Challenges in Managing IT Infrastructure


Published on

In this presentation, we will discuss in details about challenges in managing the IT infrastructure with a focus on server sizing, storage capacity planning and internet connectivity. We will also discuss about how to set up security architecture and disaster recovery plan.
To know more about Welingkar School’s Distance Learning Program and courses offered, visit:

Published in: Education, Technology

Challenges in Managing IT Infrastructure

  1. 1. IT Infrastructure Chapter 4Challenges in ManagingInfrastructure
  2. 2. Challenges in Managing InfrastructurePlanning New set upPlanning new information technology setuprequires lot of study about products and businessneeds.Architect need to understand business model& the requirement of the enterprise .While designing a server room or data centerfollowing factors are considered.•Server sizing and load balancing•Storage capacity planning•Internet connectivity ,Security Architecture•BCP/Disaster recovery plan
  3. 3. Server Sizing/Deployment planIntel Based /AMD PC architecture Servers are nowused in critical enterprise application deploymentChoosing right type of server & hardware forrequired number of users is very importantBlade ServerBlade servers are self-contained computerservers, designed for high density. Whereas astandard rack-mount server can exist with (atleast) a power cord and network cable
  4. 4. Blade serversBlade servers have many components removed forspace, power and other considerations while stillhaving all the functional components to be considereda computer. A blade enclosure provides services suchas power, cooling, networking, various interconnectsand management - though different blade providershave differing principles around what should andshould not be included in the blade itself (andsometimes in the enclosure altogether). Togetherthese form the blade system.
  5. 5. Blade serversIn a standard server-rack configuration, 1U (one rackunit, 19" wide and 1.75" tall) is the minimum possiblesize of any equipment. The principal benefit of, and thereason behind the push towards, blade computing isthat components are no longer restricted to theseminimum size requirements. The most commoncomputer rack form-factor being 42U high, this limitsthe number of discrete computer devices directlymounted in a rack to 42 components. Blades do nothave this limitation; densities of 100 computers perrack and more are achievable with the currentgeneration of blade systems.
  6. 6. Blade serversIn the purest definition of computing (a Turingmachine, simplified here), a computer requires only;•memory to read input commands and data•a processor to perform commands manipulating thatdata, and•memory to store the results.Today (contrast with the first general-purposecomputer) these are implemented as electricalcomponents requiring (DC) power, which producesheat. Other components such as hard drives, powersupplies, storage and network connections, basic IO(such as Keyboard, Video and Mouse and serial) etc.
  7. 7. Blade Serversonly support the basic computing function, yet addbulk, heat and complexity, not to mention moving partsthat are more prone to failure than solid-statecomponents.In practice, these components are all required if thecomputer is to perform real-world work. In the bladeparadigm, most of these functions are removed fromthe blade computer, being either provided by the bladeenclosure (e.g. DC power supply), virtualised (e.g.iSCSI storage, remote console over IP) or discardedentirely (e.g. serial ports). The blade itself becomesvastly simpler, hence smaller and (in theory) cheaperto manufacture.
  8. 8. Blade ServersBlade servers are ideal for specific purposes such asweb hosting and cluster computing. Individual bladesare typically hot-swappable. As more processingpower, memory and I/O bandwidth are added to bladeservers, they are being used for larger and morediverse workloads.Although blade server technology in theory allows foropen, cross-vendor solutions, at this stage ofdevelopment of the technology, users find there arefewer problems when using blades, racks and blademanagement tools from the same vendor.
  9. 9. Blade ServersA stack of IBM HS20 bladeservers. Each "blade" has two2.8 GHz Xeon CPUs, two36 GB Ultra-320 SCSI harddrives and 2 GB RAM.Blade servers are ideal forspecific purposes such as webhosting and cluster computing.Individual blades are typicallyhot-swappable. As moreprocessing power, memoryand I/O bandwidth are addedto blade servers
  10. 10. Blade ServersBlade servers are not, however,the answer to every computingproblem. They may best be viewedas a form of productized serverfarm that borrows from mainframepackaging, cooling, and powersupply technology. For largeproblems, server farms of bladeservers are still necessary, andbecause of blade servers highpower density, can suffer evenmore acutely from the HVACproblems that affect largeconventional server farms.
  11. 11. Storage Area NetworkIn computing, a storage area network (SAN) is anarchitecture to attach remote computer storage devices suchas disk array controllers, tape libraries and CD arrays toservers in such a way that to the operating system thedevices appear as locally attached devices. Although costand complexity is dropping, as of 2007, SANs are stilluncommon outside larger enterprises.(By contrast to a SAN, network attached storage (NAS), usesfile-based protocols such as NFS or SMB/CIFS where it isclear that the storage is remote, and computers request aportion of an abstract file rather than a disk block.)
  12. 12. Storage Area NetworkMost storage networks use the SCSI protocol forcommunication between servers and disk drivedevices, though they do not use its low-levelphysical interface, instead using a mapping layersuch as the FCP mapping standard.•Fibre Channel, currently the most common. Comesin 1Gbit, 2Gbit and 4Gbit variants•iSCSI, mapping SCSI over TCP/IP•HyperSCSI, mapping SCSI over Ethernet•ATA over Ethernet, mapping ATA over Ethernet
  13. 13. Storage Area Network AdvantagesSharing storage usually simplifies storageadministration and adds flexibility since cables andstorage devices do not have to be physically movedto move storage from one server to another. Note,though, that with the exception of SAN file systemsand clustered computing, SAN storage is still a one-to-one relationship. That is, each device, or LogicalUnit Number (LUN) on the SAN is "owned" by asingle computer (or initiator). In contrast, NetworkAttached Storage (NAS) allows many computers toaccess the same set of files over a network.
  14. 14. Storage Area Network AdvantagesSANs tend to increase storage capacityutilization, since multiple servers can share thesame growth reserve.Other benefits include the ability to allow servers toboot from the SAN itself. This allows for a quickand easy replacement of faulty servers since theSAN can be reconfigured so that a replacementserver can use the LUN of the faulty server. Thisprocess can take as little as half an hour and is arelatively new idea being pioneered in newer datacenters.
  15. 15. Storage Area Network AdvantagesServer less backup ( 3rd party copying)This system allows a disk storage device to copydata directly to backup devices across the highspeed links of the SAN without any interventionfrom the serverLower total cost of OwnershipWhile initial cost is higher inherent flexibility andscalability together with reduced managementcomplexity and cost deliver long term cost benefit
  16. 16. Storage Area Network AdvantagesEfficient capacity utilizationBy consolidating storage resources and sharing capacityacross multiple servers,SAN generally utilizes 50% morecapacity per storage device than DAS.This further optimizesthe storage spendCentralized Storage ManagementBy centralizing the management of all storageresources,even vast amount of storage can be managed by asmall IT staff.Superior Data protection :SAN provide the infrastructure to implement advanced dataprotection featureIncreased User productivity
  17. 17. Storage Area Network AdvantagesSANs also tend to enable more effective disaster recoveryprocesses. A SAN attached storage array can replicate databelonging to many servers to a secondary storage array. Thissecondary array can be local or, more typically, remote. Thegoal of disaster recovery is to place copies of data outsidethe radius of effect of an anticipated threat, and so the long-distance transport capabilities of SAN protocols such asFibre Channel and FCIP are required to support thesesolutions
  18. 18. Storage virtualization and SANsStorage virtualization refers to the process of completelyabstracting logical storage from physical storage. Thephysical storage resources are aggregated into storage pools,from which the logical storage is created. With storagevirtualization, multiple independent storage devices, thatmay be scattered over a network, appear to be a singlemonolithic storage device, which can be managed centrally.Storage Virtualization is commonly used in SANs.Virtualization of storage helps achieve locationindependence by abstracting the physical location of thedata. The Virtualization system presents to the user a logicalspace for data storage and itself handles the process ofmapping it to the actual physical location.
  19. 19. Network-attached storageNetwork-attached storage (NAS) is the namegiven to dedicated data storage technologywhich can be connected directly to a computernetwork to provide centralized data access andstorage to heterogeneous network clients.
  20. 20. Network-attached storageNAS differs from the traditional file serving andDirect Attached Storage in that the operating systemand other software on the NAS unit provide only thefunctionality of data storage, data access and themanagement of these functionalities. Furthermore,the NAS unit does not limit clients to only one filetransfer protocol. NAS systems usually contain oneor more hard disks, often arranged into logical,redundant storage containers or RAIDs (redundantarrays of independent disks), as do traditional fileservers.
  21. 21. Network-attached storageNAS removes the responsibility of file serving fromother servers on the network and can be deployedvia commercial embedded units or via standardcomputers running NAS software.NAS uses file-based protocols such as NFS (popularon UNIX systems) or SMB (Server Message Block)(used with MS Windows systems). Contrast NASsfile-based approach and use of well-understoodprotocols with storage area network (SAN) whichuses a block-based approach and generally runs overSCSI over Fibre Channel or iSCSI.
  22. 22. Network-attached storage(There are other SAN protocols as well, such asATA over Ethernet and HyperSCSI, which howeverare less common.)Minimal-functionality or stripped-downoperating systems are used on NAS computersor devices which run the protocols and fileapplications which provide the NASfunctionality. A "leaned-out" FreeBSD is usedin FreeNAS, for example, which is open sourceNAS software meant to be deployed onstandard computer hardware.
  23. 23. Network-attached storageCommercial embedded devices and consumer"network appliances" may use closed source operatingsystems and protocol implementations.The boundaries between NAS and storage areanetwork systems are also starting to overlap, with someproducts making the obvious next evolution andoffering both file level protocols (NAS) and block levelprotocols (SAN) from the same system.An excellent example of this is Openfiler theopensource product running on Linux. San Magazinedid a very informative review of this hybrid functionality.
  24. 24. Network-attached storage BenefitsAvailability of data can potentially be increased withNAS because data access is not dependent on aserver*: the server can be down and users will stillhave access to data on the NAS. Performance can beincreased by NAS because the file serving is done bythe NAS and not done by a server responsible foralso doing other processing. The performance ofNAS devices, though, depends heavily on the speedof and traffic on the network and on the amount ofcache memory (the equivalent of RAM) on the NAScomputers or devices.
  25. 25. Network-attached storage BenefitsScalability of NAS is not limited by the numberof internal or external ports of a servers databus, as a NAS device can be connected to anyavailable network jack. NAS can be morereliable than DAS because it separates thestorage from the server. If the server fails, thereis unlikely to be file system corruption, althoughpartially-created files may linger. However, if thepower source or OS of the NAS fails, corruptionis still possible.
  26. 26. Network-attached storage Benefits* It should be noted that NAS is effectively a serverin itself -- with all major components of a typical PC-- a CPU, motherboard, RAM, etc -- in fact manyrun an embedded Linux -- and its reliability is afunction of how well it is designed internally. A NASwithout redundant data access paths, redundantcontrollers, redundant power supplies, is probablyless reliable than DAS connected to a server whichdoes have redundancy for its major components.That is to say, the NAS itself becomes a single pointof failure
  27. 27. Network-attached storage DrawbacksDue to the multiprotocol, and the reduced CPU andOS layer, the NAS has its limitations compared to theDAS/FC systems. If the NAS is occupied with toomany users or too many I/O or CPU processing powerthat is too demanding, the NAS reaches its limitations.A server system is easily upgraded by adding one ormore servers into a cluster, so CPU power can beupgraded, while the NAS is limited to its ownhardware, which is in most cases not upgradable.The key difference between DAS and NAS is thereduced CPU and I/O power offered by the latter.
  28. 28. Network-attached storage NAS usesNAS is useful for more than just general centralized storageprovided to client computers in environments with largeamounts of data. NAS can enable simpler and lower costsystems such as load-balancing and fault-tolerant email andweb server systems by providing storage services. Thepotential emerging market for NAS is the consumer marketwhere there is a large amount of multi-media data. Suchconsumer market appliances are now commonly available.Unlike their rackmounted counterparts, they are generallypackaged in smaller form factors. The price of NASappliances has plummeted in recent years, offering flexiblenetwork based storage to the home consumer market forlittle more than the cost of a regular USB or FireWireexternal hard disk.
  29. 29. Network-attached storage SAN Vs NASOften seen as competing Technologies SAN & NASActually complement each other very well to provideaccess to different types of data SANs are optimizedfor high volume block oriented data transfers whileNAS is designed to provide data access at the filelevelBoth technologies satisfy the need to remove directstorage to server connections to facilitate moreflexible storage accessIn addition both are based on open industry standardprotocols
  30. 30. Capacity Planning issues on Ongoing basisThe planning is done at the beginning of the projectwhich includes:•30% extra provision to accommodate growth•Server sizing and planning need to be done bykeeping redundancy for critical servers in mind•CPU processing power•How much power is required for processing data•Are we utilizing full CPU power CPU utility is a physical entity which need to bemonitored during change over
  31. 31. Maintenance (Corrective/Preventive)Corrective MaintenanceCorrective maintenance can be classified into twocategoriesSoftware callsHardware callsMajority of calls fall in to the first category.Software calls related to operating system ,Applications,or database connectivity,which can besolved using net meeting or remote Desktopmanagement software
  32. 32. Network MonitoringThe term network monitoring describes the use ofa system that constantly monitors a computernetwork for slow or failing systems and that notifiesthe network administrator in case of outages viaemail, pager or other alarms. It is a subset of thefunctions involved in network management.While an intrusion detection system monitors anetwork for threats from the outside, a networkmonitoring system monitors the network forproblems due to overloaded and/or crashed servers,network connections or other devices. Cont…
  33. 33. Network MonitoringFor example, to determine the status of awebserver, monitoring software may periodicallysend an HTTP request to fetch a page; for emailservers, a test message might be sent through SMTPand retrieved by IMAP or POP3.Commonly measured metrics are response time andavailability (or uptime), although both consistencyand reliability metrics are starting to gainpopularity.Status request failures, such as when aconnection cannot be established, it times-out, orthe document or message cannot be retrieved, Cont….
  34. 34. Network AdministratorNetwork administrators are basically the networkequivalent of system administrators: they maintainthe hardware and software that comprises thenetwork.This normally includes the deployment,configuration, maintenance and monitoring ofactive network gear: switches, routers, firewalls,etc. Network administration commonly includesactivities such as network address assignment,assignment of routing protocols and routing tableconfiguration as well as configuration ofauthentication and authorization – directoryservices.
  35. 35. Network AdministratorIt often includes maintenance of network facilitiesin individual machines, such as drivers and settingsof personal computers as well as printers and such.It sometimes also includes maintenance of certainnetwork servers: file servers, VPN gateways,intrusion detection systems, etc.Network specialists and analysts concentrate on thenetwork design and security, particularlytroubleshooting and/or debugging network-relatedproblems.
  36. 36. Network AdministratorTheir work can also include the maintenance ofthe networksauthorization infrastructure, as well as networkbackup systems.They also perform network managementfunctions including:•provide support services•ensure that the network is used efficiently, and•ensure prescribed service-quality objectives aremet.
  37. 37. Network managementNetwork management refers to themaintenance and administration of large-scalecomputer networks and telecommunicationsnetworks at the top level.Network management is the execution of the set offunctions required for controlling, planning,allocating, deploying, coordinating, and monitoringthe resources of a network, including performingfunctions such as initial network planning,frequency allocation, predetermined traffic routingto support load balancing, Cont……
  38. 38. Network managementCryptographic key distribution authorization,configuration management, fault management,security management, performance management,bandwidth management, and accountingmanagement .A large number of protocols existto support network and network devicemanagement. Common protocols includeSNMP, CMIP, WBEM, Common InformationModel, Transaction Language 1, JavaManagement Extensions - JMX, and netconf. Cont……
  39. 39. Network managementData for network management is collectedthrough several mechanisms, including agentsinstalled on infrastructure, synthetic monitoringthat simulates transactions, logs of activity,sniffers and real user monitoring.Note: Network management does not includeuser terminal equipment
  40. 40. Network managementData for network management is collectedthrough several mechanisms, including agentsinstalled on infrastructure, synthetic monitoringthat simulates transactions, logs of activity,sniffers and real user monitoring.Note: Network management does not includeuser terminal equipment
  41. 41. Duties of System administrators4.1 System administrators are responsible for thesecurity of information stored on these resources.4.2 Administrators must take appropriate andreasonable steps to inhibit attempts to obtainunauthorized copies of computer software, computerdata and/or software manuals.4.3 Administrators must take appropriate andreasonable steps to make sure that the number ofsimultaneous users of software does not exceed thenumber of original copies purchased.
  42. 42. Duties of System administrators4.4 Administrators should take steps to insure thatassigned passwords are non-trivial and users should begiven guidelines for choosing strong passwords.4.5 Administrators must take appropriate and reasonablesteps to assure that access to the computer operationsareas is restricted to those responsible for operation andmaintenance.4.6 Default passwords shipped with servers, operatingsystems software or applications must always be changedwhen the hardware or application is installed orimplemented.
  43. 43. Duties of System administrators47 Special access to information or other specialcomputing privileges are to be used only in performanceof official duties.4.8 Gaining unauthorized access to a system (or area ofa system) using knowledge of access abilities gainedduring a previous position at the institution is prohibited.4.9 System administrators should never give access toany user on a system they do not administer.
  44. 44. Duties of System administrators 4.10 Computer installations will have definedprocedures for maintaining data integrity duringhardware repair, and will set up a schedule ofpreventive maintenance for the computersystems where appropriate.4.11 System administrators should install fixes toknown system problems as expeditiously aspossible.4.12 Sessions with root or other privilegedaccess must be logged off to a point thatrequires a new log-on whenever leaving yourwork area
  45. 45. Network SecuritiesWhat is a network?Network security consists of the provisionsmade in an underlying computer networkinfrastructure, policies adopted by the networkadministrator to protect the network and thenetwork-accessible resources fromunauthorized access and the effectiveness (orlack) of these measures combined together.
  46. 46. Network Securities What is a network?In order to fully understand network security, one must firstunderstand what exactly a network is. A network is a groupof computers that are connected. Computers can beconnected in a variety of ways. Some of these ways includea USB port, phone line connection, Ethernet connection, or awireless connection. The Internet is basically a network ofnetworks. An Internet Service Provider (ISP) is also anetwork. When a computer connects to the internet, it joinsthe ISP’s network which is joined with a variety of othernetworks, which are joined with even more networks, and soon. These networks all encompass the Internet. The vastamount of computers on the Internet, and the number of ISPsand large networks makes
  47. 47. Network SecuritiesCommon Network Security BreechesHackers often try to hack into vulnerable networks. Hackersuse a variety of different attacks to cripple a network.Whether you have a home network or a LAN, it is importantto know how hackers will attack a network.One common way for a hacker to wreak havoc is to achieveaccess to things that ordinary users shouldn’t have access to.In any network, administrators have the ability to makecertain parts of the network “unauthorized access.” If ahacker is able to gain access to a protected area of thenetwork, he or she can possibly affect all of the computerson the network. Some hackers attempt to break into certainnetworks and release viruses that affect all of the computersin the network. Some hackers can also view information thatthey are not supposed to see.
  48. 48. Network Securities Destructive AttacksThere are two major categories for destructiveattacks to a network. Data Diddling is the firstattack. It usually is not immediately apparent thatsomething is wrong with your computer when it hasbeen subjected to a data fiddler. Data fiddlers willgenerally change numbers or files slightly, and thedamage becomes apparent much later. Once aproblem is discovered, it can be very difficult totrust any of your previous data because the culpritcould have potentially fooled with many differentdocuments. Cont ….
  49. 49. Network Securities Destructive AttacksThe second type of data destruction is outrightdeletion. Some hackers will simply hack into acomputer and delete essential files. This inevitablycauses major problems for any business and caneven lead to a computeroperating systems apart and cause terrible problemsto a network or a computer.
  50. 50. The Importance of Network Security Knowing how destructive hackers can be shows you the importance of Network Security. Most networks have firewalls enabled that block hackers and viruses. Having anti-virus software on all computers in a network is a must. In a network, all of the computers are connected, so that if one computer gets a virus, all of the other computers can be adversely affected by this same virus. Any network administrator should have all of the essential files on back up disks. If a file is deleted by a hacker, but you have it on back up, then there is no issue. When files are lost forever, major problems ensue. Network security is an important thing for a business, or a home. Hackers try to make people’s lives difficult, but if you are ready for them, your network will be safe.
  51. 51. Network Securities How different is it from computer security? In plain words...Securing any network infrastructure is like securingpossible entry points of attacks on a country bydeploying appropriate defense. Computer security ismore like providing means of self-defense to eachindividual citizen of the country. The former isbetter and practical to protect the civilians fromgetting exposed to the attacks.
  52. 52. Network SecuritiesThe preventive measures attempt to secure theaccess to individual computers--the network itself--thereby protecting the computers and other sharedresources such as printers, network-attached storageconnected by the network.Attacks could be stopped at their entry pointsbefore they spread. As opposed to this, incomputer security the measures taken arefocused on securing individual computer hosts.
  53. 53. Network SecuritiesA computer host whose security iscompromised is likely to infect other hostsconnected to a potentially unsecured network.A computer hosts security is vulnerable tousers with higher access privileges to thosehosts.Network security starts from authenticating anyuser. Once authenticated, firewall enforces accesspolicies such as what services are allowed to beaccessed by the network users.
  54. 54. Network SecuritiesHoneypots, essentially decoy network-accessibleresources, could be deployed in a network assurveillance and early-warning tools. Techniquesused by the attackers that attempt to compromisethese decoy resources are studied during and afteran attack to keep an eye on new exploitationtechniques. Such analysis could be used to furthertighten security of the actual network beingprotected by the honeypot
  55. 55. Network SecuritiesHighly experienced security team provides thefollowing services:Destructive Code Scanning & Content FilteringDevelopment of Security Policies & ProceduresFirewall ImplementationHardware Inventory & Software ComplianceIncident Response & InvestigationIntrusion Detection SystemsNetwork Security analysis,Penetration Testing ,Physical Security & Access Control ,SecureArchitecture design,Secure E-mail Services ,VirusDetection & Mitigation Planning ,Virtual PrivateNetworks
  56. 56. Network Securities Log classificationServer Operating System logsEmail recordsInternet usageRemote accessDatabase transactionFirewall logsIntrusion detection Software logsSoftware security monitoring/violation
  57. 57. Asset ManagementAM means different things to different people. For some, itsjust an inventory on an Excel spreadsheet. And for theenlightened, its an all out monitoring and managementprocess using comprehensive AM policies and sophisticatedAM tools. While inventories are necessary, doing this aloneis not the solution.Considering these factors, AM can be viewed as a set ofwell-defined practices and processes governing theacquisition, maintenance, and implementation of IT services.In reality, AM has gone beyond an inventory or financialtype of definition.
  58. 58. Asset ManagementAlthough these aspects are crucial, a fresh approachincludes factors like asset lifecycles, assetutilization monitoring and optimization. The focusis more on the usefulness side of assets than juststocktaking. "Each asset has a lifecycle and it involvesmanaging assets while keeping in mind manyaspects right from physical security to whether theyare serving their purpose to the end user.
  59. 59. Asset ManagementIf you do not track your financial assets, you cannotmanage them. The same philosophy is applicable tomanaging enterprise-wide IT assets. A look at theissues related to this fast evolving discipline.There are two ways to keep track of anorganizations IT assets—you either do it the rightway or the wrong way. If managed in the correctmanner, even the most minimal of assets can go along way. When managed wrong, it is the fastestway to put an end to the enterprises ITinfrastructure efficiency.
  60. 60. Asset ManagementThere is no middle path in this aspect ofInfrastructure Management (IM), which is wheremany CTO/CIOs make the mistake. It is interestingat this point to observe that most Indianorganizations have rudimentary Asset Management(AM) policies incorporated in their IM policies. Butwhen the question is that of optimal monitoring andmanagement of assets for business benefits, thefield is still new to Indian enterprises.
  61. 61. Asset ManagementSo how does an organization manage its IT assets in themost optimal manner?Lets understand this through a hypothetical example.Consider a typical server farm. Are the servers beingunderutilized? If they are, then it would be cheaper toconsolidate servers. Or consider a scenario where theorganization does not keep track of the devices connected toits network. It is very easy for unaccounted resources tobecome non-functional without anyone being aware of it. Itcould have great implications on network availability. Thisis where monitoring comes into place, when discussing assetmanagement.Asset Lifecycle Management (ALM) also plays a major partin effective AM.
  62. 62. Benefits of Asset ManagementThe benefits associated with AM are direct and indirect. Thebiggest advantage is that it helps an enterprise keep trackand utilize all its assets optimally. This is of great benefit intracking TCO and ROI."With proper AM, it is possible to keep track of the capitalexpenditure and also to arrive at the ROI, which the assethas given over a period of time," said P. Rangarajan, Asst.VP-Operations & Systems, Birla Sun Life.AM also helps to tweak an enterprises infrastructure foroptimal results. "The biggest advantages of using AM in anenterprise is you can fine-tune and utilize the existingresources in an intelligent manner," said S.B. Patankar,Director-Information Systems, The Stock Exchange.
  63. 63. Benefits of Asset ManagementIt can be clearly seen that knowing the exact number ofcomputers that are actually being used from the entireinventory helps when doing the next procurement. This alsoprovides direct financial benefits by avoiding loss."If you do not know the exact number of the equipment thatyou have, there is a financial loss associated with it," saidSharma.The importance of AM when negotiating with vendors isvery critical. CTO/CIOs have to deal with vendors regardingAMCs and service contracts every year. Having an up-to-date inventory of the equipment coming under warranty isvery handy during such negotiations—especially inorganizations having distributed infrastructure.
  64. 64. Benefits of Asset Management This is true not just in the case of hardware but alsofor software. The box story, Managing softwareassets details the issues related to software assetsand how to manage them optimally.AM can also help the organization provideresources to users according to their requirement.For example, the requirement of data-entrypersonnel in the Logistics department will bedifferent from that of the Accounts team.
  65. 65. A policy of Asset ManagementA majority of the Indian corporate believes in AM builtinto the infrastructure policy. While this is not badpractice, the risk of AM losing its core focus cannot beruled out.It is in this perspective that a company requires an AMpolicy distinct from an IM policy. This is absolutelyessential since AM requires involvement from the entireorganization than just IT. Most departments have theirown requirements when it comes to required assets.The same AM strategy might not work throughout theentire organization due to this. While the basics can becommon, different AM strategies tailor-made for eachdepartment in an organization might be required.
  66. 66. Creating Asset Management strategyThe essential objective of an AM policy should beto maximize value of an asset over its entirelifecycle. Even if the AM policy is integrated withthe IM policy, it has to be clearly outlined andaligned with business.Now comes the issue of formulating an AMstrategy. When planning for future assets it isessential to bring in future business growth andassociated requirements, which can be providedonly by the business. A company needs to considerfactors like TCO and distribution of assets.
  67. 67. Creating Asset Management strategy"TCO, anticipated future technology trends, physical anddata related security, BCP related issues, and compliance arethe factors to consider when planning assets,"In such cases, it is essential that clauses to ensure periodicalsurveys and policy enforcement are included. This willensure proper enforcement of AM practices. The policyshould also specify how assets have to be disposed off oncethe assets lifecycle is over. This will detail if the assets haveto be returned (for leased assets) or if they have to be soldoff.
  68. 68. Creating Asset Management strategyOne of the first steps to proper AM is to have an inventoryin place. The inventory should have details of IT assetsacross the enterprise.The inventory should have information about the assets—right from time of procurement/implementation, to changesdone at the end of its lifecycle."The asset has to be numbered and all the details of the assetlike purchase order number, installation date, warrantyperiod, and expiry of warranty have to be maintained. Thiswill enable tracking and monitoring of the assets properly,"While its easy to keep track of devices with IP addresses, itis difficult to track other types of assets. This is where AMtools can help out enterprises.
  69. 69. Digital Asset ManagementThe new age enterprise makes use of AM tools to keep trackof its assets. These tools greatly simplify the complexitiesinvolved in tracking enterprise-wide assets."It is necessary to utilize the assets you have in the bestpossible manner, as well as manage them. Both these arepossible only with the available tools, that can do thesefunctions," AM tools can automatically detect deviceinformation across the network, and display it in differentways, like graphical and tabular formats. Inventory ofhardware and software assets are facilitated with suchfeatures.
  70. 70. Digital Asset ManagementDigital asset management means that you can study existingprojects and reuse valuable information(asset) from themMany of the AM tools available today are add-on modules toIM tools. While the costs of these tools tend to be on thehigher side, the benefits justify the costs involved in mostcases.The importance of digital asset management can be gaugedfrom the fact that it not involves storing data in easilyunderstandable formats,but also that the managementsoftware,apart from storing and classifying data,come withadditional features of analyzing it ,thereby ensuringconductive business decision taken at right time.
  71. 71. Bandwidth /Telecom ManagementBandwidth Management is related to internetbandwidth available and their distribution tovarious entities within the domain. Distributionof single pipe to various user departments andsetting up priorities has become possible nowdays.Bandwidth is the amount of information that canflow through a network.Consider traffic flow,Express highway traffic isfaster than any highway& larger number of carscan be driven Similarly high volume applicationsConsume large amount of bandwidth
  72. 72. Bandwidth ManagementBandwidth management was developed as atechnique designed to manage the resourceconsumption or priority of various applicationsconsuming bandwidth on the networkThe most common technique used to implementbandwidth management is based upon a technologycalled QoS(Quality of Service) The QoS identifies the application Traffic passingthrough the network , and the applies policiesdesigning to protect,prioritize,or restrict bandwidthconsumed by them
  73. 73. Incident ManagementThe incident management process aims to ensure thatincidents are detected and service requests are then recorded.Recording ensures that there are no lost incidents or servicerequests, allows the records to be tracked, and providesinformation to aid problem management and planningactivities. The process includes the use of technology toprovide self-service facilities to customers, providing themwith flexible and convenient interfaces to the supportfunction while also reducing the workload and personnelrequirements of the service desk.Service requests, such as a request for change (RFC) or abatch job request, are also recorded and then handledaccording to the relevant processes for that type of servicerequest
  74. 74. Incident ManagementIncidents undergo classification to ensure that they arecorrectly prioritized and routed to the correct supportresources. Incident management includes initial supportprocesses that allow new incidents to be checked againstknown errors and problems so that any previously identifiedworkarounds can be quickly located. Incident management then provides a structure by whichincidents can be investigated, diagnosed, resolved, and thenclosed. The process ensures that the incidents are owned,tracked, and monitored throughout their life cycle.There may be occasions when major incidents occur thatrequire a response above and beyond that provided by thenormal incident process.
  75. 75. Incident ManagementIncident management includes a process for handling thesemajor incidents, including management and functionalescalations, effective communications, and formal rollbackplans. The objectives of incident management are:•To restore normal service as quickly as possible.•To minimize the impact of incidents on the business.•To ensure that incidents and service requests are processedconsistently and that none are lost.•To direct support resources where most required.•To provide information that allows support processes to beoptimized, the number of incidents to be reduced, andmanagement planning to be carried out.
  76. 76. Incident ManagementIncident management handles all detected incidentsand all service requests that can be raised throughthe service desk.ITIL defines an incident as: Any event that is notpart of the standard operation of a service thatcauses, or may cause, an interruption to, or areduction in, the quality of service.Typical incidents could include:•A service being unavailable•Software corruption•A hardware failure•The detection of a virus
  77. 77. Incident ManagementThe range of different service requests received bythe IT organization varies between differentorganizations. Common service requests caninclude:•Requests for change (RFCs)•Requests for information (RFIs)•Procurement requests•Batch job requests for a specific purpose•Service extension requests•Password resets
  78. 78. Incident Management Ownership, Tracking, and MonitoringThe diagram below shows the incident life cycle fromthe initial occurrence through to closure of theincident following confirmation that the issue hasbeen resolved.
  79. 79. Help DeskA help desk is an information and assistanceresource that troubleshoots problems withcomputers and similar products. Corporations oftenprovide help desk support to their customers via atoll-free number, website and/or e-mail. There arealso in-house help desks geared toward providingthe same kind of help for employees only.In the Information Technology InfrastructureLibrary, within companies adhering to ISO/IEC20000 or seeking to implement IT ServiceManagement best practice, Cont….
  80. 80. Help DeskA Help Desk may offer a wider range of usercentric services and be part of a larger ServiceDesk.A typical help desk has several functions. It provides theusers a central point to receive help on various computerissues. The help desk typically manages its requests viahelp desk software, such as an incident tracking system,that allows them to track user requests with a unique ticketnumber. This can also be called a "Local Bug Tracker" orLBT. The help desk software can often be an extremelybeneficial tool when used to find, analyze, and eliminatecommon problems in an organizations computingenvironment.
  81. 81. Help DeskThe user notifies the help desk of his or herissue, and the help desk issues a ticket thathas details of the problem. If the first level isable to solve the issue, the ticket is closed andupdated with documentation of the solution toallow other help desk technicians to reference.If the issue needs to be escalated, it will bedispatched to a second level.There are many software applications availableto support the help desk function. Some aretargeting enterprise level help desk (ratherlarge) some are targeting departmental needs.See Comparison of issue tracking systems.
  82. 82. Desk Top ManagementDesktop management is a comprehensive approachto managing all the computers within anorganization. Despite its name, desktopmanagement includes overseeing laptops and othercomputing devices as well as desktop computers.Desktop management is a component of systemsmanagement, which is the administration of allcomponents of an organizations informationsystems. Other components of systemsmanagement include network management anddatabase management.
  83. 83. Desk Top ManagementTraditional desktop management tasks include installingand maintaining hardware and software, Spam filterin, andadministering user permissions. In recent years, however,security-related tasks have become an increasingly largepart of desktop management. As a result, an increasinglylarge proportion of administrative resources have beendevoted to security-related tasks, such as patchmanagement, fighting viruses and Spyware, and controllinggreynet applications (programs installed without corporateapproval, such as instant messaging, file sharing programs,and RSS readers).
  84. 84. Remote Desk Top Management One of the many challenges facing Microsoft administrators is how to manage remote systems in a secure manner? In the world of the UNIX the answer is quite simple: using the SSH protocol is sufficient. Thanks to the SSH, we can manage remote systems not only in the text mode, but we can also run remote X- Window applications by using the protocol tunneling technique. And all of that by using strong cryptography, which protects transmitted data from unauthorized access.
  85. 85. Remote Desk Top Management Unfortunately, providing secure remote access to the MS Windows systems is not as easy. Why? First of all, only the NT Terminal Server, 2000 Server and XP are equipped with remote management services (Terminal Services). Secondly, the solutions that offer remote MS Windows management possibilities either dont encrypt transmitted data (like VNC) or their implementation often comes hand in hand with the additional, significant costs.
  86. 86. Remote Desk Top Management What features should a remote management solution have? First of all, the solution must be functional. Although in the case of Unix systems, access to the emulated text terminal is often sufficient, the use of such methods to manage MS Windows is far from ideal. Because the MS Windows is a system based on a graphics environment, remote management should be also realized in a graphics mode. Besides being functional, remote management must also be secure. The solution must not only provide user authentication, but must also assure confidentiality and integrity of the transmitted data.
  87. 87. Remote Desk Top Management In the remote management solution that will be presented in this discussion, all the above requirements will be met by using the following open-source software: •VNC - VNC (Virtual Network Computing) provides graphics management of remote systems. In our case, the VNC software will be the "core" of the whole solution. It will provide a graphics console to the remote MS Windows system. •Stunnel - The main purpose of the Stunnel utility is to create SSL tunnels that can be used to transmit other, often non-encrypted protocols in a secure manner. In the described solution, this tool will be used to secure the VNC protocol.
  88. 88. Remote Desk Top Management •Thanks to the Stunnel, it will be possible to assure not only confidentiality and integrity of the transmitted data, but also to authenticate VNC clients and servers by certificates. OpenSSL - OpenSSL is a library of cryptographic functions that can be used to enrich applications by data encrypting functions. By using OpenSSL we can also generate, sign and revoke certificates that can be used in solutions based on a public key infrastructure (PKI). In the method presented below this tool will be used to generate and sign certificates needed to authenticate both VNC clients and servers.
  89. 89. Remote Desk Top Management The following picture shows the way the software mentioned above will be used to provide secure management of remote desktops:
  90. 90. Remote Desk Top Management Major features of Desktop Management •Speed improvement •Real Full screen •Improvement to file Transfer schedule •More audit info gathered from remote systems •Email connection attempts •Error logging improvement •Ping time outs added for connection attempts •Connect remote system improvement
  91. 91. Network inventorySystem Admin/help desk engineers can accessuser desktop& solve any software issuesbut it is hard to manage hardware& softwaredetails such as memoryNetwork inventory is powerful tool for forsoftware & hardware inventory & auditRemote desktop professional has a built inPerformance monitorRemote desktop professional is a remote desktopmanagement toolYou can gather information on remote machineson your network
  92. 92. “Like” us on Facebook:  p // / “Follow” us on Twitter: com/WeLearnIndiaWatch informative videos on Youtube: