Slashdot Mirror
Consumer Tech: an IT Nightmare
snydeq writes "Advice Line's Bob Lewis discusses the difficulties IT faces in embracing the kinds of consumer technologies business users are demanding they support. 'Let's assume the consumerization of IT is the big trend many think it is. But using consumer tech in a business environment is a very different matter from being satisfied with consumer tech in a business environment. One of IT's legitimate gripes is that we're often asked to turn consumer-grade technology into business-grade technology with a wave of our magic wands. On top of the intrinsic technical challenges, there's this: IT doesn't have anything that even resembles a methodology for performing the business analysis we need to figure out what it means to put consumer tech to productive day-to-day use.'"
we're often asked to turn consumer-grade technology into business-grade technology with a wave of our magic wands
This is nothing new. We've been expected to do this with Microsoft Windows for nearly two decades now.
They jumped it some time ago. Itunes making you have to go through Apple to do *anything* is not just a walled garden, it's a prison. Yes, consumers might put up with that shit, but businesses won't.
At least from a software perspective, they have conditioned people into seeing the difference between the "home" version and the "business" version of the OS as nothing more than a license upgrade... a somewhat virtual "magic wand", if you will.
Tech company that has been targeting individual users since basically the beginning (Apple) does *not* produce software which is well-suited to all your business needs.
Also surprising, however, was that this little gem of a quote first appeared on infoworld:
The tools you provide should encourage user-driven innovation. Often, "it just works" does the exact opposite.
Article summary: Apple is a nightmare, Google is maybe passable, but Microsoft is where you want to be.
If you're running an enterprise and want to maximize user capabilities, you'll find the best collection of core technologies in Microcountry.
In other news, InfoWorld is still published.
Advice: on VPS providers
Yeah, the $70 drive from Newegg is 7200 RPM, 2+TB, and has 64mb cache. The $300 drive from HP is 5400rpm, 320mb, and comes with a piece of paper saying it's 'certified' compatible with the server, and they'll replace it free when it dies 7-18 months from now (same as the $70 drive's equally short lifespan). What a bargain.
Spending more for SLC vs MLC? sure. Ditto, for the network gear. But don't kid yourself... "enterprise" drives are no less failure-prone than their Best Buy Brethren. Nowadays, they're *all* crap. :-(
Lest we forget, the PC revolution in business was brought about by CONSUMER "Personal Computers" being brought into businesses to get around the walled garden of Corporate IT (Mainframes back in the day).
Today, it is iPads replacing Notebooks and Laptops, and Androids and iPhones replacing Blackberries and Palms (back in the day). IT should identify the need, and start ordering Commercial Versions of these products. Too bad they aren't so there isn't much choice.
If Google REALLY wanted to rule the world, they'd put together a Corporate Server solution to manage Corporate Android Devices and market the crap out of it in Professional IT magazines and in places where the CIO spends time. I realize that Google does have some semblance of this out there, but it is hardly Corporate Grade, nor is it marketed to the CIO/CEO as a "must have" for IT.
This is where Microsoft is losing the battle, trying to stay a "Windows Company".
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Now the same clueless top exec buys latest and greatest toys to play angry birds or something and expects it to work in the corporate environment. All the deliberate incompatibilities and interoperability poison pills baked into the system is coming back to bite the tails of IT crews.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
I do IT support for a company of about 800-1000 people. All of our executives and corporate staff wanna use their goddammed iPads, iPhones, Androids, and other personal wotsits or doo-dads to do their work. Enough is a-freakin-nuff! We're a corporation and we need to maintain stability and compatibility over fancy and chic. You get a laptop. With Windows. And a BlackBerry... if you're lucky. Oh, and don't get me wrong... it's not like I'm being elitist or something. I love these consumer devices for home use. I have all sorts of digital toys. But they belong AT HOME!
for the IT department here.
1. lock it all down:
ive worked for companies that insist IT is the gatekeeper for everything from remote controls to pagers and cellphones. While you get great control, you also have no time or resources to dedicate to projects and ostensibly everything with a wall wart becomes "your job." Powerusers view you as some sort of hitler-incarnate so you wont get help or input from them at all.
2. trust your users:
im working at a company that embraces google apps, that trusts its users in the cloud, that appreciates anything that frees up resources so that projects can be accomplished and new achievements in the organization can be made. the downside to this is your IT support is often branded as a group of do-nothings as IT can really only help people with approved technologies. IT guys find themselves in elevators and hallways, cornered by desperate users who swear the problem theyre having in the cloud is something your IT department works on. If the bitching gets loud enough, you may end up supporting it anyhow, and that subset of 8 systems your team used to directly assist users begins to look like 'infinity.' you really need strong management for this type of environment to work. ready and open paths for users who bite off more than they can chew to safely make their way back to known desktop technologies is also a big plus. You can in some cases leverage power users to evangelize people in certain directions or help out where possible. Wiki's work wonders.
Good people go to bed earlier.
Supporting iPhone (or iPad for that matter) for corporate email might be difficult -I do not believe that there are Notes or Outlook mail apps for these devices (although the new outlook webmail is pretty decent)
The other problem I have heard in the past is the lack of ability to provision the phones and apps in bulk instead of having to setup 100 different iTunes account for 100 devices -this is one of the things that probably gives IT departments (and procurement) nightmares.
Due to the locked down nature of the devices, customization such as a corporate device image with custom apps such as proprietary reporting tools is also probably not easy in this scenario. Security on consumer devices may also often be suspect. My company requires that laptops that travel have encrypted HDDs.
-I'm just sayin'
But HP will overnight me a drive once I send them a diagnostic report. And the drive has custom firmware and guaranteed to work with HP branded raid controllers
I don't expect you to support it, and most others don't either.... It'd be nice if you could spend a few minutes helping me to figure out how to make my email work on the thing, fixing any server related issues in the process.
This is the definition of support.
So why not buy 3 drives for $210, or 4 drives for $280 and RAID them, that way you don't have to worry about when a drive goes down??
Wrong, at least for Outlook (or rather, Exchange). iOS supports Exchange ActiveSync natively, including required pin locks and remote wipe. Of course as an end user those things are annoying, so there are plenty of jailbreak patches that remove the pin lock requirement (or rather, cache your pin so that it's only required after a reboot). I have no idea what level of Notes support is available on iOS, but seriously who uses Notes anymore?
Spending more for SLC vs MLC? sure. Ditto, for the network gear. But don't kid yourself... "enterprise" drives are no less failure-prone than their Best Buy Brethren. Nowadays, they're *all* crap.
Really? With Seagate Barracuda LP drives I had a 95% failure rate within a year. (Different batches of drives in different servers in different data centers, FYI.) With Seagate Constellation ES I've seen 5%. Now granted, the "enterprise" drives shouldn't even have that high of a failure rate, but they are a LOT better.
I don't know about Notes (although if you're stuck supporting that POS, you have my most profound sympathies), but iOS does have ActiveSync support, so getting mail from your Exchange server is quite possible.
"16MB (fuck off, MiB fascists)" - The Mighty Buzzard
Oh, stop your whining and do your job.
Don't go complaining to management when they want you to do something on the cheap. They're the job creators and you're nothing but a griping parasite. They could eat your job and shit it out in Bangalore before you can say "MSCE".
If you don't like the way business is done then go stand with the filthy stinking hippies in Occupy Wall Street. Otherwise, when we say "jump" you say "Minimum wage is good enough for me".
Who do you think you are, anyway? We're the motherfucking job creators Bucky, so you better check yourself and get back to your little hole and do some coding or sysadmin-ing or whatever it is you do. There's a reason I'm getting the big bucks and you're getting the increased co-pays and that reason is "I know what's what and you know jack shit."
Now close the door on the way out. I'm glad we had this little talk. And if I hear that you even whispered the word "union" I'm going to put my size 11 cordovan brogue ($370 at Nordstroms) up your bony ass.
You are welcome on my lawn.
departments who see no middle ground between "100% supported" and "not on my network ever".
Because there is no middle ground.
If we help you out of the kindness of our hearts once, you will never. ever. let us forget that.
As the guy in IT, let me ask this:
Why do I have to support your purchase? I don't get input into buying it, why should IT have to support it? How do I control your phone? How do I know you have a good password to lock it or even do you lock it? How do I remote wipe the phone if it gets stolen or you leave the company? How do I know it is encrypted? Does it even have encryption? How do I control what goes on the phone? How do I block certain apps on the phone? How do I keep the phone from talking to other devices that IT does not own nor support?
The list goes on and on. It's not about you buying something, it's about control, protecting company property and keeping out people we don't want in our networks.
Linux O Muerte!
For some reason IT folks think that all us iPhone toting folks are demanding that they support my iPhone.
It'd be nice if you could spend a few minutes helping me to figure out how to make my email work on the thing, fixing any server related issues in the process.
But not like support support it, just help solve any problems with it.
THAT is why so many IT departments have an all or nothing policy. They know what the road to hell looks like.
I don't expect you do this for every crazy piece of hardware out there...
Just the ones that *I* like.
You'll get a lot further if you appear to mean it when you say you'll support yourself if they'll just not actively ban the device.
not difficult at all, iphone supports exchange perfectly.
Do not look at laser with remaining good eye.
so your exchange servers are ran by morons then? I have ZERO problems with iphones and android phones on the corperate Exhance servers. they fricking work better than the blackberry garbage.
Do not look at laser with remaining good eye.
You want to run the thing, you want it to be yours, but you want someone to bail you out if you can't make it work. That is the nightmare IT scenario. That is the one that sucks tons of time from the group: When users want to run their own devices in their own way, but want IT to fix it when there's a problem.
Now I should say such a situation would be feasible, but only if you are willing to hire a bunch more IT people. Have a large enough group and sure, you can have people to do all the hand holding as well as all the all the central functions expected (like making network and all the servers work, developing new custom apps, and so on). However in a typical IT environment where there are not many support people, hand holding takes time away from other tasks.
Basically if you want to use your toys that's fine, but don't expect IT to want to waste time on them. They are your devices, you deal with them.
In terms of the "not on my network" I don't usually support that idea but there are cases where it makes sense. Security is a concern with companies and if the management decides they want only approved devices on the network, well then that is what IT has to enforce. There are reasons for that too: User devices are the biggest source of problems easily. I work at a university and we do allow for personal laptops and other things on the network. 99.9% of the time when there's a virus or other issue, it is from one of them. Of course they bypass one of the layers of our security, our border firewall, since they come inside the network, which makes them a bit more dangerous.
To me wanting IT to support your personal devices is the same as wanting the motor pool to work on your personal car. It just isn't reasonable. Your stuff is yours to do with as you wish, but don't expect corporate support to help you out. They have other things on their plate.
ActiveSync... that's all you'll need to worry about.
-- This space for lease, low setup fee, inquire within!
Not to the support folk.
-- This space for lease, low setup fee, inquire within!
The GP has no idea what "support" means.
The PROBLEM is that every single person out there has the same attitude towards "support" that you do.
With you it is your iPhone.
With someone else it is something else.
A third person has a third product.
And pretty soon it is "every crazy piece of hardware" (and software and website and so forth).
The problem is that if IT provides 50% support for X ... there will be calls from people wanting help with something that falls on the other 50% of X. Eventually it is 100% support.
If you want that to change, then get a business case together and get management's approval and IT will get the additional funding / staffing / whatever to provide the support.
Otherwise, deal with it. IT is there to support the management approved users on the management approved software with the management approved hardware.
I'm a doctor. We use Motion LE1700 tablet PC's running Windows XP SP2 (no joke) for our EMR (electronic medical record). I saw a physician colleague running our EMR on his iPad2 and thought "wow". At first I didn't care. Then I thought of two ways that I could really take advantage of running EMR on my iPad2. So I asked our IT dept. They've always said, "we are happy to help you connect to the EMR on your home computer", but now I learn that they meant Wintel or Mac home PC, not iPad. I really have NO idea what you folks mean when you talk about some dividing line between "consumer tech" and "business tech". So go ahead, brow-beat-up the new guy, explain it to me! -- Josh PS FWIW, same organization has custom written an iOS app and given free iPod Touches to physicians to access hospital patient care data, so it's not like the organization does not realize the opportunities in leveraging personal "consumer" tech for business purposes.
Why do I have to support your purchase?
You're asking why you have to do your job?
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
of course, security doesn't even enter your mind.
It may seem trivial to you, but can you guarantee that if you lose your phone someone won't be able to unlock it and use the attached services that you have hooked into? You haven't bypassed the exchange pin requirements somehow?
Can you guarantee your device does not contain malware of some kind?
Now, I will entertain the idea that modern IT people are not nearly as cleaver as 20 years ago. I mean, what do you need to know now a days, how to plug in a cable, randomly check GUI boxes, and say "Have you turned the computer off and on"? But then given the level of standards and integration between all equipment that exists, I can't really imagine that such support should be beyond the budgets and ability of even the most unqualified IT department.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
If you own it by simply informing someone of data, you're not handling it right. I've helped lots of people with different tools and made them know beforehand that I am doing this completely off-channel and this is totally unsupported, letting them know it's because I like them and want them to keep doing the work they do that I'm helping with what I can.
Usually, it's the stuff that they are blind to behind the scenes such as firewalls, server configurations, or just not knowing certain piece of information needed to configure the device like the imap server/etc/etc.
I personally physically despise people that work in the black-and-white narrow passages method. It sickens me.
-- This space for lease, low setup fee, inquire within!
So, what is IT's recourse if you bypass the pin and other security requirements?
This is BS. Webmail, FTP, USB drives, etc etc. All of these are allowed (maybe not by choice) technologies essential for business. They are easy for non-tech to use, so they get used. They are all much bigger vectors for intrusion than an iPhone.
A fool throws a stone into a well and a thousand sages can not remove it.
iPhones fully support exchange activesync, with remote wipe and everything.
In the mail settings, you add an account, and tap the first mail type in the list "Exchange"
Feed it your email address, then password. Done.
It uses the encrypted outlook web api (Same as the web app in a browser would over https) so works on the internal wifi as well as outside on 3G.
Employees are warned about the remote wipe feature, both in the employee handbook and directly when I'm asked if they can get their mail on their phone.
Users can even log in to web mail and perform the remote wipe and remote password reset features on their own, including from home, and most importantly whenever they need it.
Otherwise it has been one of the more simple non-windows devices I've had to support on a windows network. :P
I come from a Linux/Mac background as well, which doesn't translate the best to running a windows domain. I'm the reverse equivlant of the ditsy windows admin installing x11 and gnome on all the servers so he can remote admin them
The less I have to do to dig deeper into the windows world, the better.
Most android devices are basically as easy, but usually also ask for a username instead of extracting it from the email address for the first try.
Only two people with android ever had mail problems, both solved by removing and re-adding the mail server entry.
I'm just thankful the CEO is no longer using that blackberry... BES was hell!
just go down to best buy and get a few linksys wifi routers and enable corporate wide wifi....
Itunes is definitely an application, what is your point?
HP drIves alsO have a predictive failure warranty
not exactly...
What if there are security or protocol requirements for accessing my network or my apps that your phone does not support or are easily bypassed on it? How can I support that?
What if your phone requires some hotspot technology that I do not have?
Blackberry was able to get away with this by having enterprise level security and good outlook integration -Android and iPhone -probably not.
IT depts sign off on things that they know will work with existing infrastructure or with the expectation that there will be budget to add the necessary pieces -this bypasses that process and puts IT in a difficult position -esp when some exec decides they want to use their latest toy....
I'm just sayin'
i would think his management would object to somebody classifying his job as supporting random devices people buy. and no, he's not a free tech support for any crap product you decide to bring in.
Rich
If you came into my office with that attitude, I would tell you fuck off and also make sure your shitty device NEVER touches my network. You piece of shit device gets onto the corporate network strictly on the terms the company sets and I enforce it. If you dont like it, fuck off.
Now answer the GP's questions
User support is an important issue, but the least of the issues that IT faces.
Agreed, there is no middle ground between "100% supported" and "not on my network ever". That's because putting a foreign device on a corporate network is not putting it "a little bit" on the network. We have no control over the device, no idea what it might do.
Now, there are ways to safely support foreign devices, by sequestering them onto a dedicated network for example, which also necessitates effective practices for locking them out of the standard network. But that takes a degree of care in policy, design, and implementation for which many organizations are simply not resourced. So good organizations say "no". Mediocre organizations say "whatever". Guess which ones get hacked more often? Guess who's in trouble when that happens?
Parity: What to do when the weekend comes.
IT support works best when they maintain core systems adhering to open standards. That way they can supply mainstream users with standard devices/environments, while still allowing sophisticated users to connect and get their work done. Part of the deal can be that sophisticated users provide their own support for their environments.
For example, while secretaries may be best served by running Windows, it often makes good business sense for dev teams to work on their target environment. A good dev team won't have any problem supporting themselves so long as the infrastructure is solid.
A special class of user is the early adopter. Befriend these people because they are investing time in experimenting with new tech, some of which will become mainstream (and some of which is passing fad). So long as you insist on them supporting their own crazy experiments, their efforts are a net win. For instance, early adopters seem to have worked out that iPads will be the mainstream winner out of the tablet field. That's a whole lot of research and evaluation that IT doesn't have to do.
What about security? I think this is often used as an excuse for trying to (quixotically) maintain some kind of status quo. Of course security is important. Appropriate policies should be enforce by core systems, with the assumption that pretty much all mobile devices are insecure. For instance, there's usually no need for a lawyer's iPad to access the central source code repository, and this is trivial to enforce without descending into a subjective argument about which mobile devices are less secure. They all suck.
The big picture is that the way we live and work is changing. People carry lots of powerful mobile devices, and work and leisure are ever more intertwined. Good IT people will work out a way to support their customers. The rest will go the way of the mainframe operator.
Really? How about spending $140 and buying TWO of the cheaper drives instead, and putting one aside for a spare. Or a hot spare, if you so wish.
Sun used the same excuses to vastly overcharge on components. The only reason it happens is so the companies can pad their bottom line with high-margin items.
Learning HOW to think is more important than learning WHAT to think.
Or you just pay $240 (3 drives * $80/drive) to keep extra drives on hand while they go through the replacement cycle.
Assuming we're going with the GP post's question RE an iPhone my answers to your questions would be as follows:
1. The Managing Director bought it because he got annoyed about the blackberry outage.
2. Sadly the Managing Director controls your budget, ergo he says what you do and don't support.
3. It's an iPhone, it supports ActiveSync and provisioning profiles but you should know this already, given you read slashdot.
4. Because you set the policy on the exchange server to require good passwords on all devices connecting via ActiveSync. If you don't know this you really shouldn't be administrating an exchange server.
5. See point 3.
6. You know it's encrypted because you googled iPhones and know that the any iPhone 3GS or above has encrypted memory. Thus why wiping is so quick, it just deletes the encryption key.
7. See answer 6.
8. See answer 3. Provisioning profiles.
9. See answer 3. Provisioning profiles.
10. Private VLAN it and employ port and wireless isolation.
You've not given any questions here that you should even be asking users apart from questions 1 and 2 which are legit questions. The rest are stuff where you do the research and tell them the answer.
"Business Grade" = Locked down windows xp system featuring a "managed" internet explorer suite
Sure, I'll help you by also enabling a controlled password lock, and you will allow me to remote wipe your device when you get laid off. I've no problem supporting you, but it the process and procedures and protocols are in place to mitigate data loss, sorry - your not getting WORK email on your iDevice unless it's company supported, and I put *IT* control on it. Fair?
ummm... you might want to read the parent's post again
Too much salesmanship and time spent maintaining personal connections for me. I'm just not wired for that. I just found an IT shop that isn't treated as a second class corporate citizens. It's easy to get what you need to do a job if A) you have reasonable bosses that trust you and B) you don't ask for crap you don't need, which includes seriously introspecting about whether you are asking for something based on the needs of the organization, or some personal dogma.
Someone had to do it.
Here is the problem with some businesses. They treat IT like it's fast food. There is also a certain race of people (I have worked for 2 companies and they think the same thing, I am trying to leave the one I am with now) who think they can run business systems until the wheels fall off and then pin the hopes on their IT professional who has everything in his head and nothing written down except IP addresses. I managed to walk into a ball of bailing wire and a 1 and half hour pass down of 4 years of knowledge. Awesome!
They overwork their IT person with wearing all hats and then they wonder why he left. He is lucky if he can take long weekend vacation without someone calling him or something failing Sunday morning at 3:00am. 2 week vacation? Out of the question!
I work for a living, not live to work and to carry my laptop with me 24x7 is indicative that they don't or won't hire additional IT support or their systems are held together with duct tape and glue.
As I walked in the door the former desktop support guy is building an off the shelf server with an ASUS motherboard that probably has had it's last run of 5k of them manufactured. I sure hope I am out of there when that thing fails because the chances to getting that same motherboard is nill to none.
Running a company on off the shelf components is dangerous and stupid and if you work for a company who does that sort of thing then you should prepare to walk.
Having current support contracts on all your gear is super important, its' cheap insurance and well worth the price you pay for it.
Then your exchange servers are broken or your IT shop is clueless. iOS uses ActiveSync, which is designed to connected to Exchange servers (it's licensed from Microsoft). Of any Microsoft products, this has to be one of the easiest to configure and maintain that I've seen and that's saying a lot.
It's also completely worthless from a security standpoint. No encryption. You have to expose parts of your Exchange infrastructure to the Internet as well (Yes, you need to do that to do OWA over the Internet also). Since good security practices teach us that if you expose a system to the Internet, *eventually* you will get hacked.
Good For Exchange (GFE) at least provides on-board encryption for email/calendar/contacts, unlike ActiveSync. And you don't need to expose your servers to the Internet to provide services. Then again, GFE is crappy software.
Anyway, if you think ActiveSync is a viable solution then your corporate environment is either unconcerned or unaware of the serious security issues posed by it. Hmm...does that mean your IT people are clueless?
No, no, you're not thinking; you're just being logical. --Niels Bohr
For some reason IT folks think that all us iPhone toting folks are demanding that they support my iPhone. I don't expect you to support it, and most others don't either. At a basic level, I expect my IT department to not *actively* disallow use of such technology, which is what I see all the time, departments who see no middle ground between "100% supported" and "not on my network ever". It'd be nice if you could spend a few minutes helping me to figure out how to make my email work on the thing, fixing any server related issues in the process. I don't expect you do this for every crazy piece of hardware out there, but it would nice if you could be *helpful* as I try to figure it out myself.
I hate to break it to you, but whenever you allow something on your network, users will, from that moment on assume that you take full responsibility for their equipment. I've seen it many times. It happens on my network on a regular basis. Even if you don't demand supportability for *all* devices, company owned or not, from your IT people, a large contingent of users do just that. At most companies, as soon as IT says, "okay, you can use 'X'" IT is forever responsible for making it work. period.
No, no, you're not thinking; you're just being logical. --Niels Bohr
in my experience end users generally only know what they need to do get the task done. They have very little troubleshooting experience or expertise. You may have made them aware there is a firewall, but once you help them they will keep coming back to you whenever there is an issue and often assume it has to do with the "firewall" or the "router" when it could be something completely unrelated.
Supporting iPhone (or iPad for that matter) for corporate email might be difficult -I do not believe that there are Notes or Outlook mail apps for these devices (although the new outlook webmail is pretty decent) The other problem I have heard in the past is the lack of ability to provision the phones and apps in bulk instead of having to setup 100 different iTunes account for 100 devices -this is one of the things that probably gives IT departments (and procurement) nightmares.
cf. Good Technologies
just sayin'
No, no, you're not thinking; you're just being logical. --Niels Bohr
I feel your pain, I used to work in Education IT back in the day. I'm assuming you must be running unmanaged switches? If there is ONE investment I must plead with you to get your boss to make this year, it is for a couple of decent managed switches. Pupil wires two network ports together? No problem Spanning Tree Protocol turns off the ports. Rogue device connected to the network? No problem it goes on the port isolated private VLAN'd quarantine network because you have RADIUS server authenticating devices. Rogue DHCP server? No problem all packets are dropped at the switch. Plus all errors at the switch can be sent to a syslog console so that you know that something's up even if you've not been called. The time it will save you if done right, especially on a large site is amazing. Plus you can put the curriculum and admin networks on the same switch VLAN them and control what passes between them with a firewall.
We got in front of the iDevice train, followed by the Android train..... 99% of our people requested email access, not problem. We're still a Groupwise shop, it was a simple matter to stand up a Novell Datasync server and provide all them with calendar and email access on iDevices and Android. We'll even put a bullet in their phone if they lose it. Our restriction? pin code instead of swipe to open and the agreement that when they leave our employ we will be sending the bullet out to their phone and they will need to reconnect it to their pc (iDevice) or go through the registration process (Android) to get use of it again. We don't allow personal devices on our core network, but we do provide a wireless access ( low bandwidth, no access to the core network) to these devices. We may actually sponsor iPads someday for certain users AND we do give them the option of a blackberry or iphone if they are issued work cell phones.
~corporate tool, but employed~
One of the hardest fights I've had in IT is explaining why I spend $300 a drive from HP and not $70 for the same capacity from Newegg.
Ignorance? Completely lack of education about actual performance of the drives themselves and their life expectancy? I could come up with lots of reasons why you would do it, but they'd all make you look dumb. That $300 drive is hardly worth more than the $70, and when put in a proper RAID setup, it matters even less.
That and explaining that a 48 port gigabit Linksys is NOT even in the same class as a 4948.
Yes, those are different, but its unlikely if you're having that discussion that you're doing anything that would actually require the high end switch for your users to notice a difference.
Basically, you just made yourself look stupid.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Bullshit.
With a 95% failure rate you could have had seagate tickling your balls while they tried to figure out what was going wrong ... right up until the point where they should you how your power supplies were frying the drives.
That is simply unbelievable to anyone with 1/4 of a clue.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
That's always how it starts.
That's never how it ends unless you can drop a really heavy cluebat on their head.
No, because in a "good organization" the sales guy is running on a workstation that doesn't allow ordinary users to install software, among other things. And support staff were not busy yelling at the engineer for using a personal laptop because they don't have to. He finds that he can't get on the corporate network with it.
How do I know this? Because I've been advising organizations about secure system design for the past 20 years. Before that, I spent 15 years writing operating systems. So I've had a bit of experience watching other people's designs break while mine don't. What's your background?
Parity: What to do when the weekend comes.
If cost is no object, fine. Go with the "enterprise" hardware. In duplicate or triplicate. But IMHO, if it comes down to choosing between a single certified "enterprise-class" hard drive, or a pair of Velociraptors in RAID1 (or better yet, a menage-a-trois doing RAID5), you'd have to be completely insane to sacrifice redundancy for minimally better odds of non-failure by an expensive single drive.
I get that you may despise people who are sticklers about the rules, but consider what a typical IT staffer is going to be faced with. The typical "random device" user is going to say "Hey, Mr. IT guy, I want to hook my up to email. Any problems?"
Let's say I say, "Not really. Point it here and you're good." Let's even suppose further that I say "By the way, we don't support your . If it goes haywire, it's like this conversation never happened."
I'm still going to hear about it when something happens. It is still going to eat bandwidth in my day as I am rolling out a patch which also happens to sever the connection to s because they are incompatible with this patch. I am still going to have to reply to his email, even to say 'Nope.' Even to hit delete.
That's just personal inconvenience. On top of that and frankly of far more concern are the possible problems that may crop up because that device is connected to company resources. If it happens that some bizarre interaction between and a company server causes downtime or data loss, it's not the end user that's likely to get grilled, it's going to be the IT guy who let him connect his unapproved to the company network in the first place.
You also cannot install any App from the App Store without an iTunes account (that includes FREE apps). Not that it matters because it's easy enough to sign-up for a free itunes account (even without a credit card) but I just wanted to mention it for completeness sake.
If the pollicy is so clear then what's the conflict?
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
If, for example, fifty people in your shop have iPhones, and would like to use them with your corporate e-mail, the most time effective solution is to (yes) learn how to do that effectively, and then WRITE IT UP IN CLEAR, STEP BY STEP ENGLISH so that people can do it themselves.
Or you can rant and rave, refuse to help, and wind up with half of those people either having e-mail that doesn't work, e-mail setups that conflict with your sacred servers, or, if you're REALLY lucky, phones with downloaded apps that actually do some damage.
Three Squirrels
To play devil's advocate, if you bring in an unsupported device and start to conduct business on it, then it fails at a critical time, where does that leave everyone? And while you might be very tech savvy, the lady down the hall might decide she wants a shiny new iPhone too, but she still thinks the mouse is a foot pedal. Do I tell her "no sorry Mr McGibby is pretty sharp so he can have an iPhone, but you're a dimwit so you're not alllowed" ?
2 TB drive $70 on newegg? Where??
Yea, and IBM used to sell you a 1k RAM upgrade for $65k ... and when the technician came to 'install' your upgrade ... he removed a jumper so the other 1k that was already in the fucking machine would work. You're getting ripped off and just aren't bright enough to realize it.
If you claimed that 'management won't hold me responsible' as your excuse, then I'd understand, but you actually think that HP is selling you better drives ...
You do realize that ... THEY DON'T EVEN MAKE DRIVES right? You're actually buying that $70 ... and paying $300 for it. Well, it and the rebranding they did to the firmware with a hex editor.
http://en.wikipedia.org/wiki/Hard_disk_drive#Manufacturers
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Apple now supports Mobile Device Management platforms (Air-Watch is my favorite, MobileIron is also popular, but more expensive) that allow easy end-user provisioning, think of something along the lines of Enterprise Activation using Blackberry Enterprise Server. It also allows a significant amount of control over the device, like what apps can be installed, password requirements, remote lock/wipe, etc.
As far as bulk purchasing apps, Apple now has the "Volume Purchasing Program" that makes it easy to buy multiple copies of each App. Basically you go buy X copies of the app, you're given X download codes, you distribute those to your iOS device users and they use them to purchase the app.
Regarding encryption, iOS devices are also encrypted with 256bit AES hardware encryption (warning, that's a PDF - see page 3). To be honest with the tools available today it's not very difficult to manage Android and especially iOS devices.
The nightmare for me is when the Chief Executive Officer spots some new "toy" and wants it to work seamlessly in the corporate environment. The CEO has the weight to throw around to make it happen - then their administrative assistant needs to have the same new "toy," but it has to synch with the CEO's toy... Instant insomnia!
Years ago the kit you used at work was faster, better and more powerful than your home consumer devices. Today it's the reverse and what you are forced to use at work is totally crappy next to what you have at home. Thus consumerization of IT is necessary to even get your own work done.
Or to put it more simply, my companies OS is XP with Office 2003.
-Xen
Say'n what? That you buy into marketing hype that can not possibly be true? First I've heard of them, but reading their claims for what they can do for iPad/iPhone devices .... hhahhaha bullshit :)
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
I work in IT and I agree with you 100%. IT works to support the organization, not the other way around. The tough part is juggling a million different projects and requests. Most of the time we can barely keep our heads above water.
the most common "failure" is due to how the drive firmware handles bad sectors
- a "enterprise" drive passes the bad sector info to the controller to allow it to remap and also use it as a predictive failure indicator.
- a "consumer" drive remaps internally and depending on the firmware it will try to recover the sector an in general hang/timeout on I/O while doing this
When a Raid controller sees the drive hang/timeout on I/O it is considered a "failed" drive. While people will argue that all it takes is a reset and the drive is good to go - it puts the array in a degraded state which puts data at risk and also reduces the array's performance - and don't forget to count the $in someones time dealing with it.
'...if only "Jumping to a Conclusion" was an event in the Olympics.'
It's not that it's not easy to support, it's not that it's not easy to configure--the problem comes in with who actually owns the data and where that data goes. With your iPhone, you have access to resources even after you're fired that you should no longer have access to. There's data and information on your phone that does not belong to you that belongs to the company.
But since it's your phone you surely aren't going to let the company wipe your phone and wipe your iPhone backups, are you? Of course not.
And this is where the problem comes in.
For more secure configurations (and if you do anything with user financial data or medical records, as well as anything government) you tend to have to follow a strict policy for encryption and security of that data. Every single one of the laptops and desktops on the government network that we support is encrypted. It's a bitch for us in IT to have to handle at times, but it works.
Throw in some FIPS requirements and there again goes your iPhone.
This has been the IT Challenge since VisiCalc sold Apple ][s.
If you want to have a bitch session about it, I'm not entirely without sympathy. Just don't let it blind you from forming real strategies to meet the challenge.
Maybe I got lucky. I got to watch our Burroughs mainframe high priests do nothing but bitch while the workers gave up on them and bought and tended their own DOS boxes. In a very few years those priests were gone. It was a sharp lesson. You've got to deliver what your internal clients want, or you're history.
You're 126.4% correct. However, it's insecure and foolish to attempt supporting products that you do not have the skill sets to succeed. As I (and others) mentioned in earlier posts on this thread, the way it goes is that if you allow something into your environment, 95% of the time that's tantamount to sending a broadcast to the entire organization that whatever it is is now fully supported (and supportable) by IT.
I have no problem implementing new or existing technologies which can improve performance and, most importantly, the bottom line of my organization. Introducing technologies which cannot be effectively supported (and effectively supporting something means having the skills, processes and resources to do so) is only going to be detrimental to the entire organization. Please note that I'm talking about *large* organizations.
Identifying and implementing technologies that can enhance the ability of users to *do their jobs* is a core function of IT. If your IT organization isn't doing that, they're doing it wrong. That said, implementation is more than just installing the software or hardware and tweaking the configuration. Processes need to be developed, redundancy and fail-over needs to be designed and implemented, IT resources need to learn how to use and support the technology, users need to learn how to effectively use the technology, infrastructure may need to be upgraded, enhanced or even completely replaced. I could go on, but hopefully you get the point.
And that's just the technology aspect. How do you pay for the new technology? How do you deal with senior management that's afraid of change? How do you realign your human resources to support the new technology? Do you need more people? How are you going to pay for them? Again, I could go on and on.
My point is not that IT shouldn't innovate or support new technologies. It's that if you just deliver a pallet full of iPads to the loading dock and start handing them out (or open the doors to unknown, untrustworthy personal devices) without the appropriate planning, engineering and implementation, you're setting yourself up to fail.
No, no, you're not thinking; you're just being logical. --Niels Bohr
No. The job of IT is to keep things running smoothly. Letting people buy any random crap they think is neat, and then make IT support it, is almost 100% counterproductive to that goal.
Furthermore, unless you're the CEO or my boss in some other way, you don't get to add every single piece of technology under the sun to the list of things I'm required to support for you. IT (or those up the food chain from IT) decide what gets supported, not random people who think that iPads are cool, so they should purchase one and IT should be required to support it as if it were a product they researched and decided to use themselves.
"16MB (fuck off, MiB fascists)" - The Mighty Buzzard
As a guy not in IT:
Becuase us users resent your petty fiefdoms. Its 2011 now, the technology exists.
I'll see your hokum and raise you a boondoggle.
Yes, but they aren't going to be VPNing into CVS, Subversion, or Git are they? Team Foundation Server is basically the MS VisualStudio source repository and continuous integration server (I say that with great hesitation, they think of it that way, but its hard for me to call it that).
Basically, I'd say the post you're responding too is probably a bot spewing random gibberish.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
I have a methodology. It involves wiping the included consumer-grade software and replacing it with open source. Anything less is just asking for a world of pain. (Unfortunately learned through experience)
"I assumed blithely that there were no elves out there in the darkness"
I have a word of wisdom for you:
-Instead of thinking IT "gets in the way", you should put together what it is you want to do on the network and the systems and propose it to IT. If you're a decently sized company I also hope you have a Security guru within the company as well. Sometimes this is one and the same with IT, depends on the structure.
-Propose your change to IT to see if it's something they are going to have to support. Chances are if it's on the network, IT is going to have to support in some way--whether it be server infrastructure or application support. If it's something IT is going to get called about at 2AM that's down that you stood up, the IT department has every right to control that network.
I actually work in a shop where we in IT keep a very hands off approach and believe me it's a nightmare. It's a nightmare to support and it's a nightmare from a security perspective. I'm actually working a plan in order to bring it back into IT's hands so we can at least handle what's going on. We recently had a security audit done and believe me--it wasn't pretty.
-Trust IT that they know what they're talking about, generally. Not every IT guy is a guru at what they do, but trust that they have to handle not only what you're doing but *everyone else* as well. Every piece of software that every middle manager throws on their systems and think they're someone important because they have "manager" in their title. IT does not report to you; and for the most part the only real answer they need to give you with $special_application is that it's nothing on the network that would prevent it from working.
IT is also not usually consulted on projects but typically asked to stand servers up. As another example, we've got 10 year old Sun server hardware (long since EOL) that's supporting some developer applications. IT had pretty much no say in the matter at the time as far as this hardware is concerned, but guess who gets e-mails and phone calls when the hardware goes down? I've now had to replace multiple fans by gutting un-used systems. They're going to really go to shit when something more serious dies, such as a disk controller--and they lose everything.
The above situation is exactly the situation that happens when IT doesn't have control over the environment. This is why we try ot push for it.
As an FYI, the solution to the aforementioned Sun server problem is IT pulling in some new hardware with RHEL6 and configuring it for the developers to replace the aging Sun boxes (so they can install Oracle) and go from there. We're also pulling it under IT's banner as an essential service for 8x5 support. We're procuring licensing, books, training, and support contracts.
All that means is Seagate is pulling the better drives out of the bunch and leaving the absolute shite at the bottom of the barrel for consumers. Personally I'd buy up Samsung and Hitachi drives while you can if I was you, I've put those drives in some pretty hellish places and they take serious abuse.
But if you are serious about a 95% failure rate I'd say you were buying off the back of a truck or ur doin it wrong.Even with the cheap ass bottom of the barrel Maxtors I've never seen higher than 10% and even with those one good stress test when first unpacked (I keep an old box around loaded with Spinrite for just such a job, Spinrite level II will cause those drives that are shit from the factory to overheat and die hard) fixes that problem so a 95% failure rate tells me you had a shite controller, a failing part, possibly PSU, screwing the drives, or you got them from "Handy Bob's House O' Drives" where they were selling you cheap ass refurbs as new.
ACs don't waste your time replying, your posts are never seen by me.
Say'n what? That you buy into marketing hype that can not possibly be true? First I've heard of them, but reading their claims for what they can do for iPad/iPhone devices .... hhahhaha bullshit :)
I don't buy into the marketing hype. I did something which may be alien to you. I *implemented* it. And not by my choice either.
I'll also point out that I mentioned, in another post in this thread that GFE is crappy software. The only advantage it has over every other competing product is that it provides strong encryption on-board the iphone/ipad/android. That's critical for my organization and the *only* way we would allow those devices to store company emails. I don't really like it. It has many quirks and doesn't always work. However, it does, substantially, what my organization needs it to do.
So stop talking out of your ass. You're stinking up the place. Have a nice day!
No, no, you're not thinking; you're just being logical. --Niels Bohr
Like many intelligent folks, you've missed the point.
Your assertion, that a competent admin with a complement of appropriately selected hardware and software could safely allow a great many consumerish devices on his network relatively safely, is totally correct. But misses the point that 1) Not all companies will spend the money for appropriate switching, firewall, and security tools such that an admin can accomplish these goals. Because, regardless of skill level if the device doesn't do it, it doesn't do it. and 2) That the added workload on your already overworked admin (who, if he's still employed, is probably on a much smaller team than he used to be, or all alone) might be enough that the company HAS to add another administrator, which means the company is incurring a massive expense for additional personnel in a down-economy solely so the special snowflake crybabies can look at fucking Facebook using your WiFi on their plastic penis-extenders..
What business benefit do we get from working through these machinations for our users? And BUSINESS BENEFIT means measurable, quantifiable contribution to PROFIT. Not .commer b.s. about feelings: MONEY. How does my company benefit from Special Snowflake's iPadroidreo in a way that it couldn't (more cheaply) by buying same user a standardized mobile device?
Who did what now?
Not at all. Supporting whatever crap you bring to the office isn't in my job description.
Here is what happens when IT meets consumer tech.
My new iPhone has built in email contacts and calendar. I point it at our exchange server and give it my password and it "just works". "Well holy shit", says the IT dept, "that just won't do". "We can't have users looking after themselves" So they tell me I need to get "Good" mail. First I have to buy a license to use it, and then they dick around a week getting it to work. Now my email is "secure", because we just can't run the risk of the KGB finding out when I'm having lunch next Thursday, or how many meters of #6 cable we buried last week. How is this better you say? I'll tell you. Before Good, my phone would go ding, I would look at the screen and see "Meeting with Fred, 11:30, big boardroom". Now I get a ding, and my screen says "Event!" I unlock my phone, I open the Good app. I enter my Good password. I wait 30 seconds while things are decrypting. Finally the app opens fully. I push the button for calendar and see "Meeting with Fred, 11:30, big boardroom. The entire process now takes 45 seconds, where it used to take 0 seconds.
The badge for unread emails used to tell me how many unread emails I had. Now with Good mail, it increments with every new mail received. Then if I read the email on the computer, it increments again. Yes, that's right. If I receive 5 mails and read them on my computer my phone now says I have 10 unread mails. (Apparently it is not our IT dept's fault that this "Good mail app" they have forced on me sucks so bad. It's all Apples fault, just ask our IT guys, they'll tell you.)
Bullshit, enterprise class drives have from 1/2 to 1/3rd the AFR of consumer drives. Data from Google, Microsoft, and other large scale providers proves this out. NL SATA is about 2/3rds the AFR of common SATA according to Microsofts numbers from the hosted Exchange for education group.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
IPhone aside its not exactly easy for IT to be *helpful* because with all due respect you are usually as ignorant about what has to happen for your phone to send and receive mail as we are about the production planning, currency trading, contract management, or whatever it is you do.
You say, how do set up mail on my [A-z]*[0-9]?.?\? I ask well does it use IMAP, POP, what authentication methods for SMTP does it support and can TLS for any of those? You usually answer with a blank stare, and suggest we could look at the manual after a few moments. Next we have to make services available and run gateways our *supported* might not need.
So what it often comes down to is you are really asking IT to figure it out and make it work. There often is no middle ground. Mix security considerations in and that tiny middle ground gets even smaller. Can the storage on your device by encrypted? Was it when you lost it; because you have customer information in some of those e-mails you reading there. Do you even inform me if you lose it? See I might need to be able show some supporting evidence to avoid disclosure requirements but your device does not report compliance information to me, so now what?
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Do you fear coming in under budget?
"I assumed blithely that there were no elves out there in the darkness"
Because my arrays already have hundreds of drives, increasing the drive count by 400% to account for a vastly higher AFR isn't cost effective in any way.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Disable your Activesync access and/or wipe your device.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Bullshit.
With a 95% failure rate you could have had seagate tickling your balls while they tried to figure out what was going wrong ... right up until the point where they should you how your power supplies were frying the drives.
That is simply unbelievable to anyone with 1/4 of a clue.
his 95% claim is less outlandish than the post saying enterprise drives are no better than consumer grade drives.
Maybe his 95% claim is from that period of time when seagate was having their little firmware "issue". Maybe his sample size for this anecdote was small, the drives were from the same batch and there was a bad run?
Also, 65% of all statistics made up on the spot are bogus.
Flappinbooger isn't my real name
Why can't you say 'no'?
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
Sorry friend but you missed it, as I'm sure he was talking about "pre-flood" pricing. About a month before the flood i bought up some Samsung EcoGreens (Really great drives BTW, the big cache makes up for the lower RPM and they run really cool) and I paid $60 each for the 2Tb and $35 each for the 1Tb and now good luck on even finding the 2Tb and the 1Tb is $95 for a refurb or $147 new which is frankly just nuts. I'm just glad i kept 6Tb for myself before selling the rest to my customers as I'd hate like hell to have to buy drives now. I got a few sub 400Gb SATA and IDE drives i'm saving for customers that have one die and I'm gonna try to ride it out as best I can.
That said if you HAVE to buy a drive right now I'd look into snatching an EcoGreen before they are all gone. in my own tests I've found nothing but the perpendicular drives with 32Mb of cache or better beats 'em and the temp difference is well worth it. I even changed out my OS drive for an EcoGreen and I went from 94 benchmark with a Seagate Barracuda 500Gb to 131 with a burst rate of 129ms and a temp drop of nearly 40 degrees F with the Samsung.
As for TFA? If you still work corp my heart goes out to you friends, personally I got tired of the ulcers and headaches. it always seemed like they would give you impossible problems and expect you to 'just fix it" given nothing but $3 and some duct tape. And if you did a REALLY good job they might even cut your funding! I swear the janitors are treated as more important in some places than the IT guys. The PHBs act like its all magic and the IT staff are just sitting around drinking coffee and playing an MMO. I saw too many of my friends bust their asses only to have their job cut out from under them or even worse be forced to train some H1-B hack to take their place, fuck that mess.
Maybe IT guys should have a union? Or maybe do like the cops and have a case of "blue flu" and let management see how important they really are by all calling in sick for a few days? I know that stupid shit like TFA is just a symptom of a bigger problem, and that's lack of respect for the role IT plays. And if that doesn't change frankly I'd be amazed if there is even any new IT guys in 10 years, as according to my oldest IT courses at the local college are a ghost town, nobody wants to be in IT anymore and frankly I can't blame 'em.
ACs don't waste your time replying, your posts are never seen by me.
Well you are doing either yourself of them a disservice and its going to bite one of you one day. What happens when that person has some critical business on that and something goes wrong while you are on vacation? Nobody else knows how to help them; they wind up embarrassed in front of client? What happens when some sort of upgrade or change is made by another group within IT, that breaks it. Its not like it was on any test plan or documented so that is very likely in most shops I have worked in, you coworkers don't know about it and won't therefore think about it.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
If you came into my office with that attitude, I would tell you fuck off and also make sure your shitty device NEVER touches my network. You piece of shit device gets onto the corporate network strictly on the terms the company sets and I enforce it. If you dont like it, fuck off.
No, you wouldn't. You see, there's a certain underlying reality here that you're in conflict with: When somebody says "I need my device that I carry with me at all times to connect to the company's mail server", they're saying "I want to do more job more efficiently." Guess what? In the eyes of the people paying your paycheck, those dudes win. Your job is to supply data to them and you know damn good and well you'd hook them up and then go back to browsing Slashdot and posting fun little short stories about what you'd do in an alternate dimension where you actually had any authority to tell anybody to fuck off. Your problem is *not* gadget happy employees.
Now answer the GP's questions
I did. But I guess I have to explain something that's actually really really obvious. If supporting all these devices has a measurable impact on the bottom line, you make the case and get a policy set. You nail a sign to your door that says "We will not hook up your iPad." If you can't make the case, then your job isn't going to be as easy as you'd like. Boo hoo.
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
I was just talking about this to a friend of mine yesterday. I've been a "customer engineer" for most of the last 47 years. Back in the age of mainframes and minicomputers businesses understood that it took training and organization to install, maintain, and program their computers, but they started losing sight of the complexity involved in good systems design and analysis when the computer started looking about the same size as their typewriter. Now phones (which are really just smaller computers) are the same size as their old walkman. Consumers can't seem to understand that computers are multi-function machines with millions of interconnecting parts (if you include the OS and applications). Assuming you had a big open building with millions of parts and subassemblies that needed setup to perform specified tasks, and most businesses would understand the need for a small army of well-trained technicians to do the setups and maintenance.
So, in my area, a lot of small businesses have sprung up offering computer maintenance for $35/hr. These businesses are capable of handling about 70% of all the normal maintenance on a computer, but then, so is anyone who can read a manual or call tech support. Then they get assigned a project over their heads, take the customer's money until it is very obvious that they can't do the job, and then walk away. The customer calls me and gets pissed off because I charge $110/hr instead of $35/hr and successfully clean up the mess left by the other "geek". And when the next computer problems show up do they call a competent tech? No, they go right back to calling some half-trained moron who only charges $35/hr. Business is full of slow learners.
The bottom line is that many of the businesses out there are not designing their business processes, they are acquiring "business technology" by "jumping to solutions" without a plan. The "business-in-a-box" approach has never worked right. Most small businesses fail within the first five years, not becasuse their tools aren't adequate, but because their business decisions are inadequate. The technology decisions are just a part of the same lack of business smarts.
"The mind works quicker than you think!"
Of course there is a little bit on the network, it's called a DMZ and firewall policies! All personal device can do on my network is talk to the Exchange server, access the internet, and talk to my Citrix servers. If you have a corporate supported device we install an MDM on it, lock down the apps that are installable, and install a VPN client if you have a need to access more than that (most do not since between Exchange access and salesforce access 90% of our mobile users needs are met). If your personal device has problems accessing on of the standard interface points we will provide best effort support and then tell you to use your corporate supported asset if we are unable to make it work. I know not all departments get quite that much support but since we support 99.9% of access methods and are fast and efficient at meeting all the other businesses needs we get some leeway.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
and not because I'm doing anything malicious
Spoken like a true narcissist.
Parity: What to do when the weekend comes.
Furthermore, unless you're the CEO or my boss in some other way, you don't get to add every single piece of technology under the sun to the list of things I'm required to support for you. IT (or those up the food chain from IT) decide what gets supported, not random people who think that iPads are cool, so they should purchase one and IT should be required to support it as if it were a product they researched and decided to use themselves.
Okay... so with the exception of the guy in the big chair, nobody can make you do anything you don't want to do. You don't "have" to support anything. It's just a big non-issue.
Ah, but it's not really like that, is it...
Letting people buy any random crap they think is neat, and then make IT support it, is almost 100% counterproductive to that goal.
... hah, yeah. So why is connecting to the company Exchange server 'neat'? It's because that obnoxious infestation of parasitic coworkers that are gobbling up your resources are being paid to do a job and sometimes it's worthwhile to buy a gadget to make it happen more efficiently. That's your job. Well, that is until you make the case to your superior to NOT support them. But once you've done that, you don't "have" to support them do ya?
So, when you go to work tomorrow, are you going to be hooking up iPads to the wireless network, or are you going to come up with an estimate of what it costs your company to support this and present that to your superiors so you can come up with a very clear policy so those twerps that do the work that pay your paycheck won't interrupt your web-browsing?
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
My point is it doesn't require specialised equipment or deviation from what most would call best practice. Any office where you're worried about standardised mobile devices should already have a patch panel, managed switches, a real router and if they have wi-fi at all non-consumer grade wifi access points (cisco or similar). If you're too small to have/need managed switches and VLAN's frankly you're just playing at being "enterprise". Anyway, it is often easy to support them without allowing them onto the LAN, the server active sync needs to connect to is the usually same one that provides outlook web access and done on the same IIS instance.
Support specifically for the iPhone is simple, put all the settings into a readonly encrypted and signed provisioning profile which is only removable with a full device wipe or a password. It takes about an hour to write and properly test a provisioning profile, I'm excluding the time where you decide what your policy is because you should already have one. Any more support than that isn't my problem, check it's not server side and affecting everyone, get them to restore their device and if that fails send them to an apple store.
This isn't special snowflake, this is good for productivity and the psychology of this is obvious. Any mobile is a very personal thing and an employee using their preferred device is more likely to check their email more often and not turn the damn thing off and shove it in a drawer. They're also more likely to understand the device, it's productivity features and make use of them.
Also for the record, calling the managing director a special snowflake tends to get you fired. Senior staff are usually where these devices turn up first.
Actually Apple has support for mass provisioning. They have the entire Enterprise SDK and they features for Mac server management. But... it is a totally Apple centric solution and doesn't go beyond that in terms of melding with the rest of the infrastructure. If you were going to mass provision a bunch of smart phones:
-- Blackberry is excellent
-- Apple is good
-- Most android phone suck.
You could have refuted his post without the childish 'hater' comments
As if I would take post content advice from an AC seriously!
You are just sad because it was so on-target... do you honestly expect we all cannot tell who you really are?
The "Hater" tag is not childish, it's pointing out why otherwise rational intelligent people suddenly lose all mental faculties when trying to pin anything negative possible on Apple.
It seems pretty obvious that it is about having to go through apple, not about itunes, where itunes is simply how you go through apple.
The really trouble with you haters is that you think only one level deep, if that. Did you remember that this is a story about Apple devices in IT? Now remember class how we have all pointed out a million billion times in countless Slashdot stories on Apple how enterprises can distribute apps directly to devices - no iTunes, no Apple? So what does that make you in this followup post? Yes, very good, it does rhyme with "plum".
in your haste to defend apple you've completely misunderstood his post
I am not "defending Apple". In your HASTE to make that assumption, you failed to realize what I am really doing here is pointing out when people are being idiots and simply corrected badly outdated or simply wrong information. Which you had to make me do AGAIN. So thanks for that (hint: not really).
"There is more worth loving than we have strength to love." - Brian Jay Stanley
One of the hardest fights I've had in IT is explaining why I spend $300 a drive from HP and not $70 for the same capacity from Newegg.
More likely the Newegg drive is a 5400rpm/intellispeed (ala WD Caviar Green) with shitty random seek time, low random read/write, and terrible IOPs. It probably has 1/4 the mean time between failure rate before you factor in the fact that it is not rated for the kinds of temperatures you see in server rooms. You can't hot swap it, crappy warranty, inferior diagnostics, no NCQ, etc.
Enterprise grade drive are over priced, no doubt about that. But sometimes (sometimes, most times not) the cost is justified.
read what he wrote, and respond to it,
I did already, my response is correct and valid criticism of what he was saying.
Remember this is a story about enterprise use of iOS devices - enterprise application distribution does not go through Apple, in any way. It gets installed from your company server directly to the device.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Who gets the blame for sensitive information being let loose upon the world? The user or the IT staff for not securing the device?
Way to completely miss the point. I don't suggest that IT should refuse to look beyond how things are currently done, that's obviously unhelpful. But letting the users decide what is and isn't supported turns into a free-for-all. If permitted, it will mean that anyone at all can buy a device, that IT knows nothing about and might not even play nicely with the existing infrastructure, and demand that they fix anything that goes wrong with it. In other words, it means that IT's job expands from "providing support for the devices that the company chooses to buy" to "providing support for anything under the sun which is vaguely technology-related".
IT has to serve the users, that is what it does. I have no arguments with that idea. But that doesn't mean letting the users make you their bitch, either.
"16MB (fuck off, MiB fascists)" - The Mighty Buzzard
>> Why do I have to support your purchase? Because that's what you are paid to do. If you can't I can pretty soon find someone who will. It seems that many sysadmins see themselves as gatekeepers on "their" networks. The gatekeeping is usually related directly to the sysadmin's skillset and biases. The network is there to serve the business objectives of your employer. It is not there as an ego-prop, a career-path or a toy. Your employer is shelling out a wad of cash so he can have the services he thinks he needs. He's much better placed to decide what he wants than you are. If you had any business chops you'd be in a public-facing job and not skulking in your e-cave. Most sysadmins I have dealt with had no real idea of where the network fitted into the company plan and cared even less. Making it useful/usable for the user was the furthest thing from their minds. Making sure that they were irreplacable with minimal work was top priority.
Bullshit, enterprise class drives have from 1/2 to 1/3rd the AFR of consumer drives. Data from Google, Microsoft, and other large scale providers proves this out. NL SATA is about 2/3rds the AFR of common SATA according to Microsofts numbers from the hosted Exchange for education group.
I believe you are the one spouting BS. Please cite a reference for this. The Google paper clearly says they are using consumer grade drives and not enterprise grade drives. http://static.googleusercontent.com/external_content/untrusted_dlcp/labs.google.com/en/us/papers/disk_failures.pdf
The Microsoft study you referred to says that consumer class disks were not failing any faster than enterprise disks. http://blogs.technet.com/b/exchange/archive/2011/01/07/robert-s-rules-of-exchange-storage-planning-and-testing.aspx http://h20195.www2.hp.com/V2/GetPDF.aspx/4AA2-1309ENW.pdf
Not everything that can be done should be done
"Give a woman two glasses of wine and some pad thai, and they'll agree to just about anything." the Sports Guy
If he is not one of the mainframe guys, and you think that a PC is an "enterprise" device, then yes. He is new to this. The complaints we hear are the exact same complaints we heard when PCs were introduced to the business desktop.
Because my arrays already have hundreds of drives, increasing the drive count by 400% to account for a vastly higher AFR isn't cost effective in any way.
Why would you need to expand the drive count? A higher AFR simply means you're replacing failed drives more often. Again, please cite a reference for "vastly higher AFR". All the studies done (include the ones you cited) show a higher variability in the AFR between brands and models, and no trend towards enterprise level drive being more reliable. Buying enterprise level might get you a faster drive with higher rpm or cache, but it's certainly not vastly more reliable.
Bane of my existence.
User: I can get 3 TB of storage for $500 with this Buffalo NAS from Newegg
Me: No. You want your data to play nice with our network. You can use our file servers or we'll configure one for you. It'll cost $1500.
User: I bought the NAS, can you help me set it up? It won't let my group access any other folder than Public and file transfer seems really slow.
Me: No. You bought it, you fix it. I am not your monkey.
Okay, so that last line is a bit of a pipe dream, but still. Consumer NAS's suck. That is all. Not opinion, but fact.
Which is why you disallow "simple" (aka 4 digit number) passwords in your provisioning profile. What Elcomsoft are doing is brute forcing the 4 digit password, which is protecting the rest of the keys, which you increase the keyspace by having a normal password the problem becomes intractable.
Yes, Notes has support for iOS. Lots of companies use Notes. Before people whine about how bad it is, it works exactly the same as exchange on an iOS device. They both just sync via ActiveSync.
Note that in the Microsoft's Live@EDU infrastructure, we utilize nerarline 7.2K SATA drives and we see a 5% annual failure rate (AFR), while in MSIT we leverage nearline 7.2K SAS drives and we see a 2.75% AFR there link
I know from more than a decade of experience that real world enterprise SAS/FC/SCSI AFR is ~1.5%. AFR and drive rebuild time also affect the likelyhood of catastrophic data loss. Plus failing drives are by far the greatest cause of unplanned downtime in my environment, overshadowing software faults by ~10x over the last 5 years for downtime caused. Drives that just fail are no big deal, it's the ones that start to fail and puke all over the bus that cause issues, fewer failures means fewer chances to screw up the bus and cause downtime.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
How is 5% versus 2.75% AFR not any faster!?!? Add in my experience with thousands of FC/SAS/SCSI drives with an AFR of 1.5% and the trend is obvious, more expensive drives have a significantly lower AFR.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
If the company decides to corporately embrace a piece of technology, then IT is there to make it happen. IT is not there to respond to the whims of one user who wants to do things different than corporate policy. You might think your new iPhone or Mac or whatever is the cat's meow, but don't expect a whole lot of help getting it to work if there is already a coroporately endorsed way of doing it.
I frequently have to deal with all kinds of people bitching that some web app doesn't run correctly under Firefox or Chrome, or that OpenOffice can't read ms Excel spreadsheet, or they really want to play with Linux on their deskto . First, I have to reminder them not to install unauthorized software on the companies computers. Then I reminder them that a personal preference for a different browser or office suite doesn't mean we have to support it. They aren't getting paid to demo every piece of OSS they think might be better.
When an employee consistently bucks the system and it's a battle, that job gets outsourced to someone else.
My consumer drives pass the bad sector info to my consumer controller to allow it to use this data s a predictive failure indicator (it's called SMART).
The difference is this: the firmware on a enterprise never spends more than 8 seconds attempting to recover a bad sector before it returns as unreadable while the consumer drive spends a lot more time trying to recover before it returns that it cannot (up to 2 minutes). Enterprise controllers will assume it is a fail after 8 seconds while consumer controllers will give it the full 2 minutes.
Change the settings on either component and you your problem is solved. There are obvious reasons for the 8 second vs 2 minute thing, but it's all just firmware.
...but once you help them they will keep coming back to you whenever there is an issue...
Awwwww - you have to deal with other human beings? Welcome to life. If it really is such a terrible burden, you could go hermit I suppose.
Or you could just suck it up and accept having end users. Part of those "other duties as assigned"
It's just another skill set to be developed.
"Give a woman two glasses of wine and some pad thai, and they'll agree to just about anything." the Sports Guy
That is the most reasonable response posted yet.
"Give a woman two glasses of wine and some pad thai, and they'll agree to just about anything." the Sports Guy
Sorry, but how is supporting your personal mobile phone, a job for your company's IT department?
All right, let me explain.
If having access to company email on my iPhone gets me working more efficiently, or if I can do work on the bus commute that I couldn't do before, then supporting my iPhone has a business justification and should be part of IT's job. It's that simple. I would hope that no one wants to make it easy to check their work mail just for shits and giggles. They ask because it's relevant to doing their job, and IT's job is to support the rest of the company doing their job.
Terrorist, bomb, al Qaeda, nuclear, yellowcake, kill, assassinate. Carnivore is dead... long live Echelon.
there is a middle ground. You can have separate networks, one that only allows Internet and corporate mail access and another that allows server access. you could support email access on any device that supports active sync, a help desk that can't connect an iPad, droid, or iPhone to a mail server is not help desk. You could limit your support to that, want to access an intranet application require a corporate desktop or server. VPN only for corporate laptops and so forth.
Don't get all logical on me now!
I am literally 3000 tokens away from the chaotic crossbow --Stephen
Are you reading from an old data sheet?
http://developer.apple.com/library/ios/#featuredarticles/FA_Exchange_ActiveSync_and_iOS4_Devices/Introduction/Introduction.html
I guess you should find a less service-oriented position...like server engineering or devops.
For some reason IT folks think that all us iPhone toting folks are demanding that they support my iPhone. I don't expect you to support it, and most others don't either.
And then, only two sentences later:
It'd be nice if you could spend a few minutes helping me to figure out how to make my email work on the thing, fixing any server related issues in the process. I don't expect you do this for every crazy piece of hardware out there, but it would nice if you could be *helpful* as I try to figure it out myself.
That's the very definition of "support", and that extra "few minutes" times 50 users adds up quickly. And, like was mentioned before, you don't expect IT to... ahem, "be helpful", for every crazy piece of hardware... just yours.
SMART keeps counters for predictive failures - but the consumer drive does not pass the actual bad sector back to the controller but rather it remaps it internally - this is a different behavior and there for makes the drive unsuitable for the application.
I do agree that the issue lies in firmware - but it isn't something that can be changed (there are a few exceptions but they are exceptions not the rule) to allow consumer drives to be replacements for enterprise drives.
'...if only "Jumping to a Conclusion" was an event in the Olympics.'
Isn't that where a mail server is supposed to be?
Interesting to hear that Exchange is still well named (swap it for something else) a decade after I had the misfortune to deal with it.
When somebody says "I need my device that I carry with me at all times to connect to the company's mail server", they're saying "I want to do more job more efficiently."
Yes, and they think that's the best way - but they're also not solution architects.
However, the IT guy isn't denying things for shits and giggles. His job is to make sure the entire infrastructure stays up, secure, and available to everyone.
If he allows every Tom, Dick, and VP of Marketing to connect their new shiny to the network without doing his due diligence, who do you think is going to have his balls in a vise when that device goes insane and screws with the infrastructure? Not the VP of Marketing, that's for damn sure.
It's a balance. Everyone wants their new shiny, but they can't always have it. The IT guy wants a simple monoculture, but he can't have that.
Go to a course that teaches them that "client-side security is no security at all" over and over until it sinks in?
And I say that as a pragmatist and sometime sysadmin.
Yes, because a server can stop someone from opening up sensitive email messages from a device that has bypassed the pin login requirement.
If only iOS supported Exchange/IMAP and had Enterprise Deployment guidelines.
Custom electronics and digital signage for your business: www.evcircuits.com
Is Apple the only firm that faces the challenges the TFA describes?
"enterprise" drives are no less failure-prone than their Best Buy Brethren.
BestBuy does it too. They want to charge me ca. C$120.00 for a replacement battery which they'll order from HP. I can find the same thing on line for less than C$35.00 incl. shipping. I suspect they'd prefer I just buy a new box.
They should know that two year old batteries would be dieing about now. Why don't they have replacements in stock, at a reasonable/competitive price?
I'm waiting to see what that $80.00 extended warranty's worth. If they can fix that POS Pavilion of mine, or replace it with equivalent working tech, I'll be happy and buy from them again. Burn me on the EW, and they'll never see another penny.
"Tongue tied and twisted, just an Earth bound misfit
Sun used the same excuses to vastly overcharge on components.
Not fair. Sun hardware was robust. It may not have been bleeding edge fast and all that, but those suckers will run forever.
"Tongue tied and twisted, just an Earth bound misfit
you do understand that the smallest sample size able to produce a 95% failure rate is 20, right? Do you honestly think that he had 19 out of 20 drives "from different batches in different servers..." fail? because the answer is no.
How is 5% versus 2.75% AFR not any faster!?!? Add in my experience with thousands of FC/SAS/SCSI drives with an AFR of 1.5% and the trend is obvious, more expensive drives have a significantly lower AFR.
Let me quote the paper for you, as I don't think you really paid attention to it.
"Note that in the Microsoft's Live@EDU infrastructure, we utilize nearline 7.2K SATA drives and we see a 5% annual failure rate (AFR), while in MSIT we leverage nearline 7.2K SAS drives and we see a 2.75% AFR there. Microsoft therefore recommends that if you are considering utilization of these nearline drives in a JBOD architecture that you do choose to do so with the 7.2K RPM SAS drives rather than SATA. "
That 5% versus 2.75% is SATA versus SAS, NOT consumer versus enterprise line. The nearline drives are the enterprise grade drives.
at my work, IT changed the name of the "help desk" to "service desk". because they didn't want to imply that they were providing help. The first step is to point people to a wiki - the "self-service desk".
-- Flame me and I will happily flame you back. Bring it!
Or you just pay $240 (3 drives * $80/drive) to keep extra drives on hand while they go through the replacement cycle.
Don't get all logical on me now!
"Mathemagical, Lisa. Mathemagical."
"Tongue tied and twisted, just an Earth bound misfit
Slashdot had an article 2 years ago comparing enterprise and consumer hard drives. The enterprise ones were no more reliable. It is a fact that the firmware and not the drive determine which is enterprise ready. The HP drives are probably WDs with the firmware reflashed.
It is no different than Intel getting a batch of 486s and downgrading some to 486SX and adding a small change to make the 486 DX turn to a 486DX2 that is twice as fast for twice the cost. IN the end they are all the same chip etc.
http://saveie6.com/
In actuality, what "enterprise" hardware offers you is the ability to get a replacement of exactly the same drive, it's not an issue of quality, it's an issue of consistency, which actually matters in things like SANs
SPARC was robust, their storage solutions and their x86_64 parts sucked balls.
I've had good luck with the Samsung drives as well. While OP is catching a lot of flack for his claim of a 95% failure rate, I have to say, I recently had a rather large (~15-20TB) RAID array in a server that had an extremely high number of hard drive failures. It wasn't 95%, but I probably replaced at least a third of the drives in that array...maybe more. Fortunately, the server manufacturer replaced them under warranty, and when I finally asked if there were any known issues with that make and model of drive, they admitted that there was indeed a problem with the firmware. IIRC, they were Western Digital SATA drives, but it's been over a year now since I had the last failure so I could be mistaken.
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
For some reason IT folks think that all us iPhone toting folks are demanding that they support my iPhone. I don't expect you to support it, and most others don't either...It'd be nice if you could spend a few minutes helping me to figure out how to make my email work on the thing...
Ummm...make up your mind. Do you expect me to support your device, or can you figure it out yourself?
I don't expect you do this for every crazy piece of hardware out there...
So if someone has a different brand, screw them, but for you, on your chosen platform, I should be able to help you set up the services you need? You do realize that this attitude is common to every other user on the network, right? Which means, yeah, actually I do have to do this for every crazy piece of hardware out there.
Look, here's the deal...even if I never, ever have to touch your iPhone because you really CAN set up every configuration option blindfolded, in the dark, with one hand tied behind your back, I'm still responsible for keeping corporate data secure. That means, it's my butt on the line when you leave your iPhone at the bar and the confidential data you weren't supposed to have on there in the first place is now unaccounted for. It's my butt on the line when your Windows XP Home laptop -- which is still running the stock anti-virus and a/v database that Best Buy installed when you bought it four years ago -- introduces a virus into the network, infecting 37% of the other "Bring-Your-Own" devices (although, thank God, the servers are all patched and running current A/V, so they are safe).
Personally, I'd like to see the bring-your-own-device movement take off, and I can see several ways in which it can SANELY be implemented. In fact, we are starting to move in that direction where I work. But sorry, until I can honestly say that I'm reasonably certain that I have identified the likely risks of allowing users to bring their own devices, and I have taken all of the reasonable precautions to bring those risks to acceptable levels, the policy is "not on my network". I understand that may piss off some users. I can live with that. I can't, however, live with implementing a half-4$$ed BYOD policy, thus knowingly, willfully and intentionally putting my company's data at unnecessary risk.
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
Just so long as the CxO's provide IT with the budget and staff to implement the application and network changes to support all the latest toys, that's fine. In my world, however, that's typically not the case.
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
Yes, I have to deal with other human beings. Most of the time, that is not only not a problem, it's actually enjoyable. However, the rest of the time...
Let me tell you a story. Once upon a time, an IT department had surplus equipment that they were disposing of. An RF tech working for the company asked if he could take one of the surplus laptops home, and IT told him yes, so long as he understood that the hard drive had been removed and destroyed (per company policy), and IT would provide absolutely no support for this laptop, since it was well out of warranty and would become his personal -- rather than work -- device. The RF tech acknowledged that he understood and was agreeable to these conditions...until he got the laptop home. Then he began pestering IT for a hard drive, just to verify that it was working. After that had been refused (numerous times), he began pestering IT for a memory upgrade for the laptop, which was also refused, also numerous times. In fact, at one point, the RF tech followed the desktop support guy down to the lunch room during the IT guy's lunch break, repeating his request for memory over and over and over like a spoiled two year old in the candy aisle at WallMart, until, fed up, the IT guy finally got HR involved. True story, I kid you not, and no, I was not the desktop support guy.
You may think you're being clever by sarcastically commenting how IT might actually have to learn to deal with human beings. However, I maintain that rather than being whiny, outcasts devoid of social skills, actually IT often displays exceptional restraint, WELL beyond the call of duty, by simply not smacking the snot out of an ignoramus who sincerely deserves it.
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
Overpriced doesn't always mean "business grade". Looking at the prices we pay for everything from Dell keyboards, Airtech laptop bags, and K-locks, it can be anywhere from twice to three times the price you could buy it on the highstreet. For exactly the same models! The Dell keyboards we buy are exactly the same ones you get with an Inspiron desktop computer, and usually die by the exact same causes (coffee spills, the legs getting snapped off, someone bending the USB out of shape, etc.).
I'm willing to accept that the ThinkPads we use are higher grade than the Lenovo basic laptops, but there's only so much you can do with standard peripherals.
Secure doesnt equate useful.
Now the world has gone to bed, Darkness won't engulf my head, I can see by infra-red, How I hate the night.
I would not be at all surprised if the Enterprise drives come from some kind of top bin for whatever drive tests are performed. HP will not mind spending a few extra dollars to reduce its warranty costs, when it is making so much more margin anyway.
From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."
Just an observation; I don't advocate stress testing new drives. It may kill bad drives, but it may also seriously weaken ones that pass. If you have the time, a soak test at average load is possibly better.
From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."
It is like recruiting CFOs: if the guy has only ever worked in a successful company, how do you know how he will deal with a crisis? Nothing but success is usually due to luck rather than talent.
From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."
I am sorry but you seem to have no concept how upper management really thinks. I have worked from a number of companies in different industries of different sizes. The one constant thing is management sees exactly four classes of employee. Those are C-Level executives and possibly department or subsidiary presidents in the org is big enough, Salaried workers, hourly workers, and sales.
If you are one of those salary workers, they do want you as efficient as possibly but they are not going to take risks for it. If say IT won't let me read my mail on the bus, and they ask us why not, and we respond with the least bit plausible example of how it could cause customer data, or trade secrets, or anything else the might result in asterisks on the financial statements you loose. You after all can always put in a little extra time if you can't be more efficient but a trade secret once out cannot be recovered.
Now if you are sales, that different you drive profit, otherwise you are overhead just like IT and if you cry about it they will just find someone who wont.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
You have to expose parts of your Exchange infrastructure to the Internet as well
Try IPSEC.
Of course as an end user those things are annoying, so there are plenty of jailbreak patches that remove the pin lock requirement (or rather, cache your pin so that it's only required after a reboot).
This is a good example of why IT departments take the attitude of "not on my network, ever." Information security is not something to be blown off because you are annoyed with the security mechanisms. It may be tedious but the alternative is losing data that could result in lawsuits and fines that could bankrupt the business. Would you rather have a job and be a little annoyed by pushing 4 buttons on your phone to use it, or be unemployed?
One point to keep in mind: SMART has (so far) proven to be almost completely useless in the specific context of SSDs. Every single report I've read about SMART and SSD failure has said that it either didn't work at all, or barely had time to log its suspicious before the drive failed. That's actually the biggest single problem with SSDs... they don't necessarily fail more often than rotating platters, but when they fail, they fail with basically ZERO advance warning (unlike conventional drives, which -- assuming they weren't dropped -- tend to follow a predictable curve of escalating read errors.
Actually, the saddest part of all is that the overwhelming majority of mechanical failures are due to failure modes that wouldn't even be all that hard or expensive to REPAIR without substantial data loss if the manufacturers could be arsed to even offer it as a service, instead of walking away and leaving it up to hyper-expensive thirdparty data recovery firms who are forced to do the repair the most inefficient and expensive way possible, then mark it up by several orders of magnitude simply because they can (effectively pricing everyone BUT large enterprise customers out of data recovery altogether). I can't think of any other mechanical component widely used in both enterprise and consumer devices that's as simultaneously failure-prone, officially-irreparable, and has such enormous consequences arising from such failure. For the most part, manufacturers don't even TRY to design drives so they'll fail in a reparable (short of outright catastrophe) way. Or at least start failing in a very, very public and noticeable way, instead of trying to hide the problem and sweep it under the run until the drive finally dies for real and it's too late to cheaply do anything to save the data.
So what happens to the entire company when your un-vetted solution to whatever business need you have brings down the main database server because of security holes? Or enables your email server to be hijacked via malware. End users such as you never consider that there is a complexity in the picture that you have no idea about because its not your job to worry about it. It's IT's job to worry about it.
I grant that you may have issues with your IT department at the company you work for. Its not unheard of for IT people to be too dismissive of end-user wants and needs. But, be that as it may, ultimately there is a reason for being told no. Sometimes its some whacked geek on a power trip, but sometimes you work with professionals who know what they are about and tell you no for legitimate reasons.
One of IT's legitimate gripes is that we're often asked to turn consumer-grade technology into business-grade technology with a wave of our magic wands.
Um, they probably should master the business-grade technology tasks they are responsible for first before griping about all the consumer stuff that we consumers can support ourselves.
The other problem I have heard in the past is the lack of ability to provision the phones and apps in bulk instead of having to setup 100 different iTunes account for 100 devices -this is one of the things that probably gives IT departments (and procurement) nightmares.
Sorry, this is just wrong. There is no such "lack of ability to provision phones and apps in bulk". The solutions are cross-platform as well, so no "but you have to buy a Mac" argument either.
http://www.apple.com/support/iphone/enterprise/
How do I control your phone?...How do I control what goes on the phone? ...How do I block certain apps on the phone?
Oi, this says it all.
You really are new to this aren't you?
No I think he's been doing it the "IT way" for several years now, which gets to the crux of the problem. Keep up, IT, or be left behind (and jobless).
Furthermore, unless you're the CEO or my boss in some other way, you don't get to add every single piece of technology under the sun to the list of things I'm required to support for you.
So you've never heard of the concept of a "stakeholder"? They are kind of like your "customer", but internal to your organization. In other words, they are your customer. Without them, you don't have a job. If stakeholder Bob needs a portable projector, and you don't have one for him, he damn well better get support for his personal one he buys and brings in...unless you want to cover the $X million dollar contract he didn't land because he couldn't do something as simple as project a sales pitch to a room full of old rich white guys looking to spend money.
Not at all. Supporting whatever crap you bring to the office isn't in my job description.
Going through IT to get my iPhone on the corporate network, however, IS in my job description, as in "you must go through IT if you want to use your personal devices on the corporate network."
So by proxy, it is in the IT guy's job description, even though you guys are always "too busy" to know what's in your job description. Maybe you could read it during one of your 17 smoke breaks you take a day?
Unless, of course, the user in question is the CEO, or COO, or some other bigwig that can fire you on the spot when you tell them their latest gadget isn't supported. CEOs consider themselves immune to IT policy in most organizations. This includes things like data on laptops, ignoring backup policy, ignoring password policy (to the point where you have to have two policies), iOS devices / Blackberries from outside vendors / Android phones from outside vendors....
If you've found the ONE Fortune 500 company where this isn't the case, please tell us so that we can apply for jobs there. Until then, IT policy is just a suggestion to most executives.
Never underestimate the power of stupid people in large groups.
To be more accurate, you can't say, "No, Mr. CEO-who-will-fire-me-for-saying-no".
Never underestimate the power of stupid people in large groups.
User support is an important issue, but the least of the issues that IT faces.
Without users, IT doesn't have a job. I'd move that up your important list a tad.
... that extra "few minutes" times 50 users adds up quickly.
Wouldn't want to have to skip one of those 17 smoke breaks the IT guys take a day now would we?
One of the hardest fights I've had in IT is explaining why I spend $300 a drive from HP and not $70 for the same capacity from Newegg.
That's not unique to IT. Many years ago when I was a young manager I had a fight with my dumbass supervisor over the issue of buying vacuum cleaners for the building janitorial staff. He couldn't understand why commercial vacuum cleaners cost so much more than the consumer model that his wife used at home. Trying to explain to him that his wife didn't have to vacuum a 20,000 square foot building every night with her cheap plastic consumer piece of shit were to no avail. Just for fun (and to teach him something), I caved and ordered a bunch of consumer models. Sure, enough, they were all broken down within a month and we finally did what we should have done in the first place (order the commercial models). Cost the company a lot of wasted money, but at least one dumbass learned a valuable lesson.
SJW: Someone who has run out of real oppression, and has to fake it.
You know, I've seen zealotry before-- I used to be an OS/2 user!-- but Apple fanbois really take the prize. Are we really to the point where no criticism can be made of Itune/IOS/I-this-that-or-the-other? Dear God, it's not as if I'm attacking their coolness or hipness!
If cost is no object, fine. Go with the "enterprise" hardware. In duplicate or triplicate.
It's not that cost is no object; it's that reliability is required. At these kind of failure rates and drive sizes, the probability of a 2nd drive failure before the RAID is rebuilt is too high to tolerate.
All that means is Seagate is pulling the better drives out of the bunch and leaving the absolute shite at the bottom of the barrel for consumers.
Yeah, that became pretty obvious.
But if you are serious about a 95% failure rate I'd say you were buying off the back of a truck or ur doin it wrong.... so a 95% failure rate tells me you had a shite controller, a failing part, possibly PSU, screwing the drives, or you got them from "Handy Bob's House O' Drives" where they were selling you cheap ass refurbs as new.
Nope, nope, and nope. Different systems, different RAID controllers, all purchased from well-known national retailers, all in original packaging.
With a 95% failure rate you could have had seagate tickling your balls while they tried to figure out what was going wrong ... right up until the point where they should you how your power supplies were frying the drives.
Really? Like I said, different systems in different data centers. And unfortunately, because of the type of data on the drives, I couldn't let Seagate have them. Basically the 2 TB Barracuda LP drives were shit.
you do understand that the smallest sample size able to produce a 95% failure rate is 20, right? Do you honestly think that he had 19 out of 20 drives "from different batches in different servers..." fail? because the answer is no.
Actually, your math is correct, but your conclusion is wrong. I did have 19 out of 20 drives "from different batches in different servers" fail. It's outlandish alright, the miserable performance that is, not the reporting of it.
SATA is not Enterprise, labeling a SATA NL drive as Enterprise is lipstick on a pig. Heck even NL SAS drives are only Enterprise grade in certain scenarios. FC, SCSI or SAS drives which are rated for 24x7 100% duty are what I consider Enterprise class drives.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
True, but the majority of people bitching about IT here are end users with an overinflated ego and no real teeth. When I get an exec asking for stupid things like how to access HIPAA data from home, I have the role of educator and pointing out the financial and legal risks. If he still wants it, I get it in writing to cover my ass (or if blatantly illegal I'll take it to another exec who might understand the problem).
I've done this. The problem is, most systems have some type of proprietary connector that allows you to plug a SATA or SaS drive into whatever hot swappable format the manufacture has concocted. So if the drive goes, you are fine and can just reuse the connector, but a lot of my failures (especially on EMC SAN's) has been with the connector itself.
Also, even though the drives are outrageous, we buy support for whatever we need to protect, not just the drives. Whether it be a server or a storage array, we need support on everything. Plugging in third party drives is usually a no-no when it comes to manufactures warranties.
On the other side... We have been following closely the efforts of OpenDedup to finally be able to build cost effective arrays with off the shelf components as backend storage for our VMWare clusters. It's looking very promising, and we are starting to test. We've seen a 10 fold increase in storage usage in the past 3 years, and SAN storage is crippling our budget. At least in this case, we are close to making consumer grade technology work in an enterprise level system.
Why do you expect that company will spend time of employees to tech them or even hire someone to tech them how yiour phone works?
I expect them to say "sorry, we can't do that. Here's our clearly written policy on the matter". Instead what I get is: "Ok, it's set up. In a few weeks I'm going to grumble about it!"
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
This guy is griping that iCloud doesn't sync up his outlook stuff across his iPhone, Windows laptop, and Android device.
Newsflash dude, I'm doing all of that with the exact items he is having difficulty with - guess how?
Exchange Server. We run it at our BUSINESS since we want BUSINESS functionality - and it works perfectly with "consumer" devices. He's right iCloud doesn't do what Exchange does. That's why you buy Exchange.
Next he'll complain that a wrench doesn't hammer in nails properly.
-ted
I recently had an array fail with Western Digital's 2TB Green Drives. Two simultaneous failures is HIGHLY unlikely so I concluded that the drives and the RAID controller didn't play well together.
So I replaced the drives with Western Digital's "RE-4" series drives. Sure enough, the array works just fine.
I put the two drives side by side - the only difference I could see was the color of the sticker on the top of the drive.
Western Digital explained that the firmware differences in the "enterprise" drive allow it to work properly on a RAID controller.
Why wasn't this the case years ago? I suspect drive manufacturers are just using these slight differences to charge double for their "enterprise" garbage.
-ted
Our Hub and Client Access server is only exposed to the internet via SSL. ActiveSync works via SSL, which, last I checked, is encrypted. Yes you do need to expose IIS to the internet, but there are lots of proxy boxes that can limit the exposure of IIS to the internet. You can even offload SSL to another device closer to the internet so your intrusion detection systems and app firewalls can look at the traffic getting to IIS.
Our SMTP box only talks to postini. This is enforced via static rules in our firewall.
You can secure Exchange server - thousands of companies do that successfully every day. It does require a bit of work though.
ActiveSync also enforces client side policies like password strength and remote wipe.
Finally iPhone encrypts the data on the device.
How much more encryption and security do you want?
-ted
I have seen such high failure rates in the wild - cross batch, cross manufacturer even.
But invariably, they were proceeded by a thermal event - I have never, ever seen worse than 10% failure in a datacenter that has a clean aircon record, and would expect 5% or better unless there were power issues too.
if you are seeing that sort of failure rate, I would be giving special care and attention to any "service visits" the ups or aircon guys may have made in the two months prior to the problem starting.
-=DaveHowe=-
Quick search on newegg might show the differences. The HP drive is a hot swappable SAS interface 600GB 15000RPM drive with dual ports for around $600 (although HP offers cheaper SAS drives).
The same drive direct from Seagate -- Seagate Cheetah 15K.7 ST3600057SS 600GB 15000 RPM SAS 6Gb/s 3.5" Internal Enterprise Hard Drive -Bare Drive -- is $670 and includes a 5 year limited warranty. Claims Includes advanced read/write technology for an unrecoverable error rate of 1x10E16 and an annualized failure rate (AFR) of 0.55 percent.
The pro-consumer drive otion is a is a Seagate Barracuda 1TB 7200 RPM SATA drive with a 2 year limited warranty. $139.
You can probably find a cheaper option.
Are the expensive drives better? Probably. Are they 4 x better-- probably not, but compared to the labor cost of swapping and potential down time the extra cost is minimal.
And if you need SAS, dual porting and hot swap your choices are limited (as is the market for the manufacturers.)
I'll also point out that I mentioned, in another post in this thread that GFE is crappy software. The only advantage it has over every other competing product is that it provides strong encryption on-board the iphone/ipad/android. That's critical for my organization and the *only* way we would allow those devices to store company emails. I don't really like it. It has many quirks and doesn't always work. However, it does, substantially, what my organization needs it to do.
Actually, we were pushed toward Good due to another advantage it has over other MDM platforms - it has a reasonable level of functionality on iOS devices without requiring a signed cert from Apple. AirWatch and others all relied lock, stock, and barrel on Apple's MDM APIs, but since we were unable to get a developer account from Apple despite two months of trying (insane, considering we are a public utility with a quarter million customers), we couldn't get an Apple-approved cert which meant we couldn't even demo any of the other products on our iPhones.
What your describing is called vendor lock, it means your wasting money.
You wrote, "this is a different behavior and there for(sic) makes the drive unsuitable for the application." I have been able to get the remapped sectors from my consumer drives... since at least 1995.
"the saddest part of all is that the overwhelming majority of mechanical failures are due to failure modes that wouldn't even be all that hard or expensive to REPAIR without substantial data loss..." How can you possibly know this?
I've had about 10 HDD fail on me, every one has been verified by SMART up until the moment of death, including while they were obviously dyeing, such as taking a minutes to return on read operations or spin up.
Actually if you had the ability to rationally refute his post without getting so angry
What makes you think I am angry?
I am writing for effect. The effect is public shaming and ridicule, which hopefully helps deter other people from becoming Haters. It's a public service.
Oh no, not another failed attempt to read,
Well now who is getting angry?
Again, hater is not name-calling, it is a labeling explaining target behavior.
You said "It seems pretty obvious that it is about having to go through apple"
Which I responded to, so obviously I read correctly and like all Haters you didn't even comprehend what I was saying in your rush to paint my painfully accurate correction in a negative light. Pathetic.
I'll let you have the last response since Haters have this need for the last response, and you can keep pointing out flaws until the heat death of the universe before they will admit they were wrong.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
The only real problem with XP and Office 2003 is the hardware they run on and trying to run a modern antivirus on them. While 256MB ram was rather nice 10 years ago, it's barely enough for an a/v now days.
What is wrong, honestly, with pointing out that someone is incorrect? How is that "zeoltry"? Merely because I am harsh in response does not make me a "zealot" in any way. I don't believe in coddling idiots or trolls. Have we become so PC so cannot say when anyone is wrong about anything without being labeled a monster?
I am not advocating for or against Apple, merely issuing corrections. Real technical users would welcome this. But then Slashdot has changed so much over the years in terms f technical quality of readership... it doesn't mean I have to. Don't like it, go back to Reddit or Digg.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
amen, I've seen too many shops that buy the latest shiny. They have a room full of old shiny's. Or they buy cutting edge and take a year to get it deployed properly. Meanwhile the price has dropped significantly, or better options have come out.
Cheap storage VM.
Pardon me for saying it, but your comment is ignorant.
User support is, in fact, the least of the issues that IT faces. I'm stating a fact here. It's just not a big issue. It's easy to provide user support: easy to plan for it, easy to staff for it, easy to make it scale, easy to make it robust.
It's also not the case that users are necessarily part of the support equation at all. That doesn't make the IT function go away.
Parity: What to do when the weekend comes.
Maybe I'm crazy but it sounds like you got a mandate to play with DD-WRT.
I Browse at +4 Flamebait
Open Source Sysadmin
Good luck having an "IT function" without any employees who need to use it.
Oh don't worry friend I believe you. These others may doubt you had a 95% failure rate but I've personally seen bad batches come through the pipe. the last really nasty run i had was in 2005 with a load of Maxtors, sure they were consumer drives but these bitches would barely even start loading before taking a crap and failing. I'd say more than half didn't even get the OS loaded before they were throwing SMART errors, so yeah it happens.
But I found the key, at least for me, was to not lean too heavily on a single manufacturer and to load up when a really good batch came down the pipe. That is why i'm recommending the Samsung and Hitachi drives, as they are left with only what is still in the pipe (as they both sold out a few months ago, but luckily part of the agreement covers warranties on all drives currently in the pipe) and especially the Spinpoint and EcoGreen series these last couple of batches were really top notch. I can't even count how many of the Samsung drives i've sold in new builds and upgrades this year, some to truly hellish places like industrial sites and construction trailers where the dirt and grime getting in those machines is just unreal, and they just don't die.
But if I were you I'd avoid Seagate for awhile, probably the next 2 years. I don't know if you hang out at the parts sites or places where the system builder hang out but its pretty common knowledge in those circles than pretty much everything over 600Gb that Seagate has put out has been pretty much shite. Even their enterprise drives simply aren't holding up as well as the competition and the talk around the campfire has been that a combination of bad firmware and REALLY shitty ARM controller chips from the Maxtor division are the root of the cause. The skinny is it'll take probably a year (closer to two now that the factories have sunk) to get the bad chips out of the channel because in their greed Seagate would rather pass along the shite than have to take a loss on the substandard parts, and the talk is they were leaning on the cheap parts suppliers from the Maxtor purchase too much and there was a reason why Maxtors were cheap, they were crap.
so if it were me and I was taking care of a large farm I'd be buying up Samsung and Hitachi like there was no tomorrow, and when the channel went dry I'd use either Caviar Black or Green depending on the workload. But if you think ahead you can load up a RAID 5 with Samsung Spinpoints for less than 2 Seagate enterprise and frankly they'll last a hell of a lot longer than even the enterprise Seagates. Once those ran out I'd stick with WD until the channel is clear and then buying Seagate retail won't be a problem. Just check the comments at places like Newegg and Tigerdirect where the system builders hang out, we go through a LOT of drives and are quick to warn our fellow builders to steer clear of bad batches. If you see more than 20% negative rating? Its a bad batch and should be avoided. Follow this advice and I bet both your capacity as well as operating costs go down. It takes a little more work but in the end its well worth it IMHO.
ACs don't waste your time replying, your posts are never seen by me.
Don't worry, not every computing infrastructure exists to support an office environment.
Parity: What to do when the weekend comes.
it's not vendor lock - it's interface .. there is zero way you are going to tell me that consumer ATA drives have the same behavior as SCSI drives they just don't.
there are select sata drives that do behave well with raid controllers and they are the ones marked as enterprise drives.
'...if only "Jumping to a Conclusion" was an event in the Olympics.'
So then there's no problem with employees causing the IT Nightmare scenario outlined in this story and discussion thread.
As if I would take post content advice from an AC seriously!
and I presume dismissing someone's comment just because they post as AC is any less childish?
I thought marketing were supposed to be the first against the wall when the revolution comes?
That's why everyone in the company should have exactly the same model of Dell computer with the same software, same peripherals...
If I used a sig over again, would anyone notice?
Oh don't worry friend I believe you.
Hey, at least one person believes I can f'ing count! One thing I forgot to mention is that the Constellation ES drives went into the EXACT SAME devices as replacements, and experienced the lower failure rate. So no, it was not my RAID card (although that also was a flaming piece of shit), nor my power supplies. It was the drives.
Thanks for the rest of the advice--I'll pay attention to it. Unfortunately I was squeezed for space and upgrading when the drives were somewhat new, and there weren't reviews around. Go to newegg now and check the reviews for the 2TB Barracuda LP drives, and you'll see a ton of negative reviews--and one of them is mine ;-)
I'm not trying to tell you that consumer ATA drives and SCSI drives are the same, only that it is firmware that makes up most of the difference, not the hardware. You are paying a huge fee for something that has no reason to be different except to make you pay more because you have more money.
I'll admit that the tax is difficulty to avoid because it is not easy to fix the firmware on a consumer drive to make it appropriate for a enterprise setting (i.e. the 8 s maximum read time on a bad sector makes sense if it is an enterprise setting you are working in; probably better to say the sector is bad and use another copy than to make the person keep waiting).
This also makes consumer drives look like shit when hooked up to a enterprise server since it keeps saying they are dead when the controller is just poorly designed and doesn't realize that it is talking the wrong language. I believe that you get a 95% reported failure rate on consumer drives in the first year. I don't believe that the drives would report anywhere near that same failure rate, or that a good controller designed by an engineer (not marketing) would either.
i fully agree with you - the hardware is the same, and it is all in the firmware.. problem is there is nothing we can do about that.
To get the firmware that we need to do the job correctly we can't purchase consumer ATA drives and expect them to work without issues in an enterprise environment.
The People that argue that the enterprise markup is a waste of money and just get consumer drives are wrong - it is a scam yes but one you can't avoid at the current moment and there for isn't a waste as the markup you pay up front reduces your risk and costs later.
'...if only "Jumping to a Conclusion" was an event in the Olympics.'
That sounds like a poorly designed controller. Maybe you should try an enterprise *worthy* controller.
There is no reason that it has to mark the drive as dead when it could just wait the 2 minutes for it to try to recover, tell it to mark the sector as bad and use the mirror/checksum in the meantime.
That is why I'd snatch up the 1Tb and 2Tb Spinpoint (VERY fast with a large cache) EcoGreen (actually beats all but the perpendiculars in my own benches while staying below 92F under load, again thanks to large cache) and the Hitatchi Deskstars. The ones left in the pipe are from the last three batches and I've bought and abused drives from all three batches, they are as solid as any enterprise drive I've owned and even with the markup are a better deal. With the large cache you can RAID 5 some Spinpoints or Ecogreens and get crazy throughput, I should know as I set up a server running EcoGreens and they are just sweet and really dropped the temps down.
But yeah I've been there and got the T-shirt, so I know about bad batches. i got bit by the IBM Deathstars, the 2005 MaxWhores, and the final bite was the 2007 WD shitfest of the first quarter of that year so i know shit batches can and DO get past QA. But as you sadly found out right now Seagate ain't worth a shit, talking to my fellow builders they have boxes full of the dead POS just like I did with the Maxtors. they are also buying as many Samsung and Hitachi as they can to ride out the bad batches of Seagates and when those run dry the EcoDrive of WD is pretty good. The Black has a little higher failure rate but nothing above 15% and can be easily vetted by giving it a good workout on first load.
A good and easy quick test that won't damage the drive is Spinrite on setting 2, which just bypasses the firmware and has each sector do a write followed by a read and reports the results. if you start finding bad sectors on that first run? Watch out, its an unstable drive. You see I've found a lot of the shit drives have what i call "Lying firmware" where it will try to cover up failures by simply letting loose some of the reserve sectors and not saying shit about it. spinrite bypasses the firmware so they can't BS it so you'll find out REAL quick if its a bad batch. And since it is only doing a simple write/read cycle it isn't putting a heavy load that could cause premature wear, just the kind of usage any drive should function doing.
But I know what its like to be in a corner and have to roll the dice, that's how I got burnt with the Maxtors. Now I ALWAYS go to the builder sites and check the reviews, as you've seen my fellow builders call out bad batches pretty loudly as nobody likes to have a new build ready for a customer and have the drive shit on you. it makes your whole business look Mickey Mouse. so check the sites, listen to the guys, and snatch as many Samsung and Hitachi drives as you can get your grubby fingers on and you'll weather out this bad batch just fine. I'm just glad i hung onto 6Tb worth of Samsungs for myself so even if the channel is flooded i won't be hurting for quite awhile.
ACs don't waste your time replying, your posts are never seen by me.
>Sun hardware was robust.
So robust that we had to send an entre RAID to Ontrack because of a firmware-glitch in 2001.
Ha! Now the Constellation ES drives are starting to fall over. At least they lasted longer than the LPs :-P Again, thanks for the input.
I don't really build systems for a living, I just maintain a particular server and a couple of replicas. But even so it looks like I'll be using your advice sooner than expected.