Category Archives: IT Management

Security Done Right

Leave a reply

During my job-related trip to Israel a couple of months ago, I was subjected to a thorough security check at the airport. I learned later on that everybody goes through the same process. It was a little inconvenient, but in the end, I felt safe.

With all the advance technologies in security, nothing beats the old way of conducting security – thorough checks on individuals. I also noticed the defense in depth strategy at the Israel airport – the several layers of security people have to pass to get to their destinations. No wonder some of the greatest IT security companies come from Israel (e.g. Checkpoint Firewall).

As an IT security professional (I’m a CISSP certified), I can totally relate to the security measures Israel has to implement. And companies need to learn from them. Not a day goes by that we learn companies being hacked, shamed, and extorted by hackers around the world.

Sadly, some companies only take security seriously when it’s too late – when their data has been stolen, their systems have been compromised, and their twitter account has been taken over. It will be a never ending battle with hackers, but it’s a great idea to start securing your systems now.

Backing Up NetApp Filer on Backup Exec 2012

Leave a reply

The popularity of deduped disk-based backup, coupled with snapshots and other technologies, may render tape backup obsolete. For instance, if you have a NetApp Filer, you can use snapshot technology for backup, and snapmirror technology for disaster recovery. However, there may be some requirements such as regulatory requirements to keep files for several years, or infrastructure limitations such as low bandwidth to remote DR (disaster recovery) site that inhibits nightly replication. In these instances, using tape backup is still the best option.

The proper way to backup a NetApp Filer to tape on Backup Exec 2012 is via NDMP. You can backup your Filer on the network, using remote NDMP. If you can directly connect a tape device to the NetApp Filer, that would even be better, because backup will not go through the network anymore, thus backup jobs will be faster.

However, using NDMP requires a license on Backup Exec. The alternative way to backup the Filer without buying the NDMP license is via the CIFS share. Configuring the Backup Exec 2012 via CIFS shares though can be a little tricky. These are the things you need to do to make it work:

1. Disable NDMP service on the NetApp Filer. This is done by issuing the command “ndmpd off” at the command line.
2. Change the default NDMP port number on the Backup Exec 2012 server. The default port number is 10000. You may use port 9000. This is done by editing the “services” file located at C:\Windows\system32\drivers\etc and adding the line “ndmp 9000/tcp” Reboot server after editing the file.
3. Make sure you have at least one Remote Agent for Windows license installed on your Backup Exec server.
4. Make sure that the “Enable selection of user shares” is checked in the “Configuration and Settings -> Backup Exec Settings -> Network and Security” settings.
5. When defining the backup job, select “File Server” at the type of server to backup.
6. When entering the NetApp Filer name, use IP address or the fully qualified domain name (FQDN).

The backup status for backing up NetApp Filer this way will always be “Completed with Exceptions,” since Backup Exec still looks for remote agent on the client. But this is fine, as long as all files are being backed up.

Teaching Kids to Program

Should we teach our kids computer programming? I believe we should, even though their future careers will not be in computers. Computer programming teaches kids logic, mathematics and computation, design, and creativity — skills that are necessary in any chosen profession.

Many will argue that kids these days are very computer savvy. They can easily figure out how an app on a computer, tablet, or iPhone works. I totally agree with them. However, for the most part, they are consumers or users of the technology. Being a creator is totally different. Creating or programming an app is a skill that is learned and developed over the years.

Recently, I took on the task of teaching my eleven year old daughter computer programming, since her school is not teaching them programming. At least not yet. I believe that the earlier you teach your kids computer programming, the better they will be. It’s not that I wanted my daughter to be a nerd, or take up a computer career. I just wanted her to learn a very valuable skill — a skill that will be very useful for her future. We all know that the future will be dominated by computer technology.

Teaching kids to program is easier than you think. There is a program called Scratch that was created by MIT to basically teach kids or any beginner to program. From their website: “Scratch is a programming language that makes it easy to create your own interactive stories, animations, games, music, and art — and share your creations on the web.”

I used a book called Super Scratch Programming Adventure!: Learn to Program By Making Cool Games by the Lead Project to teach my daughter Scratch. I was glad that she got totally engaged in Scratch. Up next, Python programming for kids.

My Top 10 Favorite Books

Aside from the technical (computer) books I read to keep my skills up-to-date, I’ve read numerous business and self-help books that helped me in my personal and professional life. Here’s a list of my top 10 books:

1. The 7 Habits of Highly Effective People by Stephen R. Covey. I read this book when I was just starting my career way back in the early 90’s. This book has a tremendous impact in my personal and professional life. It helped me how to be proactive, how to manage my time, and how to prioritize my goals.

2. The World is Flat: A Brief History of the Twentieth-First Century by Thomas L. Friedman. This is the best book I read on globalization. It argued that one should be a “versatilist” to compete in a shrinking world.

3. The Tipping Point: How Little Things Can Make a Big Difference by Malcolm Gladwell. This book explains that an idea, trend, or behavior can reach a “tipping point” where it spreads rapidly. The book is well research and has a lot of examples. I also like Gladwell’s Blink and Outliers books.

4. Never Eat Alone: And Other Secrets to Success, One Relationship at a Time by Keith Ferrazi. This is the best book I read on networking. The best advice I got is that you have to be generous – ask other people how you can help them.

5. The Last Lecture by Randy Pausch. I like this book because the author is a Computer Science professor at Carnegie Mellon who taught about overcoming obstacles and achieving dreams.

6. Good to Great: Why Some Companies Make the Leap… and Others Don’t by Jim Collins. This is one of the best business books I’ve ever read. It is based on research and careful analysis on companies that are doing great in the market.

7. A Short History of Nearly Everything by Bill Bryson. This book explained how the universe and humans came into being, from a science perspective. It recounted the researches and scientific discoveries and inventions from the Big Bang to the rise of civilization. The author made the book very entertaining.

8. The Harvard Sampler: Liberal Education for the Twenty-First Century by Jennifer M. Shephard, Professor Stephen M. Kosslyn and Evelynn M. Hammonds. The book is a collection of essays by distinguished Harvard professors, showcasing diverse subjects such as religion, cyberspace, evolution, medical science, energy sources, morality, human rights, and many more. The essays are entertaining and thought provoking.

9. Confessions of a Public Speaker by Scott Berkun. Aside from the Toastmasters manuals and magazines that I’ve read, this book provides tons of practical tips on how to conquer your fear of public speaking, how to organize your speech, and how to deliver your speech.

10. The Magic of Thinking Big by David J. Schwartz. Very inspirational book – provides useful methods on how to improve one’s life and achieve greater happiness.

Getting Promoted in IT

One of the perks of serving at an Harvard alumni club (I am currently the Secretary of the Harvard-Radcliffe Club of Worcester), was attending a 2-day Alumni Leadership Conference in Cambridge, MA. It was a nice break from work. I met alumni leaders from all over the world, talked to accomplished people (I met the writer of one of my daughter’s favorite movies – Kung Fu Panda), learned what’s new in the Harvard world, and learned leadership skills from great speakers.

One of those speakers is David Ager, a faculty member at the Harvard Business School. He totally engaged the audience while delivering his opening address – “Leadership of High Performing Talent: A Case Study.” We discussed a case study about Rob Parson, a superstar performer in the financial industry. In a nutshell, Rob Parson delivered significant revenue to the company but his abrasive character and non-teamwork attitude didn’t fit well into the culture of the company. He was due for performance review and the question was – Should Rob be promoted?

The setting of the case study was in the financial industry, but the lesson holds true as well in the Information Techology (IT) industry. There are a lot of Rob Parson in IT – software developers, architects, analysts, programmers – who are high performers, but they rub other people the wrong way. They are intelligent, smart, and they develop very sophisticated software — the bread and butter of IT companies. Some of these IT superstars aspire for promotion for managerial role. Should they be promoted? Too often we hear stories about a great software architect who went to manage people, but faltered as a result.

IT professionals who would really like to manage people should be carefully evaluated for their potential. They should learn people and business skills in order to succeed. Before giving them any managerial position, they should undergo a development program and they should be under a guidance of a mentor (or a coach) for at least a year. Most IT professionals should not take on the managerial role. They should remain on their technical role to be productive, but they should be given other incentives that motivate and make them happy – such as complete authority of their work, flex time, an environment that foster creativity and so on.

Upgrading Netbackup from Version 6.5 to 7.1

I recently upgraded a Netbackup infrastructure from version 6.5 to version 7.1. Here are some of my observations and advice:

1. Preparation took longer than the actual upgrade of the server. Pre-installation tasks included understanding the architecture of the backup infrastructure including the master and media server, disk-based backup, and ndmp; checking the hardware (processor, memory, disk space) and operating system version were compatible and up to snuff; checking the general health of the running Netbackup software including the devices and policies; backing up the catalog database; obtaining updated Netbackup licenses from Symantec; downloading the base Netbackup software and the patches; joining, unzipping, and untarring software and patches; and other related tasks. Planning and preparation are really the key for a successful upgrade. These activities will save a lot of trouble during the upgrade process.

2. The upgrade process was seamless. On Solaris server, I ran the “install” command to start the upgrade. The process asked for several questions. Some packages were already integrated in the base package such as ndmp, so the program asked for the existing Netbackup ndmp package to be uninstalled. The part that took longer was the catalog database upgrade.

3. Upgrade of client agents was also easy. Upgrading UNIX and Linux clients was completed using the push tool “update_clients.” Windows clients were upgraded using the Netbackup Windows installation program. One good thing though was that no reboot was necessary. Also, I found out that Windows 2000 and Solaris 8 clients were not supported on 7.1, although it will still backup using the old 6.5 agent.

4. For bmr (bare metal restore), there was no need for a separate boot server. All client install included the boot server assistant software.

5. The GUI administration interface is almost the same, except for some new features such as vmware support.

6. The java administration console is so much better, in terms of responsiveness.

CISSP

Leave a reply

A couple of days ago, I got the official renewal of my CISSP (Certified Information Systems Security Professional) certification from ISC2.  My certification is valid again for another three years, until October 2015.

CISSP certification is one of the certifications I make sure to maintain because of its usefulness. No question every IT professional should be aware of security implications in any system he/she develops, build, or maintain.  Security breaches are becoming the norm and IT professionals should be prepared to face these challenges.  CISSP certification greatly help IT professionals like me in creating and enforcing security policies and procedures, and in designing and maintaining secure systems.

When I first obtained the certification six years ago, in Oct 2006, I remembered it was one of the toughest exam I ever took.  And passing the exam is just one of the requirements.  One should have at least five years information security experience, and should be endorsed by another CISSP professional.  In addition, one should abide by the ISC2 code of ethics.

To maintain certification, one should obtain Continuing Professional Education (CPE) credits of 120 points within three years, and pay the annual maintenance fee.   The requirement to obtain CPE credits keeps my security skills current.  There are many ways to obtain CPE credits.  My favorites are the security seminars and conferences such as Secure Boston, Source Boston, and IANS.  One can also get points by reviewing security books, reading and writing security articles, and speaking about security in seminars and conferences, among others.

To learn more about CISSP and how to get certified, go to the ISC2 website.

BYOD

Leave a reply

Recently, I attended a security seminar on the newest buzzword in the IT industry – BYOD, or Bring Your Own Device – to complete my CISSP CPE (Continuing Professional Education) requirement for the year. The seminar was sponsored by ISC2 and the speaker, Brandon Dunlap, is a seasoned, insightful, and very entertaining speaker.  I highly recommend the seminar.

BYOD came about because of the popularity of mobile devices – iPhone, iPad, Android, Blackberry, etc.- , the consumerization of IT, and employees getting more flexible schedules.    Companies are starting to allow their employees to use their own devices – to improve productivity, mobility, and supposedly save the company money.  The millennials, in particular, are more apt to use their own devices.  Owning these devices for them signifies status symbol or a fashion statement.

However,  does it make sense to allow these devices into the company’s network?  What are the security implications of the BYOD phenomenon?

From a technology standpoint, there are a lot of innovations to secure both the mobile devices and the company’s applications and data, for instance, using containers, to separate personal apps and company’s apps.  Security companies are creating products and services that will improve the security of BYOD.  But from a policy and legal standpoint, very little is being done.  Companies who jumped into this BYOD buzz are getting stung by BYOD pitfalls as exemplified by one of the greatest IT companies in the world – IBM.   In addition, recent studies showed that BYOD does not really save company money.

Companies need to thoroughly understand BYOD before adopting it.  It is a totally new way of working.

The seminar highlighted the many problems of BYOD, and the immense work that needs to be done to make it successful.  No wonder the organizer entitled it “Bring Your Own Disaster” instead of “Bring Your Own Device.”

 

Networking Lessons

Leave a reply

I’m not talking about computer networking. I’m talking about networking with people at events (such as social events, seminars, and conferences) to increase your contacts and build meaningful relationships. You’ll never know if these people could turn out to be your future employer, your business partner, or even just your friend.

I’m not saying I’m an expert in networking. Far from it. However, these are the lessons I’ve learned from attending numerous networking events.

First and foremost, I make sure this is an event that I really want to attend. I get invited to a lot of networking events, since I belong to different clubs – Toastmasters clubs, Harvard Alumni clubs, etc. In addition, I get invited to a lot of IT related events such as security conferences, trade shows, and vendor seminars. I ask myself the following questions before I sign up:

1. Will it add value to me?
2. Will I make new / meaningful connections?
3. Is it worth my time and money?

Once I determined that I am going to the event, I prepare the night before the event. I polish my elevator speech, I make sure I have enough business card, and if I have access to the list of attendees, I plan on the people I’d like to meet. I also prepare questions I’d like to ask. Some of the questions I ask to break the ice are the following:

1. How do you know the host?
2. What do you do for fun?
3. Where are you from? What do you do?
4. Compliment anything – appearance, health, clothing (eg. Wow, that’s a nice…? Where did you get it?)

During the event, I make sure to talk to people and be the first one to say hello. I admit this takes a lot of effort for me since I am an introvert. But if I don’t initiate the conversation, nobody will. I ask a lot of questions and offer help within my capacity. Remember, networking is a two way street. It’s not only about what you can get, but what you can do to help the other person.

If the event has a speaker, I try to ask questions and participate at sessions.

I also make sure that I meet at least 3 new people I can connect with. I usually ask to connect on LinkedIn, since it is the best way to keep in touch.

Finally, I try to have fun and enjoy the event.

Internal Web Analytics

Leave a reply

There are a lot of tools out there that can analyze web traffic for your site. Leading the pack is Google Analytics. But what if you want statistics of your internal website, and you don’t necessarily want to send this information to an external provider such as Google? Here comes Piwik.  Piwik is very much like Google Analytics but can be installed on your internal network. The best part is that it’s free.

Since Piwik is a downloadable tool, you need to have a machine running web server and mysql. You can install it on your existing web server or on a separate web server. I installed it on a separate CentOS machine. I found the installation very easy. In fact, you just unzip a file and put those files in a web directory. The rest of the installation is via the browser. If there is a tool missing on your server, (in my case, I need the PDO extension) it will tell you how to install it. Pretty neat.

After installing the server, you just need to put a small javascript code on the pages you want to track. That’s it. Piwik will start gathering statistics for your site.

I also evaluated Splunk and it’s companion app – Splunk App for Web Intelligence, but I found that it is not ready for prime time. There are still bugs. No wonder it is still in beta. When I was evaluating, it wasn’t even able to get usable information from apache logs.

I’ve been using Awstats to extract statistics for internal websites for years. It has been very reliable but sometimes it provides inaccurate results. The open source Piwik web analytic tool provides accurate statistics and is the best tool I’ve used so far.