What Would You Demand From Your IT Department? 671
ZombieLine asks: "The IT department at my company (approximately some 500 people) is showing signs of incompetence, and has been ignoring knowledgeable user input for about a year. Additionally, they haven't been able to sell needed changes to senior management. Unacceptable server down time, maxed network storage, and no backups systems have hit the bottom line, and those on top are starting to notice. We users are staging a revolt to make IT more responsive to users by creating a group from the company divisions and IT to discuss needs and solutions. What would you put in our charter?" What services and responsibilities would you demand out of your IT department?
What would you demand from your IT users? (Score:5, Funny)
From the non-tech perspective (Score:5, Insightful)
-Security of data: obviously no data is *absolutely* secure if the computer is connected to the net, but enough security that I could feasibly work with medical records and HIPPA-privledged information without constantly worrying about crackers. For those of you who don't know what HIPPA is, imagine a very protective law about patient confidentiality that can result in serious jail time if it is violated.
-Continual access (within reason): If there are natural disasters, power outages, or personal emergencies, then certainly one can't reasonably expect 24-hr access. At almost any other time, however, I'd like to be able to turn a computer on at the workplace and not worry about downtime or have to call someone to fix the system (as my colleagues and I do now).
-Work ethic: Nothing pisses me off more than lazy people, especially those who try to use technobabble to hide incompetence. If there is work to be done, then I'd like to dial up the local expert/employee and know that the problem will be fixed *quickly* and efficiently. Certainly there will be problems that require more time than others and nothing runs smoothly all the time, but no one should have to brook crap from employees who pad schedules. If there are problems, say so and at least *try* to explain them, don't go into geekspeak/technical language in hopes that I don't understand and give up and let them go back to (insert game here).
-Keeping me informed of new tech without trying to be a salesman: Not every new upgrade is worth getting and keeping up with the Joneses can be prohibitively expensive. Sure, new tech is very cool and I'd like a wireless device to use around my office to tie labs/patient data together, but that doesn't mean it's worth constantly annoying the boss for tech upgrades
-Honesty: Don't overcharge me or bend/stretch/break the truth with me. Medical professionals *seem* to be a prime target for fleecing among computer folks and I've heard horror stories about people paying several times market rate for upgrade and basic tech services. If you work for me, please be honest about all systems or equipment. If I've made a poor decision and there's new data, say so. If there's a better program/hardware setup out there and I'm not familiar with it or am being blindsided by the saleswoman, make mention of it. I don't have the time or patience to micromanage, if your job is technical material than I rely on your expertise and expect to be able to trust you and your decisions.
That shouldn't be too much to ask and is what I will expect of any technical employees I'd hire once I graduate and get a practice up and running a few years from now.
Re:From the non-tech perspective (Score:4, Insightful)
Security is a two edged sword... To increase security - you the end user get the following. All traffic is encrypted. All fields that display sensitive information are invisible, unless you move the mouse pointer over it, and click (hold the click to see the info). All screen savers are locked on blank screen (no user customizable fancy dancy screen savers) - and set at 1 Minute, maximum - no user ability to change / reset this. All user systems have USB disabled, no cdrom drive, no floppy drive. All passwords must be a minimum of 8 characters long, have at least 2 numerics, 2 symbols, 2 capital letters and 2 lower case letters. Zero repeat characters, and no character can be used in the same position more than once in 16 months. Passwords must be reset every 28 days - no exceptions. All users must pass basic computer literacy / ability tests. You fail the test, you're fired. Internet access is restricted to Intranet and *approved* work related internet sites. Usage is monitored, and reviewed by supervisors monthly. Users must face the entrance to their work environment, with their monitors facing away from the entrance. Spot checks will be done to see if anyone has passwords written down, if they do - they're shit-canned. Anyone caught sharing / using someone else's password is fired - no questions asked. Supervisors caught logged in as one of their employees are also shit-canned. Supervisors have the ability to review their people's work, without logging in as the user.
- Continual access - Users get as much access as the business areas are willing to provide. IE - Continuous access costs money. Get the IT areas the money, they will get you the access. Clustered servers with snap-shot capable databases / filesystems are not cheap. Nor are the test servers needed to allow for full regression testing of each patch / update for every system in the office. All of these things must be provided for to get you your *full time access*.
- Work Ethic - Nothing *PISSES* me off more than lazy end users who say "can't you just?" or
"quick question" - especially when I've already answered the question 15 times previously. Nothing is ever as *simple* as you think it is. With today's systems that are interconnected at levels previously not even dreamed of - taking that simple table offline so you can *refresh* the data, causes 13 other business areas to sit idle until that data is made available again.
- Keeping you informed - While not every new technology is great, there are sooo many new technologies that *could* make your life easier, if only you could get over this *fear of change* you seem to have. Change is good - without it, we'd all be dead.
-Honesty: I've never stretched the truth, nor have I overcharged. However, the reverse is also true - don't ask questions like - "Honestly now, isn't it *physically* possible to do x/y/z?" Even when it's physically possible to do something you want, doesn't mean it's the right / correct / intelligent thing to do. Since it's our job to be technical, and *know* these things, let us do our jobs - without butting in with your inane prattling.
Remember - as a computer analyst, we are expected to be right 100% of the time, and aren't allowed to *experiment*. As a doctor, you are expected to be right 100% of the time - however, with computers if the *patient* dies - nothing but information is lost.
how to remember a secure password? (Score:3, Interesting)
The rate of passwords either written down or programmed into the function keys (anyone else remember Wyse terminals?) was really high. Especially among the
Re:how to remember a secure password? (Score:5, Insightful)
Of course, hard-to-crack passwords only matter in cases where it would be feasible for someone to try and brute-force the system without being detected and locked out. That's generally only possible against targets like encrypted files, not live system logins.
The only thing that is going to let people in to live targets via the normal user login (ie: Not through a bug/hole/exploit) is either easy-to-guess passwords (like spouse name, dog name, birthdate, etc - dictionary words are not necessarily easy to guess unless there would be some reason an attacker would be likely to guess the word) or through the user disclosing their password in some manner.
Of the two, user disclosure is more likely. Even with an easy-to-guess password, it's unlikely even a knowledgable attacker would be able to guess it in few enough tries not to set off any lockouts the system may have. In any case, you don't need to go to such a draconian level to prevent easy-to-guess passwords. Require two non-alphabetic characters in non-adjacent positions in the password, and you're pretty much safe.
The most likely route for password compromise is user disclosure, and there is no technical way to protect against that except for relying on additional, non-password security measures (keycards, biometrics, etc). You could try educating your users, but like that's going to work.
Re:how to remember a secure password? (Score:3, Interesting)
Yep. Many times I have seen cases where the IT-department decides to "make things secure" by making passwords "hard to crack". And in process of doing that, they jeopardize the security of the system. Once I saw a setup where the password had to be at least 12 characters long, it had to contain special characters and numbers, they couldn't re-use old passwords (not even with modifications), no normal words were allowed and it had to be
Re:how to remember a secure password? (Score:4, Insightful)
You just illustrated what the users have been complaining about. Instead of cleaning your systems of the worm you are running around unlocking accounts. Leave them locked until you get the flipping worm off your systems THEN unlock those accounts. It isn't rocket science folks...
B.
Re:how to remember a secure password? (Score:3, Interesting)
If I was running your hyptothetical IT dept, I'd probably turn off account locking for the day while we were writing the new IDS rules, firewall rules etc to stem the spread of the worm.
Of course I'd remember to turn em back on again after the day was done
Min
Re:how to remember a secure password? (Score:3, Informative)
Re:how to remember a secure password? (Score:4, Insightful)
A user password policy that is too restrictive means users will never remember them, and end up doing things like writing them on post-it notes and sticking them on the monitor.
A better solution is have easy-to-remember passwords (though not trivial passwords such as "password", the login name or "1234567890") and put in a 3-strikes-you-are-out rule and a hierachical user access policy - "need to know". Remember - 80% of attacks come from within. Don't trust your users.
Naturally, the root/Admin passwords for servers containing critical business data and de-encryption keys are long, complicated, regularly changed then written down and placed in an envelope in the corporate fireproof safe, along with the weekly backup tapes.
Re:how to remember a secure password? (Score:3, Insightful)
It's not hard to get people to remember a password that's still fairly complex.
What you do is you use an acronym. You look around for one of their stupid desk plackards that says some stupid phrase like "You want it done WHEN?!?" or whatever, and you make a password out of that, like 'YwidW?'. I know that's only 6 characters, and there's no numerics, but it's a start - it's relatively secure (compared to, for instance, 'kitty' or 'cowboys', both of which I've seen).
Seriously. Give it a try. Have them fi
3 months (Score:3, Insightful)
Anywhere that lets passwords run for 3 months does not really consider security a high priority.
28 days, 8 character minimum and 2 non alpha keys is a minimum. Any weaker than that and the sales dept must be in control of security. If not them some other technical illiterates.
Re:3 months (Score:5, Funny)
28 days! Pshaw! You're just *inviting* the bad guys into your system if you follow such a lax plan.
Every day should start out with changing your passwords. You may have to hire a few more people who's job is to reset forgotten passwords, but when you have to do it constantly it shouldn't take more than a minute per person.
Of course, if the bad guys learn that everyone changes their password in the morning, it wouldn't take much effort to be in the right place at the right time and get unrestricted access to the systems for 24 hours.
So you'll want to back this up with some sort of bio-identity methods. Fingerprint identification, retina scans, and instant DNA testing.
Some people say that these aren't secure enough, that someone can get fingerprints, a DNA sample, and a picture of your retina. There is an easy solution to this if you just think about it, the daily random mutation of all your employees before they change their password and give a DNA sample.
Anything less than the method outlined above simply isn't secure.
Re:From the non-tech perspective (Score:4, Interesting)
-- what was the name of that cute girl in 3rd grade?
-- what was your favorite restaurant in high school
-- What do you get mom for her birthday
The same question doesn't get reused for 180 days or so.
Re:From the non-tech perspective (Score:3, Interesting)
Great idea - nice and simple so it's easy to remember for the user without having to right it down or use the same password across many systems.
But...
When setting up any new users, you'll need to collect (at the minimum) 180 pieces of information. 360 if they can define their own questions. 360 * ? if they can define their own questions and you force a new "password" for each time that they have to unlock their machine after the screen saver k
I Love Stupid Users (Score:5, Interesting)
Re:From the non-tech perspective (Score:5, Funny)
(cricket sounds)
Congratulations: this is the new empty office after everyone was fired for not being able to follow this terminally assinine password policy.
Re:From the non-tech perspective (Score:5, Interesting)
At the same time, a bright young English mathematician named Alan Turing came into possession of this knowledge. He realised that these rules dramatically reduced the number of possible cyphertexts for any given plaintext (and vice versa), making the search space much smaller than it would otherwise have been. As a result of this, he and his colleagues were able to crack the encryption with the primitive computers available at the time.
Arbitrary restrictions on passwords are not sensible. Do not allow dictionary words and trivial permutations of them, since they can be cracked by a simple method, but any further restrictions only serve to narrow the search space for an attacker. The scheme listed means that most passwords will have two upper case letters, two lower case, two symbols and two numbers. This is an almost trivial subset of the number of possible eight character combinations of letters, numbers and symbols.
In summary, whoever came up this this policy is an idiot both for social and mathematical reasons. They should, therefor, not be allowed to interact with either humans or computers.
Re:From the non-tech perspective (Score:3, Insightful)
Re:From the non-tech perspective (Score:5, Interesting)
sPh
Re:*quickly* is relative (Score:5, Funny)
Get used to unexpected consequences to your decisions, if you're going to run your own business. You MUST learn to think things through - i.e. "look before you leap". You have to do it as a doctor; so just remember to do it as a boss, too.
Today we rearranged our office. Impromptu - no planning - just "do it now" and "we'll figure it out as we go". Moving one row of cubicle dividers next to the wall meant that the power, phone, and data outlets along that wall were no longer accessible and the previously used outlets became too far away. Management said "no down time" and then had to accept down time for four production workstations while someone made a Home Depot run for extension cables - which, of course, are yet another kind of mistake. (Then there was a second run, as management had forgotten that power cables are not the only kind of cables . .
We needed to move our servers over by seven feet. "What do you have to take them down for? The cables will reach. We need our productivity!" So after sending everybody home when two of our 1-TB RAID volumes stopped communicating with the server, I got an earful from management about how we employees had bungled a "simple" rearrangement of the entire office. We employees also got blamed for "our" failure to plan!
I also got an extraordinarily polite ass-chewing from a Dell server tech about trying to physically move a running server with external RAIDs - and believe me, I did make it VERY clear to management that that move was NOT a good idea! We came very close to losing about 1.5-TB of data today; despite our backups the loss would still be hurting us months from now.
Hopefully you will do better.
Re:From the non-tech perspective (Score:5, Informative)
As the sole IT employee in my mid-sized company, I understand your wants. However, perhaps you don't see that you're micro-managing a bit?
My bosses want to be kept informed at all times. However, trust me and let me do my job. When I fix something, don't ask me what was wrong or how I fixed it. I don't have time to explain to you what you learn in 2 semesters of network infrastructure classes. Just back off and you'll be surprised how much an IT person will get done. Sometimes you just have to accept, "It was a problem with the hosts file and it was throwing off sendmail" without probing into sendmail.mc theory. And as far as explaining it in non-techie terms, I can only dumb down SSH tunnels and the TCP/IP protocol so much before I want to jab myself in the eye with a spork. OK boss, it works likes this. A computer stands up and yells,"Hey Server!!!". All the computers here it, but only the server yells back, "Yeah, what do you want?"
As an example, my boss was on vacation in Florida. While he was gone, in 1 week, I was able to complete more projects to improve business and workflow then I previsouly had since the first of the year. You know why I was so non-productive? My bosses demanded a military-like work ethic, wanted to be constantly informed, wanted to triple check the line items on a budget request for a freakin tape drive, etc. Without him breathing over my shoulder and constantly asking me why I had a browser open(that better be work related!) and without having to explain to him why DNS is so important to an AD network, I was able to do what he was trying to 'motive' me to do, actual work!
And just because you don't see me doing anything doesn't mean I'm not busy. Sometimes I have to push myself away from my desk and 'space out' for a bit while I brainstorm what the heck is wrong with the httpd.conf file.
IT is a tough job. If people don't know you exist, that means you're doing a good job. Conversly, they get the impression that you don't do anything since you're out of sight/out of mind. And ever since I bought that Time Management for Systems Administrators(previsouly reviewed on slashdot), it seems I have become more productive while giving the illusion of doing less work.
Re:From the non-tech perspective (Score:3, Interesting)
No. It needs redundancy or maintenance windows. Have several systems doing the same work, and then take one down make the modifications then have it re-sink take the next one down.... And yes that may mean multiple lines. I don't think this guy wants to pay for 365x24, most people who say they want 365x24 can get buy on 345x18 fine but 365x24 is very doable. The system for the London stock exchange hasn't crashed or gone down for something like 25 yea
Re:From the non-tech perspective (Score:3, Insightful)
They might THINK they need that level of uptime, but that falls under "user education".
Something I have very little patience for lately, unfortunately.
(yes, I do desktop support, why do you ask?)
Re:From the non-tech perspective (Score:3, Insightful)
Re:From the non-tech perspective (Score:3, Insightful)
Re:From the non-tech perspective (Score:3, Informative)
You thinking less redundancy then these systems involve. Imagine three servers A, B and C all receiving the same input and both running the same programs. They are mirrors of one another. So far this is like classic clustering. Note they have independent storage, they just happen to store the same stuff.
Now you take C off the cluster and perform an upgrade. C the
Oblig. Jackie Brown Quote (Score:3, Funny)
Re:What would you demand from your IT users? (Score:5, Interesting)
Dear ZombieLine,
Maybe your company, like most others, is drastically underfunding the IT department, expecting superhuman performance on less than shoe-string budgets, while every day demanding all new buzzword compliant services and ignoring IT requests for additional warm bodies. Not to mention the fact that you are using high maintenance Microsoft Outlook type services while surfing for pr0N and jam packing your mail server full of the latest Happy Fun Tentacle Rape Party videos that everyone is mailing around.
Unacceptable server downtime? Are you clustering critical services?
Bad backups? Chances are your company is very content with single tape drives that the sysadmins can swap tapes from rather than having a good tape library with enough licenses to cover all servers with a decent retention time.
Maxed network storage? Are you paying for more RAID disk shelves? Or are you still feeling brilliant telling your IT staff all about how "you can get an IDE 200GB drive for $50 at Staples, so why can't that be plugged into the EMC or NetApp fileserver?"
My recommendation: stop demanding Five 9's of service and stop expecting services to never reboot or need maintenance if you aren't going to fund it. Stop dicking around at being a business and spend money to make money. Otherwise, save everyone time and bend over to your competition now. You can recommend all the fantastic new upgrades and services, but if your company doesn't recognize the value of improved infrastructure services, and an educated staff, you don't deserve to stay in business and sooner or later Darwin will rear his ugly head.
Get your little posse of idiots together an ask senior management why they are refusing to fund the needed changes. You might be pleasantly surprised to find out that they have no friggin clue about how to manage IT. Or maybe you haven't been paying enough attention to quarterly financial reports to realize that your company is experiencing a classic symptom of the death spiral.
Oh, BTW, you're an asshole. You and your 2Live Crew can go fuck off.
Love,
Shokk
Re:What would you demand from your IT users? (Score:3, Insightful)
Users who think the network drives are for their personal music, picture and video collections.
Re:What would you demand from your IT users? (Score:3, Interesting)
Although the cost of the drives may have come down, there are other costs associated with adding another drive - that additional 1 meg of on line messages multiplied by X numbers of users needs to be monitored, maintained, backed up and made redundant
Re:What would you demand from your IT users? (Score:3, Informative)
Re:What would you demand from your IT users? (Score:5, Insightful)
I bought 20 of these 300gb scsi monsters. At 1500 bucks a pop!
They wanted to upgrade an aging 20 node Single Athlon MP Cluster. I told em it'd be cheaper to buy new hardware than to upgrade them to 2 cpu's, quadruple the ram and add 300gb scsi hard drives.
Originally = 1xAthlon MP 1800, 1 Gig Ram, 1x76gig HD
Upgraded = 2xAthlon MP 2800, 4 Gig Ram, 1x300gig HD & 1x76gig HD
They didn't believe me. . .
When these old, out of warranty machines, started having all failures (mobo/power supply) it was my fault! Try as I could, I couldn't get replacement parts. The legacy parts, ATXGES (Non-Standard) power supply and discontinued mobo were nowhere to be found. . .
The guy who posted this "ask slashdot" probably knows more about his local IT department than I do. All I can say is that I got a reputation very similar to the posters IT dept. Incapable of keeping servers up, yadda yadda yadda, even though I had made it clear that this was NOT the way to go. Just because IT is in charge of it, doesn't mean they created the mess. . .
Re:What would you demand from your IT users? (Score:5, Insightful)
A competent IT technician has just enough time on his hands to learn new technology and retain sanity. A competent IT technician does not give users access to anything that could cause unpredictable consequences and makes sure that the systems they do have access to don't have problems in the first place.
An IT guy who is constantly running from place to place is the result of one (or more) of three things.
1. An understaffed department. Your IT guy is not working the floor in a retail outlet, if he's on his feet or crawled under a desk most of the day you need more IT guys.
2. An imcompetent IT guy (or IT decision maker causing IT guys to perform IT tasks incompetently). When IT is done properly there are not fires everywhere to put out.
3. Incompetent users. Incompetent users are the types who keep the IT guys busy fixing phantom problems, doing user training, or bug them with water cooler talk that fails to recognize that IT guys don't like people or talk. Your IT guy does not care to tell you about the cell phone or digital camera on the market.
Re:What would you demand from your IT users? (Score:3, Insightful)
Horseshit! IT support IS about users and you'd better learn how to talk to them if you want to keep working in IT. RTFM as a response to stupid user questions will eventually get you your walkin
Re:What would you demand from your IT users? (Score:5, Informative)
Wrong. Many supposed IT problems should actually be solved by HR with a good talking to about abuse of company resources and how that might limit your career.
Calling IT when you forget your password for the 5th time that month or with some dumb question because you are too lazy to crack open a manual is no better than stealing office supplies or equipment. It's all just stealing resources.
20% of the users create 80% of the work for IT.
Re:What would you demand from your IT users? (Score:3, Informative)
I was going to moderate this thread, but I just had to post this.
Right On Brother Barron!!! (Score:5, Funny)
The workstations would be even easier. I'd buy everyone the $300 AMD specials with Windows XP Home. That way they'd be more familiar with the OS since they probably have XP Home at home too. Just plug them into the network and away they go. They can all get their IP address from the Linksys router like I do at home and then they're online easy as pie. Don't need to get out any stupid manuals to manage Cisco switches or anything like that. All the gobbledygook is just for elitist snobs. For restoring a PC if it gets hosed, I'd just use a copy of Ghost. Sometimes you can even get Ghost for free if you buy the right hard drive. Just hook up a laptop with Ghost to a PC using a USB cable and make an image to burn onto a DVD. The next time the PC needs to be revived, just grab the DVD from the pouch on the side of that box, pop it in the laptop and Ghost the other way around! Easy as pie and FAST too!!
In this day and age, what company with a competent IT staff does it's own e-mail? I've been trying to tell the folks in my IT department to ditch our mail server (some antiquated Unix based thing that nobody really likes) and just let everyone get Hotmail accounts. Now that GMail is around, that's an option too since they give you a pretty comfortably sized mail box as opposed to the meager offerings of the clueless IT staff. E-mail should be able to hold whatever I put into it no matter how much or how big. Period.
The voice over IP thing is easy too. Just buy a VOIP box from Linksys and get a Vonage account for every group of ten users you've got. You'll need multiple DSL lines to do it, but that would still be far cheaper than having one of those snobby PRI or T1 lines to carry your voice traffic. Speaking of which... why on earth is anyone using T1s and T3s these days? They're so costly and they don't perform anywhere near what I get on my cable modem at home. Just get cable modem and be done with it. Your users will thank you forever.
Barron, I'm glad you gave me a chance to get that out there. The users need to know the truth.
Re:What would you demand from your IT users? (Score:3, Insightful)
However the big problem is every minute you are asking for advice on:
a home computer
DVD player
crap program riddled with spyware that is supposed to be good
any sort of technical thing entirely unrelated to work
discussing cool movies or whatever
is another minute that has to be spent doing things that are work related after the person asking the questions has gone home.
During quiet periods it doesn't matter - but some guy coming into the server room to interupt a
Re:What would you demand from your IT users? (Score:3, Insightful)
A meg? Ha! Try a gig. I've seen users routinely go well over 1 gigabyte of mail because they just can't help leaving those MS IdonthavemeaningfulcontentbutidohaveneateffectsPoi nt presentations or that funny karate cat video in their Sent Items/Inbox. With 500 employees, that stuff adds up real fast.
This is a pet peeve you need to get over. First of all, those che
Re:What would you demand from your IT users? (Score:5, Informative)
The big thing that you need to have a qualified IT department is an actual department. Put training schedules in place, and anyone who isn't performing due to a lack of technical knowledge should be first retrained. Make a gameplan for your business, and ensure that you ask the IT managers to attend the planning. Keep them in the loop, and make sure that you have the equipment to make the initiative happen. Make certain that there are proper procedures in place to handle issues, and the staff and resources to fix them.
from personal anecdotal experience (Score:5, Interesting)
Your company may have IT problems if any of the following has happened recently:
There are many more -- these are just a few I've experienced that exclaimed "improved [insert your favorite trait/characteristic here]" and had mostly the opposite and unexpected (to decision makers) results.
(btw, your "500" count is listed after the mention of your company, it's not clear if you're talking about a company of 500 employees or a company for which it's IT segment comprises 500 employees...)
Was IT outsourced to EDS? (Score:3, Informative)
Anyhow, what happened was that once EDS was locked in, they went off and hired a bunch of hamburger flippers and called them "Senor IT insert_speciality_here". While the existing IT staff tried their best to train them, the results were rather predictable. I've herd EDS has do
Re:Was IT outsourced to EDS? (Score:4, Interesting)
BTW EDS has lost money on virtually every contract. I don't think its kickbacks they just underbid cost and then try and make it up on other charges.
No.. the answer lies within his dilemma (Score:3)
Answers:
-B
You missed a biggie- $$$ (Score:4, Insightful)
A lot of people I know tend to blame IT staff for lack of space, lack of bandwidth etc. when problem was that IT dept could not afford to purchase equipment to upgrade a service, and they just tend to use all the budget to maintain status quo. Trust me all IT folks out there LOVE to push out new technology, increase storage, better networks, and reduce helpdesk calls. But a lack of staffing and money can put a damper in the best of IT staff in the world.
Re:from personal anecdotal experience (Score:3, Insightful)
Okay, maybe it's just me, but if I took a $500K loss and some motherfucker walked off with $500M, I'd be at his front door conducting a frank exchange of views with him while holding an AK-47 to his crotch. And if he agreed to make good my losses, he'd get his wife and kids back unharmed.
Moth
ITIL (Score:5, Informative)
http://en.wikipedia.org/wiki/Information_Technolo
http://www.itil.co.uk/ [itil.co.uk]
Re:ITIL (Score:5, Interesting)
The UK-based ITIL initiative describes in gory detail a collection of best practices that IT can follow to provide better service to their customers. They can do as much or as little of the whole program as they want, and it can even be driven from the outside by the user community if absolutely necessary. Obviously, if there's cooperation it works better, but if they roll their eyes at "another total quality management initiative" (which it's not) you can still use the terminology and methods and eventually drag them into it.
The company I work for decided to "implement" ITIL about five years ago. It has improved nothing, and has essentially just served as a different set of buzzwords for managers to use.
What it reminds me of is an article I read about the US military and its "transformational" thing a few years ago. Everyone and their mother was scrambling to claim that their pet project was a great example of a "transformational" weapon, even though they changed nothing about it.
Have you thought about... (Score:5, Interesting)
Seriously, if you're going to have a department of lazy, inefficient slugs, you might as well have them for cheaper
In addition, the very threat might make your IT department shape up real quick...nothing like the threat of losing your job to light a fire under your butt and get working.
By the way raymondsimms@hotmail.com I'd be careful using fullnames around stuff like that. An IT guy at your company is probably checking the company database right now for names that match that...prepare for the vengeance of an IT Guy.
Re:Have you thought about... (Score:5, Funny)
First thing to demand - an SLA (Score:5, Insightful)
3 easy steps (Score:3, Funny)
Step 2: Unleash the bofh into the IT department
Step 3: Rightly cower in fear and reverence of the new effective (and renamed!) Network & Systems department.
knowledgeable user input?? (Score:2, Interesting)
In most user communities you see divisions that ignore the entire enterprise and base their knowledgeable input on what will most help them, but maybe dosen't work in the enterprise, or adversely affects other divisions.
This situation fits 90% of input from the users, and makes it hard for an IT department to isolate what is actually valuable input.
Re:knowledgeable user input?? (Score:2)
Keep IT Simple (Score:2)
What are we starting with? (Score:5, Insightful)
I don't know your situation... but maybe more money is needed for people, equipment, etc etc. You can demand all you want, but if you don't pony up the resources... *shrugs* You get what you pay for.
Re:What are we starting with? (Score:3, Informative)
Re:What are we starting with? (Score:3, Insightful)
Re:What are we starting with? (Score:3, Funny)
I don't know your situation...
Dude, hang up your hat and start gardening, if you can't diagnose that they're running Exchange from that description, you're either very lucky and have never had to deal with Exchange, or shouldn't be posting at
performance criteria, & resources to meet them (Score:3, Interesting)
I think that if your IT team have been beaten into submission by a tight-fisted upper management, they may well know that things are not as they should be, but know that no matter how hard they push, upper managemtn wont do anything until it becomes a crisis. More of a sense of resignation, and coping from day to day rather than implementing the best practise they know that they should have
my old office had a server die and take down all the files for a day or so during business hours due to a faulty power supply. no hot swappable power supply on that server. They were continually running out of server space for files (not due to massive mp3 libraries sitting on the server either), which seemed mad to an end user who just wanted to know that things would be able to be saved.
They also had two email gateway servers (i'm not in IT so i may be using jargon incorrectly) and periodically one would fall over, and every other email would fall into a black hole, with no bounceback or indication your email wasn't lost. It got so bad that i would phone people when critical emails were coming through so i could be sure that they were receieved.
the firm I am with right now has a really good internal help desk system which quickly answers user queries, and the system is set up so well that you become oblivious as to the system because you can just get down to doing your work rather than worrying about how stable things are.
A piece of the action (Score:2, Funny)
Incompetence? Check.
Ignoring front-line workers? Check.
Stretching resources until savings are overwhlemed by resulting inefficiencies? Check.
Don't complain -- your company sounds like it's ready to go public!
If you're writing a charter (cute!), just be sure to ask for some preferred stock options or a pre-IPO allocation from the underwriter. If you don't know what those are, just ask the IT department, they are clearly up to speed.
Not on tech, of course. More im
Process Documents! (Score:2)
No Brainer (Score:5, Insightful)
Anyway, here is how it works. Your department has IT needs. These needs are written down. The IT department has guaranteed services it provides. These are written down. Your department takes a budget "hit" to pay for an internal IT department. These are the givens.
Now, if IT does not provide services you NEED/REQUIRE (like backup, duh), then you go to the whomever is above both departments (COO, VP of division, president...) and you show the mismatch. This is not a complaint, just a reason why you are increasing your budget next year to get the services you need to succeed.
Of course, you are keeping a log of all incidents that are occurring and a log of down time and a log of costs to you as a result, etc.
Look, business people are not idiots. The 3 previous paragraphs I write above are beyond no-brainers. Why is this stuff so non-obvious to today's geeks??
Re:No Brainer (Score:3, Informative)
Where I work there's no chargebacks, no SLAs, and the accounting is very loose. Because there are no chargebacks, the IT department has to pay for all new technology out of pocket. We have to make a decision either to provide equipment OR to be able to service it. When a department wants something we have to take the defensive, even if it is the right tool for the job, because it comes out of OUR operating budget. IT ends up stagnating the company just to be able to maintain existing equipment
Re:No Brainer (Score:3, Insightful)
In other words you have a tech job in a socialist economy. You get the good and the bad of it. Enjoy the good, you'll miss it more than you think when you leave.
I think you're missing the point (Score:3, Insightful)
"Your department has IT needs. These needs are written down."
The poster's question was (essentially) "What are some needs that we might write down?" The poster is looking for suggestions as to
1. Phrasing of needs, e.g. instead of saying "keep servers up most of the time" write down: servers have less than 1% unscheduled downtime and scheduled downtime is limited to Sunday nights from 1 AM to 6 AM.
2. Identifying needs, e.g. 90% of user requests should
Re:No Brainer (Score:3, Insightful)
If your work environment is such that you need to find "dirt" on people to get your work done, then nothing good's going to come from working there. Think in terms of "What will my resume look like?", "Who here is going to give me a reference for another job?",
If your IT dept relies on catastrophic failure in order to get funds necessary to do its job, then you really need to move on and f
Demand what every organization needs... (Score:2)
Of course you could also demand three wishes, and if this is the case might I suggest using your first wish wishing for unlimited wishes.
Get on this quick because trust me, your IT department is planning similar action.
if you run a 24 hour operation, IT must also be (Score:2)
and forced reboots in a 24 hour operation must not be pushed out of the dayside's visibility to plague the second and third shifts work. there have to be two or three push-and-boot cycles, or IT deserves horrible fates.
we have had growing issues with getting choked-up servers and processes worked on, partly due to
A bigger LCD screen (like an Apple Cinema Display) (Score:2)
It sounds like your company has other issues... (Score:5, Insightful)
A group of users making "demands" of the IT department is somewhat inappropriate. Yes, the IT department exists to help users with their work, but their priorities are set by senior management. If you plan to create some kind of IT Steering Committee, I would recommend a few things: (1) Lose the attitude -- all you'll do is put the IT folks on the defensive (and remember, since you're not in their group, you may actually have NO idea what priorities have been laid out for them by senior management); (2) Get the blessing of senior management before you try this; (3) Make sure at least one or two high-level people attend your meetings and buy-in to what you talk about.
Treat the IT folks like human beings. They may have perfectly good reasons for dismissing what you consider reasonable ideas. Perhaps they're seriously understaffed so that great desktop Linux rollout one of your users is convinced is the right idea just doesn't pay off for them, for example.
Re: (Score:2)
This may be Senior Managements Fault (Score:5, Insightful)
--No Storage Space
These sound like budget issues. Do you think that if the IT staff, just tries really hard or is competent that they can just create File Storage and Backup Systems out of thin air.
A user revolt? Good luck! (Score:3, Interesting)
Do you think you workin some kind of democracy? End users, have no budgets and as such, little influence.
Also, all of the issue you describe are operations and not applications-related. Unfortunately, if the PHBs are getting what they want from the apps (reports, closing the books, sales info, etc...), then nobody will give two cents abouyt bad ops.
The people you need to convince about your issues are executive management in your departments. If you succeed in doing that and enough of them talk to the CEO, there's a good chance that the CIO will be asked to come up with a plan to turn things around. If not, then either you and your compatriots did a poor job of making yoru case, or executive management is happy with the status quo. If that's the case, and you're really fed up with it, your only recourse may be to look for a new job.
Re:A user revolt? Good luck! (Score:3, Insightful)
wait... (Score:5, Funny)
Centralized IT is the problem... (Score:2, Insightful)
If I manage a group of 40 people, I should be able to hire an IT person to service my 40 people. Their salary should come out of my budget. My IT person should have to adhere to corporate architectural guidelines. But this IT person should report to me and be accountable to me.
Internal corporate IT SLAs are a joke. If an SLA is violated, i
Support isn't simply at the user's computer (Score:3, Insightful)
Remember that IT means running the file and printer servers, the email, the HR and accounting systems, your web site, your internet connection, your firewall, etc. etc. etc. Don't forget purchasing and provisioning all new desktops and servers. Throw in backups and 24/7/365 coverage and that person will burn ou
show me the money (Score:2)
Sounds like Yahoo (Score:2)
Fire the Managers (Score:2)
Sounds harsh but managers don't get payed their cut for "dangerous" work conditions.
Attit00d... (Score:3, Insightful)
Making demands and staging revolts is only going to get *you* fired. It won't resolve any of the technical problems.
Who the hell is in charge? (Score:3, Insightful)
Gather your allies and information. Details about what is wrong, why it's bad for the company, and how to fix it. Demand an audience with whoever is the highest person in the company you can meet with, and lay it all out. To be brutally honest, someone needs to be fired over this. Make this suggestion. Don't necessarily pick who, but make it clear that the people running IT aren't getting the job done. People outside the IT department shouldn't have to draft the job requirements of the IT department. If they know what they're doing, they'll know what to do.
If you can't get upper management to take action, then either suck it up and deal with it, or leave.
Knowledgeable user input? Yeah Right... (Score:5, Interesting)
Ignoring knowledgeable user input, ok that I have a huge problem with. Everyone in the IT community, programmers come to mind the most often, seem to think because they work in front of a pc all day that they know their ass from a hole in the ground when it comes to managing a network or a server farm. Sorry but that it the absolute truth. I have interviewed countless people for jobs in IT, well over 50% of them programmers trying to get Sysadmin positions. When asked specific questions about administrative tasks the answer is almost always the same. I know something about it but I have never implimented anything like that. Everyone wants to be an expert, trust me you aren't.
Unable to sell needed changes. Have you considered that management and accounting do not see the corporate finances in the same way that you do? Some changes are simply impossible to sell. Unless your corporate focus is in technology some of the upgrades needed to improve infrastructure will always be lacking. The exceptions tend to be when the powers that be are directly inconvenienced. But the IT Dept probably caters to them quicker than any other department so they do not see the need. They pick up the phone and Bob is right there, where as you submit a trouble ticket and you are lucky to see someone in 48 hours.
Starting a revolt? Wow you guys are arrogant. Plain and simple. What makes people think that they know another departments job better than they do? Much less "demanding" services. Just astounding. You efforts would be much better spent working with the IT department to figure out ways to get management to invest in more staff, more training and equipment upgrades. That benefits everyone, and doesn't just stroke your self-important little ego.
Re:Knowledgeable user input? Yeah Right... (Score:3, Insightful)
If your customers are not happy with your service, then I suggest it is more than them being arrogant. Unhappy customers tend to find other ways to get things they want, in spite of your dictatorship. Deal with it.
Re:Knowledgeable user input? Yeah Right... (Score:5, Funny)
I wonder how the OP and these two teachers would take it if the IT guys started telling them how to do their jobs? Shoot, I've read some books about teaching, so I must know how to do it, right? I can add and subtract, and that's all you need to be an accountant, right?
Re:Knowledgeable user input? Yeah Right... (Score:3, Insightful)
16 years ago, we faced exactly the same situation as the person asking the question (same sixe of company, even). Then 15 years ago, "We the Users" staged a revolt (actually I did) and started a working group exactly as he describes to sort stuff out. Things were painful in the beginning, but once everybody understood what it was all about, improvemen
Incompetent... (Score:4, Funny)
The IT department at my company is incompetent. But I work for the goverment, so I guess that's to be expected.
IT managment advice from untrained geeks roxorz! (Score:3, Insightful)
"The IT department at my company (approximately some 500 people) is showing signs of incompetence, and has been ignoring knowledgeable user input for about a year.
Hmmm...well lets get to that 'incompetence' thing a little later.
But as for "ignoring knowledgeable user input for about a year"...lemme see, you've been harping on about something for a year to the IT department?
Well, what is "knowledgeable user input" anyway? "At my old company we used to..." or "my friend who is an IT genius says..."
Seriously, if you have a suggestion, detail it and submit it to the IT manager and cc it to your manager.
Berating some poor schmuck when he comes to help you format a word doc is not an effective change management strategy!
Additionally, they haven't been able to sell needed changes to senior management.
LMAO...but somehow you and your band of IT-vigilantes is going to change the world? Good luck!
So IT ARE going to management with suggestions, but are getting knocked back?
So somehow you equate managements lack of willingness to resource your IT department to be a failure of the IT guys lack of bargaining skills...not a boneheaded lack of foresight on behalf of your management team?
Wow...tough crowd...
Unacceptable server down time, maxed network storage, and no backups systems have hit the bottom line, and those on top are starting to notice.
GOOD! Now "those on top" need to find the money they should spent on protecting their investment in the first place.
You do realise that IT guys dont just down servers for no reason, dont you? You probably do...or you think they do it on purpose just to piss you off.
And while you're sitting around moaning about how long it's taking for you to be able to get back onto
From your comments so far, I'm assuming you are not one of the "knowledgeable user's" you mentioned before.
We users are staging a revolt to make IT more responsive to users by creating a group from the company divisions and IT to discuss needs and solutions.
Yeah, you go girl!
Nice of you to harass IT some more. After all they have nothing better to do than sit in on your moanapolooza.
Why not form your little revolt and march on the guys that will have to OK and pay for your demands...oh wait, lemme guess...'cause if you did you'd get your ass fired!
Face it, you dont want a solution or you would go to the people who can effect change. You want to vent. Well, you have...does that feel better?
What would you put in our charter? What services and responsibilities would you demand out of your IT department?
Well, first up...I'd want suitably qualified and trained professionals in charge of the decision making process.
And as your "knowledgeable user's" are neither...I'd demand that they get trained or STFU.
Then I'd demand that the reasons for management knocking back IT requests be made public.
Im hoping the moment management have to front staff and explain why there will be "no increase in storage" or "no funds for disaster recovery" will be one of those life changing events for you...when you realise IT budgets have to be approved or people (like you) wont get what they want, so that you then take the fight to those with the money and leave your nerds to get on with keeping your sad little network up and running.
If you really want to help your IT department effect a postive change, quit harrasing them and take your fight to the people at the top who are ultimately responsible.
Find the guys that sign's off on the IT budget and ask them why server space hasn't increased to meet demand.
Because the answer is either your IT department is siphoning off $$$ to day-trade with, or there was nothing budgeted to allow for it.
Business Analysis (Score:3, Informative)
A wise man once said: Whatever you don't understand, must be easy.
What I would suggest is to look at your IT Strategy. SLAs are useful for IT Management as a measure of how things are operating, just as is downtime, percentage usage, and costs of operations. Don't listen to anyone who suggest decentralization. We had some of that at my job. It is a nightmare. Incompatable "Best of Breed" systems and finger-pointing results. Costs rise quickly with decentralization too.
Sit down with your IT management. List out facts. Don't fingerpoint. Just say: we are lossing x amount of cash due to issues with our systems. Have use studies on how you do business. Have predicted growth forecasting on systems load. Have your internal controls (audit) department monitor the disaster recovery plans and get an outside consultant to look at those plans. Get your IT Management to see your issues. Get a data retention policy and remove that data once it is too old.
That said, realise that you might be the cause of the issues. How many years of journal entries do you really need? How much customization do you insist upon to make the systems work with your archaic business processes when you should be changing your business processes to work with the systems? How many times does your senior management hamstring IT's budget and capital improvements? Listen to what your IT Management says and if they have a compelling reason for something; then by God, give it to them.
They should work as a team (Score:3, Funny)
I even love saying the word team. You probably think I have a picture of my family on my desk - it's not. It's the A-Team. Bodie, Doyle, Tiger, Jewellery Man. The whole lot of them.
Management is almost always to blame (Score:3, Interesting)
Many times, an organization starts out small, and the most 'IT savvy' person in the office cobbles together a 'server' and 'network' from some old PCs and some network gear they bought from the office supply store on the corner. I arrive to find a Windows Workgroup (ugh) or poorly implemented Active Directory with a host of replication issues, orphaned objects and broken name resolution. Today I worked on a production network that was running their directory services, print queues and files shares off of a 120 day evaluation copy of Windows server!
There are usually local user accounts, local printers shared off of a workstation, no redundancy, broken or no backups, physical layer problems (bad wiring) and a host of other problems. Quick fixes that were implemented over the course of years are now recurring problems that suck up the majority of the IT staff's time.
These same kinds of problems can plague a large organization, albeit they may present as slightly different symptoms. The cause is always the same: inability of management to see the big picture. This lack of attention to detail starts with management and trickles down.
The way to fix this is to get upper management to recognize that there is a problem. Unfortunately, this often would require somebody to admit that they aren't doing their job. Good luck with that. 90% of the time I find that this type of wholesale cleanup and reengineering only happens during a regime change.
What I expect (Score:3, Interesting)
Resolutions to your problems... (Score:3, Interesting)
Generally speaking, the solution to incompetence is to fire people. Generally starting at the top, and replacing them with competent people. They will generally proceed with the firing. Meeting to discuss their lack of competence isn't going to help. It's generally a situation of the blind leading the blind (if you were really good at large scale IT, why don't you actually work there, short of previous experience, running a corporate network generally has little to do with personal experince on a home network. If it really is such a problem, you should apply for the job with seriously good incentive based pay). As someone who was one half of the IT departement (SA, programming, help desk, DBA duties) at a fast growing company that went from 10 to 150 people in about 4 years, I can assure that most users outside of IT have no idea what is easy, and what is hard. The number of stupid requests put in by "knowledgable users" was insane.
Lack of backups is a serious problem. However, you haven't described why. In my experience, it's a lack of budget or priority. Generally speaking, good backup units are one of the single most expensive pieces of equipment an IT place will purchase (backups generally scale with the type of IT equipment you buy, if you buy $10K servers, your buying $25K backup libraries. If you purchase $1K servers, you buy $2-4K tape drives. I've never been purchasing $100K+ computers, I'm not sure what type of tape solution they need). The next most common reason for no backups, is literally not enough hours in the day, or backups are such a tremendous strain on the production systems that they can't be run during business hours. Which means that they can't finish. I've seen a fully justified case of not making backups as it literally wasn't cost effective. We could have made backups, but just regenerating the data was far more cost effective. The hardware and software we needed just wasn't justifiable for the volume of data. Critical data we made backups of. The scads of other data we had that turned over regularly wasn't worth it. In the end, we ended up building a hot spare and kept short term online backups on it. Getting a tape unit capable of the storage requirements was too expensive. We generated about 1-2TB/hr, 99% of which would never ever be needed again and after two weeks it was so outdated it had no value. We processed the 1% upon being identified. So backing it up was just stupid. Unless a bug was found in the identification algorithm, then it was useful to have the other 99%. Generally, you just started with the oldest data still of use and processed it all again.
Lack of storage space, is generally attributable to users if users don't have a quota. Given a group of 2 people, at least one of them is a digital pack rat. I'd say given a group of 1, but I've seen a handful of non-pack rats. For the record, I'm a pack rat, but when I am good about cleaning up when disk space gets tight. In my experience, the solution to storage is to parcel it out by type of usage. 80% of the usages will have no problems. The others will use petabytes of storage if they are given access to it. At which point, it's strictly a budget issue and resolving the issue with the users. Generally speaking, near-line storage on CD or DVD that the user could burn themselves, or spooled for an IT professional to do was the solution. We did all CD's of data in triplicate. The original user got one, their supervisor got one, and the IT department held onto one. CD's go bad, and people tend to lose them, hence the three copies held by independent people. What is needed is an archival plan for moving data from online to offline, or deleting it.
Kirby
Speaking for the IT Dept. (Score:3, Insightful)
No it's easier as an end user to just sit back, and play both ends (Management and IT) against the middle. Perhaps just for once you and other end users could try working with us instead of against us. Just once try and understand that the easier we make your life the easier it makes ours and vice versa, meaning I'm not suggesting the change to bother you, I'm doing it to protect you.
My fear is that in your company, end users and management deserve each other. One group to bent on the right now bottom line. The other group bent on using IT as an excuse for not being able to meet unreasonable demands made by the same management that can't see past todays ink.
The first step in any situation like this is to ask yourself the question. What am I doing wrong. Stop trying to fix others problems before you bother to fix your own.
Amid the attacks, an answer (Score:5, Insightful)
The answer to your question? SLA or Service Level Agreement.
It is reasonable to ask management what you should expect from IT. Find out what the SLA is or help create one. This will be a lot of work. You will encounter resistance, for no more sinister reason than that is hard. Just make sure this SLA takes into account senior management's requirements of IT as well. Perhaps IT incompetence isn't the reason management isn't providing the needed upgrades. An SLA provides some metric for performance. If the SLA is unsatisfactory, that is a matter to be taken up after performance against it is measured, but what amounts to a formal job description is a reasonable starting point.
There's good literature on all of this, and it's easy to find if you are interested in improving IT in your organization, and not just playing Napoleon. If you'd rather just whine and make everything worse, ignore everyone here and stage your little petty revolt. It will be easier, but if management has a clue at all, this will be a career limiting move for you. Cynically, either way, the SLA is the starting point.
I don't deny that IT can be incompetent, but it is rare in my experience. It occured to me that you were a troll, posting here. Regardless, there are others who really think IT is incompent because of their own ignorance, who would benefit from gaining a little insight into what IT is about.
If I worked with you, I probably would tell you this in person, and tell you who might have more insight into the actual priorites set for IT. I've had plenty of similar conversations with people over the years. It's just another part of the usual perception problem for IT.
A management problem - not a technical one (Score:3, Insightful)
So, you end up with technical decisions that serve the people who deal with technology, as opposed to serving the users who are doing the main work of the company, or serving the company's goals as a whole.
I'm not sure what causes effective managers to decide to take a different approach to technical issues than they do with others, but I'm convinced that's the root cause of the sort of problem described by the poster.
I believe top management - and department managers, following their lead - should be pressing IT managers to break down technical issues to the point where they can make effective decisions. When the IT manager says "it will take 3 months to set up a new mail server" and the sales manager throws her hands in the air, their boss should sit down with the IT manager and make them explain what the factors are that will make it take that long. And if it's too technical and they don't understand, they should SAY so, and make the IT manager explain it again. Until they understand. Then, they should say things like "what would it take to do it in 1 month?" and by that time, they should be informed enough to reject bullshit answers like "we need another $75k employee."
"technical ignorance" is not an excuse, when you have people on staff who are capable of educating you. And IT workers who perpetuate the myth that it's "beyond a non-technical user's understanding" merely for their own convenience should be...fired.
If your management doesn't see things this way, there's probably not much you can do about the problem.
Re:Common Occurence (Score:3, Insightful)
O RLY?
Maybe this should have been a wake-up call to the bozos with pointy hair that they actually NEEDED all the headcount that used to be on payroll.
Re:IT pays users for downtime/inconvenience (Score:3, Interesting)
As for charging back "lost time" to the IT department... that would mean that every single employee got to dictate to the IT group what their individual needs for the day were rather than having IT work with management and users to get company needs addressed. How would you handle the user that as pissed off because IT wouldn't help them with