Category: Architect

Identity Management – Vendor solution Vs OpenSource

Identity management provides holistic solution for compliance, security requirements, and improve  overall IT operation. Following are major vendors and their products providing IDM solutions in the market

– IBM/Tivoli Identity Management
– Oracle Identity Management (or Oblix/COREid/Thor)
– Computer Associates Identity Management (or Netegrity)
– MIIS (Microsoft Identity Integration Server or MMS (Microsoft Management Server) or Zoomit)
– SunOne Identity Management
– Novell Identity Manager
– BMC Identity Management (or Passlogix)

Before any organization implements IDM, it is best practice from program management office standpoint to develop a business case and return on investment.

How to create a measurable ROI for IDM investment?

If help desk operation is expensive in an organization, measurable ROI development is possible whereas if help desk operation is already lean, it is challenging to develop a TRUE ROI for IDM investment.

IDM solution provides holistic solution for compliance and security requirements. Even when there is no TRUE ROI for IDM investment, still it is worth considering IDM for  its elegant user provisioning, user de-provisioning, user management, access management, password management, work flow, single sign on solutions.

The open source products OpenSSO, OpenDS (directory server) supported by SUN provides most cost ( total cost of ownership) effective solution among the solution landscape. Identity managers supported by SUN, which eventually will become an open source product provides all connectors to integrate various directory services and build work flow for custom provisioning and de-provisioning.

Message: If there is no TRUE ROI for IDM, consider OpenSSO/DS/Identity Manager solution before dropping IDM from your technology road map.

Note: This page is used for google’s page rank emprical analysis. The links will be created based on the random graph created.  This is node #4 which has the key word:  xysivabodzinyx , xysivabodzinxy . As per the graph, it links to page 3, page 5

Technical Architecture Components

In general, infrastructure or data center cost is around 35-40% of an over all IT cost. Due to the high cost absorption in that area, it is prudent for any senior executive in the IT organization to have a better handle on the infrastructure cost.  The industry lacks uniformity in the cost management of IT as a whole and it applies to infrastructure/data center cost. The various cost management structure are available to manage the over all IT cost and it depends on the size and type of an organization. However, the general principle remain the same.

IT infrastructure cost  looked closely for IT cost optimization by every chief information officers. It is essential, particularly during this economical climate, to look the infrastructure cost distribution and study the alternative approaches for cost and competitive advantage. Chief Enterprise architects are directed by CIO and other senior executives to develop an IT infrastructure cost optimization program. To accomplish it, the enterprise architect must understand the high level information of  various components of  infrastructure and develop a technical architectural strategy.  Technical architectural strategy defines the future state and provides a foundation, the blueprint, for the infrastructure/data centre cost optimization program.

For any future state analysis and definition, the current state is studied and understood before a road map is developed to reach the future state.  1. To study the current state, itemize the various components of technical architecture and the service rendered in each components.

Components of technical/infrastructure architecture

  • Hardware
    • Servers
      • Distributed
        • WinTel
          • Linux
          • Windows
        • RISC
          • HP-UX
          • AIX
          • SGI
          • SUN Solaris
      • Mainframe
        • MVS
        • AS/400
    • Disk arrays
      • SAN storage
      • NAS storage
      • Backup
    • Network
      • Logical
        • Extranet
        • Internet
        • Intranet
      • Physical
        • Network Appliances (SSL accelerators, Net Cache devices, XML appliance)
        • Network devices (Routers, Switches, VPN devices, Hubs, Firewall, Wireless,Intrusion prevention)
        • Telephony devices (Dialer, ACDs, IVRs, PBX)
      • External Connectivity
        • SFTP drop box
        • VPN Tunnel
        • T1 line
        • ANX
        • OC3/5 internet connectivity
        • Frames/MPLS
    • Desktop
      • PC
      • Laptop
      • Mobile devices (iPhone, BlackBerry, Smart Phones, pagers)
  • Software
    • System Software
      • Server operating systems
      • Network operating system
      • Storage operating system
      • Desktop operating system
      • Compilers, Interpreters
      • File system management (VSAM, GFS )
      • Name resolution system (DNS)
      • Email servicing system (SMTP)
    • Web infrastructure
      • Application Server
      • Web Server
      • Portal Server
    • Data Administration
      • Database server – OnLine Transaction Processing (OLTP)
      • Data ware house
      • Reporting
      • Business Intelligence
    • Office management
      • Microsoft Office/OpenOffice
      • Email client
      • Browser
      • Remote login
      • Security – Virus prevention
    • Service Layer
      • Business process server
      • Message broker
      • Connector – database drivers, bridges,
    • Monitoring and control management
      • Service monitoring
      • Device monitoring
      • Compliance management
        • Data Loss prevention
        • Login monitoring
    • Collaboration Management server
    • Document management server
    • Storage Management Server
    • Emergency Management Service
      • Disaster Recovery Management
      • Business continuity Management
    • Enterprise Resource Planning (it will expand based on the core business)
      • Financials
        • Accounting
        • Management Accounting
          • Cash flow management
          • Fund flow management
      • HR
      • Procurement
  • Data center Services
    • Power grid architecture
    • Power Distribution Units (PDUs)
    • Backup power –
      • Automatic generators
        • Cooling and backup cooling for generators
        • Fuel capacity and distribution management
    • Cooling and heating
      • Backup cooling and heating
    • Wiring management
    • Rack management
    • Physical security
  • Security Service
    • Directory Services
    • Identity Management Services
      • User provisioning
      • Authentication
      • Authorization
      • User management
      • User de-provisioning
    • Network Security
    • Intrusion prevention
    • Firewall protection
    • Layered protection
      • Zoning – web zone, app zone, database zone, messaging zone, Demilitarized zone, file exchange zone

The service offering in each area depends on an enterprise.  Some enterprise has internal teams to provide all these services  and some has outsourced all of them. Mostly, enterprises adopt a hybrid approach with both external service provider and internal teams.  2. Define the future state in terms of strategic objectives like IT simplification, cost optimization, adaptability, agility for new market segment and etc.  3. For each component of the infrastructure, perform a SWOT, cost and new solution analysis and define the road map.

Rapid Solution Delivery Framework

In this tough economical situation, leading a multi-million, multi-year project to a failure is not an option for any corporation.  Leaders or managers who lead project for years without successful implementation must be watched closely by the executive management for their performance during this economical situation. I totally understand an organization can learn from their mistakes, but successful organization learns from others mistakes but not on their own cost.

The project managers and leaders are seeking the best possible ways to ensure successful implementation in spite of any unforeseen hindrance in the execution. Even for the multi-million dollar projects utilizing the cost effectively solution are demanded. The project managers and leaders are seeking the best enterprise or system architect to provide solution to exceed customer expectation, meet requirements and at the same time provide most innovative and cost effective solution.  Enterprise architects or system architects are required to have a set of tools in their arsenal to provide a rapid cost effective solution with highest possible success rate.

Rapid Solution Delivery Framework is an abstract concept used to rapidly define a cost effective and innovative solution. The key components of the framework are:

1. Cloud computing
2. Open source
3. Social network tools

Cloud computing: It addresses the rapid infrastructure setup or applicaton setup or business rules for any solution delivery. The cloud platform may come from external public cloud provider like Amazon or internal cloud provider or external private cloud provider (like secure24, rackspace for infrastructure) . It is rapid way of setting up the infrastructure for the solution delivery. There may be cases where cloud platform may also provide business solutions.

Open Source: There are lots of commercial software product companies leveraging the open source or supporting or sponsoring the open source to improve their commercial product quality tremendously. For instance, IBM supports Apache product development and leverages the Apache web server and bundles it as a IBM HTTP Server (I H S). The open source concepts are not pertained to system software. The open source concept proliferated to various segments and even in the chemical bonding structural analysis there are lots of open source tools available where the researchers and students easily learn and collaborate. Open source has become an integral of any IT solution delivery model.  Open source provides wide range of solutions from operating system, system software (webserver, database server, application server), application development frameworks (spring, hibernate, struts), security (OpenSSO, Crowd, OpenLDAP) , application development IDEs (like eclipse, Galileo ) and etc. These open source products not only provide quality solutions but also provide cost effective solutions.

Social network tools: Social networking concepts and its implementation matured over the years and it is extensively being used beyond for personal use. There are major corporations like Cisco, Deloitte, IBM uses the social network tools for better collaboration among the employees to provide effective solutions to their clients. The tools landscape in the social network media is vast and deserves a separate blog. To name a few major categories like Video, Video Aggregation, documents, events, Wiki, LiveCasting, Pictures, social bookmarks, Crowdsourced content, blog and etc. There are at least 3-4 popular tools in each of those categories. The social networking technology landscape plays a vital role in leveraging existing solutions, collaborate better among various stakeholder of the projects.

Vivek Kundra implemented few projects in DC state government as a CTO are few practical examples how social networking platform provides a foundation for a rapid cost effective solution.

Along with these key components, depends on the business requirements, there may be other commerical products like SAP, or Flex (for UI) will be part of the over all IT solution.

Cloud Computing Architect

Due to the information over load and power full search engines like google.com, bing.com, the authentic information is freely available for almost any topic ranging from quantum mechanics to cloud computing. An average person can have a decent conversation about any topic with a minimum effort. It is real challenge to determine a real expert in any field in the current information over load.

Experts are not born but they are made. Before an expert becomes an expert they are beginners searching information to get familiar with the topic. In the information over load, a beginner can easily be represented as an expert.

Cloud computing has lots of attention in the current business environment, and IT executives really struggle to differentiate the cloud computing architect with a person JUST knows the right buzz words. A guidelines to differentiate an cloud computing architect and a person JUST knows the right buzz words with basic knowledge about cloud computing.

Cloud computing Architect:

1. In depth understanding of cloud computing tool box –

  • Understands the existence and usage of various technical and business cloud environment
  • Understands the technical and business stack type in each cloud and usage of those stack for cloning
  • Understands each logical and physical unit of the stack (like storage, database, BPMS, OWL, UML, business services like loan origination, consultative service, collection and etc)
  • Understands behind the scene technology (like cloud operating system, virtualization, storage area network, data transfer rate, raid type, data redundancy, disaster recovery plan and etc). Some argue, understanding behind the scene technology is not required for an architect. In my strong opinion, that is the differentiator between an architect (expert or evangelist ) and novice (quick concept exposed person). It helps the expert to pick right solution for the right problem.

2. Enterprise view of the cloud –

  • Various possible integration of cloud solutions
  • Latency between each cloud solutions

3. Solution design –

  • Various possible instantiation of the enterprise view of cloud

4. Solution delivery

  • This is the most important aspect of a cloud computing architect. First 3 area focuses on the various solution design and its components. The solution delivery focuses on solving a business problem using the packaged cloud solution. It is business problem and solution matching exercise. To illustrate the role of an cloud computing architect let me take a very practical simple example. Let us say, a company wants to sell loan (retail or lease)organization as a service to a smaller banks or credit unions.  For this business problem, the solution provider (let us say the company name is FinCo) has to understand the common business process involved in loan organization and customized loan organization for each customer (bank or credit unit) and both common and customized loan organization needs to be implemented using the technology stack like LAMP, Messaging, persistence database and etc. The common loan organization also be imaged for deployment. Common loan organization can be an cloud solution and it is ready to use. When a Finco, get a new customer, it can deploy the common solution in the cloud and made necessary modification to customize the customer needs.Deploying a solution using the loan organization cloud can be done by a sales or presale technical team. The architecture of the loan organization stack in the cloud will be done by the cloud computing architect.

Cloud Computing Architecture and its future..

Cloud computing concept continue to receive acceptance and its adaption increases exponentially.

I heard today from one of vendor representative that he grew up in the farm and growing up in the farm means he had to learn whatever required in no time to do farming. He confirmed my thoughts on how farm boys grow up in the farm. Cloud computing basically took the farm boy approach. Do whatever is required to do the job!

Fifteen years ago, the PC support team use to install the operating system (windows 3.11,MS-DOS ) in each and every PCs and PC support cost use to be a significant cost in the IT shop. As repetitive mundane tasks mandates  innovation, solution like Norton Ghost solution were emerged and hence deployment made easy and drove the PC support cost down.

Cloud computing took the Norton Ghost solution to the server environment.  Like me, I can imagine most of the IT members spent significant time in  building the development, testing, staging and production environment for each application and spent  time to ensure that all the environment were build alike and still had environment behaved differently for unknown reasons. Cloud computing solves all theses problems.

Key components of cloud computing:

Utilizing the external storage in the server environment has been in use for quite a while. In some cases, like manufacturing production databases, selecting the apt external storage platform including hardware, storage operating system, connectivity and raid types plays a vital role in the system architecture.  Likewise, in the cloud computing, the storage and processing unit are physically separated and logically connected as and when required. It includes the boot volume too.  To manage both processing units and storage units, an external operating system called cloud computing operating system is used. There are vendors like vmware sells cloud computing operating system like vmware vSphere and there are open source cloud computing operating system like eyeOS

  • Processing Units
  • Storage units
  • Cloud computing OS
  • Network units

Architecture of cloud computing:

For external users

Have a OC3 or OC12 or OC48 internet link based on your requirement to connect to the internet for your data center. Have a cisco 7200 series and cisco ACE series for your first and second layers of your network. Have netcahce or ssl accelerator or intrusion prevention devices based on your requirements. Connect the internal vlan with blade server (HP) and storage units like EMC. Slice the EMC luns to have a preload images like Redhat, Windows with preloaded system software like application server, web server, domain name server, database server, director server and etc. Install the cloud computing operating system in the external boxes and link both processing and storage units. The cloud computing operating system manages both processing and storage units.

If there are requirements to connect stand alone servers, it can be connected in the internal vlan.

The architecture is straight forward and purposefully I’m not drawing it.

For internal users:

The same architecture expect OC3 internet link.

Cloud Computing Future:

The concept is very cost effective and efficient. Instead of building images for production servers with application server, web server, database server and etc.. the image will be elevated to more business unit image. Loan processing image, collection and customer service image, delinquency image, skip tracing image,  bankruptcy, treasury, securitization, point of sale and etc.  The technology cloud is in the phase of reaching maturity and business cloud is emerging. There is a huge potential for the players who get quickly into the business cloud.

Think about for a minute, if you are bank, why do you want to spend time on building IT infrastructure to process loan. Banks JUST want to focus on getting good papers, good customers and not worry about how the assets are stored, retrieved and processed. Whoever get into business cloud will lead that market segment for a while!!


Is google’s gmail ready for enterprise use?

Genchi Genbutsu approach for enterprise architect is an apt approach in some cases and this approach is apt for validating the viability of gmail for enterprise use. As a cost saving opportunity, the enterprise email infrastructure is one of the frequently visited area for potential saving  by practical enterprise architects. It is often studied by hiring external infrastructure architect specialist in the email infrastructure area to perform a business case and cost benefit analysis and internal enterprise architects lead that study by providing the necessary internal information. To perform the initial study, generally, it cost enterprise not a negligible money and time.  For an organization of size 10,000 employees, migrating an email infrastructure from Lotus Notes or Outlook to new email infrastructure will take at least 5-6 months (my estimate before I did this project) and requires coordination and training. Before the trigger is pulled to migrate the email infrastructure for cost saving opportunities, the business case and benefit analysis should be strong.

Recently, I lead and managed a team to study the gmail  for enterprise use by following Genchi Genbutsu approach and my results are summarized below.

Team Size: 3
Duration of the project: 6 hours
No. of email users:100
Cost: $5020 ($5000 is refundable if pilot results are concluded as not successful before 30 days)

Steps followed to establish the Google app’s gmail

  1. Tried to use the free gmail for 100 users. Selected 100 users in the organization and tried to create 100 free gmail accounts. Gmail has strong spam protection measures. It didn’t allow to create more than 20 users. gmail is performing lots of user traffic analysis on their side and predicting the creation of multiple users. Even though, we wanted to create  valid gmail viability using 100 legitmate users, google has build intelligence to prevent us creating more ids. Tried quickly to flush the cache in the browser, changed the browser, changed the PCs, changed the sub net still did not work. Google must be analyzing the user traffic by looking into the public ip (ie. web proxy to reach internet cloud) of our network. No customer service or support available for gmail. All the support material are available in the site and forums. No one available to talk to regarding the problem.
  2. Decided to use the google apps gmail to validate it.
  3. Bought new domain from godaddy.com (cost around $10)
  4. Configured the email gate way of the domain in registrar (godaddy.com) site by creating the MX records and setting up the priority. Good documentation available in the google app web site.
  5. In the online, bought 10 ids  from google apps (using google’s checkout)
  6. Used their mass upload of ids to create all 10 ids. CSV file contains the user name, user id, initial password and provision to reset the password after their first login.
  7. All ids were succcesfully created.
  8. Took one id and send and received email.  MX record took around 30-40 minutes to complete the configuration. After 30-40 minutes after the ids were created, we were able to successfully send and receive emails.
  9. Used the same format and added additional 90 ids to the CSV file.
  10. Used google check out to buy additional 90 ids ($4500). Additional 90 ids were not immediately added to the account after successfull completion of the transaction. Waited 40 minutes and tried to reach google check out support. There is no support/help desk number available. No contact information for sales.  I felt, may be, my credit card company is not authorizing the transaction since the amount is considerably large. Called the credit company’s support and found out the transaction didn’t reach the credit card company yet.  Waited for additional 20 minutes and assumed  google checkout is not authorizing consecutive  legitamate transactions in a short time (less than 60 minutes)
  11. Meantime, sent emails to their corporate support email address, google apps support email address, google checkout support email address screaming for “HELP”
  12. Repeated step 3-4 for a different domain and bought 100 ids this time. Transaction was complete and ids were not added to the account.. Got stuck again!!!
  13. Got a call from Google’s check out support. Told them what I wanted and second transaction was cancelled and additional 90 ids were added.
  14. Deleted all 10  ids I used to perform end to end test
  15. Tried to upload the 100 ids at one time.. Failed!!! Tried different combination, removed special character in the password, removed white spaces and few others. Nothing worked and everything FAILED!!!
  16. Tried to upload ONLY new 90 ids at one time. Successful!!!
  17. Once the ids were deleted, it can not be created immediately. It will take 5-7 days to recreate the same id. Strange!!
  18. For those 10 ids, had a different format ‘_’ instead of ‘.’ after the first and last name of the gmail address
  19. Loaded the 10 ids and it worked.
  20. Personalized the first page with company name, logo and etc.

Finding:

  • It took less than 1 hour (once the ID’s are successfully bought) to create all 100 ids.
  • Each id has 25GB mail box size
  • Administrator can manage all users, implement security policy, configure mail relays easily using the gmail console, restrict the traffic and etc
  • Quick training material was developed easily
  • SSL enforcement can be centrally done by the administrator
  • Calendar, docs sharing, chat are part of the gmail
  • It is apt for a small size (less than 1000 employees) company
  • Fast, inexpensive, sufficient email space

Is google’s gmail ready for enterprise (10,000+ employees) use?

Short answer: No

Fuzzy answer: Almost there but not quite yet

Detail Answer:Support is the big concern. I could not talk to any one whenever I had a problem. I understand their support strategy. Provide all necessary information and empower the user to resolve the issues by them self. That is good strategy from google stand point. Not a customer friendly strategy. I had legitimate support issues during the check out and recreating the deleted ids. I had to wait for their support teams mercy whenever I had problem. Google is over analyzing the traffic and stopping the legitimate traffic. I can’t make 10,000+ employees depend on this infrastructure, when there is a problem, we need to wait for mercy of their support team to call us. Here is the screen shot of the 404 error received during the pilot (removed the company logo!!)

 

 gmailerrorConclusion:

Wait for Google’s revised support strategy or ask your 10000+ employees to use free gmail for one or two years for their personal use before you transfer the corporate email infrastructure infrastructure to google app’s gmail.

Open Source Enterprise Architecture tool

During my UML modeling days, this question always stuck me with no answer. When you define a class, let me take an example as  male, you inherit a super class called human. All human attributes will be made available to male class. Then you define sub class like infant, child, teen, middle aged, aged etc.. inheritance takes the attributes from its super class. When you instantiate an object like middle aged male and let the name of the object be “Joe the plumber“, the object, Joe the plumber will have all the attributes defined in all of his class and his super classes. For generalization of the attributes of an object, UML has been doing an exemplary job. However, Joe the plumber is not same as all middle aged male. He has some unique attributes that most of plumber nor middle aged male does not have it. How to capture the unique attributes in the model. UML models completely failed to capture the attribute for an unique case or object.

We have seen marketing ads and commericals in TV that personalization is key for this and next generation marketing and sales. Each individual customers are targeted for promoting a product or service. Three to four years ago, I initiated my search to seek what industry is doing to address personalization design and that is when I ended with OWL, Protege.

Protege is an ontology tool. Ontology is few thousand  years old concept. I think it started from Ancient Greeks. Ontology is a presentation of knowledge. Immediately I became the registered member of Protege and have been using it (Frequency -> 1 hour a month, an average) for last 3-4 years. It is a very good tool to present information asset in the organization. It is easy to use once you spend significant amount of time to understand the concept and usage. I believe it will take some time to be ready for commercial use with idiot proof user interface.

Lately, I came to know that there is an open source enterprise architect plugin developed for Protege. It is called EssentialProject. It is a good enterprise architecture ontology editor. You can download it from enterprise architecture.org site.