to day expenses of keeping the IT infrastructure running. Actually, this is your “SIB” (“Stay In Business”). Think in terms of lifecycle management and the human resource costs to maintain your environment.

Grow covers the expenses for expansion of services or growth of the company. Things like extending your virtualization or storage farm probably fall under this category. This budget aims to help the organization introduce new capabilities or improve existing ones.

And Transform covers the costs are made to change your nature. Here you should think of things like implementing a shopfloor system when coming from a paper workflow within an industry. These initiatives might seek to identify, for example, the right technologies for new organizational capabilities; fundamental changes to business processes; or a new product or service offering.

When managing a budget in this manner, you should be able to gather tour full “Run” budget and a part of the “Grow” budget. If you fail to do so, then you have lost the confidence of your board. This part of the budget is in reality the minimal level you need to stay on par. A lower level will force you to start phasing out services from your service catalog!

Organizations that have to trim IT budgets should avoid cutting Run initiatives. Such cuts would introduce operational risk. If an organization already is going through a tough stretch, the last thing it needs is a server, application or network failure. This really is your “Stay in Business” IT budget.

Grow budget items should tie directly to the organization’s strategic initiatives. These initiatives usually are not as mission critical as Run initiatives and often have some time flexibility, which means that they are good candidates for starting early when additional cash is available, or for deferral if cash is tight.

When finances are tight, transform initiatives often are the first to be cut or deferred—unless they are associated with key strategic initiatives that the organization views as essential to its continued operation. Even if the organization doesn’t deem certain Transform initiatives immediately essential, care should be taken when considering cutting or deferring them. That’s because Transform initiatives often are key to the organization’s long-term health. Failure to provide adequate resources to Transform initiatives can stunt an organization’s future success.

Why do we need “IT”?

In today’s world we cannot imagine our day to day lives without technology. This reaches from our personal to our professional experienxce. At a given point, I posed myself the question ;

“What business benefit does IT bring to the table?”

We have sales that makes sure prospects become customers and make sure that they stay wit us. Production creates the product, supply chain optimizes the processes between vendors, … and so on.

After pondering about it, I came to the conclusion that there are two benefits ;

Acceleration
Some call it “Time to market”, others say “Speed of exection”, … But feel free to name it any way you want. In essence the ability to change quickly is where IT needs to prevail. If IT becomes a bottleneck for the organization, the it has lost its main function. And here we see one of the basic aspects why some IT departements are losing the fight for budget. If you are a bottleneck for the company, why should it invest in “you”?

Scalabiliy
IT prevails in automation and automation wins when an economy of scale is at hand. When a company is expanding their operations, then IT will be there to make sure that the costs do not grow exponentially. That is why IT is more native to enterprises and still a bit akward to small business owners.

Why do I need IT / Enterprise architecture?

This video gives a good insight…

There’s nothing more permanent than a temporary fix.

Check ./ ‘s “IT Infrastructure As a House of Cards“… An interesting readup on what probably many smb’s (of sme’s with the same mentality) are facing.

Where it comes down to in the comments :

• Documentation : Basically the foe of almost all IT-ers. Personally I don’t understand why as it makes your own job easier, but then again, it might not be “cool” or “tech savie” enough for most.
• ITIL : It’s told as “unable to handle change”, yet where it boils down to is understanding (and implementing) the aspects of ITIL. (Hmm, documentation belongs here too…)
• New Tech : All newly graduates want to be the next cool dev, where nobody thinks on the long term and wants to maintain stuff. Yet this should actually be the biggest part of an IT job… maintenance. We’ve got a big enough problem as it is, trying to pace up with all new techs. Remember “ruby on rails”, and how it was the next best thing? Seen it around on enterprise level? No, simply, because big companies try to stick with what works and focus their energy on keeping things running. New things should become a strategic advantage!
• Trust : My gut feeling says many IT shops ruined their reputation within their own company or never got any trust what so ever. This will cause the budgets to decrease, and turn them into McGyver (ducktape & chewing gum).

Why IT shouldn’t be run as a business…

Need an out-of-the-box opinion on running it? Check “Infoworld’s Run IT as a business — why that’s a train wreck waiting to happen”…

Intro

“If you board the wrong train, it’s no use running along the corridor in the other direction,” said famed World War II German resistance fighter Dietrich Bonhoeffer. We in IT boarded the wrong train a long time ago. It’s the “standard model” of information technology organizations — the familiar litany that says CIOs should run IT as a business [1], meeting the requirements of its internal customers. This refrain has been endorsed by our holy trinity, too: analyst firms, most consultancies, and ITIL.

Some strong quotes

• There are no IT projects : He likens IT’s proper role to that of an engineer designing a car. “It doesn’t matter if the ‘customer’ asks for the horn on the backseat. Placing it there would meet the specs and ‘satisfy requirements.’ It would also defeat the usability of the horn, render driving the car dangerous, and could lead to a crash that ruins the whole effort.
• Chargebacks? No! Governance… : Chargebacks are an attempt to use market forces to regulate the supply and demand for IT services. If that’s the best a business can do, it means the business has no strategy, no plans, and no intentional way to turn ideas into action.
• So what should we do? : Nobody in IT should ever say, “You’re my customer and my job is to make sure you’re satisfied,” or ask, “What do you want me to do?” Instead, they should say, “My job is to help you and the company succeed,” followed by “Show me how you do things now,” and “Let’s figure out a better way of getting this done.”

The truth about “To”, “CC” & “BCC”

The Origins
Carbon copying is the technique of using carbon paper to produce one or more copies simultaneously during the creation of paper documents. A sheet of carbon paper is sandwiched between two sheets of paper and the pressure applied by the writing implement to the top sheet causes pigment from the carbon paper to make a similar mark on the copy. More than one copy can be made by stacking several sheets with carbon paper between each pair. Four or five copies is a practical limit. The top sheet is the original and each of the additional sheets is called a carbon copy. The use of carbon copies declined with the advent of photocopying and electronic document creation and distribution (word processing).
(source “Wikipedia”)

The Rules
It is still common for a business letter to include, at the end, a list of names preceded by the abbreviation “cc:”, indicating that the named persons are to receive a copy of the letter, even though carbon paper is no longer used to make the copies. The contacts that are listed as adressed “to” are required to read the mail and take further actions (if needed), where those listed in “cc” are only assumed to read the mail (when the time allows it). The aspect of the “blind carbon copy” (bcc) adds an extra perspective where one could be informed without any of the other contacts to even know!

Practically Spoken : Privacy
Need to mail a bunch of people? Add yourself in the “to” list and -all- the other contacts as “bcc”. This way you avoid to violate other people’s privacy by exposing their private email accounts!

Disk Investigator

Disk Investigator is a pretty unique hard drive data retrieval tool that takes a totally different approach than the usual hard drive data recovery tools. What Disk Investigator does is to provide direct access to the raw data sectors of a selected hard drive so that the hard drive’s data can be explored up to the last bit.

More info? Check out ghacks!