A medley

Sometimes when working in IT, we must accept it's not a question of just playing with new technologies and learning the trade but rather that all systems must be configured and geared towards the realisation of business goals. That CEOs don't encourage mindful downtime in the pursuit of which command line argument works best, which network topology works most efficiently and what DMZ arrangement seems most sexy is a bitter pill we have to swallow. Whatever of this, the introduction of world the pain enjoyed by a business minded technologist can be fraught with frustration. Some weeks back I was requested to ensure all licenses in use in the office were valid in order that we could represent to our partners that we were fully compliant. This compliance is in terms of licensing, security auditing, rationalisation of full backups of company data, preparation for disaster recovery and maintenance of correct intrusion detection systems. The thought 'fun' didn't cross my mind even once when considering the enormity of this task.

Firstly: Licensing
Getting a straight and definitive answer from anyone about how to license MS products is well-nigh impossible. According to Microsoft, if you use their product you have to have a license to do so. Some of these licenses can be purchased on a per processor basis while others are client access dependent. For example, if you have a SQL server serving a million hit per day website, it's certainly better to license the processor and not per client access which may work out rather expensive. Additionally, transferring installs between servers renders your OEM license invalid which means you've to purchase another license? The mind boggles :-) for current MS license considerations for virtualisation please see : http://www.vmware.com/solutions/whitepapers/new_msoft_policies.html

Security Auditing
This is an interesting one. MS Server 2003 logs all logon attmpts and failures as well as recording changes made to Active Directory. Additionally, using persistent session data in database access applications facilitates selective recording of who accesses data in sensitive tables. Restricting such access by means of group membership also reduces log writing, thereby reducing size and ultimately facilitating log analsyis. My difficulty comes with the PCI requirement to be able to recreate a hackers journey through the network. If someone gains access, data forensic analysts should be able to recreate their journey through our systems showing what they accessed with timestamps at every point. A great idea but hugely expensive in terms of tools available - consideration given here to Tripwire and LT Auditor.

Rationalisation of backups with a view to Disaster Recovery
We have backups, we take them off site and we're very pleased with ourselves. When we have to recover files it's usually not too tedious a proces and we've managed to recreate those systems that have failed when such has (and ineveitably does) come to pass. Synchronisation of important data between primary site and colocation has also been a good move. Recreating a fully working system in another location should our building go up in flames is a bit more difficult. Managing the replication of data between primary site and colocation can be managed without too much problem. Additionally, manual remapping of drives and applciation settings can easily be done for users should the comms room in the primary site fallover. The difficulty we face is that it won't be fully up to date and if the primary site goes down (where remote user VPN access is based), enabling user access to the colocation site and introducing additional backup scenarios, redundancy and chronological backups for this location become, once again, a matter of lots of money. Fortunately, this company has offices in 3 locations meaning staff can't easily be relocated and roaming profiles will continue to be operational once a few logon scripts have been edited a little.

Intrusion Detection Systems
Apparently this is more than someone looking through the log files of firewall servers from time to time; tedious at the best of times. Intrusion detection and alert systems are great and I've grown to like the VMware appliance NST (Network Security Tracker) which features Snort, Nessus, Base etc.
I suppose the moral of my story is that you can work in IT with the systems and have a bit of fun from time to time or you can become an architect and Director and ensure the work gets done but as a project manager for certain aspects of compliance, there are new lessons to learn. You may be a jack of all trades but these times require the management of many masters.